Cloudstar has been felled by ransomware
“On Friday, July 16, Cloudstar discovered that it had been the victim of a serious ransomware attack,” Florida-based biz warned its customers over the weekend.
“Due to the nature of this attack, at this time our systems are out of reach, and although we are working around the clock, we are missing a specific restore schedule. Our Office 365 mail services, email encryption offerings and some support services are still fully functional. his energy.
“Cloudstar has retained third-party forensic experts Tetra Defense to assist us in our recovery efforts as well as inform law enforcement. Negotiations with the threat actor are ongoing. We are working hard to fix this matter as quickly as possible and will update stakeholders.”
Cloudstar is said to be providing technology to thousands of proprietary firms and lenders. It provides remote virtual desktops, cloud-hosted software and storage, and IT security to companies in the Americas working in real estate, finance, insurance, and petrochemicals.
“This is a very difficult time for Cloudstar but more importantly for our customers, whose trust we value so much,” the group added on its website.
Miscreants on the dark web have leaked 1 terabyte of stolen data that was said to belong to Saudi Aramco.
Spyware maker NSO tried to build a company in the US, but quickly failed, although its lobbyists, consultants and lawyers reportedly made good money from the attempt.
Cloudflare's code error
Cloudflare vulnerability 12.7 percent of all websites are said to have been hacked by a malicious user-controlled package to potentially compromise a large number of web pages.
The service in question is cdnjs, which hosts and serves people's JavaScript and CSS libraries from the Content Delivery Network. RyotaK-Hunter, while investigating supply chain attacks, found a path flaw that could be exploited by a carefully designed JS/CSS library sent to cdnjs via its GitHub repository for inclusion in a CDN.
This library will be able to overwrite files and execute commands in the context of the cdnjs backend when the submission is processed, and Cloudflare secret keys can be obtained on the GitHub API. It is possible that the attacker used this placement to alter the JavaScript and CSS that are delivered to those sites using cdnjs.
Just as interesting, when RyotaK experimented with a proof-of-concept exploit for this vulnerability, GitHub alerted Cloudflare that its credentials had been compromised, and API keys were quickly revoked and recreated by employees. We were told that RyotaK, which was participating in Cloudflare's bounty program, submitted a vulnerability report shortly after in early April, and the issue was completely fixed by early June.
Hackers have carried out a slate of prominent cyberattacks against U.S. companies in recent months, including JBS and Colonial Pipeline, which moves fuel along the East Coast. Both were ransomware attacks, in which hackers try to shut down systems until a ransom is paid. The video game company Electronic Arts was also recently hacked, but its data was not held for ransom.
