Cyber Attacks, Threats, and Vulnerabilities
TA413 Leverages New FriarFox Browser Extension to Target the Gmail Accounts of Global Tibetan Organizations (Proofpoint) Since March 2020, Proofpoint Threat Research has tracked low volume phishing campaigns targeting Tibetan organizations globally. In January and February 2021, we observed a continuation of these campaigns where threat actors aligned with the Chinese Communist Party’s state interests delivered a customized malicious Mozilla Firefox browser extension that facilitated access and control of users’ Gmail accounts.
Ukraine reports cyber-attack on government document management system (ZDNet) Ukrainian officials blame "one of the hacker spy groups from the Russian Federation."
Russian hackers linked to attack targeting Ukrainian government (BleepingComputer) The National Security and Defense Council of Ukraine (NSDC) has linked Russian-backed hackers to attempts to compromise state agencies after breaching the government's document management system.
Russia has allegedly hit the US with an unprecedented malware attack: Here's what you need to know (CNET) The hackers managed part of the malware campaign with Amazon cloud hosting and used several techniques to hack their targets, say lawmakers and company heads from SolarWinds, Microsoft, Crowdstrike and FireEye.
Tech Firms Say There's Little Doubt Russia Behind Major Hack (SecurityWeek) Tech executives said cyber operations linked to the massive SolarWinds hack was so sophisticated, focused and labor-intensive that a had to be behind it, with all the evidence pointing to Russia.
Twitter Shuts Down Four Networks of State-Sponsored Disinformation Accounts (SecurityWeek) The social platform associated the accounts with state-sponsored actors operating out of Armenia, Iran, and Russia.
TikTok removed more than 300,000 videos for election misinformation (The Verge) TikTok’s elections hub was viewed millions of times.
Babuk Ransomware (McAfee Blogs) Executive Summary Babuk ransomware is a new ransomware threat discovered in 2021 that has impacted at least five big enterprises, with one already paying
Technical Analysis of Babuk Ransomware (McAfee) Babuk ransomware is a new ransomware threat discovered in 2021 that attacked at least five big enterprises, with one already paying the criminals $85,000 after negotiations. This ransomware, as other variants, is deployed in the network of enterprises that the criminals carefully target and compromise. This modus operandi is known as the Big-Game hunting
strategy. The group behind Babuk has also adopted the same strategies as other ransomware groups and has leaked the stolen data.
New 'LazyScripter' Hacking Group Targets Airlines (SecurityWeek) Active for at least two years, the threat actor switched from PowerShell Empire to using the Koadic and Octopus RATs.
How to Quickly Diagnose Silver Sparrow Infections (Security Boulevard) Security researchers at Red Canary recently discovered that Macs featuring Apple’s custom M1 chips are subject to a new strain of malware dubbed Silver Sparrow.
Bombardier Suffers Cyber Attack (Industry Week) The Canadian manufacturer acknowledged on February 23 that it recently suffered a cyber attack, adding to the growing list of manufacturers who have seen unauthorized access.
SafeBreach Hacker’s Playbook Updated for US-CERT Alert (AA21-055A) Web Shell DEWMODE (safebreach) SafeBreach Labs has updated the Hacker's Playbook™ with new attack methods for malware samples described in US CERT AA21-055A detailing four zero-day vulnerabilities in Accellion File Transfer Appliance (FTA).
Four Additional Threat Groups Seen Targeting Industrial Organizations in 2020 (SecurityWeek) There are a total of 15 threat groups that have targeted industrial organizations, including four added to the list in 2020.
The Front Lines of the Cyber War (T&D World) Hostile nation states are actively attempting to break into the electric grid and to develop weapons to disrupt or disable industrial control systems.
Highly Active 'Gamaredon' Group Provides Services to Other APTs (SecurityWeek) On par with prolific crimeware gangs, the group is noisy and lacks the techniques observed in advanced operations.
Critical VMware vCenter Server Flaw Can Expose Organizations to Remote Attacks (SecurityWeek) VMware has patched a critical command execution vulnerability in vCenter Server that can expose organizations to remote attacks.
