Cyber Attacks, Threats, and Vulnerabilities
Hafnium hack poses new long-term threat for already overtaxed cyber workers (FCW) Federal agencies still reeling from the effects of a massive hack involving SolarWinds may face a new challenge of evicting any adversaries that breached their networks through recently discovered vulnerabilities in Microsoft's Exchange software.
Microsoft attack blamed on China goes global, with 60,000 victims (Seattle Times) A sophisticated attack on Microsoft’s widely used business email software is morphing into a global cybersecurity crisis, as hackers race to infect as many victims as possible before companies can secure their computer systems.
EBA restores services after Microsoft Exchange attack (ComputerWeekly.com) European Banking Authority was breached through vulnerabilities in Microsoft Exchange Server, but is now back online.
A Basic Timeline of the Exchange Mass-Hack (KrebsOnSecurity) Sometimes when a complex story takes us by surprise or knocks us back on our heels, it pays to revisit the events in a somewhat linear fashion. Here's a brief timeline of what we know leading up to last week's mass-hack, when hundreds of thousands of Microsoft Exchange Server systems got compromised and seeded with…
Microsoft server hack has victims hustling to stop intruders (STLtoday.com) Victims of a massive global hack of Microsoft email server software — estimated in the tens of thousands by cybersecurity responders — hustled Monday to shore up
Attacks on Exchange servers expand from nation-states to cryptominers (The Record by Recorded Future) The ongoing mass exploitation campaign targeting Microsoft Exchange email servers has expanded in less than a week to include attacks from multiple nation-state hacking groups and cybercrime operations alike.
The Impact of the SolarWinds Breach on Cybersecurity (DomainTools) The SolarWinds hack presented a cybersecurity reckoning for the US government and private enterprises. While the breadth and depth of the state-sponsored attacks are still being determined, one thing is certain: the fallout from the SolarWinds hack is going to get worse before it gets better.
The SolarWinds hack proves US cyber defenses are a mess — here's how to fix them (The Next Web) The SolarWinds hack was more than just one of the most devastating cyberattacks in history. It was a major breach of national security that revealed gaps in U.S. cyber defenses. These gaps include inadequate security by a major software producer, fragmented authority for government support to the private sector, and a national shortfall in software …
SolarWinds Sunburst backdoor supply chain attack: Why it still matters (ITPNet) On December 8 2020, cybersecurity firm FireEye reports stolen ‘white hat’ cyber assessment tools. Soon, Microsoft, SolarWinds and even the US government reveal breaches traced back to a hack on SolarWinds’ core IT management software. In an EXCLUSIVE with ITP.net, Check Point Software Technologies' Ram Narayanan discusses what makes the SolarWinds hack particularly dangerous
GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence (Microsoft Security) Microsoft has identified three new pieces of malware being used in late-stage activity by NOBELIUM – the actor behind the SolarWinds attacks, SUNBURST, and TEARDROP.
Casting a Wide Intrusion Net: Dozens Burned With Single Hack (SecurityWeek) Cybersecurity threat analysts hope the snowballing of supply-chain hacks stuns the software industry into prioritizing security.
How China-linked group RedEcho is targeting India's power grid: The Recorded Future interview (Tech2) Across the world and despite concerns for a decade that China-linked groups have had an intent or capability to target critical infrastructure, reports of targeting critical infrastructure for disruption from Chinese groups are rare
Ransomware Gang Fully Doxes Bank Employees in Extortion Attempt (Vice) Hackers posted the alleged names, social security numbers, and home addresses of several Flagstar Bank workers.
GitHub security update: A bug related to handling of authenticated sessions (The GitHub Blog) On the evening of March 8, we invalidated all authenticated sessions on GitHub.com created prior to 12:03 UTC on March 8 out of an abundance of caution.
Microsoft-Themed Phishing Attack (Zscaler) ThreatLabZ has discovered a targeted phishing attack aimed at senior-level business leaders, utilizing fake Google reCAPTCHA and Microsoft login screens.
Poison packages – “Supply Chain Risks” user hits Python community with 4000 fake modules (Naked Security) To this “researcher”, even a job not worth doing was worth overdoing. Here’s what you can learn from the incident…
How to Tell Which Emails Quietly Track You (Wired) Your emails know more about you than you might think, like when you open them or when you forward them to others. But you can reclaim your privacy.
