Cyber Attacks, Threats, and Vulnerabilities
()
Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities (FireEye) Beginning in January 2021, we observed multiple instances of abuse of Microsoft Exchange Server stemming from zero-day vulnerabilities.
‘Chinese trying aggressively to hack Indian cyberspace’
(Hitvada) CHINESE hackers have been trying hard to crack Indian cyber space. There have been more aggressive attempts of hacking by Chinese hackers since last one year. Various Government organisations like the Computer Emergency Response Team (CERT-IN) and National Critical Information Infrastructure Protection Centre (NCIIPC) are following trends and keeping a track of attempts made by Chinese post-Galwan clash. Experts said attempts from China have increased in the last year, which further amplified after the Indi
Chinese hackers get more aggressive to hack Indian organisations' cyberspace in last one year, agencies on alert (ANI News) New Delhi [India], March 3 (ANI): Chinese hackers have been trying hard to crack Indian cyber space. There have been more aggressive attempts of hacking by Chinese hackers since last one year.
Chinese Hackers Are Still Actively Targeting Indian Port in Shadow War, U.S. Firm Says (Bloomberg) Recorded Future says it warned India officials on Feb. 10. Indian government confirmed presence of malware, denies breach.
Chinese Hackers Targeted India's Oil And Gas Assets, Indian Railways, Says Recorded Future (Moneycontrol) The Massachusetts-based company said there is no data to connect the Mumbai power outage with RedEcho but the group was live till February 28.
Lazarus Group’s MATA Framework Leveraged to Deploy TFlower Ransomware (Sygnia) When responding to a recent TFlower extortion attack, the Sygnia Incident Response team identified a MATA-framework backdoor, attributed to the Lazarus Group, that was used to distribute the TFlower ransomware. A wider threat research revealed over 200 MATA malware framework C2 certificates leveraged since May of 2019 across at least 100 IP addresses.
Microsoft Exchange Attacks Are Declared An Emergency By Homeland Security (Forbes) The U.S. Department of Homeland Security has issued an emergency directive as ongoing Microsoft Exchange attacks determined to pose "unacceptable risk" to federal agencies.
Thousands of Android and iOS Apps Leak Data From the Cloud (Wired) It's the digital equivalent of leaving your windows or doors open when you leave the house—and in some cases, leaving them open all the time.
Unsecured Cloud Configurations Exposing Information in Thousands of Mobile Apps (Zimperium Mobile Security Blog) Zimperium's zLabs Team uncovered unsecured cloud configurations exposing information in thousands of mobile apps. Learn more.
Sophisticated SSAI Scheme Hijacks Real CTV Device Sessions (Double Verify) DV’s Fraud Lab has identified the first-ever server-side ad insertion (SSAI) scheme known to hijack real CTV device sessions. The scheme, SneakyTerra, operates by obtaining impression trackers from multiple ads through spoofed SSAI calls.
The Compact Campaign (WMC Global) A recent campaign being dubbed “The Compact Campaign” is based upon a unique exfiltration filename has been making a lot of noise since December by...
Gootloader Hackers Poison Websites Globally in Order to Infect… (eSentire) eSentire, a leading global provider of Managed Detection and Response (MDR) cybersecurity solutions, reported today that the hackers behind the malicious downloader, Gootloader, have poisoned websites across the globe to infect business professionals’ IT systems with ransomware, intrusion tools and bank trojans.
Maza Cybercrime Forum Hacked, User Data Dumped Online (The Record by Recorded Future) A hacker has breached Maza Faka, one of the oldest underground cybercrime forums active today, and shut down its Tor-based website.
Three Top Russian Cybercrime Forums Hacked (KrebsOnSecurity) Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. In two of the intrusions, the attackers made off with the forums' user databases, including email and Internet addresses and hashed passwords.
Notorious Russian hacker forums attacked by mysterious cyber actors (Computing) Data breaches have left forum members worried that their data may be used by law enforcement agencies to uncover their real identities
SITA data breach compromised data owned by multiple aviation giants (teiss) SIT, has revealed it recently suffered a major cyber attack that compromised information belonging to customers of several airline companies.
