In short In what looks like a nasty supply chain attack, IT systems management firm Kaseya was compromised by criminals, who then used their VSA product to infect their own customers, and then their customers with ransomware. .
At least 200 companies have been affected, according to infosec biz Huntress. Kaseya, meanwhile, initially estimated that 40 around the world were infected. It also instructed its customers to immediately turn off their VSA data management and remote monitoring services.
“We are facing a potential VSA attack which has been limited to a small number of on-site customers only from 1,400 EDT today,†he said in a statement. Friday Notice.
“We are very cautiously investigating the root cause of the incident, but we recommend that you IMMEDIATELY shut down your VSA server until you receive further notification from us. It is (sic ) essential that you do this immediately, as one of the first things an attacker does is shut down administrative access to the VSA. “
It appears the attackers broke into Kaseya’s servers and included a copy of the REvil ransomware in a software update for customers that was released on Friday. It also took its software platform as a service offline as a precautionary measure.
“We have been told by our external experts that customers who have encountered ransomware and receive a communication from attackers should not click on any links – they can be turned into a weapon,” the Kaseya notice added.
The Florida-based company said The register he worked with the FBI. This is reported that among the victims is the Swedish grocery chain Coop, a customer of one of Kaseya’s customers, which has resulted in the closure of 500 stores.
The Linkedin breach that was not
Earlier this week there was some reports that someone had put 700 million Linkedin records up for sale on the dark web. Rather than an intrusion, said LinkedIn, someone who picked up publicly available information, combined it with other available data, and was trying to make money or ten with it.
“We want to be clear that this is not a data breach and that no private LinkedIn member data has been exposed,” Linkedin said. “Our initial investigation found that this data was pulled from LinkedIn and other websites and includes the same data reported earlier this year in our April 2021 scratch update.”
Scratching is a serious issue for Linkedin, an issue it has taken to the United States Supreme Court.
Western Digital devices caught in the crossfire?
Last week, Western Digital My Book Live users discovered that they had lost a lot of data after devices were remotely wiped through a security breach.
At the time, the manufacturer said it was due to a malware attack. After examining the IP addresses and network traffic involved, the Censys security store suggested it seemed likely that a criminal infected the My Book kit and then a separate individual initiated the factory reset command, suggesting that someone might be trying to take out a rival.
Western Digital, however, disagrees. “Our investigation shows that in some cases the same attacker exploited both vulnerabilities in the device, as evidenced by the source IP address,” It said. “The first vulnerability was exploited to install a malicious binary on the device, and the second vulnerability was subsequently exploited to reset the device.”
In the meantime, the company offers data recovery services to those affected and promises My Book Live customers a recovery service for My Cloud accounts.
Google takes care of Nest’s security
Google has announced that it is strengthening the security of devices at its smart home company Nest and has made a five-year commitment to support existing products. It comes after abandoned its Nest Secure home security system.
La Chocolaterie said all devices sold since 2019 will meet Internet of Secure Things Alliance (ioXt) patch and security standards. Additionally, Google will publish ioXt validation results for all of its kits so that buyers can make an informed choice.
“A useful home is a safe home, and Nest’s new Safety Center makes Nest products help care for the people in your life and the world around you,†Google said in a statement. blog post.
US police seize gun 3D printers
An unusual physical security case arose this week after Pennsylvania police arrested two 3D printers allegedly used to make parts for so-called phantom weapons – unregulated firearms that US cops and prosecutors are missing. not very enthusiastic.
“Kenneth Wilson was caught making guns that can’t be found and cannot be found from his home. Once assembled, these fully functional firearms often become a tool of senseless violence â€, mentionned State Attorney General Josh Shapiro.
“Phantom weapons are quickly becoming the weapon of choice for criminals who kill too many Pennsylvanians. My office is working overtime to target these arms traffickers and remove illegal guns from our streets. “
In addition to the 3D printers, police also said they seized three frames of ghost weapons, three firearms, a small amount of methamphetamine, $ 1,140 in cash and drug packaging materials from the suspect’s home. ®