More than 6,700 VMware servers exposed online and vulnerable to major new bug (ZDNet) Proof-of-concept exploit code has been published online earlier today, and active scans for vulnerable VMware systems have been detected already.
Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique (The Hacker News) Online Trackers Increasingly Switching to Invasive DNS-based CNAME Cloaking Technique
Jones Day Removed From Hacker's Target List (The American Lawyer) It's unclear why Jones Day was removed. How to prevent similar breaches at law firms is a complicated question.
Data Breach: Turkish legal advising company exposed over 15,000 clients (WizCase) WizCase team uncovered a massive data leak containing private information about Turkish Citizens through a misconfigured Amazon S3 bucket. The server contained 55,000 court papers regarding over 15,000 legal cases, which affected hundreds of thousands of people. What’s Going On? Our online security team has uncovered a massive data breach originating from a misconfigured ...
An Exploration of JSON Interoperability Vulnerabilities (Bishop Fox) Learn more about how the same JSON document can be parsed with different values across microservices, leading to a variety of potential security risks.
Australian Health and Transport Agencies Hit by Accellion Hack (SecurityWeek) Transport for NSW and NSW Health said some information was taken during the cyber-attack.
TransLink slow to reveal crucial details about ransomware attack, says union (Peace Arch News) Union says company took months to admit what info was stolen, including SIN and bank account details
Thousands have highly personal details exposed in COVID-19 vaccine data breach (Extra.ie) Thousands of people who have received the COVID-19 vaccine have had highly personal details exposed in a data breach. The IT system being used by the HSE was compromised due to ‘human error’, which meant the patients’ confidential data was accessible. Crucial details that can often be used to certify access to our financial, health and highly personal files online were left exposed, despite warnings during data risk assessments. The details included each patient’s PPS number, address, names, age, mother’s maiden name, date of birth, phone number, email address and where they were vaccinated were all accessible. In total there
The Fed's system that allows banks to send money back and forth went down for several hours (CNBC) The outage impacted multiple Fed services, including its pivotal automated clearinghouse system.
Poland's CD Projekt delays Cyberpunk 2077 fix due to cyber attack (Reuters) Polish video games maker CD Projekt is delaying the release of a patch for its Cyberpunk 2077 game until the second half of March, it said on Wednesday, after a cyber attack slowed down work on fixes for the troubled game.
Npower shuts down app after hackers steal user data (IT PRO) Cyber criminals obtained partial financial data following successful credential stuffing attacks
Security Patches, Mitigations, and Software Updates
VMware fixes dangerous vulnerabilities that threaten many large companies (PT Security) VMware fixes dangerous vulnerabilities that threaten many large companies
VMSA-2021-0002 (VMware) VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974)
Cyber Trends
39% of healthcare organizations suffered ransomware attacks in the cloud in 2020 (Netwrix) As a result of a cloud breach, one in four healthcare organization was fined for non-compliance and 1 in 10 was sued, Netwrix study finds.
New KnowBe4 Research Finds Credential Sharing Risk Reduces With Improved Security Culture Score (GlobeNewswire) KnowBe4 releases “How Security Culture Invokes Secure Behavior” white paper
Despite COVID-19 pandemic, Imperva reports number of vulnerabilities decreased in 2020 (Imperva Blog) Imperva’s report, The State of Vulnerabilities in 2020 has revealed that unlike in previous years, researchers observed a fall in the number of vulnerabilities last year, even as businesses were compelled to accelerate digital transformation processes due to the COVID-19 pandemic. Vulnerabilities are defined as the gaps or weaknesses that undermine an organization’s IT security […]
The State of Vulnerabilities in 2020 | Resource Library (Resource Library) As the COVID-19 pandemic compelled organizations to accelerate digital transformation processes, the state of vulnerabilities and the nature of the cyberattack
Vulnerability and threat trends report 2021: Cybersecurity Comes of Age (Skybox Security) The seventh edition of the Skybox “Security Vulnerability and Threat Trends” report highlights the need for security practices to mature.