Criminals 'impersonating cyber security experts' as number of firms expands rapidly (Bournemouth Echo) A HUGE growth in the number of cyber security firms since the first Covid lockdown has provided an opportunity for criminals, an expert has warned.
Rockwell Automation 1734-AENTR Series B and Series C (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Rockwell Automation
Equipment: 1734-AENTR Series B and Series C
Vulnerabilities: Improper Access Control, Cross-site Scripting
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could lead to unauthorized data modification on the affected devices.
Schneider Electric EcoStruxure Building Operation (EBO) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.7
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Schneider Electric
Equipment: EcoStruxure Building Operation
Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Cross-site Scripting, Improper Restriction of XML External Entity Reference, Improper Access Control, Windows Unquoted Search Path
2.
Cyber Attack Shuts Down Kingman's Computer System (KJZZ) A cyber attack late last week has kept the city of Kingman’s computer system shut down for days, and officials don't know when it will again be fully working. The breach came the same week that the new federal Homeland Security secretary said he aims to transform how government defends against online threats.Kingman officials noticed something was wrong on Friday and started turning off servers.
Security Patches, Mitigations, and Software Updates
Another Chrome zero-day exploit – so get that update done! (Naked Security) It’s déjà vu all over again! New month, new Chrome zero-day bug being exploited in the wild.
Cyber Trends
The March IronNet Threat Intelligence Brief (IronNet) The latest threat intelligence from IronNet and the cybersecurity community, with a snapshot of correlated alerts in IronDome and IoCs.
Continuous Controls Monitoring to shape the future of cybersecurity (Global Security Mag Online) Panaseer announces that Momentum Cyber has included Continuous Controls Monitoring (CCM) in its annual Cybersecurity Almanac. The Almanac highlights CCM as a next-generation technology that will shape cyber in 2021. Momentum Cyber is an industry advisory firm that primarily serves the cybersecurity market. Its annual Cybersecurity Almanac details its vision for the upcoming calendar year, as well as a look back on the activity of the previous year.
The State of Cyber-Risk Disclosures of Public Companies (NACD, Cyber Threat Alliance, IHS Markit, Security Scorecard, and Diligent) The U.S. Securities and Exchange Commission (the “SEC,” or the “Commission”) has in recent years demanded greater transparency from public companies in how they identify, measure, and manage cyber-risk. Too often, cyber-related disclosure language is boilerplate in a way that could not assist an investor in assessing a company’s cyber-risk profile or management of those risks.
The Cybersecurity 202: Companies are doing a terrible job of reporting cybersecurity risks to investors, a new study says (Washington Post) Many publicly traded companies are leaving investors in the dark on important cybersecurity risks, a new report suggests. That includes vulnerabilities like the ones that allowed Russian hackers to exploit SolarWinds and other firms to infiltrate nine federal agencies and at least 100 companies.
Sandbox detection and evasion techniques (Positive Technologies) How malware has evolved over the last 10 years
Cyber attack: ‘Reasons for startups’ data breaches go beyond lack of focus on securing apps, websites’ (The Financial Express) Hackers are becoming more and more interested in the data of Indian consumers. 2020 saw a series of startups' data breaches which left consumers and even businesses asking one question - How secure are we?
2021 Must-Know Cyber Attack Statistics and Trends (Embroker) Discover these eye-opening cyber attack and cyber security trends and statistics and learn what they'll mean for your business in the next 12-24 months.
Marketplace
Okta’s $6.5B Deal For Auth0 Latest Sign Of Growing Appetite For ID Security (Crunchbase News) Okta’s $6.5 billion stock deal for Bellevue-based Auth0 isn’t just one of the largest cybersecurity M&A deals in years, but also a further illustration of a growing hunger for identification and authentication solutions as people work, buy and play more online.
YouTube CEO says the platform will lift Trump's suspension when risk of violence drops (CNBC) Susan Wojcicki said it's still unclear when the ban would be lifted due the still "elevated risk of violence."
Gula Tech Foundation Grants $1M to Make Cybersecurity More Diverse (SDxCentral) The Gula Tech Foundation will award three nonprofits a combined $1 million in grants to help engage more African Americans in cybersecurity.
Veterans can play a crucial role in filling cybersecurity needs (Washington Technology) With their skills and outlook, military veterans are a great resources for talent to pull into the cybersecurity workforce.
