Attacks, Threats, and Vulnerabilities
Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities to Com (National Security Agency Central Security Service) The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) jointly released a Cybersecurity Advisory, “Russian SVR
Russian SVR Targets U.S. and Allied Networks (NSA | CISA | FBI) Russian Foreign Intelligence Service (SVR) actors (also known as APT29, Cozy Bear, and The Dukes) frequently use publicly known vulnerabilities to conduct widespread scanning and exploitation against vulnerable systems in an effort to obtain authentication credentials to allow further access. This targeting and exploitation encompasses U.S. and allied networks, including national security and government-related systems.
Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities to Compromise U.S. and Allied Networks | Federal Bureau of Investigation (Federal Bureau of Investigation) The NSA, CISA, and FBI jointly released a cybersecurity advisory to expose ongoing SVR exploitation of five publicly known vulnerabilities. This advisory is being released alongside the U.S. government’s formal attribution of the SolarWinds supply chain compromise and related cyber espionage campaign.
Answer given by Mr Hahn on behalf of the European Commission (European Commission) The Computer Emergency Response Team of the EU Institutions, Bodies and Agencies (CERT-EU) is aware that 14 Institutions, Bodies or Agencies (EUIBAs) use SolarWinds Orion product, and that at least 6 of them have been affected by the hack. For those affected, the level of compromise varies significantly, from no impact to significant impact.
NSA: Top 5 vulnerabilities actively abused by Russian govt hackers (BleepingComputer) A joint advisory from the U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) warn that the Russian Foreign Intelligence Service (SVR) is exploiting five vulnerabilities in attacks against U.S. organizations and interests.
Natanz attack hit 50 meters underground, destroyed most of the facility (The Jerusalem Post) The attack was reportedly carried out through a remotely detonated device smuggled into the facility.
The Bomber Always Gets Through (Medium) Analysis on the 2021 Natanz attacks from someone who worked on S
A Microsoft Swing and a Google Miss: Spoofed Pages Get to the Inbox (Avanan) A spoofed Microsoft credential harvesting page gets by Google's scanners.
PhishGun: How Phishing Attacks From Services Like Mailgun Bypass Microsoft 365 Security (Avanan) Avanan uncovered an attack that utilizes the email service Mailgun. Because Mailgun allows users to set a different field in the from and sender fields, it can be used for impersonation attacks that bypass Microsoft.
IcedID malware gang positioning itself as one of the Emotet replacements (The Record by Recorded Future) The IcedID malware gang has ramped up operations over the past few weeks in an attempt to position itself as one of the contenders to fill the void left in the cybercriminal underground following the takedown of the Emotet botnet in January this year.
Another Chrome and Edge exploit published online as browser makers deal with patch gap issues (The Record by Recorded Future) For the second time this week, a security researcher has published proof-of-concept (PoC) code that can exploit and run malicious code inside Chromium-based browsers like Chrome, Edge, Vivaldi, and Opera.
Capcom Says Older VPN Device at Heart of Ransomware Attack (SecurityWeek) Capcom says data of 15,649 people was compromised and its internal systems are near to completely restored.
IoT bug report claims “at least 100M devices” may be impacted (Naked Security) The programmers among us are learning… but not always quickly enough, it seems. Here’s some food for coding thought…
At Least 100 Million Devices Affected by "NAME:WRECK" DNS Flaws in TCP/IP Stacks (SecurityWeek) The NAME:WRECK vulnerabilities could be abused to cause denial of service, execute arbitrary code remotely, or take control of vulnerable devices.
New Study From Arkose Labs Reveals That Businesses Underestimate (MarTech Series) Arkose Labs, a provider of online fraud and abuse prevention technology, today released study findings around account takeover (ATO) fraud and how businesses are dealing with this threat. The study included more than 100 IT executives at U.S. companies in over a dozen industries ranging
Facebook data leak affects 188,000 in Luxembourg, PM says (Luxembourg Times) Xavier Bettel was reportedly among those whose details were shared
Threat Actors Pair Tax-Themed Lures With COVID-19, Healthcare Themes (Proofpoint) On 30 March 2021, the United States Internal Revenue Service (IRS) issued a security alert detailing an ongoing email-based IRS impersonation campaign primarily targeting educational institutions. Impacted people included university and college students and staffers using “.edu” email addresses.