FortiGuard Labs Reports Disruptive Shift of Cyber Threats (GlobeNewswire) Scale and Evolution Across the Entire Attack Surface Impacts Organizations Everywhere, Across All Edges and the Digital Supply Chain
One in Four Consumers Are Putting Their Employers at Risk by Using Their Work Email or Password to Log in to Consumer Websites and Apps (BusinessWire) Employees working from home on a company-provided computer are demonstrating a clear lack of cybersecurity knowledge through high-risk behavior, accor
2021 Secure Consumer Cyber Report: How Remote Workforces are Putting Organizations at Risk of a Cyberattack (Ivanti) 1 in 4 consumers admit to using their work email or password to access consumer websites and applications such as food delivery apps, online shopping sites, and even dating apps.
LogMeIn Study Shows Cyber Threats, Productivity Concerns, and Pressure on IT Support Drives Consolidation of Remote Access & Support Solutions as Flexible Work Becomes Business as Usual (GlobeNewswire) LogMeIn, Inc. a leader in empowering the work-from-anywhere era with solutions such as GoTo, LastPass, and Rescue, today announced results of a global study executed by IDG that reveals the new reality of long-term remote and flexible work.
IDG Report: Ensuring Productivity & Security in the New Remote Work Era (Rescue) IDG Report: Ensuring Productivity & Security in the New Remote Work Era
Marketplace
Armorblox Raises Series B Funding to Restore Trust in Email Communications (Yahoo) Armorblox has raised a $30 million Series B round of venture capital funding led by Next47 to restore trust in email communications.
Silverado’s First Steps (Medium) Charting a new path towards American prosperity and global competitiveness in the 21st century.
Arcserve, StorageCraft set to merge (CRN Australia) Deal will see two companies under the Arcserve brand.
Reston software firm raises nine figures in new funding to capitalize on 'tectonic shift' (Washington Business Journal) Fast-growing software company ScienceLogic has raised $105 million in fresh funding to take advantage of a Covid-19-inspired “tectonic shift” in IT operations management.
HYAS Closes $16 Million Series B Funding Round Led by S3 Ventures for Cyberattack Intercept Technology (GlobeNewswire) Investment Will be Used to Expand Go-to-Market and SaaS Capabilities to Preemptively Identify the infrastructure behind Phishing, Ransomware and Supply Chain Attacks
Fortinet Announces Pricing of $1.0 Billion Senior Notes Offering (GlobeNewswire) Fortinet, Inc. (Nasdaq: FTNT) announced today that it has priced its underwritten, registered public offering of $1.0 billion aggregate principal amount of senior notes, consisting of $500.0 million aggregate principal amount 1.000% notes due 2026 and $500.0 million aggregate principal amount of 2.200% notes due 2031. The offering is expected to close on March 5, 2021, subject to the satisfaction of customary closing conditions.
Sheryl Sandberg and Top Facebook Execs Silenced an Enemy of Turkey to Prevent a Hit to the Company’s Business (ProPublica) Amid a 2018 Turkish military campaign, Facebook ultimately sided with Turkey’s demand to block the page of a mostly Kurdish militia. “I am fine with this,” Sandberg wrote.
The Real Story of What Happened With News on Facebook in Australia (About Facebook) Many people are rightly asking: what on Earth was all that about?
Facebook considers Canada news licensing as country looks to Australia's path (NASDAQ:FB) (SeekingAlpha) Facebook (FB -1.1%) is looking at potential news licensing deals in Canada, Reuters reports, ahead of some Australia-like legislation ahead to force publisher payments
Verizon and AT&T just spent almost $70 billion on spectrum to improve their 5G networks (The Verge) Verizon alone spent over $45 billion.
nVisium Grows by 30% as Demand for Vulnerability Assessments and Security Training Services Accelerates (PR Newswire) nVisium, a leader in application security, today announced their continued growth as the company positions themselves for further acceleration...
Arete Incident Response Achieves Record Sales and Profit Performance in 2020 (PR Newswire) Arete Incident Response, a leading global provider of cybersecurity services and technology to corporations, law firms, insurance carriers, and...
