Attacks, Threats, and Vulnerabilities
Pak unleashed cyber terror on India even as Dubai peace talks were on - The Sunday Guardian Live (The Sunday Guardian Live) More than 300 Twitter accounts were being operated from within the geographical limits of Pakistan to create a situation that would spread anarchy during the farmers’ protest. This newspaper has accessed details of one such Twitter account, which was continuously tracked by Indian intelligence. New Delhi: Two
Huawei was able to eavesdrop on Dutch mobile network KPN: Report (NL Times) Chinese technology company Huawei would have had free access to KPN's mobile network in the past and could eavesdrop on all conversations. De Volkskrant writes this based on a secret report from 2010 which their editorial staff reviewed.
According to the newspaper, Huawei was able to eavesdrop on mobile numbers from the telecom provider at that time. This also included the phones of the then Prime Minister Jan Peter Balkenende, various ministers, and Chinese dissidents. Huawei also knew which numbers were tapped by police and intelligence services.
New Huawei fears over Dutch mobile eavesdropping (The Telegraph) One of the Netherlands' largest mobile network operators was advised the report could cause the company to be shut down
US Cyber Command, DHS-CISA release Russian malware samples tied to SolarWinds compromise (U.S. Cyber Command) U.S. Cyber Command and the Department of Homeland Security - Cybersecurity and Infrastructure Security Agency released eight files attributed to the Russian Foreign Intelligence Service (SVR)/APT 29
Ryuk ransomware operation updates hacking techniques (BleepingComputer) Recent attacks from Ryuk ransomware operators show that the actors have a new preference when it comes to gaining initial access to the victim network.
Codecov Bash Uploader Dev Tool Compromised in Supply Chain Hack (SecurityWeek) A software supply chain attack against the Codecov Bash Uploader went undetected for four months and now security teams are scrambling to figure out which sensitive secrets were stolen.
Popular Codecov code coverage tool hacked to steal dev credentials (BleepingComputer) Codecov online platform for hosted code testing reports and statistics announced on Thursday that a threat actor had modified its Bash Uploader script, exposing sensitive information in customers' continuous integration (CI) environment.
Bash Uploader Security Update - Codecov (Codecov) Note: If you are in the affected user group, at 6 am PT, Thursday, April 15th, we emailed your email address on file from GitHub / GitLab / Bitbucket ...
US investigators probing breach at code testing company Codecov (Reuters) U.S. federal investigators are probing an intrusion at San Francisco-based software auditing company Codecov that affected an unknown number of its 29,000 customers, the firm said, raising the specter of knock-on breaches at companies elsewhere.
Vulnerabilities in OpENer Stack Expose Industrial Devices to Attacks (SecurityWeek) Security holes in OpENer could be exploited for DoS attacks, information leakage, and even remote code execution.
Updated Hancitor Malware Slings Cobalt Strike (Minerva) Hancitor Malware uses standard techniques to drop a malicious payload via a Word document.
Why Facebook and LinkedIn's data scraping fiascos are a huge security problem for their users (Fortune) Security researchers say that the recent data scraping incidents at Facebook and LinkedIn are worth paying attention to.
Cyber agency cautions WhatsApp users against breach of information (Tribuneindia News Service) The country’s cyber security agency CERT-In has cautioned WhatsApp users about certain vulnerabilities detected in the popular instant messaging app that could lead to breach of sensitive information.
India's Cyber Threat Agency Warns Users About 'Severe' WhatsApp Bug (Inc42 Media) The Indian Computer Emergency Response Team (CERT-In) has cautioned users against certain vulnerabilities in an older version of WhatsApp.
Not just ransomware: Schools and universities are increasingly targeted by impersonation scams (The Record by Recorded Future) Schools and universities, which were once seen as poor targets for financially-motivated cybercrime, are now awash in impersonation scams and other attacks.
Celsius Security Notice — April 14–16, 2021 (Medium) Check back for timely updates.
Insights From a Crypto Wallet Phishing Attack (Jscrambler) In-depth analysis of the source code used by scammers in a phishing attack against cryptocurrency wallet Celsius, along with key insights about the attack.
