Cyber Attacks, Threats, and Vulnerabilities
'It was human error': Cyberattacks took place but didn't cause Mumbai power outage, says govt (The Times of India) India News: Union power minister RK Singh on Tuesday said that there is no evidence to prove that the October 2020 electricity blackout in Mumbai was caused by a
Mitigate Microsoft Exchange Server Vulnerabilities (CISA) Cybersecurity and Infrastructure Security (CISA) partners have observed active exploitation of vulnerabilities in Microsoft Exchange Server products. Successful exploitation of these vulnerabilities allows an unauthenticated attacker to execute arbitrary code on vulnerable Exchange Servers, enabling the attacker to gain persistent system access, as well as access to files and mailboxes on the server and to credentials stored on that system. Successful exploitation may additionally enable the attacker to compromise trust and identity in a vulnerable network.
Emergency Directive 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities (US Department of Homeland Security) This page contains a web-friendly version of the Cybersecurity and Infrastructure Security Agency’s Emergency Directive 21-02, “Mitigate Microsoft Exchange On-Premises Product Vulnerabilities”.
Rapid Response: Mass Exploitation of On-Prem Exchange Servers (Huntress) On-prem Microsoft Exchange Server vulnerabilities are being actively exploited in the wild. Read our blog for Huntress' most up-to-date research and IOCs.
More Details Emerge on the Microsoft Exchange Server Attacks (Dark Reading) The attacks seem more widespread than initially reported, researchers say, and a look at why the Microsoft Exchange Server zero-days patched this week are so dangerous.
Lazarus Group’s MATA Framework Leveraged to Deploy TFlower Ransomware (Sygnia) When responding to a recent TFlower extortion attack, the Sygnia Incident Response team identified a MATA-framework backdoor, attributed to the Lazarus Group, that was used to distribute the TFlower ransomware. A wider threat research revealed over 200 MATA malware framework C2 certificates leveraged since May of 2019 across at least 100 IP addresses.
Qualys Update on Accellion FTA Security Incident (Qualys Security Blog) New information has come out today related to a previously identified zero-day exploit in a third-party solution, Accellion FTA, that Qualys deployed to transfer information as part of our customer…
Cybersecurity firm Qualys is the latest victim of Accellion hacks (BleepingComputer) Cybersecurity firm Qualys is the latest victim to have suffered a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files.
Clop ransomware gang leaks data allegedly stolen from cybersecurity firm Qualys (Security Affairs) Cybersecurity firm Qualys seems to have suffered a data breach, threat actors allegedly exploited zero-day flaw in their Accellion FTA server. Cybersecurity firm Qualys is the latest victim of a cyber attack, the company was likely hacked by threat actors that exploited a zero-day vulnerability in their Accellion FTA server. A couple of weeks ago, security experts […]
Cloud security firm Qualys reportedly victimized by prolific scammers (CyberScoop) A set of cybercriminals behind a string of recent hacks involving Accellion-made software is now claiming responsibility for a breach of Qualys, a major cloud computing security vendor. As proof of the access to data, an extortion site maintained by hackers has leaked documents claiming to contain information on Qualys customers.
Threat Alert: Monero Miners Target Cloud Native Dev Environments (Aquasec) Team Nautilus reveals a campaign that now resurfaces targeting Bitbucket & Docker Hub with continuous auto-build processes executing Monero cryptominers
US government warns of Social Security scams using fake federal IDs (BleepingComputer) Government imposter scams now come with a new twist that has the potential to make them even more effective, as the Inspector General for the Social Security Administration (SSA) warns.
SSA Inspector General: New Tactics for Government Imposters (Social Security Administration) Scammers use fake ID badges to impersonate employees via text messages
Scammers Target Wall Street in new Capital Call Fraud Schemes, Reveals Investigation by Email Security Firm Agari (Agari) Capital call payment scams target on average more than $800,000 in wire transfers 333% increase in payroll diversion scams as attackers evolve their tactics 61% of phishing threats reported by employees are false-positives 5.8 Billion malicious emails crafted by scammers spoof corporate URL domains Use of BIMI by companies jumps 82%
Threat Spotlight: Vaccine-related phishing (Barracuda Blog) Beware of phishing campaigns that use the COVID-19 vaccination as a hook.
The right to be forgotten: cybercriminal forum account deletion (Digital Shadows) We often hear lines like “your past will always catch up with you, no matter how hard you try to make it go away,” stark reminders that the decisions we make today will impact the results of tomorrow.
Report: Marketing Company Fails to Secure Client Data and Exposes 1,000s to Fraud (vpnMentor) Led by Noam Rotem, vpnMentor’s research team recently discovered a data breach from telemarketing company CallX.
Ripe for extortion? Navajo Nation hospital targeted by large-scale ransomware hack (NBC News) There were few publicly available details about the hack, which highlights how hospital staffers are often caught in the middle of ransomware attacks.
