Tag: Mandiant

I-Soon was playing i-Spy on western companies

A shocking data leak has blown the lid off China’s secret cyber spying operation, which has targeted countries like the UK, India, and Taiwan.

The leak, which was posted on a website for computer geeks, reveals how a shady Chinese firm called I-Soon has been helping the communist regime to hack into the phones, emails and social media accounts of millions of people around the world.

The leak contains hundreds of files, including emails, chats, photos and documents, that show how I-Soon has been working with the Chinese government for eight years, snooping on at least 20 foreign governments and territories.

Tata joins Cohesity Data Security Alliance

Cohesity has announced that Tata Consultancy Services (TCS) is joining the Cohesity Data Security Alliance ecosystem.

Cohesity and Data Security Alliance partners offer current and potential new customers a suite of data security and management solutions and services to help build a cybersecurity strategy and enhance cyber resilience.

This news builds upon Cohesity and TCS’ long-standing partnership and commitment to providing modern and automated data management solutions with end-to-end security.

Barracuda’s email system exploited for seven months

Barracuda Networks has disclosed that a zero-day vulnerability in its Email Security Gateway (ESG) appliances had been exploited for at least seven months.

According to Barracuda’s investigators, the vulnerability CVE-2023-2868 was first exploited in October 2022 to introduce backdoors into some ESG appliances, allowing attackers to gain continued access to the devices. Barracuda’s investigations discovered that information had been stolen from some of the compromised appliances.

The security flaw was not spotted until 19 May, when suspicious traffic emanated from some ESG appliances. Cybersecurity firm Mandiant helped find the vulnerability and all ESG appliances were patched on 20th May, with attackers’ access to the compromised devices blocked on 21 May.

Google completes Mandiant acquisition

Google has completed its $5.4 billion acquisition of security outfit Mandiant.

The deal, announced in March, will see Mandiant retain its brand and join Google Cloud.

Together they will deliver an end-to-end security operations suite with “even greater capabilities to support customers across their cloud and on-premise environments”, a statement said.

Thomas Kurian, CEO of Google Cloud, said buying Mandiant will help organisations reinvent security to meet requirements.

“The completion of this acquisition will enable us to deliver a comprehensive and best-in-class cybersecurity solution”, he said.

“We believe this acquisition creates incredible value for our customers and the security industry at large. Together, Google Cloud and Mandiant will help reinvent how organizations protect themselves, as well as detect and respond to threats.”

It also means that Google Cloud gains threat intelligence and incident response services capabilities.

Mandiant CEO Kevin Mandia said Google’s acquisition will create an “incredible opportunity”.

“Mandiant is driven by a mission to make every organisation secure from cyber threats and confident in their readiness”, he added.

“Combining our 18 years of threat intelligence and incident response experience with Google Cloud’s security expertise presents an incredible opportunity to deliver with the speed and scale that the security industry needs.”

Google signs off on Mandiant deal

Google has signed a definitive agreement to acquire Mandiant, which will join Google Cloud. The deal is worth about $5.4 billion.

Google said the acquisition of Mandiant will complement Google Cloud’s existing security. Mandiant enables Google to enhance its offerings to deliver end-to-end security operations with even greater capabilities to support customers across their cloud and on-premise environments.

The tech giant underlined that Mandiant brings real-time and in-depth threat intelligence gained on the frontlines of cyber security with the largest organisations in the world.

Google cloud snaps up Mandiant

Google has seen off rival Microsoft to acquire cybersecurity vendor Mandiant for $5.4 billion.

For those not in the know, Mandiant provides threat intelligence to protect against cyber-attacks and will.  Google claims it will play nicely with Google Cloud’s “existing security strengths”.

Google Cloud CEO Thomas Kurian said that organisations around the world were facing unprecedented cybersecurity challenges as the sophistication and severity of attacks that were previously used to target major governments are now being used to target companies in every industry.

“We look forward to welcoming Mandiant to Google Cloud to further enhance our security operations suite and advisory services, and help customers address their most important security challenges.”

Google says the cybersecurity firm’s offering will now be used to “enhance” its existing cloud security capabilities – including BeyondCorp Enterprise for Zero Trust, VirusTotal for malicious content and software vulnerabilities and Chronicle’s planet-scale security analytics and automation.

Microsoft mulls snapping up Mandiant

Microsoft campusMicrosoft is in talks to acquire cybersecurity firm Mandiant after the company has been involved in a game of pass the parcel with other buyers.

Mandiant was acquired by FireEye in 2013 for a deal in excess of $1 billion, but its security product business was then sold to a consortium led by Symphony Technology Group for $1.2 billion in June last year.

