<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 6/17/2021


Top News

Ukrainian Police Nab Six Tied to CLOP Ransomware

Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group, a cybercriminal gang said to have extorted more than half a billion dollars from victims. According to a statement and videos released today, the Ukrainian Cyber Police charged six defendants with various computer crimes linked to the CLOP gang, and conducted 21 searches throughout the Kyiv region. READ MORE...


Amazon Web Services Misconfiguration Exposes Half a Million Cosmetics Customers

Hundreds of thousands of retail customers had their personal data exposed thanks to a misconfigured cloud storage account, Infosecurity has learned. A research team at reviews site WizCase traced the leaky Amazon S3 bucket to popular Turkish beauty products firm Cosmolog Kozmetik. The 20GB trove contained around 9500 files, including thousands of Excel files which exposed the personal information of 567,000 unique users who bought items from the provider across multiple e-commerce platforms. READ MORE...

Unprotected CVS database exposed sensitive customer searches

Researchers have discovered an unprotected, exposed online database with over a billion records belonging to American healthcare company CVS Health. The discovery, made by researcher Jeremiah Fowler and the WebsitePlanet research team, happened in March 2021 and the database was secured the next day, after CVS Health was notified and they contacted the (unnamed) third-party vendor in charge of securing the database. READ MORE...


Suspected Iranian hackers exploit VPN, Telegram to monitor dissidents

For the last six years, hackers have stalked Iranian dissidents with spying tools that mimic the software those dissidents use to protect their communications, security firm Kaspersky said Wednesday. Researchers from Kaspersky and other firms only recently pieced together the activity, showing the limits of the cyber industry's knowledge of Tehran-linked hacking against those who often bear the brunt of it: Iranian citizens. READ MORE...

Criminals are mailing hacked Ledger devices to steal cryptocurrency

Scammers are sending fake replacement devices to Ledger customers exposed in a recent data breach that are used to steal cryptocurrency wallets. Ledger has been a popular target by scammers lately with rising cryptocurrency prices and the popularity of hardware wallets to secure cryptofunds. In a post on Reddit, a Ledger user shared a devious scam after receiving what looks like a Ledger Nano X device in the mail. READ MORE...


Ryuk ransomware recovery cost us $8.1m and counting, says Baltimore school authority

An organisation whose network was infected by Ryuk ransomware has spent $8.1m over seven months recovering from it - and that's still not the end of it, according to US news reports. The sum, spent by Baltimore County Public Schools, will doubtless raise some eyebrows and the public breakdown of the costs will be eye-opening for the infosec industry and potential corporate ransomware victims alike. READ MORE...

On This Date

  • ...in 1885, the Statue of Liberty arrives in New York Harbor.
  • ...in 1898, Dutch artist M.C. Escher, known for his mathematically-inspired illustrations of "impossible" objects and architecture, is born in Leeuwarden, Netherlands.
  • ...in 1901, the College Board introduces its first standardized test, the forerunner to the SAT.
  • ...in 1948, former Cincinnati Reds shortstop (and key member of the Big Red Machine) Dave Concepcion is born in Ocumare de la Costa, Venezuela.