The airport isn’t just a fabulous place to sponge up bacteria, but also private data about passengers (USA TODAY) The airport isn’t just a fabulous place to sponge up bacteria, but also private data about passengers
Four out of 10 mobile phones vulnerable to cyber-attacks, reveals new report (The Financial Express) With malware increasing and numerous reports on data breach surfacing, some alarming details have come out.
Update: Security Notification - March 2021 (ParkMobile Support) In keeping with our commitment to transparency, we want to share an update on the cybersecurity incident we announced last month. Our investigation concluded that encrypted p...
NBA’s Houston Rockets Face Cyber-Attack by Ransomware Group (Bloomberg) Basketball team says security experts, FBI are investigating.
Cyber Attack Against Hillborough Schools Forces Day 3 of Virtual Learning (TAPinto) Efforts to recover from Monday's cyber attack against the school district's computer network continue, with another day of virtual learning scheduled for Thursday.
Data breaches by Revenue: Bungling officials sent ex-wife info on former husband (Irish Mirror) Another breach involved a staff member’s exam results mistakenly sent to a third party
Tax Season Is Phishing Season for Email Scammers (GreatHorn) If historical trends are any indication, there will be no let-up on the pressure that cybercriminals put on email users each year at tax time. Read our blog and learn how to protect yourself from the scammers.
Security Patches, Mitigations, and Software Updates
Adobe Patches Critical Code Execution Vulnerabilities in Photoshop, Bridge (SecurityWeek) Adobe has patched vulnerabilities in four of its products, including critical code execution flaws in Photoshop and Bridge.
Another Critical Vulnerability Patched in SAP Commerce (SecurityWeek) On its April 2021 Security Patch Day, SAP released 14 security notes and 5 updates to previously released notes.
Siemens Releases Several Advisories for 'NAME:WRECK' Vulnerabilities (SecurityWeek) Siemens released 14 new advisories on Tuesday, including five describing NAME:WRECK vulnerabilities.
Google Patches More Under-Attack Chome Zero-days (SecurityWeek) A new Google Chrome point-update to patch a pair of under-attack security vulnerabilities affecting Windows, MacOS and Linux users
New Research Indicates Nearly 80 Percent of Top U.S. Energy Companies Are at Serious Risk for Cyber Attacks (CSC) In light of the Biden administration’s recent efforts in protecting critical infrastructure from cyber threats, new research from CSC indicates that a majority of the top energy companies* in the U.S. are vulnerable to attack due to shortcomings in their online operations.
F Secure Oyj : CISOs face constant dilemmas to avoid drowning in their ‘security debt' (MarketScreener) 'Despite pervasive 'security debt' and reporting a rising number of cyber attacks, CISOs say that say the number of incidents, which includes a breach or unauthorized access to a... | April 15, 2021
Prey Software Report Finds 43.13% of workers will stay remote after the pandemic ends (GlobeNewswire) 67% of IT Professionals Concerned with Remote Workplace Endpoint Misuse
Americans Get an F on Digital Privacy Knowledge (Security.org) Today’s ecosystem of personalized online content is powered in great part by smartphone apps, many of which are constantly collecting data about their users. For consumers, it can be hard to tell how much they’re collecting and where it’s going. A prior study from Pew Research Center confirmed what many of us might think: that … Continued
Microsoft Continues to be Most Imitated Brand for Phishing Attempts in Q1 2021 (Check Point Software) Check Point Research issues Q1 Brand Phishing Report, highlighting the leading brands that hackers imitated in attempts to lure people into giving up
Survey: The State of Cybersecurity Training 2021 (TalentLMS Blog) Despite companies’ cybersecurity training efforts, 61% of employees failed a basic cybersecurity quiz, and COVID-19 has created new vulnerabilities.
Cybersecurity VC Funding Hit Record in 2020 With $7.8 Billion Invested (SecurityWeek) Despite the coronavirus pandemic, 2020 was a record year for cybersecurity in terms of VC funding, reaching $7.8 billion invested globally.
