Media coverage - 2021

Media coverage published in 2021

White House to Corporate America: Take Ransomware Threat Seriously

June 3, 2021

eSecurity Planet

The National Security Council is sending a memo to U.S. companies urging them to take the ransomware threat more seriously as the Biden Administration ramps up its responses following recent attacks linked to Russia-based hacker groups on two major corporations.

Text Link

Where Did REvil Ransomware Go? Will it Be Back?

July 14, 2021

Security Boulevard

Speculation swirled over why the prolific and dangerous REvil ransomware went offline – blog, payment processing, all suddenly went kaput – it’s important not to lose sight of the bigger issues. While the ransomware is gone, at least for the time being, there’s a good chance they’ll be back under another franchise. And ransomware threats still loom large.

Text Link

Fashion Retailer Guess Announces Data Breach

July 14, 2021

Security Magazine

Fashion retailer Guess recently announced a data breach that compromised 1,300 people and their information, including account numbers, debit and credit card numbers, social security numbers, access codes and personal identification numbers.

Text Link

Kaseya Ransomware Attack: What to Know About Supply Chain Security

July 14, 2021

DICE Insights

Despite warnings about the dangers to software supply chains following the cyberespionage campaign that targeted SolarWinds and the company’s customers, organizations in the U.S. and around the world are dealing with the fallout of yet another attack that took advantage of security weaknesses in these IT ecosystems.

Text Link

Cybercriminals Employing Specialists To Maximize Ill-Gotten Gains

July 13, 2021

Tech News World

Ransomware gangs are increasingly turning to specialists to complete their capers on corporations, according to a Dark Net intelligence provider. A report issued by Tel Aviv-based Kela noted that the days when lone wolves conducted cyberattacks from start to finish are nearly extinct.

Text Link

Critical RCE Vulnerability in ForgeRock OpenAM Under Active Attack

July 12, 2021

Threatpost

Attackers are actively exploiting a critical, pre-authorization remote-code execution (RCE) vulnerability in the popular Access Management platform from digital identity management firm ForgeRock.

Text Link

Zeit der Unschuld ist für MSPs vorbei

July 9, 2021

Channel Partner

Vor zwei Jahren Teamviewer, zur Jahreswende 2020/21 Solarwinds und jetzt Kaseya: Technologielieferanten von Managed Servive Providern rücken allmählich ins Visier von Angreifern. Die können und dürfen diese Tatsache nicht mehr ignorieren – und müssen lernen, damit umzugehen.

Text Link

Exclusive: Expert views on the Kaseya attack and the latest patchwork

July 8, 2021

AMEinfo

Enterprise tech firm Kaseya has confirmed that around 1,500 businesses were impacted as a result of an attack on its remote device management software, which was used to spread ransomware.

Text Link

Letting Businesses ‘Hack Back’ Against Hackers Is a Terrible Idea, Cyber Veterans Say

July 8, 2021

Wall Street Journal

Companies shouldn’t be allowed to strike back against hackers, cybersecurity specialists and former government officials warned, after senators last week introduced legislation floating the idea of such counterattacks.

Text Link

As Kaseya Works to bring SaaS Servers Online, Experts Laud Precautionary Measures as ‘Opposite of Complacency

July 6, 2021

SC Magazine

Kaseya began the technical work for deployment of the company’s servers that support the software-as-a-service VSA product, configuring an additional layer of security to the SaaS infrastructure.

Text Link

Prevention and preparedness revisited: Cyber-defence after Kaseya ransomware attack

July 7, 2021

SecurityBrief Asia

Hitesh Sheth, our CEO, shares his thoughts on the recent Kaseya ransomware attack and how it indicates the increased rise of ransomware.

Text Link

Up to 1500 Businesses Affected by Kaseya Supply Chain Ransomware Attack

July 6, 2021

Security Magazine

Kaseya’s VSA product has been the victim of a sophisticated ransomware attack, affecting 60 Kaseya customers and an estimated 1,500 downstream businesses.  Attackers are allegedly demanding $70 million in return for a universal decryptor software key that would unscramble all affected machines.

Text Link

Crash Testing Your Business

July 6, 2021

Fortune

As A.I. becomes more ubiquitous and powerful, it will be increasingly important to test and simulate all the ways in which A.I. systems can fail, either on their own, or because someone has decided to deliberately attack them. (This could be cybercriminals or fraudsters or state actors.) In essence, as we hand more control to intelligent software, companies will have to perform a kind of crash testing on larger parts of their business.

