Attacks, Threats, and Vulnerabilities
SolarWinds: US and UK blame Russian intelligence service hackers for major cyberattack (ZDNet) US agencies NSA, FBI and CISA, along with the UK's NCSC, accuse 'Cozy Bear' Russian APT group of campaigns against SolarWinds. Organisations are urged to patch the five VPN and cloud vulnerabilities being exploited in ongoing attacks.
Russia hits out at UK support for US sanctions over hacking (the Guardian) UK’s release of details on Russian cyber-espionage ‘nothing more than an attempt to play along with’ US
The SolarWinds Hack Is Just the Beginning (Foreign Affairs) The United States must learn to live with cyber-espionage.
How the Kremlin provides a safe harbor for ransomware (Star Tribune) A global epidemic of digital extortion known as ransomware is crippling local governments, hospitals, school districts and businesses by scrambling their data files until they pay up. Law enforcement has been largely powerless to stop it.
Meet the Ransomware Gang Behind One of the Biggest Supply Chain Hacks Ever (Vice) A gang nicknamed Cl0p, FIN11, and TA505 has been hacking and extorting hundreds of companies for years.
NSA: Russian Hackers Exploiting VPN Vulnerabilities - Patch Immediately (SecurityWeek) The NSA warned that five vulnerabilities in corporate VPN infrastructure products are being exploited by Russian hackers, and urging organizations to patch immediately.
Pentagon believes it escaped unscathed from SolarWinds, Microsoft hacks (Federal News Network) Although vulnerabilities stemming from both companies software were present on hundreds of DoD systems, officials say there’s no evidence that cyber adversaries actually exploited them.
Iran nuclear chief says 60% enrichment has started at Natanz site (Reuters) Iran has begun 60% uranium enrichment at its Natanz plant, the country's nuclear chief said on Friday, days after an explosion at the site that Tehran blamed on Israel.
An Update: The COVID-19 Vaccine's Global Cold Chain Continues to Be a Target (Security Intelligence) In December 2020, the COVID-19 cold chain was targeted by cyber adversaries. IBM Security X-Force discovered another 50 files tied to spear-phishing emails.
IBM: 44 Organizations Targeted in Attacks Aimed at COVID-19 Vaccine Cold Chain (SecurityWeek) More than 40 organizations have been targeted in a global campaign focused on the COVID-19 vaccine cold chain infrastructure
Pandemic Pushes Bot Operators to Redirect Efforts (Dark Reading) As demand for travel, lodging, and concerts plummeted in 2020, bot traffic moved to more popular activities, such as e-commerce, healthcare, and government sites.
Claroty Discloses OpENer ENIP/CIP Stack Vulnerabilities (Claroty) Claroty's researchers disclosed details on vulnerabilities that have been patched in the OpENer ENIP/CIP protocol stack.
Domain Name Security Neglected by U.S. Energy Companies: Report (SecurityWeek) A majority of the largest energy companies in the US don’t properly protect their domain names, according to a new report.
Crypto-jacker targets unpatched MS Exchange servers (ITWeb) Sophos has detected a compromised Microsoft Exchange server hosting a crypto-jacker.
Attackers Target ProxyLogon Exploit to Install Cryptojacker (Threatpost) Threat actors targeted compromised Exchange servers to host malicious Monero cryptominer in an “unusual attack,” Sophos researchers discovered.
Amazon Data Leak: Users report phishing and scam calls where scamsters know exact order details (CIOL) This time, many users have reported that they have received calls impersonating Amazon stating that they have won a prize where they know all order details.
A Tale of 3 Data 'Leaks': Clubhouse, LinkedIn, Facebook (BankInfo Security) Criminals love to amass and sell vast quantities of user data, but not all data leaks necessarily pose a risk to users. Even so, the ease with which would-be
University of Hertfordshire cancels live online teaching following cyber attack (Computing) Hertfordshire the latest in a series of cyber attacks on educational institutions in the UK over the past few months
Swinburne sorry over personal data breach (The Times) A Melbourne university has been forced to apologise after thousands of its staff and students had their personal details inadvertently shared online in a data...
Swinburne sorry over personal data breach (Yahoo) A Melbourne university has been forced to apologise after thousands of its staff and students had their personal details inadvertently shared online in a data breach.Swinburne University on Friday revealed 5200 staff, 100 students and 200 others from outside the institution had their personal information made available on internet forums.
