Cyber Attacks, Threats, and Vulnerabilities
SBU site targeted in massive DDoS attack (UNIAN) The cyberattack has been ongoing for several days already.
Chinese spyware code was copied from America's NSA: researchers (Reuters) Chinese spies used code first developed by the U.S. National Security Agency to support their hacking operations, Israeli researchers said on Monday, another indication of how malicious software developed by governments can boomerang against their creators.
Global Accellion data breaches linked to Clop ransomware gang (BleepingComputer) Threat actors associated with a financially-motivated hacker groups combined multiple zero-day vulnerabilities and a new web shell to breach up to 100 companies using Accellion's legacy File Transfer Appliance and steal data.
Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion (FireEye) Malicious actors we track as UNC2546 exploited multiple zero-day vulnerabilities in Accellion’s legacy File Transfer Appliances to install a newly discovered web shell named DEWMODE.
Accellion Provides Update to FTA Security Incident Following Mandiant’s Preliminary Findings (Accellion) Mandiant has identified the criminal hacker behind the cyberattacks and data theft involving Accellion’s legacy FTA product.
SolarWinds CEO: This could have happened to anyone (FCW) In what will be the first of several public appearances this week, Sudhakar Ramakrishna says his company will be transparent about the supply chain attack it suffered as a way to help other companies prepare for the next attack.
Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code (Redmondmag) Microsoft has reconfirmed that the 'Solorigate' advanced persistent threat attackers saw some of its source code, although 'only a few individual files were viewed.'
Bitcoins, blockchains, and botnets (Akamai) Additional research and reporting provided by: Chad Seaman Executive Summary A recent piece of malware from a known crypto mining botnet campaign has started leveraging Bitcoin blockchain transactions in order to hide its backup C2 IP address. It's a simple,...
Bulletproof hosting: How cybercrime stays resilient (Intel 471) To understand how cybercrime proliferates, security professional need to understand how bulletproof hosting props up all kinds of malware.
A race to reverse-engineer Clubhouse raises security concerns (TechCrunch) As live audio chat app Clubhouse ascends in popularity around the world, concerns about its data practices also grow. The app is currently only available on iOS, so some developers set out in a race to create Android, Windows and Mac versions of the service. While these endeavors may not be ill-int…
Clubhouse chats leaked by hackers on third-party site: See what happened (BGR India) Clubhouse is the latest popular audio-based chat app, which has been prone to a data breach. This has raised security concerns.
The Rise of Initial Access Brokers (Digital Shadows) Digital Shadows analyzes the role played by Initial Access Brokers, an emerging figure, in the broader criminal infrastructure of ransomware.
Organizations at growing risk from initial access brokers – a fast growing class of cybercriminal who breach firms and then charge others to do the ‘dirty work’ (Digital Shadows) Thriving on disruption to business process and remote working caused by pandemic as listings for RDP and VPNs increase with an average price of $7,100 London and San Francisco, February 23, 2021 - Digital Shadows, the leader in digital risk protection, has today highlighted the growing role of Initial Access Brokers within the criminal ecosystem. ...
Initial Access Brokers Report (Digital Shadows) Initial access brokers are benefitting from a rise in adoption of remote access software. This Initial Access Brokers Report analyzes this phenomenon and what it means for security practitioners.
Evolving Risks, Insecure Defaults, Watering Hole Threats: New Research from Accurics Uncovers Developing Sources of Cloud Risk (Accurics) Terrascan by Accurics supports Helm and Kustomize, enabling Policy as Code guardrails in your cloud native projects to enforce security best practices.
M1 safer than Intel Macs: Apple's Security Guide (Macworld UK) With two cases of M1 malware already appearing, Apple has showcased the new security features of the M1 Macs in a Security Guide
Hackers expose Hyundai logistics data after apparent ransomware attack (FreightWaves) A ransomware gang has leaked data related to Hyundai Motor America’s logistics operations after an apparent ransomware attack on the automaker and subsidiary Kia Motors America.
