Stoli U.S. bankrupts, German Crimenetwork seized, FBI telecom advisory
Subscribe to Cyber Security Headlines podcast
Spotify, Apple Podcasts, RSS link, add as an Alexa Skill, or search "Cyber Security Headlines" on your favorite podcast app.
In today’s cybersecurity news…
Stoli files for bankruptcy in U.S. after ransomware attack
On Friday, Stoli Group’s U.S. companies filed for bankruptcy following a ransomware attack it suffered back in August. Chris Caldwell, the President and Global Chief Executive Officer of Stoli Group subsidiaries, Stoli USA and Kentucky Owl, said the incident severely disrupted its IT systems, including its enterprise resource planning (ERP) platform and forced the company to resort to manual operations for key processes such as accounting. The incident also prevented the Stoli U.S. subsidiaries from providing financial reports to lenders who claimed the two companies had defaulted on a $78 million debt.
Police seize largest German online criminal marketplace
German authorities have taken down the country’s largest dark web marketplace, unoriginally named “Crimenetwork.” Crimenetwork was established in 2012 and enabled criminals to post stolen data and sell drugs and illicit services such as document forging. The site had over 100,000 users and 100 registered sellers who raked in approximately 93,000,000 Euros ($98,000,000) in Bitcoin and Monero since 2018. The marketplace itself earned at least $5 million over the same period through monthly subscription and transaction fees. Police also arrested a 29-year-old, known online as “Techmin,” who is suspected of serving as Crimenetwork’s administrator for several years.
FBI advises telecoms to boost security following Chinese hacking campaign
Since October, we’ve been covering ongoing reports that China-backed hacking group, Salt Typhoon, was reportedly in the networks of AT&T, Verizon, and Lumen (formerly CenturyLink), among others. These attacks are thought to be part of a broad Chinese espionage campaign targeting U.S. officials and also wiretap systems that might identify Chinese individuals under U.S. surveillance. On Tuesday, U.S. government officials warned that Salt Typhoon is still inside networks of some phone and internet providers. Additionally on Tuesday, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued guidance to telecommunication companies to bolster their defenses through deployment of encryption as well as centralized and consistent monitoring. The government’s guidance was issued jointly with security agencies and organizations in New Zealand, Australia, Canada, and Britain.
(SecurityWeek and TechCrunch)
Police shutter MATRIX encrypted chat service
On Tuesday, Europol announced that French and Dutch law enforcement dismantled the “sophisticated” encrypted messaging service linked to international drug and arms trafficking, and money laundering. Authorities said MATRIX had its own operating system and various apps for encrypted messaging, secure calls, video and voice sharing, and anonymous web browsing. Its infrastructure consisted of more than 40 servers in several countries, with the majority based in Germany and France. Law enforcement dismantled those servers and announced the arrest of three suspects who allegedly operated the platform. Police seized €145,000 ($152,000) in cash and about €500,000 ($527,000) in cryptocurrencies, confiscated four vehicles and more than 970 mobile phones.
领英推荐
Huge thanks to our sponsor, Vanta
Decade-old Cisco vulnerability under active exploit
Cisco is warning customers that an input validation vulnerability (CVE-2014-2120) in its Adaptive Security Appliance (ASA) WebVPN login page is now actively being exploited by threat actors. Cisco documented the bug back in 2014 and exploitation could allow an unauthenticated remote attacker to launch cross-site scripting (XSS) attacks. Cisco discovered exploitation attempts in November 2024 and said customers should upgrade to a fixed software release. The company added that there are no workarounds for this flaw. This issue highlights how implementing legacy security fixes can get lost in the sea of security priorities that organizations are facing.?
Two data brokers banned by the FTC
The Federal Trade Commission (FTC) announced Tuesday that it is banning data brokers Gravy Analytics and Mobilewalla (and its subsidiary Venntel) from collecting, using, and selling “sensitive” location data of Americans. The agency alleged the brokers violated the FTC Act by collecting and selling information that could be used to track people to healthcare facilities, military bases, religious sites, labor union gatherings, and other sensitive locations. The FTC says Mobilewalla collected info by bidding to show people personalized ads on their mobile devices and then retaining tracking info identifying them. Mobilewalla’s subsidiary, Venntel, collected location data from otherwise ordinary mobile apps and then sold the data to other businesses or government agencies including the IRS, DEA, and FBI. The companies must comply with the FTC’s ban by never “selling, disclosing, or using sensitive location data in any product or service, and must establish a sensitive data location program.”
Misconfigured WAFs heighten security risks
According to a report from Zafran, nearly 40% of Fortune 100 companies leveraging their content delivery network (CDN) providers for Web Application Firewall (WAF) services may be exposing back-end servers to attacks. WAFs act as intermediaries between users and Web applications, inspecting traffic for an array of threats and blocking malicious activity. In total, Zafran found 2,028 domains belonging to 135 companies exposing at least one supposedly WAF-protected server. This means attackers could access the servers over the Internet to launch attacks like denial-of-service (DoS) and ransomware. The researchers explained that the issues stem from organizations not following best practices including adequately validating Web requests to back-end origin servers, filtering IP addresses and establishing encrypted TLS connections between the CDN provider and their servers. While some responsibility does lie with customers, the researchers said, “CDN providers who offer WAF services share some responsibility as well for failing to offer customers proper risk avoidance measures and for not building their networks and services to circumvent misconfigurations in the first place.”
Cyber-unsafe employees increasingly put their orgs at risk
A new study from CyberArk surveyed more than 14,000 employees across a variety of industries and shows that 80% of respondents access workplace applications from personal devices that lack key security controls. Additionally, the study found that privileged access often extends beyond IT admins. One third of respondents are able to alter sensitive data without controls, and roughly 30% can approve large financial transactions on their own. Nearly half (49%) of respondents admitted to reusing the same login credentials for multiple work applications, while 36% use the same credentials for both work and personal applications. Finally, about 65% admitted to bypassing cybersecurity policies for personal ease. All of these practices heighten the risk of organizations falling victim to leaks and data breaches.