CyberSecure Specialist

Ransomware Gang Takes Credit for Maple Leaf Foods Hack

The Black Basta ransomware group has taken credit for the recently disclosed attack on Canadian meat giant Maple Leaf Foods. The cybercriminals have made public several screenshots of technical documents, financial information and other corporate files to demonstrate that they gained access to Maple Leaf Foods systems. Maple Leaf Foods announced in early November that it was experiencing an outage as a result of a cyberattack. The Mississauga, Ontario-based packaged meats company said it took…

Read More

How to build a public profile as a cybersecurity pro

Cybersecurity professionals interested in raising their profiles as subject matter experts can count on social media to become more visible. With everyone being online this may not be enough though. CSO spoke to Forrester analyst Jinan Budge and cybersecurity professionals Katie Moussouris, Troy Hunt, Rachel Tobac, and Christina Morillo about their journeys and their tips for those who want to build their public profile. Some of these professionals have been known for their work for…

Read More

Hacker attempts to sell data of 500 million WhatsApp users on dark web

A hacker has allegedly posted a dataset to the dark web containing the personal information of almost 500 million WhatsApp users. In the post, which was uploaded to hacking forum BreachForums on November 16, the hacker claimed to be selling up-to-date personal information of 487 million WhatsApp users from 84 countries. In the post, the alleged hacker said those who bought the datasets would recieve “very recent mobile numbers” of WhatsApp users. The leak was…

Read More

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called Pushwoosh, which claims to be based in the United States. But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan, malware designed to surreptitiously intercept and forward text messages from Android mobile devices.…

Read More

Financial services increasingly targeted for API-based cyberattacks

A report published Monday by cloud services and CDN (content delivery network) platform Akamai said that the financial services industry is an increasingly popular target for a wide range of cyberattacks, with application and API attacks against the vertical more than tripling in the past year. APIs are a core part of how financial services firms are changing their operations in the modern era, Akamai said, given the growing desire for more and more app-based…

Read More

Russia-Linked Sandworm Continues Launching Attacks

According to ESET, the most recent cyberattacks have common indicators with attacks launched by Sandworm previously, including the use of PowerShell to distribute ransomware that is “almost identical to the one seen last April during the Industroyer2 attacks against the energy sector.” PowerShell, also known as PowerGap by Ukrainian cyber authorities, was used to introduce the CaddyWiper malware against Ukrainian infrastructure in April 2022, shortly after the Russian invasion. https://cybernews.com/news/sandworm-spawns-monstrous-offspring/ https://thehackernews.com/2022/11/russia-based-ransomboggs-ransomware.html

Read More

Black Reward Claims Attack on Iranian Fars News Agency

The threat group Black Reward has taken credit for the breach of the Islamic Revolutionary Guard Corps (IRGC) managed Fars News Agency out of Iran. The group stated that they deleted nearly 250 terabytes of data and accessed confidential bulletins and directives sent by the news agency to the office of Supreme Leader Ali Khamenei. Additional compromised data includes recorded calls, information on internal portals related to administrative conversations and news folders, image archives, and financial…

Read More

U.S. Bans Sales of Huawei, Hikvision, ZTE, and Dahua Equipment

This is not the first time the U.S. government has been at odds with Chinese telecommunications companies. In February of 2020, after an FBI investigation, Huawei was charged with racketeering conspiracy and with conspiracy to steal trade secrets. Additionally, in 2019, a U.S. affiliate of Huawei was indicted for theft of trade secrets, wire fraud, and obstruction of justice. Earlier this year, in an address to business leaders from across the U.S., FBI director Christopher…

Read More

Virginia County Confirms Personal Information Stolen in Ransomware Attack

Southampton County in Virginia last week started informing individuals that their personal information might have been compromised in a ransomware attack. The incident was identified in September, when a threat actor accessed a server at Southampton and encrypted the data that was stored on it. The county says that it took steps to contain the attack immediately after identifying it, and that it launched an investigation into the incident, to determine the type of data…

Read More

AWS releases Wickr, its encrypted messaging service for enterprises

Just days after announcing the close of its consumer-oriented Wickr Me encrypted messaging service, Amazon Web Services (AWS), at its annual re:Invent conference on Monday, said that it was making the enterprise version of the app generally available. Dubbed simply AWS Wickr, the service was first announced in July and has been in preview till now. The enterprise version of the messaging service, designed to allow enterprise users to securely collaborate via text, voice and…

Read More