We hope to hear from you.
As a valued subscriber, we'd like to better understand your needs and challenges. Complete our 15 minute survey for a chance to win a $100 gift card and to allow us to learn how we can better serve you.
Identifying endless threats and new vulnerabilities exposing your organization to cyber attacks is a never-ending task. The Cyber Daily curates the most important trending technical indicators from across the internet and delivers them right to your inbox – every day. Stay informed about suspicious IP addresses, new exploits and vulnerabilities, relevant cybersecurity news, threat actors, and more. Subscribe to Cyber Daily today.
As a valued subscriber, we'd like to better understand your needs and challenges. Complete our 15 minute survey for a chance to win a $100 gift card and to allow us to learn how we can better serve you.
There are three things you can do with risk: accept it, manage it, or transfer it. This week's second session in the Johns Hopkins University's 7th Annual Virtual Cybersecurity Conference took up the latter two, as experts described how to reduce risk, fix liability for it, and arrange insurance that covers that risk. Our account of Wednesday's conference takes you through the presentations.
Helsinki's domestic security service, the Supo, has identified China (and specifically APT31, also known as Zirconium or Judgment Panda) as responsible for cyberespionage that compromised Finland's parliament, the AP reports. The intrusion was detected last October.
The US Government Accountability Office (GAO) yesterday released a study that highlighted vulnerabilities in the US power distribution system. Many of the risks the GAO describes derive from utilities' increased permission of remote access and connection of control systems to business systems. A bill intended to enhance cybersecurity for industrial control systems advanced in the US House this week, the Hill reports. The measure would assign responsibility for ICS security to CISA.
Draft NIST SP 1800-22 Mobile Device Security: Bring Your Own Device (BYOD) is out, and open for comment until May 3rd, 2021.
CISA has released CHIRP, the CISA Hunt and Incident Response Program forensics collection tool the agency developed to help organizations find indicators of compromise CISA has associated with SolarWinds and the Microsoft 365/Azure environments.
CISA has also issued four more ICS Advisories, for Rockwell Automation Logix Controllers, Hitachi ABB Power Grids eSOMS Telerik, Hitachi ABB Power Grids eSOMS, and Johnson Controls Exacq Technologies exacqVision.
In an apparent expression of displeasure with Washington, Russia has recalled its ambassador to the United States for consultations. The Wall Street Journal notes that the move came the day after the US Intelligence Community released its unclassified Assessment accusing Russian President Putin of personal involvement in malign influence operations directed at the 2020 US elections.
Today's issue includes events affecting Australia, China, Finland, India, Mongolia, Russia, Switzerland, and the United States.
In a remote work world, managing and securing endpoints has never been more important. Tanium, provider of endpoint management and security built for the world's most demanding IT environments, published a report with PSB Insights on the new security challenges facing organizations as a result of the COVID-19 pandemic. IT Leads the Way: How the Pandemic Empowered IT features intelligence from 500-senior level IT decision makers. Visit tanium.com/EmpowerIT to download the full report.
Supo identifies China-linked cyber-spying agent in Finnish Parliament hack (Yle Uutiset) The National Bureau of Investigation believes the motive was to obtain information for the benefit of a foreign state.
Finland IDs hackers linked to parliament spying attack (Washington Post) Finland’s domestic security agency says the cybergroup APT31, which is generally linked to the Chinese government, was likely behind a cyberspying and hacking attack on parliament’s information systems
Finland IDs Hackers Linked to Parliament Spying Attack (SecurityWeek) Finland’s domestic security agency said the China-linked APT31 was likely behind a cyberspying attack on the information systems of the Nordic country’s parliament.
China-linked TA428 Continues to Target Russia and Mongolia IT (Recorded Future) Recorded Future’s Insikt Group identified activity attributed to the suspected Chinese threat activity group TA428.
US grid at rising risk to cyberattack, says GAO (TheHill) Distribution systems within the U.S. electrical grid are increasingly vulnerable to cyberattack, a government watchdog said in a report released Thursday.
Electricity Grid Cybersecurity: DOE Needs to Ensure Its Plans Fully Address Risks to Distribution Systems (Government Accountability Office) The U.S. grid’s distribution systems—which carry electricity from transmission systems to consumers and are regulated primarily by states—are increasingly at risk from cyberattacks.