10K Microsoft Email Users Hit in FedEx Phishing Attack (Threatpost) Microsoft users are receiving emails pretending to be from mail couriers FedEx and DHL Express – but that really steal their credentials.
You’ve Got A Phish Package: FedEx and DHL Express Phishing Attacks (Armorblox) This blog focuses on two email attacks impersonating FedEx and DHL Express. Both attacks aimed to extract email account credentials. Phishing pages were hosted on free services like Quip and Google Firebase to trick users into thinking they were legitimate.
Vulnerability Summary for the Week of February 15, 2021 | (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.
Notice of Data Breach (Harvard Eye Associates) Notice of Data Breach | Harvard Eye Associates are the Orange County area's leading LASIK, cataract surgery, and eye care specialists.
Council apologises for free school meals payment data breach (Future Scot) A Scottish local authority has apologised for a data breach after sending details of 600 free school meals claimants to ‘multiple’ email accounts.
South Carolina County Rebuilds Network After Hacking (SecurityWeek) A South Carolina county continues to rebuild its computer network after what it called a sophisticated hacking attempt.
Mysterious cyber-attack on Lakehead University's network under investigation (CTV Barrie) Lakehead University security experts in Orillia are trying to solve a debilitating cyber-attack and get students and staff back online.
Security Patches, Mitigations, and Software Updates
Apple has taken steps to eradicate mysterious malware strain | AppleInsider (AppleInsider) Following the discovery of a new and unusual malware that had the potential to attack Macs running on Apple Silicon, Apple has moved to minimize any impact the maliciously-crafted software could have in the future.
Nvidia announces official “anti-cryptomining” software drivers (Naked Security) “It’s a DoS, Jim, but not as we know it.”
Cyber Trends
Cyber-risk to critical and industrial infrastructure reaches all-time high (Intelligent CIO North America) A new report from Nozomi Networks Labs finds cyberthreats to industrial and critical infrastructure have reached new heights as threat actors double down on high value targets. With industrial organizations ramping connectivity to accelerate Digital Transformation and remote work, threat actors are weaponizing the software supply chain and ransomware attacks are growing in number, sophistication […]
Report Found That Credential Spilling Doubled Within Four Years, Credential Stuffing Attacks Now Preferred Intrusion Method (CPO Magazine) F5 annual Credential Stuffing Report 2021 indicated that credential spill incidents nearly doubled from 2016 to 2020. Contrarily there was a recorded 46% reduction in the volume of credentials spilled during the same period.
CrowdStrike: Pandemic didn’t slow targeted cyberattacks by criminals and nation-states (VentureBeat) The pandemic didn't slow targeted cyberattacks by criminals and nation-states, according to the 2021 Global Threat Report by CrowdStrike.
A Constant State of Flux: Trend Micro 2020 Annual Cybersecurity Report (Trend Micro) The upheavals of 2020 challenged the limits of organizations and users, and provided openings for malicious actors. A robust cybersecurity posture can help equip enterprises and individuals amid a continuously changing threat landscape.
Cynet Reviews the Top 6 Most Notable Cyber Attacks of 2020 (The Salamanca Press) Cynet today turned back the pages of 2020 to review the most noteworthy cyberattacks making up the cyber-pandemic, which came with COVID-19
UK's cybersecurity firms hit over $12 billion in 2020 revenue (Atlas VPN) Atlas VPN research team found that in the 2020 financial year, online security companies in the UK raked in nearly 8.88 billion GBP which is equivalent to 12.51 billion US dollars, a 7% increase from last year's 8.3 billion GBP (11.69 billion USD).
Marketplace
PerimeterX Raises $57M in Growth Capital Funding to Fuel Expansion Into New Geographies and Verticals (PerimeterX) Protect your web apps against account takeover, carding, denial of inventory, scalping, skewed analytics, digital skimming, Magecart, PII harvesting, scraping.
