Cyber Attacks, Threats, and Vulnerabilities
Chinese Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions (Recorded Future) Insikt Group has revealed details of a cyber campaign conducted by a China-linked group, named RedEcho, targeting India's power sector.
China Appears to Warn India: Push Too Hard and the Lights Could Go Out (New York Times) As border skirmishing increased last year, malware began to flow into the Indian electric grid, a new study shows, and a blackout hit Mumbai. It now looks like a warning.
Amidst Border Tensions, Chinese Hackers Targeted India's Power Grid Through Malware (The Wire) A report by the US-based firm Recorded Future suggests that the power outage in Mumbai in October may have been the result of a Chinese cyber campaign against India.
Chinese cyber attack caused massive Mumbai power outage last year? (The Week) US study found Chinese malware was present in India's electricity supply systems
Cyber intel firm says Chinese hackers have infiltrated India's power sector (Tribuneindia News Service) In a warning message after tension at Ladakh border, China launched a cyber-campaign hit against India's power grid targeting Mumbai in October A cyber intelligence company says it has found that hackers linked to China have infiltrated power systems and ports in India in a "show of force" and they have the ability to create disruptions.
Chinese hacker groups target at least dozen Indian organisations (Hindustan Times) Among the organisations that were targeted were NTPC Limited, five key regional load dispatch centres that help in the management of the national power grid by balancing electricity supply and demand and two ports, says the study by Recorded Future, a US-based company
Russian hackers aim cyber attack on Ukrainian government agencies (teiss) Russian hackers used a popular file-sharing system as a vector to spread malware to the networks of multiple Ukrainian government agencies.
Oxford University says research not affected after expert flags COVID lab hack (Reuters) Oxford University said on Thursday it was investigating a digital intrusion after a researcher said he had seen evidence that a laboratory researching COVID-19 had been hacked.
Lazarus targets defense industry with ThreatNeedle (Kaspersky ICS CERT) In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.
The SolarWinds Body Count Now Includes NASA and the FAA (Wired) Plus: Firefox blocks more tracking, how to fight a robodog, and more of the week’s top security news.
SolarWinds’s Security Practices Questioned by Lawmakers (Bloomberg) Technology company defends its cybersecurity culture, spending. ‘Password spraying’ among 3 potential methods for initial hack.
Former SolarWinds CEO blames intern for 'solarwinds123' password leak (CNN) Current and former top executives at SolarWinds are blaming a company intern for a critical lapse in password security that apparently went undiagnosed for years.
CrowdStrike Exec Points to Active Directory 'Structural Problems' in Senate Solorigate Hearing (Redmondmag) Microsoft's Active Directory authentication solution got notably skewered during a Feb. 23 U.S. Senate hearing on the SolarWinds Orion software hack.
Assessing Fallout from the SolarWinds Breach (eWEEK) It’s entirely possible that the U.S. government has undergone—and is still suffering the fallout from—the harshest, most potentially devastating cyber breach in the short history of digital information. Reuters broke the story last December that foreign entities—the National Security Agency and FBI have identified them as the Russian hacking group APT29, also known as Dark […]
The anatomy of the SolarWinds attack chain (ITWeb) As traditional network security barriers dissolve, the ‘assume breach’ mindset has never been more critical.
Microsoft Releases Free Tool for Hunting SolarWinds Malware (Dark Reading) Meanwhile, researchers at SecurityScorecard say the fileless malware loader in the attack - Teardrop - actually dates back to 2017.
Microsoft open sources CodeQL queries used to hunt for Solorigate activit (Microsoft Security) We are sharing the CodeQL queries that we used to analyze our source code at scale and rule out the presence of the code-level indicators of compromise (IoCs) and coding patterns associated with Solorigate so that other organizations may perform a similar analysis.
()
No, 1,000 engineers were not needed for SolarWinds (Errata Security) Microsoft estimates it would take 1,000 to carry out the famous SolarWinds hacker attacks . This means in reality that it was probably fewer...
SolarWinds Hack Pits Microsoft Against Dell, IBM Over How Companies Store Data (Wall Street Journal) Microsoft argues the cloud offers more protection; rivals point to the need of firms to hold and access their information on-premise.
Texas power outages demonstrate grid cyber vulnerability and inadequacy of existing regulations (Control Global) Recent Texas power outages and the loss of both electricity and water across Texas demonstrate how vulnerable ERCOT and Texas are to not only natural disasters such as snowstorms and hurricanes but also manmade and malicious activities.
Attackers Turn Struggling Software Projects Into Trojan Horses (Dark Reading) While access to compromised systems has become an increasingly common service, some cybercriminals are going straight to the source: buying code bases and then updating the application with malicious code.
Ransomware hackers turn to virtual machine software to boost extortion schemes (CyberScoop) Ransomware gangs that target big corporations for extortion have long designed their code to execute on Microsoft Windows systems because of the popularity of the operating software.
Code-execution flaw in VMware has a severity rating of 9.8 out of 10 (Ars Technica) Thousands of servers running vCenter server could be in for a nasty surprise.
Hackers exploit websites to give them excellent SEO before deploying malware (ZDNet) Climbing up Google’s ranks is key to this new technique.
Hackers release a new jailbreak tool for almost every iPhone (TechCrunch) The jailbreak group said it used its "own exploit" for a vulnerability that Apple said was "actively exploited" by hackers.
Far-Right Platform Gab Has Been Hacked—Including Private Data (Wired) The transparency group DDoSecrets says it will make the 70GB of passwords, private posts, and more available to researchers, journalists, and social scientists.
Volunteers of America Chesapeake & Carolinas Notice of Security Incident (PR Newswire) Volunteers of America Chesapeake & Carolinas ("VOACC") announced today a phishing email incident that involved a small number of email accounts...
The Home for the Little Wanderers Provides Notice of a Data Security Incident (PR Newswire) The Home for the Little Wanderers ("The Home") is providing notice of a recent data security event. On or about December 28, 2020, The Home...
Secondary school pays ransom after being hit by a cyber attack (NL Times) A secondary school in Gelderland has paid a ransom after a cyber attack. Director of the Staring College, Carlien Krist-Spit, informed parents of schoolchildren and other involved parties per email on Friday. She will not say how much ransom has been paid. The school community has reported the matter to the police.
Security researcher recommends against LastPass after detailing 7 trackers (The Verge) Users can opt out in the advanced settings menu.
1Password has none, KeePass has none... So why are there seven embedded trackers in the LastPass Android app? (Register) Third-party code in security-critical apps is obviously suboptimal, but company says you can opt out
City of Kingman government computer system hit by cyberattack (KNXV) According to a Sunday release from spokeswoman Colleen Haines, the city became aware of the attack "throughout the entire computer system" on Friday. The FBI, Department of Homeland Security, and Arizona National Guard Cyber Joint Task Force have all been in contact to help address the hack.
Personal data stolen in Oxfam cyber attack (Yahoo) Hackers have breached an Australian charity's cyber defences to steal personal details and comprising information of supporters from its servers, the organisation says.Oxfam Australia has confirmed its databases were hacked by an external party in January.
Jamaica’s JamCOVID pulled offline after third security lapse exposed travelers’ data (TechCrunch) Over half a million traveler quarantine orders were left unprotected.
Cyber Trends
Seven out of 10 Organizations Report Facing new Security Challenges as a Result of the Pandemic, Though Only a Third Consider Cybersecurity a top Priority for 2021 (Tanium) Tanium survey of IT decision makers finds that enterprises are observing an uptick in mishandling of confidential data, phishing and shadow IT
Kaspersky shares state of stalkerware in 2020 (GlobeNewswire) Today Kaspersky released “The State of Stalkerware 2020” report, which captures the incidence of the secret surveillance software often used in cases of domestic violence.
