Pinellas County, Florida: the latest on the water treatment attack.
Duck River washes away fears of cyber attack (Tullahoma News) Tullahoma water customers should not fear a cyber attack, according to Duck River Utility Commission officials.
Cyber Attacks, Threats, and Vulnerabilities
Iran using Dutch data center for espionage: report (Netherlands Times) Security company Bitdefender and radio program Argos identified a server in a data center near Haarlem that they believe is being used by Iran to spy on political opponents, Rik Delhaas of Argos said to NOS.
Iranian APT campaign hosted in Dutch data centers (Data Center Dynamics) Command & Control infrastructure for one of two malware strains found in Amsterdam, second yet to be found
Norway’s 11179 billion NOK wealth fund affected by the SolarWinds hack (Dagens Naeringsliv) Norway’s sovereign wealth fund, The Government Pension Fund, confirms that it has been affected by the SolarWinds hacking scandal. Countermeasures were only initiated five months after the installation of the poisoned update.
SolarWinds hackers studied Microsoft source code for authentication and email (Reuters) The hackers behind the worst intrusion of U.S. government agencies in years won access to Microsoft's secret source code for authenticating customers, potentially aiding one of their main attack methods.
Microsoft says SolarWinds hackers downloaded some Azure, Exchange, and Intune source code (ZDNet) Microsoft says it has completed its investigation into its SolarWinds-related breach.
Microsoft Concludes Internal Investigation into Solorigate Breach (Dark Reading) The software giant found no evidence that attackers gained extensive access to services or customer data.
SolarWinds fallout has enterprise CISOs on edge (SearchSecurity) As the massive SolarWinds hack continues to unfold, security executives are weighing the serious implications for the enterprise. Explore how the SolarWinds fallout has heightened CISOs' digital supply chain worries.
What financial services should learn from the SolarWinds cyber attack (Consultancy) The SolarWinds cyber-attack includes some important lessons for financial services institutions of all sizes, explains Neal Semikin, the Chief Information Security Officer of The 324 Consultancy.
Cyber Privateering Complicates Attack Attribution (Security Boulevard) The injection of sophisticated malware into SolarWinds software was attributed to Russian Intelligence. An unrelated attack, made possible by exploiting a vulnerability in SolarWinds software, is being attributed to Chinese hackers. Periodically, other breaches are attributed to North Korean and Iranian hackers. However, nations do not often admit to being behind hacking activities.
US shares info on North Korean malware used to steal cryptocurrency (BleepingComputer) The FBI, CISA, and US Department of Treasury shared detailed info on malicious and fake crypto-trading applications used by North Korean-backed state hackers to steal cryptocurrency from individuals and companies worldwide in a joint advisory published on Wednesday.
First native malware aimed at M1 Macs spotted by researcher (iTWire) Hardly three months after a series of Mac computers, powered by new M1 chips, was launched, a security researcher has discovered malware written specifically for this platform. Researcher Patrick Wardle said he had searched through the VirusTotal database and identified a macOS program that was writ...
Malware authors already taking aim at Apple M1 Macs (WeLiveSecurity) The first instance of malware native to Apple Silicon M1 Macs emerged a month after the release of devices equipped with the Apple’s in-house CPUs.
()
Data theft using Google Apps Script (Sansec) The Google business application platform Apps Script is used to funnel stolen personal data, Sansec learned. Attackers use the reputation of the trusted Google domain script.google.com to evade malware scanners and trust controls like CSP.
New browser-tracking hack works even when you flush caches or go incognito (Ars Technica) At least 4 top browsers affected by "powerful tracking vector," researchers say.
New Phishing Attack Identified: Malformed URL Prefixes (GreatHorn) The GreatHorn Threat Intelligence Team has identified a new email attack trend, where cybercriminals are able to bypass traditional URL defenses to attack end users. Read how phishing attackers are using http:/\ in their URL prefix.
Hack of Software Provider Accellion Sets Off Global Ripple Effects (Wall Street Journal) The hack of software provider Accellion has renewed security experts’ fears of attacks on suppliers and highlighted the difficulty of defending against them in real time.