B2B Marketplace Bizongo Fixes Leak That Exposed 2.5 Mn Customer Files (Inc42 Media) The cybersecurity vulnerability within the Indian tech ecosystem is growing wider and more apparent by the day, with another report of data leak surfacing this week.
PlexTrac Closes $10 Million Round to Fuel Growth of Cybersecurity Workflow Platform (Yahoo) PlexTrac announces $10 million in Series A from Madrona Venture Group & Noro Moseley for Cybersecurity Workflow Platform
VMware is spinning off from Dell Technologies and will pay out a $12 billion cash dividend (Silicon Valley Business Journal) VMWare will maintain after the move a partnership with Dell, which has helped boost its sales.
Axis Security Selected as Finalist for RSA Conference 2021 Innovation Sandbox Contest (Axis Security) Axis App Access Cloud Recognized for Simple, Secure Approach to Enterprise Remote Access
Products, Services, and Solutions
Zimperium and Ping Identity Extend Zero Trust Controls to the Most Vulnerable Endpoint: Mobile (Zimperium Mobile Security Blog) Integration of Zimperium’s mobile device risk attestation into the PingFederate platform enables real-time Zero Trust authorizations and access to corporate resources.
Inkscreen Partners with Vertosoft to Deliver Industry’s Most Secure Mobile Camera App to the U.S. Government (BusinessWire) Vertosoft to offer Inkscreen's CAPTOR mobile camera app to help employees keep government images and data secure and meet compliance regulations
ThycoticCentrify Releases Enhancements to Secret Server to Strengthen Management of Enterprise Secrets (PR Newswire) ThycoticCentrify, a leading provider of cloud identity security solutions, today announced the latest release of its award-winning privileged...
Addressing Audit Log Storage for U.S. Federal Government Customers (Microsoft) At Microsoft, we offer a rich set of robust security and compliance capabilities in Office 365 and Microsoft 365.
Gigamon Partners with Riverbed to Radically Simplify Hybrid Cloud Deployment, Monitoring and Management (BusinessWire) Gigamon, the cloud leader in visibility and analytics, announced a partnership with Riverbed in support of the recent Gigamon Hawk launch.
Digital Guardian Launches Industry-first DLP-as-a-Service for Midmarket Enterprises (Digital Guardian) North American Channel Program Delivers Cloud-based Managed Security Solution and Enterprise-class Data Protection to Midsize Organizations
CipherTrace Introduces Compliance Solutions for DEX and DeFi Protocol Using Chainlink Network (CTOvision.com) CipherTrace, a leading crypto intelligence company has launched its new compliance solution CipherTrace DeFi Compli that helps decentralized exchanges (DEXs) and DeFi applications to abide by the rules and regulations of the Office of Foreign Assets Control (OFAC). This is a big step towards bringing legitimacy to the fastly evolving DeFi space. The CipherTrace DeFi Compli
Code42 Announces Its Accelerate Partner Program, Increases Partners on Board over 200% (BusinessWire) Code42 unveiled Accelerate, its channel partner program that is revolutionizing a market and taking Insider Risk Management mainstream.
Technologies, Techniques, and Standards
Rippling Cyberattacks Force Corporate Boards to Rethink Risk (Bloomberg Law) Corporate boards, in the wake of cyberattacks on software providers SolarWinds Corp. and Microsoft Corp., are seeking out expertise from consultants, lawyers and associations that offer cybersecurity training—an oversight boost that could cushion them legally in the event they’re sued or penalized by regulators after a breach.
ioXt Alliance Expands Certification Program for Mobile and VPN Security (ioXt) The ioXt Alliance, the Global Standard for IoT security, today announced that it is expanding its ioXt Compliance Program with a new mobile application profile with added requirements for virtual private network (VPN) applications.
Prevalent Study Reveals Few Companies Are Expanding Third-Party Risk Management Programs Despite Increasing Threats (Prevalent) Less Than Half of Respondents Report Tracking Non-Cybersecurity Reputation Risks
The 2021 Prevalent Third-Party Risk Management Study: Looking Beneath the Cyber Risk Surface (Prevalent) In February and March 2021, Prevalent conducted a study on current trends, challenges and initiatives impacting third-party risk management practitioners worldwide.
