Pinellas County, Florida: the latest on the water treatment attack.
Feds’ Water Hack Lesson: ‘End of Life’ Systems Invite Intrusions (Meritalk) What’s the biggest lesson to be learned from the recent thwarting of an attempt by cyber criminals to poison the water supply in Oldsmar, Fla.?
According to the Cybersecurity and Infrastructure Security Agency (CISA), the hackers likely took advantage of an outdated operating system to gain access, and the agency said “continuing to use any operating system within an enterprise beyond the end of life status may provide cyber criminals access into computer systems.”
FBI document warns Vermont water treatment facilities after Florida cyberattack (Saint Albans Messenger) A four-page FBI document distributed to water treatment officials in Franklin County and across the state Friday lays out steps to avoid cyberattacks such as the one that happened in
Cyber Attacks, Threats, and Vulnerabilities
AppleJeus: Analysis of North Korea’s Cryptocurrency Malware (CISA) This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques.
Centreon says only 15 entitites were targeted in recent Russian hacking spree (ZDNet) Hacked companies were using very outdated versions of Centreon's open-source IT monitoring software.
France links Russian Sandworm hackers to hosting provider attacks (BleepingComputer) The French national cyber-security agency has linked a series of attacks that resulted in the breach of multiple French IT providers over a span of four years to the Russian-backed Sandworm hacking group.
France Says Multiyear Hack Similar to Russian Attacks (Bloomberg) ANSSI warns of backdoor attack of Centreon’s software. Campaign has ‘several similarities’ to Sandworm: ANSSI
Attacks targeting IT firms stir concern, controversy (WeLiveSecurity) France's national cybersecurity agency ANSSI has revealed details about a campaign targeting IT firms that run the Centreon IT resource monitoring tool.
SolarWinds: Microsoft Reveals New Details About Sophisticated Mega-Breach (Forbes) Details about the SolarWinds hack continue to emerge months after the supply chain mega-breach was first discovered late last year. The latest revelations come from Microsoft, which is calling the cyber-attack the most sophisticated of all time.
SolarWinds Hack and the Case of DNS Security (Akamai) It's not news that some of the top government agencies and companies in the world were victims of the SolarWinds attack.
Former top cybersecurity official on why U.S. intelligence missed Russia's SolarWinds hack (CBS News) American intelligence agencies are still trying to understand and stop the most sophisticated cybersecurity breach in U.S. history. Former Director of the Cybersecurity and Infrastructure Security Agency Chris Krebs, who served under President Trump, joined "CBS This Morning" to discuss the implications of the SolarWinds hack, and why U.S. intelligence missed the attack that affected several government agencies.
Bloomberg's 'big hack' sequel only raises more questions (Fortune) Where are all the spy chips?
South Korea Claims North Korea Tried Hacking Pfizer (GovInfo Security) South Korean intelligence officials allege that North Korean hackers attempted to steal COVID-19 vaccine and treatment data by hacking the U.S. pharmaceutical firm
North Korea accused of Pfizer Covid vaccine cyber attack (ComputerWeekly.com) South Korean intelligence pins a recent attack on Pfizer, targeting information on coronavirus vaccines, on its neighbour.
Flaw in popular video software Agora could have let eavesdroppers in on private calls (CyberScoop) An error in a video calling software development kit could have allowed hackers to spy on private video and audio calls, according to McAfee.
SHAREit Flaw Could Lead to Remote Code Execution (Trend Micro) We discovered vulnerabilities in the SHAREit application. The vulns can be abused to leak a user’s sensitive data, execute arbitrary code, and possibly lead to remote code execution. The app has over 1 billion downloads.
Security bugs left unpatched in Android app with one billion downloads (ZDNet) The vulnerabilities impact SHAREit, an app used for sharing files between users and their devices.
Sophos Publishes 3-Part Series on the Realities of Conti Ransomware (Bloomberg) Research Details the Day-by-Day Unfolding of a Human-Operated Conti Attack Using Fileless Ransomware, Background on the Ransomware’s Behaviors, and Defender Advice
Malvertiser “ScamClub” Bypasses Iframe Sandboxing With postMessage() Shenanigans [CVE-2021–1801] (Confiant) This blog post is about the mechanics of a long tail iframe sandbox bypass found in a payload belonging to the persistent malvertising…
Python wheel-jacking in supply chain attacks (VDOO) In this blog post we explore the recent novel supply chain attack published by security researcher Alex Birsan and discuss python wheel-jacking.
