Cyber Attacks, Threats, and Vulnerabilities
Malware found on laptops given out by government (BBC News) Suspicious files contacting Russian servers are thought to have been found on devices given to schools.
Russian malware found on government-issued laptops for home schooling (Computing) Malware found to be contacting servers in Russia thought to be Gamarue.I worm
New malware on Google Play: How this app made it through Play Protect (Pradeo) We detected on Google Play a malware with 10K+ installs: Daily Food Diary. The cybercriminal who published it bypassed Play Protect by obfuscating its code
Change in Perspective on the Utility of SUNBURST-related Network Indicators (DomainTools) Since initial disclosure first by FireEye then Microsoft in mid-December 2020, additional entities from Volexity to Symantec to CrowdStrike (among others) have released further details on a campaign variously referred to as “the SolarWinds event,” “SUNBURST,” or “Solorigate.” DomainTools provided an independent analysis of network infrastructure, defensive recommendations, and possible attribution items in this time period as well.
Enterprise Credentials Publicly Exposed by Cybercriminals (SecurityWeek) Cybercriminals using phishing lures accidentally expose stolen employee credentials on the open internet.
Hackers Accidentally Expose Passwords Stolen From Businesses On the Internet (The Hacker News) Cybercriminals Mistakenly Expose Compromised Passwords On the Internet That Were Stolen During a Large-Scale Phishing Attack.
Cyber Criminals Leave Stolen Phishing Credentials in Plain Sight (Check Point Software) Introduction Cyber-crime is a complex landscape, but when it comes to actually launching cyber-attacks, there are three main techniques that criminals
The Reemergence of Ransom-based Distributed Denial of Service (RDDoS) Attacks (Lumen) These RDDoS attacks aim to exhaust all available resources of easily internet accessible networks, infrastructure or applications.
Scanning Activity Detected After Release of Exploit for Critical SAP SolMan Flaw (SecurityWeek) A researcher has released a functional PoC exploit for a SAP Solution Manager vulnerability patched in March 2020.
Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data (ZDNet) Ransomware attacks are proving more lucrative for cyber criminals as even organisations that can restore from backups are paying ransom demands to prevent further damage.
Bitcoin and Its Likely Impact on the Threat Landscape (Radware Blog) Unfortunately, the projected growth in the value of Bitcoin will likely have a devastating effect on the threat landscape.
VPNFilter Two Years Later: Routers Still Compromised (Trend Micro) We look into VPNFilter, an IoT botnet discovered over two years ago, to see why there are still routers infected by the malware and what else can be done to minimize its potential risks.
Retail and Hospitality Facing Deluge of Critical Web App Flaws (Infosecurity Magazine) Retail and Hospitality Facing Deluge of Critical Web App Flaws. Sector has one of the worst rates of high severity bugs
Beating the Knowledge Gap in ICT Supply Chain Risk (Government CIO) Officials from CISA, GSA and NIST say information sharing will be key to managing security risks in the supply chain.
QR codes – why you shouldn't get too comfortable using them (TechHQ) QR codes are back in business, driven by a need for touchless interactions between consumers and business, especially in contact tracing In the US alone,
Bugs Allowed Hackers to Hijack Kindle Accounts With Malicious Ebooks (Vice) The flaws that potentially allowed hackers to spend money using victims’ credit cards are now fixed.
New Zealand central bank postpones statistics releases after cyber hack (Yahoo Finance) New Zealand's central bank said on Friday that it will postpone publication of most of its statistical data releases for a number of weeks while it investigates a cyber attack that led to a serious breach of its data systems.
QNAP urges users to secure against Dovecat crypto-mining malware (IT PRO) The Monero-mining malware doesn't steal data but consumes large amounts of CPU and memory
Cloud Jacking: The Bold New World of Enterprise Cybersecurity (Dark Reading) Increased reliance on cloud computing puts more weight on robust authentication systems to protect data against hijackers.
WAGO M&M Software fdtCONTAINER (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.3
ATTENTION: Low skill level to exploit
Vendor: M&M Software GmbH, a subsidiary of WAGO Kontakttechnik
Equipment: fdtCONTAINER
Vulnerability: Deserialization of Untrusted Data
2. RISK EVALUATION
If an attacker can socially engineer a valid user into loading a manipulated project file, malicious code can be executed without notice.
Mitsubishi Electric MELFA (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Mitsubishi Electric
Equipment: MELFA FR, MELFA CR, MELFA ASSISTA
Vulnerability: Uncontrolled Resource Consumption
2. RISK EVALUATION
Successful exploitation of this vulnerability could cause a denial-of-service condition.
