Attacks, Threats, and Vulnerabilities
(Are you) afreight of the dark? Watch out for Vyveva, new Lazarus backdoor (WeLiveSecurity) ESET researchers discover a new backdoor that the Lazarus group has deployed against a freight logistics company in South Africa.
Vietnamese hack signals 'major leap' in APAC cyber espionage campaigns (Channel Asia) A cyber attack largely targeting Vietnamese recipients has indicated that Chinese-speaking threat actors could potentially be expanding the scope of their cyber espionage campaigns.
How a VPN vulnerability allowed ransomware to disrupt two manufacturing plants (Ars Technica) Patching in industrial settings is hard. Ransomware shutting down production is harder.
Attackers Target European Industrial Firms With Cring Ransomware (Decipher) Attackers exploited a previously-disclosed flaw in Fortinet VPN servers in order to hit European industrial firms with the Cring ransomware.
Cring ransomware hits ICS through two-year-old bug (ComputerWeekly.com) A long-disclosed vulnerability in Fortinet’s Fortigate VPN servers is being exploited to distribute Cring ransomware.
Expert Commentary On CISA Warns Of APTs Exploiting Fortinet Vulnerabilities (Information Security Buzz) An article published on the FBI and U.S. CISA’s warnings of APT groups exploiting Fortinet FortiOS vulnerabilities, targeting systems of government, technology, and commercial services. Experts Comments Dot Your Expert…
Washington State educational organizations targeted in cryptojacking spree (ZDNet) The lucrative nature of cryptocurrency means no industry is safe.
Android apps targeting JIO users in India (Zscaler) Malicious android apps targeting JIO users in India.
Sowing Discord: Reaping the benefits of collaboration app abuse (Cisco Talos) A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
New report reveals collaboration platform security risks (Security Magazine) A new CISCO Talos Intelligence report explores how cybercriminals are increasingly abusing the communications platforms that many organizations use to facilitate employee communications. According to the report, communication platforms have allowed attackers to circumvent perimeter security controls and maximize infection capabilities. Over the past year, adversaries are increasingly relying on these platforms as part of the infection process.
HTML Lego: Hidden Phishing at Free JavaScript Site (Trustwave) This blog investigates an interesting phishing campaign we encountered recently. In this campaign, the email subject pertains to a price revision followed by numbers. There is no email body but there is an attachment about an ”investment”.
BleedingTooth: Google drops full details of zero-click Linux Bluetooth bug chain leading to RCE (The Daily Swig) Researcher says his findings ultimately led to a safer, more stable kernel
Facebook ran ads for a fake ‘Clubhouse for PC’ app planted with malware (TechCrunch) Cybercriminals have taken out a number of Facebook ads masquerading as a Clubhouse app for PC users in order to target unsuspecting victims with malware, TechCrunch has learned. TechCrunch was alerted Wednesday to Facebook ads tied to several Facebook pages impersonating Clubhouse, the drop-in audi…
Swarmshop – What goes around comes around: hackers leak other hackers’ data online (Security Affairs) Group-IB, a global threat hunting and adversary-centric cyber intelligence company, discovered that user data of the Swarmshop card shop have been leaked online on March 17, 2021. The database was posted on a different underground forum and contained 12,344 records of the card shop admins, sellers and buyers including their nicknames, hashed passwords, contact details, history of activity, and […]
Credit rating agency warns that cyberattacks could impact water utilities’ ability to pay back debt (The Record by Recorded Future) Fitch Ratings published an alert Thursday warning that cyberattacks could pose a “material risk” to water and sewer utilities and potentially impact their ability to repay debt.
The Worst Thing About That Huge Facebook Data Leak? There’s (Almost) Nothing You Can Do (Forbes) The data being mined about your online activity is a treasure trove for advertisers and hackers alike.
Facebook data leak: you should be on the lookout for scams | CyberNews (CyberNews) 533M Facebook users’ data resurfaced on the internet, only this time for free. You should be on the lookout for suspicious emails or messages.