Malvertisers exploited browser zero-day to redirect users to scams (BleepingComputer) The ScamClub malvertising group used a zero-day vulnerability in the WebKit web browser engine to push payloads that redirected to gift card scams.
SolarWinds Cyber Intel Analysis Part 2: A Look at Additional CISA-Published IoCs (CircleID) A few weeks back, we added unpublicized artifacts to the list of indicators of compromise (IoCs) published by both FireEye and Open Source Context back in December 2020. Some would have thought that would put a stop to the havoc the SolarWinds threat actors have been wreaking, but the group targeted Malwarebytes just recently according to a company report.
NY Regulator Warns Of 'Widespread' Data Breach Campaign (Law360) The New York State Department of Financial Services urged insurers Tuesday to secure customers' non-public data and to report any potential data breaches, warning that it is monitoring a "widespread cybercrime campaign" criminals are using to hack data and use it to illegally obtain funding reserved for COVID-19 relief.
Misconfigured Baby Monitors Allow Unauthorized Viewing (Threatpost) Hundreds of thousands of individuals are potentially affected by this vulnerability.
NHS Phishing Scam Promises #COVID19 Vaccine (Infosecurity Magazine) Threat actor ups email volumes 350%, according to Mimecast
Hacker Claims to Have Stolen Files Belonging to Prominent Law Firm Jones Day (Wall Street Journal) Jones Day has many prominent clients, including former President Donald Trump and major corporations.
BREAKING: Jones Day Data Stolen In Third-Party Vendor Data Breach (Law360) Hackers have stolen documents from Jones Day as part of a cyberattack into a third-party vendor that the BigLaw giant uses to transfer files, the firm confirmed Tuesday.
Data breach detected at local medical practice (This Is Reno) Reno medical practice Gastroenterology Consultants is investigating an internal network and data breach that occurred Dec. 8, 2020.
Hoffman Construction shores up its defense systems after employee healthcare data breach (The Daily Swig) Workers warned after healthcare plan data is potentially exposed
Singapore's leading telco hit by cybersecurity incident (Includes interview) (Digital Journal) A major telecoms company has announced that a supply chain attack may have led to the compromise its customer data. The attack has impacted Singtel and a FTA (File Transfer Appliance) was compromised by unknown hackers.
About 129,000 Singtel customers' personal information, including NRIC details, stolen in data breach (CNA) Personal information of about 129,000 Singtel customers was stolen after a recent data breach of a third-party file sharing system, the ...
AT&T Phishing Scam Hits Region (WLDS) A phishing scam over text message has hit Morgan County. A text message scam posing as a free text message from AT&T saying that you’re a winner in a contest in another state with a link …
Chatham County rejects $2.4M cyberattack ransom. Sensitive files posted to Internet (News & Observer) An investigation into October’s cyber attack on Chatham County’s computer network has uncovered personal information posted for sale on the “dark web.”
CPCC shutdown from ransomware attack continues into 2nd week (Charlotte Observer) The ransomware attack and subsequent technology disruption at Central Piedmont Community College continued into a second week of canceled online classes and offline email and phone systems.
Privacy Incident | Sutter Buttes Imaging Medical Group, Inc. (Sutter Buttes Imaging Medical Group, Inc.) We are providing these FAQs in accordance with the substitute breach notification provisions of the Health Insurance Portability and Accountability Act (“HIPAA”).
Open Design Alliance Drawings SDK (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low skill level to exploit
Vendor: Open Design Alliance
Equipment: Drawings SDK
Vulnerabilities: Stack-based Buffer Overflow, Type Confusion, Untrusted Pointer Dereference, Incorrect Type Conversion or Cast, Memory Allocation with Excessive Size Value
Rockwell Automation Allen-Bradley Micrologix 1100 (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Rockwell Automation
Equipment: Allen-Bradley MicroLogix 1100
Vulnerability: Improper Handling of Length Parameter Inconsistency
2. RISK EVALUATION
Successful exploitation of this vulnerability could result in denial-of-service conditions.
