Thu. Dec 3rd, 2020

Layer 7 Weekly Round Up: 01/06 Edition


1. Travelex Currency Exchange Being Held for Ransom

Foreign exchange firm Travelex is being held for ransom following a cyberattack that shut down all its computer systems. The REvil (Sodinokibi) ransomware group told BBC that it carried out the attack and is demanding $3 million, paid in bitcoin, from the company.



2. Homeland Security Warns of Potential Iranian Attacks

The Department of Homeland Security has issued a strong warning that Iran could launch cyberattacks against critical US infrastructure and other US-based targets in response to the killing of Iranian Maj. Gen. Qasem Soleimani on January 2. The National Terrorism Advisory System Bulletin, a rarely used alert put in place after 9/11, said that while DHS had no information about a specific threat to the U.S. homeland, the Iranian leadership and proxy groups have threatened to retaliate.



3. REvil Ransomware Is Being Delivered To Organizations Via Pulse Secure VPN

A vulnerability in Pulse Secure’s Zero Trust VPN system is being exploited to install REvil (Sodinokibi) ransomware, warned security researcher Kevin Beaumont. Pulse Secure issued a patch for the vulnerability back in April 2019, but many organizations did not apply the patch. In fact, Beaumont scanned Pulse Secure servers on Jan. 3 and found 3,826 servers remain vulnerable to attack.


4. Firefox Vulnerability Being Exploited in the Wild

A vulnerability in Mozilla Firefox’s just-in-time compiler is being exploited in the wild to carry out “targeted attacks” against users. In addition to Mozilla’s security advisory, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued its own warning urging users to update their browser to the latest version.



5. Tax Refund Scam Brings St. Louis County Man Four Years In Federal Prison

A St. Louis man has been sentenced by the Department of Justice (DoJ) to 48 months in prison for his role in a $12 million tax fraud scam. Babatunde Olusegun Taiwo and his co-conspirators used information from a data breach at a payroll company to file false tax returns with the Internal Revenue Service. They filed more than 2,000 fraudulent tax returns that claimed more than $12 million in refunds, of which the IRS paid out $889,712. — St. Louis Post-Dispatch