US cities disclose data breaches after vendor's ransomware attack (BleepingComputer) A ransomware attack against the widely used payment processor ATFS has sparked data breach notifications from numerous cities and agencies within California and Washington.
California DMV warns of data breach after a contractor was hit by ransomware (TechCrunch) The state has more than 35 million registered vehicles.
More Governmental Failure: Personal Information Of California Drivers Compromised In Data Breach (KABC) The California DMV is reporting the personal information of some drivers may have been leaked.
Is Your CU Ready for the ‘Cyber-demic,’ a Dangerous Fallout of the Pandemic? | Credit Union Times (Credit Union Times) Hackers are leveraging COVID-19 to steal, sell and damage your members' identities like never before.
Dubuque medical provider alerts patients of potential data breach; up to 34,000 affected (Telegraph Herald) A Dubuque-based medical provider is alerting patients of a potential data breach.
RMIT University IT system hit by suspected phishing scam (ABC) RMIT University suspends online and in-person classes today after suffering an IT outage that one government source has described to the ABC as a significant cyber attack.
Affected by the Singtel vendor data breach? Here are 6 things you need to know (CNA) The personal information of nearly 130,000 Singtel customers, including their NRIC details, was stolen after a vendor's file sharing ...
New Report: Top OT/IoT Security Threats and Vulnerabilities (Nozomi Networks) As we head into 2021, many organizations have been transforming their business offerings and operations to survive in the “new normal” economy.
Mitsubishi Electric MELSEC iQ-R Series (Update B) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.6
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Mitsubishi Electric
Equipment: MELSEC iQ-R Series
Vulnerability: Uncontrolled Resource Consumption
2.
Schneider Electric EcoStruxure Power Build-Rapsody (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low skill level to exploit
Vendor: Schneider Electric
Equipment: EcoStruxure Power Build-Rapsody
Vulnerability: Unrestricted Upload of File with Dangerous Type
2.
Multiple Embedded TCP/IP Stacks (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Multiple
Equipment: Nut/Net, CycloneTCP, NDKTCPIP, FNET, uIP-Contiki-OS, uC/TCP-IP, uIP-Contiki-NG, uIP, picoTCP-NG, picoTCP, MPLAB Net, Nucleus NET, Nucleus ReadyStart
Vulnerabilities: Use of Insufficiently Random Values
CISA is aware of a public report, known as “NUMBER:JACK” that details vulnerabilities found in multiple open-source and proprietary TCP/IP stacks. CISA is issuing this advisory to provide early notice of the reported vulnerabilities and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.
The various open-source stacks may be implemented in forked repositories.
Mitsubishi Electric FA engineering software products (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Mitsubishi Electric
Equipment: FA engineering software products
Vulnerabilities: Heap-based Buffer Overflow, Improper Handling of Length Parameter Inconsistency
2. RISK EVALUATION
Successful exploitation of these vulnerabilities may cause a denial-of-service condition.
Johnson Controls Metasys Reporting Engine (MRE) Web Services (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Johnson Controls
Equipment: Metasys Reporting Engine (MRE) Web Services
Vulnerability: Path Traversal
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to access and download arbitrary files from the system.
Security Patches, Mitigations, and Software Updates
Microsoft pulls a second Windows SSU for blocking security updates (BleepingComputer) Microsoft has pulled KB4601390, another buggy Windows 10 servicing stack update (SSU), because it blocked customers from installing this month's security and Cumulative Updates.
Cyber Trends
Account Takeover 2021 Annual Report: Prevalence, Awareness and Prevention (Security.org) Account takeover is a type of cybercrime where a user accesses someone else’s online account by obtaining their credentials. Since the COVID-19 pandemic, cybercrime has increased significantly, including account takeovers. This report examines account takeover prevalence, awareness and prevention based on research conducted by Security.org and data from cybersecurity firm Deduce. Here are our key … Continued
Priority One Report - A New Decade in Crowdsourced Security (Bugcrowd) Upheaval, uncertainty, and change defined 2020 in the cybersecurity sector and beyond. As the pandemic wreaked havoc on the global economy, malicious actors sought to capitalize on the circumstances.
