 Estonia has been hit by a cyberattack that has been called the worst in 15 years. Russian hacker group Killnet has claimed responsibility for the attack. More: - Luukas Ilves, Estonia's undersecretary for digital transformation, stated that this hacking campaign is the worst since 2007.
- Killnet claimed that it managed to crash over 200 government websites in Estonia, while the Estonian government stated the attacks were largely ineffective at causing problems for the country's digital infrastructure.
- The cyberattack comes after Estonia removed a Soviet Union monument from the city of Narva, which borders Russia.
Zoom Out: - A similar hacking campaign happened in 2007 when multiple banks, government websites, and commercial websites were taken down by Russian hackers.
- Days before the attack, Russia and Estonia had strong disagreements over the re-location of a Soviet Union monument known as the Bronze Soldier of Tallinn.
- The cyberattack is considered the second largest in history.
| |
 Hackers have stolen $6M worth of CS:GO skins. Threat actors breached CS.MONEY, one of the largest platforms for trading CS:GO skins. More: - The company was forced to take its website offline after a cyberattack that left users without 20,000 of their digital assets.
- CS.Money had over $16M in assets before the attack.
- All trading platforms have agreed to block the trading of these stolen assets as a safety measure and a sign of precaution.
- According to the company, hackers gained access to Steam authorization and were able to intercept the 100 bots that held the 20,000 virtual skins.
- Valve, the parent company of Steam, has the authority to reverse the transfer of any virtual item on its platform. But the company has not stated whether it intends to do so.
| |
 A message from SECURITY COMPASS Current approaches to software threat modeling simply don’t work. They are manual, inconsistent, take too long, don’t scale, and don’t give developers what they need. When software security and compliance are considered more as an afterthought, rather than a vital step in the development process, organizations end up trying to remediate security and compliance issues after software has been written, rather than preventing issues in the first place. Here you can find a series of posts breaking down how you can anticipate threats earlier in the software development life cycle to create more secure and compliant software. Empower DevSecOps teams to make software secure and compliant by design through automating threat modeling, generating application security requirements, and providing secure development and compliance best practices. The SD Elements platform is the best solution for organizations who need to scalably model software threats, identify countermeasures, and deliver secure, compliant code quickly. Get the whitepapers
| |
 Close to 1,900 phone numbers belonging to Signal users have been exposed by hackers. The breach happened due to a security flaw found in Twilio, the company that provides authentication software for Signal. More: - Out of the 1,900 phone numbers that were breached, hackers specifically searched for three numbers.
- Accounts that were protected by the Signal PIN method were not breached by hackers.
- Signal stated that it is in the process of notifying all those who were breached.
- The Israeli-based company has over 100 million downloads and 40 million monthly users.
Zoom Out: - Chat apps have been the main target of threat actors lately. Meta has stated that hackers are creating fake apps that mimic WhatsApp and Messenger.
| |
 Apple has released patches for two zero-day vulnerabilities. The flaws affect iOS, iPadOS, and macOS platforms. More: - The two flaws are tracked as CVE-2022-32893 and CVE-2022-32894.
- Apple stated that the flaws may have been exploited by threat actors but did not specify how or when this may have occurred.
- The first flaw is a WebKit bug that could be exploited if a vulnerable device that has authorization is accessed, while the second bug allowed the threat actor app to build malware that executes arbitrary code with kernel privileges. The two flaws are believed to be related.
- Specific devices that are affected by the breach are: iPhone 6s models and later, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, Pod touch (7th generation), and all iPad Pro models.
| |
 A message from QUANTUM Avoid Paying a Ransom - Get the Ultimate Backup Guide Before You Need It Paying a ransom may sound like the best case scenario: get your data back, make your customers feel worth it. But actually, it can affect your business in other ways and may, in some cases, be illegal. Make sure your systems are protected across the entire data lifecycle - and never pay a ransom again. You’re able to balance cost while maximizing efficiency. No one can stop ransomware or fully prevent it from taking place - but you can make sure you’re protecting your customers and your data by ensuring that there is a fully air-gapped solution. Request A Demo
| |
 The China-backed APT41 hacker group targeted at least 13 organizations in 2021, according to reports. The targets were located in at least six countries. More: - APT41 is also known as Barium, Bronze Atlas, Double Dragon, Wicked Panda, or Winnti.
- According to a report published by researchers, the most targeted industries were the public sector, manufacturing, healthcare, logistics, hospitality, education, as well as the media, and aviation.
- APT41 is known for using Cobalt Strike as a threat vector. The latter is used for spear-phishing and has successfully breached numerous companies in the past.
- The group targeted U.S. software companies, while in India, aviation firms were at the center of the hacking campaign.
Zoom Out: - In March 2022, APT41 managed to breach government networks in six U.S. states.
| |
Quick Hits: - Over 12 million balls trust MANSCAPED™ precision tools for their family jewels. Click here to activate 20% off + free shipping sitewide.*
- Bumblebee, a malware loader that was tracked in early 2022, is increasingly being used as a tool to target possible victims by hackers. The malware is usually executed through LNK files.
- The judiciary in the city of Cordoba, Argentina, has been hit by a cyberattack. Researchers believe that hackers targeted the institution with the .play ransomware.
- BlackByte ransomware gang has returned with an updated version of its breaching tool, parts of which were shown in a new Tor website leak.
- SynSaber, a cybersecurity startup that offers continuous monitoring of critical assets, has raised $13M. Syn Ventures led the round.
- Trying to deliver on big expectations with a small team or budget? Use this worksheet to learn how you can do more with less.*
*This is sponsored content.
| |
Upcoming events at Inside: - August 24 - AMA with Matt Mahar (CEO at Cana) (Register Here)
- August 31 - AMA with Sophia Amoruso (CEO at Business Class) (Register Here)
- September 07 - AMA with Andrew Gazdecki (Founder of MicroAcquire) (Register Here)
- September 09 - AMA with Jay Ryan (U.S. Federal Government Program Manager at Security Compass) (Register Here)
- September 14 - AMA with Brian Dean (Founder of Backlinko) (Register Here)
- September 21 - AMA with Kristen Ruby (Founder of Ruby Media Group) (Register Here)
- September 28 - AMA with Leigh-Ann Buchanan (Founder of aīre ventures) (Register Here)
- October 12 - AMA with Bill Glenn (Executive Chairman at Crenshaw Associates) (Register Here)
- October 25 - Meet Our Fund 4, an Inside.com Summit (Register Here)
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Security Compass is on a mission to accelerate software time-to-market while managing risk. | |
With Quantum, we shift the focus from accumulating data to making it work for you. | |