()
Confluera Appoints John Morgan as Chief Executive Officer (BusinessWire) Confluera, the leading provider of cloud cybersecurity detection and response, today announced John Morgan as the new CEO.
Products, Services, and Solutions
Attacks Targeting Microsoft Exchange: Check Point customers remain protected (Check Point Software) On March 2nd , 2021, Volexity reported the in-the-wild exploitation of the following Microsoft Exchange Server
FNTS Releases Azure Sentinel Offering to Provide Intelligent Security and Analytics Across Entire Business Enterprises (FNTS) FNTS offers managed Microsoft Azure Sentinel- a modern approach to security analytics and automation.
SafeBreach Hacker’s Playbook Updated for US-CERT Alert (AA21-062A) Mitigate Microsoft Exchange Server Vulnerabilities (SafeBreach) SafeBreach Labs has updated the Hacker's Playbook™ with new attack methods for malware samples described in US-CERT Mitigate Microsoft Exchange Server Vulnerabilities.
Socure and Baker Tilly Partner to Establish Intelligent KYC Assurance for Fintechs and Banking Institutions (BusinessWire) Socure, the leader in Day Zero identity verification, and Baker Tilly, announced today the companies have successfully completed an audit of Socure’s
CrowdStrike Delivers New Capabilities to Improve Security Operations and Accelerate Response to Modern Threats (BusinessWire) CrowdStrike Delivers New Capabilities to Improve Security Operations and Accelerate Response to Modern Threats
What is a BitSight Rating and Why Should You Consider Using it to Manage Cyber Risk in Your Supply Chain (JD Supra) If you operate as a B2B organization (business to business), you are either part of the supply chain, manage a supply chain, or you fit into both...
Spanish Pharmaceutical Company Drives Digital Innovation with Fortinet (CSO Online) Insud Pharma chose Fortinet solutions because they addressed each key requirement Insud Pharma had for their infrastructure refresh—including scalability, connectivity, governance, performance, and security capabilities.
Technologies, Techniques, and Standards
Cybersecurity budget relies on planning and negotiation (SearchSecurity) Even in uncertain times, companies can create successful cybersecurity budgets with the proper planning, research and negotiation tactics in place, according to Gartner and Forrester experts.
Ensuring OT Cybersecurity Amid the Rise of IIoT and 5G | Fortinet (Fortinet Blog) Learn how OT leaders can enhance cybersecurity across their manufacturing environments amid increased adoption of IIoT, Wi-Fi, and 5G. …
Using TikTok? Check out these six security tips (Naked Security) Practical advice on how to maximize your security and privacy on TikTok.
Research and Development
Prime-factor mathematical foundations of RSA cryptography ‘broken’, claims cryptographer (The Daily Swig) Not so fast on those ‘fast factoring’ boasts
Academia
Virginia Tech to help lead the Department of Defense’s new Acquisition Innovation and Research Center (VT News) The center will bring together higher education expertise to increase efficiency in the U.S. Defense Acquisition System to accompany the expansion of defense technology.
Legislation, Policy, and Regulation
National Threat Assessment 2021 (State Security Department of the Republic of Lithuania (VSD)) The National Threat Assessment by the State Security Department of the Republic of Lithuania (VSD) and the Defence Intelligence and Security Service under the Ministry of National Defence of the Republic of Lithuania (AOTD) is presented to the public in accordance with Articles 8 and 26 of the Law on Intelligence of the Republic of Lithuania. The document provides consolidated, unclassified assessment of threats and risks to national security of the Republic of Lithuania prepared by both intelligence services.
JUST IN: Mumbai Incident Spotlights China's Cyber Capabilities (National Defense) Digital attacks targeting India’s power grid — which have been widely attributed to China-linked hackers — may have emboldened Beijing to further flex its muscles in the cyber domain, warned a former top U.S. military official.
Biden makes cybersecurity ‘top priority’ in national security guidance (Federal News Network) Following the SolarWinds breach, the Interim National Security Strategic Guidance imposes “substantial costs” on perpetrators of advanced cyber threats.
Tech policy is a matter of national security (Defense News) Until the United States can access all of the best commercial products, it will continue to lose its advantage in areas where it should be increasing it.