Swinburne University data breach exposes details of 5000 staff, students (iTnews) Seven years of event registrations found online.
Swinburne University confirms over 5,000 individuals affected in data breach (ZDNet) University confirms the personal information included in the breach contained names, email addresses, and phone numbers of some staff, students, and external parties
More than 300,000 personal records compromised in CU Boulder data breach (KKTV) The University of Colorado is dealing with what may be the largest data breach that comprimised personal records in the universities history.
New Jersey School Districts Investigate Cyber-Attacks (Infosecurity Magazine) Two Somerset County school districts suspect they were targeted by cyber-criminals
Parking app breach affects 20 million users, including Pittsburgh Parking Authority customers (TribLIVE.com) More than 20 million users of an app used to pay for parking were exposed to a data breach last month, the company that administers the app said. Included among them are those who use the Pittsburgh Parking Authority’s app, Go Mobile Pittsburgh. The data that was accessed includes license
Data breach of thousands of Chattanooga Library card owners revealed (WRCB TV) The Chattanooga Library revealed the private information of around 5,000 library cardholders had been exposed online since October 2020, an IT team they work with catching this mistake only last week.
Security Patches, Mitigations, and Software Updates
Google's Project Zero updates vulnerability disclosure rules to add patch cushion (The Record by Recorded Future) The Google Project Zero security team has updated its vulnerability disclosure guidelines today to add a cushion of 30 days to every security bug disclosure, so end-users have enough time to patch software and prevent attackers from weaponizing bugs.
Google's Project Zero trials 120 day disclosure window for new software flaws | IT PRO (IT PRO) The policy change aims to encourage businesses to apply patches while reducing the risk of opportunistic attacks
Google Brings 37 Security Fixes to Chrome 90 (Dark Reading) The latest version of Google Chrome also introduces HTTPS as the browser's default protocol.
EIPStackGroup OpENer Ethernet/IP (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.2
ATTENTION: Exploitable remotely/low attack complexity
Vendor: EIPStackGroup
Equipment: OpENer EtherNet/IP
Vulnerabilities: Incorrect Conversion Between Numeric Types, Out-of-bounds Read, Reachable Assertion
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could cause a denial-of-service condition and data exposure.
Schneider Electric C-Bus Toolkit (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Schneider Electric
Equipment: C-Bus Toolkit
Vulnerabilities: Improper Privilege Management, Path Traversal
2. RISK EVALUATION
Successful exploitation of these vulnerabilities may allow remote code execution.
Trends
Prevalent Study Reveals Few Companies Are Expanding Third-Party Risk Management Programs Despite Increasing Threats (Prevalent) Less Than Half of Respondents Report Tracking Non-Cybersecurity Reputation Risks
The 2021 Third-Party Risk Management Study (Prevalent) This definitive report from Prevalent is loaded with insightful data, analysis and recommendations from our survey of global risk management practitioners.
Marketplace
How the Indian cybersecurity sector is poised to touch a pinnacle in the new normal: Investor Insights (YourStory.com) The digital push by the government is changing the way businesses are run in the country, and with growing cyberattack threats, more businesses are emphasizing proper cybersecurity protection.
US sanctions six tech firms for supporting Russian intelligence services (Computing) Named firms are Positive Technologies, ERA Technopolis, Neobit, Advanced System Technology (AST), Pasit and SVA
The $1 billion Russian cyber company that the US says hacks for Moscow (MIT Technology Review) The hackers at Positive Technologies are undeniably good at what they do. The Russian cybersecurity firm regularly publishes highly-regarded research, looks at cutting edge computer security flaws, and has spotted vulnerabilities in networking equipment, telephone signals, and electric car technology. But American intelligence agencies have concluded that this $1 billion company—which is headquartered in Moscow,…
U.S. Says Russian Cyber Firm Provided Venue for Recruiting Spies (Wall Street Journal) The U.S. government said that conferences operated by Positive Technologies serve as recruitment grounds for Russian intelligence, and accused the company of supporting the Kremlin’s spy agencies.
Reddit Launches Public Bug Bounty Program (SecurityWeek) Reddit offers up to $10,000 for critical vulnerabilities that could be exploited for bulk data compromise.