5 trends that will define endpoint management in 2021 and beyond (ManageEngine Blog) 2020 was a year of tremendous dejection and disruption. Imagine if you had told your organization’s upper management that they had to switch their 10,000...
KnowBe4 Research: 76% of staff are likely to reuse passwords (Intelligent CIO Africa) In a recent study by KnowBe4 Research, only 24% of employees save their passwords. This suggest that many employees reuse their passwords. “Using the same, simple password at multiple locations makes you easier prey for hackers”, warned Kai Roer, Managing Director, KnowBe4 Research. KnowBe4 Research evaluates organisations’ security culture and has analysed the responses of […]
For criminals, cyberinfrastructure is akin to a cash-filled vault (CyberNews) Billions of dollars lie behind cyberinfrastructure. There is no reason for a wave of cyberattacks to recede. Companies need to step up their security game.
Here are 6 of the most notorious cyber attacks in the gaming history (AnimationXpress) Here are 6 of the most notorious cyber attacks in the gaming history - Games AnimationXpress
Fun To Financially Driven Cybercrime (Avast) Over time, computer malware has moved from being largely harmless to having significant real-world consequences. This transition revolves around money, as new profit avenues arose for hackers when more aspects of our lives migrated to the online world.
Marketplace
SPHERE Secures $10 Million in Series A Funding (PR Newswire) SPHERE, a woman-owned cybersecurity business focused on providing best-of-breed software and services for access governance across data,...
SailPoint Announces Intent to Acquire Intello to Identify, Secure, and Govern Access to SaaS Applications for Today’s Digital Enterprise (BusinessWire) SailPoint Technologies Holdings, Inc. (NYSE: SAIL), the leader in identity security for the cloud enterprise, today announced its intent to acquire In
SailPoint To Buy SaaS Application Management Startup Intello (CRN) SailPoint has agreed to purchase early-stage vendor Intello to extend the right security controls to ungoverned SaaS applications that lie hidden across an organization’s environment.
Logging startups are suddenly hot as CrowdStrike nabs Humio for $400M (TechCrunch) A couple of weeks ago SentinelOne announced it was acquiring high-speed logging platform Scalyr for $155 million. Just this morning CrowdStrike struck next, announcing it was buying unlimited logging tool Humio for $400 million. In Humio, CrowdStrike gets a company that will provide it with the abi…
The CrowdStrike-Humio Deal: George Kurtz’s 10 Boldest Remarks (CRN) From CrowdStrike’s push beyond security to its strategy around acquisitions to why it expects to beat archrival SentinelOne in the emerging XDR market, here are CEO George Kurtz’s 10 boldest remarks on the Humio deal.
Fairfax company wins $175M Homeland Security contract (Virginia Business) The U.S. Department of Homeland Security awarded Fairfax-based software company Salient CRGT Inc. a $175 million contract to provide IT service desk and field engineer support services for U.S. Citizenship and Immigration Services (USCIS), the company announced last week. Under the five-year contract, Salient CRGT will provide services for approximately 27,000 USCIS end users across…
Huawei turns to pig farming as smartphone sales fall (BBC News) The Chinese telecoms giant is also pivoting into coal mining technology amid US sanctions on its phones.
Huawei bets on AI pig farming as a new growth area outside smartphones (South China Morning Post) Huawei said it is launching an artificial intelligence pig farming project amid ongoing US sanctions that have hammered its smartphone business, joining other tech giants vying to give the industry a hi-tech upgrade.
ThreatLocker Opens European Headquarters to Support Rapid Global Expansion (BusinessWire) ThreatLocker, a global cybersecurity leader providing enterprise-level tools for Managed Service Providers (MSPs), today announced that it will open a
Constella Intelligence Expands Executive Leadership Team Amid Continued Revenue Growth (PR Newswire) Constella Intelligence ("Constella"), a global Digital Risk Protection leader, announced today it has added five members to its executive...
Chertoff Group and ZP Group strengthen their ties with US cyber procurement (Intelligence Online) Though it already counts several former US government officials among its ranks, Chertoff Group recently drafted the former US Under Secretary of Defense for Acquisition and Sustainment. This will
Products, Services, and Solutions
MISI and the Purdue University Manufacturing Extension Partnership Execute a CMMC Compliance Agreement (PR Newswire) MISI and the Purdue University Manufacturing Extension Partnership (Purdue MEP) executed an agreement to offer MISI's sensor grid and AWS...