WAGO M&M Software fdtCONTAINER (Update B) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.3
ATTENTION: Low skill level to exploit
Vendor: M&M Software GmbH, a subsidiary of WAGO Kontakttechnik
Vulnerability: Deserialization of Untrusted Data
Hamilton-T1 (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 4.3
ATTENTION: Low skill level to exploit
Vendor: Hamilton Medical AG
Vulnerabilities: Use of Hard-coded Credentials, Missing XML Validation
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow attackers with physical access to the device to obtain sensitive information or crash the device being accessed.
Signs of A Stalker: Are You Being Followed? (Eye On Annapolis) Many times, people have the feeling that they’re being stalked, and in many instances they’re 100% right. The reason is that the statistics support their fear and concerns: according to the National Intimate Partner and Sexual Violence Survey, 18.3 million women are victims of stalking at some point during their lifetime. That’s over 15% of the […]
Security Patches, Mitigations, and Software Updates
Microsoft Pulls Bad Windows Update That Caused Patch Tuesday Headaches (Threatpost) Microsoft released a new servicing stack update (KB5001078) after an older one caused problems for Windows users installing Patch Tuesday security updates.
SQLite patches use-after-free bug that left apps open to code execution, denial-of-service exploits (The Daily Swig) More than one trillion SQLite databases potentially active in myriad operating systems, browsers, and applications
FireEye Report: Fear of Missing Incidents Is a 'Real' Problem for MSSPs (MSSP Alert) MSSP security analysts & managers increasingly face fear of missing incidents (FOMI) & alert fatigue, FireEye research finds.
Data breaches lead to loss of trust – and business (iTWire) Identity provider Okta's research shows a data breach could dislodge nearly half of a company's customer base. Okta's latest Digital Trust Index reports that 49% of Australian respondents say they would permanently stop using a company's services following a data breach. And 14% say...
DDoS Attacks Wane in Q4 Amid Cryptomining Resurgence (Threatpost) The volume of attacks fell 31 percent in the last part of 2020, as Bitcoin values skyrocketed. But there were still several notable trends, such as a rise in Linux botnets.
Ransomware gangs are running riot – paying them off doesn't help (The Conversation) Ransomware is quietly developing into one of the most disruptive – and lucrative – forms of cybercrime.
Bitglass 2021 Healthcare Breach Report: Over 26 Million People Affected in Healthcare Breaches Last Year (BusinessWire) Bitglass, the Total Cloud Security Company, today announced the release of its seventh annual Healthcare Breach Report. Each year, Bitglass analyzes d
The CISO’s New Dawn (F-Secure) Our report, The CISO’s New Dawn, drew on the collective experiences of 28 CISOs. This chapter uncovers how their roles have changed over the last 12-18 months.
Shields up: surprises are the new normal (Security Brief) Mimecast Connect: The what's what of cybersecurity in 2021.
Lloyd's Warns Insurers Over Cost Of Major Cyberattack (Law360) Insurers should be more aware of the threat that a cyberattack on manufacturing or energy industries could also trigger major physical damage, Lloyd's of London said Tuesday.
1Kosmos Secures $15 Million in Series A Funding from ForgePoint Capital (BusinessWire) 1Kosmos, the only cybersecurity solution to provide digital identity proofing and passwordless authentication, announced a $15 million investment from
Applied Insight acquires Maryland intel cyber firm (Washington Business Journal) Applied Insight LLC expanded its cybersecurity and IT offerings in the intelligence sector, acquiring Hanover, Maryland-based cyber firm Bridges Inc. in a deal announced Wednesday.
Cyren Announces Closing of $13.8 Million Registered Direct Offering (Yahoo) Cyren Ltd. (NASDAQ:CYRN), a provider of email security and threat intelligence solutions, today announced the completion of its previously announced registered direct offering of 12,000,000 of its ordinary shares at a purchase price of $1.
