Security News

The White House has confirmed today that JBS, the world's largest beef producer, was hit by a ransomware attack over the weekend coordinated by a group likely from Russia. JBS only hinted that a ransomware group caused the incident on Monday, stating that "The company's backup servers were not affected, and it is actively working with an Incident Response firm to restore its systems as soon as possible."

The thought of ransomware gripping the corporate systems we manage is enough to give any of us sleepless nights. The thought of a ransomware attack crippling the healthcare infrastructure all of us rely on is terrifying.

The White House says it believes U.S. government agencies largely fended off the latest cyberespionage onslaught blamed on Russian intelligence operatives, saying the spear-phishing campaign should not further damage relations with Moscow ahead of next month's planned presidential summit. The revelation of a new spy campaign so close to the June 16 summit between President Joe Biden and Russian counterpart Vladimir Putin adds to the urgency of White House efforts to confront the Kremlin over aggressive cyber activity that criminal indictments and diplomatic sanctions have done little to deter.

US troops charged with guarding nuclear weapons in Europe used popular education websites to create flash cards, exposing their exact locations and top-secret security protocols, according to the investigative site Bellingcat Friday. To familiarize themselves with things like which shelters in various locations had "Hot" vaults with live nuclear bombs, with security patrol schedules, and with identification badge details, the soldiers created digital flash card sets on apps like Chegg Prep, Quizlet and Cram.

Details of some US nuclear missile bunkers in Europe, which contain live warheads, along with secret codewords used by guards to signal that they're being threatened by enemies, were exposed for nearly a decade through online flashcards used for education, but which were left publicly available. The astonishing security blunder was revealed by investigative journalism website Bellingcat, which described what it found after "Simply searching online for terms publicly known to be associated with nuclear weapons."

Chinese threat groups continue to deploy new malware strains on the compromised network of dozens of US and EU organizations after exploiting vulnerable Pulse Secure VPN appliances. In the previous report, FireEye mentioned 12 malware families found on and specifically designed to infect Pulse Secure VPN appliances.

Nobelium, the Russia-aligned gang identified as the perpetrators of the supply chain attack on SolarWinds' Orion software, has struck again, Microsoft vice president Tom Burt in a blogpost Thursday. Burt's post says the attacks saw Nobelium gain access to accounts on the email marketing service "Constant Contact" operated by The United States Agency for International Development.

The Federal Bureau of Investigation says state-sponsored attackers breached the webserver of a U.S. municipal government after hacking a Fortinet appliance. "As of at least May 2021, an APT actor group almost certainly exploited a Fortigate appliance to access a webserver hosting the domain for a U.S. municipal government," the FBI's Cyber Division said in a TLP:WHITE flash alert published today.

U.S. pipeline operators will be required for the first time to conduct a cybersecurity assessment under a Biden administration directive in response to the ransomware hack that disrupted gas supplies in several states this month. The Transportation Security Administration directive being issued Thursday will also mandate that the owners and operators of the nation's pipelines report any cyber incidents to the federal government and have a cybersecurity coordinator available at all times to work with authorities in the event of an attack like the one that shut down Colonial Pipeline.

The US Department of Homeland Security has announced new pipeline cybersecurity requirements after the largest fuel pipeline in the United States was forced to shut down operations in early May following a ransomware attack. The new security directive requires critical pipeline owners and operators to report any confirmed and potential cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency.