REvil, a Russian cybergang, has launched a massive ransomware campaign (called Kaseya based on the software it attacks) against many thousands of systems across 17 countries worldwide, making it the largest ransomware attack on record. The attack targets the update mechanism of Kaseya, an IT services company, which has software running in thousands of customers’ networks via MSP relationships. So they make the tool, which they then sell to other companies which gets used by even more companies. This fractal nature of the impact is what makes supply chain attacks so dangerous. REvil is asking for $70 million in Bitcoin to publish the decryptor key for all affected organizations and systems. FBI and CISA are saying you should disable any VSA servers immediately. More | CISA Recommendations | Kaseya VSA Detection Tool
Staying in Russia, APT28 (Fancy Bear) has been launching a widespread brute force attack against hundreds of organizations in the US and UK according to the NSA, CISA, and FBI. Targets include government, military, political parties, political consultancies, defense contractors, energy firms, logistics companies, think tanks, and other high-value organizations. More
CISA released a new ransomware self-assessment security audit tool, which is a new module for its Cyber Security Evaluation Tool (CSET). It looks at an organization’s IT, OT, or ICS assets and assesses how equipped you are to defend against attacks. More
APT29 (Cozy Bear) successfully compromised a Microsoft customer support representative’s account and used that access to attempt to attack customer accounts. This is the same group responsible for Solarwinds, and they evidently only got a few VIP accounts. More
The US Secret Service has brought back its cyber most wanted list. MoreMost Wanted
Isreal logged the first known use of a fully autonomous drone swarm to track and attack Hamas militants. They were able to find and attack their targets with zero human interaction. If you’re into this topic, you really should read Daniel Suarez’s book, Kill Decision. More
Cyber insurance costs have risen 32% in the last year, and appear poised to continue. Not only are premiums increasing, but additional stipulations are being added to policies as well. More
Proofpoint says Cobalt Strike has shown a 161% increase in usage by attackers vs. last year. More
Vulnerabilities:
Microsoft has found new vulnerabilities in NETGEAR firmware. More
LinkedIn has had another data loss incident, this one affecting 700 million users. More
GETTR, Trump’s new social media platform launched and was hacked on July 4th, with several VIP accounts being compromised and defaced. More
Companies:
Greynoise just got some In=Q-Tel money. Congrats to Andrew and team! More
Noname Security raises $60 million in their Series B to continue doing API security. More
TECHNOLOGY NEWS
Facebook announced its competitor to Substack, called Bulletin. The biggest difference over the rest of the field is that they’re not initially taking a cut off what people make. More
Foxconn earnings were up 20% on high demand from Apple. More
TikTok is extending its video length limit from one minute to three minutes. More
Companies:
Obviously AI is a no-code AI tool for data analysts, and they just increased their seed round to $4.7 million. More
HUMAN NEWS
Over a hundred people are dead in Oregon, Canada, and other places in northern parts of North America as temperates hit 116 degrees Fahrenheit. I know someone who was visiting Seatle from Austin and they arrived to much hotter weather than where they left. In July. More
70% of San Francisco residents say the quality of life in the city has declined. More
Iceland says their 4-day workweek trial was an “overwhelming” success, with most people being less burned out and productivity staying the same or improving. More
Asimov’s Foundation is coming to AppleTV in September. Looks really good. More
CONTENT, IDEAS & ANALYSIS
This section previously mentioned a false story about the women’s soccer team turning their backs to the flag, which was technically true but not for the reason implied. Apologies for propagating that garbage.