Honeywell OPC UA Tunneller (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Matrikon, a subsidiary of Honeywell
Equipment: OPC UA Tunneller
Vulnerabilities: Heap-based Buffer Overflow, Out-of-bounds Read, Improper Check for Unusual or Exceptional Conditions, Uncontrolled Resource Consumption
2.
Delta Electronics TPEditor (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low skill level to exploit
Vendor: Delta Electronics (Delta)
Equipment: TPEditor
Vulnerabilities: Untrusted Pointer Dereference, Out-of-bounds Write
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to execute code under the privileges of the application.
Delta Electronics ISPSoft (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low skill level to exploit
Vendor: Delta Electronics (Delta)
Equipment: ISPSoft
Vulnerability: Use After Free
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to execute code under the privileges of the application.
Data Of Over 3 Lakh Users Leaked From Indian Crypto Exchange BuyUCoin (Inc42 Media) Infamous hacking group ShinyHunters has leaked a 6GB data dump containing information of 3.25 lakh users of Indian crypto exchange BuyUCoin.
Password data breach 'a wake-up call' and example of 'poor practice' (DevonLive) Passwords used some of the 60 strong East Devon District Council were available to other councillors as a result of the data breach that was uncovered at the start of November 2020.
A look into the pricing of stolen identities for sale on dark web (Security Magazine) Comparitech researchers analyzed listings across 40+ dark web marketplaces gathering data on how much stolen identities, credit cards and hacked PayPal accounts are worth to cybercriminals.
Einstein Healthcare Network Announces August Breach (Threatpost) Einstein is in violation of the the HHS 60-day breach notification rule, but unlikely to face penalty.
Is Joe Biden’s Peloton a cybersecurity risk? Don’t sweat about it (Graham Cluley) Joe Biden is now the President of the United States of America, and what are the papers talking about? His internet-connected Peloton exercise bike.
Security Patches, Mitigations, and Software Updates
Drupal Updates Patch Another Vulnerability Related to Archive Files (SecurityWeek) A flaw in the Archive_Tar library could be exploited through the processing of certain archive files.
Cisco Patches Critical Vulnerabilities in SD-WAN, DNA Center, SSMS Products (SecurityWeek) Cisco has released patches for multiple critical and high-severity vulnerabilities in SD-WAN products, DNA Center, and Smart Software Manager Satellite.
Chrome 88 arrives with improved password security features, tab search, more (TechSpot) The most significant new addition to Chrome 88 relates to its password manager feature. Users are now able to check for suspect passwords by clicking on their...
Cyber Trends
New Research: No. of Records Exposed Increased 141% in 2020 (RBS) Our newly released 2020 Year End Data Breach QuickView Report, reveals that there were 3,932 publicly reported data breaches in 2020, compromising over 37 billion records.
Compared to 2019, the number of publicly reported breach events decreased by 48%. However, the total number of records compro
Breach Data Shows Attackers Switched Gears in 2020 (Dark Reading) Attackers focused more on ransomware, while the consolidation of data into large databases led to fewer reported breaches but more records leaked.
Ransomware is now the biggest cybersecurity concern for CISOs (ZDNet) Phishing, account compromise and business email compromise attacks are all worries for organisations - but it's fear of ransomware attacks that is causing the biggest concern.
Over half of UK businesses cite security concerns as biggest barrier to public cloud adoption (Centrify) Fifty-eight per cent of UK business decision makers have admitted that security remains the biggest barrier to public cloud adoption in their organisations, according to new research from Centrify, a leading provider of modern privileged access management (PAM) solutions.
Vietnam loses over US$1 billion due to cyber virus in 2020 (SGGP English Edition) In 2020, Vietnamese internet users suffered a loss ofVND24 trillion (US$1 billion ) due to cyber virus, the Bach Khoa Anti-Virus Center (Bkav) has said following a study which was carried out in December, 2020 and was released today.
US government organizations lose millions in an average network outage or data breach - Intelligent CIO North America (Intelligent CIO North America) A report from Infoblox reveals that nearly 300 US federal, state and local government IT decision-makers see dangers ahead as teams continue remote work into 2021. Infoblox, a leader in Secure Cloud-Managed Network Services, has unveiled new research into the foundational infrastructure challenges faced by networking and security decision-makers in the US government.
Marketplace
Valtix Secures Strategic Investments from Cisco Investments and TSG, Names Former Juniper and Big Switch Executive Douglas Murray CEO (PR Newswire) Valtix, the industry's first cloud-native network security platform, announced that it has secured $12.5 million in strategic funding from...