Cybereason Exposes Malware Campaign Targeting US Taxpayers Just Weeks (PRWeb) Cybereason, the leader in future-ready attack protection, today announced the discovery of a new campaign targeting U.S. taxpayers with documents that purport to con
Cybereason Exposes Campaign Targeting US Taxpayers with NetWire and Remcos Malware (Cybereason) Cybereason researchers have discovered a new campaign targeting US taxpayers with documents that purport to contain tax-related content but ultimately deliver NetWire and Remcos malware - two prolific remote access trojans.
Now You See It, Now You Don’t: CopperStealer Performs Widespread Theft (Proofpoint) On Jan 29th, 2021, a Twitter user, "TheAnalyst", shared a sample which caught our attention after being notified it triggered an Emerging Threats Network Intrusion Detection System (NIDS) rule.
Return of the Darkside: Analysis of a Large-Scale Data Theft Campaign (Varonis) Our team has recently led several high-profile investigations of attacks attributed to an up-and-coming cybercrime group, Darkside.
Fraudsters jump on Clubhouse hype to push malicious Android app (ZDNet) The BlackRock Trojan is lurking in the malicious, fake Android version of Clubhouse.
Google: A mysterious hacking group used 11 different zero-days in 2020 (The Record by Recorded Future) A mysterious hacking group has deployed at least 11 zero-day vulnerabilities as part of a sustained hacking operation that took place over the course of 2020 and targeted Android, iOS, and Windows users alike, one of Google's security teams said today.
In-the-Wild Series: October 2020 0-day discovery (Project Zero) In October 2020, Google Project Zero discovered seven 0-day exploits being actively used in-the-w...
4,200 vulnerable D/TLS servers that can be abused to amplify DDoS attacks by 37 times spotted by researchers (Computing) Citrix has updated its Netscaler ADCs and advises customers to upgrade
Twitter images can be abused to hide ZIP, MP3 files — here's how (BleepingComputer) Yesterday, a researcher disclosed a method of hiding up to three MB of data inside a Twitter image. In his demonstration, the researcher showed both MP3 audio files and ZIP archives contained within the PNG images hosted on Twitter.
Fintech Giant Fiserv Used Unclaimed Domain (KrebsOnSecurity) If you sell Web-based software for a living and ship code that references an unregistered domain name, you are asking for trouble. But when the same mistake is made by a Fortune 500 company, the results can range from costly to disastrous. Here's the story of one such goof committed by Fiserv [NASDAQ:FISV], a $6…
Douglas County targeted as part of international cyber attack (The Wenatchee World) Douglas County was one of thousands of servers targeted in a cyberattack by a group out of China.
Atascadero State Hospital reports data breach; employee accessed 2,000 COVID test results (Sacramento Bee) A state employee improperly accessed more than 2,000 Atascadero State Hospital patient and employee records in a data breach identified in late February, Department of State Hospitals said.
Rockwell Automation Logix Controllers (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Studio 5000 Logix Designer, RSLogix 5000, Logix Controllers Vulnerability: Insufficiently Protected Credentials 2.
Hitachi ABB Power Grids eSOMS Telerik (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Hitachi ABB Power Grids Equipment: eSOMS Telerik Vulnerabilities: Path Traversal, Deserialization of Untrusted Data, Improper Input Validation, Inadequate Encryption Strength, Insufficiently Protected Credentials, Path Traversal 2.
Hitachi ABB Power Grids eSOMS (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Low skill level to exploit Vendor: Hitachi ABB Power Grids Equipment: eSOMS Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain access to unauthorized information.
Johnson Controls Exacq Technologies exacqVision (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Exacq Technologies, Inc., a subsidiary of Johnson Controls Equipment: exacqVision Vulnerability: Information Exposure 2.
Facebook Now Lets Mobile Users Secure Accounts with Security Keys (SecurityWeek) Facebook announces support for the use of security keys on mobile devices to provide additional account protection features for its massive userbase.
Pindrop Acquires Next Caller, Reaffirming its Position as the Industry Leader in All Things Voice Security, Authentication, and Verification (BusinessWire) Pindrop, the global technology leader in identity, security, and trust for voice interactions, today announces the acquisition of Next Caller Inc., th
Next Caller Inc. Joins the Pindrop Family (Pindrop) Next Caller will become a Pindrop company and, while they will continue as a separate but complementary business, our new partnership will extend our leadership in the industry.