Facebook’s Data Breaches Don’t Matter, Until They Do (Wall Street Journal) The fact that there is little privacy on Facebook’s legacy app and Instagram is commonly understood, and in reality has helped power Facebook to be the advertising giant it is today.
What To Do About The Facebook Leak (Avast) The latest sizable data breach from Facebook can and should be a motivation for many people to move off SMS-based codes to authenticator apps.
ESET Research uncovers Janeleiro, a new banking trojan attacking corporate users in Brazil (PCR) ESET Research has uncovered a new banking trojan that has been targeting corporate users in Brazil s
Zero-Day Bug Impacts Problem-Plagued Cisco SOHO Routers (Threatpost) Cisco says it will not patch three small business router models and one VPN firewall device with critical vulnerabilities.
Sneaker Bots: How Do They Affect the PS5 World? (PerimeterX) PerimeterX experts Yossi Barkshtein and Liel Strauch discuss how scalping bots typically used for sneakers are used to buy out the latest hot products.
Ransomware: Extortion Actors Leak Data, Vendor Attack Disrupts Services (HealthITSecurity) Ransomware actors are continuing to target the healthcare sector for care disruption and data extortion attempts. The attackers hit a third-party vendor and leaked data from nine providers this month.
CISA: Critical SAP Systems Targeted by Cybercriminals (Channel Futures) SAP systems running outdated or misconfigured software are exposed to increased risks of malicious attacks, according to a federal agency.
Malicious cyber activity targeting critical SAP applications (Security Magazine) SAP systems running outdated or misconfigured software are exposed to increased risks of malicious attacks, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned. SAP applications help organizations manage critical business processes—such as enterprise resource planning, product lifecycle management, customer relationship management, and supply chain management.
Kentucky temporarily closing unemployment insurance system due to data breaches, hacking (WKRC) Kentucky is shutting down public access to its unemployment insurance system for four days beginning Thursday at midnight. The move is in response to criminals attempting to breach the system and steal the benefits of hundreds of thousands of claimants. Additionally, people in Ohio and Kentucky may soon need to seek a job before collecting unemployment benefits.
Belden says health benefits data stolen in 2020 cyberattack (BleepingComputer) Belden has disclosed that additional data was accessed and copied during their November 2020 cyberattack related to employees' healthcare benefits and family members covered under their plan.
Ransomware cartel never reached potential, but future efforts may succeed (SC Media) A new claims that the ransomware cartel formed by the Maze cybergang never materialized into a full-fledged threat.
Should firms be more worried about firmware cyber-attacks? (BBC News) Microsoft says firmware cyber-attacks are on the rise, but enterprises are not paying attention.
How online scammers fooled one of Africa’s biggest fintech startups (Quartz) Online scammers in Nigeria used Paystack to funnel their ill-gotten proceeds.
Cyber Attack Forces Vehicle Emissions Testing Company to Halt Operations in 8 States (The Drive) Malware has wreaked havoc on emissions testing processes, causing states like Massachusetts to extend inspection deadlines.
Redcar cyber-attack: Government to help cover costs (BBC News) Redcar and Cleveland Council will be given almost £3.7m after being targeted by hackers.
Security Patches, Mitigations, and Software Updates
FATEK Automation WinProladder (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: FATEK Automation
Equipment: WinProladder
Vulnerability: Integer Underflow
2. RISK EVALUATION
Successful exploitation of this vulnerability could cause execution of arbitrary code.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of FATEK Automation WinProladder, a PLC, are affected:
Medtronic Conexus Radio Frequency Telemetry Protocol (Update C) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.3
ATTENTION: Exploitable with adjacent access/low attack complexity
Vendor: Medtronic
Equipment: MyCareLink Monitor, CareLink Monitor, CareLink 2090 Programmer, specific Medtronic implanted cardiac devices listed below
Vulnerabilities: Improper Access Control, Cleartext Transmission of Sensitive Information
2.
SolarWinds bolsters cybersecurity in wake of hack (Business Insurance) The hack of SolarWinds MSP Holdings Worldwide LLC that compromised customers including U.S. government agencies has led to a more robust cybersecurity program at the company, SolarWinds officials said Thursday during a webinar.
