Cybersecurity News Roundup: Week of August 22, 2022


Hello and welcome to our weekly roundup of cybersecurity news.

We start with the big story of the week, the former Twitter CSO filing whistleblower testimony against his former employer. Peiter Zatko claims Twitter misled users and US federal regulators about glaring weaknesses in its ability to protect personal data. Zatko also claims that Twitter has underestimated the number of automated bots on its platform – – billionaire Elon Musk’s argument for backing out of its bid on the company. A statement to Agence France-Presse on Tuesday from a Twitter spokesperson said: “What we have seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lack of important context,” adding, “Security and privacy have long been company-wide priorities at Twitter and will continue to be.”

Widely used password manager LastPass has just announced a security incident involving an unauthorized party accessing its internal network. Fortunately, the users’ master passwords were not compromised. However, LastPass has made it clear that due to its “zero-knowledge” architecture, master passwords are never stored. However, the attackers took portions of the source code and some proprietary technical details. The attackers gained access through a compromised developer account.

Hackers continue to focus their efforts on some of the most important institutions – hospitals and critical infrastructure. In France, the Center Hospitalier Sud Francilien (CHSF) was hit by a ransomware attack on Sunday. The attack on the 1,000-bed hospital forced the medical center to refer patients to other hospitals. Operations also had to be postponed. The attackers are reportedly demanding a ransom of $10 million. According to Safety Detectives, security experts believe it’s likely that CHSF has been hit by a strain of Ragnar Locker ransomware, the same ransomware strain that targeted DESFA, one of the major natural gas operators in Greece. This attack also took place last weekend. Following the incident, DESFA disabled most of its IT services and then slowly brought the services back online. For a few days, the company had refused to negotiate with the cybercriminals responsible for the attack.

Accelya, the airlines’ leading technology provider, confirmed on Tuesday that it was the victim of a ransomware attack. Data from the company, which provides services to some of the world’s largest airlines, was published on a ransomware leak site. The perpetrator is the AlphV/Black Cat ransomware group, which claims to have stolen emails, employee contracts and more. The hacking group is believed to be linked to recent incidents at a major energy supplier in Luxembourg and the German oil company OilTanking GmbH. According to Security Affairs, Blackcat ransomware is one of the fastest growing underground Ransomware-as-a-Service (RaaS) groups, practicing what is called “quadruple extortionby pressuring victims to pay – leveraging encryption, data theft, denial of service (DoS) and harassment.

Also this week, one of the UK’s largest car dealerships was hit by what was described as a major ransomware attack. This has resulted in data theft and “irreparable” damage to some central systems. Stoke-on-Trent-based Holdcroft Motor Group has been the subject of a ransom demand after hackers stole two years of data, including personnel details. The attack took place on July 28. While most systems are now operational again, some of the company’s core systems have been permanently removed.

It’s a wrap. Have a good week-end!

Top Global Security News

Portswigger (August 26, 2022) LastPass Reports Security Incident After Attackers Steal Source Code, Technical Information

LastPass alerted users to a security incident after an unauthorized party gained access to the company’s internal network.

In a statement released yesterday (August 25), LastPass CEO Karim Toubba said “unusual activity” had been detected in parts of the software company’s production environment. A subsequent investigation revealed that the attackers gained access through a compromised developer account and “took portions of source code and certain proprietary technical information from LastPass”.

LastPass quickly noticed that users’ master passwords were not compromised in this attack, due to the company’s “zero-knowledge” architecture.


ZDNet (August 24, 2022) Peiter ‘Mudge’ Zatko: CSO-turned-whistleblower says Twitter’s security was in shambles

Twitter’s former security chief filed whistleblower testimony that its physical and digital security systems for protecting user privacy and moderating content were seriously flawed.

Peiter ‘Mudge’ Zatko was hired as Twitter’s chief security officer by the company’s co-founder Jack Dorsey in November 2020, but was fired in January 2022 by current CEO Parag Agrawal, who took on that role. role following Dorsey’s resignation in November 2021.

Zatko filed its 86-page redacted report with the Securities and Exchange Commission in July. The report suggests Twitter’s security was in a shambles in 2021, about 10 years after the Federal Trade Commission settled security loopholes with Twitter.


beeping computer (August 23, 2022) French hospital hit by $10 million ransomware attack sends patients elsewhere

The Center Hospitalier Sud Francilien (CHSF), a 1,000-bed hospital located 28 km from the center of Paris, suffered a cyberattack on Sunday, which led the medical center to direct patients to other establishments and postpone appointments. you for surgeries.

CHSF serves an area of ​​600,000 people, so any disruption to its operations could endanger the health and even the lives of people in medical emergencies.

“This attack on the computer network makes the hospital’s business software, storage systems (in particular medical imaging), and the information system relating to patient admissions inaccessible for the moment”, explains the press release from the CHSF. .


safety week (August 23, 2022) Ransomware gang leaks data allegedly stolen from Greek gas supplier

The cybergang behind Ragnar Locker ransomware has released over 360 gigabytes of data that was allegedly stolen from Greece’s largest natural gas supplier Desfa.

On Saturday, the company announced that it had been the victim of a cyberattack which impacted the availability of certain systems, and which also led to data leaks.

Desfa says it proactively disabled IT services to contain the incident, but is gradually restoring them to normal operation.


The record (August 23, 2022) Leading Airline Technology Provider Accelya Attacked by Ransomware Bunch

A technology provider for several of the world’s largest airlines said it recently faced a ransomware attack affecting some of its systems.

Accelya – a technology company providing services to Delta, British Airways, JetBlue, United, Virgin Atlantic, American Airlines and many others – confirmed on Tuesday that two of the security companies it hired to solve the incident had discovered that company data had been published on a ransomware leak. to place.

The AlphV/Black Cat ransomware group released data last Thursday that it allegedly stole from Accelya. The group claimed to have stolen emails, employment contracts and more.


Infosecurity (August 22, 2022) Car dealership hit by major ransomware attack

One of the UK’s largest family car dealerships has admitted to suffering a severe ransomware attack last month which resulted in data theft and “irreparable” damage to some central systems.

Stoke-on-Trent-based Holdcroft Motor Group has been the subject of a ransom demand after hackers stole two years of data, including personnel details.

“On Thursday, July 28, 2022, the company was the victim of a severe cyberattack which caused significant damage to the company’s IT infrastructure and also resulted in the loss of data from our internal storage areas”, reads -on in an internal email seen by StokeonTrentLive. .


Other stimulating stories

Scammers Create “AI Hologram” of C-Suite Crypto Exec – InfoSecurity

RansomEXX claims ransomware attack against Sea-Doo, maker of Ski-Doo – Bleeping Computer

Plex breach exposes encrypted usernames, emails and passwords

Quantum Ransomware Attack Disrupts Government Agency in Dominican Republic – Bleeping Computer

New Phishing Attacks Leverage AWS – SDX Central

IT managers struggle to cope with identity proliferation – HelpNetSecurity

Hackers use fake WordPress DDoS pages to launch malware – Digital Trends

The Pentagon can require vendors to certify that their software is free from known defects. The experts are divided. – Cyber ​​Scoop

Critical infrastructures are attacked by hackers. Securing must be a priority – before it’s too late – ZDNet

DevSecOps is gaining momentum – but security still lags – Dark Reading

How the 2023 cybersecurity budget allocations are shaping up – CSO


Comments are closed.