New Skybox Security Research Discovers 106% Increase in New Malware (PR Newswire) Skybox Security, a global leader in security posture management, today announced the release of its 2021 Vulnerability and Threat Trends Report....
Why a cybersecurity career will remain in demand (Study International) Companies need to prioritise developing and maintaining a team of technologists and cybersecurity experts who understand how perpetrators think.
Making sense of the UK Cybersecurity Sector (ComputerWeekly) Most of the £8.9 bn of spend is via 20 large telco, defence suppliers and consultancies, Barely 150 suppliers are big enough to supervise in-house trainees.
Cyberattacks Cost Hospitals Millions During Covid-19 (Wall Street Journal) Universal Health Services alone says a malware attack in September cost it millions as patients went elsewhere for care and it had to pay to restore its operating systems.
Marketplace
()
Cybersecurity Firm SentinelOne Plans for IPO at Possible $10 Billion Value (Bloomberg) SentinelOne is interviewing banks and might list this year. Company could seek a valuation of more than $10 billion.
Armorblox Raises $30M To Secure Email And Beyond (Crunchbase News) Armorblox closed a $35 million Series B to move email security beyond just blocking spam raids and into stopping targeted, socially engineered attacks
Cybersecurity Market Review (Q3 2020) (Momentum Cyber) We are pleased to provide you with Momentum Cyber’s fourth annual Cybersecurity Almanac 2021 – the most comprehensive and accurate strategic data and insights available on the industry.
DARPA opens door to more private equity-backed firms (Washington Technology) The Defense Advanced Research Projects Agency adjusts the requirements for bidders on Small Business Innovation Research contracts to allow participation by private equity-backed firms.
Everything you need to know about Darktrace (City Index) Everything you need to know about Darktrace
Accenture lands $114m Defence vetting system overhaul deal (iTnews) Named as system integrator.
Investor behind spyware firm NSO hit by internal bust-up (Sky News) A group of Novalpina Capital's investors have been asked to help decide on its future leadership, Sky News learns.
VMware Execs Keep Mum on CEO Search, Post Q4 Beat (SDxCentral) VMware reported a strong Q4 and end to its fiscal year 2021 with full-year revenue of $11.8 billion, growing 9% from fiscal 2020.
Huawei USA security chief calls for Biden to ease sanctions: We’ve been significantly hurt (Yahoo) Chinese telecommunications giant Huawei called for direct dialogue with the Biden administration Thursday, as it looks to turn around dwindling sales depressed by U.S. sanctions on the company.
The sooner Huawei can go back to using Google OS the better: USA chief security officer (Yahoo) Chief Security Officer of Huawei USA Andy Purdy said the company is still hoping for a reunion with Google’s Android operating system.
Nordic cyber training startup plans for growth in SA (San Antonio Business Journal) The local headquarters only has one employee, but he plans to have that change soon.
US cyber-security firm Rapid7 opens modern Belfast office (Belfast Telegraph) It could pass for the foyer of a trendy bar or boutique hotel - but in fact, this is the new Belfast office of a US cyber-security firm.
US cyber-security firm continues rapid recruitment drive after opening new Belfast base (The Irish News) US Cyber-security firm Rapid7 has officially opened its new Belfast headquarters after recruiting around 80 new staff in the past 11 months.
Fortinet Vet Geoff Kreiling to Lead Deep Instinct Partners (Channel Futures) Fortinet has lost another channel vet, this time it's Geoff Kreiling, who will lead Deep Instinct partners as vice president of MSSP and channel.
Michael Scruggs Joins SAIC as SVP of Artificial Intelligence (HS Today) Science Applications International Corp. (SAIC) has announced that Michael Scruggs has joined the company as the new senior vice president of Artificial Intelligence (AI), effective immediately.
GitHub hires first-ever chief security officer (SearchSoftwareQuality) GitHub has hired Mike Hanley, a software security industry veteran and former chief information officer at Cisco, to be its first chief security officer.