Both Mandiant and Microsoft declined to comment on the reports and the talks may not go anywhere.

Vole has been spending a lot on security outfits lately and wrote cheques for CloudKnox Security and RiskIQ last year. To be fair though, it has needed their services having been attacked itself rather too many times of late.

 

Security firm hit by hackers

FireEye’s fail-sleeping-security-guards12consultancy firm has been hit by hackers.

A note purported to be from the hacker spread on social media while a FireEye analyst’s LinkedIn appeared to have also been hacked, with the perpetrator posting numerous expletive-laden messages.

The employee’s bio was changed to state: “I’ve been hacked, all my data, all your chats, all my contacts, your numbers, your emails along with my credentials have been leaked. My devices are also nuked [sic].”

At the same time Twitters users began sharing a link to a document that appeared to show details of the attack – claiming the hacker first gained access to Mandiant in 2016.

The document contained a link and password to a file which it claimed contains details of the information obtained from the hack – as well as a link to the hacked employee’s LinkedIn page. The LinkedIn profile has since been taken down.

The document contained the hashtag ‘#Leaktheanalyst’ which has since been used by numerous Twitter users speculating on the incident.

The report goes on to list “potential” targets, including the Israeli Prime Minister’s office, LinkedIn contacts and third-party contractors.

“Mandiant Internal networks and its clients data has been compromised (might be leaked separately),” it added.

However there is no sign that FireEye or Mandiant systems have been compromised and it appears it was just a social media hack.

The hacker ranted that their actions were not financially driven.

“For a long time, we – the 31337 hackers – tried to avoid these fancy a** “analysts” whom trying to trace our attack footprints back to us and prove they are better than us. In the #LeakTheAnalyst operation we say f**k the consequence let’s track them on Facebook, LinkedIn, Tweeter , etc.

“Let’s go after everything they’ve got, let’s go after their countries, let’s trash their reputation in the field. If during your stealth operation you pwned an analyst, target him and leak his personal and professional data, as a side job of course ;).”

Security vendor sued for poor security

courtroom_1_lgSecurity resellers will be a bit nervous about the outcome of a court case in the US where an anti-virus software maker has been sued after a casino became infected with malware.

If the case against Trustwave succeeds it could mean that security companies could be sued if they fail to stop serious breaches.

US casino chain Affinity Games is suing Trustwave, a cyber-security vendor that was brought in to investigate a card breach but failed to detect and stop a malware incident on Affinity’s servers, which led to the escalation of a previous card breach.

In October 2013 Affinity Games was notified of fraudulent credit card activity on the bank accounts of numerous victims and it hired Trustwave to sort out what was believed to be malware on its system.

Trustwave was hired to investigate and stop a credit card breach. In January 13, 2014, Trustwave reassured the casino chain that the incident “has been contained” and that a “backdoor component appears to exist within the code base, but was inert.”

Trustwave also said that the malware’s author became aware that he was detected, and stopped all activity on October 16, 2013, also removing and deactivating some of the malware’s components.

In April 2014 the server and the application from where the suspicious activity was coming were previously tested and deemed safe in Trustwave’s report.

On April 19, 2014, Affinity hired another cyber-security investigator, Mandiant, a FireEye subsidiary, to investigate these new findings in depth. It found that the breach thought shut down by Trustwave had continued to be open until April 27, 2014, when Mandiant security experts shut it down.

Affinity says that Trustwave failed to remove the malware it discovered, failed to find all pieces of the malware, and also failed to identify evidence in some logs it looked at.

In its lawsuit, Affinity claims that “Mandiant’s investigation and remediation confirmed that Trustwave’s representations were clearly inaccurate, and its efforts woefully lacking.”

Affinity is looking for damages in excess of $100,000.

US health firm comprehensively hacked

Sheffield: CEO of AnthemAn American health insurer appears to have been hacked and lost millions of its customers’ records.
Anthem said that hackers stole the identities of customers across all of its business units.
It has about 37 million customers in the USA and has reported the attack to the Federal Bureau of Investigations (FBI).
It has said it has now closed the hole but that’s somewhat equivalent to closing the gate once the horse has bolted.
The hackers do not appear to have had access to Anthem customers’ credit card records.
It has set up a website to try to explain what happened, with its CEO and president claiming his company had state of the art information security systems.
He said that despite that, his company “was the target of a very sophisticated external cyber attack.  These attackers gained unauthorised access to Anthem’s IT systems”.
Anthem has hired a company called Mandiant to assess its IT systems.
Sheffield said: “Anthem will individually notify current and former members whose information has been accessed. We will provide credit monitoring and identity protection services free of charge.”