Attacks, Threats, and Vulnerabilities
Russia Appears to Carry Out Hack Through System Used by U.S. Aid Agency (NYTimes) Microsoft reported that it had detected the intrusion and that the same hackers behind the earlier SolarWinds attack were responsible.
Microsoft says group behind SolarWinds hack now targeting government agencies, NGOs (Reuters) The group behind the SolarWinds (SWI.N) cyber attack identified late last year is now targeting government agencies, think tanks, consultants, and non-governmental organizations, Microsoft Corp (MSFT.O) said on Thursday.
Russian hackers launch major cyberattack through U.S. aid agency’s email system, Microsoft says (CNBC) The Russian hackers thought to be behind the catastrophic SolarWinds attack last year have launched another major cyberattack, Microsoft warned.
Russia-linked SolarWinds hackers target email accounts used by State Department aid agency (USA TODAY) Hackers with suspected ties to Moscow launch new assaults on email accounts used by the State Department's international aid agency, Microsoft says.
Cozy Bear revisits one of its greatest hits, researchers say: election skulduggery (CyberScoop) It looks like the Russian government-linked hacking group Cozy Bear is back in the election trickery business. The security firm Volexity publicized a spearphishing campaign on Thursday that it identified only days ago, a scheme that uses an election fraud document as a lure.
Microsoft: SolarWinds hackers target 150 orgs with phishing (The Independent) Microsoft says the state-backed Russian cyber spies behind the SolarWinds hacking campaign launched a targeted spear-phishing assault on U.S. and foreign government agencies and think tanks this week
Another Nobelium Cyberattack (Microsoft On the Issues) This week, Microsoft observed cyberattacks by the threat actor Nobelium targeting government agencies, think tanks, consultants and non-governmental organizations. These attacks appear to be a continuation of Nobelium's intelligence gathering efforts.
Suspected APT29 Operation Launches Election Fraud Themed Phishing Campaigns (Volexity) On May 25, 2021, Volexity identified a phishing campaign targeting multiple organizations based in the United States and Europe. The following industries have been observed being targeted thus far: NGOs Research Institutions Government Agencies International Agencies. The campaign’s phishing e-mails purported to originate from the USAID government agency and contained a malicious link that resulted in an ISO file being delivered.
Chinese Cyber Espionage Actors Continue to Zero In on Pulse Secure Bugs (Decipher) Two Chinese cyberespionage groups are targeting flaws in Pulse Secure VPN devices to compromise government and private networks in the U.S. and Europe.
Researchers find four new malware tools created to exploit Pulse Secure VPN appliances (ZDNet) There are now at least 16 malware families designed to compromise Pulse Secure VPN products.
Pulse Secure VPN hacking also hit transportation, telecom firms, FireEye says (CyberScoop) A sprawling Chinese espionage operation against U.S. and European government organizations extends to additional commercial sectors than previously known and involves four new hacking tools, security firm FireEye said Thursday.
Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse
Secure VPN Devices (FireEye) We provide an update on our investigation into compromised Pulse Secure devices by suspected Chinese espionage operators.
Days before a report, Chinese hackers removed malware from infected networks (The Record by Recorded Future) Last month, security firm FireEye detected a Chinese hacking campaign that exploited a zero-day vulnerability in Pulse Secure VPN appliances to breach defense contractors and government organizations in the US and across Europe.
FBI says an APT breached a US municipal government via an unpatched Fortinet VPN (The Record by Recorded Future) The Federal Bureau of Investigation said today that foreign hackers had breached the network of a local US municipal government after exploiting vulnerabilities in an unpatched Fortinet networking appliance.
Feds Warn DarkSide May Not Stay Dark (Infosecurity Magazine) Officials warn disbanded cyber-criminal gang may return soon under a new alias
A Never-Before-Seen Wiper Malware Is Hitting Israeli Targets (Wired) The malicious code, which masquerades as ransomware, appears to come from a hacking group with ties to Iran.
The Race to Native Code Execution in Siemens PLCs (Claroty) Claroty has found a memory protection bypass vulnerability in Siemens SIMATIC S7-1200 and S7-1500 PLCs that enables native code execution.
Japanese Ministries Confirm Impact from Fujitsu Data Breach (SecurityWeek) Japan's government agencies confirm customer data was stolen from a breach at service provider Fujitsu Limited.