Hackers Use the Lie of 'Last-Phase Pandemic Support' This Time (RaillyNews) Hackers Use The Lie of 'Last PHASE Pandemic Support' This Time | Turkish users are hunted by hackers with the promise of "3.000 TL Pandemic Support". In these days approaching the 1st year of the pandemic, Turkish users
Dangerous Malware Dropper Found in 9 Utility Apps on Google’s Play Store (Check Point Software) Highlights Check Point Research discovered a new dropper being spread via 9 malicious Android apps on the official Google Play store The malware family
Invoice ZLoader campaign hides within encrypted Excel docs (IT PRO) Emails use fake new IRS taxation rules to lure victims
Farmers' Protests Activists Reportedly Using Ransomware to Demand Justice (News18) Farmers’ protests activists are reportedly using a ransomware-style cyber attack in a bid to raise more voices towards the cause of the protesting farmers in India.
Why Cybercriminals Still Look for Skilled Developers on Darknet Sites (Dice Insights) Over the last two months, various parts of the darknet have undergone several changes as well-known marketplaces close shop.
Vulnerability Summary for the Week of March 1, 2021 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.
Disruptions at Pan-American Life Likely Caused by Ransomware Attack (SecurityWeek) Recent disruptions at the Pan-American Life Insurance Group (PALIG) were likely caused by a cyberattack conducted by a group known for using the REvil ransomware.
FINRA Warns of Ongoing Phishing Attacks Targeting Brokerage Firms (SecurityWeek) The Financial Industry Regulatory Authority (FINRA) has issued an alert to warn brokerage firms of a phishing campaign that is currently ongoing.
Data Breach Affects More Than 2 Million Frequent Flyers Across Airline Alliances Data Breach Affects More Than 2 Million Frequent Flyers Across Airline Alliances (Skift) At least two million travelers enrolled in the frequent flier programs of at least nine airlines had some data hacked due to a SITA incident.
()
Notice: | Sandhills Medical Foundation (Sandhills Medical Foundation) At Sandhills Medical Foundation, Inc., we value our patients and their privacy. This notice is to inform our patients about an incident that involved their personal information.
Hackers Target Texas University (Infosecurity Magazine) Malicious intrusion causse network outage at the University of Texas at El Paso
Security Patches, Mitigations, and Software Updates
Apple releases important iPhone, iPad, Mac and Watch security patches (TechCrunch) The tech giant said the security updates are "important" and are "recommended for all users."
How to patch Exchange Server for the Hafnium zero-day attack (CSO Online) Admins in many businesses report indicators of compromise from an Exchange zero-day vulnerability. Don't assume you're not a target. Investigate for signs of the attack and patch now.
Cyber Trends
Observations from the 2021 SANS ICS Cyber Security Conference (Control Global) When I held the first ICS cyber security conference in 2002, we had 125 attendees and I couldn’t believe there could be that much interest. I am told there were more than 9,000 people that registered for the March 4-5, 2021 SANS ICS Cyber Security Conference. My, how things have changed.
Up to $223b of the World's Top 100 Brands' Value Could Be at Risk from a Data Breach, Finds Infosys-Interbrand Study (PR Newswire) Infosys (NYSE: INFY), a global leader in next-generation digital services and consulting, and Interbrand, a global brand consultancy firm,...
9 must-read takeaways from recent cybersecurity reports (Becker's Health IT) Data breaches in the healthcare industry are spiking, and so are reports analyzing them. Here are the biggest takeaways from five reports Becker's has covered recently.
Marketplace
Cybersecurity startup ActZero announces its public launch with $40 million investment led by Point72 Hyperscale (PR Newswire) ActZero, a cybersecurity startup whose mission is to make cybersecurity accessible and scalable to small and mid-sized businesses by...
McAfee sells its enterprise cybersecurity business to private equity firm for $4B (VentureBeat) McAfee is selling its enterprise cybersecurity unit to private equity firm Symphony Technology Group in an all-cash deal with $4 billion.
Sontiq® Acquires Fintech Provider Breach Clarity (BusinessWire) Sontiq acquires Breach Clarity fintech; adds BreachIQ to leading Intelligent Identity Security solutions IdentityForce, Cyberscout and EZShield.
Berlin-based Elucidate raises €2.5 million to establish its financial crime risk benchmark (EU-Startups) Today Elucidate, the financial crime risk scoring platform, today announced that it has raised €2.5 million in a pre-Series-A funding round led by Frontline Ventures. Existing investors Seed X Liechtenstein, APEX Ventures, and Big Start Ventures also participated in the round. This brings the total
The 10 most innovative security companies of 2021 (Fast Company) Why Graphika, Identiq, ZecOps, Beyond Identity, and more top our list of the best cybersecurity firms this year.