Trends
Geography and network characteristics of phishing attacks (Journey Notes) In this Threat Spotlight, researchers look at the impact geography and network infrastructure has on phishing attacks.
Securing software development environments is top concern for security leaders, according to latest global survey | Argon Security - Holistic Security For Your CI/CD Pipeline (Argon Security) Today, CI/CD pipelines form the backbone of modern-day DevOps operations. Over the past few years, the software development industry has pivoted to a continuous integration and delivery...
Having a cybersecurity training program in place isn't enough to ensure cyber safety (Help Net Security) While many employees received cybersecurity training in response to COVID-19, these initiatives have been insufficient to ensure cyber safety.
Doh! Poor password management still rampant in U.S. workplaces, survey finds (SiliconANGLE) Despite years of warnings about the risks of using weak passwords and storing them in easily compromised locations, the majority of American workers still regularly scribble work-related passwords on sticky notes and most admit to having lost those notes at some point.
Stop using sticky notes to write down passwords (TechRadar) Pen and paper still preferred to digital means of storing passwords for many
5 facets of internet-facing cyber-exposure and risk (Security Magazine) Researchers at Rapid7 evaluated five areas of cybersecurity that are both critical to secure to continue doing business on and across the internet, and are squarely in the power of CISOs, their IT security staffs, and their internal business partners to address, in their new round of Internet Cyber-Exposure Reports (ICERs). These five facets of internet-facing cyber-exposure and risk include:
Exclusive comment: Cybersecurity in the modern world (Security News Desk UK) Peter Groucutt, Managing Director of Databarracks comments exclusively for Security News Desk UK on cybersecurity in the new normalCyber security is an arms-race between legitimate businesses and the cyber criminals. As the attacker’s techniques and skills improve, so do defences.In a 2012 TED talk, the FBI futurologist Marc Goodman drew parallels between the growing prevalence of cyber-crime and earlier criminal
Intelligence forecast sees a post-coronavirus world upended by climate change and splintering societies (Washington Post) U.S. intelligence officials have little comfort to offer a pandemic-weary planet about where the world is heading in the next 20 years. Short answer: It looks pretty bleak.
Marketplace
Atlanta cybersecurity company Pindrop Security raises $6.8M after acquisition (Atlanta Inno) Atlanta-based cybersecurity company Pindrop Security Inc. raised $6.8 million, according to a filing with the U.S. Securities and Exchange Commission.
Israel's ThetaRay mulls listing as cash pours into tech sector (U.S.) Israeli cyber security firm ThetaRay is considering a potential stock market listing, encouraged by investors who have poured money into the technology sector over the past year, its chief executive said on Wednesday.
Recorded Future Invests in Data Security Provider SecurityTrails (PR Newswire) Recorded Future, the world's largest provider of intelligence for enterprise security, today announced it has invested in data security company...
Cofense Acquisition Creates Email Security Solution for MSPs, MSSPs (Channel Futures) Cofense has acquired Cyberfish, resulting in an email security solution for MSPs and MSSPs. Will customers transition from Proofpoint, Mimecast, Symantec?
5 Firms Rep In Cellebrite's $2.4B Go-Public Deal (Law360) Israeli digital investigations support business Cellebrite said Thursday it's going public through a $2.4 billion merger with blank-check company TWC Tech in a transaction led by five law firms.
Council Post: The Secret To A Successful Cyber Security Acquisition: Culture (Forbes) Ultimately, culture is the most important factor in the long-term success of an acquisition — before strategy and before financial alignment.
Cybercom Seeks Support for Joint Cyber Architecture, Network Security Efforts (ExecutiveBiz) U.S. Cyber Command is looking for information on small businesses that can provide technical assista
Okta expects annual revenue to jump by 30% with addition of new products (CNBC) The cybersecurity company said Wednesday it expects revenue for the fiscal year to grow by 30% as it unveiled two new products.
Intercede ends year in line with expectations (Sharecast) Digital identity and mobile security company Intercede is expecting revenues for the year ended 31 March to be around £11m, it said on Wednesday, in line with market expectations and about 6% higher than the previous financial year.
