Attacks, Threats, and Vulnerabilities
How Cyber Ops Increase the Risk of Accidental Nuclear War (Defense One) Five factors exacerbate a U.S.-Chinese security dilemma.
Facebook says Palestinian spies behind hacking campaign (Reuters) Facebook says it has disrupted a long-running cyberespionage campaign run by Palestinian intelligence which features spies posing as journalists and the deployment of a booby-trapped app for submitting human rights stories.
Facebook Says Palestinian Intelligence Used Platform to Spy on Citizens (SecurityWeek) Facebook said it had disabled accounts used by the Palestinian Authority's internal intelligence organisation to spy on journalists, human rights activists and political opponents.
Primitive Bear (Gamaredon) Targets Ukraine with Timely Themes (Anomali) Anomali Threat Research discovered a campaign targeting Ukrainian government officials with malicious files that could be repurposed to target government officials of other countries.
Nightmare week for security vendors: Now a Trend Micro bug is being exploited in the wild (The Record by Recorded Future) US-Japanese cybersecurity firm Trend Micro disclosed on Wednesday that a threat actor began using a bug in its antivirus products to gain admin rights on Windows systems as part of its attacks.
Attackers Heavily Targeting VPN Vulnerabilities (Dark Reading) Threat actors like attacking the technology because they provide a convenient entry point to enterprise networks.
Chinese Military Reported to Be Behind Japan Cyber Attacks (Insurance Journal) China's military is thought to have instructed a hacker group to conduct cyber attacks on nearly 200 Japanese research institutions and firms, public
China behind another hack as U.S. cybersecurity issues mount (NBC News) China is behind a series of hacks against key targets in the U.S. government, private companies and critical infrastructure, a cybersecurity firm said.
Suspected Chinese hackers exploited Pulse Secure VPN to compromise 'dozens' of agencies and companies in US and Europe (CNN) For months, hackers with suspected ties to China have exploited a popular workplace tool to break into government agencies, defense companies and financial institutions in the US and Europe, according to a report by the cybersecurity firm FireEye.
Chinese hackers compromise dozens of government agencies, defense contractors (Washington Post) Sophisticated Chinese government hackers are believed to have compromised dozens of U.S. government agencies, defense contractors, financial institutions and other critical sectors, according to a private cybersecurity firm working with the federal government.
At least 24 agencies run Pulse Secure software. How many were hacked is an open question. (CyberScoop) At least two-dozen U.S. federal agencies run the Pulse Connect Secure enterprise software that two advanced hacking groups have recently exploited, according to the Department of Homeland Security’s cybersecurity agency.
CISA Identifies SUPERNOVA Malware During Incident Response (CISA) From at least March 2020 through February 2021, the threat actor connected to the entity via the entity’s Pulse Secure VPN appliance (External Remote Services [T1133]). The threat actor connected via the U.S.-based residential IP addresses listed below, which allowed them to masquerade as teleworking employees.
SolarWinds: Illuminating the Hidden Patterns That Advance the Story (RiskIQ) Though the Russian espionage campaign that compromised the SolarWinds supply chain is progressing, public-facing research into the campaign seems to have stopped.
SolarWinds security chief: ‘We ran a pretty good shop’ (The Record by Recorded Future) SolarWinds’ chief information security officer defended the company’s practices and technology on Wednesday.
Turning Telegram toxic: ‘ToxicEye’ RAT is the latest to use Telegram for command & control (Check Point Software) Remote access trojan exploits Telegram communications to steal data from victims and update itself to perform additional malicious activities Research by:
When cryptography attacks – how TLS helps malware hide in plain sight (Naked Security) No IT technology feels quite as much of a double-edged sword as encryption.
In epic hack, Signal developer turns the tables on forensics firm Cellebrite (Ars Technica) Widely used forensic software can be exploited to infect investigators' computers.
Signal chief exposes poor security in Israeli firm Cellebrite's software (iTWire) An Israeli company that makes software for breaking into mobile devices including iPhones, has been publicly shamed by cryptographer Moxie Marlinspike, the creator of the Signal messaging app, who exposed poor security in the software which the company uses. But while demolishing these so-called exp...
Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer from an app's perspective (Signal) Cellebrite makes software to automate physically extracting and indexing data from mobile devices. They exist within the grey – where enterprise branding joins together with the larcenous to be called “digital intelligence.” Their customer list has included authoritarian regimes in Belarus, Russia, Venezuela, and China; death squads in Bangladesh; military juntas in Myanmar; and those seeking to abuse and oppress in Turkey, UAE, and elsewhere. A few months ago, they announced that they added Signal support to their software.
Prometei Botnet Exploiting Microsoft Exchange Vulnerabilities (Cybereason) The multi-stage cryptocurrency botnet has been observed exploiting the Microsoft Exchange vulnerabilities associated with the HAFNIUM attacks to penetrate networks...
Kaspersky reveals a new zero-day exploit in Desktop Window Manager (ITP.net) The new zero-day exploit is an escalation of privilege (EoP) exploit which allows the attackers to execute arbitrary code on a victim’s machine
AirDrop bugs expose Apple users' email addresses, phone numbers (The Record by Recorded Future) A team of academics from a German university said it discovered two vulnerabilities that can be abused to extract phone numbers and email addresses from Apple's AirDrop file transfer feature.
Kaspersky comments on Apple Quanta REvil ransomware attack (iTWire) Schematics for Apple's presumed 2021 MacBook designs, along with those of other tech companies that Quanta manufactures devices for, have been stolen in a ransomware attack by the REvil group, and a senior security researcher at Kaspersky explains what is going on. Bloomberg and many other outle...
Vulnerability in CocoaPods Dependency Manager Exposed Millions of Apps (SecurityWeek) A remote code execution flaw was discovered in the server of the CocoaPods dependency manager, which is used by more than 3 million applications.
Apple Supplier Quanta Hacked In $50M Ransomware Attack By Russian Group: Bloomberg (Yahoo) Russian ransomware group, REvil or Sodinokibi, have claimed to steal blueprints of Apple Inc’s (NASDAQ: AAPL) latest products by hacking the computer network of its supplier, Quanta Computer Inc (OTC: QUCCF) (OTC: QUCPY), Bloomberg reports.
A Clubhouse Bug Let People Lurk in Rooms Invisibly (Wired) The vulnerabilities opened the door to “ghosts” hiding in and disrupting rooms, where moderators would be unable to mute them.
(Don't) Take it to the Bank: Direct Deposit Scam Hitting Inboxes (Avanan) Hackers are leveraging direct deposit notification emails to launch credential harvesting schemes, as seen in this attack that bypassed ATP.
Kaspersky's tips on malicious video tags on social media (Manila Standard) Yesterday, some social media users reported to have been tagged in malicious videos without their permission and by people they do not know.
Enough About Data Breaches. Let's Talk About OT Security (TAG Cyber) In this roundtable discussion, two experts probe why operational technology is woefully neglected—and what can be done to change that.
Denial of Wallet -- Defining a Looming Threat to Serverless Computing (arXiv.org) Serverless computing is the latest paradigm in cloud computing, offering a framework for the development of event driven, pay-as-you-go functions in a highly scalable environment. While these traits offer a powerful new development paradigm, they have also given rise to a new form of cyber-attack known as Denial of Wallet (forced financial exhaustion). In this work, we define and identify the threat of Denial of Wallet and its potential attack patterns. Also, we demonstrate how this new form of attack can potentially circumvent existing mitigation systems developed for a similar style of attack, Denial of Service.
'Most cyber attacks on Kent businesses are from Russia and China' (Kent Online) Small businesses are most at risk of online attacks originating from eastern countries, according to a Kent cyber security expert.
Security Patches, Mitigations, and Software Updates
Oracle Delivers 390 Security Fixes With April 2021 CPU (SecurityWeek) More than 200 of the vulnerabilities patched by Oracle could be exploited remotely without authentication.
SAP Issues Cybersecurity Alert: What You Can Do To Protect Your ERP (JD Supra) Here’s how the SAP Community can mitigate the risk of a widespread cybersecurity incident involving their SAP systems.