Kaseya Supercharges IT Complete Security Suite with the Acquisition of RocketCyber | Kaseya (Kaseya) RocketCyber’s managed security operations center (SOC) brings 24x7x365 cybersecurity to Kaseya IT Complete, strengthening the platform
Proofpoint To Acquire Data Security Provider InteliSecure For $62.5M (Yahoo) Cybersecurity company Proofpoint, Inc. (NASDAQ: PFPT) inked an agreement to acquire data security provider InteliSecure, Inc for $62.5 million in cash to consolidate its cloud-based people-centric security platform. The acquisition is expected to close during the first quarter of 2021.
Proofpoint to buy MSP InteliSecure for US$62.5M (CRN Australia) Data loss protection MSP to protect data in diverse environments.
Red Hat closes acquisition of StackRox (Container Journal) Today, we are pleased to share that Red Hat has closed the transaction to acquire StackRox, a leader and innovator in container and Kubernetes-native security. Since announcing our plans for the acquisition, we have been met with excitement both internally and externally around what the future holds for Red Hat OpenShift as well as Red Hat’s entire open hybrid cloud portfolio.
Michael Dell forms new acquisition company (CRN Australia) Seeking to raise upward of US$575 million through an initial public offering.
Vectra closes strongest quarter in company history (PR Newswire) Vectra AI, a leader in network detection and response (NDR), today reported that in calendar 2020, sales continued to grow at a compound annual...
Placing 2021 Bets on Zero Trust Identity & BehavioSec (BehavioSec) It is an exciting time to join the BehavioSec team as Chief Revenue Officer. In almost 20 years of working in the digital identity space around financial services and other sectors, I have seen successive key technologies emerge that enable and redefine how people securely bank, pay and prove authenticity in a digital world. But … Continue reading "Placing 2021 Bets on Zero Trust Identity & BehavioSec"
The 2021 Security 100 (CRN) Digital transformation and COVID-19 have changed the cybersecurity game. The vendors of CRN's 2021 Security 100 met the challenge.
Aryaka Is Recognized for the Second Year in a Row in 2021 Gartner Peer Insights ‘Voice of the Customer’: WAN Edge Infrastructure (BusinessWire) Aryaka announced it's been recognized for the second consecutive year in the Gartner Peer Insights ‘Voice of the Customer’: WAN Edge Infrastructure.
Reddit Names Allison Miller as CISO, VP of Trust (SecurityWeek) Reddit has hired Allison Miller as Chief Information Security Officer (CISO) and VP of Trust, who reports to Reddit CTO Chris Slowe.
Cybereason Snags Channel Leaders From Check Point, Fortinet (CRN) Cybereason has brought on Check Point channel leader Abigail Maines and Fortinet veteran Stephen Tallent to oversee traditional channels and MSSPs in North America, respectively.
Cybersecurity Expert Melissa Hathaway Joins LookingGlass Advisory Board (Homeland Security Today) LookingGlass Cyber Solutions, a leader in operationalizing threat intelligence, announced the appointment today of Melissa Hathaway to its Advisory Board. Hathaway brings extensive cyber policy and technical expertise to the Board.
Kaspersky picks former Symantec exec as new UK boss (CRN) Cybersecurity vendor appoints Christopher Hurst as new general manager of UK and Ireland
Cybersecurity Executive Malcolm Harkins Joins BlackCloak Advisory Board (PR Newswire) BlackCloak, Inc., the cybersecurity industry's first Concierge Cybersecurity & Privacy™ protection platform for Executives and High-Profile...
BehavioSec Triples Revenue in 2020; Welcomes New CRO (BusinessWire) BehavioSec announced the appointment of Michael Nelson as Chief Revenue Officer.