GitHub Hires Mike Hanley as Chief Security Officer (SecurityWeek) Software development platform GitHub has hired Mike Hanley as its new Chief Security Officer (CSO).
Geared for Global Channel Success with New Leadership (OneLogin) Meet our new VP of Global Channels, Strategic Alliances and GM Asia Pacific, Doug Erickson.
INAP Names Monique Stone VP of Channel and Alliances, Announces New Partner Program (PR Newswire) INAP, a global provider of performance-driven, secure enterprise hybrid infrastructure solutions, today announced the appointment of Monique...
Cybersecurity Leader Gus Hunt Joins LookingGlass Advisory Board (GlobeNewswire) Former CIA CTO to Help Guide Company’s Product and Business Strategy
Michael Scruggs Joins SAIC as SVP of Artificial Intelligence; Dee Dee Helfenstein Quoted - ExecutiveBiz (ExecutiveBiz) Science Applications International Corp. (SAIC) announced on Wednesday that Michael Scruggs, previou
Cobalt Announces New Chief Product Officer to Strategically Advance Pr (PRWeb) Cobalt, the leading Pentest as a Service (PtaaS) company that’s modernizing the traditional, static penetration testing model, today announced it has named
Products, Services, and Solutions
CrowdStrike Delivers Advanced Threat Protection for Cloud and Container Workloads to Provide Greater Control and Visibility from Build to Runtime (BusinessWire) CrowdStrike Delivers Advanced Threat Protection for Cloud and Container Workloads to Provide Greater Control and Visibility from Build to Runtime
Vdoo Launches integration with the Yocto Project (GlobeNewswire) Vdoo provides the Yocto Project vulnerability analysis for Poky builds produced by the community
Sift to Partner with McDonald’s for Mobile Order Experience In Select Countries Across Europe, Asia, Africa, and Oceania (GlobeNewswire) Sift, the leader in Digital Trust & Safety, today announced that it is partnering with McDonald’s to prevent fraud and streamline the customer experience on the McDonald’s mobile app in select countries across Europe, Asia, Africa, and Oceania. Available on the App Store and Google Play, the McDonald’s mobile app allows customers to order and pay for menu items for drive-thru and curbside pickup, contactless mobile order and pay, exclusive deals, and more – all in one place.
Transmit Security Signals the End of the Password Era with Industry’s First Authentication Service that Enables Organizations to Delete all Customer Passwords from Their Database (BusinessWire) Transmit Security Announces BindID
Assured Data Protection Partners with Confluera to Launch Managed XDR (PRWeb) Assured Data Protection, the prominent IT managed services provider (MSP) for cloud data protection solutions, today announced that it has entered into a ...
Modern Workflow Requires Modern Data Protection - BackUp Maker Delivers a Seamless Backup of All Valuable Data (Digital Journal) Simple data-backup solution for Windows released in new version 8
Humio Announces Advanced Log Management Certification Course for ITOps, DevOps and SecOps Practitioners (DevOps.com) Live education sessions will be delivered by Humio, IBM, Instana, Lunar, SOC Prime and Vijilan Security SEATTLE -- February 23, 2021 -- Humio, the only
Datawiza Joins Microsoft Intelligent Security Association Program (GlobeNewswire) Datawiza cloud-delivered access management lets Microsoft Azure Active Directory customers protect their hybrid multi cloud environments from a single console
Very Good Security (VGS) Further Enhances Mission to Secure the World's Information with VGS Control (BusinessWire) Today, Very Good Security (VGS), the modern standard for data security and compliance, has further cemented its commitment to securing the world’s inf
Next Pathway Announces New Capabilities to Crawler360 and SHIFT to Accelerate Migration From Hadoop to the Cloud (PR Newswire) Next Pathway Inc., the Automated Cloud Migration company, today announced enhanced capabilities within SHIFT™ Migration Suite and Crawler360™,...
