HUB Security
Published in

HUB Security

Hub Weekly Digest: Pipeline Hack, Apple Confesses, Twilio Discloses Breach and Telstra Provider Hit with Ransomware Attack

Hub Security’s weekly digest covers top stories happening around the world related to fintech, critical infrastructure, cloud, and blockchain security.

Join our webinars on the most relevant cybersecurity topics trending in 2021 — stay up to date via our LinkedIn and Twitter.

Hub Security’s most recent webinar — Federated Learning, AI & Data Security took place on May 6th and hosted a panel of professional experts on key issues related to federated learning, confidential computing, AI applications, Edge computing, and data security. If you missed it, you can watch the full event here.

Ransom Group Linked to Colonial Pipeline Hack is New but Experienced

The ransomware group linked to the extortion attempt that has snared fuel deliveries across the U.S. East Coast may be new, but that doesn’t mean its hackers are amateurs.

Who precisely is behind the disruptive intrusion into Colonial Pipeline hasn’t been made officially known and digital attribution can be tricky, especially early on in an investigation. A former U.S. official and two industry sources have told Reuters that the group DarkSide is among the suspects.

Cybersecurity experts who have tracked DarkSide said it appears to be composed of veteran cybercriminals who are focused on squeezing out as much money as they can from their targets. (Source)

Apple Executives Discussed Disclosing 128-Million iPhone Hack, Then Decided Not To

In September 2015, Apple managers had a dilemma on their hands: should, or should they not, notify 128 million iPhone users of what remains the worst mass iOS compromise on record? Ultimately, all evidence shows, they chose to keep quiet.

The mass hack first came to light when researchers uncovered 40 malicious App Store apps, a number that mushroomed to 4,000 as more researchers poked around. The apps contained code that made iPhones and iPads part of a botnet that stole potentially sensitive user information. (Source)

Twilio Discloses Breach Caused by Codecov Supply Chain Hack

Another Codecov supply chain attack victim has come forward, and this time it’s cloud communications provider Twilio. Twilio posted a blog Tuesday disclosing that a “small number” of customer emails had “likely been exfiltrated by an unknown attacker” who cloned Twilio’s code repositories on GitHub in mid-April. The company further connected the activity to the Codecov breach disclosed last month.

“On April 22, 2021, we received a notification from GitHub.com that suspicious activity had been detected related to the Codecov event and a Twilio user token that had been exposed,” the blog read. “GitHub.com had identified a set of GitHub repositories that had been cloned by the attacker in the time before we were notified by Codecov.” (Source)

An Ambitious Microsoft Project Aims to Fix Cloud Computing Security

A Microsoft research project, Project Freta, aims to change that, providing tools to identify malware running on virtual machines in the cloud. It takes an economic approach to managing malware, which is only valuable to bad actors as long as it’s undetected: once identified on one system, malware code is no longer reusable, as its signature can be added to active scanning tools.

Microsoft Research’s security specialists have been thinking about this problem, and Project Freta encapsulates much of this thinking in a cloud-centric proof-of-concept. Designed to look for in-memory malware, it provides a portal where you can scan memory snapshots from Linux and Windows virtual machines. Initially focusing on virtual machine instances, it’s intended to show the techniques and tools that can be used to scan for malware at massive scale. (Source)

Ransomware Hits Australian Telecom Provider Telstra’s Partner

A ransomware gang claims to have stolen SIM card data and banking information in an attack on Schepisi Communications, a service provider to Australian telecommunications company Telstra, local news outlet News.com reported. Among the Telstra customers affected by the breach are Nestle, a radio station, an Australian property management firm and a financial services company based in Victoria, according to the news report.

Schepisi Communications provides phone numbers and cloud storage services to certain Telstra customers. It’s unclear when Schepisi Communications sustained the breach, but News.com noted the company’s website was down last week. A spokesperson for the company told News.com that personal details of customers were not exposed. (Source)

Subscribe to Hub Security’s Medium for more breaking news and to stay up to date on top weekly stories related to #cyber and #security.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Shterny

Shterny

A copywriter, journalist, and design enthusiast living in Leipzig, Germany.