June 2021

French Court Upholds Bitcoin BTC-e Employee's Sentence

French Court Upholds Bitcoin BTC-e Employee’s Sentence

A former employee of a Russian cryptocurrency exchange has lost an appeal to overturn a conviction for money laundering.



In December 2020, Alexander Vinnik was sentenced to five years in prison after being found guilty by a French court of laundering money on a large scale. 



Russian national Vinnik had initially been charged with using ransomware to defraud nearly 200 people but was cleared of this charge in December. 



United States authorities allege that Vinnik was the operator of Bitcoin exchange BTC-e and used his position to commit a string of crimes dating back to 2011, ranging from computer hacking and money laundering to drug trafficking. 



Vinnik has declared himself innocent of all the charges against him and maintains that he was merely a technical consultant to BTC-e and was not employed in an operational capacity. 



Vinnik was arrested at the request of the United States while he was vacationing in Greece in July 2017. 



Russia sought to extradite him on humanitarian grounds in November 2018 after the money launderer went on a hunger strike and his wife was diagnosed with brain cancer. However, Vinnik remained in Greece until the start of 2020, when he was extradited to France. 



In June last year, police in New Zealand seized $90m worth of assets belonging to Vinnik as part of a coordinated operation with the US Internal Revenue Service.



On Monday, a court of appeals in Paris upheld the prison term in the case against Vinnik after finding that he had committed money laundering while being a member of an organized criminal group. They also found that Vinnik lied about the true origin of the ill-gotten gains.



Vinnik’s defense team was denied a request to examine copies of the evidence against him supplied by the Federal Bureau of Investigation. However, they did leave the courtroom with one win after a fine of 100,000 Euros, which Vinnik was ordered to pay during his sentencing in December, was dropped.



Vinnik’s lawyer, Frédéric Bélot, fears Vinnik may be extradited to the US, where he is wanted for allegedly laundering $4 billion.


Source: Infosecurity
French Court Upholds Bitcoin BTC-e Employee’s Sentence

Pentagon CISO Suspected of Sharing Secrets

Pentagon CISO Suspected of Sharing Secrets

A top cyber official at the Pentagon is reportedly on leave while claims that she leaked classified intelligence are investigated by the Department of Defense.



Katie Arrington is employed as the chief information security officer for Acquisition and Sustainment at the Department of Defense. She was brought on board in 2019 and hired under the category of “highly qualified expert.”



Arrington was informed on May 11 that her security clearance for classified information had been suspended as “a result of a reported Unauthorized Disclosure of Classified Information and subsequent removal of access by the National Security Agency.” 



The news was delivered to Arrington via a memo seen by Bloomberg News. Arrington’s attorney, Mark Zaid, confirmed the contents of the memo, which did not provide any details about the alleged disclosure of sensitive information.



Zaid, told Newsweek that the United States Department of Defense (DoD) “is revealing nothing, and it’s very frustrating.”



He said: “The suspension of Ms. Arrington is nothing more than a routine administrative action but she is now being victimized by delays that are unfairly causing harm to national security and her reputation.



“We are ready now to address any DoD concerns and she deserves timely due process which is being denied.”



The memo warned Arrington that if the “preliminary” decision was finalized, she would “not be eligible for access to classified information” or “assignments to duties that have been designated national security sensitive.”



A Department of Defense spokesperson contacted by Fedscoop said the department does not comment on personnel matters.



Arrington’s attorney said he was committed to bringing about a speedy resolution of the issue.



“I continue to push DoD to handle this case properly and expeditiously, and we’ll consider every option we have in order to ensure due substantive and procedural process is provided,” said Zaid.



Before accepting her current role, South Carolinian Arrington gained more than 15 years of cyber experience working at Booz Allen Hamilton, Centuria Corporation, and Dispersive Networks, according to her Pentagon biography. 



In 2018, former one-term Republican state representative Arrington ran an unsuccessful campaign for Congress. 


Source: Infosecurity
Pentagon CISO Suspected of Sharing Secrets

CVE-2021-22353

There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause the kernel to restart.
Source: NIST
CVE-2021-22353

CVE-2021-22367

There is a Key Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may lead to authentication bypass.
Source: NIST
CVE-2021-22367

CVE-2021-22368

There is a Permission Control Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect normal use of the device.
Source: NIST
CVE-2021-22368

CVE-2021-32736

think-helper defines a set of helper functions for ThinkJS. In versions of think-helper prior to 1.1.3, the software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. The vulnerability is patched in version 1.1.3.
Source: NIST
CVE-2021-32736

Salvation Army Hit by Ransomware Attack

Salvation Army Hit by Ransomware Attack

The UK arm of the Salvation Army has been hit by a ransomware attack, it has been reported.


The Christian charity is thought to be negotiating with the attackers over the siphoned data.


The Register reported that the Salvation Army first noticed the attack around a month ago, which is believed to have affected a London data center used by the charity.


