Supply Chain Attacks Roll On
The Accellion File Transfer Appliance vulnerabilities have been the source of many breach notifcations over the last several months. For whatever reason, they seem to be dribbling out. The newest one is Morgan Stanley. In this case, it was a Morgan Stanley VENDOR that was using Accellion, so instead of the third party attacks we talk about all the time, this is a fourth party attack. Of course, Morgan Stanley will take the heat, fines and lawsuits. Are you sure your vendors have your back? What about their vendors? Credit: Data Breach Today
Senate Finally Confirms Jen Easterly as Head of DHS/CISA
After CISA has not had an official chief for 8 months and after one Senator pulled a pre-July 4th political stunt that delayed her confirmation, the Senate unanimously confirmed Easterly this week. Easterly, who retired from the Army in 2011, was the deputy director for counterterrorism at the NSA, was on the National Security Council staff at the White House and is a two time Bronze Star recipient, is an outstanding person to lead CISA after Chris Krebs was fired last year for not following the party line. Credit: CNN
Did Russia Get the Message?
Remember the Revil ransomware gang? The folks that hacked Kaseya and JBS, among others? Well their web sites are no more. Did the U.S. take them down? Did Putin decide he didn’t like the heat? Will they come back later under a different name? Not clear. But what is clear is that people who were trying to get their files decrypted by paying the ransom – they have a bit of a problem as in kinda out of luck. My guess is Biden told Putin to fix the problem or we would fix it for him and he probably would not like the collateral damage. Credit: MSN
Hackers are Hard to Kill Off
Last year around election time the Pentagon was all full of press releases that they took down a Russian hacking operation called Trickbot. They have millions of victims around the globe. Bitdefender found that they are resurrecting their tools; updating them, etc. While Bitdefender found this particular tool using a honeypot, it doesn’t that was their only tool and it certainly does not mean they will shut down. It does mean that hacker networks are so profitable, that they will come back from the dead. Credit: The Daily Beast
Want a $10 Million Prize?
The feds are offering a reward of up to $10 million for information on operations conducted by actors working for a foreign government. On Thursday, the U.S. Department of State announced that its Rewards for Justice (RFJ) program now incentivizes reports of foreign malicious activity against U.S. critical infrastructure. The actions may include extortion as part of a ransomware attack, stealing information from protected systems, “and knowingly causing the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causing damage without authorization to a protected computer.” The feds set up a Tor site to report information confidentially. Credit: Bleeping Computer