{"id":21954,"date":"2022-04-22T08:03:55","date_gmt":"2022-04-22T12:03:55","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=480668"},"modified":"2022-04-22T14:34:25","modified_gmt":"2022-04-22T18:34:25","slug":"cyber-security-today-april-22-2022-backgrounder-on-blackcat-ransomware-gang-movement-from-revil-and-millions-stolen-from-another-defi-system","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-april-22-2022-backgrounder-on-blackcat-ransomware-gang-movement-from-revil-and-millions-stolen-from-another-defi-system\/","title":{"rendered":"Cyber Security Today, April 22, 2022 \u2013 Backgrounder on BlackCat ransomware gang, movement from REvil and millions stolen from another DeFi system"},"content":{"rendered":"<p>A new backgrounder on the BlackCat ransomware gang, movement from REvil and millions stolen from another DeFi system.<\/p>\n<p>Welcome to Cyber Security Today. It\u2019s Friday April 22nd, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for <em>ITWorldCanada.com.<\/em><\/p>\n<p><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/22872686\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\"><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\"><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\"><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><strong>The FBI has issued<\/strong> another in a series of background reports on ransomware gangs. <a href=\"https:\/\/www.ic3.gov\/Media\/News\/2022\/220420.pdf\" rel=\"noopener\">This one is on the BlackCat or ALPHV gang<\/a>. The purpose of these reports is to give IT defenders information on the tactics used by malware operators and indicators of compromise. The FBI estimates that as of last month the BlackCat operators had compromised at least 60 organizations around the world. Usually this gang or its affiliates use stolen user credentials to access the IT systems of victims, then they try to get into Active Directory to get hold of administrator accounts. After disabling security features Windows Task Scheduler is used to deploy the ransomware.<\/p>\n<p><strong>More on ransomware:<\/strong> After laying low for some months the REvil ransomware gang may have stirred. <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/revils-tor-sites-come-alive-to-redirect-to-new-ransomware-operation\/\" rel=\"noopener\">According to the Bleeping Computer news site<\/a> the gang\u2019s servers on the Tor network are redirecting to a new data leak site that lists two new victims. This new site is also being promoted on a criminal forum. A few months ago Russia announced some members of the REvil gang were arrested. It isn\u2019t clear if that led to the disruption of the gang or the leaders have been sitting quiet \u2014 until now.<\/p>\n<p><strong>Cisco Systems<\/strong> has <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-uva-static-key-6RQTRs4c\" rel=\"noopener\">released a patch<\/a> for a vulnerability in its Umbrella Virtual Appliance. Umbrella is a cloud-based cybersecurity service that combines a secure web gateway, firewall, and cloud access security broker for logins. Rated as high, the vulnerability could allow an unauthenticated remote attacker to impersonate a virtual appliance. As a result the patch needs to be installed promptly.<\/p>\n<p><strong>There\u2019s more evidence<\/strong> that the digital coin industry still doesn\u2019t understand cybersecurity, controlling business processes and human nature. <a href=\"https:\/\/medium.com\/@omniscia.io\/beanstalk-farms-post-mortem-analysis-a0667ee0ca9d\" rel=\"noopener\">According to researchers at Omniscia<\/a>, the Beanstalk stablecoin project suffered a US$182 million loss of cryptocurrency last Sunday at the hands of a crook. How? First a definition of this project. It\u2019s a decentralized finance, or DeFi, operation. Participants earn rewards by contributing funds to a central funding pool. Like many DeFi projects, it has a majority vote governance system. What happened was someone exploited a flaw in the voting code and initiated what\u2019s called a flash loan. Flash loans are allowed by voters. But in this case someone gamed a newly-introduced system. In May Beanstalk will hold a fundraiser to try to restore funds.<\/p>\n<p><strong>Attention Facebook users:<\/strong> There\u2019s a new scam going on trying to steal your login credentials. <a href=\"https:\/\/abnormalsecurity.com\/blog\/facebook-domain-credential-phishing-attack\" rel=\"noopener\">According to researchers at Abnormal Security<\/a>, targets get an email claiming their account is about to be disabled because of repeated postings that violate Facebook\u2019s policies. To avoid having the account killed the victim has to click on a link in the email to file an appeal. That leads to a form where the target has to enter their name, email address and Facebook password. Think carefully before entering a password after clicking on a link. If you\u2019re worried after getting a message like this from any service you use don\u2019t click on a link. Instead go to the site directly and log in to your account.<\/p>\n<p>That\u2019s it for now. But remember later today the Week in Review podcast will be available. Guest commentator David Shipley of Beauceron Security will join me to discuss ransomware, zero-day vulnerabilities and a new criminal marketplace hoping to sell stolen corporate data to other companies.<\/p>\n<p>Remember links to details about podcast stories are in the text version at <em>ITWorldCanada.com<\/em>. That\u2019s where you\u2019ll also find other stories of mine.<\/p>\n<p>Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-april-22-2022-backgrounder-on-blackcat-ransomware-gang-movement-from-revil-and-millions-stolen-from-another-defi-system\/480668\">Cyber Security Today, April 22, 2022 \u2013 Backgrounder on BlackCat ransomware gang, movement from REvil and millions stolen from another DeFi system<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episde reports on an FBI paper on the BlackCat ransomware gang, the possible return of REvil, the theft of millions from a DeFi project and more<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-april-22-2022-backgrounder-on-blackcat-ransomware-gang-movement-from-revil-and-millions-stolen-from-another-defi-system\/480668\">Cyber Security Today, April 22, 2022 \u2013 Backgrounder on BlackCat ransomware gang, movement from REvil and millions stolen from another DeFi system<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"author":17,"featured_media":20668,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389,388],"class_list":["post-21954","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-podcasts","category-security","tag-cyber-security-today","tag-privacy-security"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/21954","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=21954"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/21954\/revisions"}],"predecessor-version":[{"id":21986,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/21954\/revisions\/21986"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media\/20668"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=21954"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=21954"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=21954"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}