HAFNIUM and SolarWinds Attacks Highlight Lack of Accountability (Cybereason) Organizations are again scrambling to assess the impact of a recently disclosed attack attributed to the Chinese state-sponsored HAFNIUM APT group that targets vulnerabilities in Microsoft Exchange. Cybereason protected all of our customers from both the SolarWinds and HAFNIUM attacks.
Sotero’s Strong Market Momentum Continues with Revenue Growth, Partner (PRWeb) Sotero, the leading innovator in comprehensive data protection with an emphasis on data usability, today announced that it has continued momentum across
BitSight, Global Leader in Cybersecurity Ratings Industry, Records a Banner Year in 2020 and is Primed For Growth in 2021 (PR Newswire) BitSight, the Standard in Security Ratings, announced that the company closed its fiscal year ending January 31 (FY2021) with record annual...
Generali Global Assistance Appoints Chief Marketing Officer (Generali) Generali Global Assistance (“GGA”) today announced that it has appointed Vladimir Poletaev as their Chief Marketing Officer. In this role, Vladimir will be responsible for supporting and executing marketing, branding, communications, and PR initiatives across North America. As the newly established CMO, Mr. Poletaev will be managing a … READ MORE
Forescout names third CEO in six months, hires Wael Mohamed from Trend Micro (CRN Australia) Wael Mohamed hired from Trend Micro.
Ori Fragman Joins Intezer's Advisory Board (PR Newswire) Ori Fragman, CISO EU at Ahold Delhaize, has joined the advisory board of Intezer. Ori has held senior executive roles in Information Technology...
SailPoint Strengthens Leadership Team with Appointment of New CISO (SailPoint) Heather Gantt-Evans joins the company as chief information security officer AUSTIN, March 9, 2021 – SailPoint Technologies Holdings, Inc. (NYSE: SAIL), the leader in enterprise identity security, today announced the appointment of Heather Gantt-Evans as the company’s new Chief Information Security Officer (CISO). In this role, Heather will be responsible for the overall cybersecurity of [...]
Telos Appoints TSA Veteran Nathan Lefebvre to Oversee Digital Identity Offerings (GlobeNewswire) Transportation sector leader brings 20 years of airport security experience to Telos Corporation
Products, Services, and Solutions
Gigamon Launches Hawk and Partners with AWS to Simplify and Secure Cloud Adoption (Gigamon) Hawk, the industry’s first elastic visibility fabric for all data-in-motion, closes the critical cloud visibility gap.
Keeper Security Reimagines and Secures the Passwordless Future with Keeper SSO Connect™ Cloud (PR Newswire) Keeper Security, provider of the top-rated and industry-leading cybersecurity platform for preventing password-related data breaches and...
LogMeIn’s GoToConnect Enables Customers’ Permanent Shift to Flexible Work with Refreshed Experience Including New Features and Product Bundling (GlobeNewswire) GoToConnect announces new bundling with LogMeIn products LastPass, GoToWebinar, GoToAssist, GoToRoom, and contact center offerings plus new features to empower customers to connect from anywhere
F-Secure wins AV-TEST Best Protection award for fifth time | F-Secure Press Room (F-Secure) Award reaffirms that companies which choose F-Secure’s new version of Business Suite will have proven best protection.
IBM Cloud Satellite enables clients to deliver cloud securely (Intelligent CIO Middle East) IBM has announced that its hybrid cloud services are now generally available in any environment – on any cloud, on premises or at the edge – via IBM Cloud Satellite. Lumen Technologies and IBM have integrated IBM Cloud Satellite with the Lumen Edge platform to enable clients to harness hybrid cloud services in near real-time […]
BlackBerry AtHoc Introduces Derived Credentials and FedRAMP Authorization on AWS to Better Support U.S. Federal Government’s Cloud and Mobile Strategy (BlackBerry) BlackBerry today announced new technology advancements to BlackBerry® AtHoc that will improve how U.S. Federal agencies communicate and collaborate during times of crisis, and reduce the risk of unauthorized access to Federal data, systems and applications.
BlackBerry Teams Up with Desay SV Automotive to Create an Immersive ‘Cinematic’ Driving Experience for Chery’s Tiggo 8 Plus and Jetour X90 Models (BlackBerry) BlackBerry today announced that it has teamed up with Desay SV Automotive to launch a dual-screen virtual smart cabin domain controller to enable safer driving. Leveraging the QNX® Hypervisor and the QNX® Real-time Operating System (RTOS), the new technology is now available in leading Chinese automaker Chery’s Tiggo 8 Plus and Jetour X90 models.