Researchers trick Duo 2FA into sending authentication request to attacker-controlled device (The Daily Swig) Something you know, something you hack
Cyber-attack on UK varsity affects Teams, Zoom learning (ETTelecom) As most of the students are dependent on online learning and video-conferencing apps due to the pandemic, the University of Hertfordshire in the UK ha..
Thousands of queer men’s details stolen in cyber attack on gay dating site Manhunt (Yahoo) The popular gay dating service Manhunt was hit by a huge data breach in February that allowed hackers to steal thousands of user accounts.
Security Patches, Mitigations, and Software Updates
Google revises Disclosure Policy to help improve patch adoption (Computing) Google's Project Zero will not share technical details of the bug for 30 days if a vendor fixes the vulnerability within a 90-day deadline
Google Chrome's new feature lets you easily share selected text (BleepingComputer) Google makes it easy to share text with friends and colleagues with a new Chrome 90 feature that lets you create links to selected text on a web page.
WordPress to automatically disable Google FLoC on websites (BleepingComputer) WordPress announced today that they plan on treating Google's new FLoC tracking technology as a security concern and plans to block it by default on WordPress sites.
Trends
2021 Cyber Attack Statistics, Data, and Trends (Parachute) A cyber attack is an attempt to invade a computer system, multiple computers, or a network infrastructure with the intent to cause some sort of harm. Cybercriminals launch cyberattacks to disrupt, disable or gain unauthorized access to someone else’s computer or network. A successful cyberattack can enable cybercriminals or hackers to steal, manipulate or destroy…
Cyber bullying equally significant as other forms of bullying: lecturer (Roya News) Cyber bullying equally significant as other forms ....
Cyberbullying more prevalent during pandemic, experts say (DispatchLIVE) The increase in screen time on digital devices during the pandemic has increased the risks of cyberbullying
The Heavy Toll of Phishing in 2020 - What the FBI Results Show (INKY) The results are in and as expected, 2020 saw a heavy increase in cybercrime instances and losses. Email phishing, in particular, accounted for more than $54 million in damages. See where companies were hardest hit by cybercrime and what you can do to protect your business from costly phishing disasters.
Pondurance Security Operations Report: 2021 Q1 | Pondurance (Pondurance) Pondurance Security Operations Report: 2021 Q1 Download the Report The Pondurance Quarterly Report shares data collected by Pondurance Managed Detection and Response (MDR) and Incident Response (IR) teams. It provides a glimpse into the growing attack surface and threats that organizations face in today’s threat landscape. Phishing attacks continue to be the top attack vector...
The online fraud report (Uswitch) The online fraud report from Uswitch.com reveals how much money people have lost to card fraud, eCommerce transactions and online scams.
Marketplace
Zscaler Buys Startup Trustdome To Control Cloud Permissions (CRN) Zscaler has agreed to purchase startup Trustdome to get control over who and what has access to data, applications, and services in public cloud environments.
Druva Secures $147 Million Investment to Extend Market Leadership (Druva) New Funding to Fuel Continued Innovation, Scale, and Expand Routes to Market for Druva Cloud Platform
Thycotic and Centrify Complete Merger to Expand PAM Offerings (Infosecurity Magazine) The newly merged company will operate under the temporary name of ThycoticCentrify
Dell Technologies finally spins-off VMware to raise $9.7bn (Capacity Media) Dell Technologies last night announced plans to spin-off its 81% equity ownership in data centre and cloud software firm VMware.
Dell is spinning out VMware in a deal expected to generate over $9B for the company (CTOvision.com) Dell announced this afternoon that it’s spinning out VMware, a move that has been suspected for some time. Dell acquired VMware as part of the massive $58 billion EMC acquisition (announced as $67 billion) in 2015. The way that the deal works is that Dell plans to offer VMware shareholders a special dividend of between $11.5
The Dell Tech And VMware Spin-Off Benefits Everybody (Forbes) #1-Ranked Industry Analyst Patrick Moorhead dives in as after listening to Dell Tech and VMware calls yesterday, reading through many things that have been written, and talking directly to Michael Dell this morning, it's hard to find anything wrong with Dell Tech's spin-off of VMware.