Speaking to The Register, a Salvation Army spokesperson confirmed the attack took place and that the Information Commissioners Office (ICO) has been informed: “We are investigating an IT incident affecting a number of our corporate IT systems. We have informed the Charity Commission and the ICO, are also in dialogue with our key partners and staff and are working to notify any other relevant third parties.”


Thankfully, the charity said that none of its services for vulnerable people had been affected.


There is currently no further information about the incident, such as the attackers’ identity or the data accessed. Additionally, no data has appeared on any known ransomware gang sites.


However, Salvation Army staff and volunteers have been advised to keep a close watch for any unusual banking activity from their accounts or suspicious communication they receive.


The attack is the latest in a long line of ransomware incidents that have taken place this year. Prominent examples include the attack on Colonial Pipeline, which led to the largest fuel pipeline in the US being taken offline for five days and on meat processing giant JBS, who reportedly paid the attackers an $11m ransom.


The latest attack has further demonstrated that no organization is safe when it comes to ransomware and must be prepared to face attacks at any time. Keith Glancey, systems engineering manager at Infoblox, commented: “This latest attack on the UK arm of the Salvation Army shows that ransomware is growing in sophistication and that actors are getting bolder. No organization is off-limits, even those in the charity sector.


“When it comes to ransomware, the only truly effective approach is prevention. If an unprotected system gets attacked, there is no way to guarantee the retrieval or decryption of data. Mitigating risk before an attack can happen is the most effective defense an organization can have. Security solutions – such as those that leverage DNS – that can interrupt the malware’s attempt to connect to the command-and-control server, as well as frequent and robust backups, are key. All organizations – regardless of size or sector – should expect ransomware attacks and prepare accordingly.”


Oz Alashe, CEO and founder at CybSafe, added: “Sadly, this latest incident is just one of a spate of ransomware attacks to have occurred over recent months. Schoolshealthcare services and charities such as the Salvation Army are being increasingly targeted by malicious actors who view them as soft targets.


“Given the growing frequency of these attacks, it’s never been more important for organizations and individuals to take the necessary measures to protect themselves online. We need to move beyond basic awareness training and more seriously consider the human aspect of cybersecurity.


“As these attacks become more sophisticated, they also become more personalized, and therefore an approach towards cybersecurity must mirror this if organizations and individuals are to successfully fend off such threats.”


Source: Infosecurity
Salvation Army Hit by Ransomware Attack

No Pay Rise Since Pandemic for Two-Thirds of Cyber Pros

No Pay Rise Since Pandemic for Two-Thirds of Cyber Pros

Two-thirds (67%) of cybersecurity professionals have not received a pay rise in the past 12 months, despite cyber being rated as the scarcest technology skill in the world, according to a new study by recruitment firm Harvey Nash.



The global survey of almost 6000 technologists showed that the rate of pay increases in cyber compared poorly to many other tech positions. For example, while ethical hackers, information security analysts, CISOs and cybersecurity consultants were the cyber roles in most demand, CISOs and security specialists were only ranked 14th among tech roles receiving a pay rise in the last 12 months.



Despite the critical role of security pros during the shift to remote working, companies were more likely to offer pay rises to those tech roles linked to creating value and agility for the business, such as development and user experience. The three roles most likely to be given a pay rise were development management/team leadership (59%), design/UX/UI (50%) and quality assurance (50%).



However, those in cybersecurity roles were less likely to experience a salary decrease (6%) than any other tech job.



In total, four in 10 tech experts received a pay increase in the last 12 months.



Interestingly, the report also ranked CISOs and security specialists as fifth in the list of tech positions most likely to be automated in the next 10 years. This result may be due to the expanded attack surface following the shift to remote working, necessitating more widespread use of automation to detect attacks.



Bev White, chief executive, Harvey Nash Group, commented: “Technology roles are hugely important and deserve to be well paid. In today’s environment where cyber threats are ever-present, security roles, in particular, are critical to the success of organizations and should be properly remunerated. But despite the key role that security specialists have played in keeping businesses protected during the unprecedented challenges of the pandemic and the move to mass homeworking, this doesn’t seem to have translated into pay rises for the majority of cyber professionals.


“Instead, organizations have chosen to reward those individuals that have led or supported their focus on developing innovative ways in which they can pivot their business and build new systems with a customer/outward focus. This has meant that roles such as Development Management/Team Leadership and Design/UX/UI have been rewarded the most.


“While one can see the rationale behind this, it is vital that organizations don’t score an own goal by under-rewarding their cyber teams – and then facing an exodus of talent looking for better remuneration elsewhere. There is a balance to be achieved, but the signs are that the reward strategies of many businesses have perhaps tipped too far in one direction.”


Source: Infosecurity
No Pay Rise Since Pandemic for Two-Thirds of Cyber Pros

CVE-2021-21676

Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to send test emails to an attacker-specified email address.
Source: NIST
CVE-2021-21676