Microsoft Azure Sentinel and Anomali (Anomali) Anomali, the leader in intelligence-driven cybersecurity solutions, today announced that Anomali Match is now integrated with Microsoft Azure Sentinel. By bridging the gap between these two leading security solutions, Anomali and Microsoft have created an automated solution that significantly enhances and speeds joint customers’ threat detection, alerting, and response capabilities.
SafeBreach Hacker’s Playbook Updated for US-CERT Alert (AA21-048A) AppleJeus: Analysis of North Korea’s Cryptocurrency Malware (SafeBreach) SafeBreach Labs has updated the Hacker's Playbook with new attack methods for malware samples described in US-CERT (AA21-048A) with an analysis of North Korea’s cryptocurrency malware.
Privitar Now Certified on Cloudera Data Platform (Privitar) New integration between The Privitar Data Privacy Platform™ and Cloudera Data Platform provides flexibility for organizations to safely use sensitive data for analytics in the cloud and on-premises
Cofense Granted FedRAMP Moderate Authorization (BusinessWire) Cofense PhishMe® has achieved a Federal Risk and Authorization Management Program (FedRAMP) Moderate Authorization to Operate (ATO).
Las Vegas Tech Startup Announces Nationwide Rollout of Innovative Access Control Product (KPVI) Nimbio, a leading startup in the area of access control systems, is widening the availability of its smart gate entry system. The company
Palo Alto Networks turns attention to supporting remote workforces (Security Brief) We’re working with more organisations to pivot their security architecture and move towards a cloud-delivered security model that can safely connect any user, to any application, from anywhere.
BlackBerry Announces Enhancements of BlackBerry Radar To Help Transportation Businesses Improve Asset Utilization and Visibility (BlackBerry) BlackBerry today announced enhancements to its BlackBerry Radar® H2 intelligent, data-driven asset monitoring devices to help the world’s transportation businesses reduce costs and securely improve the utilization of their trailers, containers, chassis and other remote assets.
Aruba Expands Roster of Easy-to-Deploy Workplace Safety Solutions (Galveston County Daily News) Aruba, a Hewlett Packard Enterprise company (NYSE: HPE), today announced an expanded set of integrated, easy-to-deploy Edge and IoT solutions designed to enable organizations to bring employees back to physical workplaces safely.
Netskope and Mimecast Partner to Deliver Omnichannel DLP and Seamless Cloud Security (AiThority) Netskope and Mimecast, announced integrations designed to provide customers, omnichannel data loss prevention (DLP) solution
Siemens UK is awarded Cyber Essentials Plus certification (PES Media) Siemens UK has been awarded the Cyber Essentials Plus (CE+) certification, a prerequisite for organisations applying for critical national infrastructure and defence projects in the UK.
Votiro and Menlo Security Partner to Provide Total File Security Solution (BusinessWire) Votiro announced a partnership with Menlo Security to provide a total security solution for file downloads.
Technologies, Techniques, and Standards
VPNs and zero trust security don't mix - Zscaler report (Security Brief) 93% of organisations surveyed have deployed some kind of VPN, yet 94% know that VPNs are a popular target for cybercriminals.
Emerging Mobile Threats and How to Prevent Them (Check Point Software) By Oleg Mogilevsky, Product Marketing Manager, Threat Prevention In the new normal, your remote workforce is increasingly accessing corporate data from
()
Eligible Receiver 97, Part II: The Final Observation Report (National Security Archive) Since our last posting about exercise Eligible Receiver 97-1, the Cyber Vault project has continued its efforts to unearth more documents and information about the secretive exercise that was so formative in shaping the U.S. information operations environment. Through Freedom of Information Act requests to various agencies, we are now able to share two more documents about, in the words of one senior DOD official, “the most interesting, informative, and challenging exercise we have seen in a long, long time” [Document 1, p. 4].