EDGE brings in Australian cyber experts to boost its hybrid warfare capacity (Intelligence Online) Australia's offensive stance on cyber warfare has enabled it to become a leading member of the Five Eyes alliance but has also attracted interest from the United Arab Emirates. Emirati state defence
Nakasone: Workforce Development Issues Top Daily Thinking (Meritalk) Running both the National Security Agency (NSA) and U.S. Cyber Command in an era of expanding cyberattacks pushes a lot of pressing issues to the top of a leader’s to-do list, but for Gen. Paul Nakasone – who heads both organizations that are key to U.S. efforts to operate in cyberspace outside of national borders – workforce development tends to rise above the rest.
Dogecoin spikes 400% in a week, stoking fears of a cryptocurrency bubble (CNBC) Defying all odds, dogecoin is now worth $40 billion, and its price has risen by a whopping 300% in the last seven days.
Dogecoin is the new GameStop – Are investors going to get burned? (MENAFN) Dogecoin has become the new GameStop, with frenzied trading potentially going to deliver a bloody nose to novice investors, warns the CEO of one of the world’s largest independent financial advisory and fintech organisations. The warning from Nigel Green, the chief executive and founder of deVere Group, comes as the market...
Facebook planned to remove fake accounts in India – until it realized a BJP politician was involved (the Guardian) Whistleblower points to double standard in Facebook’s enforcement of rules against powerful
Monthslong hacking campaign deemed grave threat to U.S. national security puts Microsoft in hot seat (KTLA) The sprawling hacking campaign deemed a grave threat to U.S. national security came to be known as SolarWinds, for the company whose software update was seeded by Russian intelligence age…
Facebook oversight board delays decision on Trump ban to 'the coming weeks' (POLITICO) Facebook suspended the former president's account in the wake of the Jan. 6 siege on the Capitol.
Sanctioned Russian IT firm was partner with Microsoft, IBM (king5.com) Of the six Russian technology companies slapped with sanctions, one of them stands out for its international footprint and partnerships with Microsoft and IBM.
Huawei’s Success In China A Win For Washington, Expert Says (Broadband Breakfast) The Chinese telecom giant is finding greater financial success on home turf, keeping it away from the U.S.
Strata Identity Selected as Finalist for RSA Conference 2021 Innovation Sandbox Contest (BusinessWire) Strata has built a distributed Identity Fabric that unifies both cloud and on-premises identity systems so they can be managed as one.
Darktrace targets listing for early May (ShareCast) Cyber-security firm Darktrace on Monday said it planned to list its shares on the London Stock Exchange in early May as part of its expected £3bn flotation.
What investors need to know about Darktrace (Investors' Chronicle) The cybersecurity company has confirmed its intention to list in London
Poppy Gustafsson: the Darktrace tycoon in new cybersecurity era (the Guardian) Gustafsson’s firm, founded when she was 30, is marketed as a digital parallel of a human body fighting illness
Auth0 boosts privacy, sales departments with hires in 2 senior roles (Puget Sound Business Journal) The two new hire announcements come on the heels of Auth0 naming Jameeka Green Aaron as its new chief information security officer. Aaron joined the company in March.
Shelley B. Leibowitz joins BitSight Board of Directors (Help Net Security) BitSight announced it has appointed Shelley B. Leibowitz to its Board of Directors to lead the cybersecurity ratings market.
Guy Carpenter adds Swiss Re’s Cordonnier as cyber co-head (Insurance Insider) Guy Carpenter has signed up former Swiss Re director Anthony Cordonnier as managing director and global co-head of cyber alongside Erica Davis, who has been promoted internally.
ColorTokens Hires Vats Srivatsan, ex-Palo Alto Networks and Google Executive, as Its President and Chief Operating Officer (PR Newswire) ColorTokens Inc., a Zero Trust cybersecurity platform company, announced today that it appointed Vats Srivatsan as its President and Chief...
Products, Services, and Solutions
Stellar Cyber Integrates Security (Pipeline Publishing) NEWS: in this press release, Stellar Cyber announced that its Threat Intelligence Platform (TIP) natively integrated into its Open XDR platform eliminates the need and cost for customers to subscribe to and manage third-party threat intelligence feeds.
Trend Micro Offerings Are FedRAMP Authorized and Available on AWS (Security Boulevard) New support for U.S. federal agencies accelerating secure cloud adoption in 2021
Egnyte ensures greater security across Microsoft 365 with latest integrations (IT Brief) The new integrations are aimed at helping mid-sized organisations prevent data loss, address a growing number of regional privacy regulations, and simplify the overall management of content with minimal administrative overhead.
