Security News > 2021 > June

Russian hacking group REvil is behind the ransomware attack on meat processing company JBS Foods, according to the FBI. The good news from the JBS Foods ransomware attack is that it seems to have followed one of the basic tenets of cybersecurity - make back-ups. The meat processing company JBS said on Wednesday that its operations had mostly recovered from a ransomware attack and had shut down operations in the United States and Australia earlier this week.

The FBI has publicly confirmed that the REvil ransomware was used in the cyberattack that forced the world's largest meat processing company to shut down systems. While JBS did not make public any technical information on the attack, it did notify the federal government of a ransom demand, apparently coming from a Russian hacking group.

New upgrades have been made to a Python-based "Self-replicating, polymorphic bot" called Necro in what's seen as an attempt to improve its chances of infecting vulnerable systems and evading detection. "Although the bot was originally discovered earlier this year, the latest activity shows numerous changes to the bot, ranging from different command-and-control communications and the addition of new exploits for spreading, most notably vulnerabilities in VMWare vSphere, SCO OpenServer, Vesta Control Panel and SMB-based exploits that were not present in the earlier iterations of the code," researchers from Cisco Talos said in a deep-dive published today.

Almost two weeks ago, the European Parliament took the step of objecting to the European Commission's decision to grant the UK data adequacy. The European Parliament's resolution will not block adequacy, but it nevertheless sends a significant political signal, particularly in the wake of two major court cases last week, which have found the UK's exemption of immigration from data protection laws to be unlawful and that UK mass surveillance laws violated privacy rights.

Major software vulnerabilities are a fact of life, as illustrated by the fact that Microsoft has patched between 55 and 110 vulnerabilities each month this year - with 7% to 17% of those vulnerabilities being critical. The problem is that the critical vulnerabilities are things we have seen for many years, like remote code execution and privilege escalation.

NortonLifeLock, the company that offers the consumer products Broadcom didn't want when it bought Symantec, has started to offer Ethereum mining as a feature of its Norton 360 security suite. The company says, funnily enough, a better approach is to have its computer security software mine Ethereum while it runs, then store the results in the Norton cloud.

As more and more networks are implementing Resource Public Key Infrastructure validation and signing of their BGP routes-to protect themselves against route hijacks and leaks, what should happen in case the critical RPKI goes down? ARIN plans on performing unannounced maintenance of its RPKI, sometime in July, for about thirty minutes to check if networks are adhering to BGP best practices.

From siloed to unified key management: Legacy key protection and management was comprised of different solutions for different environments and business problems. From disparate to integrated key management and key protection: Legacy key protection provides only basic management and dedicated key management solutions are often not integrated with key protection.

FireEye has entered into a definitive agreement to sell the FireEye products business, including the FireEye name, to a consortium led by Symphony Technology Group in an all-cash transaction for $1.2 billion, before taxes and transaction-related expenses. The FireEye products business and Mandiant Solutions will continue to operate as a single entity until the transaction closes, allowing management and STG to develop a successful transition of the FireEye products business to a standalone entity within the STG portfolio.

The general lack of transparency around cybersecurity continues to be one of the largest factors holding back the combined ability of the public and private sector to truly defend against the impact of cyberattacks. In terms of the latter, practitioners have established guardrails around the truly useful information that can be safely shared without impact to company brand or strategy; collaborators respect the fact that any information shared should only be used in support of bettering their company's program and capabilities.