Cybersecurity news provided by NetworkTigers on Monday, 01 November 2021.
SAN MATEO, CA — Iranian gas stations under cyberattack, U.S. and Israel blamed, high end art fair attacked, attendees and art dealers on notice, AbstractEMU malware can gain access to Android phones, 880 million medical records leaked online, hackers claim to have attacked National Rifle Association (NRA), U.S. to create new Cyber Bureau, Russian hackers hide behind American IP addresses, Microsoft: SolarWinds hackers engaged in new attack, Data associated with Argentina’s entire population for sale on dark web, vulnerability exploited in BlackMatter ransomware, Britain’s largest supermarket under cyberattack.
Iranian gas stations under cyberattack, U.S. and Israel blamed
Gasoline stations across Iran have experienced widespread disruption due to a cyberattack that Iranian officials are accusing the U.S. and Israel. According to the Iranian head of civil defense, the attack is said to have been initiated in order to cause chaos throughout the country in spite of also reporting that their forensic research into the attack has not been completed. Iran has also cast blame on the U.S. and Israel for an attack on its rail system earlier in the year. Read more.
High end art fair attacked, attendees and art dealers on notice
Art Basel, a high end art fair attended by some of the world’s wealthiest art dealers and collectors, has been the victim of a cyberattack. Art Basel’s parent company, Switzerland-based MCH Group, has warned its patrons that some of their sensitive information may have been stolen. Little more information has been released about the attack aside from a statement reporting that the attack was due to malware and that MCH Group is working with the authorities. Read more.
AbstractEMU malware can gain access to Android phones
Lookout Threat Labs has discovered a new malware variant called AbstractEmu that has the ability to take complete control over Android smartphones while also evading detection. Lookout Threat Labs feels that the malware has originated from a group that is “well-resourced” and was designed with “financial motivation” in mind. Lookout has identified 19 widely available Android apps that make use of rooting functionality that can be used to take over a user’s device. Read more.
880 million medical records leaked online
A non-password protected database of information related to 886 million patients was discovered by Website Planet. The data was found to have been associated with Deep Six AI, a healthcare AI firm. Deep Six AI, after being alerted to the database’s lack of security, amended the privacy issue. Experts say that the data available in the collection could have been sold on the dark web or used to blackmail or create extortion attempts to be used against doctors. Read more.
Hackers claim to have attacked National Rifle Association (NRA)
Russian ransomware collective Grief Gang has allegedly hacked the National Rifle Association (NRA), posting files on its site that it claims to have been stolen from the organization. In recent times, the NRA has been reeling from both bankruptcy as well as infighting among leadership, making them a prime target for a disruptive cyberattack. Grief Gang has been insistent that its victims not engage with the authorities or any third party consultants if they wish to recover they data, throwing a new wrench into the already challenging procedure of surviving a ransomware attack. Read more.
U.S. to create new Cyber Bureau
As part of the Biden administration’s increasing efforts to better prepare for cybercrime, the development of the Bureau of Cyberspace and Digital Policy has been announced. State Department spokesman Ned Price, in an address, said that the new organization “will focus on three key areas: international cyberspace security, international digital policy, and digital freedom.” Read more.
Russian hackers hide behind American IP addresses
Russian hackers have reportedly been using “residential proxies” in order to disguise their web activity behind the IP addresses of U.S. users. Residential proxies operate similarly to VPNs in that they allow individuals online anonymity by making it appear as though their web usage originates somewhere other than where they are located. Residential proxies are legal and offered by many companies. Read more.
Microsoft: SolarWinds hackers engaged in new attack
Microsoft is warning that Nobelium, a hacking group associated with the Russian government, is attempting to disrupt the IT supply chain by concentrating new attacks on tech resellers and cloud service providers. Reportedly, the hacking attempts have not been seeking to take advantage of any vulnerability, but have been mostly phishing scams looking to grab credentials. Read more.
Data associated with Argentina’s entire population for sale on dark web
Argentina has suffered a nationwide data exposure, as access to a database containing the government ID card information of every Argentinian citizen has been posted for sale on the dark web. Using card data from some of the country’s biggest celebrities as proof, the seller is believed to be associated with Argentina’s Interior Ministry as opposed to an outside hacker in spite of claims otherwise. This theory makes sense when considering that the seller is offering data on request as opposed to selling a huge chunk of stolen information. Read more.
Vulnerability exploited in BlackMatter ransomware
In a rare reversal of hacking as usual, a vulnerability within BlackMatter ransomware has been discovered and used to save victims of the malware millions of dollars by allowing them to recover their data without making a payment. BlackMatter, after learning about the exploit, patched their malware to make it no longer vulnerable. Read more.
Britain’s largest supermarket under cyberattack
Tesco, Britain’s largest supermarket chain, has had its website and app operations disrupted by an attempted cyberattack. While still live, the company’s website is unable to take customer orders. No further information regarding the attack has been reported, although Tesco has stated that customer data was not exposed or affected. Read more.
More cybersecurity news
NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses and individuals globally. www.networktigers.com
Mike Syiek, CEO
1029 S. Claremont Ave
San Mateo, CA 94402