Government agencies’ data leaked in hack of Fujitsu system (The Asahi Shimbun) A hacking attack on users of an information-sharing tool provided by Fujitsu Ltd. accessed governmen
Engagement with Deceptive Sites on Facebook and Twitter Dropped in the First Months of 2021 (The German Marshall Fund of the United States) Engagement with content from deceptive sites on Facebook and Twitter retreated from last year’s historic highs during the first three months of 2021. On Twitter, the drop was dramatic: a 60 percent quarterly decline in shares of content from deceptive sites by “verified accounts.” On Facebook, interactions with content from deceptive sites dipped by 15 percent in the first quarter of 2021, reflecting a comparable decline in interactions with all U.S.-based sites on the platform.
Threat Thursday: Conti Ransoms Over 400 Organizations Worldwide (BlackBerry) First seen in mid-2020, Conti ransomware has made headlines around the world across multiple industries. The BlackBerry Research & Intelligence Team have witnessed attacks against manufacturing, insurance, and health care service providers across Japan, Europe, and the U.S.
Ransomware Unmasked: Dispute Reveals Ransomware TTPs (Gemini Advisory) Key Findings A recent “public” dispute on the dark web between actors affiliated with the “REvil” ransomware group and an actor offering to negotiate with victims has shed light on the rise of “ransomware consultants” and revealed the operational methods of ransomware hackers. Ransomware consultants research victims to gather intelligence […]
Vulnerabilities in Visual Studio Code Extensions Expose Developers to Attacks (SecurityWeek) Vulnerabilities in Visual Studio Code extensions could be exploited by malicious attackers to steal valuable information from developers and even compromise organizations
GroupThink: Targeting Group Emails to Bypass Scanners (Avanan) An email missed by ATP takes advantage of a group email account.
“Unpatchable” vuln in Apple’s new Mac chip – what you need to know (Naked Security) It’s all over the news! The bug you can’t fix! Fortunately, you don’t need to. We explain why.
MobileInter: A Popular Magecart Skimmer Redesigned For Your Phone (RiskIQ) To truly understand the Magecart skimming groups that have become a mainstay of the e-commerce threat landscape, you have to understand the tools of the trade. The Inter Skimmer kit is one of today's most common digital skimming solutions globally. However, a hallmark of widely used skimmers is their propensity to evolve as more actors use and tweak them to suit their unique needs and purposes.
The MobileInter Skimmer: Hosted by Google, Hiding in Images (RiskIQ) In April of 2021 a new skimmer we refer to as MobileInter was identified. This skimmer is a modified version of the Inter skimmer.
Cyber attack on Waikato DHB 'worse than COVID', significant impact on radiation patients - Cancer Society medical director (Newshub) Cancer patients have been particularly caught out.
Ireland’s Health Service Warns Staff Not to Use Work Devices (Wall Street Journal) Companies rushing to respond to a ransomware attack need to make sure their own employees don’t worsen the potential damage, cybersecurity experts say.
Costs of HSE cyber attack may exceed €100m - Reid (RTE.ie) The cost of the cyber attack on the Health Service Executive's IT systems could exceed €100 million, according to its Chief Executive Paul Red.
Ireland’s cyberattack could hamper holidays abroad (IrishCentral.com) The return of summer holidays abroad is at risk of being delayed by the cyberattack that has crippled the Irish health service for 11 days. The Health Service Executive (HSE) and the Department of Health are centrally involved in developing new IT infrastructure for introducing vaccine passports.
NASA Identified Over 6,000 Cyber Incidents in Past 4 Years (SecurityWeek) NASA says it has identified more than 6,000 cyber incidents in the past 4 years and the agency says attempts to steal critical information are increasing.
India: Bengaluru civic body shuts down portal over data breach fears (Khaleej Times) Professionals warn that it's easy for data brokers to access information by writing automated script
Local business urges caution after falling victim to cyber attack (INFORUM) With both the frequency and cost of cybercrime on the rise each year, businesses are advised to stay vigilant and informed to avoid falling victim.
Security Patches, Mitigations, and Software Updates
Siemens Addresses Code Execution Vulnerabilities Found in Popular CAD Library (SecurityWeek) Siemens has released an advisory for several remote code execution vulnerabilities in Solid Edge that are introduced by fourth-party software.
Siemens JT2Go and Teamcenter Visualization (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: JT2Go and Teamcenter Visualization
Vulnerabilities: Untrusted Pointer Dereference, Out-of-bounds Read, Stack-based Buffer Overflow
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could lead to arbitrary code execution or information leakage.
Siemens JT2Go and Teamcenter Visualization (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: JT2Go and Teamcenter Visualization
Vulnerabilities: Out-of-bounds Read, Improper Restriction of Operations within the Bounds of a Memory Buffer, Stack-based Buffer overflow, Out-of-Bounds Write, Type Confusion, Untrusted Pointer Dereference, Incorrect Type Conversion or Cast
2.