Google Chrome Hit in Another Mysterious Zero-Day Attack (SecurityWeek) Google releases Chrome 90.0.4430.85 as an urgent fix to cover a zero-day vulnerability (CVE-2021-21224) being exploited in the wild.
Google rushes out fix for zero‑day vulnerability in Chrome (WeLiveSecurity) Google has issued an update for its Chrome web browser that fixes seven security flaws, including a zero-day bug that is known to be under active attacks.
Qualys Extends VMDR to Patch Linux Workloads (Security Boulevard) Patch Management streamlines and accelerates vulnerability remediation from a single integrated solution for Linux and Windows devices
Trends
Four years after NotPetya, cyber insurance is still catching up (CSO Online) Experts advise “terrified” insurers to better engage businesses to ensure long-term viability, and they advise businesses to track their policies closely.
Use of Stalkerware and Spyware Apps Increase by 93% since Lockdown Began in the UK (PR Newswire) Avast (LSE: AVST), a global leader in digital security and privacy products, reveals there has been a 93% increase in the use of spyware and...
New Report Finds Online Phishing and Fraud Activity Up 185% in 2020 (BusinessWire) Bolster, a deep learning-powered, next generation fraud prevention company, today released its 2021 Annual State of Phishing and Online Fraud Report.
Fraudsters Joyride as Digital Business Skyrockets (Bolster Blog) Read our hot-off-the-press 2021 State of Phishing & Online Fraud Report for the latest conditions and trends that threaten today’s digital businesses around the world.
TeamViewer Survey: Businesses Prepare for Post-Pandemic 'Hybrid' Workforce with New Policies, Tech Infrastructure (PR Newswire) A research project sponsored by TeamViewer, a global leader in secure remote connectivity solutions, found that 75% of businesses grew during...
Marketplace
Rapid7 Buys Velociraptor To Attack Incident Response Market (CRN) Rapid7 has purchased open-source technology Velociraptor to gain more expertise around endpoint monitoring, digital forensics, and incident response.
Deep Instinct Closes $100 Million Series D New Funding to Fuel Hyper-Growth (Deep Instinct) BlackRock funds lead investment as company positions itself as the next fastest-growing cybersecurity solutions provider with an aggressive growth trajectory.
Clearwater tech firm KnowBe4 launches IPO at $16 per share (Tampa Bay Times) The cybersecurity training company made its Nasdaq debut Thursday morning.
KnowBe4 Announces Pricing of Initial Public Offering (GlobeNewswire News Room) KnowBe4, Inc. ("KnowBe4"), provider of the leading security awareness platform, today announced the...
KnowBe4 IPO: what you need to know about KnowBe4 (City Index) Find out everything you should know about KnowBe4 ahead of its 2021 IPO.
JPMorgan highlights cybersecurity names that could see a boost under ESG investing (CNBC) The economic and reputational consequences of cyber attacks are rising, which could translate to more dollars spent on cybersecurity.
3 Cybersecurity Stocks to Buy Now (Entrepreneur) There is room for multiple long-term winners as the industry continues its expansion, which is why looking into some of the most promising names in cybersecurity could be a smart way to secure your financial future. Here are 3 of the best cybersecurity stocks to consider buying now:
Cognizant Recognized for Intelligent Process Automation Solutions and Leadership by Everest Group (PR Newswire) Cognizant (Nasdaq: CTSH) announced it has been highlighted as a Leader in the new Everest Group PEAK Matrix® for Intelligent Process Automation...
CyberArk Wins Red Hat North American Partner Award (Yahoo) CyberArk (NASDAQ: CYBR), the global leader in Identity Security, is proud to announce it has been named Collaboration Technology Independent Software Vendor (ISV) Partner of the Year by Red Hat, Inc., the world's leading provider of open source solutions. This award is part of the annual Red Hat North America Partner Awards, which aim to honor partners for continued efforts to support customers on the path to IT modernization and open hybrid cloud.
SentinelOne partners with WiCyS on veterans' apprenticeship program (PR Newswire) Women in CyberSecurity (WiCyS) partnered with SentinelOne to enhance its new Veterans' Apprenticeship Program. The program will give women the...