Cyber Attack on the Hanover Area (Fox56 WOLF) A cyber attack disrupted the internet access in the Hanover Area.
Allergy Partners confirms cyber attack caused network outage last month (FOX Carolina) The medical chain Allergy Partners confirmed they are investigating a cyber attack that caused a network outage late last month.
Notice of Data Security Incident (Santa Rosa Community Health) Santa Rosa Community Health (“SRCH”) recently learned of a data security incident involving a corporate email account that may have impacted a limited amount of protected health information (“PHI”). SRCH sincerely apologizes for any inconvenience this may cause impacted patients. Information about the incident and what SRCH has done in response can be found below.
I see you: your home-working photos reveal more than you think! (Naked Security) Beware of sensitive data lurking in the background of your video calls and social pictures.
Preventing Elder Scams (Avast) Cybercrime against older people is on the rise. Luckily, there are ways to communicate with your elder loved ones about these risks and protect them from online scams.
Not all cybercriminals are sophisticated (WeLiveSecurity) Not all perpetrators of online fraud use advanced methods to profit at the expense of unsuspecting victims or to avoid getting caught.
Security Patches, Mitigations, and Software Updates
Microsoft adds new cloud instances and security features to Azure (SiliconANGLE) Microsoft Corp. today added a family of memory-optimized instances to its Azure public cloud, along with new features designed to help customers manage and secure their environments.
Ransomware Uncovered 2020/2021 (Group-IB) The complete guide to the latest tactics, techniques, and procedures of ransomware operators based on MITRE ATT&CK®
New vArmour Research Reveals 76% of U.S. Employees Have Inappropriate Access to Applications and Data (GlobeNewswire) Identity-based Threats Cited as Major Concern as Businesses Look to Accelerate Their Zero Trust Journey
Business-Related Applications Are the Most Frequently Impersonated Over Email By Cybercriminals, Spoofed More Regularly Than Consumer and Social Applications (GreatHorn) New research from GreatHorn shows cybercriminals abandoning the “batch and blast” tactic for a less frequent but more targeted approach. Read the press release to learn more.
Feedzai’s Financial Crime Report: Fraud Attacks Skyrocketed in 2020 (Feedzai) Feedzai, the world’s leading cloud-based risk management platform, has announced its Financial Crime Report Q1, 2021.
Identiq raises $47 million to verify identities using a cryptographic network (VentureBeat) Identiq, a startup based in Tel Aviv developing a decentralized identity verification platform, has raised $47 million.
Okta Signs Definitive Agreement to Acquire Auth0 to Provide Customer Identity for the Internet
(Okta) Acquisition will accelerate Okta’s journey to provide identity for the internet, bringing choice and flexibility to both developers and the world’s largest organizations
Okta Acquires Fellow Identity Management Company Auth0 In $6.5 Billion All-Stock Deal (Forbes) Okta is acquiring Auth0 for $6.5 billion in stock in a big move in identity management software.
Thycotic-Centrify Merger Poses Potential Threat to PAM Leader CyberArk (Channel Futures) The Thycotic-Centrify merger could shake up the privileged access management (PAM) market, posing a potential challenge to "800-pound gorilla" CyberArk.
Mergers & Money: Dealmaking Starts To Smolder In Cybersecurity; IPO Rumors (Crunchbase News) While 2020 wasn’t a banner year for most things, that’s also true for M&A dealmaking in cybersecurity. However, last month saw some interesting acquisitions by both a large public company and a private company that may be the opening salvos in a battle to build the best extended detection and response (XDR) solutions.
Google to Stop Selling Ads Based on Your Specific Web Browsing (Wall Street Journal) The Alphabet company said that it plans next year to stop using or investing in tracking technologies that uniquely identify web users as they move from site to site across the internet.
Google Is Done With Third-Party Cookies But Experts Say 'Much More Needs to Be Done' (Vice) Facing growing pressure from regulators and competitors, Google’s shifting its ad-tracking tech toward larger, “anonymized” groups.
Google promises it won’t just keep tracking you after replacing cookies (The Verge) Google is trying to make individualized ads more private.
Ostendio Wins Five Top Honors at 2021 Cybersecurity Excellence Awards (PR Newswire) Ostendio, a leading provider of always-on integrated risk management technology, today announced that it has been recognized as a five-category...
Cybersecurity and Resilience Expert, Matt DeFrain Joins MorganFranklin Consulting (BusinessWire) MorganFranklin Consulting, a leading finance, technology, and cybersecurity advisory firm that specializes in solving complex transformational challen
Products, Services, and Solutions
Platform9 and Mavenir Announce Strategic Partnership for 5G Webscale Platform (PR Newswire) Mavenir, the industry's only end-to-end Network Software Provider and a leader in accelerating software network transformation for...
