FUJIFILM Ransomware Attack Update: Company Confirms Normal Service Restoration
FUJIFILM, the Japanese photography giant, suffered a serious cyber attack earlier this month. The company could identify the involvement of ransomware on June 1, 2021, after which it pulled the affected systems offline. Consequently, such shut down of systems halted the firm’s usual operations. However, FUJIFILM has now assured service restoration from a ransomware attack. As elaborated in their recent press release, the firm has resumed its usual operations for consumers and business partners. As stated in the press release, We are pleased to inform you that by today, normal operations for customers and business partners, such as reception of inquiries and orders and shipments of our products, have been restored. “…from June 4th, we started operating servers and computers that were confirmed to be safe, and resumed communication on the blocked network. Alongside resuming operations, the company has also pledged to clear the backlog and delays of all deliveries soon. Despite this progress, the firm hasn’t revealed many details about the cyberattack, particularly ransom payments. However, they have assured to have found no evidence of data leakage “to the outside world”.
For now, details about the ransomware gang remain unclear. Though, the researcher Vitali Kremez suspected Qbot trojan involvement in the attack, potentially hinting at REvil. Yet, anything from even the attackers hasn’t appeared on the dark web yet. Therefore, the identity of the actual attackers remains veiled.
Hackers Actively Exploited A Critical Chrome 0-Day Vulnerability In Wide — Update Your Chrome Now!!
Recently, to fix four new vulnerabilities Google updated its Chrome browser to the new version, “91.0.4472.114.” Among those four vulnerabilities, the security experts identified a critical 0-day vulnerability that is being exploited widely by hackers. The security researchers have marked the 0-day flaw as CVE-2021–30554, and this is the second Chrome 0-day flaw that is patched by Google this month, while this year it’s the seventh one that’s being exploited before patching. While this Chrome 0-Day vulnerability CVE-2021–30554 was actually reported by an anonymous user, and that’s why the bug reward for this bug also remains undisclosed. Along with the 0-Day vulnerability, in this release, the developers have also fixed three more use-after-free problems in Chrome Sharing, WebAudio, and TabGroups. This new zero-day vulnerability (CVE-2021–30554) exists in WebGL, and it’s a post-release vulnerability. In short, this 0-day vulnerability is a use-after-free in the Web Graphics Library (WebGL) JavaScript API that is used to render interactive 2D and 3D graphics without using plugins by Chrome.
Experts at Google have claimed that an attack program targeting this Chrome 0-Day vulnerability has already been circulated in the wild. However, for now, being Google has not yet disclosed any key details of this vulnerability, and allowed access to it only to specific researchers in order to allow users time to implement the patches. Google stated that “Access to the information about these vulnerabilities will be restricted until the maximum numbers of users are updating their old Chrome browser. But, if a bug exists in a third-party library that other projects depend on in a similar way, and it has not yet been fixed, then definitely we can stick to the alike restrictions.”
Source — https://gbhackers.com/chrome-0-day-vulnerability/
Russia bans VyprVPN, Opera VPN services for not complying with blacklist request
The watchdog described them as threats in accordance with the Decree of the Government of the Russian Federation №127 dated February 12, adding the restrictions will not affect Russian companies using VPN services in continuous technological processes. The development comes a little over a month after RKN sent a request to enterprises and organizations that use the two VPN services to inform the Center for Monitoring and Management of the Public Telecommunications Network and seek exceptions so as to avoid disruptions to their business operations. The agency said more than 200 technological processes associated with 130 Russian companies are included in the «white lists».
On March 28, 2019, the Russian government required VPNs, anonymizers, and search engine operators to ensure that they block sites included on Roskomnadzor’s regularly updated register of banned sites through the Federal State Information System .
Source — https://thehackernews.com/2021/06/russia-bans-vyprvpn-opera-vpn-services.html
Cyber espionage by Chinese hackers in neighbouring nations is on the rise
A string of cyber espionage campaigns dating all the way back to 2014 and focused on gathering military intelligence from neighbouring countries have been linked to a Chinese military-intelligence apparatus. In a wide-ranging report published by Massachusetts-headquartered Recorded Future this week, the cybersecurity firm’s Insikt Group said it identified ties between a group it tracks as «RedFoxtrot» to the People’s Liberation Army Unit 69010 operating out of Ürümqi, the capital of the Xinjiang Uyghur Autonomous Region in the country. Previously called the Lanzhou Military Region’s Second Technical Reconnaissance Bureau, Unit 69010 is a military cover for a Technical Reconnaissance Bureau within China’s Strategic Support Force Network Systems Department . The connection to PLA Unit 69010 stems from what the researchers said were «lax operational security measures» adopted by an unnamed suspected RedFoxtrot threat actor, whose online persona disclosed the physical address of the reconnaissance bureau and has had a history of affiliating with the PLA’s former Communications Command Academy in Wuhan.
Source — https://thehackernews.com/2021/06/cyber-espionage-by-chinese-hackers-in.html