GENIVI Alliance DLT (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: GENIVI Alliance
Equipment: DLT-Daemon
Vulnerability: Heap-based Buffer Overflow
2. RISK EVALUATION
Successful exploitation of this vulnerability could lead to remote code execution or crash the application.
Johnson Controls Sensormatic Electronics VideoEdge (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls
Equipment: VideoEdge
Vulnerability: Off-by-one Error
2. RISK EVALUATION
Under specific circumstances, a local authenticated user may be able to exploit this vulnerability to gain administrative access.
MesaLabs AmegaView (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 10.0
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Mesa Labs
Equipment: AmegaView
Vulnerabilities: Command Injection, Improper Authentication, Authentication Bypass Using an Alternate Path or Channel, Improper Privilege Management
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow remote code execution or allow access to the device.
Mitsubishi Electric MELSEC iQ-R Series (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 5.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Mitsubishi Electric
Equipment: MELSEC iQ-R Series
Vulnerability: Uncontrolled Resource Consumption
2. RISK EVALUATION
Successful exploitation of this vulnerability may prevent legitimate clients from connecting to an affected product.
Mitsubishi Electric FA engineering software products (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Mitsubishi Electric
Equipment: FA engineering software products
Vulnerabilities: Heap-based Buffer Overflow, Improper Handling of Length Parameter Inconsistency
2.
Mitsubishi Electric Factory Automation Products Path Traversal (Update B) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Mitsubishi Electric
Equipment: Mitsubishi Electric, Factory Automation products
Vulnerability: Path Traversal
2.
Mitsubishi Electric Factory Automation Engineering Products (Update C) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.3
ATTENTION: Low attack complexity
Vendor: Mitsubishi Electric
Equipment: Mitsubishi Electric, Factory Automation Engineering products
Vulnerability: Unquoted Search Path or Element
2.
HPE fixes critical zero-day vulnerability disclosed in December (BleepingComputer) Hewlett Packard Enterprise (HPE) has released a security update to address a zero-day remote code execution vulnerability disclosed last year, in December.
Microsoft previews the Azure Security Center/GitHub integration (Windows Report) During the 2021 Microsoft Build tech conference, Microsoft introduced the Azure Security Center/GitHub integration preview.
Trends
The Principles and Technologies Heralding the Next Cybersecurity Revolution (Infosecurity Magazine) Next gen cybersecurity technologies will need to authenticate everything that tries to access a network
Email encryption will become de rigueur for all financial services companies as pressure from cybercrime increases, says @Origo_Services CEO (IFA Magazine) Origo CEO Anthony Rafferty (pictured) believes the ever increasing pressure from cybercriminal activity will see all financial services firms seek to reduce ris
Marketplace
After Colonial attack, energy companies rush to secure cyber insurance (Reuters) U.S. energy companies are scrambling to buy more cyber insurance after this month's attack on Colonial Pipeline (COLPI.UL) disrupted the U.S. fuel supply, but they can expect to pay more as cyber insurers plan to hike rates following a slew of ransomware attacks.
SAM Seamless Snags $20M Series B As Network Threats Grow (Crunchbase News) Israel-based SAM Seamless Network raised a $20 million Series B as the cybersecurity company readies itself for the perfect storm of an expanding network attack surface and the coming of 5G.
DataDome Raises $35 Million for Its Anti-Bot Solution (SecurityWeek) DataDome, which provides a platform designed to help organizations fight bad bots and online fraud, has raised $35 million in Series B funding.
Email Protection Firm Material Security Raises $40 Million (SecurityWeek) Email protection company Material Security this week announced that it raised $40 million in Series B funding, which brings the capital raised by the firm to date to $62 million.
Telecom Italia looking to drop Huawei from Italy 5G network: Sources (ETTelecom.com) Losing 5G work from Telecom Italia, one of Huawei's biggest clients in Europe, would be a blow to the Chinese technology giant, which has already lost..
An infamous Israeli spyware firm looks to bolster its image by scoring customers (Yahoo) NSO is reportedly considering going public with an estimated value of up to $2 billion. But serious questions remain about the firm's clientele, and how they use the information provided.
Sweden awards funding to Clavister and BAE Systems for vehicle cyber (Shephard Media) Vinnova awards Clavister and BAE Systems funding for R&D of AI and cybersecurity in combat vehicles.
KnowBe4 Named Winner of the Coveted 2021 Global InfoSec Awards (Yahoo Finance) KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced it has won the following awards from Cyber Defense Magazine (CDM), the industry's leading electronic information security magazine: Women in Cybersecurity – Anna Collard, Market Leader in Cybersecurity Training and Market Leader in Anti-Phishing.