VentureIsrael Invests in Israeli Startup QuantLR, Developer of the World's Most Cost Affordable Quantum Cryptography Solution (PR Newswire) An Israeli deep tech fund VentureIsrael participated in the investment round alongside with the world's largest equity crowdfunding platform...
Cybersecurity Services Company Gigit Finalizes Second Merger (PR Newswire) Gigit, Inc. (https://gigitsecurity.com), a cybersecurity firm that ensures cybersecurity compliance and reduces cybersecurity risk through its...
Check Point invests in local cloud capabilities in A/NZ (Security Brief) As public cloud usage in Australia and New Zealand grows, the company says it will continue to invest locally to support businesses.
Object Management Group Issues Request for Information for Disposable Self-Sovereign Identity Standard (Object Management Group) Standardizing contextual, disposable self-sovereign Identities for enhanced privacy.
Referring Former President Trump’s Suspension From Facebook to the Oversight Board (About Facebook) The board was established to make the final call on some of the most difficult content decisions Facebook makes.
Twitch bans Donald Trump indefinitely while Facebook refers the case to Oversight Board (Computing) Trump cannot create another account on Twitch unless his suspension is lifted
Google Play Suspends Wimkin, Citing Posts Calling for Violence (Wall Street Journal) Takedown follows the removal of the small social-media network from Apple’s App Store last week
Amazon Awards $18,000 for Exploit Allowing Kindle E-Reader Takeover (SecurityWeek) KindleDrip exploit chain could have allowed an attacker to take complete control of a Kindle e-reader simply by knowing the targeted user’s email address.
Products, Services, and Solutions
Kroll Launches Data Privacy and Digital Trust Solutions Ahead of Data Privacy Day (Duff & Phelps) As privacy concerns evolve, Kroll augments its capabilities to protect data, value digital assets, mitigate risks and build digital trust
Gigamon ThreatINSIGHT™ Named Cyber Catalyst℠ Designated Solution to Address Top Security Risks Identified by Insurers (BusinessWire) Cyber Catalyst participating insurers rated Gigamon ThreatINSIGHT highest on the criteria of efficiency, cyber risk reduction and differentiation
Platform9 Accelerates DevOps Productivity with Latest Kubernetes Release (BusinessWire) Platform9, the first company to provide open-source SaaS managed solutions for private and edge clouds, today announced a number of new features to pr
Digital Shadows integrates with Microsoft Azure AD enabling rapid response to exposed company credentials (Security Boulevard) Leverages data set of 8 billion authentications daily to only alert organizations against ‘at risk’ username and password combinations
Tanla Platforms Teams Up With Microsoft To Launch 'Wisely' Secure Communication Solution (Moneycontrol) The Wisely network uses Microsoft Azure Kubernetes Service, Azure Cosmos DB, Azure Databricks as well as Azure PostgresSQL Database and other Azure services.
()
Technologies, Techniques, and Standards
Enduring Lessons From Securing the Election (Decipher) Securing the 2020 election was a years-long process, and former CISA Director Chris Krebs found a number of key lessons for security teams during the effort.
CISA launches ransomware education program (SC Media) The effort encourages governments, schools and private companies to take steps to protect their systems and data from ransomware.
CISA boosts anti-ransomware messaging for local government (StateScoop) The federal cybersecurity agency said the new campaign is aimed at preventing cyberattacks against K-12 school systems and organizations battling COVID-19.
Federal cyber agency announces new campaign to fight ransomware attacks (TheHill) The Cybersecurity and Infrastructure Security Agency (CISA) on Thursday rolled out a new public awareness campaign to push back against the plague of ransomware cyberattacks that have increasingly targeted governmen
Brandon Wales: CISA’s New Campaign Aims to Help Public, Private Sectors Defend Against Ransomware (GovCon Wire) The Cybersecurity and Infrastructure Security Agency has launched a campaign to promote the use of c
CISA Launches Campaign to Reduce the Risk of Ransomware (CISA) The Cybersecurity and Infrastructure Security Agency (CISA) announced the Reduce the Risk of Ransomware Campaign today, a focused, coordinated and sustained effort to encourage public and private sector organizations to implement best practices, tools and resources that can help them mitigate this cybersecurity risk and threat.
The 5G Era: Secure your Everything (Check Point Software) Supporting ten times more devices per km2 than 4G, higher capacity, faster connections, higher throughput and lower latency, the 5G cellular network is
Soon may a criminal come (@RachelTobac) To reach the ~youth~ we're going to have to make infosec sea shanties, aren't we? Guess so!
