 A former CIA engineer has been convicted of leaking secret documents that WikiLeaks later published. The documents are known as Vault 7. More: - Charges against 33-year-old Joshua Schulte were raised in 2017. Schulte was charged with the theft and distribution of sensitive materials.
- The leak has been criticized by the intelligence community in the U.S., having been called one of the most damaging publications in the country's history, and it risked the lives of numerous security officials.
- Vault 7 was called the largest ever publication of documents in the agency's history. In this leaked document, WikiLeaks claims to show how the CIA created malware, viruses, trojans, and other cyber attacks that could breach smartphones, smart TVs, laptops, PCs, etc. The purpose of these hacking campaigns was to spy on their targets. Some of these tools were reportedly created in cooperation with other intelligence agencies, including the British MI5.
- The files also claim that the U.S. Consulate in Frankfurt, Germany, had been a covert hacker operation. The CIA would send hackers to the consulate, from where they could travel freely throughout Europe and use several proximity attacks. One of these attacks is a USB cyberattack that steals information even when the internet is turned off.
Zoom Out: - Schulte is not the only former CIA employee to leak files to WikiLeaks. Edward Snowden, a former CIA employee, leaked thousands of files to the organization. This caused the United States Department of Justice to charge him with government property theft and breaking the 1917 Espionage Act. Snowden currently resides in Russia and has not faced the charges in a trial yet.
| |
 1.9 million U.S. healthcare records have been hacked. Hackers breached the Professional Finance Company and 650 healthcare providers. More: - Hackers managed to steal sensitive data such as full names, addresses, the amount owed to healthcare providers, payment information, etc.
- The company claims that it tracked the attack on Feb. 26th, 2022, where it managed to stop it and then proceeded to report the case to law authorities.
- PFC has contacted all the affected victims and has created a call center that will serve as a helpline for them. While the exact number of the victims was not reported by PFC, the Department for Health and Human Services published a list that includes over 1.9 million people.
Zoom Out: - Cyberattacks against healthcare providers and hospitals have increased exponentially during the last few years. In 2011, cases when there were over 500 records hacked was 199, while this figure last year reached 714.
- A Hive Ransomware cyberattack in Costa Rica froze the healthcare system in the country, causing the entire healthcare server system to shut down.
| |
 A message from SECURITY COMPASS The top challenges companies encounter when implementing DevSecOps are budget constraints and managing legal, regulatory & compliance controls. These challenges, along with the time it takes to create software applications while documenting AppSec processes along the way, have resulted in very high interest for automating proactive security and compliance processes. The need to build software with security by design, and in so doing to shift security left, is broadly accepted as one of the top priorities among mid-market-sized companies that produce software. These companies struggle to proactively define security for new software under development alongside an inability to document and track implemented controls in reasonable time periods. This study was designed to provide a comprehensive look at the current state of AppSec and security maturity in the mid-market, including the challenges and opportunities growing companies face when trying to scale their secure development efforts. Download the report
| |
 Pakistani hackers are targeting Indian students with a phishing campaign. The threat actors are believed to be a hacker group known as Transparent Tribe. More: - The group, also tracked as APT36, Operation C-Major, PROJECTM, and Mythic Leopard, has usually attacked government institutions. This phishing campaign would mark the first time that the threat actor has targeted educational institutions.
- Transparent Tribe has been active since 2013 and has targeted government organizations in around 30 countries. They usually attack their victims by creating fake domains that pretend to be a government organization and then complete the breach. Transparent Tribe is known for using Crimson RAT, a Windows-based remote breach that provides unauthorized access to a victim's device.
- Crimson Rat's sequence of action is to list a victim's files and folders in a C2 specified directory path, run processes at the endpoint keylogger, get the critical information, take screenshots of the victim's display screen, and send it to C2. The hackers then forward keylogger logs and the rest of the information to the C2.
- The ransomware can be manually spread and can stay in the system for a long time, acting as an information stealer. The attacks have been ongoing since December 2021, while it is not known if any schools have been in contact with the hackers or if they have paid any ransom.
| |
 Ransomware hacks have surged by 21% during Q2 compared to Q1 2022. Researchers analyzed the same data leak websites and noticed a spike in the number of victims. More: - Most of the hacks were carried out by the Lockbit hacker group, which is utilizing an updated version of its ransomware.