QOMPLX acquires Hyperion Gray | Intelligence Community News (Intelligence Community News) QOMPLX announced on March 18 the completed acquisition of Hyperion Gray, a leading information security firm.
CACI battles to keep Cybercom contract (Washington Technology) CACI International is protesting the loss of an incumbent contract worth a potential $200 million to support U.S. Cyber Command.
ThetaRay Wins “Transaction Security Innovation Award” in 2021 FinTech (PRWeb) FinTech Breakthrough, an independent market intelligence organization that recognizes the top companies, technologies and products in the global FinTech market,
Senserva Named Winner in the Globee Awards 17th Annual Cyber Security Global Excellence Awards® for Startup of the Year in Security Cloud/SaaS Management (PR Newswire) Senserva announced today that The Globee® Awards, organizers of world's premier business awards programs and business ranking lists has named...
VirtualPBX Wins 2021 Internet Telephony Product of the Year (VirtualPBX) Our win of the 2021 Internet Telephony Product of the Year displays our leadership and consistency in the communications market.
Cybersecurity company chooses Wichita for new regional office (PR Newswire) Millennium Corporation, a defense contractor and cybersecurity company for the Department of Defense (DoD) and other federal agencies including...
Mission Secure Appoints Security Industry Veteran John Adams as New Chief Executive Officer (PR Newswire) Mission Secure, the industry's leading industrial control system (ICS) cybersecurity technology company, today announced the appointment of...
Australian Taxation Office extends national digital identity program with face verification technology from iProov (Herald Chronicle) Millions of Australians will soon be able to access digital government services online after proving their identity using face verification from biometric authentication leaders, iProov.
Votiro Partners with Gotham Technology Group to Expand Access to Positive Selection® Technology (BusinessWire) Votiro partners with Gotham Technology Group to expand access to its Positive Selection® technology and SaaS-based solutions
CyberGRX Continues to Challenge Traditional Assessments By Introducing In-Platform Auto Validation (BusinessWire) CyberGRX releases an in-platform Auto Validation feature to enable third parties to respond faster and more accurately to assessment requests.
Claroty Launches its FOCUS Partner Program (Claroty) Global Channel Program Empowers Partners to Provide Effective, High-value Solutions that Address Customers’ Industrial Cybersecurity Needs
Managing and transferring cyber risk: the 7th Annual Virtual Cybersecurity Conference for Executives. (The CyberWire) There are three things you can do with risk: accept it, manage it, or transfer it. Here are some considerations about how to find the right mix.
Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool (CISA) This Alert announces the CISA Hunt and Incident Response Program (CHIRP) tool. CHIRP is a forensics collection tool that CISA developed to help network defenders find indicators of compromise (IOCs) associated with activity detailed in the following CISA Alerts:
Now Available! Draft NIST SP 1800-22 Mobile Device Security: Bring Your Own Device (BYOD) (National Institute of Standards and Technology (NIST)) We are excited to announce that the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) released the NIST Cybersecurity Practice Guide Special Publication (SP) 1800-22 Mobile Device Security: Bring Your Own Device (BYOD) today.
NIST’s Guidelines to Improving BYOD Mobile Device Security and Privacy (Zimperium Mobile Security Blog) Zimperium has been working closely with the National Cybersecurity Center of Excellence at the National Institute of Standards and Technology on a mobile device security project.
Facebook's ‘Red Team X’ Hunts Bugs Beyond the Social Network's Walls (Wired) The internal hacking team has spent the last year looking for vulnerabilities in the products the company uses, which could in turn make the whole internet safer.
How to reduce remote working cyber security attacks (ITProPortal) Here’s how to keep remote working safe and secure
Why cyber education needs a mobile-centric approach (Silicon Republic) Safe Security’s Vidit Baxi talks about recent trends in the cybersecurity industry and why infosec education needs to change.
Targeting colleges and other educational institutions proving to be 'good business' for cybercriminals (Inside Higher Education) Cybercriminals using ransomware increasingly focus on colleges and universities. What steps can institutions take to minimize their own risks -- and threats to the sector?