Products, Services, and Solutions
Veeam Releases New V11 with 200+ Enhancements, Eliminating Ransomware and Data Loss while Providing a Single Platform for Modern Data Protection (Veeam Software) New 4-in-1 solution combines backup, replication, storage snapshots and now, Continuous Data Protection (CDP)
SentinelOne Singularity XDR Marketplace enables enterprises to ingest and action diverse data (Help Net Security) Singularity XDR Marketplace enables security teams to drive a unified, orchestrated response among security tools in different domains.
Cyren Joins Palo Alto Networks Cortex XSOAR Marketplace (Yahoo) Cortex XSOAR Marketplace enables organizations to discover, share and consume security orchestration innovations from a global ecosystem to scale up automation
Study: BloxOne Threat Defense Delivers Nearly 250% Return on Investment (PR Newswire) Infoblox Inc., the leader in Secure Cloud-Managed Network Services, announced the results of Forrester Consulting's Economic Impact analysis of...
Comodo launches SOCaaP (Security-Operations-Center-as-a-Platform), empowering MSPs/MSSPs/ISPs to ramp up recurring revenue from Cybersecurity managed services with zero up-front cost (Yahoo) Comodo, the global leader of next-generation Cybersecurity technology, today announced the release of the world’s first security operations center (SOC)-as-a-Platform (SOCaaP), revolutionizing th...
Akamai releases software for vaccination registration websites (iTWire) Global content delivery network Akamai has released software for running vaccination registration websites, with Vaccine Edge claimed to provide the needed delivery, security and waiting room logic. The software has been developed at a time when a number of countries, Australia included, are launchi...
Cavirin speeds up the process of keeping customers' hybrid clouds safe (Help Net Security) The introduction of Version 6 of Cavirin's cloud security and compliance product delivers more efficient reporting and remediation.
Proact launches updated disaster recovery solution for multicloud environments (News Powered by Cision) Proact is launching a new version of its managed disaster recovery service, which allows customers
Milton Security Introduces Variable Billing; Easing Financial Strain During Pandemic (PR Newswire) Milton Security, a leading provider of Threat Hunting as a Service, XDR & MDR (MxDR) SOC Services, introduced a variable billing plan today...
Technologies, Techniques, and Standards
How to manage third-party risk in the supply chain (SearchSecurity) The SolarWinds breach has brought supply chain security back into the spotlight. Learn how to manage third-party risk to ensure your organization's suppliers aren't its weakest security link.
Network Architecture For The Great Power Competition (Breaking Defense) Peer/near-peer threats demand that military services, allies and partners connect networks, share information and respond to adversaries in real-time.
Academia
Schools Are Abandoning Invasive Proctoring Software After Student Backlash (Vice) Proctorio has cashed in on remote learning since the start of the pandemic. Now, some schools are abandoning the company's controversial software.
Girls get hands on STEM experience, compete in Raytheon cyber challenge (WZDX Rocket City Now) The students say they hope to inspire more girls to get involved in the STEM field.
USF launches cybersecurity major at Sarasota-Manatee campus (My Sun Coast) The Muma College of Business at USF has announced it will launce a brand new cybersecurity major at the Sarasota-Manatee Campus.
MHCC offers cyber security scholarshps (The Outlook) Underrepresented students can get full ride grants in the fall for sought-after program
Legislation, Policy, and Regulation
FireEye cyber CEO: American internet users will be targeted in next war (Yahoo) Any future real-world conflict between the United States and an adversary like China or Russia will have direct impacts on regular Americans because of the risk of cyber attack, Kevin Mandia, CEO of cybersecurity company FireEye, tells "Axios on HBO.
UK taxpayer to take more stakes in tech start-ups (Financial Times) Sunak fund intended for groups that need to scale up to next stage of development
Former NSA and Cyber Command Chief Keith Alexander on SolarWinds, Cyberwar, and China (The Record by Recorded Future) The former head of NSA and Cyber Command talked to The Record about SolarWinds, China, and the importance of information sharing.
