Chapters
Shownotes Transcript
The SEC drops its investigation of the move at hack. The State Department puts a $10 million bounty on six Iranian hackers. The UK ICO finds a contractor behind an NHS ransomware attack. And Midnight Blizzard also stole UK government email. This is Risky Business News, prepared by Katalin Kimpanu and read by me, Claire Aird.
Today is the 9th of August, and this podcast episode is brought to you by Material Security, the company that secures the cloud office with unified email security, user behavior analytics, and data loss prevention for Microsoft 365 and Google Workspace.
In today's top story, the U.S. Securities and Exchange Commission has closed its investigation into Progress Software's 2023 MoveIt hacks. The SEC told Progress it does not plan to levy any fines or take enforcement action. Thousands of MoveIt file transfer servers were hacked by the CLOP cybercrime gang over Memorial Day weekend in 2023 after the group discovered a zero-day vulnerability in the software.
And staying with Progress Software's fine products, threat actors are exploiting a recently patched vulnerability in the Progress WhatsApp Gold Network monitoring solution. The attacks began at the start of August, according to the Shadow Server Foundation. They're exploiting a pre-authentication remote code execution bug that was patched in early June. Details and a proof of concept have been available since the start of July.
A software company in the UK has been fined £6 million for failing to adequately secure systems targeted in the ransomware attacks that crippled the National Health Service in 2022.
The UK privacy watchdog levied the fine on Advanced Computer Software Group after it failed to secure its systems with multi-factor authentication. The LockBit ransomware gang stole patient data and encrypted servers used by crucial NHS systems. Two years later, UK authorities played a central role in dismantling the gang's operation.
The US State Department is offering a $10 million award for information on six Iranians behind the cyber-avengers. The six were identified as members of the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command. They were sanctioned in February after a series of intrusions into US critical infrastructure. The group broke into industrial equipment and defaced their screens with anti-Israel and pro-Gaza messages.
The Russian hackers who breached Microsoft last year also stole emails from the UK government. The breach impacted home office inboxes, according to a report from The Record. The UK government is the most high-profile victim of the hack besides Microsoft itself.
Microsoft disclosed the hack earlier, at the end of last year, and said a Russian espionage group known as Midnight Blizzard breached its corporate network. The group stole emails from the inboxes of its management and security teams. Microsoft has tried to keep the hack and its aftermath quiet,
and has been privately notifying affected customers, many of which remain unknown. Just days before the records report, security researcher Kevin Beaumont claimed the hack of Microsoft itself was worse than previously disclosed. Beaumont said that Midnight Blizzard stole data about all the security flaws reported to Microsoft for decades, and that Microsoft failed to detect this bigger breach until January, months after it disclosed the initial hack.
American mortgage provider Loan Depot says it incurred losses of almost $27 million in a ransomware attack in January. The expenses included recovering from the attack and identity protection services for more than 16 million customers who had their data stolen.
Loan Depot was the fourth major U.S. mortgage and real estate insurance provider hit by a cyber attack at the end of 2023. Mr. Cooper, Fidelity National Financial and First American Financial also reported similar attacks.
A threat actor has stolen $1.8 million worth of tokens from cryptocurrency platform Nexera. The hacker allegedly exploited a vulnerability in the platform's smart contract. The attacker is linked to several other hacks, including the $11 million crypto heist of exchange platform OKEx.
Apple will make it harder for users to sidestep its Gatekeeper security feature in the next release of macOS. Gatekeeper verifies applications when they're launched to make sure they're cryptographically signed, which makes it harder for attackers to trick users into running malicious software.
Currently, users can disable the protection by holding control while clicking on the app, but under the new change, disabling Gatekeeper will be more complicated. The company is also pushing developers to submit applications for its verification process so users won't feel the need to bypass Gatekeeper.
The Turkish government has blocked access to 27 VPN services. The ban comes a week after the government also blocked access to Instagram. Privacy experts believe the government is trying to crack down on users still accessing the site through VPNs. Among the biggest VPN providers blocked this week are Proton, NordVPN and Surfshark.
The US government has arrested the administrators of the underground cybercrime forum WWH Club. The two suspects were identified in court documents as Russian national Pavel Kublitsky and Alexander Hordrev of Kazakhstan. The US says the two founded WWH Club in 2020 where they began trading in stolen data. The site had more than 170,000 members and allowed users to buy credentials, hire hackers and audit DDoS attacks.
Kublitsky was detained in Florida while Hordrev's status is unclear. Both fled their countries and sought asylum in the US in 2022, settling in Florida.
Moldavian authorities have arrested 12 suspects for their roles in an online cryptocurrency investment scam. The group allegedly used online ads mimicking Romanian personalities and brands to trick victims into investing via their platform. Romanian officials say the group has made over $3.2 million since 2022. At least 150 victims filed official complaints.
A new Windows worm named C-Moon is currently spreading among Russian internet users. The malware propagates via malicious documents hosted on Russian sites. According to Russian security firm Kaspersky, the malware can steal sensitive files, install other malware and carry out DDoS attacks. It's unclear if C-Moon is the work of a state-sponsored group.
Security firm SafeBreach Labs has discovered two vulnerabilities that can allow threat actors to downgrade Windows OS components to vulnerable versions. The vulnerabilities reside in the Windows kernel and update functions. The issues were presented at the Black Hat Security Conference this week. Microsoft has acknowledged both issues and is scheduled to release patches next week.
And finally, a team of academics has discovered three architectural vulnerabilities in CPUs from Chinese chipmaker T-Head. Named GhostWrite, the vulnerabilities impact the company's Xiantia CPUs, usually used in data centres. The vulnerabilities allow threat actors to bypass security and isolation features and gain write access to system memory.
And that is all for this podcast edition. Today's show was brought to you by our sponsor, Material Security. Find them at material.security. Thanks to your company.