Cyberinsurance claims increase, NATO’s Russia vigilance, Remcos RAT phishing
Subscribe to Cyber Security Headlines podcast
Spotify, Apple Podcasts, RSS link, add as an Alexa Skill, or search "Cyber Security Headlines" on your favorite podcast app.
In today’s cybersecurity news…
Record high for North American cyber insurance claims
A new report released by insurance broker Marsh says it received “over 1800 cyber claim reports from clients in the U.S. and Canada, more than any other year.” The company identifies the source of these problems as: more sophisticated cyberattacks, the MOVEIt incident, as well as more companies buying cyber insurance. One fifth of its clients, 282 companies, submitted a claim in 2023, with healthcare being the industry with the highest number of claims.
NATO members to increase vigilance over Russian sabotage attempts
Secretary general Jens Stoltenberg speaking in advance of two-day meeting between NATO defense ministers in Brussels, said the effort will include “increased awareness, exchange of information, intelligence, stepping up the protection of critical infrastructure, including undersea infrastructure and cyber, and also imposing tighter restrictions on Russian intelligence personnel across the alliance.” In fact much of the activities identified in the agreement focus no Russian organizations and individuals.
Remcos RAT discovered inside UUEncoding emails
Researchers from South Korea’s AhnLab Security intelligence Center (ASEC) are warning of a new phishing campaign that distributes the Remcos RAT malware within UUEncoding file attachments. These are attached to emails purporting to be about importing or exporting shipments. The malicious .UUE files encode a VBS script attached to the emails. This ultimately leads to a download of the Remcos RAT malware. The report does not mention which organizations might be behind the attack.
(AhnLab)
Researcher warns of need to patch Veeam Recovery Orchestrator exploit
As reported in BleepingComputer, “a proof-of-concept exploit for a critical Veeam Recovery Orchestrator authentication bypass vulnerability…has been released, elevating the risk of being exploited in attacks.” Security researcher Sina Kheirkha, who developed the exploit posted on his site that the flaw is “practically more straightforward to exploit than the vendor’s bulletin suggested.” Arising from a hardcoded JSON web token, it allows attackers to log in to the Veeam Recovery Orchestrator web UI with administrative privileges. Veeam points out that to be successful the attacker must know the exact username and role of an account that has an active VRO UI access token to accomplish the hijack.
领英推荐
And now a word from our sponsor, Vanta
Freelancers become victims of New York Times GitHub repo data breach
Following up on the ongoing story regarding the January heist of New York Times data from its GitHub repository, the news outlet has sent notifications to “freelance visual contributors that have done work for The Times in recent years.” The data stolen includes home phone numbers, email addresses, mailing addresses, nationality, and social media usernames as well as, in some cases, specialized information such as diving and drone certifications or access to specialized equipment. No actual number of affected freelancers was disclosed.
City governments in Michigan and New York suffer ransomware attacks
On Wednesday, the towns of Traverse City, Michigan and Newburgh, New York both announced they had been hit by cyber incidents that required shutdowns of online systems. This means residents would not be able to make online payments for taxes, water and permits, although 911 services remain active. Representatives are releasing few details as they investigate the incidents.
Panera warns of data breach
The company that operates as Panera Bread and Saint Louis Bread Company is alerting employees of a ransomware attack that occurred in March in which names and Social Security Numbers were stolen, along with what they describe as “other information you provided in connection with your employment.” This incident coincides an attack in April in which Panera’s virtual machine systems were encrypted in a ransomware attack, which affected its internal IT systems, phones, point of sales system, website, and mobile apps. According to BleepingComputer, Panera is not currently confirming any relationship between the two events.
Email scam costs Massachusetts town $445,000
The town of Arlington, Massachusetts are admitting to being a victim of a social engineering attack. According to a statement from town manager Jim Feeney, town employees started receiving legitimate emails from a vendor involved in a project focused on rebuilding a local high school. However, cybercriminals had compromised some town employee user accounts and were monitoring email correspondence. The criminals then sent messages from an email that appeared genuine, requesting a change in their payment method from check to electronic funds transfer.” Once the con had been discovered, the town was able to recoup just over $3,000, or 6 percent of the funds stolen.