N-able (Formerly SolarWinds MSP) Announces Partnership With DNSFilter to Help MSPs Protect Customers From Online Security Threats With Advanced DNS Technology (BusinessWire) N-able (formerly SolarWinds MSP), the purpose-built partner for managed services providers (MSPs), today announced a collaboration with DNSFilter to i
HID Global Adds Cloud-Based Multi-Factor Authentication to its WorkforceID Unified Identity and Access Management Platform (Yahoo) HID Global adds cloud-based WorkforceID™ Authentication solution, creating an effortless experience managing identity credentials.
Kroll Launches Information Management and Governance Practice (Kroll) Kroll, the world’s premier provider of services and digital products related to governance, risk and transparency, today announced the launch of its Information Management and Governance practice, an evolution of the firm’s Legal Management Consulting services. Learn more
Technologies, Techniques, and Standards
Are Banks Spending Their Cybersecurity Budgets in the Right Place? (Morphisec) Cybercrime is on the rise. In financial services...banks and credit unions experience attacks nearly 300x more often than other industries.
NATO Wargame Examines Cyber Risk to Financial System (Wall Street Journal) One of the world’s largest cyber wargames is, for the first time, specifically exploring how banks and other financial institutions might respond to a widespread physical and cyber conflict.
Can the Aviation Community Stop a Cyber Attack from Taking Off? (Homeland Security Today) Recent years have heralded myriad technological advancements including developments in machine-learning techniques, telecommunications (5G), the internet of things and more.
What to consider when shopping for cyber insurance (TechRepublic) Cyber insurance is gaining favor in the business world. An expert offers tips on how to get what's needed for the best price.
CISA, Indianapolis Motor Speedway and local partners conduct joint exercise to keep Indianapolis 500 fans safe () The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), Indianapolis Motor Speedway, state and local first responders, law enforcement officials, and local businesses held a tabletop exercise today to test response plans around hypothetical public safety incidents on the day of the Indianapolis 500, scheduled for Sunday, May 30.
Design and Innovation
Nobody is flying to join Google’s FLoC (The Verge) The future of the web is at stake
Research and Development
Senators push quantum computing at DoD (C4ISRNET) New legislation aims to boost America's global competitiveness in quantum computing technology.
Academia
Former Federal CISO Touhill Named New Director of CMU Software Engineering Institute CERT Division (PRNewswire) Carnegie Mellon University's Software Engineering Institute today announced the appointment of Gregory J. Touhill as director of the SEI's CERT Division.
Legislation, Policy, and Regulation
Myanmar’s army is sending the country “back to the ’90s” (Rest of World) Data blocks and cash shortages have devastated the nascent internet economy.
Robots, worms and satellites: How do you fight a cyberwar? (The Sydney Morning Herald) Total meltdown or death by a thousand hacks – how bad could a cyberwar get? Where is the line between espionage and attack?
China-USA nuclear war fears as experts warn cyber intel could spark conflict (Daily Star) Cyber attackers could trigger nuclear war between the US and China by sparking "state alarm" over fears their nuclear deterrent was about to be compromised, says a major study
DNI: Cyber Is The Common Weapon Among Top Adversaries (Air Force Magazine) China aims to displace the U.S. as the world’s pre-eminent superpower; Russia is “pushing back” against the U.S., sometimes with force; Iran is a “regional menace” and North Korea is a “disruptive player,” and will be for years to come, Director of National Intelligence Avril Haines said in the U.S. intelligence community’s annual assessment of top threats facing the U.S.
Russia expels US and Polish diplomats over sanctions (Deutsche Welle) Moscow is ousting 10 US and three Polish diplomats in direct response to the expulsion of Russian diplomats from both countries. Other moves included sanctions on US officials and a crackdown on US NGOs.
Russian Intelligence Calls U.S. Cyber Attack Claims 'Nonsense' (The Moscow Times) "Reading this nonsense is an occupation of little interest," the SVR said of the U.S. executive order.
US sanctions cryptocurrency addresses linked to Russian cyberactivities (BleepingComputer) The US government sanctioned this week twenty-eight cryptocurrency addresses allegedly associated with entities or individuals linked to Russian cyberattacks or election interference.
