yaracroft @venom@nanao.cybtex.fr

Following the high-profile ransomware attack suffered by the Washington D.C. Metro Police Department recently, we have another two similar incidents surfacing now, one of which has been officially admitted by the victimized entity. In both cases, the result is a catastrophic leak of highly #sensitive data and documents relevant to police investigations, personnel, suspects, citizens, informants, incriminating evidence, secret agent identities, and all kinds of stuff that #police departments would rather keep away from the public sphere.

https://www.technadu.com/two-more-american-police-departments-hacked-cyber-gangs/280174/

The Swedish Public Health Agency could not report complete #COVID19 stats starting with Wednesday at 4 PM due to the database shut down. Folkhälsomyndigheten has shut down SmiNet, the country's infectious diseases database. The investigation into unauthorized access to sensitive information is still ongoing. The incident has been reported to the Police and to the Privacy Protection Authority.

https://www.folkhalsomyndigheten.se/nyheter-och-press/nyhetsarkiv/2021/maj/folkhalsomyndigheten-anmaler-forsok-till-dataintrang-mot-sminet/

A cyber attack has shut down operations at the world's largest meat processor in Australia, Canada and the United States, sending thousands of Australian abattoir workers home. JBS has a network of 47 #facilities with abattoirs and feedlots in NSW, Queensland, Victoria and Tasmania. JBS #Australia has more than 10,000 workers across Queensland, New South Wales, Victoria, South Australia, Tasmania and Western Australia. Half of the employees are based in Queensland, where 416,700 tonnes of beef, smallgoods and bacon are produced.

https://www.smh.com.au/national/cyber-attack-suspends-operations-at-australia-s-largest-meatworks-20210531-p57wsx.html

Gllittering, a member of RaidForums have leaked Customer Genomics (customergenomics.ai) databases. Customer Genomics® is a trademark of Fractal Analytics (fractal.ai), a multinational artificial intelligence company that provides services in consumer packaged goods, #insurance, #healthcare, life sciences, #retail and #technology, and the #financial sector.

https://www.technadu.com/massive-database-belonging-fractal-analytics-offered-purchase/279947/

Les intrus disent être restés plus d'un mois dans le Système d'Information de la société ExaGrid Systems, Inc (exagrid.com) avant de déclencher la phase finale de leur attaque. Ils ont ainsi obtenu avec brio le paiement net de 2,6 millions de dollars. ExaGrid a construit sa dernière campagne marketing sur le développement d'une fonction « Retention Time-Lock for Ransomware Recovery » permettant d'après elle d'empêcher les pirates informatiques et autres #ransomware d'effacer des données sensibles protégées. #relaliation

https://www.lemagit.fr/actualites/252501640/Ransomware-le-specialiste-du-stockage-ExaGrid-cede-a-Conti

An independent hacker is selling a set of databases that they claim are the result of a hack against Tezpur University (tezu.ernet.in), a large public educational institute in North-Eastern #India. The seller has set a price of $25 and promises 20,000 database entries in return. Details include full names, dates of birth, email addresses, states, gender, phone numbers, religion, age, current address, permanent address, father's name, mother's name, spouse's name, blood type, and more. Tezpur University was established by the Indian Parliament back in 1994, and it operates a large number of schools, departments, research centers,.. As such, if someone was able to exfiltrate the institute's databases, that means the incident would affect a very large number of students and applicants at the university, far greater than 20,000.

https://www.technadu.com/hacker-claims-holding-databases-stolen-tezpur-university/278930/

On April 29, 2021, a threat actor posted on a cybercrime forum claiming to be in possession of 130 million records of #India based Customs data. Data leaks like this can adversely impact industries such as Retail and Manufacturing as the leaked information may reveal competitor strategy and pricing details. Apart from this, the leaked information can be further misused by cybercriminals to launch targeted phishing attacks on individual ports, importers, and exporters.

https://cybleinc.com/2021/05/28/130-million-records-of-india-based-import-export-data-allegedly-leaked-in-the-darkweb/

Memory Protection Bypass Vulnerability in SIMATIC S7-1200 & S7-1500 CPU families #rce #isc #cyber #threats

https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf

Claroty has found a severe memory protection bypass vulnerability ( CVE-2020-15782 ) in Siemens PLCs, the SIMATIC S7-1200 and S7-1500. An attacker could abuse this vulnerability on PLCs with disabled access protection to gain read and write access anywhere on the #PLC and remotely execute malicious code. This new vulnerability not only allows an attacker to execute native code on Siemens S7 controllers but also bypasses detection by the underlying operating system or any diagnostic software by leaving the user sandbox to inject arbitrary data and code directly into protected memory areas. #rce #isc #cyber #threats

https://claroty.com/2021/05/28/blog-research-race-to-native-code-execution-in-plcs/

Nelle scorse settimane il Comune di Porto Sant'Elpidio (comune.porto-sant-elpidio.ap.it), un Comune in Provincia di Fermo nelle Marche, è stato vittima di un attacco hacker da parte del nuovo gruppo di cybercriminali Grief.. Il gruppo ransomware Grief, che SuspectFile ritiene affiliato al ben più noto gruppo cybercriminale DoppelPaymer, ha pubblicato una quantità considerevole di documenti amministrativi (atti, delibere..), quasi 900 MB, molti dei quali sono documenti sensibili e che riguardano anche cittadini residenti nel Comune marchigiano.

https://www.suspectfile.com/comune-di-porto-santelpidio-colpito-da-attacco-hacker-grief-ransomware-pubblica-i-dati/

Danish Defense Intelligence Service support for the NSA (FE) had assisted the NSA in spying on high-level politicians in #Sweden, #Norway, the #Netherlands, and #France, as well as #Germany.

https://www.dw.com/en/danish-secret-service-helped-us-spy-on-germanys-angela-merkel-report/a-57721901

Suspected APT29 ( Cozy Bear ) Operation Launches #Election Fraud Themed Phishing Campaigns

https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/

The SolarWinds hackers abuse of Microsoft's identity and access architecture. Microsoft was itself compromised by the SolarWinds intruders, who got access to some of its source code - its crown jewels ! Microsoft's full suite of security products and some of the industry's most skilled cyber-defense practitioners had failed to detect the ghost in the network. In nearly every case of post-intrusion mischief, the intruders « silently moved through Microsoft products » vacuuming up emails and files from dozens of organizations. Thanks in part to the carte blanche that victim networks granted the infected Solarwinds Network Management software in the form of administrative privileges, the intruders could move laterally across them, even jump among organizations. They used it to sneak into the cybersecurity firm Malwarebytes and to target customers of Mimecast, an email security company.

https://apnews.com/article/politics-malware-national-security-email-software-f51e53523312b87121146de8fd7c0020

Cyberattacks by the threat actor NOBELIUM targeting government agencies, think tanks, consultants and non-governmental organizations.

https://blogs.microsoft.com/on-the-issues/2021/05/27/nobelium-cyberattack-nativezone-solarwinds/

Mandiant is tracking 16 malware families exclusively designed to infect Pulse Secure VPN appliances and used by several cyber #espionage groups

https://www.fireeye.com/blog/threat-research/2021/05/updates-on-chinese-apt-compromising-pulse-secure-vpn-devices.html