Cuba ransomware gang stole $60M from its victims in 2022, according to a report released by CISA and the FBI. The number of U.S. entities compromised by Cuba ransomware has doubled, according to the agencies. More: - As of August 2022, the FBI has identified that Cuba ransomware actors have compromised over 100 entities worldwide and demanded over $145M in ransom. They have received $60M of that amount, but the number of victims that are paying has reportedly increased.
- Cuba ransomware actors have exploited known vulnerabilities and weaknesses, such as
- The group has become known for using the RomCom malware. With this malware, the threat actor has targeted foreign military organizations, IT companies, food brokers, and manufacturers.
- In order to cause as much damage as possible, the group copied legitimate HTML code, modified the code, and then incorporated it into spoofed domains.
- This hacker group is not believed to be tied to the Republic of Cuba, regardless of its name.
| |
The Department of Homeland Security has stated that it aims to study the Lapsus$ hacker group through its Cyber Safety Review Board. The group is considered one of the most dangerous threat actors currently active. More: - Lapsus$ has breached famous targets such as Microsoft, Nvidia, Okta, Samsung, Uber, etc. It is known for using methods such as social engineering to convince employees who work at large corporations to give them their credentials.
- The group will review several hacking campaigns and the entire infection chain through which they managed to affect their targets.
- This board will first review a flaw in the Log4j open-source software library. The security bug has been used by the group to deploy numerous cyberattacks.
- Lapsus$ was formed only in 2021. In early 2022, a 16-year-old, believed to be the mastermind behind the group, was arrested by the City of London Police.
| |
 A message from SECURITY COMPASS So how can security teams influence developers to focus on security issues without getting in their way? We had an incredible discussion with a panel of security experts from Tricentis, Reddit, and the Royal Bank of Canada on how we can all improve application security training. By watching this webinar you will learn: -
How to influence developers to secure code rather than pushing mandates around AppSec practices. -
What developers want from application security training -
Practical advice on leveling up developer security awareness & improving secure coding skills -
How to sustain developer training (with so many changing jobs) Start watching on-demand here
| |
Google Messages has announced that it is rolling out end-to-end encrypted RCS messages for group chats. The feature aims to replace SMS messaging, a technology that Google mocked Apple for still using. More: - Rich Communications Services is a next-generation SMS protocol that Google claims is safer than SMS.
- The technology supposedly would allow for faster and more efficient texting.
- If two users use RCS, they would be able to have access to the same emojis and reactions, regardless of their device.
- Google already uses the technology for one-on-one messaging, meaning that all one-on-one texts sent using Messages by Google are encrypted.
- The tech giant claims that all major companies, with the exception of Apple, are implementing the technology. Google claims that Apple is keeping its users "in the 1990s" by refusing to integrate this tech.
- Apple users famously have a green bubble whenever they text someone outside the Apple ecosystem, something that has become a sign of status, brand loyalty, and a clash of technology philosophies.
| |
Microsoft and Mozilla have dropped their partnership with TrustCor, a certificate authority tied to a U.S. government contractor malware abuse case. TrustCor has denied all allegations against it. More: - According to the companies, after holding a meeting about the topic, security researchers from Mozilla and Apple concluded that TrustCor does not fulfill the minimum criteria to resume its partnership with the tech giants.
- Microsoft did not participate in the meeting as it already had stated its view on the matter.
- Earlier this year, researchers tracked data-harvesting malware in a collection of Android apps that had been downloaded more than 46 million times.
- The infected apps included a speed camera radar, Muslim prayer apps, Q.R. scanning apps, a weather app, etc.
- According to reports, the code behind these apps was developed by a Panama-based company named Measurement Systems.
- In a Wall Street Journal report, it was later found that there were ties between Measurement Systems and a Virginia defense contractor doing cyber intelligence, network defense, and intelligence intercept work for the U.S. government.
- Researchers claim that because TrustCor is a root certificate authority on billions of devices, it should have given an answer that the companies were happy with, but that did not happen, which is why they decided to pull from the partnership.
| |
 A message from OUTSYSTEMS Live Webinar: From Legacy IT to Agile IT Using Low-Code Organizations are being faced with digital disruption and the task of supporting an ever-changing business. Tackling these demands with a talent shortage and the challenge of modernizing legacy systems requires a completely different approach. Join this upcoming webinar to learn how Carrefour, a large retailer, achieved digital and cultural transformation with low-code. Some of the topics we'll cover include how to: - Improve operations to drive performance and innovation for your customers
- Build and be a differentiator at the same time to market as buying
- Overcome the talent shortage with low-code
Register Now
| |
Shield has raised a $20M funding round to stop data leaks through its proprietary AI platform. The company is based in Ramat Gan, Israel. More: - Shield uses AI, natural language processing, and visualization capabilities to help financial institutions mitigate risk and meet regulatory compliance standards.
- This platform scans apps such as Slack, Microsoft Teams, WhatsApp, and other enterprise communication tools that could be used to breach a company.
- It aims to use the funding to expand in markets such as the U.S. and open its second R&D facility in Lisbon, Portugal.
- Shield has around 100 employees.
- Since its inception in 2018, the company has raised $35M.
- Macquarie Capital led the funding round, with participation from UBS Next, OurCrowd, and Mindset Ventures.
| |
Quick Hits: - Great ideas are recession-proof. See how innovators in every industry are turning their ideas into code faster and cheaper with Crowdbotics.*
- A researcher claims that he has found a way to hack Nissan, Infiniti, Acura, and Honda cars by only knowing the car's VIN.
- Russian courts and mayor's offices are being attacked by a new data wiper named CryWiper. The malware hides ransomware, but once it infects a system, it deletes its data beyond recovery.
- CISA has released a statement warning that a flaw with a 9.3 CVSS ranking could affect Mitsubishi Electric GX Works3 engineering software. The bug could enable hackers to manage PLCs.
- IBM has fixed a security vulnerability with an 8.8 CVSS score. The flaw could have been potentially exploited to gain access to internal repositories and deploy code without permission.
- Learn how consumers act, think, and what they expect in this special report covering purchasing habits, social media, and more. Get the free report.*
*This is sponsored content.
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Security Compass delivers best-practice, role-based, accredited eLearning solutions. | |
Powerful. Proven. Built for Devs. See how high-performance low-code is different. | |