The Anatomy Of Cyberwarfare: Is India Ready To Take On China? (Inc42 Media) As India’s critical infrastructure has witnessed increasing cyberattacks from China, what should be the top priority for India's cybersecurity agencies? Can mass surveillance be the response?
Biden administration begins first faceoff with China amid worsening relations (Washington Post) The Biden administration’s first faceoff with China began in Alaska on Thursday with a testy exchange between Secretary of State Antony Blinken, who chided Beijing for “cyberattacks on the United States” and “economic coercion toward our allies,” and China’s top diplomat, Yang Jiechi, who detailed the United States’ own human rights problems, citing recent Black Lives Matter protests.
Putin Responds Icily After Biden Says He Considers Russian Leader a Killer (Wall Street Journal) Russian President Vladimir Putin said the U.S. should recognize its own shortcomings, a day after Biden said he considered the Russian leader a killer.
Russia Recalls Its Ambassador to the U.S. for Consultations (Wall Street Journal) Moscow’s move follows a critical U.S. intelligence report about Russian efforts to interfere in the 2020 presidential election.
Russia’s Failure to Throttle Twitter Isn’t a Sign of Weakness (Wired) Widely cast as an indication of frailty, the Kremlin’s bungled crackdown shows the lengths it will go to to control the Russian internet.
China's facial recognition paradox (Protocol) Beijing sours on facial recognition, unless it’s the one doing it
WSJ News Exclusive | China to Restrict Tesla Usage by Military and State Personnel (Wall Street Journal) People familiar with the effort cited concerns that Tesla cars could be a source of national security leaks.
House panel advances industrial control systems bill (FCW) New legislation puts the director of the Cybersecurity and Infrastructure Security Agency in the center of federal response to threats to computerized industrial systems.
The Cybersecurity 202: Wyden calls for 'time out' in government cybersecurity contracting (Washington Post) A top Senate Democrat says the government needs to call “time out” and take a closer look at its cybersecurity spending in the wake of cyberattacks on SolarWinds and other software, as well as on Microsoft Exchange.
The Battle of the Bills Begins: Proposed Federal Data Privacy Legislation Aims to End Patchwork Problem But Increases Enforcement (The National Law Review) After years of advocacy from both sides of the aisle and growing concerns about challenges created by state-based solutions, 2021 is poised to be a bellwether year for Congressional debate over federa
Oklahoma considers adding anti-ransomware laws amid growing threats (Oklahoman) Proposed Oklahoma law would make malicious programs like viruses, spyware, Trojan horses and ransomware a crime.
Counterpoint: Why Fla.’s New Privacy Law Must Have a Private Right of Action (Daily Business Review) Hardly a week goes by where I or a member of my family fail to receive a notification from a company disclosing that its computer systems were compromised and that our private and sometimes immutable personal information—provided to the company based on express promises of adequate, “industry standard” data security—now lies in the hands of criminals due to the company’s reckless handling of that information.
Senate confirms William J. Burns as the next director of the CIA (Washington Post) The Senate confirmed William J. Burns as the next director of the CIA on Thursday, placing one of the country’s most experienced career diplomats in charge of the spy agency.
Swiss Hacker indicted for conspiracy, wire fraud, and aggravated identity theft (Department of Justice) Seattle – A prolific Swiss computer hacker, TILL KOTTMANN, 21, was indicted today by a grand jury in the Western District of Washington for computer intrusion and identity and data theft activities spanning 2019 to the present.
Verkada Hacker Charged With Wire Fraud, Identity Theft in U.S. (Bloomberg) A Swiss computer hacker who was involved in the intrusion of Verkada Inc., exposing surveillance footage from Tesla Inc., was charged by prosecutors in Seattle with conspiracy, wire fraud and identity theft.
Verkada hacker charged in the US for hacking more than 100 companies (The Record by Recorded Future) The US Department of Justice has charged today a Swiss national for hacking into more than 100 companies and leaking proprietary data online on their personal website.
Russian National Pleads Guilty To Conspiracy To Introduce Malware Into A U.S. Company’s Computer Network (US Department of Justice) A Russian national pleaded guilty in federal court today for conspiring to travel to the United States to recruit an employee of a Nevada company into a scheme to introduce malicious software into the company’s computer network.
