Cyber Attacks, Threats, and Vulnerabilities
AP sources: SolarWinds hack got emails of top DHS officials (AP NEWS) Suspected Russian hackers gained access to email accounts belonging to the Trump administration's head of the Department of Homeland Security and members of the department's cybersecurity staff...
SolarWinds hack got emails of Department of Homeland Security chief and other top officials (CNBC) The revelation throws into question how the U.S. government can protect individuals, companies and institutions if it can’t protect itself.
Russia has allegedly hit the US with an unprecedented malware attack: Here's what you need to know (CNET) The AP reports that the suspected Russian hacking group breached high-level accounts in DHS, one of nine federal agencies the hackers targeted.
SolarWinds Hack: ‘The Truth Is Much More Complicated’ (Breaking Defense) SolarWinds threat actor reportedly accessed DHS emails and DoE schedules. Cyberespionage campaigns are "the types of things we should expect [Russia] to do," one cybersecurity expert observed. "I'm not arguing we shouldn't have a response. We should respond. ...My only argument is that we should not overact."
Nine requests assistance from government after major cyber attack (The Age) Nine Entertainment Co is suffering from a major company-wide outage caused by a cyber attack.
Australia’s Nine Entertainment Hobbled by Cyber-Attack (Variety) Australia’s Nine Entertainment was hobbled by a cyber-attack on Sunday that temporarily halted its ability to put on live programming and forced all staff to work from home. The company called in t…
Cyber attack on Nine sends a broader warning (The Sydney Morning Herald) It is important to grasp the deeper threats such attacks pose to governments, companies and other organisations.
Unfair exchange: ransomware attacks surge globally amid Microsoft Exchange Server vulnerabilities - Check Point Software (Check Point Software) Over the past year, hospitals and the healthcare industry have been under tremendous pressure during the COVID-19 pandemic, not only dealing with surges
More Ransomware Gangs Targeting Vulnerable Exchange Servers (SecurityWeek) The Black Kingdom/Pydomer ransomware operators join other threat actors targeting unpatched Microsoft Exchange servers.
'Hades' Ransomware Hits Big Firms, but Operators Slow to Respond to Victims (SecurityWeek) Hades ransomware operators adopt a double-extortion tactic, but they are often slow to respond to requests for payment instructions.
Vulnerability in 'netmask' npm Package Affects 280,000 Projects (SecurityWeek) A serious security bug in the 'netmask' npm package leads to misinterpretation of IP addresses.
Backdoor Disguised as Typo Fix Added to PHP Source Code (SecurityWeek) The developers of the PHP scripting language report finding a backdoor disguised as a typo fix in the PHP source code.
Booming dark web gig economy is a rising threat (CSO Online) Experts seen a sharp increase in help-wanted ads for black hat hackers-for-hire. Here's what they are targeting and how to respond to the threat.
A Ransomware Gang Is Asking Victims’ Customers To Aid In Extortion Efforts (Forbes) Today’s cybercriminals are applying leverage from all angles to convince their victims to pay. They may even ask you to help.
F Secure Oyj : Online extortion, data theft gain traction among cyber criminals (MarketScreener) 'Organizations with reliable backups and effective restoration procedures are in a strong position to recover from a ransomware attack without having to pay. However, managing a...
Increased use of vaccine passports could lead to scams, experts warn (ABC News) As more venues and services start to require proof of vaccination for access, experts are warning of a rise in fraudulent activity surrounding vaccine passports.
Security as Social Engineering: Phishing Campaigns Impersonating Locked Account Workflows (Armorblox) This blog focuses on three email attacks impersonating Facebook, Microsoft, and Apple. All attacks aimed to extract victims’ account credentials by spoofing automated emails informing victims that their accounts had been locked or that they had a subscription that was close to expiry.
'We have your porn collection': The rise of extortionware (BBC News) Hacked firm's IT Manager named and shamed by hackers in extortion technique.