ThreatLocker Partners With Datto to Streamline Secure Business Operations (BusinessWire) ThreatLocker, the global cybersecurity leader, providing enterprise-level cybersecurity tools for the Managed Services Provider (MSP) industry to impr
Technologies, Techniques, and Standards
Alliance Activities : Publications : Electric Vehicle Charging Open Payment Framework with ISO 15118 (Secure Technology Alliance) Alliance Activities : Publications : Electric Vehicle Charging Open Payment Framework with ISO 15118
How the GSA is Protecting the Fed from Cyber Attacks - Security Insider Access Online (Security Insider Access Online) One of the main objectives of the GSA is to modernize the Federal Governments IT Infrastructure. This involves some fun and exciting projects in the world of AI and Machine Learning. However, this also includes the threat protection and CyberSecurity, and the GSA’s Highly Adaptive Cybersecurity Services (HACS) SIN category 54151HACS is a Federal Agency’s …
Design and Innovation
Adversary playbooks done right (LinkedIn) Dragos just released its "2020 ICS CYBERSECURITY YEAR IN REVIEW." In it, they list a number of relatively new adversary group names that concentrate their activity on industrial control systems...
GCHQ to use AI to tackle child sex abuse, disinformation and trafficking (GCHQ) We publish a first-of-its kind paper outlining how we could use AI to help protect the UK
Academia
RangeForce Partners With BlackGirlsHack to Address Lack of Diversity in Cybersecurity and Skills Shortage (BusinessWire) BlackGirlsHack members now have affordable access to RangeForce learning modules to acquire real world skills and realize careers in cybersecurity.
Lew-Port Ethical Hacking Team shines (Yahoo) In the middle of their Feb. 22 meeting, members of the Lewiston-Porter Board of Education congratulated their technology team for remaining champions at a University of Buffalo's High School Cybersecurity Competition, held earlier in this month. The competition involves a team of four high school students working to defend a small network of systems from attack, with their ...
Legislation, Policy, and Regulation
Australia passes landmark law to force Facebook and Google to pay for news content (Computing) Facebook says it will invest at least $1 billion in the news industry over the next three years
China wants your data — and may already have it (OPB) When COVID hit, a Chinese firm offered to set up testing labs in the U.S., which could have given it access to DNA data. The U.S. says this is part of China's effort to collect mass data on Americans.
Insurers Say EU Cyber Rules For Finance 'Too Prescriptive' (Law360) Insurers said Wednesday that new European legislation that will require financial services companies to introduce new safeguards against cyberattack are too prescriptive to be applied broadly across the sector.
Biden signs executive order demanding supply chain security review (CyberScoop) President Joe Biden signed an executive order on Wednesday directing federal agencies to conduct a review of supply chain security risks in industries including information technology. While a significant goal of the order is to address shortages of a wide assortment of critical imported components such as electric batteries and pharmaceuticals, it does include a mandated review of the information and communications technology sector.
The Cybersecurity 202: Biden's plan to boost U.S. chip production finds an ally in banned Chinese firm Huawei (Washington Post) President Biden's new executive order to boost U.S. chip production has been met with praise from an unexpected source: Chinese telecommunications firm Huawei.
Biden’s Cybersecurity ‘Dream Team’ Has a Nightmare First Assignment (Bloomberg) Hi, this is Alyza on Bloomberg’s cybersecurity team. President Joe Biden took office less than two months after U.S. companies and government agencies began disclosing that they’d been victimized as part of a sprawling cyber-attack by suspected Russian hackers.
Massive SolarWinds Hack Prompts Calls for U.S. Law Requiring Cyber Breach Reporting (Insurance Journal) A bipartisan group of senators on Tuesday recommended that the U.S. consider requiring companies to disclose when they have been hacked. At the first
SolarWinds fallout sparks calls for mandatory incident reporting, repercussions after cyber attacks (Federal News Network) In the wake of the SolarWinds breach, the Senate Intelligence Committee turned to industry for recommendations on preventing such incidents.