Bishop Fox Appoints Former Cisco Executive & Security Veteran as SVP and GM of Consulting (Bishop Fox) Bishop Fox is proud to announce that former Cisco executive Patty Wright, has joined the company as senior vice president and general manager of consulting.
Products, Services, and Solutions
Global Storage Leader Seagate Licenses Karamba Security's Binary Analysis Software for its Storage Systems (GlobeNewswire) Israeli start-up Karamba Security, a technology leader in the seamless protection of IoT devices and embedded systems, today announced it has achieved a multi-year agreement with Seagate Technologies, the leader in data storage and management solutions.
Constella Intelligence Introduces Exposed Identity Score (Constella) Constella Intelligence (“Constella”), a leader in Digital Risk Protection and Threat Intelligence, today announced that the Company’s Intelligence API now includes Exposed …
Netskope Joins Microsoft Intelligent Security Association (Netskope) Expanding strategic partnership highlights Netskope solutions as among the most extensive security integrations for Microsoft environments
Roysons Taps Confluera to Secure Company's Business-Critical Infrastructure (PR Newswire) Confluera, the leading provider of next-generation cloud detection and response, announced today that Roysons, provider of unsurpassed printing...
Introducing Dynamic Feedback at Password Change (Specops Software) Specops Software announced today the latest release of Specops Password Policy, 7.6, and...
Imperva Introduces Data Privacy Solution to Help Manage Sensitive Data (Dark Reading) Imperva Sonar Platform enhanced with Data Privacy solution monitors, protects and reports on personal data across all data assets
Technologies, Techniques, and Standards
FBI to share compromised passwords with Have I Been Pwned (BleepingComputer) The FBI will soon begin to share compromised passwords with Have I Been Pwned's 'Password Pwned' service that were discovered during law enforcement investigations.
Converting Technology Language to Business Language with Cyberrisk Quantification (ISACA) Cyber risk is continuously evolving. Companies are dealing with different threat actors and events every day, which is why cyber is the fastest-growing risk for many enterprises, and why cybersecurity ranks among the top priorities for global organizations.
Questions From a Beginner Threat Hunter (Active Countermeasures) How Do I Read and Interpret Packet Captures? Packet captures, frequently referred to as “pcaps” due to the file format that is commonly […]
The Difference Between Watching Alerts and Threat Hunting (Active Countermeasures) I recently saw a query in a chat channel on our Threat Hunter Community Discord server: “I’m having trouble finding the difference between […]
Is This Thing On? (Black Hills Information Security) How to make sure your antivirus is working without any malware Michael Allen // Recently, a customer asked me if there was a way they could generate alerts from the new antivirus product they deployed without executing any actual malware on the system they were testing it on. The computer they wanted to test was an especially sensitive and business-critical system, so it was important that they perform […]
Social Media And Online Reputation (Avast) If you don’t maintain a positive personal brand, your social media content can damage your reputation.
Legislation, Policy, and Regulation
The long-term cost of cyber overreaction (Defense News) A reactive culture triggered by cyberattacks provides significant information to a probing adversary, the author argues.
U.S. Cyber Command Hunts Forward (SIGNAL Magazine) The nation’s cyber force, when called upon, deploys to other nations to protect against nefrarious adversarial behavior in the digital realm.
Recent Iranian Cyber Attacks Show How Geopolitics Drive Cyber Activity (OODA Loop) A recent report has revealed that an Iranian threat actor group dubbed “Agrius” has been operating in Israel since 2020. The group has been linked to cyber espionage activity and has quickly evolved into conducting destructive wiper malware attacks against Israeli targets. What’ more, these attacks have been posing as ransomware attacks in order to mask their true intent. This is not the group’s first foray into executing destructive attacks.
Beijing Is Trolling Biden Over Gaza (Foreign Policy) China’s wolf warrior diplomacy has discovered the Middle East, catching Washington unprepared.
Twitter Calls on Indian Government to Respect Free Speech (New York Times) After the government targeted posts criticizing its response to the coronavirus spread, Twitter said it would push back on what it called “intimidation tactics.”
Government of Canada expands work to address economic-based threats to national security (Yahoo Finance) The Government of Canada is committed to addressing new and emerging threats to national security, including those posing risks to intellectual property intensive businesses, access to innovative technologies and sensitive research, and any other economic-based threats to the safety and prosperity of Canadians.
Shock cuts at Data61 put jobs, research at risk - InnovationAus (InnovationAus) The loss of up to 70 jobs and seven research capabilities at CSIRO's Data61 is a "shock" and particularly concerning in light of the science agency's increased funding and importance to the government's digital agenda, the CSIRO Staff Association says.