Salient CRGT Awarded $70M in Contracts for US Navy's Naval Education & Training Security Assistance Field Activity (NETSAFA) (Thomasnet) Salient CRGT Awarded 70M in Contracts for US Navys Naval Education Training Security Assistance Field Activity NETSAFA - Salient CRGT
Security researcher earns $100,000 for discovering Safari exploit (iMore) Security researcher Jack Dates discovered a Safari to kernel zero-day exploit at the Zero Day Initiative hackathon event.
WSJ News Exclusive | P&G Worked With China Trade Group on Tech to Sidestep Apple Privacy Rules (Wall Street Journal) Procter & Gamble helped develop an advertising technique being tested in China to gather iPhone data for targeted ads, seeking to find a way around Apple’s new privacy tools, according to people familiar with the matter.
LifeLabs Launches Vulnerability Disclosure Program with Bugcrowd (GlobeNewswire) Leading Canadian laboratory services provider partners with cyber security research community to strengthen security posture and further protect customer data
Secure a career that's committed to you (Allied Universal) We are North America's leading security services provider with more than 265,000 phenomenal employees. At Allied Universal, we pride ourselves on fostering a promote from within culture. There are countless examples of individuals who began their career as Security Professionals and today hold positions on our senior leadership team.
Leading Incident Management Attorney Jon Neiditz Joins Group Salus Adv (PRWeb) Jon Neiditz, one of the country’s preeminent incident management attorneys, has joined the Advisory Board of Group Salus, an Atlanta-startup that is developing an a
Christy Lynch joins deepwatch as CMO (Help Net Security) deepwatch announced the appointment of Christy Lynch as CMO to be responsible for the structure, strategy and execution of marketing efforts.
HUMAN Appoints Cybersecurity Industry Leaders Ann Johnson and Dan Burns to its Board of Directors (Yahoo) HUMAN, a cybersecurity company best known for collectively protecting enterprises from bot attacks, today announced the appointment of Ann Johnson and Dan Burns to its Board of Directors. Johnson and Burns join HUMAN's current board members, including representatives from Goldman Sachs, ClearSky representative Jay Leek, and NightDragon representative Dave DeWalt, who also serves as Vice Chairman of HUMAN. The announcement follows the company's acquisition by Goldman Sachs in partnership with ClearSky Security and NightDragon in December, as well as its recent unveiling of the company name change from White Ops to HUMAN.
ExtraHop strengthens channel leadership with the appointment of Sandra Hilt New Senior Channel Director for EMEA (ResponseSource Press Release Wire) ExtraHop, the leader in cloud-native network detection and response (NDR), today announced that Sandra Hilt has been named Senior Director of EMEA Channel Sales. ...
Cyble Appoints Former General Dynamics Executive James Thornton to Expand Business in North America (BusinessWire) Cyble, an AI-powered, Y Combinator-backed, cyber intelligence company that empowers organizations with darkweb & cybercrime monitoring and mitigat
Products, Services, and Solutions
Introducing TrustGrid™, The World's First Secure Digital Ecosystem (PR Newswire) TrustGrid Pty Ltd today announced the worldwide launch of TrustGrid™, the world's first digital trust ecosystem. With a high degree of privacy,...
Jumio Adds iProov’s Award-Winning Liveness Detection to its KYX Platform (BusinessWire) Jumio, the leading provider of AI-powered end-to-end identity verification and eKYC solutions, today announced the company is partnering with iProov t
Acuant, Microsoft Team On ID Verification (PYMNTS) Identity verification provider Acuant partnered with Microsoft to support secure information exchange and identity verification on the Azure Active Directory.
Nozomi Networks’ Cybersecurity Added to ABB and Tempered Networks (Automation World) Nozomi Network’s real-time network visibility becomes part of ABB’s distributed control system and Tempered Network’s Airwall technology.
