July 8, 2021

Top cybersecurity stories for the week of 7-05-21 to 7-09-21

Below are the top headlines we’ve been reporting this whole week on Cyber Security Headlines.

If you’d like to hear and participate in a discussion about them, the CISO Series does a live 20-minute show every Thursday at 4pm PT/7pm ET. The show is hosted by The show is hosted by me, and each week I welcome a cyber practitioner to offer some color to the week’s stories. Our guest this week/tonight is Edward Contreras, CISO, Frost Bank.

If you want to get involved you can watch live and participate in the discussion on Crowdcast ([register](https://www.crowdcast.io/e/cyber-security-headlines)), or you can just [subscribe to the Cyber Security Headlines podcast](https://cisoseries.com/subscribe-podcast/) and get it into your feed.

Here are some of the stories we’ll be covering.

## Further context on the Kaseya attack

Deployed at noon on Friday, the start of the US Fourth of July holiday weekend, the REvil ransomware attack affected eight known managed service providers and over a thousand of their customers through Kaseya, a cloud-based MSP. Huntress Labs’ John Hammond told BleepingComputer that all of the affected MSPs are using Kaseya VSA and that they have proof that their customers are being encrypted as well. Kaseya issued a security advisory on their help desk site, warning all VSA customers to immediately shut down their VSA server to prevent the attack’s spread while investigating. DoublePulsar researcher Kevin Beaumont posted a summary stating that the REvil ransomware arrived via a Kaseya update and used the platform’s administrative privileges to infect systems. Once the Managed Service Providers were infected, their systems were able to attack the clients that they provide remote IT services for (network management, system updates, and backups, among other things). As of this recording, this first time a ransomware group has used a zero-day in attacks, hitting around 40 customers worldwide, including 500 stores belonging to the Swedish grocery chain Coop.

([The Verge](https://www.theverge.com/2021/7/2/22561252/revil-ransomware-attacks-systems-using-kaseyas-remote-it-management-software),[ BBC News](https://www.bbc.com/news/technology-57707530), and[ The Hacker News](https://thehackernews.com/2021/07/kaseya-revil-ransomware-attack.html))

## DHS announces most successful cybersecurity hiring initiative in its history

Secretary of Homeland Security Alejandro N. Mayorkas on Friday announced the Department’s largest cybersecurity hiring initiative ever with the onboarding of nearly 300 cybersecurity professionals and the extension of an additional 500 tentative job offers. This hiring initiative, which exceeded its goal by almost 50 percent, is part of a 60-day Cybersecurity Workforce Sprint focused on building a more diverse cybersecurity workforce. The initiative also includes an Honors Program for recent cybersecurity graduates for a one-year professional development program at DHS, followed by eligibility for permanent, full-time positions, an expansion of of its K-12 initiative to cultivate the next generation of diverse cybersecurity professionals, and a new cybersecurity initiative for girls in grades 6-12.

([DHS Press Release](https://www.dhs.gov/news/2021/07/01/secretary-mayorkas-announces-most-successful-cybersecurity-hiring-initiative-dhs))

## Could technological diversity help keep systems secure?

A growing school of thought suggests that resilience and preparation against cyberattacks might be helped if there was less focus on homogeneous systems. Robert M. Lee, the CEO and founder of the security company Dragos, Inc., notes the increasing trend of homogenous infrastructure in recent years as vendors acquire one another and settle common technologies and operating platforms, and suggests this makes it easier for threat actors to practice, deploy and refine their techniques across a wide selection of victims. This isn’t a vendor issue, he adds, instead pointing the finger at customers as the source of the conformity pressure. His thoughts are available in full at robertmlee.org.


## Popular audio editor accused of being spyware

The popular open-source audio editor Audacity released an updated privacy policy that includes provisions for data collection, following the apps acquisition by the company Muse Group back in May. Under the policy, Audacity can collect IP addresses which will be stored for 24 hours, as well as processor, OS version, and unspecified data “for legal enforcement,” with data stored in the European Economic Area, as well as Muse Group’s office in Russia and in the US. The policy also states that Muse Group can share data collected with potential buyers in the future.


## Cyber reinsurance rates see a spike

According to the London-based reinsurance broker Willis Re International, in July the company saw a 40% jump in renewal rates as companies look for help in the recovery process from increasingly common ransomware attacks. This comes as the cyber insurance industry itself is getting shaken up, with provider AXA backing away from ransomware insurance products, and France considering banning ransomware insurance on the grounds it encourages attackers. Premiums for this insurance offering are also increasing, as providers are now realizing the exposure many companies face in cyber security.


## Facebook partners with Liquid to extend Africa fiber network

Facebook Inc. and Africa’s largest fiber company, Liquid Intelligent Technologies, are extending their reach on the continent by laying 1,243 miles of fiber in the Democratic Republic of Congo. The move will make Facebook one of the biggest investors in fiber networks in the region. The cable will eventually extend the reach of 2Africa, a major sub-sea line that’s also been co-developed by Facebook, the two companies said in a statement Monday. Facebook switched to a predominantly fiber strategy following the failed launch of a satellite to beam signal around the continent in 2016. The build will 5,000 people to work on the project, the companies said.


## Pentagon cancels $10 billion JEDI cloud contract that Amazon and Microsoft were fighting over

The Department of Defense announced Tuesday it’s calling off the $10 billion Joint Enterprise Defense Infrastructure cloud contract that was the subject of a legal battle involving Amazon and Microsoft. In a press release sent yesterday, the Pentagon said that “due to evolving requirements, increased cloud conversancy, and industry advances, the JEDI Cloud contract no longer meets its needs.” The Pentagon did say however that it still needs enterprise-scale cloud capability and announced a new multi-vendor contract known as the Joint Warfighter Cloud Capability. It plans to solicit proposals from both Amazon and Microsoft for this contract, adding that they are the only cloud service providers that can meet its needs, but said further it will continue to do market research to see if others could also meet its specifications.


## Incomplete PrintNightmare emergency patch released

Microsoft issued an emergency patch to fix a critical vulnerability dubbed PrintNightmare in the Windows Print Spooler service, that could allow for remote code execution with system level access. The patch is available for Windows Server, Windows 10, Windows 8 and Windows 7. After it was released, security researchers Matthew Hickey and Will Dormann found that while the patch is effective at preventing the remote code execution flaw, attackers could still use the local privilege escalation component to gain system privileges on vulnerable systems for older Windows versions. Further analysis by other researchers found that the entire patch could be mitigated if the Point and Print policy was enabled.

([Bleeping Computer](https://www.bleepingcomputer.com/news/microsoft/microsofts-incomplete-printnightmare-patch-fails-to-fix-vulnerability/))

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.