Jeremy Bash: Newly announced sanctions are a 'deterrence against Russia' (Yahoo) Jeremy Bash joins Kasie Hunt to discuss the newly announced U.S. sanctions against Russia. Bash says the move from the Biden administration announces, "we’re sanctioning you and holding you responsible” for the Solar Winds hack and for interference in the 2016 and 2020 presidential elections.
US Sanctions on Russia Rewrite Cyberespionage's Rules (Wired) The US has sent a loud message to Moscow—though what it's saying isn’t exactly clear.
A 'Worst Nightmare' Cyberattack: The Untold Story Of The SolarWinds Hack (NPR) Russian hackers exploited gaps in U.S. defenses and spent months in government and corporate networks in one of the most effective cyber-espionage campaigns of all time. This is how they did it.
Kremlin provides a safe harbour for Evil Corp and other ransomware attackers (Stuff) Cybergang Evil Corp has been linked to the Kremlin, and many more ties between ransomware and the Russian state are suspected.
Ukraine-Russia tensions: Zelensky, Macron and Merkel hold security talks (France 24) Ukrainian President Volodymyr Zelenskyy is holding talks on Friday with French President Emmanuel Macron and German Chancellor Angela Merkel amid growing tensions with Russia, which has deployed troops at the border with the country.
France, Germany, Ukraine call for Russian troops withdrawal (KHON2) The leaders of France and Germany are demanding the withdrawal of Russian troop reinforcements recently deployed at the border with Ukraine, the German chancellor’s office said F…
In Punishing Russia for SolarWinds, Biden Upends U.S. Convention on Cyber Espionage (Wall Street Journal) President Biden’s decision to punish Russia for the SolarWinds hack broke with years of U.S. foreign policy that has tolerated cyber espionage as an acceptable form of 21st century spycraft, analysts and former officials said.
Cyber Retaliation Needs to Be Decisive, Swift, and Meaningful (OODA Loop) On 15 April the Biden Administration formally attributed the Solar Winds attacks to Russia's Foreign Intelligence Service, the SVR. Soon thereafter they issued several directives implementing sanctions against Russia and some Russian related business leaders. The fall out from these actions is still underway and we will continue to track and assess how these matters could impact business and government strategies and decision-making.
How Biden is boosting cyber defenses against Russia and China (The Christian Science Monitor) Sanctions against Russia are just part of a rising U.S. response to major breaches attributed to hackers from other nations.
Days after sanctions, House to vote again on Cyber Diplomacy Act (FCW) A bill to establish a cyberspace ambassador and an Office of Cyber Issues at the State Department is due to receive a vote on the House floor next week, according to two lawmakers sponsoring the bill.
Corporate Hackers: Outsourcing US Cyber Capabilities (Strategic Studies Quarterly) Cyberspace is a key war-fighting domain that affects all aspects of United States national security. Although defense contractors are essential to United States cyber operations, little research has examined the specific cyber services military and intelligence agencies outsource to corporations.
Biden’s Russia Strike Marks Shift in U.S. Cybersecurity Strategy (Bloomberg Law) President Joe Biden‘s attribution of the SolarWinds Corp. supply chain attack to Russian nation-state actors signals a new chapter for the U.S. government in handling continued cyberthreats, attorneys and industry professionals say.
Israel’s Shadow War With Iran Doesn’t Have to Strain Relations With the U.S. (Foreign Affairs) A shared nuclear policy is better for all.
Priti Patel: Facebook encryption plan 'could harm' fight against child abuse (Computing) Facebook plans to extend its end-to-end ecryption to its Messenger and Instagram services
Huawei can cross Romania off its list of 5G partners (RCR Wireless News) Romania has signed-off on a bill that would band Huawei and other Chinese vendors from involvement its 5G network build outs.
4 Takeaways From DOL's New Cybersecurity Guidance (Law360) The U.S. Department of Labor's first-ever guidance on employee retirement plans' cybersecurity duties set some long-awaited standards for how employers and plan administrators should protect saver data, but some questions remain about plans' legal responsibility to shield worker savings from cyberthieves.
NSA official installed as Trump left office resigns after he was sidelined (Washington Post) Michael Ellis, a former Republican political operative, resigned Friday as the National Security Agency’s top lawyer, having been sidelined for three months after President Biden took office.
