Ransomware attacks were one of the main points of discussion that took place between Biden and Putin at Geneva. It was the first in-person summit for these presidents. At his speech after the end of the three-hour meeting with Baiden, Putin denied Russia’s support for ransomware groups and, generally, refused to answer any questions somehow connected to cyberattacks. Although Biden did not specify any details of his meeting with Putin, he noted that the topic related to ransomware attacks was actively discussed during the meeting.
Biden provided Putin with the list containing the 16 specific entities defined as the objects of critical infrastructure that should be off-limits to attack. These entities represent such sectors as chemical, communications, defense industrial base, emergency, energy, financial services, etc. The G7 countries issued the statement calling Russia to fight against malicious groups responsible for committing ransomware attacks located on its territory. This summit confirms that the matter of cybersecurity is now included in the agenda of global leaders.
Ukrainian police raided 21 buildings near Kyiv that were presumably connected to the Clop ransomware group. As a result of this raid, 6 people were arrested. The malicious group is responsible for committing a series of cybercrimes against well-known brands such as Shell, Kroger, and even Stanford University. The total damage caused to victims due to the cyberattacks carried out by this group amounted to $500 mln. The Cyberpolice Department of the Ukrainian National Police cooperated with South Korean officers, Interpol, and unnamed US agencies to implement this anti-ransomware operation.
During the raid, police seized dozens of computers and other equipment in addition to $185K in cash and the server infrastructure was taken down. South Korea was particularly interested in fighting this ransomware group since 4 South Korean companies experienced heavy attacks carried out by this group in 2019. The Clop group was targeting its victims by actively exploiting the Accellion vulnerability. The group targeted mostly large organizations.
The key reason behind the exposure of data was the misconfiguration of cloud services that impacted security. The online database belonging to CVS Health was not protected by any password as well as did not have any authentication barriers to prevent unauthorized entry. The records found by WebsitePlanet together with researcher Jeremiah Fowler were connected to the US pharmaceutical and healthcare giant that is the owner of such brands as Aetna and CVS Pharmacy. The 204 GB database contained such information as visitor IDs, device access information, session IDs, and other data.
The information contained in the database may be used to carry out targeted phishing campaigns. Also, the giant’s competitors may be also interested in viewing the exposed data to gain competitive advantages. According to CVS Health, the unnamed vendor was managing the database.
The researcher awarded by Facebook reported the company on the vulnerability in the privacy features of Instagram. The vulnerable points in Instagram could have allowed malicious actors to view private media such as archived posts, stories, and reels on the platform without even following the targeted page. By obtaining the Media ID of the target user, attackers could send a POST request to Instagram’s GraphQL endpoint. As a result, display URLs and image URLs as well as like and save counts were exposed.
Attackers could extract sensitive data without being accepted as a follower, thereby, one of the main features of Instagram designed to ensure privacy of users did not perform its key function. Also, the endpoints could be used by malicious actors to extract the addresses of users’ Facebook pages that were linked to Instagram accounts. Bug bounty hunter Mayur Fartade reported his findings regarding the Instagram vulnerabilities within the framework of Facebook Bug bounty program on April 16. The vulnerable endpoints were patched by Facebook on 29 April.
Chrome Browser update for Windows, Mac, and Linux was rolled out by Google to address 4 security vulnerabilities including the 0-day one that are exploited in-the-wild. The vulnerability tracked as CVE-2021-30554 has a high severity level. Successful exploitation of this vulnerability may allow hackers to corrupt valid data or even execute unauthorized code or commands. The issue was reported to Google by an unnamed individual on 15 June. According to the company’s program manager Srinivas Sista, the company was aware of the exploitation of this vulnerability in-the-wild.
Since the beginning of this year, it is the 8th zero-day vulnerability fixed by Google. Google recommends its users to update to the latest version (91.0.4472.114). It is important to notice, that the development was made just 10 days after Google had patched the other zero-day flaw exploited in-the-wild tracked as CVE-2021-30551.
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.