Behold the tale of kid who reuses their passwords & ends up pwn'd, then learns how to stay safe. We're on a mission to encourage unique passwords stored in a password manager with MFA on.
Design and Innovation
‘The Big Shift’: Internal Facebook Memo Tells Employees to Do Better on Privacy (Medium) Facebook VP Andrew Bosworth tells colleagues that privacy matters more than the product experience
Twitter’s decentralized social network project takes a baby step forward (The Verge) Jack Dorsey says the Bluesky standard will "take time to build."
Cypher Makes Learning Cryptography Interactive, but Not Always Fun (CBR) Cypher is a gorgeous and interesting puzzle game for anyone who is a fan of museums, but the difficulty may prove to be a barrier to entry.
Council Post: Metaethics, Meta-Intelligence And The Rise Of AI (Forbes) With every new major transformation at a societal level driven by technology, there will be new concerns and challenges.
Academia
TAG Cyber Collaborates with Kean University Center for Cybersecurity to Award Grants to Students (TAG Cyber) Partnership Reinforces TAG Cyber’s Commitment to Closing the Cybersecurity Skills Gap
Legislation, Policy, and Regulation
Russia detains Navalny aides as protests go viral (BBC News) Police hold aides to Putin critic Alexei Navalny as social media buzzes with plans for protests.
India parliament panel questions Facebook on WhatsApp's privacy terms (Reuters) Facebook executives on Thursday fielded questions from an Indian parliamentary panel about changes to WhatsApp's privacy policy, days after the country's technology ministry asked the messaging platform to withdraw them.
Biden Orders Sweeping Assessment of Russian Hacking, Even While Renewing Nuclear Treaty (New York Times) There will be no “reset” of the American relationship with Moscow, administration officials say. But in an era of constant confrontation in cyberspace, the president seeks to avoid a nuclear arms race.
The Cybersecurity 202: Not just about the nukes: Biden's opening moves with Russia elevate cybersecurity issues (Washington Post) President Biden's decision to begin his term with an order to investigate Russian hacking and election interference is a dramatic elevation of cybersecurity issues in U.S. national security policy.
Newly installed senior counterintelligence official names China as top long-term threat (Yahoo) Counterintelligence official Michael Orlando joins a growing chorus of voices on both sides of the political aisle who point to China as a major national security threat, particularly in terms of technology and cybersecurity.
Biden Prodded to Take Muscular Approach to Cybersecurity (National Defense) Officials and analysts are urging the Biden administration to be more aggressive than its predecessors in dealing with cyber threats from adversaries such as Russia and China as well as non-state actors.
#Tech2021: 10 Actionable Reforms the Biden Administration Could Take to Enhance Innovation, Strengthen Democracy (The German Marshall Fund of the United States) Based off its #Tech2021 agenda, the German Marshall Fund’s Digital New Deal project proposes ten reforms President-elect Joe Biden could implement to strengthen democracy and immediately help ordinary people and communities.
Avril Haines sworn in as DNI (Intelligence Community News) Director of National Intelligence Avril Haines took the oath of office to serve as the seventh DNI in our nation's history.
Biden taps Rosenworcel to lead FCC (Axios) Rosenworcel, a Democrat, will be tasked with implementing a new broadband subsidy program to help Americans stay connected during the pandemic.
Biden Appoints Rosenworcel As Acting FCC Chair (Law360) President Joe Biden appointed Federal Communications Commission Democrat Jessica Rosenworcel as the acting head of the agency on Thursday, elevating the eight-year commissioner who has advocated for getting more students online and restoring net neutrality rules, among other priorities.
Slaughter Named Acting FTC Chair Amid Biden Shakeup (Law360) Federal Trade Commission Democrat Rebecca Kelly Slaughter will be leading the agency on an acting basis, the commission announced Thursday, plugging the gap left by the pending exit of the agency's Republican former chief.
Biden To Keep Christopher Wray As FBI Director (Law360) President Joe Biden will keep Trump-appointed FBI Director Christopher Wray in his post, White House press secretary Jen Psaki said Thursday, signaling a return to nonpartisan norms at the law enforcement agency.
DARPA Changing Directors Again in Third Recent Shuffle (Air Force Magazine) The Biden administration is reportedly tapping Stefanie Tompkins to run the Defense Advanced Research Projects Agency.
New EDPB Guidelines on Examples Regarding Data Breach Notification (Lexology) The European Data Protection Board has recently published Guidelines on examples regarding data breach notification. They aim to help data controllers…
Google threatens to remove search in Australia if media code becomes law (CRN Australia) Law has broad political support.