New top executive named at AssuredTek (Rome Daily Sentinel) AssuredTek, a growing company which supports and defends business systems, networks and assets using an array of technology and professional services, has announced that Keith Hall has been named the …
Products, Services, and Solutions
NVIDIA Unveils 'Morpheus' Cybersecurity Framework (SecurityWeek) NVIDIA unveils Morpheus, a cloud-native application framework designed to help cybersecurity providers analyze more data without sacrificing performance.
Nixu Gets to Grips with Cybersecurity challenges in the Industrial Internet (MyTechMag) Nixu is investing in the development of cybersecurity services for the internet of things (IoT) by setting up a start-up business unit to accelerate its IoT business.
BioCatch adds real-time risk notifications (Planet Biometrics News) Article Details
Bowsher IT Chooses Comodo's All-Inclusive Cybersecurity Platform to Protect Clients (PR Newswire) Bowsher IT chose to implement Comodo's Dragon technology to provide them a solid structure as an MSP. Comodo gives Bowsher IT access to a...
Medtronic partners with cybersecurity startup Sternum to protect its pacemakers from hackers (TechCrunch) If you think cyberattacks are scary, what if those attacks were directed at your cardiac pacemaker? Medtronic, a medical device company, has been in hot water over the last couple of years because its pacemakers were getting hacked through their internet-based software updating systems. But in a ne…
Technologies, Techniques, and Standards
Google backs new security standard for smartphone VPN apps (ZDNet) The Google One VPN app gets a tick of approval from the Internet of Secure Things Alliance.
New Report from Omada and ESG (Omada) Report from Omada and ESG Finds Modern Identity Governance Administration Key to a Zero Trust Strategy
CREST Launches Remote Audit Facility for SOC Accreditation (PR Newswire) CREST, a not-for-profit accreditation and certification body representing the technical information security industry, today announced a new...
Mobile app security standard for IoT, VPNs proposed by group backed by Big Tech (Register) ioXt Alliance aims to bring 'transparency and visibility'
InfraGard Marks 25 Years: Protecting the Country’s Critical Infrastructure Through Partnerships (Homeland Security Today) In 1996, a small group of private sector and government officials began working with the FBI’s Cleveland Field Office to help identify cyber threats to the country.
The Pentagon’s next move in expanding zero trust (C4ISRNET) The U.S Department of Defense wants to take further steps to advance zero-trust cybersecurity architectures across the department.
NATO to improve cyber defense in bid to boost alliance resilience (C4ISRNET) Senior officials urge new steps in protecting key infrastructure against cyberattacks, as the coronavirus pandemic has forced an even greater reliance on data connectivity in all sectors of society.
FS-Isac leads financial sector response to Nato cyber wargarme (Finextra Research) FS-ISAC, the only global cyber intelligence sharing community solely focused on financial services, announced today its leadership role in devising the financial sector’s scenario during this year’s NATO Cyber Defence Centre of Excellence (CCDCOE) Exercise Locked Shields, taking place 13-16 April.
Research and Development
Senators push quantum computing at DoD (C4ISRNET) New legislation aims to boost America's global competitiveness in quantum computing technology.
Academia
Blue Hens capture the flag (University of Delaware) Inaugural UD cybersecurity competition engages more than 2,000 participants
ASMS Computer Science Instructor Named Cyber Security Teacher of the Year (Opelika Observer) Deborah Gray, computer science instructor at the Alabama School of Mathematics and Science (ASMS) was recognized as Teach Cyber’s 2020 Cyber Security Teacher of the Year with the “Pathways to Cybersecurity” Award.
Legislation, Policy, and Regulation
Declaration by the High Representative on behalf of the European Union expressing solidarity with the United States on the impact of the SolarWinds cyber operation (European Council) The EU issued a declaration expressing its solidarity with the United States on the impact of malicious cyber activities, notably the SolarWinds cyber operation, which, the United States assesses, has been conducted by the Russian Federation.
Data Is Power (Foreign Affairs) If the United States does not shape new rules for the digital age, others will.
Biden calls for de-escalation with Russia following sanctions, proposes meeting with Putin (NBC News) President Joe Biden has characterized Russian President Vladimir Putin as a "killer" and said he would "pay the price" for a range of malicious activities Washington blames on Moscow.
White House formally blames Russian intelligence service SVR for SolarWinds hack (The Record by Recorded Future) In a press release today announcing a broad set of sanctions against the Russian government, the Biden administration has formally named the Russian Foreign Intelligence Service, also known as the SVR, as the perpetrator of the 2020 SolarWinds Orion supply chain attack.