“Probably The Largest KYC Data Leak In History” Demonstrates The Importance Of Bitcoin Privacy (Bitcoin Magazine) The alleged hack has left millions of users’ personal data — including passwords and addresses — available for 1.5 BTC on the dark web.
()
Harris Federation hit by ransomware attack affecting 50 schools (BleepingComputer) The IT systems and email servers of London-based nonprofit multi-academy trust Harris Federation were taken down by a ransomware attack on Saturday.
Hackers target Harris Federation in latest cyber attack (Schools Week) One of the country’s largest academy trusts has become the latest victim of a targeted ransomware cyber attack – with laptops used by pupils and email systems disabled. Harris Federation, which runs 49 schools, detected the attack on Saturday, and has been working through the weekend to resolve the issues. A Schools Week investigation last…
Ransomware attack on UK charity affects 37,000 students (Computing) The Harris Federation has disabled its email and telephone system as a result of the attack
London's biggest school trust hit by ransomware (The Record by Recorded Future) London's biggest multi-academy school trust, the Harris Federation, was hit by ransomware, bringing down IT systems, email servers, and phone lines at primary and secondary academies across London.
Henry VIII School's system hacked by crime group known to FBI (CoventryLive) The organisation got into the school's system and posted personal data online
DeKalb schools notify parents about data breach (Atlanta Journal Constitution) It's unclear how many students it may involve.
DeKalb schools address data breach letter received by parents and guardians (DeKalb Champion) DeKalb County School District is awaiting more details on a data breach letter that was recently received by many district parents and guardians.
Reserve Bank searches for new platform post-cyber breach (Insurance Business) It said the search has been more difficult than anticipated
Analysts Affirm CNA Ratings As Insurer Continues Probe of Cyber Attack (Insurance Journal) CNA Financial Corp.'s financial ratings have not been affected by the insurer's recent cyber attack. AM Best, S&P Global Ratings and Fitch Ratings all
Security Patches, Mitigations, and Software Updates
US carriers close security loophole that allowed easy SMS hijack (Android Police) Your phone and its associated number are always with you, and only you, so it makes sense that a text message sent to you is a solid secondary method for
Serious Security: OpenSSL fixes two high-severity crypto bugs (Naked Security) The bug that broke security when you turned STRICT mode on…
Cyber Trends
New Research: Fileless Malware Attacks Surge by 900% and Cryptominers Make a Comeback, While Ransomware Attacks Decline (WatchGuard Technologies) WatchGuard report uncovers massive increases in endpoint attacks, rising encrypted malware rates, new exploits targeting IoT devices, and more
Annual Cyber Protection Week survey reveals post-pandemic paradox: more solutions do not bring better protection (Acronis) For information about Acronis and Acronis' products or to schedule an interview, please send an email or get through to Acronis' representative, using media contacts.
(ISC)2 Survey Finds Cybersecurity Professionals Have Increasing Level of Concern About SolarWinds Incident (PR Newswire) (ISC)2 has published the results of a February 2021 online survey of 303 cybersecurity professionals from around the globe in which respondents...
[Analyst Report] Peril in a Pandemic: The State of Mobile Application Security (Synopsys) Limitations driven by social distancing and lockdowns have moved the world online in remarkable ways, perhaps forever changing how we work, learn, and interact.
Data Breaches Tracker - Recording the Evolution of Open Unsecured Databases (WizCase) In order to highlight cyberthreats in critical global industries, the WizCase team has been carrying out ongoing cybersecurity research. Having looked at several specific industries, we thought it would be good to analyze general server breaches that can affect any company that runs databases.
Manufacturing Firms Learn Cybersecurity the Hard Way (Dark Reading) Although 61% of smart factories have experienced a cybersecurity incident, IT groups and operational technology groups still don't collaborate enough on security.
