Former Twitter employee convicted for spying / U.S. presents new anti-election-hacking tools / Cisco has been hacked

Plus: Conti offshoot groups are launching phishing attacks

Inside.com Part of   Network August 11, 2022

Presented by

A former U.S.-based Twitter employee has been convicted of spying on behalf of Saudi Arabia. The employee gave away private information that belonged to Twitter's users. More: The 44-year-old man named Ahmad Abouamm was convicted by a jury after a two-week trial. His sentence may last up to 20 years. Together with two other men, the former employee stole information such as IP addresses, names, home addresses, etc. After stealing the data, the men sold the information to Saudi Arabia for $300,000. The FBI claims that one of the two accomplices lied to the agency by pretending that the money had been given to him for consulting work. Abouamm was also convicted for money laundering, conspiracy to commit wire fraud, and document falsification.

The U.S. Government has presented new anti-election-hacking guidelines. The latest toolkit was released by CISA. More: The agency has built an online tool named the Election Risk Profile Tool, which is meant to help election delegation members have a better overview of the situation they are in. CISA has also included instructions on what are the critical infrastructure assets that are most likely to be targeted and should be protected. Some of the most targeted election infrastructure assets are voter databases, electronic poll books, and local websites. CISA believes that the main threat vectors with which hackers are going to target the U.S. elections are phishing, ransomware, and distributed denial-of-service attacks.

A message from QUANTUM Effective and Reliable Data Storage Protection that Scales on Your Terms and Budget. Data recovery is possible across the entire lifecycle - and air-gapped protection is both the safest and the lowest TCO. Successful Ransomware attacks can take months to fully recover from - especially when targeted campaigns wipe out clusters of servers. So why not choose a solution that protects and recovers at any point in your data’s lifecycle? With different tiers, you’re able to ensure availability of data without compromise. You’re able to balance cost while maximizing efficiency. No one can stop ransomware or fully prevent it from taking place - but you can make sure you’re protecting your customers and your data by ensuring that there is a fully air-gapped solution. Request A Demo

Cisco has confirmed that it has been hacked. The breach was executed by the Yanluowang ransomware gang. More: The company released a statement in which it gave details regarding this hack. Hackers managed to gain access by breaching the email of a Cisco employee. The employee stored their log-in credentials in Google Chrome, which threat actors used to their advantage. Hackers then proceeded to systematically gain access to the company VPN until they reached the domain controllers. Cisco claims that the hackers tried to reach out to the company and ask for ransom, but since there was no evidence of any ransomware being deployed, the company cut all communication with the group.

Numerous offshoots of the defunct Conti Ransomware group have launched phishing attacks. There are currently three tracked groups that have created their own threat vector and are targeting victims. More: The three hacker groups are Silent Ransom, Quantum, and Roy/Zeon. All three were part of the Conti cyber cartel, but after the group was shut down, there was no information on what its members would do. Hackers are using a social engineering scheme in which they convince their targets to call a phone number and give up their desktop's control to the fake tech support agent on the other side. Members of these three groups are believed to have created Conti and are responsible for the Costa Rica government hack that caused millions of dollars in damages and managed to immobilize a large part of the country's financial infrastructure. The U.S. government recently announced that it is offering a $10M reward for those who have information on the members of the group.

Cybersecurity researchers have tracked multiple security vulnerabilities in Device 42. The IT management software could be susceptible to remote access control attacks. More: Device 42 is a management device for IT professionals built by engineers. This makes the device technically complex and valuable for hackers. There are four flaws being tracked overall: CVE-2022-1399: Remote Code Execution in scheduled tasks component CVE-2022-1400: Hard-coded encryption key IV in Exago WebReportsApi.dll CVE 2022-1401: Insufficient validation of provided paths in Exago CVE-2022-1410: Remote Code Execution in ApplianceManager console The most severe flaw is 2022-1399. If abused, the security flaw can enable a hacker to take over a device. These security flaws have been reportedly addressed on the latest system update by Device 42.

Quick Hits: Need high-performing content for your ecomm channels? Use the platform trusted by CVS, Coach, Instacart, & Nespresso.* GitHub has announced that it will start sending documentation and security notifications to the developers in the platform whenever its systems monitor unregular activity. A previously patched issue that affects Zimbra mail has resurfaced. Sova, an Android-based Trojan that steals banking information, has been tracked again on the internet. This time, researchers believe the malware has been equipped with new features. The best compliance starts with Vanta. Qualifying startups get $1,000 off — book a time now!* *This is sponsored content.

Upcoming events at Inside: August 17 - AMA with Atin Batra (27V) (Register Here) August 24 - AMA with Matt Mahar (Cana) (Register Here) August 31 - AMA with Sophia Amoruso (Business Class) (Register Here) September 07 - AMA with Andrew Gazdecki (MicroAcquire) (Register Here) September 14 - AMA with Brian Dean (Backlinko) (Register Here) September 28 - AMA with Leigh-Ann Buchanan (aīre ventures) (Register Here) October 25 - Meet Our Fund 4, an Inside.com Summit (Register Here)

Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. Editor Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 Ford.

With Quantum, we shift the focus from accumulating data to making it work for you.

767 Bryant St. #203, San Francisco, CA 94107 Copyright © 2022 Inside.com

Did someone forward this email to you? Head over to inside.com to get your very own free subscription! You received this email because you subscribed to Inside Security. Click here to unsubscribe from Inside Security list or manage your subscriptions.