Senate passes bill to create state Office of Cybersecurity (Washington State Wire) The Washington State Senate unanimously passed legislation today requested by Governor Jay Inslee that would create an Office of Cybersecurity (OCS) to establish security standards that state programs would be required to meet. Housed within the Office of the Chief Information Officer (OCIO), the overarching directive of the new office would be to develop a
Lawmakers Call for Ambassador to Represent U.S. in Cyberspace (Wall Street Journal) A group of congressional lawmakers are renewing their call for a cyber ambassador in the State Department, reviving a bill that created friction between Congress and the Trump administration.
FDD | Bolstering America’s Cyber Diplomacy Capabilities (FDD) The principles of an open, transparent, and reliable internet – a foundation of American prosperity – are currently under attack by authoritarian enemies and adversaries, including Russia and China.
Kamala Harris plans to prioritize cybersecurity and global health in foreign policy platform (CBS News) While the White House tackles domestic crises stemming from the COVID-19 pandemic, Vice President Kamala Harris is looking beyond U.S. boundaries to develop her foreign policy portfolio.
How the National Cyber Director Position Is Going to Work: Frequently Asked Questions (Lawfare) Two members of the Cyberspace Solarium Commission answer questions about the new position.
William Burns gets warm reception at Senate confirmation hearing to become next CIA director (Washington Post) William J. Burns, a veteran diplomat who in his career helped lead secret negotiations with Iran and served as the U.S. ambassador to Russia, received a warm reception Wednesday from the Senate Intelligence Committee at his confirmation hearing to become the next CIA director.
Hundreds of workers at cybersecurity agency vote to strike (CBC News) Hundreds of cybersecurity workers at Canada's foreign signals intelligence agency have voted to strike, a move that comes amid growing conerns about cyber attacks during the COVID-19 pandemic.
CIA Nominee Burns Promises Spying Focus on China, Seeing ‘Adversarial, Predatory’ Regime (Wall Street Journal) The veteran diplomat pledged to deliver bad news to policy makers, after senators noted tumult of the Trump years.
Hackers Seized on the Pandemic. Some States Are Fighting Back. (Pew Trusts) “We don’t want cyber 9/11.”
Litigation, Investigation, and Law Enforcement
Indian Army orders probe in alleged data breach in Northern Command (Business Standard) The data breach took place when the soldier from Punjab and posted under the Northern Command was caught by officials dealing with the alleged issue, Army sources said here
French Regulator Lambasts Health Companies Over Mass Data Leak (BNN) Companies lost sensitive personal information about the health of half a million people in France over a period of five years, France’s privacy watchdog said on Wednesday.
The risks and rewards of charging state-backed hackers (Axios) The charges could invite retaliation against U.S. intelligence officials.
Facebook, Google Face ‘Strong Pipeline’ of Privacy Rulings in Europe (Wall Street Journal) The privacy regulator overseeing Facebook, Google and Apple in the European Union expects to boost its tally of big tech decisions this year—and rejects complaints that its enforcement has been too slow.
Palantir: NHS faces legal action over data firm contract (BBC News) Controversial data-crunching firm Palantir's deal with the UK health service is under the spotlight.
NHS faces legal challenge over Palantir contract (Computing) Lawsuit claims that NHS England failed to do an impact assessment before handling a new two-year contract to Palantir
Unreported Breach Sparks Warning From French Regulator (Law360) France's data protection authority on Wednesday seized on a suspected health data leak that's been reported in the media but not to the regulator's office to drive home the importance and costly repercussions for companies that fail to disclose data breaches within 72 hours of discovery.
Reddit user faces securities fraud lawsuit for GameStop stock rise (PropertyCasualty360) The suit alleges Keith Gill misrepresented himself as an investor to manipulate the market for his own profit in the Robinhood/GameStop trading frenzy.
Texas Justices Mull Facebook's Immunity In Trafficking Suits (Law360) The Texas Supreme Court questioned during oral arguments on Wednesday the scope of immunity outlined in the Communications Decency Act and whether it can be used to end a lawsuit accusing Facebook of providing an unrestricted platform for predators to exploit, extort and recruit children into the sex trade.