Oxford University confirmed yesterday that its Division of Structural Biology, a prominent lab working on understanding COVID-19, had been accessed by unauthorized parties. Forbes says the intruders accessed "machines used to prepare biochemical samples," and that the threat actor appears to be a criminal group offering stolen biomedical data for sale to nation-state intelligence services.
GreatHorn has identified a Zoom-based phishing impersonation campaign active in the European Union. It's a credential-harvesting effort, and its phishing emails enjoy some success despite poor idiomatic control of written English. The criminals have taken care to make their urls look like the now-familiar links legitimate Zoom users are accustomed to.
NSA has published a Cybersecurity Information document that urges cybersecurity professionals to adopt a zero-trust security model. A system "engineered according to Zero Trust principles can better position them to secure sensitive data, systems, and services."
CISA yesterday issued four advisories on industrial control systems: ProSoft Technology ICX35, Fatek FvDesigner, PerFact OpenVPN-Client, and Rockwell Automation Logix Controllers. Claroty quietly disclosed a cryptographic flaw in the last-mentioned Rockwell PLCs to the manufacturer last year. Now that Rockwell has fixed the vulnerability, Claroty has provided details: an attacker could have discovered a secret cryptographic key used to verify communication between the PLC and its engineering station. This could permit an attacker to mimic a workstation and manipulate manufacturing processes.