Abnormal Security Adds Fortune 500-level Security Leadership Experience with Appointment of Mike Britton as Chief Information Security Officer (BusinessWire) Abnormal Security Adds Fortune 500-level Security Leadership Experience with Appointment of Mike Britton as Chief Information Security Officer
Red Canary Adds New Executives to Expand Global Operations (Red Canary) John Turner and Rick Caccia Join from Google to Lead Sales and Marketing
Former U.S. Secretary of Defense Ash Carter Joins Tanium Board of Directors (BusinessWire) Tanium, the provider of endpoint management and security built for the world's most demanding IT environments, today announced that Ash Carter has joi
Cybersecurity Association of Maryland, Inc. Further Strengthens Board of Directors and Advisory Council (BusinessWire) The Cybersecurity Association of Maryland, Inc. welcomes new Board of Directors and Advisory Council members.
NTT Research Names Matthew Ireland Chief Information Security Officer (BusinessWire) NTT Research, Inc., a division of NTT (TYO:9432), today announced that it has named Matthew Ireland Chief Information Security Officer (CISO). Most re
Pathlock Continues Strategic Expansion with New Appointments to Executive Team (PR Newswire) Pathlock, the leading provider of unified access orchestration, today introduces several key new hires to the Pathlock team. The most recent...
Products, Services, and Solutions
One partners with Onfido for best-in-class ID document review (Onfido) One values Onfido's AI-based learning to help reduce the need for manual verification
SafeBreach Hacker’s Playbook Updated for US-CERT Alert (AA21-110A) Exploitation of Pulse Connect Secure Vulnerabilities (SafeBreach) SafeBreach Labs has updated the Hacker's Playbook™ with new attack methods for malware samples described in US-CERT Exploitation of Pulse Connect Secure Vulnerabilities which addresses multiple vulnerabilities that include two threat groups – APT5, a Chinese state-sponsored threat group and UNC2717, a yet unattributed group.
Mandiant Advantage Expands SaaS platform with New Mandiant Automated Defense Module (Dark Reading) Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.
Kemp Joins Microsoft Intelligent Security Association (AiThority) Kemp, the always-on application experience (AX) company, has joined the Microsoft Intelligent Security Association (MISA), an ecosystem
F-Secure Oyj (via Public) / F-Secure adds network security for complete three-layered consumer protection through service providers (Public) Cyber security provider F-Secure and network security provider Whalebone have announced a new partnership to deliver DNS-based protection for mobile and fixed networks through service providers as part of a complete three-layered approach to protecting consumers against the world's most advanced threats.
Gallagher Announces Global Distribution Agreement with Invixium (Invixium) Gallagher and Invixium announce that they have signed a global distribution agreement for Gallagher to resell Invixium’s innovative biometric solutions globally.
Spirent Introduces Industry’s First Subscription-Based Automated 5G Core Test Suite (Spirent) Significantly reduces service provider 5G core validation time and costs
Trend Micro Transforms Channel Program to Advance Cloud Security and Services (PR Newswire) Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in cybersecurity, today announced a major refresh of the Trend Micro partner...
Goya Foods Deploys Accedian Skylight for Microsecond Network Visibility and Future Readiness Fit (Accedian) “Accedian Skylight’s state-of-the-art sensor technology is truly unique in the industry,” said Suvajit Basu, Head of IT at Goya Foods.
IGI Cybersecurity Adds macOS Agent to its Nodeware(R) Vulnerability Management Solution (ACCESSWIRE) The Nodeware® Agent for macOS brings its improved network visibility and monitoring to the Mac world ROCHESTER, NY / ACCESSWIRE / April 22, 2021 / The creator of Nodeware vulnerability management, IGI Cybersecurity (OTC:IMCI), has built on the success of its Windows agent to provide the same level of detail and visibility in a dedicated macOS agent. The agent further enables security for macOS machines operating in remote and hybrid
Technologies, Techniques, and Standards
New Device Onboarding Standard to Secure Internet of Things (IoT) Created by FIDO Alliance (ARC Advisory Group) The FIDO Alliance announced the launch of the FIDO Device Onboard (FDO) protocol, a new, open IoT device onboarding standard that reportedly enables devices to simply and securely onboard to cloud and on-premise management platforms.