()
Illuminating SolarStorm: Implications for National Strategy and Policy (The Aspen Institute) As the White House and Congress consider the appropriate response to SolarStorm, the Aspen Cybersecurity Group has collected sixteen leading experts to offer concise assessments on a productive path forward for policymakers.
House-passed election bill takes aim at foreign interference (TheHill) A sweeping elections bill passed by the House on Wednesday night would boost cybersecurity measures and focus on countering foreign interference efforts like the kind that
U.S. Senate mulls $30 billion in funding to boost chipmaking sector, source says (Reuters) The U.S. Senate is considering including in a new bill to boost competitiveness against China $30 billion in funding for previously-approved measures to supercharge the country's chipmaking industry, a congressional source said on Thursday.
Pentagon struggles to add cybersecurity to weapon contracts, watchdog finds (C4ISRNET) Cybersecurity requirements in weapon system contracts still aren't clear, but the Pentagon has made progress in the last three years, the Government Accountability Office found.
Watchdog Warns of Weak Cybersecurity in DOD Weapons Contracts (Bloomberg) A government watchdog warned that the U.S. military has failed to adequately include cybersecurity provisions in contracts for acquiring weapons systems.
Weapon Systems Cybersecurity: Guidance Would Help DOD Programs Better Communicate Requirements to Contractors (US Government Accountability Office) Since GAO’s 2018 report, the Department of Defense (DOD) has taken action to make its network of high-tech weapon systems less vulnerable to cyberattacks. DOD and military service officials highlighted areas of progress, including increased access to expertise, enhanced cyber testing, and additional guidance. For example, GAO found that selected acquisition programs have conducted, or planned to conduct, more cybersecurity testing during development than past acquisition programs. It is important that DOD sustain its efforts as it works to improve weapon systems cybersecurity.
DVIDS Webcast - The 2021 U.S. Cyber Command Legal Conference (DVIDS) The annual U.S. Cyber Command Legal Conference explores current law and policy issues related to offensive and defensive cyberspace operations. This year the conference will be held remotely on Thursday 4 March 2021.
[Letter to the Honorable Rebecca Kelly Slaughter, Acting Chair Federal Trade Commission] (Congress of the United States) Dear Acting Chair Slaughter, We write in support of the Federal Trade Commission (FTC) using its full existing authorities to protect personal health data. Specifically, we urge the FTC to take enforcement action against menstruation-tracking mobile apps that violate the Health Breach Notification Rule or other applicable regulations. The FTC must fulfill its mandate from Congress to protect Americans from bad actors who betray their trust and misuse their personal health data.
Litigation, Investigation, and Law Enforcement
The Mice Who Caught the Cat—and Rattled the Kremlin (Foreign Policy) “We Are Bellingcat” charts the rise of the digital sleuths who have used open-source investigations to foil Russia’s intelligence agencies.
Huawei CFO lawyer says Trump comments a 'salvo' in trade war (Star Tribune) Comments made by former U.S. President Donald Trump turned a senior executive for Chinese communications giant Huawei Technologies, into a "bargaining chip" and "co-opted the extradition process," her lawyers argued in a Canadian court Wednesday as they fought efforts to send her to the U.S.
FBI investigating 8-day cyber attack after hackers demanded millions from local provider (WLOS) Federal authorities are investigating the ransomware attack that caused a network outage at Allergy Partners locations in the mountains.
Swedish Crypto Fraudster Cops To $16M Investment Scheme (Law360) A Swedish hotelier accused of using the proceeds of a $16 million investment scam to buy a resort in Thailand pled guilty Wednesday to running the scheme and laundering money through various platforms, including popular cryptocurrency exchange Coinbase.
Judge Rips Attys For Google, Users Over Privacy Arguments (Law360) A California federal judge criticized counsel for both parties Thursday in a putative class action accusing Google of secretly tracking users' browsing activity on third-party mobile apps, saying their arguments on Google's motion to dismiss veered outside the pleadings.
Developing Unique Partnerships to Defeat the Cyber Threat | Federal Bureau of Investigation (Federal Bureau of Investigation) FBI Deputy Director Paul Abbate’s remarks at the Boston Conference on Cyber Security, Boston College, Boston, Massachusetts