Biden, Congress Face Test on Cyber Spending After Colonial Hack (Bloomberg) U.S. spending hasn’t matched rhetoric following major attacks. Recent breaches have exposed glaring holes in cyber defenses.
Tech Liability Shield Has No Place in Trade Deals, Groups Say (Bloomberg) Coalition asks Biden to eschew Section 230 language in accords. Provision in trade deals could limit U.S. policymaker options.
New FCC Rule Could Block Chinese-Made Tech From US Sales (Law360) The Federal Communications Commission will launch a proceeding next month that could result in Chinese-made telecom equipment losing access to domestic markets as part of the agency's efforts to fortify U.S. networks against foreign security threats.
DHS Cyber Order Signals Shift To ‘Mandatory Measures’ (Breaking Defense) Today's pipeline directive is likely just the next in a series of actions to shore up national cybersecurity across the private sector, especially those deemed critical infrastructure. "I know there are a number of discussions on the Hill... of a broader data breach notification," Deputy National Security Advisor Anne Neuberger said today.
U.S. pipeline operators may face fines for unreported cyberattacks (World Oil) Pipeline operators who fail to report cybersecurity attacks to the Department of Homeland Security could face fines of $7,000 a day or more under regulations being released Thursday in response to the ransomware attack that temporarily paralyzed the nation’s biggest fuel pipeline.
TSA cyber security requirements are still not addressing control system-unique issues (Control Global) The new TSA cyber security requirements developed based on the Colonial Pipeline event will require timely identification and notification of cyberattacks.
New TSA security directive is a needed shock to the system (Help Net Security) The TSA announced a Security Directive that will enable the Department to better identify, protect against, and respond to threats.
Coast Guard releases ransomware prevention, recovery and reporting requirements (Work Boat) Among the many threats and vulnerabilities that come to mind when discussing cybersecurity and risk management, one that immediately comes to mind is ransomware. Recent events have highlighted the rap
The Army is nearly tripling electronic warfare personnel (Defense News) To prepare for organizational changes, the Army plans large growth with its electronic warfare force.
An open letter to the new US cyber czar (MENAFN) To: Chris Inglis</p>
<p>From: William J Holstein and Stephen M Soble</p>
<p>Re: The national cyber security crisis</p>
<p>Congratulations on your appointment as America's first national cyber security director. We concur it was a wise choice. Your first step should be to acknowledge the scope of the challenge you face: Cybersecurity must be improved for bot
Industry urges DCSA to accelerate security clearance transformation efforts (Federal News Network) Industry and Congress say the executive branch has made real progress on the security clearance backlog in recent years, but they want to see the Defense Counterintelligence and Security Agency and…
The Cybersecurity 202: DHS nominees say they'll prioritize cybersecurity (Washington Post) Top nominees for President Biden’s Department of Homeland Security vowed to prioritize protecting critical infrastructure after SolarWinds and Colonial Pipeline cyberattacks.
GOP senators oppose Biden intelligence nominee who did legal work for Huawei (CNBC) "You can't work for Huawei and then work for the Director of National Intelligence," said Senator Ben Sasse of Nebraska.
Defense Department gets new cyber adviser (C4ISRNET) The flag officer will oversee policy implementation and personnel matters for cyber issues across the department.
Litigation, Investigation, and Law Enforcement
How international law applies to the Colonial Pipeline cyberattack| Opinion (The Tennessean) At least as far back as the turn of the century, U.S. national security and defense officials contemplated cyberattacks on our infrastructure.
U.S. Charges 22 in Stolen Payment Cards Crackdown (SecurityWeek) The U.S. Justice Department announces indictments against 22 charged with purchasing and using stolen payment cards.
Legality of collecting faces online challenged (BBC News) Clearview AI has a huge database of three billion images collected from the web.
WhatsApp challenges govt: Breaking end-to-end encryption will lead to security issues but timing of petition circumspect (Free Press Journal)
WhatsApp sues GoI: Why traceability undermines encryption and puts us all at risk (Firstpost Tech2) Weakening encrypted systems to prevent crime is akin to solving one problem by creating a thousand more.
Prosecutors Investigating Whether Ukrainians Meddled in 2020 Election (New York Times) The Brooklyn federal inquiry has examined whether former and current Ukrainian officials tried to interfere in the election, including funneling misleading information through Rudolph W. Giuliani.
'FIND THIS F[**]K:' Inside Citizen’s Dangerous Effort to Cash In On Vigilantism (Vice) Internal documents, messages, and roadmaps show how crime app Citizen is pushing the boundary of what a private, app-enabled vigilante force may be capable of.