Litigation, Investigation, and Law Enforcement
A Czech Explosion, Russian Agents, A Bulgarian Arms Dealer: The Recipe For A Major Spy Scandal In Central Europe (RadioFreeEurope/RadioLiberty) The cause of the 2014 explosions at two Czech arms depots has been a mystery for years. Czech authorities now say a secretive Russian military intelligence unit was to blame -- the same unit linked to a spate of poisonings, assassination attempts, and subversive actions across Europe.
Iran names suspect in Natanz attack, says he fled country (Yahoo) Iran named a suspect Saturday in the attack on its Natanz nuclear facility that damaged centrifuges there, saying he had fled the country “hours before” the sabotage happened. While the extent of the damage from the April 11 sabotage remains unclear, it comes as Iran tries to negotiate with world powers over allowing the U.S. to re-enter its tattered nuclear deal and lift the economic sanctions it faces. Already, Iran has begun enriching uranium up to 60% purity in response — three times higher than ever before, though in small quantities.
Iran nuclear: State TV names suspect in Natanz attack (BBC News) State TV alleges Reza Karimi fled Iran before the blast, which damaged its Natanz nuclear plant.
Iran names suspect in Natanz attack, says he fled country (AP NEWS) Iran named a suspect Saturday in the attack on its Natanz nuclear facility that damaged centrifuges there, saying he had fled the country “hours before” the sabotage...
Did the Mossad 'shoot' and miss with Natanz sabotage? - analysis (The Jerusalem Post) After initial denials, Iran has admitted that it lost the use of thousands of centrifuges plus extensive aspects of its electricity from the April 11 incident.
Can you fight BEC popularity in Nigeria by steering youth to legitimate IT jobs? (The Record by Recorded Future) The Record interview with Ronnie Tokazowski and Manasseh "Manny" Udim about their latest endeavor -- FutureLabs, a tech hub in Nigeria, aimed at training Nigerians in IT topics so they have an opportunity for a legitimate career, rather than join cybercrime gangs.
European Data Protection Board Publishes Opinions on European Commission’s Draft UK Adequacy Decision (cyber/data/privacy insights) The European Commission published on February 19, 2021 its draft decision granting data protection adequacy status to the UK under Article 45(3) of the GDPR. Once published, the European Commission submitted the draft decision to the European Data Protection Board for its review, which has just issu
Social-Media Data Leaks Draw Scrutiny From European Regulators (Wall Street Journal) Facebook, Clubhouse and LinkedIn have stressed that recently reported data leaks involved information from public user profiles
Facebook faces ‘mass action’ lawsuit in Europe over 2019 breach (TechCrunch) Facebook is to be sued in Europe over the major leak of user data that dates back to 2019 but which only came to light recently after information on more than 533 million accounts was found posted for free download on a hacker forum. Today Digital Rights Ireland (DRI) announced it’s commencin…
FIN7 'technical guru' sentenced to 10 years in prison (CyberScoop) A U.S. federal judge on Friday sentenced Fedir Hladyr to 10 years in prison for his alleged role as an administrator of the multibillion-dollar cybercrime group known as FIN7, which has breached hundreds of U.S. firms.
Google ‘partially’ misled consumers over collecting location data, Australian court finds (the Guardian) Google collected data on some Android and Pixel phones even when customers ticked ‘No’ or ‘Do not collect’
The perils of suing crypto exchanges after ransomware attacks (Cointelegraph) AA v. Bitfinex: Cybercrime insurer throws money away in failed attempt to pursue crypto exchange over a Bitcoin ransom.
Tarn Taran man held for passing info to Pak intel agency (Hindustan Times)
Delhi Police have arrested a 35-year-old man for allegedly passing sensitive information about army deployment to a foreign intelligence agency, officials said on Saturday
Treasury Department links Paul Manafort to Kilimnik to Russian intelligence (USA TODAY) Konstantin Kilimnik, a Russian and Ukrainian consultant and associate of ex-President Donald Trump's campaign chairman, shared sensitive info with Russian intelligence services, the US says.
Duncannon recoups money lost during cyber attack (PennLive) In April 2020, Duncannon got locked out of its email and other files when a hacker locked down the computers and demanded ransom to unlock everything.