Salient CRGT Wins $482M DOD Information Networks Contract | WashingtonExec (WashingtonExec) Technology services and training company Salient CRGT has been awarded the first of four options against its $482 million contract supporting the Defense
()
UK staff under more pressure at home - and that's bad news for security (ITProPortal) Pressure leads to mistakes and mistakes lead to security breaches.
ASX banks are facing millions of cyber attacks each day (The Motley Fool Australia) The big ASX banks like Australia and New Zealand Banking Group Ltd (ASX:ANZ) are facing millions of cyber attacks each day.
Elderly people lost nearly $1 billion to Internet crime in 2020 (Atlas VPN) According to Atlas VPN findings, Americans over 60 years old lost a staggering $966 million to various types of internet scams in 2020. Cybercriminals target victims over the age of 60 because they are believed to have significant financial resources.
Marketplace
Cyber security spend hits US$53B (ARN) After a year of high-profile data breaches, cyber security spending has soared globally by 10 per cent to hit US$53 billion.
Solicitors’ cyber cover – going quietly? (Law Gazette) Potential changes to the scope of cover for cyber-related claims.
The Danish C-cure cybersecurity expert team joins Nixu Corporation (Cision) The C-cure expert team further strengthens the presence of the European cybersecurity company Nixu in the fragmented Danish cybersecurity market.
After 3X Growth in 2020, Living Security Raises $14 Million to Combat Cybersecurity Human Risk in Enterprises (PR Newswire) After a year of fast growth, Living Security today announced it has closed a $14 Million Series B round to continue its expansion beyond...
HYCU raises $87.5M to take on Rubrik and the rest in multi-cloud data backup and recovery (TechCrunch) As more companies become ever more reliant on digital infrastructure for everyday work, the more they become major targets for malicious hackers — both trends accelerated by the pandemic — and that is leading to an ever-greater need for IT and security departments to find ways of protec…
Data Recovery Startup HYCU Bags $87.5 Million in Funding (Wall Street Journal) Data-protection startup HYCU Inc. has raised $87.5 million in Series A funding, making it the latest cloud-focused firm to secure a large capital investment in a hot market for enterprise technology.
Kenna Security Honored With 5-Star Rating in the 2021 CRN® Partner Program Guide (GlobeNewswire) Kenna Security, the enterprise leader in risk-based vulnerability management, has earned a 5-Star rating in the 2021 Partner Program Guide by CRN®, a brand of The Channel Company.
Group-IB Honored With 5-Star Rating in the 2021 CRN® Partner Program Guide (PR Newswire) Group-IB, a Singapore-based cybersecurity company that specializes in preventing cyberattacks, has been recognized with a 5-star rating by...
McAfee Continues Award Win-Streak, Securing Top Cybersecurity Accolades for its Enterprise Business (BusinessWire) McAfee, (Nasdaq: MCFE), the device-to-cloud cybersecurity company, today announced its continued award streak—showcasing 10 new wins for its leadershi
Novetta President, CEO Tiffanny Gates Receives Third Consecutive Wash100 Award (GovConWire) Executive Mosaic is pleased to announce that Tiffanny Gates, president and CEO of Novetta, has received a 2021 Wash100 Award, the highest honor in all of government contracting (GovCon), for the third consecutive year.
Foley Adds Former U.S. Attorney Matthew Krueger (Foley) Foley & Lardner LLP announced today that Matthew Krueger has joined the firm’s Government Enforcement Defense & Investigations Practice Group as a partner in its Milwaukee and Washington, D.C. offices. Krueger is a former U.S. Attorney for the Eastern District of Wisconsin with an extensive background in prosecuting health care fraud and other government enforcement matters, the primary focus of his practice.
Teradata bolsters India leadership, appoints new Country Manager (People Matters) As the data warehouse platform provider’s growth in India gains momentum, the appointment adds increased focus on expanding cloud data analytics offerings in key sectors.