Red Canary Closes $81 Million Financing to Meet Increasing Demand for Security Operations Software-as-a-Service (GlobeNewswire) Summit Partners, Noro-Moseley Partners and Access Venture Partners Increase their Investment in Red Canary
Investment of $58M Endorses vArmour as Leader in Accelerating Application Relationship Management Market (GlobeNewswire) AllegisCyber Capital and NightDragon lead round to validate market demand for relationship-based application security
WATCH: CISA's Former Assistant Director for Cyber Bryan S. Ware Launches Next5 Tech Company (WashingtonExec) https://youtu.be/TvhOca7gh1U Bryan S. Ware, president of Next5 and former assistant director for cybersecurity for the Department of Homeland
Meet The Founder Who Is Safeguarding The Industrial Enterprise From Hackers (Forbes) When a hacker tried to poison Tampa-area's water with lye last week, the US was exposed to the harsh reality of interconnectivity. As a record number of companies embark on digital transformation journeys to embrace Industry 4.0, they are leveraging Dragos for industrial strength cybersecurity.
Palantir details new phase of federal strategy (Washington Technology) Palantir was not shy in its ambition to take on traditional competitors and wrestle away market share in the government market, but the next phase of the software company's federal strategy will see more teamwork with others.
Claroty report reveals increase in industrial control system vulnerabilities in 2H20 (Back End News) Throughout the second half of 2020 (2H20), 71% of industrial control system (ICS) vulnerabilities disclosed were remotely exploitable through network attack vectors, according to the second Biannua…
XM Cyber Reports Strong 2021 Momentum Marked by Remarkable Growth and Key Leadership Appointments (PR Newswire) XM Cyber, the multi-award-winning leader in Attack-Centric Risk Exposure Prioritization, today announced a successful 2020, achieving over 160%...
Cyware Announces Triple-digit Growth for 2020 (PR Newswire) Cyware, the industry's only Virtual Cyber Fusion Center Platform provider, featuring next-generation security automation, orchestration and...
Saltworks Records 70% Revenue and 23% Employee Growth in 2020; Adds Customers, Partners, SaltMiner Features Amidst Pandemic (BusinessWire) AppSec company Saltworks records 70% revenue and 23% employee growth, adds customers, partners and SaltMinter features in 2020.
Quad9 moves to Switzerland (SWITCH) Quad9 is the first DNS security solution to extend GDPR privacy protections to internet users worldwide.Quad9 is the first DNS security solution to extend GDPR privacy protections to internet users worldwide.
Leading privacy lawyer Vivek Mohan joins Mayer Brown in Northern California (Security Magazine) Privacy lawyer Vivek Mohan has joined Mayer Brown as a partner in the Cybersecurity & Data Privacy practice in Northern California. Mr. Mohan joins from Apple Inc., where he served as a senior attorney on the company’s global privacy law & policy team and as head of information security law.
Reston cybersecurity firm names CFO (Virginia Business) Reston-based LookingGlass Cyber Solutions Inc. announced last week it has hired Dana Mariano as its chief financial officer. With more than 20 years of cybersecurity experience, Mariano has overseen acquisitions of three early-stage tech companies to public entities, including Invincea to Sophos; NetWitness to RSA Security; and CareFusion to CardinalHealth. “As we prepare for LookingGlass’s…
Military Intelligence Leader Lt. Gen. James Clapper Joins LookingGlass Advisory Board (StreetInsider.com) LookingGlass Cyber Solutions, a leader in operationalizing threat intelligence, announced the appointment today of Lt. Gen. James Clapper to its Advisory Board. Clapper served from 2010 2017 as the...
Products, Services, and Solutions
Amid Growing Ransomware Threats, Index Engines Releases Developer Kit for Integration of Data Integrity Software CyberSense (BusinessWire) Index Engines released an API-based developer’s kit to support the integration of its industry-leading CyberSense software’s analytics and reporting i
BlackBerry Jarvis Named “Best In Breed” Tool to Protect Mission Critical Software Supply Chains (BlackBerry) BlackBerry today announced that BlackBerry® Jarvis™, a software composition analysis tool, has been recognized as “Best in Breed” by an Internal Research & Development project (IRAD).
Optiv Announces Cybersecurity Maturity Model Certification (CMMC) Solution to Guide Organizations Through Federal Regulations (Optiv) Optiv’s Cybersecurity Maturity Model Certification (CMMC) capabilities help clients navigate new DOD regulations.