The Security Piece to the 5G Implementation Puzzle (Government CIO) CISA and DOD discussed what the U.S. needs to successfully rollout 5G.
Cyber threat intelligence sharing across auto industry eyed (FutureIoT) ASRG links up with ThreatQuotient to enable car manufacturers to share cyber threat intelligence across the automotive industry.
Building digital trust: The partnership of leadership and operations (PwC) How do tech, security, privacy and risk leaders approach stakeholder trust? The leadership and operational challenges of trust building.
Use of Defensive AI Against Cyberattacks Grows (Security Boulevard) Security leaders are increasingly turning to AI and ML-based defenses against cyberattacks as pessimism grows over the efficacy of human-based cybersecurity defense efforts.
How micro-segmentation creates an uphill battle for intruders (Help Net Security) Implementing micro-segmentation policies alongside existing security measures will greatly mitigate the risk posed by threat actors.
Space Command moves for tighter cyber integration (FCW) U.S. Space Command is standing up a dedicated joint cyber center to improve integration with U.S. Cyber Command.
Infosecurity transformation and building proactive mitigation strategies (Help Net Security) Marcos Christodonte II, CISO at Unqork, spent his career leading information security for large, complex enterprises. His focus on information security
Finding Buried Treasure in Server Message Block (SMB) (Black Hills Information Security) Service Message Block (SMB) shares can represent a significant risk to an organization. Companies often lack a realistic understanding of the exposure that SMB shares represent. Effective management typically requires a sound information management program focused on identifying where critical information resides, actively controlling access to that information, and routinely auditing permissions and access patterns.
What is ransomware? (Charity Digital) We look at the basics of ransomware and offer some important advice to ensure your charity stays protected
Design and Innovation
Swimming in data, Army and Air Force make sure they’re capturing the best info (C4ISRNET) The services are structuring themselves to give soldiers and airmen access to more data.
Research and Development
Linux bans University of Minnesota for sending buggy patches in the name of research [Update] (Neowin) Greg Kroah-Hartman, one of the heads of the Linux kernel dev team, has banned the University of Minnesota from further contributing as the latter had injected questionable patches for research.
Linux bans University of Minnesota for committing malicious code (BleepingComputer) Linux kernel project maintainers have imposed a ban on the University of Minnesota (UMN) from contributing to the open-source Linux project after a group of UMN researchers were caught submitting a series of malicious code commits, or patches that deliberately introduced security vulnerabilities in the official Linux project.
Legislation, Policy, and Regulation
Putin promises a ‘quick and tough’ Russian response for foes that interfere with its interests (AP via Pennlive) The warning during Putin’s annual state-of-the-nation address came amid a massive Russian military buildup near Ukraine.
In annual address, Putin warns Russia's foes will be sorry (abc10.com) Putin’s warning during his annual state-of-the-nation address came amid a massive Russian troop buildup near the border with Ukraine.
'We don't need to panic': US and European powers alarmed by growing 'danger' from Putin's Russia (Washington Examiner) Russian President Vladimir Putin’s crackdown on domestic dissidents and military buildup along Ukraine’s border are driving relations between Moscow and the Western powers toward a perilous inflection point, according to U.S. and European officials.
China is against cyberspace attacks, willing to cooperate with other countries: Foreign Ministry (Global Times) China is willing to cooperate with other countries to safeguard global cybersecurity and opposes any country or organization smearing China on the issue of cybersecurity in order to achieve their political goals, the Chinese Foreign Ministry said on Wednesday.
This has just become a big week for AI regulation (MIT Technology Review) The EU has unveiled its new AI rules—but an announcement from the FTC may have more teeth.
Artificial Intelligence, Facial Recognition Face Curbs in New EU Proposal (Wall Street Journal) European officials want to limit police use of facial recognition and ban the use of certain kinds of AI systems, in one of the broadest efforts yet to regulate high-stakes applications of artificial intelligence.