Making a Strong Defensive Play With Disaster Recovery: Perspectives for Financial Services, Healthcare, and Education (Infrascale) On February 6, the New York Times published a potent and timely article, How the United States Lost to Hackers, with the subhead, “America’s biggest vulnerability in cyberwarfare is hubris.” It’s a compelling read that both sketches a threat landscape long known to cybersecurity and data protection experts, and includes accounts of some exploits that […]
Technology Survives Texas Freeze but Weather Taxes Workers (Wall Street Journal) Critical services and data infrastructure providers are racing to keep technology and operations running in the face of a winter storm that has strained electrical grids and left hundreds of thousands of people without power.
Throwing Light on the Dark Web (Enzoic) Read what the dark web really is and how you can prevent compromised credentials from being the downfall of your company.
Combining Three Pillars Of Cybersecurity Security (Forbes) Our digital world is under assault, and we need to urgently upgrade our defenses. Three significant risk management themes have been put forward to help ameliorate the digital risk ecosystem including: security by design, defense in depth, and zero trust. We need all three.
Design and Innovation
Apple Platform Security Guide Gets Biggest Update to Date (SecurityWeek) Apple has published an updated Platform Security Guide, providing detailed technical explanations on the security features and technology implemented in its products.
Apple Offers Its Closest Look Yet at iOS and MacOS Security (Wired) In its latest Platform Security Guide, Cupertino raised the curtain on the critical features that protect against hackers.
Special Forces to build ‘influence artillery’ for online campaigns (C4ISRNET) 1st Special Forces Command is creating an Information Warfare Center that will specialize in tailored influence messaging.
Research and Development
()
Legislation, Policy, and Regulation
Estonian Intelligence: Russians will develop deepfake threats (Euractiv) Russia continues to be the 'primary threat' to the EU in cyberspace, presenting intensifying dangers in terms of online espionage, cyberattacks, and also a likely turn to deepfake technology in the near future, a new report from the Estonian intelligence services says.
Russia hopes to use COVID-19 to weaken Western unity, Intel report claims (Times of Israel) Estonian intelligence agency says Kremlin thinks pandemic will facilitate emergence of populist and extremist groups, is 'prepared to add fuel to the flames' with smear campaigns
International Security and Estonia 2021 (Estonian Foreign Intelligence Service) This is the Estonian Foreign Intelligence Service’s sixth annual report. The reason why we continue with this tradition remains the same – to offer the public both in Estonia and abroad an expert view of the security environment and the threats our service deals with. Considering Estonia’s geopolitical situation, the range of topics should not come as a surprise.
Netherlands, Finland, Canada issue warnings on China's espionage, political influence in democratic countries (BW Businessworld) Netherlands, Finland, Canada issue warnings on China's espionage, political influence in democratic countries
Netherlands, Finland, Canada concerned over China's espionage, influence (Business Standard) The report stated that China's cyber-espionage poses an "imminent threat" to the economy of The Netherlands, in sectors such as banking, energy and infrastructure
How India Legalizes Crypto (Balaji S. Srinivasan) India already has a regulatory regime for crypto. It's called the Foreign Exchange Management Act.
The European Commission Publishes Draft UK Adequacy Decision (cyber/data/privacy insights) What has happened?
The European Commission has published its draft decision on February 19, 2021 granting data protection adequacy status to the UK under Article 45(3) of the GDPR.The draft decision is currently under review by the European Data Protection Board, which will issue its opinion (not
France to Boost Cyberdefense After Hospital Malware Attacks (SecurityWeek) French President Emmanuel Macron has unveiled a plan to better arm public facilities and private companies against cybercriminals following ransomware attacks at two hospitals this month and an upsurge of similar cyber assaults in France.
Australia to Hold Talks With Facebook’s Zuckerberg After Block (Bloomberg) ‘The world is watching us very closely,’ says Treasurer. News content law expected to pass through parliament next week.
Facebook blocks news in Australia, PM describes the move as 'arrogant' and 'disappointing' (Computing) Web traffic to Australian news sites has dropped by about 30 per cent
Paying for news (Benedict Evans) We’ve been arguing about newspaper business models for a decade, and none of the questions have changed, but now things are heating up. Should internet platforms ‘pay for news content’, and is this a competition problem, or is this really a tax on links, and a subsidy?