Wickr Announces General Availability of Global Federation (Enterprise Security Magazine) With the Global Federation, all Wicker users through RAM, Corporate, and Free Pro and Me offerings will now intercom with state-of-the-art end-to-end...
LastPass free restricts users to one device type in March (9to5Google) Starting in March 2021, LastPass will restrict its free users to either smartphones/tablets or computers unless they pay for premium.
Palo Alto Networks Pushes SASE Security to Non-Web Apps (SDxCentral) Palo Alto Networks updated its Prisma Access SASE platform with several new capabilities including better protection for non-web apps.
Swish Data Achieves the Open Trusted Technology Provider™ Standard Certification (InsideNoVa) Today, Swish Data Corporation (Swish), a trusted Service-Disabled Veteran-Owned and HUBZone-certified small business provider of technology solutions and engineering services to the U.S.
Radware Chosen by Atman for DDoS Protection (GlobeNewswire) Radware DefensePro® Protects Atman’s Infrastructure, Provides DDoS-as-a-Service to its Customers
Protegrity Launches Partner Network to Secure Global Innovation in AI, Analytics, and Cloud (BusinessWire) Protegrity, a global leader in data security, today launched the Protegrity Partner Network, which empowers technology organizations, systems integrat
Finance Organization - Certero (Certero) Like many large organizations, the customer had a lengthy contract history with Oracle, which included many clauses specific to the business and was only understood by a single individual that had looked after the contract long-term.
Sumo Logic Helps Fintechs Modernize Banking with Continuous Intelligence (GlobeNewswire) New Companies Using Sumo Logic Across Security and Operations for Data-driven Business Decisions Including Currencycloud, MoonPay, Paidy, Snoop and More
Technologies, Techniques, and Standards
NIST finalizes cybersecurity guidance for positioning, navigation and timing systems (Security Magazine) As part of an effort to help users apply its well-known Cybersecurity Framework (CSF) as broadly and effectively as possible, the National Institute of Standards and Technology (NIST) has released finalized cybersecurity guidance for positioning, navigation and timing (PNT) services.
PIR Launches New Institute to Combat DNS Abuse (PR Newswire) Public Interest Registry, the People behind .ORG, today launched the DNS Abuse Institute as part of its ongoing efforts to protect Internet...
Center for Internet Security Funds No-Cost Service to Help Protect all U.S. Private Hospitals Against Ransomware (PR Newswire) The Center for Internet Security, Inc. (CIS®) is launching a no-cost ransomware protection service, Malicious Domain Blocking and Reporting...
Improving Cyber Insurance Practice Should Be a Company’s Priority (cyber/data/privacy insights) The New York State Department of Financial Services recently issued guidance for New York-regulated property and casualty insurers to effectively manage the cyber insurance risk present in their insurance portfolio. The DFS’ guidance signals an effort to reduce overall volatility in the cyber insura
When to Engage a Red Team (Bishop Fox) Engage with a Red Team to uncover business risks and vulnerabilities, improve your defenses and security, and strategize and protect your environment.
Agnostic Intelligence: Actioning The Insights That Matter (Cyber Security Hub) The discipline is not called Threat Raw Data, it’s called Threat Intelligence. The job of any intelligence professional is to simplify things, to narrow the scope. Hear lessons learned and a path forward for threat intelligence at the upcoming Threat Intelligence Americas Summit March 16-17.
Are law firms being proactive enough when it comes to cyber security? (ResponseSource Press Release Wire) 5 steps to getting started Lockdown working has exposed the gaps in cyber security practices in many law firms. With hackers looking for a pay day, it’s never too late to become cyber proactive. Gu...
Design and Innovation
Shift2Rail’s ‘4SECURail’ completes initial work on projects towards tightening cyber security and improving signalling systems across European railways (IT News) The two Shift2Rail’s 4SECURail workstreams have reached their mid-term objectives for the design of a Computer Security Incident Response Team (CSIRT) for joint EU-Rail cyber security, and a Formal Methods Demonstrator for improved Railway Signalling Systems.
