AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 08/11/2022

Cisco hacked by Yanluowang ransomware gang, 2.8GB allegedly stolen

Cisco confirmed today that the Yanluowang ransomware group breached its corporate network in late May and that the actor tried to extort them under the threat of leaking stolen files online. The company revealed that the attackers could only harvest and steal non-sensitive data from a Box folder linked to a compromised employee’s account. “Cisco experienced a security incident on our corporate network in late May 2022, and we immediately took action to contain and eradicate the bad actors,” a Cisco spokesperson told BleepingComputer.

 

Man who built ISP instead of paying Comcast $50K expands to hundreds of homes

Jared Mauch, the Michigan man who built a fiber-to-the-home Internet provider because he couldn’t get good broadband service from AT&T or Comcast, is expanding with the help of $2.6 million in government money. When we wrote about Mauch in January 2021, he was providing service to about 30 rural homes including his own with his ISP, Washtenaw Fiber Properties LLC. Mauch now has about 70 customers and will extend his network to nearly 600 more properties with money from the American Rescue Plan’s Coronavirus State and Local Fiscal Recovery Funds, he told Ars in a phone interview in mid-July.

 

More than a dozen companies developing single standard to detect cyberattacks faster

More than a dozen companies in the cybersecurity space are developing a single, open standard for sharing data about hacking threats, a project the companies say could help organizations detect cyberattacks more quickly. The initiative, which involves Amazon (AMZN), Cloudflare, CrowdStrike, IBM (IBM), Okta and Salesforce (CRM), among others, aims to solve a critical bottleneck in the sharing of threat information: The different data formats currently in use across multiple cybersecurity tools and products.

 

#BHUSA: Chris Krebs Explains How Cybersecurity Can Improve

Why is cybersecurity so bad right now? That is the question with which the Black Hat USA 2022 security conference got underway on August 10 in an opening keynote address from former CISA director Chris Krebs. Krebs is currently a partner in consulting firm Krebs Stamos Group and he noted in his keynote that he often speaks to officials in the private sector and federal, state and local governments to try to understand what they’re trying to accomplish. Time and again the first question he gets is – why are things so bad in cybersecurity right now and why does it seem that we’re fighting an uphill battle?

China could be reviewing security bugs before tech companies issue patches, DHS official says

The Chinese government appears to use its software vulnerability disclosure rules to preview dangerous zero-day flaws before tech companies can deploy fixes, a top Department of Homeland Security official said Wednesday. Beijing’s strict vulnerability reporting rules mean government officials could get “early access” to even the most serious vulnerabilities, DHS Under Secretary for Policy Robert Silvers said during the Black Hat cybersecurity conference in Las Vegas. If the Chinese government is analyzing zero-days, or previously unknown software flaws, before affected companies can deploy a fix, Beijing could gain the upper hand when carrying out cyberattacks against the U.S. or other digital adversaries.

 

NHS IT services held hostage by ransomware hackers

A cyber-attack on a major IT provider of the NHS has been confirmed as a ransomware attack. Advanced, which provides digital services like patient check-in and NHS 111, says it may take three to four weeks to fully recover. Ransomware hackers take control of IT systems, steal data and demand a payment from victims to recover. The NHS insists that disruption is minimal, but Advanced would not say whether NHS data had been stolen. The Birmingham-based firm says it first spotted the hack at 07:00 BST on 4 August and immediately took steps to contain the hackers. It is now working to restore services. The company refused to say if it was in negotiations with hackers or paying a ransom to them.

Related Posts