CounterFlow AI Names Bill Cantrell Chief Executive Officer (BusinessWire) CounterFlow AI Names Bill Cantrell New CEO
CMMC body hires ex-CISA deputy as first CEO (FCW) The governing body in charge of implementing the Defense Department's Cybersecurity Maturity Model Certification program has hired Matthew Travis, former CISA deputy director, as new CEO.
Positive Technologies bolsters Middle East, Africa and South Asia operations with a Managing Director appointment (MENAFN) Positive Technologies, a global cybersecurity company specializing in telecom security, announces the appointment of Santhosh Kumar as Managing Director to spearhead the company’s Middle East and Africa and South Asia operations.
Products, Services, and Solutions
GRIMM Private Vulnerability Disclosure Program Gets Ahead of the Unknown (BusinessWire) GRIMM, a forward-looking cybersecurity organization led by industry experts, today announced the launch of the company’s new Private Vulnerability Dis
Cellebrite Expands Industry Leading Enterprise Endpoint Intelligence Platform for eDiscovery and Corporate Investigations (PR Newswire) Cellebrite, the global leader in Digital Intelligence (DI) solutions for the public and private sectors, today announced the launch of Endpoint...
Zscaler and CrowdStrike Extend Zero Trust Security from Devices to Business Applications (GlobeNewswire) Security Cloud Giants Expand Global Strategic Partnership to Provide Organizations with Seamless, Dynamic and Data and Identity-Centric Protection through New Integrations
Smart Communications Completes Information Security Registered Assessors Program (IRAP) Assessment in Australia (Yahoo) IRAP Evaluation Confirms Cloud Technology Provider Meets High Security Standards Required by Australian Federal Government
Nextgen launches proof of concept platform for integration of security solutions (CRN Australia) CyberLAB allows partners to prove cross-vendor integrations.
Spirent Debuts Industry’s First Test Suite With Full HTTP/3 Assessment Capabilities (Spirent) Avalanche solution allows validation of HTTP/3 functionality and performance for IETF ratification
Think tank launches cybersecurity training for state officials | StateScoop (StateScoop) The National Cybersecurity Center’s new campaign is aimed at improving awareness among the state legislators who fund IT and cybersecurity policies.
Privoro Launches a Two-in-One Audio Masking Chamber and Radio Frequency Shield for Mobile Devices (PR Newswire) Privoro, a leader in mobile security, today revealed its latest product, Vault, a first-of-its-kind defense against remote data capture. The...
NSE Subsidiary, Aujas Cybersecurity unveils its next-gen Cyber Defense Center (Hindustan Times) The CDC is an effective solution in the digital transformation journey of any enterprise. It can secure digital landscapes with services such as 24x7, 360-degree security monitoring, detection, incident management, remediation, security automation, threat hunting, security analytics and response.
Gigamon and FireEye Broaden Relationship to Radically Simplify and Optimize Hybrid Cloud Deployment, Monitoring and Management (BusinessWire) Gigamon, the leader in cloud visibility and analytics, announced its latest Gigamon Hawk technical integration with FireEye, Inc.
Gigamon and FireEye Broaden Relationship to Radically Simplify and Optimize Hybrid Cloud Deployment, Monitoring and Management (BusinessWire) Gigamon, the leader in cloud visibility and analytics, announced its latest Gigamon Hawk technical integration with FireEye, Inc.
Panasonic and McAfee Agree to Jointly Start Building Vehicle SOC for Commercialization of Vehicle Security Monitoring Services (McAfee) Panasonic Corporation and McAfee Corp. (Nasdaq: MCFE), have agreed to jointly start building a Vehicle Security Operation Center (hereinafter, Vehicle SOC) to commercialize vehicle security monitoring services.
Technologies, Techniques, and Standards
CISA Builds Out Defensive Tools for Security Teams (Dark Reading) Need a tool to hunt for attacks in your network? The DHS agency bolsters the offerings in its open source toolbox.