Ex-NSA chief: No idea how badly SolarWinds hack harmed security (The Jerusalem Post) NSA Cyber Chief Anne Neuberger, an Orthodox Jewish woman, has been assigned as the government's "lead person” to investigate the incident.
Congress has new appetite for breach law following SolarWinds hack (iTnews) That led to sprawling series of digital intrusions.
Hearing on Hack Prompts Call for Review of Government’s Cloud Procurement (Nextgov.com) A key lawmaker highlighted a profit motive for “basic” cybersecurity as problematic following an exchange with Microsoft President Brad Smith.
WSJ News Exclusive | U.S. to Impose Sweeping Rule Aimed at China Technology Threats (Wall Street Journal) The rule enables the Commerce Department to ban technology-related business transactions that it determines pose a national security threat, part of an effort to secure U.S. supply chains.
DHS to Provide $25 Million More for Cybersecurity Grants (BankInfo Security) The U.S. Department of Homeland Security will provide an additional $25 million in grants to state and local cybersecurity preparedness programs with a particular
US shifts state grant focus to extremism, cyberthreats (Star Tribune) State and local governments will be required to spend a portion of nearly $1.9 billion in annual federal public safety grants on the fight against domestic extremism and improved cybersecurity, the Department of Homeland Security said Thursday.
F.C.C. Approves a $50 Monthly High-Speed Internet Subsidy (New York Times) The money, aimed at low-income households, is part of an effort to bridge the access gap to broadband connectivity amid the pandemic.
New York Cyber Task Force Publishes New Report Calling for National Cyber Response Readiness (Next Peak) Over the last year, the New York Cyber Task Force (NYCTF) gathered leading experts from business, policy and academia to analyze the degree to which the United States is ready for future cyber challenges to its national security.
Krebs Lays Out CISA Bite-Back at Health-Sector Hackers (Meritalk) While it’s no secret that the healthcare sector became a major target for ransomware attacks during the COVID-19 pandemic, former Cybersecurity and Infrastructure Security Agency (CISA) Director Chris Krebs is shedding new light on the tone of CISA’s efforts to bite back against health-sector threats.
()
Warnings From the Queer History of Modern Internet Regulation (Wired) Section 230 faces countless reform efforts. But a look back reminds us that categorical content bans often come at the expense of marginalized groups.
How One State Managed to Actually Write Rules on Facial Recognition (New York Times) Massachusetts is one of the first states to put legislative guardrails around the use of facial recognition technology in criminal investigations.
Litigation, Investigation, and Law Enforcement
Report: Saudi Crown Prince Approved Khashoggi Operation (Foreign Policy) A long-awaited intelligence report comes as Biden reassesses the United States’ relationship with Saudi Arabia.
Saudi crown prince approved operation that led to death of journalist Jamal Khashoggi, U.S. intelligence report concludes (Washington Post) The Biden administration will impose no direct punishment on Saudi Arabia’s Crown Prince Mohammed bin Salman for the 2018 murder of Saudi journalist Jamal Khashoggi, despite the conclusion of a long-awaited intelligence report released Friday that he “approved” the operation, administration officials said.
Intel report finds Saudi crown prince approved Khashoggi murder (POLITICO) But critics argue the new Biden administration sanctions don't go far enough.
Biden Administration Urged to Penalize Saudi Crown Prince Over Khashoggi Killing (Wall Street Journal) The administration has sanctioned a top aide as well as the force that played a role in the murder of Jamal Khashoggi, but stopped short of punishing Mohammed bin Salman for ordering the operation that led to the journalist’s death.
How Biden, Congress, and US Business and Civic Leaders Can Deliver Justice for Jamal Khashoggi (Just Security) The world must ensure that the Saudi regime, and the Crown Prince in particular, are held accountable for Khashoggi's murder.