EU’s Proposed AI Rules Add Compliance Burden for Business Use of Facial-Recognition Technology (Wall Street Journal) European Union regulations for how businesses can use facial-recognition technology proposed Wednesday would carry bigger fines than those permitted by the bloc’s existing privacy laws.
EU’s Artificial Intelligence Regulation – Tough Tests for Smart Products (cyber/data/privacy insights) EU proposal extends product safety, data protection and cybersecurity concepts to groundbreaking AI regulation
What has happened?
The European Commission has finally published its much-anticipated proposal for a broad regulation to cover the use of artificial intelligence in the EU. This is a
UK to force tech firms to disclose device security plans amid cyber fears (CityAM) Tech firms could be forced to tell customers how long their products will receive security updates amid fears about cyber attacks.
CISA issues third emergency directive since SolarWinds (FCW) The government's cybersecurity watchdog is increasingly issuing emergency instructions to agencies for handling high-risk vulnerabilities, something analysts say reflects both CISA's stature and the environment its working in.
White House: Here's what we've learned from tackling the SolarWinds and Microsoft Exchange Server cyber incidents (ZDNet) Partnerships with private companies in dealing with aftermath of cyberattacks "sets precedent for future engagements on significant cyber incidents".
Senators seek limits on some facial-recognition use by police, energizing surveillance technology debate (Washington Post) The legislation would restrict government purchase of private databases without a warrant in one of Congress’ most ambitious attempts yet at regulating the use of controversial technologies
US Senator Mark Warner calls for urgent transatlantic cooperation on cybersecurity (POLITICO) Mark Warner said the consequences of not acting could be ‘disastrous’
House green lights new State Department cyber bureau (CyberScoop) The House of Representatives passed a bill that would carve out a State Department cyber diplomacy office to help influence cyberspace norms.
Nakasone deflects senators' invitations to seek domestic spying powers (Defense Systems) Lawmakers have continued to prod the NSA chief to request new surveillance authorities that might prevent another SolarWinds-type breach.
Companies Complain to Senators About Apple’s and Google’s App Stores (New York Times) Tile said Apple boxed out its products and then copied them. Spotify said Apple blocked it from telling customers that they could find cheaper prices outside its iPhone app. And Match Group testified that it now paid nearly $500 million a year to Apple and Google in app store fees, the dating company’s single largest expense.
We Could Use a Private-Sector-Oriented Cyber Leader (Lawfare) All three of President Biden’s picks for the top cyber positions in his administration are excellent choices. It would have been better, however, if one of them had experience more rooted in the private sector.
FTC Nominee Khan Signals Support for Aggressive Approach on Big Tech (Wall Street Journal) Lina Khan, a Big Tech critic nominated to a seat on the Federal Trade Commission, appeared on track to win confirmation after a hearing Wednesday.
Litigation, Investigation, and Law Enforcement
Nation-state hacker indictments: Do they help or hinder? (SearchSecurity) Infosec experts share their thoughts on the pros and cons of indictments against nation-state hackers, which have been on the rise recently.
WSJ News Exclusive | Ransomware Targeted by New Justice Department Task Force (Wall Street Journal) The department aims to curtail the cyberattacks with a strategy intended to make the extortion schemes less lucrative by targeting the entire digital ecosystem that supports them.
New US Justice Department team aims to disrupt ransomware operations (ZDNet) The task force will focus on dealing with the “root causes” of ransomware.
Justice Department is launching a ransomware task force (CNN) The Justice Department has created a new task force dedicated to rooting out and responding to the growing threat of ransomware, according to an agency memo obtained by CNN Business.
Court approves multimillion-dollar settlements with BMO, CIBC over data breach (Advisor's Edge) Cyberattacks in 2018 exposed the data of thousands of bank clients
Zendesk Investors Appeal Dismissal of Data Breach Allegations (Bloomberg Law) Zendesk Inc. investors want the Ninth Circuit to give them another chance at a would-be class suit accusing the company of misleading them about a three-year data breach, they told a federal judge in California.