NATO Wargame Examines Cyber Risk to Financial System (Wall Street Journal) One of the world’s largest cyber wargames is, for the first time, specifically exploring how banks and other financial institutions might respond to a widespread physical and cyber conflict.
Why Security Awareness Training is a Top Cybersecurity Investment for Business (Digital Journal) Trying to stay at the cutting edge of cybersecurity often means utilizing some of the most advanced tools in the business: nowadays, automation and AI have been integrated into many modern cybersecurity defense systems, allowing them to draw on data from threats around the world to create a more effective and efficient defense.
Design and Innovation
US military to blend electronic warfare with cyber capabilities (C4ISRNET) With more sophisticated threats, the military wants to blur the line between electronic warfare and cyber operations.
Strategy in the Artificial Age: Observations From Teaching an AI to Write a U.S. National Security Strategy (War on the Rocks) Words matter to members of the U.S. defense establishment, especially if those words are found in official documents like the National Security Strategy
Singapore's deputy cyber chief on how the city-state became a laboratory for security initiatives (The Record by Recorded Future) Last spring, professional services firm Deloitte published a study that ranked Singapore as the most exposed country to cyberattacks in the Asia-Pacific region.
Research and Development
Quantum cryptography with highly entangled photons from semiconductor quantum dots (Science Advances) Semiconductor quantum dots are capable of emitting polarization entangled photon pairs with ultralow multipair emission probability even at maximum brightness.
Cyberattacks Are Spiking. Colleges Are Fighting Back. (Chronicle of Higher Education) The message, emailed to thousands of students and employees at the University of Colorado’s Boulder campus last week, was alarming. Their personal information, including addresses, phone numbers, Social Security numbers, academic progress reports, and financial documents, had been stolen, and their university was refusing to cooperate with extortion demands. As a result, the data was starting to be posted on the dark web, the shadowy back channel of the internet where cybercriminals lurk.
Legislation, Policy, and Regulation
EU set to ban AI use for 'indiscriminate surveillance' (Computing) The draft proposal would also ban algorithms that judge people's trustworthiness based on their social behaviour
US intelligence chiefs: 'We don't know' Putin's reason for military buildup on Ukrainian border (Washington Examiner) Russian President Vladimir Putin’s reason for a major military buildup on Ukrainian borders remains a mystery, U.S. intelligence officials told lawmakers.
FACT SHEET: Imposing Costs for Harmful Foreign Activities by the Russian Government (The White House) The Biden administration has been clear that the United States desires a relationship with Russia that is stable and predictable. We do not think that we
US expels Russian diplomats, imposes new round of sanctions (AP NEWS) The Biden administration on Thursday announced the expulsion of 10 Russian diplomats and sanctions against dozens of people and companies as it moved to hold the Kremlin...
U.S. to Sanction Russia, Expel Diplomats Over Alleged Election Interference, Hacking (Wall Street Journal) The Biden administration will impose a range of retaliatory measures against Russia, which are expected include the expulsion of 10 officials and expanded prohibitions on U.S. banks trading in Russian government debt.
Biden administration imposes significant economic sanctions on Russia over cyberspying, efforts to influence presidential election (Washington Post) The Biden administration on Thursday imposed the first significant sanctions targeting the Russian economy in several years in order to punish the Kremlin for a cyberespionage campaign against the United States and efforts to influence the presidential election, according to senior U.S. officials.
US government to announce Russian sanctions in response to cyber attacks (Computing) The sanctions will target Russian diplomats in the USA, as well as threatening the country's wider economy by banning the purchase of ruble bonds
Biden to unveil Russia sanctions over SolarWinds hack and election meddling (the Guardian) Package of sanctions expel 10 officials and follows massive US government cybersecurity breach
Treasury Escalates Sanctions Against the Russian Government’s Attempts to Influence U.S. Elections | U.S. Department of the Treasury (US Department of the Treasury) Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) took sweeping action against 16 entities and 16 individuals who attempted to influence the 2020 U.S. presidential election at the direction of the leadership of the Russian Government.
Iran’s Top Leader Signals That Nuclear Talks Will Resume Despite Natanz Sabotage (New York Times) The declaration by Ayatollah Ali Khamenei appeared to put to rest any speculation that Iran would boycott or quit the Vienna talks aimed at saving the nuclear deal.