Products, Services, and Solutions
Enveil ZeroReveal 3.0 Delivers Performant, Scalable Privacy-Enhancing Capabilities for Secure Data Search, Sharing, and Collaboration (Enveil | Encrypted Veil) The performance and efficiencies in the software’s 3.0 release affirm that the groundbreaking, business-enabling capacity of homomorphic encryption is ready now for broad commercial use
SecurityHQ Release New Mobile App (PR Newswire) SecurityHQ, the leading provider in managed security services, launch their new Mobile App, SecurityHQ Response. Cyber never sleeps. Survival...
Entrust Introduces New Visitor Management as a Service Solution (BusinessWire) Entrust launches Adaptive Issuance Visitor Management as a Service, a cloud-based tool enabling a modern approach to visitor management and security.
Thycotic Integrates with Slack for Seamless Privileged Credential Access and Daily Workflow (PR Newswire) Thycotic, a provider of privileged access management (PAM) solutions to more than 12,500 organizations worldwide, including 25 of the Fortune...
Project Ares (Circadence) Circadence’s Project Ares is an award-winning, gamified cyber security learning platform that helps novice and seasoned cyber professionals keep skills sharp against evolving cyber threats.
Viasat authorized to use U.S. government provided classified cyber threat intelligence (Help Net Security) Viasat named one of four companies authorized to use U.S. government provided classified cyber threat intelligence.
The Mimecast Ecosystem Now Offers Over 60 Cybersecurity and Compliance Integrations (GuruFocus) Designed to Reduce Complexity, Minimize Risk and Improve Threat Detection and Response through Integrations with CrowdStrike, IBM Security, Netskope, Palo Alto Networks, Rapid7, ServiceNow, Splunk and more
An Industry First, Imperva Sonar Platform Delivers A Unified Security Platform Across Edge, Applications and Data (GlobeNewswire) Imperva, Inc., (@Imperva), the cybersecurity leader whose mission is to protect data and all paths to it, introduces the Imperva Sonar platform, which eliminates the need for siloed point solutions and delivers integrated analytics while automating workflow and accelerating incident response.
Students Learn About Online Threats With the Free Hackers' Epoch: The Cybersecurity Card Game Download (Dickson Post) KNOXVILLE, Tenn., Feb. 23, 2021 /PRNewswire/ -- Parents and teachers concerned about online safety have a fun learning tool called the Hackers' Epoch: The Cybersecurity Card Game by Scruffy City
Technologies, Techniques, and Standards
CISA Takes on Security Challenges with 5G (Government CIO) The agency provides a look at how the risks with 5G impact supply chain and uncover new vulnerabilities.
Cyber-insurance: Why you need it and how to choose the right plan (Compliance Week) As cyber-attacks surge, the need for cyber-insurance is growing more urgent. But it's critical for companies to first familiarize themselves with how to navigate the labyrinth of cyber-insurance products on the market so that they are properly covered.
Best Practices for Managing Cyber Risks in a Cyber World (The National Law Review) 1One remarkable aspect of the COVID-19 pandemic has been how quickly and completely global businesses were able to pivot to a virtual work environment. Across the world, employees fired up their lapto
What is a legacy system? The key is relevance, not age. (Defense News) Systems nearing the end of their service lives cost much more to maintain, so retiring them in favor of newer systems is pragmatic. However, the services’ record here is decidedly mixed and inconsistent.
How to Ensure Active Directory is not Your Achilles Heel (iTWire) GUEST OPINION by Jim Cook, ANZ Regional Director, Attivo Networks: With cybercriminals always on the hunt for new ways to mount attacks, organisations are paying more attention to the weaknesses that exist within many deployments of Microsoft’s Active Directory (AD). Developed by Microsoft as a set...
‘Pirates find the weak link and exploit it’: Akamai’s anti-content theft action plan (Sports Pro Media) Ian Munford, director of industry strategy at Akamai, offers his thoughts on how best to battle sports piracy, as well as offering insight into how the industry can become more sustainable.
The Threat From Within: Automotive Ramps Up Cybersecurity But Must Understand Hiring Better (Forbes) A storm is brewing.