Technologies, Techniques, and Standards
Zero Day Initiative — Pwn2Own 2021 - Schedule and Live Results (Zero Day Initiative) Welcome to Pwn2Own 2021! This year, we’re distributed amongst various locations to run the contest, but we’ll be bringing you all of the results live from Austin with love. This year’s event is shaping up to be one of the largest in Pwn2Own history, with 23 separate entries targeting 10 different pr
Pwn2Own 2021 hacking contest ends with a three-way tie (The Record by Recorded Future) The 2021 spring edition of Pwn2Own, the cybersecurity industry's biggest hacking competition, has come to a close today with a three-way tie between Team Devcore, OV, and the duo of security researchers Daan Keuper and Thijs Alkemade.
Pwn2Own 2021: Zoom, Teams, Exchange, Chrome and Edge “fully owned” (Naked Security) Two lucky winners scooped $200k for just 30 minutes’ work – if you don’t count the days, weeks and months of meticulous effort beforehand
Top MSPs on Avoiding the Next SolarWinds, Preparing Security Clients (Channel Futures) Building on our MSPs’ ongoing cybersecurity and threat landscape flags, we checked back in to get a deeper sense of their concerns, including SolarWinds.
What’s Next in Battling Ransomware? Human-driven Threat Hunting (CSO Online) Most organizations can defend against malicious code, but today’s security strategy must monitor for malicious behaviors. The answer: human-driven threat hunting and managed threat response.
How IT can support security in the event of a cyberattack (CIO Dive) CIOs and CISOs operate as separate jobs leading different departments, but with work that overlaps. Who leads what in the event of an attack can become muddled.
From the C-suite to IT: Identifying anomalous behavior to stop digital adversaries in their tracks (Intelligent CIO North America) Orion Cassetto, Director, Product Marketing, Exabeam, surveys the cybersecurity risk to different departments of a business. “The highest-ranking members of a company are often the most lucrative targets for cybercriminals,” he says. Departments within an organization may be easily distinguished by where they are situated in an office building (when we are allowed into our […]
“The WAF Is Dead” (and we know who did it) (Check Point Software) TJ Gonen, Head of Cloud Security Products, Check Point The past couple of decades has turned the Web Application Firewall (WAF) into a ubiquitous piece of
Design and Innovation
India Inc must build digital ethics into its business model: Deloitte, BCIC (Business Standard) Paper cites example of cab aggregator services, where user behaviour and travel patterns ostensibly recorded to improve user experience are actually used to extract more out of the customer
DHS S&T Expands Pilot of Cybersecurity Tech for Emergency Communications Centers (Homeland Security Today) The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) is expanding pilot testing of a technology to improve the cybersecurity defenses of the nation’s emergency communications infrastructure.
NSA gathers together the top minds in what it calls the Science of Security (Federal News Network) Hot Topics on Science of Security (HotSOS), an annual event held by the National Security Agency, will be held online next week.
Facebook hopes tiny labels on posts will stop users confusing satire with reality (The Verge) Facebook wants to make satire more obvious.
Research and Development
Nouvelles technologies – L’ordinateur quantique va-t-il tuer la blockchain? (24 heures) L’avancée de l’informatique quantique ravive les craintes de voir une machine prendre le contrôle de toute l’économie numérique. La blockchain, réputée inviolable, n’échappe pas aux doutes qui pèsent sur la cryptographie actuelle.
Academia
Once again, the kids show their mettle in cybersecurity (Federal News Network) The CyberPatriot national youth cyber defense competition matches teams of middle and high school students who find and fix cybersecurity flaws.
Newest Cyber Warriors Vie For Top NSA Trophy (Breaking Defense) Teams will face a series of rigorous challenges over three days as they compete to win the prestigious NCX trophy.
Education In The Crosshairs Of Cyberattacks (Avast) In addition to the disruption and changes caused by the Covid-19 pandemic, the education sector has been subjected to cyberattacks more than ever before.
Why do higher educational institutions keep getting hacked? (Chemistry World) UK's cyber security centre warns of increasing attacks on university computer networks
Legislation, Policy, and Regulation
U.S.-Russian Relations Will Only Get Worse (Foreign Affairs) Even Good Diplomacy Can’t Smooth a Clash of Interests
Russia Ramps Up Censorship Beef With Twitter Using Deep Packet Inspection Tech (Techdirt.) Over the last decade Russia has accelerated the government's quest to censor the internet. That was most conspicuous with the passage of a 2016 surveillance bill that not only mandated encryption backdoors, but effectively banned VPN providers...
