Medical Research Center Pays Ransomware; Hackers Wiping Lenovo/Iomega NAS Devices, Demanding Ransom; Card Skimming Malware on Government Websites in Eight US Cities

The University of California, San Francisco (USCF) has paid a ransomware demand of more than $1.4m. A "limited number of servers" at the public health research facility were encrypted by Netwalker ransomware. UCSF disclosed the incident on June 3. BBC News was able to observe a live chat on the dark web involving UCSF ransom negotiations.

Read more in

Hackers have been breaking into old LenovoEMC/Iomega network-attached storage (NAS) devices, wiping them, and demanding between $200 and $275 in ransom for the return of the data. The attacks targeted NAS devices that exposed their management interface on the Internet with no password protection. Similar attacks were reported a year ago. The LenovoEMC and Iomega NAS lines were discontinued in 2018.

Read more in

Researchers at Trend Micro found that local government websites in eight US cities were infected with Magecart card skimming malware. The common factor appears to be that all the affected sites were using the Click2Gov municipal payment software. The attacks began on April 10 and appear to still be active. This is not the first time that Click2Gov has been the target of attacks.

Read more in

A group of British technology organizations and individuals have signed a letter to Prime Minister Boris Johnson, urging him to act to reform the Computer Misuse Act (CMA). The law was created 30 years ago, when less than one percent of the UK's population used the Internet and "the concept of cyber security and threat intelligence research did not exist." The letter also notes that "the CMA inadvertently criminalises a large proportion of modern cyber defence practices."

Read more in

The Michigan State House of Representatives has passed a bill that would prohibit employers from requiring workers to have RFID chips implanted. The measure is proactive; there have not been instances in which employers have actually imposed this requirement. A Wisconsin company has used implantable ID chips for their employees on a voluntary basis. The Microchip Protection Act now heads to the Michigan State Senate for consideration.

Read more in

Magento 1.x will no longer be supported after June 30, 2020. Payment processors are urging merchants to update; Visa informed merchants that failing to update to Magento 2.x will eventually cost them PCI DSS (Payment Card Industry Data Security Standard) compliance. Adobe's Security Bulletin for Magento updates last week included a reminder: "Support for Magento Commerce 1.14 and Magento Open Source 1 is ending in June 2020. This will be the final security patches available for these editions."

Read more in

At least two western companies opening offices in China were forced to install tax software on their systems; the software has been found to download and install a backdoor. The companies said that a bank in China "required that they install a software package called Intelligent Tax produced by the Golden Tax Department of Aisino Corporation, for paying local taxes." The backdoor, which has been named GoldenSpy, operates with SYSTEM-level privileges.

Read more in

Aleksei Burkov has been sentenced to nine years in prison for his role in operating the Cardplanet carding website, which sold payment card information that was used to make millions of dollars in fraudulent transactions. Burkov was arrested in Israel in December 2015; he was extradited to the US in 2019. Earlier this year, he pleaded guilty to access device fraud, conspiracy to commit access device fraud, identity theft, computer intrusions, wire fraud, and money laundering.

Read more in

Sergey Medvedev has pleaded guilty to RICO conspiracy for his role in "an Internet-based cybercriminal enterprise" known as Infraud. The group's activity resulted in more than $586m in losses. US authorities have indicted 36 people in connection with Infraud.

Read more in

US Cyber Command's Cyber Flag 20-2 training exercise took place earlier this month. More than 500 people participated; there were 17 teams from five countries. For the first time, participants had access to a new remote access training tool. The Persistent Cyber Training Environment (PCTE) "is an online client that allows Cyber Command's cyber warriors, as well as partner nations, to log on from anywhere in the world to conduct individual or collective cyber training as well as mission rehearsal." The Cyber Flag exercise is run by US Cyber Command.

Read more in

Palo Alto Networks has released fixes for a critical authentication bypass vulnerability that affects PAN-OS, the operating system used in many its firewalls. According to the Palo Alto Advisory, "Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources." If SAML authentication is not enabled, the flaw cannot be exploited. The affected versions of the operating system are PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, and all versions of PAN-OS 8.0 (EOL). PAN-OS 7.1 is not affected.

Read more in