Google threatens to remove its search engine from Australia if new law goes into effect (The Verge) If Australia forces it to pay for these links, Google will pull the plug
Google threatens to shut down search in Australia if digital news code goes ahead (the Guardian) Google and Facebook are fighting legislation that would force them to enter into negotiations with news media companies for payment for content
Google threatens to disable search in Australia over proposed news-payment law (NASDAQ:GOOG) (SeekingAlpha) As Google (GOOG, GOOGL) is making peace with paying news publishers in France, it's escalating the battle elsewhere.
Facebook asks Australia to let it make content deals with news outlets before being hit with media code (the Guardian) Social media giant wants a six-month grace period for proposed code it describes as ‘complex, unpredictable, and unworkable’
Google inks agreement in France on paying publishers for news reuse (TechCrunch) Google has reached an agreement with an association of French publishers over how it will be pay for reuse of snippets of their content. This is a result of application of a ‘neighbouring right’ for news which was transposed into national law following a pan-EU copyright reform agreed back in 2019.…
L’Alliance de la Presse d’Information Générale et Google France signent un accord relatif à l’utilisation des publications de presse en ligne (Le blog officiel de Google France) L’Alliance de la Presse d’Information Générale et Google annoncent aujourd’hui un accord portant sur la rémunération des droits voisins au t...
Litigation, Investigation, and Law Enforcement
“The cost of a cyberattack on businesses should be equal to revenue from its successful implementation” (Реальное время) The level of cybercrime has increased 20 times in Russia in recent years — it accounts for every seventh crime in the country. Meanwhile, it can deal no less severe blow to the economy, if not even greater, than coronacrisis, experts warn. The greatest danger is threatening businesses. According to analysts, last year 60% of medium and small businesses went bankrupt after major cyber attacks. How
Judge chides suspected Pelosi laptop thief: ‘The Constitution prevails here today’ (Washington Post) A Pennsylvania woman accused of helping to steal a laptop from House Speaker Nancy Pelosi’s office during the attack on the U.S. Capitol in Washington was ordered released from detention Thursday and placed in her mother’s custody.
Judge refuses to reinstate Parler’s Amazon account (The Verge) "Parler’s allegations at this time are both inaccurate and unsupported."
Court Orders Production of a Data Breach Forensic Report, Rejecting Arguments That Attorney-Client Privilege and Work Product Protection Apply (JD Supra) On January 12, 2021, the District Court of the District of Columbia was the latest court to grant a motion to compel production of a forensic report...
3 Ways To Shield Cyber Reports After Clark Hill Breach Ruling (Law360) Following a D.C. federal court's recent ruling in Wengui v. Clark Hill that a forensic cyberattack report was not protected work product — more restrictive than last year's Capital One decision — companies should follow new best practices for protecting reports from discoverability, say Colin Jennings and Ericka Johnson at Squire Patton.
Marriott Wins CCPA Data Breach Lawsuit (The National Law Review) Marriott recently won dismissal of a proposed class action data breach lawsuit alleging several violations, including a violation of the California Consumer Privacy Act (CCPA). The case, Arifur Rahman
State AGs Must Catch Up With DOJ Case Against Google (Law360) The state attorneys general pursuing a monopoly lawsuit against Google will have to speed up discovery after a Washington, D.C., federal judge said Thursday that a proposal to begin turning over investigative materials to the search giant in mid-March was too late to catch up with a parallel Justice Department case.
U.S. panel asks FBI to review role of Parler in Jan. 6 Capitol attack (Reuters) The House Oversight and Reform Committee on Thursday asked the FBI to investigate the role Parler, a social media website and app popular with the American far right, played a role in the violence at the U.S. Capitol.
Fertility App Shared Private Data With Chinese Cos., Suit Says (Law360) Fertility app Premom, which a bipartisan group of U.S. senators urged the Federal Trade Commission to probe last year, is facing a putative class action filed in Illinois federal court Thursday over its allegedly unauthorized sharing of Android users' personal information with at least three Chinese data collectors.
Ancestry.com 'Misunderstands' Yearbook Photo Ad Suit (Law360) Plaintiffs whose yearbook photos were used in advertisements for Ancestry.com without consent have urged a California federal judge to sustain their proposed class action, arguing that the genealogy service's reasons to dismiss the case stem from a "fundamental misunderstanding" of the claims.
No Federal Court Standing for Data Breach Claims Alleging Theft of Non-Sensitive Personal Information (Lexology) A federal court in California has ruled that the plaintiff in a putative class action alleging theft of non-sensitive personal information arising…