Statement by Foreign Affairs Committee Vice Chair Rep. Tom Malinowski on the Release of the Khashoggi Report (Representative Tom Malinowski) “I welcome the overdue release of the DNI’s report confirming the judgement of the intelligence community that Saudi Crown Prince Mohammed bin Salman was responsible for the entrapment and gruesome murder of Virginia-resident and journalist Jamal Khashoggi. The House of Representatives called for this report on a fully bipartisan basis nearly two years ago, when it voted 405-7 to pass my bill, the Saudi Arabia Human Rights and Accountability Act.
The Cybersecurity 202: A report on Jamal Khashoggi's death renews concerns over spyware (Washington Post) U.S. intelligence officials released a report Friday concluding that Saudi Arabia's Crown Prince Mohammed bin Salman “approved” the operation that resulted in the 2018 murder of Washington Post journalist Jamal Khashoggi, Karen DeYoung reports.
Israeli spyware firm NSO Group faces renewed US scrutiny (the Guardian) Department of Justice said to have asked WhatsApp for details of alleged targeting of clients in 2019
ICE investigators used a private utility database covering millions to pursue immigration violations (Washington Post) Government agencies increasingly are accessing private information they are not authorized to compile on their own
SEC Suspends Trading in 15 Stocks That Got Hyped on Social Media (Bloomberg) Wall Street watchdog temporarily halts trading in 15 stocks. Regulator says it’s actively monitoring online message boards.
Bots hyped up GameStop on major social media platforms, analysis finds (Reuters) Bots on major social media platforms have been hyping up GameStop Corp and other "meme" stocks, according to an analysis by Massachusetts-based cyber security company PiiQ Media, suggesting organized economic or foreign actors may have played a role in the Reddit-driven...
UK government accused of favorable treatment for data firm Palantir (POLITICO) The US company has secured £46 million of contracts as part of the UK government’s response to coronavirus.
UK government faces lawsuit over health data deal with shadowy Palantir (TRT World) The data behemoth has been implicated in several human rights abuse scandals, and activists critique the secretive deal and its ramifications for the public.
Huawei executive Meng to argue Trump ‘poisoned’ her extradition case (Washington Post) Lawyers for Huawei executive Meng Wanzhou return to court on Monday to argue against her extradition to the United States on fraud charges. But the focus will be on former president Donald Trump.
FBI Investigating Michigan School District Hack (Infosecurity Magazine) Saginaw Township Community Schools targeted in ransomware attack
German Charged After Supplying Plans of the Bundestag to Russia (SOFREP) Prosecutors say that in 2017, the 55-year old Jens F. sent the PDF files to an officer with Russia's GRU military intelligence agency.
Taking on the tech giants: the lawyer fighting the power of algorithmic systems (the Guardian) Whether it’s the CIA or Facebook, lawyer and activist Cori Crider is never one to shy away from a fight
$650M Facebook Privacy Deal OK'd, $110M Atty Fees Trimmed (Law360) A California federal judge on Friday praised a $650 million settlement resolving claims that Facebook's facial recognition technology violated Illinois users' biometric privacy rights, calling it a "landmark result," but he trimmed the $110 million requested attorney fees to $97.5 million.
Facebook ordered to pay $650m to settle facial recognition lawsuit (Computing) Settlement of class-action lawsuit one of the largest ever for privacy violation
Bringing New Money-Laundering Law Into Force Falls to Tiny Treasury Unit (Wall Street Journal) Among other things, FinCEN will have to create a registry of owners of anonymous shell companies, a task that will require a revamp of its creaky technology.
Review: Perlroth's book on the cyberarms market (Errata Security) New York Times reporter Nicole Perlroth has written a book on zero-days and nation-state hacking entitled “ This Is How They Tell Me The W...
We are living in 1984 (ETERNALBLUE) (Errata Security) In the book 1984 , the protagonist questions his sanity, because his memory differs from what appears to be everybody else's memory. The Par...