Insect brains will teach us how to make truly intelligent robots (New Scientist) We need a revolution in artificial intelligence and learning from insects will help us achieve it, says James Marshall
Research and Development
Who Should Stop Unethical A.I.? (The New Yorker) At artificial-intelligence conferences, researchers are increasingly alarmed by what they see.
Mitre and Purdue University team up to push big ideas in cyber and tech (SC Magazine) Mitre and Purdue University in Indiana are joining forces to launch a new initiative that will focus on developing innovative research in a wide variety of technology and cybersecurity areas.
Legislation, Policy, and Regulation
Myanmar's proposed cybersecurity Bill draws wide condemnation (ZDNet) Sent to internet service providers for feedback just days after the February 1 military coup, the draft security laws have been described as draconian -- giving the government sweeping powers to access user data -- and can undermine Myanmar's offshore data services.
Why Russia Is Terrified of SpaceX -- and Starlink (The Motley Fool) If you try to use Starlink in Russia, expect to pay a big fine.
Biden administration won't rule out retaliation for rocket attack in Iraq (CNBC) The White House, State Department and Department of Defense left the door open to a response to the deadly rocket attack in Iraq.
U.S., Kurds Blame Iran for Deadly Irbil Attack Despite Tehran’s Denials: Sources (US News and World Report) Tehran on Tuesday denied any involvement in the deadly attack on an airport housing U.S. forces in northern Iraq, despite a new assessment from U.S. and Kurdish authorities.
U.S.'s Blinken: 'The path to diplomacy is open right now' with Iran (Reuters) U.S. Secretary of State Antony Blinken said on Tuesday "the path to diplomacy is open right now" with Iran over its 2015 nuclear deal but would not address whether the Biden administration has had any direct engagement with Iranian officials.
Huawei will not be excluded from 5G network in Dominican Republic (Gizmo China) The Government of the Dominican Republic has announced that it would be excluding Huawei from 5G networks in the country. The announcement was made through the Dominican Institute of Telecommunications (INDOTEL).
Biden Assesses US Policies on China Cybersecurity Issues (BankInfo Security) The Biden administration is reviewing former President Donald Trump's policies addressing potential national security and cybersecurity concerns about Chinese-owned
Biden Builds Out China Team With Staff Who Reflect Tougher Tone (Bloomberg) Hart picked to help review ‘Clean Network’ tech initiative. Other officials include Pentagon’s Ratner, NSC’s Rosenberg.
Brussels on the verge of issuing a positive data adequacy decision for UK (Computing) The European Commission could announce the decision as early as this week
The Cybersecurity 202: A top official urged Congress to guarantee election security funding (Washington Post) A top official urged Congress yesterday to ensure dependable funding for the Election Assistance Commission, an independent government body that allocate grants for states to improve their election security.
Tim Maurer takes front office DHS cybersecurity job advising Mayorkas (CyberScoop) Tim Maurer, director of the Cyber Policy Initiative at the Carnegie Endowment for International Peace, is joining the Department of Homeland Security as a senior political appointee in the role of senior counselor for cybersecurity to Secretary Alejandro Mayorkas, two sources familiar with the move told CyberScoop.
Virginia Expected to Become the Second State to Pass a CCPA (Inside ARM) Virginia Expected to Become the Second State to Pass a CCPA
Litigation, Investigation, and Law Enforcement
Investigation launched following data breach of more than 150 NHS Lothian medical records (HeraldScotland) Police Scotland has launched an investigation after more than 150 NHS workers had their medical records breached.
Rights groups seek ban on biometric surveillance (Computing) 'Biometric mass surveillance brings Internet-style omnipresent tracking to the offline world' say campaigners
Google reports a record number of requests to disclose user information in 2020 H1 (Atlas VPN) Recent findings by Atlas VPN reveal that these requests have been steadily growing in the past five years. In the first half of 2020, Google reported a record number of applications for the disclosure of user information.
The Eleventh U.S. Circuit Wades into the Data-Breach-Standing Debate (JD Supra) Last week, in a 26-page opinion, the 11th U.S. Circuit Court of Appeals weighed in on two questions crucial to the viability of privacy and data...
TikTok targeted over 'misleading' privacy practices and 'ambiguous' terms in Europe (Fortune) EU consumer watchdogs are taking on the Chinese social media phenomenon.