Design and Innovation
A promising step forward on disinformation (Microsoft On the Issues) Today, Microsoft and the BBC have teamed up with Adobe, Arm, Intel and Truepic to create the Coalition for Content Provenance and Authenticity (C2PA).to counter deepfakes and develop standards and specifications that will prove the authenticity of digital media.
Academia
UA Little Rock Fights Social Media Misinformation (Arkansas Business) Devising the tools, methods and policies for promoting good behaviors on the web while marginalizing the bad actors is a serious challenge facing Arkansas, the nation and the international community.
NJCU and NPower Launch New Agreement for Cybersecurity Students
(NJCU) New Jersey City University (NJCU) and NPower, a national tech training nonprofit, have signed an agreement granting qualified NPower graduates the ability to transfer nine (9) credits towards Bachelor of Science in Cybersecurity at the institution.
Legislation, Policy, and Regulation
In the Middle East, War Is Going Digital (Foreign Policy) And that should scare everyone.
How China’s Digital Silk Road Is Leading Countries Away from the United States (Defense One) Beijing is using technology products, markets, and training to secure influence with U.S. security partners, a IISS report finds.
China Censors the Internet. So Why Doesn’t Russia? (New York Times) The Kremlin has constructed an entire infrastructure of repression but has not displaced Western apps. Instead, it is turning to outright intimidation.
Facebook reverses ban on news pages in Australia (BBC News) Facebook will reverse a decision to block access to news content, Australia's government says.
Facebook to reverse news ban in Australia after reaching an agreement with the government (Computing) Facebook and Google unlikely to be punished as long as they can demonstrate a 'significant contribution' to local journalism
Facebook Reaches Deal With Australia to Restore News (Wall Street Journal) The company reached a deal with the Australian government to restore news pages to its platform. The agreement includes changes to legislation requiring more negotiations before arbitration kicks in.
Why Facebook Is Right to Pull the Plug on Australia (Foreign Policy) This isn’t about regulating Big Tech. It’s about fleecing foreigners for news that Australians no longer want to pay for.
Looking behind the UK's new Cybersecurity Council (Includes interview) (Digital Journal) The UK government has launched a new independent body to set standards that professionals in cybersecurity will have to meet, much like there are standards for professionals in accountancy, finance, etc. What does this entail?
Is Congress Spending Enough on Cybersecurity? (Dispatch) Recent developments underscore legitimate concerns about our capacity to defend against a growing threat.
Election Infrastructure Council Applauds Cyber Cooperation in 2020 Cycle (Meritalk) The Election Infrastructure Government Coordinating Council – whose leadership spans Federal, state, and local government election officials – applauded inter-government cooperation on implementing cybersecurity safeguards in the 2020 election cycle, and pledged to use lessons learned going forward to improve election security and resiliency.
Election Infrastructure Government Coordinating Council Holds Winter Meeting to Discuss Path Forward on Election Security and Resilience (CISA) The Election Infrastructure Government Coordinating Council (GCC) held its winter meeting virtually the afternoon of Thursday, Feb. 18, 2021, to discuss lessons learned from the 2020 election and ways to improve coordination between the federal government and state and local election officials.
Lawmakers Call for Ambassador to Represent U.S. in Cyberspace (Wall Street Journal) A group of congressional lawmakers are renewing their call for a cyber ambassador in the State Department, reviving a bill that created friction between Congress and the Trump administration.
Biden pledges international cooperation on cyber in speech (FCW) Biden addressed the global security forum for the first time as president last week when he called for the United States to cooperate with European allies on establishing cyberspace norms.
Biden Wants International “Rules” to Combat Alleged Russian, Chinese Cyberattacks (MSSP Alert) The United States & democratic nations must jointly frame the “norms of behavior in cyberspace,” President Biden asserts at virtual Munich Security Conference.
The Cybersecurity 202: Investigations into Russian, North Korean hackers are shaping Biden's foreign policy (Washington Post) The Biden administration is plunging ahead in a pair of high-profile cybersecurity investigations into North Korean and Russian hackers, shedding light on how it plans to crack down on foreign hackers after the Trump administration downplayed the issue in the 2016 election and its aftermath.