Researchers devise new, non-intrusive method to prevent cyber-attacks on Android Platform (TMR Research Blog) In 2018, more than million cyber-attacks reported on mobile devices and they are on the rise ever since. Despite this, most companies have unprotected data and poor cybersecurity frameworks, says r…
Black Kite - Black Kite Partners with Templar Shield to Expand Availability of Third-Party Risk Management and Cyber Risk Ratings Services (Black Kite) Black Kite, a leading cybersecurity ratings provider, today announced a value-added reseller agreement with Templar Shield, a premier information security, risk and compliance technology professional services firm.
Milton Argos Platform (MAP) 2.0 Helps Customers Locate Potential Exchange Attacks (PR Newswire) Milton Security, a leading provider of Threat Hunting as a Service, XDR & MDR (MxDR) SOC Services, announced today the Milton Argos Platform...
Giant Oak Releases New Updates to GOST, Enhancing Screening to Identify Money Launderers, Human Traffickers, and Other Illicit Activity (Giant Oak) Newest iteration of GOST features 4x increase in searches per second and gives the user more control over false positives.
IronNet® Cybersecurity Expands Reach of Collective Defense Platform with New Integrations (PR Newswire) IronNet® Cybersecurity, Inc., the leader in Network Detection and Response and Collective Defense, announced new integrations with leading...
Bluescape Taps nVisium To Help Secure Next-Generation Infrastructure (PR Newswire) nVisium, a leader in application security, today announced that Bluescape, a leading provider of visual collaboration solutions for hybrid...
Technologies, Techniques, and Standards
Opinion | America, Your Privacy Settings Are All Wrong (New York Times) Using an opt-in approach will help curb the excesses of Big Tech.
Frontline Geek Squads: SOCOM’s Secret Weapon (Breaking Defense) Deploying data scientists alongside special ops troops lets them solve intelligence-sharing problems “in minutes or hours,” said Special Operations Command’s first-ever CTO.
Whispers from Wargames About the Gray Zone (War on the Rocks) The U.S. Department of Defense is not getting its money’s worth from its extensive investment in wargaming, and it will continue to fail to even as it
Design and Innovation
Akamai Startup Program: Fostering Innovation (Akamai) Akamai, the intelligent edge platform for securing and delivering digital experiences, continues to focus on innovation by launching Cohort 2 of the Akamai Startup program.
Research and Development
Intel, Microsoft join DARPA effort to accelerate fully homomorphic encryption (CSO Online) The partnership aims to improve performance and accuracy of FHE to make it practical for business and government to better protect confidential data in the cloud.
Microsoft-Led Team Retracts Disputed Quantum-Computing Paper (Wired) The 2018 report in Nature claimed to have found evidence of an elusive subatomic particle. A review found that the group had omitted key data.
Army Research Lab Awards ICF $53 Million for Cyber Services (INSIDENOVA.COM) The U.S. Army Combat Capabilities Development Command Army Research Laboratory (DEVCOM ARL) recently awarded global consulting and digital services provider ICF (NASDAQ:ICFI) a
Academia
UTSA receives $1.2 million CISA grant to develop statewide information system to survive catastrophes and hacks (University of Texas at San Antonio) The Cybersecurity and Infrastructure Security Agency (CISA) has awarded the University of Texas at San Antonio Center for Infrastructure Assurance and Security (CIAS) a $1.2 million grant to conduct a pilot program to help state, local, tribal and territorial governments identify high value assets (HVA) to prioritize resources and planning.
McMaster students raise mental health, privacy concerns with anti-cheating software (CBC) McMaster University students say the online proctoring system is causing heightened anxiety, and they're also concerned about where this data can end up.
Legislation, Policy, and Regulation
Offence could well be the best defence in cyber warfare (mint) India must be prepared to strike back at shadowy Chinese-backed cyber warriors if need be
The Case for Powerful, Intermittent Cyber Response (The Cipher Brief) Veteran national security columnist Walter Pincus writes that cybersecurity effort at deterrence, according to cybersecurity experts, need work.
The Robot, the Targeter and the Future of U.S. National Security (The Cipher Brief) A former CIA targeting officer writes in The Cipher Brief that in order for US Intelligence to remain competitive, it needs to embrace new systems.
US plans mix of 'seen and unseen' actions against Russia over SolarWinds attacks (Computing) Cyber offensive, which could start later this month, intended to send a signal to the Kremlin
Gen. Paul Nakasone on CYBERCOM’s Response to SolarWinds Breach, ‘Defend Forward’ Concept (Executive Gov) Gen. Paul Nakasone, commander of U.S. Cyber Command (CYBERCOM) and a 2021 Wash100 Award recipient, s
The Declining Market for Secrets (Foreign Affairs) U.S. Spy Agencies Must Adapt to an Open-Source World
US stands with Kuwait to counter cyber threats (Kuwait Times) This year, Kuwait and the United States will celebrate the 60th anniversary of diplomatic relations between our nations. As we commemorate this important milestone, it is important to take stock of what we have achieved in this relationship, as well as what we still must accomplish together. […]
Surveillance Concerns Could Hold Up European-U.S. Data Agreement for Years (Wall Street Journal) One of the European Union’s top officials has warned negotiations with the U.S. over a new data-transfer agreement could take years rather than months.