Timeline: Iran-Israel Tensions Since Natanz Blast (Barron's) A recap of the main developments since Sunday's explosion at Iran's Natanz uranium enrichment plant, which Tehran blames on Israel:
Israel on High Alert After Natanz Blast (RealClearPolitics) Israel on High Alert After Natanz Blast | RealClearPolitics
China says time to up pace on Iran negotiations after Natanz disruption (Reuters) China's envoy to the Iran nuclear talks said on Thursday that there had been enough disruptions in efforts to revive nuclear talks and that the pace of negotiations now needed to be increased notably on the issue of U.S. sanctions lifting.
White House Rushes to Strengthen Security of U.S. Power Grid as Hacking Threats Grow (Insurance Journal) A White House plan to rapidly shore up the security of the U.S. power grid will begin with a 100-day sprint, but take years more to transform utilities'
Agencies Have Till Midnight April 15 to Apply New Microsoft Exchange Patches (Nextgov.com) Four of the 95 vulnerabilities Microsoft released as part of its monthly “patch Tuesday” were identified by the National Security Agency.
Why the U.S. Shouldn’t Play Games with Cyberwarfare as its Power Declines (The Good Men Project) Cybersecurity threats are emerging as one of the most serious challenges of the 21st century. The U.S. And its NATO allies have turned down every attempt within the un framework for banning cyberweapons.
Nakasone deflects senators' invitations to seek domestic spying powers (FCW) Lawmakers have continued to prod the NSA chief to request new surveillance authorities that might prevent another SolarWinds-type breach.
No Domestic Surveillance Authorities Needed, NSA Director Reiterates (Nextgov.com) Instead, Gen. Paul Nakasone and other intelligence community leaders want better public-private partnerships to address “blind spots” in the cyber realm.
Republican lawmakers warn of China using U.S. software to develop weapons (Washington Post) In a letter to Commerce Secretary Gina Raimondo, Sen. Tom Cotton and Rep. Michael T. McCaul called for new limits on Chinese companies' use of certain U.S. software tools.
Letter to the Secretaries of Homeland Security and Commerce (Committee on Homeland Security, US House of Representatives) Dear Secretary Mayorkas and Secretary Raimondo, As you are aware, the security of our nation’s information and communications technology (ICT) supply chain is critical to nearly every aspect of our lives
Wyden urges ban on sale of Americans’ personal data to ‘unfriendly’ foreign governments (Washington Post) The proposal would treat Americans’ personal data with the same caution as powerful weaponry, blocking sales to countries deemed potential security threats
Litigation, Investigation, and Law Enforcement
Social Media Plays Key Role for Domestic Extremism, FBI Director Says (Wall Street Journal) Christopher Wray’s warning comes amid a rise in homegrown attacks.
The FBI wanted to unlock the San Bernardino shooter’s iPhone. It turned to a little-known Australian firm. (Washington Post) Azimuth unlocked the iPhone at the center of an epic legal battle between the FBI and Apple. Now, Apple is suing the company co-founded by one of the hackers behind the unlock.
FBI Agents Secretly Deleted Web Shells From Hacked Microsoft Exchange Servers (SecurityWeek) FBI agents executed a court-authorized cyber operation to delete malicious web shells from hundreds of previously hacked Microsoft Exchange servers in the United States.
DPC launches inquiry into Facebook in relation to a collated dataset of Facebook user personal data made available on the internet (Data Protection Commission) The Data Protection Commission (DPC) today launched an own-volition inquiry pursuant to section 110 of the Data Protection Act 2018 in relation to multiple international media reports, which highlighted that a collated dataset of Facebook user personal data had been made available on the internet.
Irish regulator opens GDPR inquiry into Facebook data leak (Computing) Facebook could face a financial penalty of up to 4 per cent of its $86 billion global revenue
Irish watchdog opens another Facebook probe, over data dump (Washington Post) Ireland’s privacy regulator said Wednesday it has opened an investigation into Facebook after data on more than 500 million users was reportedly found dumped online, in a suspected violation of strict European Union privacy rules.