DHS Announces Steps to Advance President’s Commitment to Elevate Cybersecurity (Department of Homeland Security) Secretary Alejandro N. Mayorkas announced the many ways the Department of Homeland Security (DHS) will carry out President Biden’s vision to elevate cybersecurity across the government. DHS will lead efforts to mitigate risks to the United States, further strengthen its partnerships with the private sector, and expand its investment in the infrastructure and people required to defend against malicious cyber attacks as part of a whole-of-government effort.
DHS announces new measures to boost nation's cybersecurity (TheHill) The Department of Homeland Security (DHS) on Monday announced a range of steps it will take to bolster the nation’s cybersecurity posture, including increasing funding for key cybersecurity issues.
Mayorkas Sets Out Steps to Elevate Cybersecurity (Homeland Security Today) Secretary Alejandro N. Mayorkas has today announced the many ways the Department of Homeland Security (DHS) will carry out President Biden’s vision to elevate cybersecurity across the government.
CISA Welcomes New Members to Leadership Team (CISA) The Cybersecurity and Infrastructure Security Agency (CISA) announced today that three new administration appointees have joined the agency in leadership roles. Nitin Natarajan has joined CISA as its Deputy Director, Eric Goldstein as Executive Assistant Director for Cybersecurity, and Dr. David Mussington as Executive Assistant Director for Infrastructure Security.
Navy says ‘liking’ or sharing extremists’ posts on social media can get you in trouble (Navy Times) Here's how the Navy will conduct its stand-down addressing extremism in the ranks.
New York issues cyber insurance framework as ransomware, SolarWinds costs mount (CSO Online) The state looks to protect one of its core industries, which is threatened by mounting and potentially "unsustainable" losses due to the SolarWinds and ransomware attacks.
Litigation, Investigation, and Law Enforcement
SolarWinds Cyberattack Cleanup Costs: SWI Earnings, Senate & House Hearings May Provide Clues (MSSP Alert) How much will SolarWinds cyberattack cost to clean up? SWI Q4 2020 earnings & SolarWinds CEO testimony during House & Senate hearings may provide cleanup cost clues.
Analysis | The Cybersecurity 202: SolarWinds hearing puts the company's new CEO in the hot seat (Washington Post) Sudhakar Ramakrishna is looking to reframe the conversation after the massive Russian hack.
SolarWinds CEO Recommends Liability Protections for Sharing Information about Incidents (Nextgov.com) The new CEO had a couple of other asks for Congress too.
Covid-19 Vaccine Scams Grow, Leveraging Confusion About How to Get the Shot (Wall Street Journal) Scammers are taking advantage of widespread anxiety about Covid-19 with cyber schemes enticing people to give up their personal data and money with the promise of a vaccine.
CJEU to rule on processing of personal data from employees for videoconferencing (Pinsent Masons) Questions relating to distance learning and the data privacy implications of it have been referred to the Court of Justice of the European Union (CJEU) in a case before a German administrative court.
Watchdog Casts Doubt On IRS' Warrantless Phone Tracking (Law360) The U.S. Supreme Court's 2018 ruling that the federal government generally needs a warrant to access historical cellphone location records likely extends to the type of contractor-provided mobile app GPS data that the Internal Revenue Service had previously used in criminal investigations, a U.S. Treasury Department watchdog has said.
FabFitFun Reaches Preliminary Settlement in Data Breach Case (Bloomberg Law) FabFitFun Inc. reached a preliminary deal with plaintiffs over its alleged role in a 2020 data breach, agreeing to devote $625,000 to a settlement fund.
Crypto-Craze Icon Long Blockchain Has Shares Delisted by SEC (Bloomberg) Long Blockchain Corp., the former iced-tea company that became a poster child of crypto-investment excesses, had its shares delisted by U.S. regulators after failing to file financial reports for years.