- Out of the 582 ransomware victims during Q2, Lockbit was responsible for 230 of those hacks. This means that the group has replaced Conti Ransomware, the famous hacker group which was dismantled a few weeks ago.
- Hackers targeted numerous industries. Industrial production came in at first with 18.4%, tech was second with 8.7%, construction with 7.9%, healthcare stood at 6.4%, and government institutions at 5.5%.
- Lockbit Ransomware first popped up in 2019 and immediately was noticed by the industry due to its ability to spread itself automatically. This feature differentiates it from other similar ransomware that spread manually, making it much faster.
| |
 A message from CALIBER What To Do With Your Capital Gains of $100K or More Did you know there are now very attractive ways of reinvesting your your cap gains and putting them back to work, while turning the tax man away for years? There’s a rare gift from the IRS to incentivize private investment in underserved US areas. If you have 2022 capital gains from the sale of a business, stock, stock options, crypto, property, or other investments, Opportunity Zone investing can unlock these benefits: - Defer paying your cap gains taxes until 2027
- Unlock compounding potential on your gains
- Permanently escape taxation on reinvestment gains.
However, there are lots of myths and misconceptions about the qualifications and the deadlines, even by seasoned investors and advisors. Learn how it works and bust through the myths with this special no-cost investor guide from Caliber - The Wealth Development Company. Grab The Investor Guide
| |
 State-backed hackers have intensified their attempts to hack journalists. The most targeted are U.S.-based journalists who cover politics. More: - Threat actors are stealing verification credentials from journalists and are using those credentials to try and communicate with their targets.
- While this tactic is being used by numerous groups, researchers have highlighted Chinese group A412, also known as Zirconium. This group is targeting U.S.-based journalists, while its threat vector is web beacon attacks.
- A web beacon is essentially a piece of code that is used to track a visitor's behavior on a website or app. The beacon cannot be noticed by the victim, while the threat actor can collect data such as the IP address, visiting time, etc.
- Another China-backed group believed to be involved with these attacks is TA459, while outside of China, TA482 has also been reported to be involved. TA456, a reportedly Iranian-backed threat actor, is believed to be sending fake newsletters that pretend to be official newsletters of media outlets such as Fox and The Guardian. The threat actors use these fake emails to try and reach key diplomatic staff across U.S. embassies around the world.
| |
Quick Hits: - Elon Musk gave a shout-out to Boxabl, calling it a "cool product." Invest in Boxabl today with over 15,000+ investors!*
- Emproof, a cybersecurity company that aims to make IoT devices safer, has raised $2M in a seed round led by TIIN Capital.
- The cybersecurity industry will reportedly generate over $2B of revenue from the tourism sector by 2025. This will result due to the importance of securing the data that tourism companies have on millions of people worldwide.
- The number of cases of material breaches, a term to describe breaches that caused large material losses for victims, rose by 15% in 2021 compared to 2020.
- A new hacking campaign is targeting PayPal users. The threat vector being used is phishing, while hackers may manage to steal personal information, banking details, addresses, etc.
- Fatigued? Gaining weight? Hyper stressed? Uncover the root cause by testing hormone/nutrient levels with an at-home lab kit. Code INSIDE for 20% off.
*This is a sponsored post.
| |
Upcoming events at Inside: - July 18 - July 23 - Black Tech Week (Register Here)
- July 20 - AMA with Michael Wagner (Star Atlas) (Register Here)
- August 15 - August 21 - LA Tech Week 2022 (Register Here)
- September 14 - September 15 - Digital Assets Summit 2022 | Blockworks (Register Here)
- September 20 - September 21 - Blockchain Expo 2022 | Europe (Register Here)
- October 25 - Meet Our Fund 4, an Inside.com Summit (Register Here)
- November 14 - November 15 - AIBC Summit in Europe | Malta (Register Here)
- November 16 - The Chirp Developer Conference (Register Here)
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 Ford. | |
Security Compass is on a mission to accelerate software time-to-market while managing risk. | |
Learn how OZ investments unlock tax incentives and compounding on your cap gains. Start here. | |
