Good day and welcome again to GlobalSign’s weekly information round-up.
After a number of weeks of relative quiet by way of new assaults, this week was marked by an uptick in new incidents. One of many greatest being the $600 million greenback hack at decentralized finance platform Poly Community. Happily, inside a couple of days the accountable social gathering started returning the cash as a result of they solely hacked Poly “for fun.” The attacker executed the hack by exploiting a flaw in Poly Community’s code to steal the funds. The corporate pleaded with the hacker to return the cash and, remarkably, their want was granted. As of Thursday morning, $342 million value of belongings had been returned.
One other huge title within the information this week was large IT consulting agency Accenture which was impacted by a LockBit ransomware assault midweek. Happily, the corporate was capable of totally restore sure affected programs inside a day. In a press release Accenture mentioned that it had “recognized irregular exercise in considered one of our environments. We instantly contained the matter and remoted the affected servers.”
CNBC reporter Eamon Javers offered extra particulars on his Twitter account. In response to Javers, the hackers posted on the darkish Net that “These persons are past privateness and safety. I actually hope that their companies are higher than what I noticed as an insider. For those who’re fascinated by shopping for some databases, attain us.”
Additionally, on Monday it was reported that Taiwan-based Gigabyte suffered a ransomware assault between August third and August 4th. In response to Bleeping Laptop sources, the extortion gang RansomEXX claimed to have stolen 112GB of delicate inner information in addition to data from a code repository. This consists of Intel and AMD chip data in addition to a debug doc. The breach is thought to have affected each the Gigabyte help web page and elements of the Taiwanese web page.
Meantime, Microsoft was targeted on rolling out its August patch Tuesday replace. It addressed two extra safety points inside Home windows Print Spooler. In whole, Microsoft’s August safety replace covers 44 vulnerabilities, with seven rated vital. The brand new Home windows Print Spooler flaws are CVE-2021-36947 and the zero-day CVE-2021-36936. They’re associated to the household of vulnerabilities collectively referred to as PrintNightmare, which have been first made public in early July. The patches are essential and if not finished, issues may actually grow to be nightmarish in keeping with this text from Cybersecurity Drive.
Lastly, Bleeping Laptop reported that the common decryption key for REvil’s assault on Kaseya’s clients final month has been leaked on hacking boards permitting researchers their first glimpse of the mysterious key. The assault on managed service suppliers was huge and went international. It was executed by exploiting a zero-day vulnerability within the Kaseya VSA distant administration utility. This assault encrypted roughly sixty managed service suppliers and an estimated 1,500 companies, making it presumably the most important ransomware assault in historical past. Scroll all the way down to learn the complete story.
That’s a wrap for this week. Wishing everybody a cybersafe weekend!
Prime International Safety Information
Bleeping Laptop (August 11, 2021) Hacker behind greatest cryptocurrency heist ever returns stolen funds
“The risk actor who hacked Poly Community’s cross-chain interoperability protocol yesterday to steal over $600 million value of cryptocurrency belongings is now returning the stolen funds.
Because the Chinese language decentralized finance (DeFi) platform Poly Community shared two hours in the past, the hacker has already returned virtually $260 million value of stolen cryptocurrency. In whole, the attacker has transferred again $256 million Binance Sensible Chain (BSC) tokens, $3.3 million in Ethereum tokens, and $1 million in USD Coin (USDC) on the Polygon community.
To ship again all of the stolen funds, the hacker nonetheless has to return one other $269 million on Ethereum and $84 million on Polygon.”
CRN (August 11, 2021) Accenture Hit By Ransomware Assault, Newest Sufferer Of ‘Cyber-Pandemic’
“Accenture on Wednesday confirmed that it was hit by a ransomware assault, with a hacker group utilizing the LockBit ransomware reportedly threatening to launch the corporate’s information and promote insider data.
CNBC reporter Eamon Javers Wednesday first broke the information concerning the assault in a tweet, writing that the hacker group in a put up on the Darkish Net wrote, ‘These individuals patches are past privateness and safety. I actually hope that their companies are higher than what I noticed as an insider. For those who’re fascinated by shopping for some databases, attain us.’
Accenture, in an emailed response to a request for data from CRN, confirmed the ransomware assault, however mentioned there was no influence on the corporate.”
Bleeping Laptop (August 11, 2021) Kaseya’s common REvil decryption key leaked on a hacking discussion board
“The common decryption key for REvil’s assault on Kaseya’s clients has been leaked on hacking boards permitting researchers their first glimpse of the mysterious key.
On July 2nd, the REvil ransomware gang launched a large assault on managed service suppliers worldwide by exploiting a zero-day vulnerability within the Kaseya VSA distant administration utility.
This assault encrypted roughly sixty managed service suppliers and an estimated 1,500 companies, making it presumably the most important ransomware assault in historical past.”
DataBreach Right this moment (August 11, 2021) Microsoft Patches 3 Zero-Day Vulnerabilities
“Microsoft’s Patch Tuesday rollout addressed two extra safety points inside Home windows Print Spooler, together with one zero day.
Microsoft’s August safety replace covers 44 vulnerabilities, with seven rated vital. In July, the corporate’s replace included patches for 117 vulnerabilities.
The brand new Home windows Print Spooler flaws are CVE-2021-36947 and the zero-day CVE-2021-36936. They’re associated to the household of vulnerabilities collectively referred to as PrintNightmare, which have been first made public in early July. Microsoft charges the primary two vulnerabilities as ‘exploitation extra possible,’ and the third vulnerability as having been publicly disclosed, says Satnam Narang, employees analysis engineer at Tenable.
Microsoft’s Safety Response Middle additionally revealed steerage on PrintNightmare, noting its investigation into the issues discovered the default habits of Level and Print doesn’t present clients with the extent of safety required to guard towards potential assaults.”
The Verge (August 9, 2021) Hackers reportedly threaten to leak information from Gigabyte ransomware assault
“Gigabyte has been the sufferer of a cyberattack, which was reportedly the work of a ransomware outfit known as RansomEXX. In response to The File, the assault didn’t have an effect on any of the corporate’s manufacturing programs, but it surely did have an effect on some inner servers. Presently, some elements of Gigabyte’s web site, together with its help part, are down, giving clients points when making an attempt to entry guarantee restore data and updates. The hackers who declare to have carried out the assault are reportedly threatening to launch information from the corporate, together with confidential paperwork from Intel, AMD, and American Megatrends.”
Different Trade Information
Like what you’re studying? Head to the Subscriber kind within the sidebar to get insightful GlobalSign content material delivered on to your inbox.