Facebook calls Australia's bluff (Platformer) But Google gives in. What's next?
The Bizarre Reaction To Facebook's Decision To Get Out Of The News Business In Australia (Techdirt.) None of this should have been a surprise. Back in September we wrote about Facebook publicly saying that if Australia went forward with its ridiculous attack on the open internet, and instituted a "news link tax" on Facebook and Google, that...
Facebook’s New Look in Australia: News and Hospitals Out, Aliens Still In (New York Times) The social network’s decision to block journalism rather than pay for it erased more than expected, leaving many outraged and debating what should happen next.
A Sharper, Shrewder U.S. Policy for Chinese Tech Firms (Foreign Affairs) Biden Can Make the Most of a Trump-Era Rule
Why Joe Biden Should Start a Cybersecurity Dialogue With Russia (The National Interest) High-level political dialogue might identify the slim common ground to curb cyber-hostilities, with quid-pro-quos not necessarily confined to the cybersphere.
Agencies ‘building back better’ after SolarWinds breach, top Biden cyber official says (Federal News Network) The deputy national security advisor for cybersecurity and emerging technology said the breach compromised nine agencies and about 100 companies.
Massive breach fuels calls for US action on cybersecurity (13newsnow.com) U.S. officials are scrambling to reinforce the nation’s cyber defenses following a sweeping hack that may have exposed government and corporate secrets to Russia.
Cybersecurity needs to be proactive with involvement from business leaders (TechRepublic) In a webinar Wednesday, former US Homeland Security director Christopher Krebs also suggested organizations have COVID workforce coordinators and that cloud mail providers activate MFA by default.
FCC advances $1.9B program to rip and replace Huawei gear (FierceWireless) The FCC is proposing a priority scheme to allocate the funds in the event demand for the funds exceeds supply. The proposal would prioritize applications with 2 million or fewer customers.
House to grill Facebook, Google, Twitter CEOs as Washington seeks to crack down on disinformation, antitrust (Washington Post) House lawmakers are embarking on a new, bipartisan push next week to toughen the country’s antitrust laws, hoping to crack down on the sort of anti-competitive, monopoly-style tactics they identified at Amazon, Apple, Facebook and Google after investigating the tech giants last year.
CISA Releases New Global Strategy for International Engagement (CISA) Today, while speaking at the Business Council for International Understanding (BCIU), Brandon Wales, Acting Director of the Cybersecurity and Infrastructure Security Agency (CISA) announced the release of the agency’s first-ever international strategy, CISA Global. During the fireside chat with BCIU President and CEO Peter Tichansky, Acting Director Wales shared how CISA will work with international partners to fulfill the agency’s mission and create unity of effort across mission areas.
Lawmakers Demand Answers from Military on Muslim App Data (Vice) Over a dozen lawmakers, including Ilhan Omar and Rashida Tlaib, wrote to military and intelligence heads seeking answers on the collection of location data from Muslim-focused apps.
The House Financial Services Committee held its hearing on the GameStop Reddit short squeeze (The Verge) Lawmakers grilled the CEOs of Robinhood, Citadel, and Melvin Capital
Robinhood's CEO called for the revision of outdated SEC trading rules in his prepared remarks for the Congressional hearing on GameStop (Business Insider) "Millions of new investors have entered the market," Robinhood CEO Vlad Tenev said. "It is time for the financial system to catch up."
SolarWinds breach getting Senate intel hearing next week (SeekingAlpha) The U.S. Senate intelligence committee will hold a hearing on February 23 on the Russia-linked SolarWinds <<SWI>>hack that breached a number of federal agencies
Litigation, Investigation, and Law Enforcement
Egregor takedown: Is targeting ransomware affiliates a strong deterrent? (SC Media) Law enforcement officials have cracked down on the Egregor ransomware operation, arresting affiliates and perhaps ringleaders.
Federal regulators should push Facebook for app data transparency, says NY probe (SeekingAlpha) An investigative report from the New York Department of Financial Services says Facebook (FB) has taken actions to limit the collection of sensitive user data by app but needs to do more