Brave is launching its own search engine with the help of ex-Cliqz devs and tech (TechCrunch) Brave, the privacy-focused browser co-founded by ex-Mozilla CEO Brendan Eich, is getting ready to launch an own-brand search engine for desktop and mobile. Today it’s announced the acquisition of an open source search engine developed by the team behind the (now defunct) Cliqz anti-tracking s…
Dark Cubed Launches D3Alert™ (PR Newswire) Dark Cubed, the cyber security company empowering small and medium sized businesses with affordable, automated threat detection and blocking,...
SecureMyEmail™ Offers Free Encrypted Email Service Without the Need to Switch Email Providers (PR Newswire) Veteran VPN and internet privacy and security services provider, WiTopia, https://www.witopia.com, announced today they are offering free...
Strata Identity Enables Organizations to Migrate Applications to the Cloud and Unify Identity Management with Microsoft Azure Active Directory (BusinessWire) Strata makes it possible to transition apps to Azure AD so organizations can manage and enforce consistent access across hybrid cloud environments.
Technologies, Techniques, and Standards
CISA Official Calls for Update of Identity Management Guidance in Wake of SolarWinds Compromise (Nextgov.com) "Identity is everything now," a technical strategist told NIST advisers in a briefing on the hacking campaign.
Inside ‘TALON,’ the Nationwide Network of AI-Enabled Surveillance Cameras (Vice) Hundreds of pages of emails obtained by Motherboard show how little-known company Flock has expanded from surveilling individual neighborhoods into a network of smart cameras that spans the United States.
How (NOT?!) to jailbreak your iPhone (Naked Security) We’re sticking to our “patch early, peath often” mantra, although in this case it means you can’t jailbreak.
Design and Innovation
Solutions to Detect Ransomware Attacks Can Often Be Very Trivial (The Record by Recorded Future) A new tool has network defenders excited about the idea of detecting and preventing ransomware attacks with the help of fake processes.
Research and Development
Securing Information for The Quantum Era: Post-Quantum Cryptography (Manufacturing & Engineering) Securing Information for The Quantum Era: Post-Quantum Cryptography. Championing Innovation with Manufacturing & Engineering Magazine.
IBM gift to help RIT’s Global Cybersecurity Institute enhance workforce development (RIT) IBM is making a more than $3.3 million in-kind donation to RIT to help enhance cybersecurity capabilities in the university’s new Global Cybersecurity Institute, as well as support security training and competitions for students.
Legislation, Policy, and Regulation
China’s ‘Sharp Eyes’ Program Aims to Surveil 100% of Public Space (Medium) The program turns neighbors into agents of the surveillance state
Cyber-securing the 2022 Philippine electionsNurturing the nation’s future leaders through the virtual world (BusinessWorld) The Philippine General Elections to be held in May 2022 offer the country another opportunity to choose leaders who will help chart the course of the future.
Interim National Security Strategic Guidance (The White House) Today, the Administration released the Interim National Security Strategic Guidance, attached. This interim guidance has been issued to convey President Biden’s vision for how America will engage with the world, and to provide guidance for departments and agencies to align their actions as the Administration begins work on a National Security Strategy. To view the guidance, visit…
The Cybersecurity 202: FBI renews attack on encryption ahead of another possible attack on the Capitol (Washington Post) The head of the FBI renewed calls for special law enforcement access to encrypted technologies in response to recent acts of domestic extremism.
Recovering from the SolarWinds hack could take 18 months (MIT Technology Review) Fully recovering from the SolarWinds hack will take the US government from a year to as long as 18 months, according to the head of the agency that is leading Washington’s recovery. The hacking campaign against American government agencies and major companies was first discovered in November 2020. At least nine federal agencies were targeted,…
SolarWinds Senate Hearing: Moving Forward It’s All About Zero Trust (CyberArk) We still don’t have a complete picture of what exactly happened during the SolarWinds attack in 2020, nor do we know the full extent yet of the damage or what the long-term impact may be....
Cybersecurity Failings Get Top Billing Among Lawmakers and Federal Watchdogs (The Record by Recorded Future) Federal cybersecurity is in a worse place than it was two years ago, with agencies failing to implement more than 750 recommended changes.
GAO Report Highlights Need for Centralized Cyber Leadership (GovInfo Security) A lack of centralized leadership, especially at the White House level, is hindering the federal government's ability to address numerous cybersecurity issues,
ICO seeking new Information Commissioner (Computing) The government says it is looking for an 'exceptional candidate with a demonstrable desire to deliver a new approach to data in the UK'
Litigation, Investigation, and Law Enforcement
NY Regulator Fines Mortgage Lender $1.5M Over Data Breach (Law360) New York's Department of Financial Services said Wednesday that an independent East Coast mortgage lender has agreed to pay a $1.5 million fine to the agency as part of a cybersecurity settlement tied to a March 2019 data breach involving an email phishing attack.
Police uncover ‘possible plot’ by militia to breach Capitol (Military Times) The threat appears to be connected to a far-right conspiracy theory, mainly promoted by supporters of QAnon, that Trump will rise again to power on March 4.