Cloudstar – IT provider for real estate, finance and insurance worlds – shot dead by ransomware • The Register
In short Cloud-based IT provider Cloudstar has been hit by ransomware, causing its systems to crash. He said he is currently negotiating with the crooks who infected his computers.
“On Friday, July 16, Cloudstar discovered it was the victim of a highly sophisticated ransomware attack,” the Florida-based company warned customers over the weekend.
âDue to the nature of this attack, our systems are currently inaccessible, and although we are working 24 hours a day, we do not have a definitive recovery schedule. Our Office 365 email services, our email encryption offering -mails and some support services are still fully operational.
“Cloudstar has retained the services of third-party forensic expert, Tetra Defense, to assist with our recovery efforts and to brief law enforcement. Negotiations with the perpetrator of the threat are ongoing. We are working. diligently to resolve this issue as quickly as possible and will keep our stakeholders informed. “
Cloudstar would provide technology to hundreds of securities firms and lenders. It offers remote virtual offices, cloud-hosted software and storage, and IT security to businesses in the Americas working in real estate, finance, insurance, and petrochemicals.
âThese are incredibly difficult times for Cloudstar but more importantly for our customers, trusting whom we value,â the outfit added on its website.
Four Chinese living in the Middle Kingdom have been accused by Uncle Sam of compromising “the computer systems of dozens of victimized businesses, universities and government entities in the United States and abroad between 2011 and 2018 â. Their alleged activity has been linked to a Beijing-led crew dubbed APT40.
Thieves are peddling 1TB of stolen data on the dark web that would belong to Saudi Aramco.
Spyware maker NSO attempted to start a business in the United States and failed, although its lobbyists, consultants and lawyers made a lot of money from the attempt, according to reports.
Cloudflare code execution bug spotted, overwritten
A critical flaw in a Cloudflare service that would be used by 12.7% of all websites could have been hijacked by a malicious user-controlled package to potentially compromise a number of web pages.
The service in question is cdnjs, which hosts users’ JavaScript and CSS libraries and serves them from a content delivery network. Bug hunter RyotaK, while investigating supply chain attacks, discovered a pathway bug that could be exploited by a carefully crafted JS / CSS library submitted to cdnjs through its GitHub repository for inclusion in the CDN.
This library would be able to overwrite files and execute commands in the context of the cdnjs backend when the submission is processed, and could obtain the secret GitHub API keys from Cloudflare. An attacker could potentially have used this position to modify the JavaScript and CSS provided to these websites using cdnjs.
Equally interesting, when RyotaK attempted a proof-of-concept exploit for this vulnerability, GitHub triggered an alert to Cloudflare that its credentials had been compromised and API keys were quickly revoked and regenerated by staff. We were told that RyotaK, which was participating in Cloudflare’s bug bounty program, submitted a vulnerability report shortly after early April, and the issue was fully resolved in early June.
âWhile this vulnerability can be exploited without any special skills, it could impact many websites,â RyotaK said this month. “Considering that there are so many vulnerabilities in the supply chain, which are easy to exploit but have a big impact, I think it’s very scary.”
America finally has a CISA leader
Jen Easterly has been confirmed by Congress as the new director of the US Cybersecurity and Infrastructure Security Agency (CISA).
A former president sacked former CISA chief Chris Krebs by tweeting after the director said Joe Biden’s 2020 election was “the safest in American history.” political quarrels delayed its official installation.
Easterly is well respected in the industry: she is a Rhodes scholar who went to Oxford and spent 20 years in the U.S. military, building up her first cyber battalion, and was a key player in training the current US Cyber ââCommand. She served at the NSA as the leader of its Custom Access Operations penetration team and as the National Security Advisor to Presidents Bush and Obama.
Easterly’s confirmation was delayed in June when Senator Rick Scott (R-FL) suspended the process until Biden made it to the US-Mexico border. Later that month, when the suspension was lifted, the Senate was unable to deal with it as a two-week hiatus was in progress.
Boffins shines the spotlight on Telegram security
Cryptographers from ETH Zurich and Royal Holloway College at the University of London have investigated the encrypted chat protocol developed by Telegram and claim that an attacker could exploit it to, among other things, change the order of messages sent and potentially discover the clear text of certain communications in exceptional circumstances.
“In this case, our work was prompted by other research that examines the use of technology by participants in large-scale protests such as those seen in 2019/2020 in Hong Kong,” said Martin Albrecht, professor at Royal Holloway. “We discovered that the protesters were critically relying on Telegram to coordinate their activities, but Telegram had not received a security check from the cryptographers.”
“None of the changes were critical,” Telegram said in a statement, referring to software updates released to respond to academics’ findings.
Iranians singled out for university phishing attack
A group identified as working with the Islamic Revolutionary Guard Corps (IRGC) carried out a phishing campaign aimed at gathering information from academics, policy makers in think tanks and journalists covering the Middle East.
The campaign, dubbed SpoofedScholars by Proofpoint, sent a spear-phishing email masquerading as a senior lecturer at the School of Oriental and African Studies (SOAS) at the University of London. The recipients were invited to speak at a webinar on âUS Security Challenges in the Middle East,â and the URL led to a compromised University of London SOAS radio website.
This site asked people to log in using their Google, Yahoo, Microsoft, iCloud, AOL, mail.ru, or Facebook account details, allegedly collected by phishers. A few months later, the same tactic was attempted again, using the name of another SOAS scholar and inviting people to a âDIPS conferenceâ.
“Proofpoint recommends investigating network traffic to soasradio[.]org, especially URIs starting with hxxps: // soasradio[.]org / connect /? memberemailid = “, reads the report.” Additionally, e-mails from hanse.kendel4[@]gmail.com, hannse.kendel4[@]gmail.com and t.sinmazdemir32[@]gmail.com should be considered suspicious and be investigated. “
Ring E2EE now available to everyone
After a beta test phase, Amazon is officially rolling out its end-to-end encryption for its most recent internet-connected cameras and projectors. You can get the full list of devices that support the system here. ®