U.S. Slaps Wide-Ranging Sanctions on Moscow—but Stops Short of Killer Blow (Foreign Policy) The Biden administration takes a novel, broad-brush approach to Russia’s nefarious activity.
Biden administration imposes significant economic sanctions on Russia over cyberspying, efforts to influence presidential election (Washington Post) The Biden administration on Thursday imposed the first significant sanctions targeting the Russian economy in several years to punish the Kremlin for a cyberespionage campaign against the United States and efforts to influence the presidential election, according to senior U.S. officials.
US Expels Russian Diplomats, Imposes Sanctions for Hacking (SecurityWeek) The Biden administration on announced the expulsion of 10 Russian diplomats and sanctions against nearly three dozen people and companies over election interference and the hacking of federal agencies.
US Slaps Russia With Sanctions Plus For SolarWinds Hack (Breaking Defense) The White House Executive Order comes on the same day that CISA and CNMF issue SolarWinds-related malware analysis and NSA-CISA-FBI issue a joint advisory warning of ongoing SVR exploitation of known vulnerabilities in common products.
FAST THINKING: Biden hits back at Putin (Atlantic Council) Today the Biden administration hit thirty-two Russian government officials and entities, plus six companies, with economic sanctions.
The Biggest Security Threats to the US Are the Hardest to Define (Wired) In a Senate briefing, the heads of the major intelligence agencies warned the public about dangers that offer no easy solutions.
Do continued EU data flows to the United Kingdom offer hope for the United States? (Atlantic Council) Brussels separately is moving ahead to enable unrestricted data flows with two major trading partners: the UK and the Republic of Korea.
Republican lawmakers reintroduce bill to ban TikTok on federal devices (TheHill) Sen. Josh Hawley (R-Mo.) led a group of Senate Republicans on Thursday in reintroducing legislation to ban the use of social media app TikTok on federal government devices, citing potential national security concerns.
U.S. China hawks seek to cut sales of chip-making tools to Beijing (Reuters) Congressional China hawks are urging the Biden administration to restrict sales of chip-making tools to Chinese companies, similar to an action taken against telecommunications equipment maker Huawei Technologies Co (HWT.UL).
CISA Receives 2021 Public Integrity Award from American Society for Public Administration (Homeland Security Today) The Cybersecurity and Infrastructure Security Agency (CISA) has been selected as a recipient of the American Society for Public Administration’s 2021 Public Integrity Award.
Regulators Step Up Scrutiny of SPACs With New View on Warrants (Wall Street Journal) The SEC said some SPACs have improperly accounted for warrants, stepping up scrutiny of the popular vehicles.
FCC to Re-Establish 5G Network Security Advisory Panel (Bloomberg Law) The Federal Communications Commission plans to bring back an advisory group to make recommendations on improving 5G network security in the wake of the SolarWinds breach.
Litigation, Investigation, and Law Enforcement
Government signed 4 contracts to conduct cell phone espionage (Mexico News Daily) In 2019 and 2020, the federal Attorney General's office spent US $5.6 million on programs to track cell phones and collect internet use data.
Facebook faces ‘mass action’ lawsuit in Europe over 2019 breach (TechCrunch) Facebook is to be sued in Europe over the major leak of user data that dates back to 2019 but which only came to light recently after information on 533M+ accounts was found posted for free download on a hacker forum. Today Digital Rights Ireland (DRI) announced it’s commencing a “mass …
Gaps in cyber security protection? A risk of fines! (Lexology) While the German government is still wrestling with the draft of the IT Security Act 2.0 and the adaptation of the regulations regarding fines, the…
A cybersecurity expert who promoted claims of fraud in the 2020 election is leading the GOP-backed recount of millions of ballots in Arizona (Washington Post) The nearly 2.1 million ballots cast in Maricopa County, Ariz., last fall are currently packaged in 40 cardboard shrink-wrapped boxes and stacked on 45 pallets in a county facility in Phoenix known as “the vault,” due to its sophisticated security and special fire-suppression system.
Feds in N.J. charge 2 Pakistani men with creating phony IDs, allege Russian operatives were customers. (nj.com) Prosecutors said the operation had customers worldwide, including New Jersey, and attracted the attention of Russian operatives who targeted the 2106 Presidential election
