Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

US DHS Cyber Safety Board will review Lapsus$ gang’s operations

US DHS Cyber Safety Review Board will review attacks linked to the Lapsus$ extortion gang that hit multiple high-profile companies. The Department of Homeland Security (DHS) Cyber Safety Review Board announced that it will review cyberattacks linked to the extortion gang Lapsus$, the gang breached multiple high-profile companies in recent years. “Today, the U.S. Department […]

Lapsus$ Globant

US DHS Cyber Safety Review Board will review attacks linked to the Lapsus$ extortion gang that hit multiple high-profile companies.

The Department of Homeland Security (DHS) Cyber Safety Review Board announced that it will review cyberattacks linked to the extortion gang Lapsus$, the gang breached multiple high-profile companies in recent years.

“Today, the U.S. Department of Homeland Security (DHS) announced that the Cyber Safety Review Board (CSRB) will review the recent attacks associated with Lapsus$, a global extortion-focused hacker group. Lapsus$ has reportedly employed techniques to bypass a range of commonly-used security controls and has successfully infiltrated a number of companies across industries and geographic areas.” reads the CSRB announcement.

The review aims at developing a set of actionable recommendations for how organizations can improve their resilience to these types of attacks. The final report will be transmitted to President Biden through Secretary of Homeland Security Alejandro N. Mayorkas and CISA Director Jen Easterly. 

Lapsus$ Globant

The Lapsus$ group is behind a long string of attacks against high-profile organizations, including NVIDIASamsungUbisoft, Mercado Libre, VodafoneMicrosoftOkta, and Globant.

“The Cyber Safety Review Board has quickly established itself as an innovative and enduring institution in the cybersecurity ecosystem,” said Secretary Alejandro N. Mayorkas. “With its review into Lapsus$, the Board will build on the lessons learned from its first review and share actionable recommendations to help the private and public sectors strengthen their cyber resilience.” 

As directed by President Biden through Executive Order 14028 Improving the Nation’s Cybersecurity, Secretary Mayorkas established t

The CSRB was established on February 2022 under the direct order of President Biden through Executive Order 14028 with the intent of improving the Nation’s Cybersecurity.

The group of experts is tasked with reviewing and assessing significant cybersecurity events to allow public and private organizations to better protect US networks and infrastructure.

“The CSRB is composed of highly esteemed cybersecurity leaders from the federal government and the private sector. The CSRB does not have regulatory powers and is not an enforcement authority. Instead, its purpose is to identify and share lessons learned to enable advances in national cybersecurity. Robert Silvers, DHS Under Secretary for Policy, serves as Chair and Heather Adkins, Google’s Vice President for Security Engineering, serves as Deputy Chair.” continues the announcement.

Some alleged Lapsus$ members have already been arrested by international authorities in the last months.

In October, the Federal Police of Brazil announced the arrest of an individual suspected of being linked to the LAPSUS$ extortionist gang. The authorities did not disclose info about the individual, it seems that the suspect is a teenager.

The arrest is the result of an international police operation codenamed Operation Dark Cloud that was launched in August 2022.

The Brazilian police, the Polícia Federal, launched its investigation in December 2021 after the website of Brazil’s Ministry of Health suffered a data breach. Threat actors stole 50TB of data and deleted COVID-19 vaccination data of millions of Brazilian citizens.

The Lapsus$ gang claimed responsibility for the attack, the group also hit other federal government websites, including the Ministry of Economy, Comptroller General of the Union, and the Federal Highway Police.

In September, the City of London Police arrested a 17-year-old teenager on suspicion of hacking, however, experts believe the arrest could be linked to the recent security breaches suffered by Uber and Rockstar Games.

Uber revealed that the threat actor behind the intrusion is affiliated with the LAPSUS$ hacking group.

The threat actor behind the Uber hack, which goes online by the moniker Tea Pot (aka teapotuberhacker), also claimed to have Rockstar Games, the gaming firm behind GTA 6.

The arrest is the result of a joint investigation conducted by City of London Police with the U.K. National Crime Agency’s cybercrime unit.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]