A Verizon security expert on why 5G is raising the bar for cyber defenders (The Record by Recorded Future) “When you think about an autonomous car, a smart city appliance, or a mobile health care installation, these use cases could actually harm people or kill people [if breached]."
Transmit Security Study Finds Passwords are Bad for Business, Frustrating for Consumers (BusinessWire) Transmit Security, the Identity Experience™ company, has released “The Impact of Passwords on Your Business,” a State of Customer Authentication repor
The Impact of Passwords on Your Business (Transmit Security) Why passwords are to blame for loss of revenue, identity attrition, and poor customer experiences.
The 7 deadly sins of records retention (CSO Online) Record retention is both a fact of life and a growing headache for organizations burdened by a spiraling number of regulations and legal obligations. Here are worst (and best) practices for securing data and documents.
Army’s network equipment tested for first time with full brigade (C4ISRNET) An airborne combat unit put new communications equipment through its paces, giving the Army critical feedback before fielding to more soldiers this year.
Design and Innovation
5 Fundamentals for Effective Security Design (CSO Online) Five fundamental principles and practices that every organization needs to consider to get in front of and stay ahead of their current security challenges
How startups can go passwordless, thanks to zero trust (TechCrunch) Passwordless tech is a key part of zero trust models.
In Clarke County, a small research group is working to make technology more secure (The Winchester Star) BERRYVILLE — When thinking about Clarke County, farms and rolling hills generally come to mind, not sophisticated gadgets or high-tech wizardry.
Research and Development
Google collects 20 times more telemetry from Android devices than Apple from iOS (The Record by Recorded Future) Academic research published last week looked at the telemetry traffic sent by modern iOS and Android devices back to Apple and Google servers and found that Google collects around 20 times more telemetry data from Android devices than Apple from iOS.
Academia
ESET Proudly Presents: Women in Cybersecurity Scholarship (ESET) At ESET, we are proud to support many research, education and philanthropic programs. By supporting women in technology, we aim to cultivate and empower an under-represented segment of talent in the technology sector. This year, ESET will award three (3) scholarships to women who are pursuing a college-level degree and aspire to a career in the cybersecurity field.
ULM fails to meet federal cyber safety requirements (The Hawkeye) In its most recent audit, the Louisiana Legislative Auditor discovered ULM may not have done enough to protect student privacy. Although no allegation of a student data breach has been issued, ULM doesn’t meet federal requirements set by the Gramm-Leach-Bliley Act in 1999. The act requires financial institutions to explain their information-sharing practices to their...
Legislation, Policy, and Regulation
UN makes critical progress on cybersecurity (Microsoft On the Issues) A UN working group has taken the historic step of agreeing on expectations for responsible nation-state behavior online. While more needs to be done, we should all be encouraged by the UN’s progress and the solidarity taking shape against indiscriminate nation-state attacks that cause widespread harm.
The Cybersecurity 202: Lawmakers want more details about Russian hackers accessing Chad Wolf’s emails (Washington Post) Russian hackers accessed the emails of former acting Department of Homeland Security secretary Chad Wolf and several cybersecurity staff members within the agency, the Associated Press's Alan Suderman reports. A person familiar with the situation confirmed that Wolf's emails were taken, my colleague Ellen Nakashima reports.
White House Weighs ‘Seen and Unseen’ Responses to Major Hack (Bloomberg) Software hack suspected of being carried out by Russians. Sullivan says options to be presented at ‘highest levels.’
'Time is not on our side' — Biden navigates cyber attacks without a cyber czar (POLITICO) Turf wars and political battles are keeping open a role that Congress created and is demanding be filled.
GAO Pushes for Speeding Up Cybersecurity Enhancements (BankInfo Security) The Government Accountability Office is urging the U.S. government to respond more rapidly to cybersecurity issues, especially in the wake of the SolarWinds supply
Lawmakers Press Biden to Nominate Federal Cybersecurity Leader Now (MSSP Alert) The White House has yet to nominate a national cybersecurity director to centralize federal cybersecurity policy. Critics want action.
