InfoSecSherpa Newsletter — 26 June 2021
3 min readJun 27, 2021
- Microsoft Discloses New Customer Hack Linked to SolarWinds Cyberattackers
(The Wall Street Journal, 26 June 2021)
The hackers compromised a computer used by a Microsoft customer support employee that could have provided access to different types of information, including ”metadata” of accounts and billing contact information for the organization, a Microsoft spokesman said. - Researchers Identify New Malware Loader Variant
(Bank Info Security, 26 June 2021)
New JSSLoader Variant is Being Spread by TA543 Group - UF Health restores records system a month after ‘cybersecurity event’
(Spectrum News 13, 26 June 2021)
The operator of hospital facilities in Leesburg and The Villages has restored its electronic medical records system, nearly a month after a “cybersecurity event” forced it to disconnect the network from servers and turn to paper documentation. - Ohio-based joint venture to support IT, cybersecurity for NASA
(WDTN 2, 26 June 2021)
A Fairborn military contractor has been awarded a joint $233 million contract to support NASA’s tech and cybersecurity operations. - Kochi-based cybersecurity agency detects data breach on trading platform
(The New Indian Express, 26 June 2021)
PII includes name, contact number, city, country, and customer, email, trade login and branch IDs were leaked. - Cyber attack strikes Eastern Wyoming College
(News Channel Nebraska Central, 26 June 2021)
EWC staff said it happened Tuesday as the cyberattack took down their network. Computers, communications with email and phones are affected. Students can still come on campus and meet with staff face to face or call the main campus number. Staff is doing everything to find a resolution. - Social engineering via call center. Poland attributes cyber incident to Russian intelligence services.
(The Cyber Wire, 26 June 2021)
The BazarCall operators use, in effect, a call center as a major link in their social engineering chain. The scam begins with a phishing email telling the recipient that their free trial subscription to some service is about to expire, and that, unless they call a number to cancel it, they’ll automatically be enrolled in, and of course charged for, the subscription. - Estonia to hold high-level meeting on cyber security in UNSC
(The Baltic Times, 26 June 2021)
As part of its rotating presidency of the United Nations Security Council, Estonia will hold the first-ever formal meeting on cyber security on Tuesday, June 29. - In Jamtara, community libraries offer hope, way out of cyber crime
(The Indian Express, 27 June 2021)
The library in Nala is part of an initiative launched by the district administration on November 13 last year. The district, known as a hub of cyber crime, now has 118 such libraries, all in restored panchayat buildings. - How Saudi Arabia is building cyber resilience while accelerating digital transformation
(Arab News, 26 June 2021)
In common with other GCC states, Saudi Arabia is a prime target of cybercrime, for several reasons. It is a wealthy country with a digitally active population, is positioned at the center of the global energy sector, and located in a region with no shortage of geopolitical tensions. It is also home to Saudi Aramco, among the world’s most valuable companies.