.gov is moving to CISA (DotGovGSA) .gov exists so that the online services of bona fide U.S.-based government organizations are easy to identify on the internet. Increasing and normalizing its use helps the public know where to find official government information – and where not to.
()
Allred Leads Bipartisan Bill to Allow Americans to Hold Foreign Governments to Account for Damage Done by Cyberattacks (Representative Colin Allred) Today, Congressman Colin Allred (TX-32) led his bipartisan colleagues, Reps. Jack Bergman (MI-01), Brian Fitzpatrick (PA-01), Jaime Herrera Beutler (WA-03), Joe Neguse (CO-02), and Andy Kim (NJ-03), in introducing the Homeland and Cyber Threat (HACT) Act. This bill would allow Americans to make claims in federal or state courts against foreign states that conduct or engage in cyberattacks against Americans.
No Wireless Installa5 tions in Federal Instruments for Voting Act (US House of Representatives) To amend the Help America Vote Act of 2002 to prohibit voting systems used to administer elections for Federal office from containing any wireless components.
‘Reckless and stupid’: Security world feuds over how to ban wireless gear in voting machines (POLITICO) Supporters say it’s reasonable for the Election Assistance Commission to adopt compromise language that falls short of a full prohibition. But many security experts say it opens the door to cyberattacks.
Big Tech Targets DC With a Digital Charm Offensive (Wired) Facebook, Amazon, and Google ads are blanketing inside-the-Beltway newsletters in a bid to rehab their tarnished reputations.
Splitting NSA, CyberCom Now Could Reduce Military Access to Intelligence, Milley Says (Defense One) The Joint Chiefs chairman says the organizations have not yet worked out how to keep the data flowing after the long-awaited split.
Cyber Command task force focuses on emerging threats (C4ISRNET) Cyber Command confirmed details about the focus of the team that's part of the Cyber National Mission Force.
Criminals stole billions in COVID-19 unemployment benefits. A new relief bill won’t prevent it from happening again (Los Angeles Times) At least $40 billion in pandemic-related unemployment has been stolen, but Congress is about to approve more money with few new safeguards.
Virginia Becomes Second US State to Enact Comprehensive Privacy Law (Cooley: cyber/data/privacy insights) Last week, Virginia’s governor signed into law the Consumer Data Protection Act, which will take effect on January 1, 2023. This makes Virginia the second state in the US to pass a comprehensive data privacy law. California became the first with the enactment of the California Consumer Privacy Act o
Litigation, Investigation, and Law Enforcement
GandCrab ransomware distributor arrested in South Korea | The Record by Recorded Future (The Record by Recorded Future) South Korean national police have announced today the arrest of a 20-year-old suspect on charges of distributing and infecting victims with the GandCrab ransomware.
FluBot Malware Gang Arrested in Barcelona (The Record by Recorded Future) Catalan police arrested four suspects last week on suspicion of managing FluBot, an Android malware strain that infected at least 60,000 devices, with most victims located in Spain. Four men, aged between 19 and 27, were arrested in Barcelona on Tuesday, March 2.
Ukrainians Extradited to U.S. for Providing Money Laundering Services to Cybercriminals (SecurityWeek) Two Ukrainians charged for their involvement in a network providing cash-out and money laundering services to cybercriminals have been extradited to the United States.
Idaho Man Charged With Hacking Into Computers in Georgia (SecurityWeek) An Idaho man faces federal charges after authorities say he hacked into the computers of a Georgia city and Atlanta area medical clinics.
BREAKING NEWS: Court Holds CCPA Not Retroactive and Plaintiff Cannot Rely on “Connect the Dots” CCPA Data Breach Theory (The National Law Review) CPW has been tracking for some time the Lavarious Gardiner v. Walmart Inc. et al. case.  In a massive win for Walmart (and defendants in data privacy litigation), on Friday the Court ad
Task force on Capitol security released final report Monday (WRCB TV) The task force set to review security at the US Capitol released its final report today, which calls for sweeping changes to improve US Capitol Police's...
Why did the FBI miss the threats about Jan. 6 on social media? (NBC News) Current and former FBI officials say there is confusion within the bureau itself about the rules for monitoring what Americans say on social media.