The Lawfare Podcast: The Generals vs. the Armed Services Committee with No Bull (Lawfare) Last Thursday, the Senate Armed Services Committee held an open hearing that reviewed U.S. Cyber Command's and Special Operation Command's Defense Authorization Requests for fiscal year 2022. The committee heard open testimony from the head of Cyber Command and the National Security Agency, General Paul Nakasone; the head of U.S. Special Operations Command, General Richard Clarke; and the Acting Assistant Secretary of Defense for Special Operations and Low-Intensity Conflict, Christopher Maier.
NSA Opens Door to Domestic Internet Spying, Privacy Advocates Say (Yahoo) The latest king-sized, disastrous hack into U.S. government and corporate data servers is prompting the head of the National Security Agency to suggest that a surveillance giant built to look at foreign threats might need even greater powers to spy on internet usage domestically.
Biden team boosts effort to shield power grid from hackers (Detroit News) The Biden administration is escalating efforts to safeguard the U.S. power grid from hackers
Irish Regulator Focuses On Shielding Customers From IT Risk (Law360) The Central Bank of Ireland said on Monday that it will sharpen its focus on protecting consumers as lenders and insurers accelerate the use of technology in their daily dealings with customers, including a requirement for documented responses to incidents.
West Virginia Data Privacy Bill Is CCPA+ (JD Supra) West Virginia has gotten into the data privacy bill game with House Bill (HB) 3159 on Consumer Data Privacy. The legislation is...
Florida Legislature Considers Sweeping Data-Privacy Legislation Supported by Governor (JD Supra) Florida has joined the wave of states considering new comprehensive data privacy legislation. On February 15, 2021, Rep. Fiona McFarland introduced HB...
White House to Nominate Holmgren for State Dept. Intel, Research Post (Meritalk) The White House said March 26 that President Biden plans to nominate Brett Holmgren to become assistant secretary of State for Intelligence and Research.
Litigation, Investigation, and Law Enforcement
Ukraine Investigating Phishing Software Used to Target Banks (Bloomberg) Ukraine is investigating the suspected creator of a software that enabled the theft of tens of millions of dollars.
FSMI demands probe into MobiKwik data breach (Hindu Businessline) The Free Software Movement of India (FSMI) has asked the Indian Computer Emergency Response Team (CERT-IN) to initiate an inquiry into the alleged breach of data of about 10 crore users of M
U.S. Abandons Four-Year Antitrust Battle Against Qualcomm (Bloomberg) FTC declines to seek Supreme Court review of monopoly case. Company was accused of abusing dominance in cellphone chips.
Feds Seize Websites Posing As COVID-19 Vaccine Makers (Law360) U.S. authorities have seized seven websites that masqueraded as places where people could learn information about COVID-19 vaccines, warning that fraudsters are exploiting interest in the injections to lure victims into divulging personal data.
Big Tech defenders dominate the country’s top group of antitrust lawyers (Protocol) Current and former members say the American Bar Association's antitrust section is overrun with lawyers who have represented Facebook, Google, Amazon and Apple.
Duncannon settles cyber attack claims (Pennlive) Duncannon could reclaim most of the money it lost in a 2020 ransomware attack on its computers.
Google Hit With Privacy Suit Over Data Shared In Ad Auctions (Law360) Google is breaking its privacy promises "billions of times every day" by selling and sharing consumers' personal information with the thousands of companies that participate in its digital ad auctions without users' knowledge or permission, according to a putative class action filed in California federal court Friday.
Microsoft attack could result in a flood of cyber claims (Insurance Business) Industry is "only just beginning to understand the scope of possible damage," expert says
US Imprisons BEC Scammer (Infosecurity Magazine) Texas resident scammed schools, senior citizens, and charity supporting families of the terminally ill