In short Late last week, President Biden said he touched on the ransomware outbreak hitting American businesses during a phone call with his Russian counterpart, and hinted that America may start to fight back. .
Biden mentionned He and Vladimir Putin have not only discussed the matter, their two countries will apparently try to coordinate some actions to combat the waves of extortion software infections, which appear to be mainly orchestrated by criminals in Russia and Generally avoid compromising computers configured to use the Russian language.
IT management software designed by Kaseya has recently been used to install REvil ransomware on up to 1,500 companies. The team behind this nasty software would avoid targeting Russian organizations.
When asked by reporters if it made sense for Uncle Sam to respond to the systems used in these attacks, Biden responded with a simple “Yes.” And when asked what would happen if Putin did nothing against cyber attacks, the president replied, “Well, we have set up a committee – a joint committee. They are meeting, I think, on the 16th. . And I believe we “will get some cooperation.
It wouldn’t be the first time Uncle Sam has gone on the offensive publicly in this way. In 2019 US Cyber Command mentionned he had disrupted the Internet connectivity of the famous Internet Research Agency, a Russian disinformation group, in order to thwart any interference in the American elections.
FBI seeks data center contractors
Earlier this month, the FBI released a call for subcontractors to operate both its classified and unclassified data centers.
The concert covers installations in Pocatello, Idaho, Clarksburg, West Virginia, Huntsville, Alabama, Vienna, Virginia and Washington DC. The FBI’s Data Center Hardware and Operating Systems Section (DCHOSS) is also looking to hire on-site IT managers to keep operations running smoothly and securely. The contract has two main requirements. Vendors must be able to run the agency’s disparate collection of servers with at least 99% uptime and get a technical update.
Microsoft’s bug bounty brings in millions
Microsoft says so paid $ 13.6 million last year for flaw researchers in its bug bounty program.
The biggest chunk was a $ 200,000 reward under Redmond’s Hyper-V Bounty program. A total of 341 developers in 58 countries participated with the average reward exceeding $ 10,000 out of 1,261 eligible vulnerability reports.
“This year, we’ve introduced new challenges and scenarios to reward research focused on the highest impact on customer security,” the Windows giant said in a blog post. “These focus areas have helped us not only to uncover and correct risks to client privacy and security, but also to offer researchers the best prices for their high impact work. “
Coin scams are coming to the smartphone
A low-tech but high-reward software scam has been discovered that has grossed at least around $ 350,000 from brands wishing to get into cryptocurrency.
Search Point more than 170 Android apps, including 25 on Google Play, claimed to mine cryptocurrency on smartphones. Once purchased and downloaded, they displayed an amount of crafted currency, but it was all wrong: The generated coins didn’t actually exist, even though the app claimed they were mined.
The software then suggested that mining could be done faster if the user bought an upgrade. More than 93,000 people have fallen into the trap, it is said, and although the apps have now been removed from the Google Play Store, there are still plenty of examples in third-party markets.
Morgan Stanley cops leak data
In even more fallout from security breaches in Accellion’s file transfer system, Morgan Stanley admitted to losing data thanks to the vulnerable software.
Guidehouse, a third-party vendor the financial giant used to run its StockPlan Connect business, was trapped by an uncorrected Accellion FTA system. Documents containing social security numbers and account details of Morgan Stanley clients were stolen via a security breach and, while this information was encrypted, the attackers also stole the decryption keys.
“The files obtained from the vendor included the following information about the participant: name; address (last known address); date of birth; social security number (if the participant had one); and company name,” Morgan Stanley explained in a letter. [PDF] to New Hampshire authorities. “Note that the data in these files did not contain passwords that could be used to access financial accounts. “®