The Kaseya ransomware attack: A timeline

From csoonline.com

red padlock cybersecurity threat ransomeware

The attack on US-based software provider Kaseya by notorious Russia-linked ransomware group REvil in July 2021 is estimated to have affected up to 2,000 global organizations. REvil targeted a vulnerability (CVE-2021-30116) in a Kaseya remote computer management tool to launch the attack, with the fallout lasting for weeks as more and more information on the incident came to light.

Read more…

Afghan Interpreters’ Data Exposed in MoD Breach

From infosecurity-magazine.com

The United Kingdom’s Ministry of Defense has apologized for sending an email that exposed the data of more than 250 Afghan interpreters who worked for British forces. 

The impacted interpreters are seeking to be relocated to the UK either from Afghanistan, where many are currently in hiding from the Taliban, which seized power in August, or from another country to which they have relocated. 

The email  in which the interpreters’ email addresses, names, and linked profile images were exposed  was sent by the team in charge of the UK’s Afghan Relocations and Assistance Policy (ARAP) to Afghan interpreters who have left Afghanistan or whore.

Read more…

The Biden Administration Attacks Crypto Pipelines to Stop Ransomware

From cybersecuritylog.com

The Biden Administration Attacks Crypto Pipelines to Stop Ransomware

Earlier this week, the Biden administration announced a new campaign to combat ransomware attacks, which will include placing penalties on the criminals’ cryptocurrency pipelines in order to prevent them from obtaining additional ransom money. Aside from that, the administration requested businesses to report extortion attempts so that they can better protect themselves against them, according to Insurance Journal.

Wally Adeyemo, the deputy secretary of the Treasury, has declared that sanctions will be applied against the Suex, a bitcoin transferring business situated in the Czech Republic. His influence on this decision was due to Suex’s track record of facilitating transactions that involve money obtained via unlawful means for at least eight ransomware versions.

Read more…

Plug critical VMvare vCenter Server flaw before ransomware gangs start exploiting it (CVE-2021-22005)

From helpnetsecurity.com

CVE-2021-22005

VMware has fixed 19 vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation, the most critical of which is CVE-2021-22005.

“This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server,” the company noted.

Read more…

Data of 106 million visitors to Thailand leaked online

From securityaffairs.co

The popular cybersecurity research Bob Diachenko discovered his personal data online stored on an unprotected Elasticsearch database containing the personal details of more than 106 million visitors to Thailand.

The expert discovered the unsecured database on August 22, 2021, and immediately notified the Thai authorities, he noticed that some of the data stored in the archive date back ten years.

While the IP address of the database is still public, the database was taken offline and has been replaced with a honeypot.

The database was 200GB in size and contained several assets, including more than 106 million records.

Exposed records include full names, arrival dates, gender, residency status, passport numbers, visa information, and Thai arrival card numbers. 

Read more…