Russian who tried to hack Tesla last summer pleads guilty (The Record by Recorded Future) A Russian national who traveled to the US in order to recruit a Tesla employee for a scheme to plant malware on the carmaker's network pleaded guilty today, abandoning a jury trial that was planned for July this year.
Wave of Legal Appeals Challenges How European Regulators Enforce Privacy Rules (Wall Street Journal) Nearly three years after a sweeping privacy law took effect in Europe, regulators are seeing more sanction decisions challenged and overturned as companies file appeals.
ACLU Tells 6th Circ. Robocall Ban Was Unenforceable (Law360) The American Civil Liberties Union and a slew of constitutional scholars are lining up to ask the Sixth Circuit to declare the national robocall ban unenforceable for violations that occurred during the five years that government debt collections were exempt from the law.
NY Department of Financial Services Settles with Mortgage Lender over Data Breach (JD Supra) The New York Department of Financial Services (DFS) recently entered a settlement for $1.5 million with a Maine based mortgage lender over allegations...
For a complete running list of events, please visit the Event Tracker.
National Cyber League (NCL) Spring Season (Virtual, Feb 15 - Apr 11, 2021) The National Cyber League (NCL) is a defensive and offensive biannual puzzle-based, capture-the-flag style cybersecurity competition allowing US high school and collegiate students of all skill levels to showcase and build their skills. Its virtual training ground helps students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Individual Game and Team Game. Between easy, medium and hard challenges, students identify their strengths and weaknesses and expand their portfolio with an NCL Scouting Report. Registration for the Spring Season closes March 9, 2020.
SoCal Cyber Cup Challenge (SCCC) (Virtual, Feb 15 - May 31, 2021) Now in its 12th year, the SoCal Cyber Cup Challenge (SCCC) is a cybersecurity competition for middle school, high school, and community college students in the Southern California region, started by NDIA San Diego. Supported by a Department of Defense grant, this year’s competition will include community college students and extensive training for competitors and their mentors. As part of the grant, faculty from Coastline College, Palomar College, and Riverside City College will be supporting the challenge by developing mentor training content and promoting the competition.
Celebrating Women in Privacy: Ways to Support and Advance Women in the Field (Virtual, Mar 23, 2021) Women hold only 25% of all the jobs in the tech industry. Women in privacy, in particular, are paid 17% less than their male counterparts; with women of color making even less. Discrimination and bias, both within policies and in the way we structure our workforce, limit the U.S.’s ability to identify and address threats, innovate, address issues related to privacy invasions, and more. To celebrate March as Women’s History Month — an in concert with #ShareTheMicInCyber — join leading women in privacy for a conversation promoting diversity in tech and exploring ways to promote change within the industry. Let’s open a dialogue about the ways allyship, mentorship, and sponsorship can advance women in privacy.
Priv8 Digital Privacy Summit (Virtual, Mar 23 - 25, 2021) The summit will feature keynotes from all fronts of the privacy war, including Whistleblower & Cybersecurity Expert Edward Snowden, Founder and CEO of the Electric Coin Company Zooko Wilcox, Electronic Frontier Foundation Executive Director Cindy Cohn, Digital Minister of Taiwan Audrey Tang, Executive Director at the Linux Foundation, Brian Behlendorf, as well as Co-founder and CEO of Orchid, Dr. Steven Waterhouse. Priv8 topics will illuminate the battlelines between freedom versus safety in the perpetual privacy crisis, focusing on how we communicate, transact financially and live in the era of digital surveillance. The summit will enhance the conversation around the future of digital privacy, reveal how the pandemic accelerated existing trends and analyze how people can protect their rights online.
The Cybersecurity Summit (Virtual, Mar 23 - 25, 2021) Join Cipher Brief CEO and Publisher Suzanne Kelly and former Deputy Director of the National Security Agency Rick Ledgett for a world-class, three-day virtual Cybersecurity Summit engaging experts from the public and private sectors on today's most pressing cybersecurity issues including: lessons learned from the SolarWinds hack, adapting a forward-leaning defense posture for private companies, and the latest innovative ideas for information sharing. This event is available to Cipher Brief members and non-members, and will take place over three days, from 11:00AM to 1:30PM (ET)