Text Link

Kaseya attack prompts thinking on much do you really know your vendor

July 6, 2021

Enterprise Channels MEA

According to advisories posted on the Kaseya website, its VSA product has unfortunately  been the victim of a sophisticated cyberattack. This has been localized to a number of on-premises customers.  In an effort to be transparent with customers, Kaseya is sharing information concerning the recent ransomware attack in an Incident Overview and Technical Details document.

Text Link

Prevention and Preparedness Revisited: Cyber Defence After Kaseya Ransomware Attack

July 6, 2021

Tahawul Tech

Our CEO, Hitesh Sheth, has guest wrote about the Kaseya ransomware attack. He shares how part of the job of cybersecurity leaders is to look at discrete events and connect the dots.

Text Link

Kaseya attack leaves MSPs asking more security questions

July 5, 2021

MicroScope

The latest ransomware attack on a firm operating in the managed service sector further underlines the need to protect data and ensure supply chain integrity.

Text Link

REvil crew wants $70m in Kaseya ransomware heist

July 5, 2021

Computer Weekly

More than 1,000 different organisations around the world – including many small and medium-sized enterprises (SMEs) – remain locked out of critical IT systems over 48 hours after a REvil/Sodinokibi ransomware attack against IT managed service providers (MSPs) orchestrated via a compromise of Kaseya’s VSA endpoint management and network monitoring service.

Text Link

New Data Security Rules Instituted for US Payment Processing System

June 30, 2021

ZDNet

New data security rules governing how money changes hands in the US have gone into effect today, forcing major digital money processors to render deposit account information unreadable in electronic storage.

Text Link

NIST Releases 'Critical Software' Definition for US Agencies

June 28, 2021

Gov Info Security

The National Institute of Standards and Technology has published its definition of what "critical software" means for the U.S. federal government, as the standards agency begins fulfilling some of the requirements laid out in President Joe Biden's executive order on cybersecurity.

Text Link

Sécuriser Microsoft Office 365 face à la nouvelle normalité…

June 25, 2021

Informatique News France

Autrefois considéré comme un avantage stratégique, le cloud est rapidement devenu indispensable au sein des entreprises. Son adoption, ainsi que l’efficacité et l’agilité qu’il procure, figurent en bonne place de l’ordre du jour des conseils d’administration depuis plusieurs années maintenant.

Text Link

Le plan de gestion du Cloud est-il un nouveau front pour la cybersécurité ?

June 16, 2021

Silicon.fr

Le plan de gestion assure la gestion et l’orchestration du déploiement du Cloud dans une entreprise. C’est à ce niveau que les configurations de référence sont définies, que l’accès des utilisateurs et des rôles est fourni, ainsi que l’emplacement des applications afin qu’elles puissent s’exécuter avec les services associés— on peut le comparer au contrôle du trafic aérien dans le cadre des applications.

Text Link

Researchers Publish Proof of Concept for Cisco ASA Flaw

June 28, 2021

Security Magazine

Researchers at at Positive Technologies have published a proof-of-concept exploit for CVE-2020-3580. There are reports of researchers pursuing bug bounties using this exploit.

Text Link

Lawmakers Introduce American Cybersecurity Literacy Act

June 28, 2021

Security Magazine

Bipartisan House lawmakers introduced legislation to increase cybersecurity literacy and security awareness among the American public amid a spike in cybersecurity threats against critical infrastructure.

Text Link

Bipartisan Legislation Would Establish Cybersecurity Literacy Campaign

June 25, 2021

Channel Futures

A bipartisan group of U.S. House members introduced legislation to establish a cybersecurity literacy and public awareness campaign. The cybersecurity literacy bill comes amid the increasing onslaught of cyberattacks. These include headline-grabbing attacks on SolarWinds and Microsoft Exchange, and ransomware attacks such as Colonial Pipeline and JBS USA.

Text Link

Cisco ASA Bug Now Actively Exploited as PoC Drops

June 25, 2021

Threatpost

Researchers have dropped a proof-of-concept (PoC) exploit on Twitter for a known cross-site scripting (XSS) vulnerability in the Cisco Adaptive Security Appliance (ASA). The move comes as reports surface of in-the-wild exploitation of the bug.

Text Link