Hackers have leaked Iran-related documents that they claim are top secret. The breach was carried out by a threat actor named Gonjeshke Darende, while several reports are claiming that the group is related to the Israeli government. More: - Gonjeshke Darande, also known as Indra, is the hacker group that breached the Khouzestan Steel Company a few weeks ago. The steel company is one of the largest in Iran and had to stop production for a few days due to the attack.
- The group published a link in which there are numerous files and documents that tie the steel company to the IRGC.
- The latter is a military group that is considered a protector of the current ruling system.
- The group's influence over the country has increased in recent years, while the U.S. has listed the organization on its list of terrorist organizations.
- The Iranian government has denied that this attack has caused any major issues to the steel factory, while the Israeli government has denied its involvement with Gonjeshke Darande.
Zoom Out: - Iran has been previously hit with Indra's cyber attacks. In 2021, all gas stations in the country suffered technical problems that caused them to shut down for many hours.
- Iran's railway system has also been hit with cyberattacks in the past, causing the country to stop all of its railway transportation.
| |
The Trickbot hacker gang is now targeting Ukraine. The group has launched multiple campaigns against the country already, using phishing as a threat vector. More: - Trickbot gang is the creator of the notorious Trickbot Trojan, a malware capable of stealing banking details, account information, account funds, cryptocurrency, etc. The malware spreads as an URL and then spreads laterally by exploiting security vulnerabilities.
- The malware has been used for numerous breaches, especially to hack schools and businesses. The trojan was seen as the top threat for businesses in previous years, having been used to breach T-Mobile, Outlook, Amazon, etc.
- While the group was forced to join the now-defunct Conti ransomware group, the threat actors who were part of it have quickly adapted. The Trickbot malware was upgraded to AnchorMail. The group has also used Cobalt Strike, IcedID, and Meterpreter to breach victims.
- It is believed that the threat actor is cooperating with other Russian-backed groups due to the similarity in how they are approaching Ukrainian targets. One of these methods is phishing emails that speak about fake nuclear threats and are sent to Ukrainian officials.
Zoom Out: - Russia has consistently targeted Ukraine with phishing emails. Ukrainian authorities have previously reported on officials being sent emails with fake military information by the hacker group Armaggedon.
- The U.S., U.K., Ukraine, and other countries have warned agencies and citizens to be mindful and respect security protocols due to the hundreds of different hacking campaigns that have been carried out since the war in Ukraine started.
| |
A message from SECURITY COMPASS Current approaches to Threat Modeling simply don’t work. - They are manual and inconsistent
- They take too long
- They don’t scale
- They don’t give developers what they need
Here you can find a series of posts breaking down how you can anticipate threats earlier in the software development life cycle to create more secure software. Learn more about current threat modeling challenges. See how a new, developer-centric approach to threat modeling can help your organization deliver secure software faster. Read Series on Threat Modeling And, yes, we understand that threat modeling is a time-consuming process that requires the expertise of security professionals and figuring out the best approach to mature application security programs can be difficult, especially with increasing internal demands for a faster time to market. According to this Total Economic Impact™study, SD Elements enabled its users to decrease the time needed to develop security requirements for products by 90%. See how | |
Microsoft has announced that it is launching new features in its Azure service, such as confidential virtual machines that will store data on ephemeral OS disks. The new offerings are focused on increasing data security as the company continues to establish its offering in the cybersecurity market. More: - Using ephemeral OS disks makes data more secure since it is never sent to Azure's central storage but instead is held on the user's hardware device.
- Microsoft claims that users will benefit not only security-wise but also in lower latency, better features, higher efficiency, etc. Ephemeral OS disks perform well when used for stateless workloads but are less effective on VM deployment time or the reimaging of individual VM instances.
- The new features are part of Azure Confidential Computing, a part of Microsoft's cloud service. The company claims that the data stored in Azure is safer due to its use of AI on encrypted data sets, client-side encryption, end-side encryption, etc.
- This new update will be available in all regions where Azure is currently used, while ephemeral disks will be free to use.
Zoom Out: - Microsoft recently launched its cybersecurity services division, claiming that cybersecurity is one of the fastest-growing verticals of the company.
- The company was awarded the peace prize by Ukrainian President Volodymyr Zelenskyy due to its help with IT services for the country.
| |
A cybersecurity company has published a free decryptor for people who have been hacked by threat actors. Emisoft, a New-Zealand based company, released a decryptor for Astralocker and Yashma ransomware victims. More: - The company published the tool along with a PDF tutorial on what steps the victims need to take to ensure they can use the decryptor properly. Some of the steps include detecting the malware through an antivirus, isolating it so it doesn't affect the files in the device, agreeing to use terms, etc.
- Users are not guaranteed that they will be able to download the exact same version of their previously hacked files. The decryptor related to the AstraLocker malware works on the Babuk variant, while the Yashma instructions do not have any other instructions regarding variants.
- Astralocker ransomware was created by the Astralocker gang. The hacker group recently shut down for reasons that are unknown. The group joined other threat actors such as Conti ransomware in the list of hacker groups that have closed their operations.
- It is likely that Astralocker sent at least a part of the decryption tools themselves as a sign of confirmation that the group is shutting down. Hacker groups usually join other threat actors or upgrade their malware soon after shutting down.
| |
A new ransomware that is targeting Windows and Linux has been tracked. The ransomware is named RedAlert and is created by a threat actor known as N13V. More: - The ransomware's code has shown that Linux is the main target of the threat actors who are deploying it. A decryptor for Windows also exists, confirming that the hacker group intends to target the latter too.
- This group is utilizing a method known as double-extortion. This means that the hackers ask for a ransom for giving the stolen data back to the victim as well as not leaking the data to the general public.
- N13V's Linux encryptor targets VMware ESXi servers, using command-line options that allow it to shut down virtual machines before the files are encrypted. This likely happens because VMware has been the subject of numerous hacks recently, with breaches affecting companies worldwide.
| |
Quick Hits: - Expense management slowly killing you? Get $100 to see how painless it should be.
- Microsoft has patched a bug that caused apps to crash when they were used in the cloud. The bug had been previously used to hack victims.
- At least 25% of the internet connectivity in Canada has been lost for hours today due to an outage. The outage has affected phone calls, bank transfers, internet communication, etc.
- China's governing cabinet has stated that the country needs to increase its efforts on improving cybersecurity after a recent report that alluded to 1 billion Chinese citizens' data leaked.
*This is a sponsored post. | |
Upcoming events at Inside: - July 07, July 12 - July 14 - TechChicago Week is coming July 12-14, 2022 (Register Here)
- July 07 - July 18 - Black Tech Week is coming July 18 - 23, 2022. (Register Here)
- August 15 - August 21 - LA Tech Week is coming August 15 - 21, 2022. (Register Here)
- July 07, September 14 - September 15 - Digital Asset Summit 2022 NY is coming September 14-15, 2022 (Register Here)
- July 07, September 20 - September 21 - Blockchain Expo 2022 is coming September 20-21, 2022 (Register Here)
- October 25 - Meet Our Fund 4 - A Virtual Summit (Register Here)
- July 07 - November 14 - AIBC Summit in Europe is coming November 14-18, 2022. (Register Here)
- November 16 - The Chirp Developer Conference is a celebration of the innovation developers have brought to Twitter, the opportunities that await, plus a few surprises. (Register Here)
| |
| | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 Ford. | |
Security Compass is on a mission to accelerate software time-to-market while managing risk. | |