Security News

China has a playbook to use IP theft to seize leadership in cloud computing, and other nations should band together to stop that happening, according to Nathaniel C. Fick, the US ambassador-at-large for cyberspace and digital policy. The ambassador described China's actions in the telecoms industry as "a playbook" and warned the nation will "Run it in cloud computing they will run it in AI, they will run it in every core strategic technology area that matters."

The growing adoption of cloud has elevated cloud security fear for IT teams, as they grapple with the challenges and concerns arising from the widespread use of complex cloud environments while diligently addressing them, according to SUSE. Cloud security fear is growing. Data stores as top cloud security concern: 31% of respondents named data stores hosted by cloud or third parties as their top cloud security concern.

Infosec in brief Remember earlier this year, when we found out that a bunch of baddies including at least one nation-state group broke into a US federal government agency's Microsoft Internet Information Services web server by exploiting a critical three-year-old Telerik bug to achieve remote code execution? The US Cybersecurity and Infrastructure Security Agency and FBI warned about the first intrusion into a federal civilian executive branch agency's Microsoft IIS web server back in March, and said the snafu happened between November 2022 and early January.

The U.S. State Department's Rewards for Justice program announced up to a $10 million bounty yesterday for information linking the Clop ransomware attacks to a foreign government. "Do you have info linking CL0P Ransomware Gang or any other malicious cyber actors targeting U.S. critical infrastructure to a foreign government? Send us a tip. You could be eligible for a reward," tweeted the Rewards for Justice Twitter account.

The US Department of Energy and other federal bodies are among a growing list of organizations hit by Russians exploiting the MOVEit file-transfer vulnerability. Many orgs, including the US government, have been hit via this flaw, with Clop blamed for this mass exploitation.

Russian national Ruslan Magomedovich Astamirov was arrested in Arizona and charged by the U.S. Justice Department for allegedly deploying LockBit ransomware on the networks of victims in the United States and abroad. According to the criminal complaint, the 20-year-old suspect from the Chechen Republic was allegedly involved in LockBit ransomware attacks between August 2020 and March 2023."Astamirov allegedly participated in a conspiracy with other members of the LockBit ransomware campaign to commit wire fraud and to intentionally damage protected computers and make ransom demands through the use and deployment of ransomware," US DOJ said.

Seven nations today issued an alert, plus protection tips, about LockBit, the prolific ransomware-as-a-service gang, as the group's affiliates remains a global scourge, costing US victims alone more than $91 million since 2020. The crew has been linked to Russia, and in May Uncle Sam sanctioned a Russian national, Mikhail Pavlovich Matveev, accused of using LockBit and other ransomware to extort a law enforcement agency and nonprofit healthcare organization in New Jersey, as well as the Metropolitan Police Department in Washington DC, among "Numerous" other victim organizations in the US and globally.

Operated out of Japan by French expatriate Mark Karpelès, Mt. Gox rapidly became the biggest online Bitcoin exchange, but imploded in 2014 when the company was forced to admit that it had lost Bitcoins worth more than $0.5 billion at the time. In 2014, the Big Daddy of Bitcoin exchanges, Japan-based Mt. Gox, made a "So sorry, they seem to have vanished" announcement about a whopping 650,000 Bitcoins, worth approximately $800 each at the time.

The US federal government's ban on TikTok has been extended to include devices used by its many contractors - even those that are privately owned. The rule went into effect the day it was published in the Federal Register - June 2 - meaning any government contracts issued will now have to include language regarding the ban.

Because the data includes the identity fraud goldmine of the victims' names and social security numbers, one of the lawsuits claims the danger to those affected could continue throughout "Their lives." According to the data breach notice by Mercer University in Macon, Georgia, 93,512 people were affected.