U.S. Senate Unveils Strategy to Counter China With New Bill (Bloomberg) Bill calls for cooperation with allies, investment in U.S.
White House to Seek Industry Input on New Software Security Rules, NSC Official Says (Nextgov.com) The administration wants to make sure the private sector has the ability to weigh in on procurement standards in an impending executive order.
Keynote Session: A Conversation With Anne Neuberger (YouTube) While much of the public’s attention over the last year has been on Russian information operations and threats to election integrity, actors tied to Russian ...
Utility distribution systems 'increasingly at risk' for cyberattacks, GAO report concludes (Utility Dive) Federal security requirements have focused on transmission and generation facilities, but a report from the Government Accountability Office warns of the vulnerability of utility distribution systems.
Why Didn't Government Detect SolarWinds Attack? (BankInfoSecurity) Two senators are pressing the Department of Homeland Security to explain why its Einstein system failed to detect the SolarWinds supply chain breach that affected
Frances Townsend and Jim Stavridis on maintaining U.S. technological superiority (CBS News) On "Intelligence Matters," former top national security officials discuss the American Edge Project, a political advocacy group promoting investment in U.S. innovation and technology, with host Michael Morell
Litigation and Enforcement: Virginia Consumer Data Protection Act Series (Part Five) (JD Supra) Like the California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act of 2020 (CPRA), the Virginia Consumer Data Protection...
Former DARPA Head Victoria Coleman Assumes Air Force Chief Scientist Post - Executive Gov (Executive Gov) Victoria Coleman, former head of the Defense Advanced Research Projects Agency, has assumed her new
Litigation, Investigation, and Law Enforcement
Customs and Border Protection Paid $700,000 to Encrypted App Wickr (Vice) Motherboard has found procurement records detailing Wickr's first public U.S. law enforcement contract.
Ledger Faces Class-Action Lawsuit for 2020 Data Breach (Finance Magnates) Leaked data of around a quarter-million Ledger customers were published online in December.
Cellebrite helps Brazilian police arrest murder suspects after recovering data from locked iPhones (9to5Mac) Cellebrite is an advanced and controversial tool that has been used by law enforcement officers to crack the iPhone security on multiple occasions. Today Brazilian police confirmed that they used this tool to unlock the iPhones of two child murder suspects who were arrested after important messages were recovered from their devices. The Rio de […]
Italian charged with hiring “dark web hitman” to murder his ex-girlfriend (Naked Security) Fortunately, this suspect wasn’t as anonymous as he thought…
Civil rights groups flagged dozens of anti-Muslim pages and groups to Facebook that stayed up, lawsuit alleges (Washington Post) The civil rights group Muslim Advocates, along with an academic, have flagged over 225 anti-Muslim pages to Facebook that they claim violate its hate speech policies since 2017. Many are still up.
Kemper Hit With Auto Consumer Class Suit Over Data Breach - Law360 () A group of consumers slapped Kemper Corp. and Infinity Insurance Co. with an Illinois federal proposed class action on Thursday, alleging the auto insurers are responsible for ongoing credit monitoring services following a data breach of the consumers' personal information.
Daily Mail Writer Dodges Ex-Rep. Hill's Revenge Porn Suit (Law360) A California judge on Thursday tossed claims that a Daily Mail writer violated the state's revenge porn law by distributing nude photos of former U.S. Rep. Katie Hill, expressing her remorse for Hill but standing by her decision that the journalist was reporting news of public concern.
Noom Sheds Wiretapping Claims But May Gain Them Back (Law360) A California federal judge dismissed a proposed class action Thursday against online weight loss application Noom and software company FullStory alleging they illegally wiretap Noom users, saying that Noom cannot be aiding and abetting any alleged wrongdoing because FullStory is just a software vendor that is not participating in anything illegal.