Attacks, Threats, and Vulnerabilities
Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts
Ghostwriter Influence Activity (FireEye) New evidence allows us to assess that UNC1151, a suspected state-sponsored cyber espionage actor, conducts at least some components of Ghostwriter influence activity.
New Nebulae Backdoor Linked with the NAIKON Group (Bitdefender Labs) DLL hijacking is a malware execution technique that hardly needs any introduction. But while spotting DLL hijacking vulnerabilities would get mots security researchers bounty or a mention in a hall of fame, our investigation of sideloading techniques in several vulnerable applications led to the...
FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon (Proofpoint) After a brief dip in activity in early March 2021, which is attributed to arrests made by Spanish authorities,[i][ii] the FluBot Android malware has picked back up, spreading throughout various countries in Europe via its SMS package delivery scheme.
Panorays Research Finds Top Supply Chain Cyber Gap (Panorays) Panorays announced new research about third-party cyber gaps and released an innovative vendor security questionnaire functionality.
Spotting malicious Excel4 macros (ReversingLabs) Relying on legacy functionalities comes with inherent security risks
Microsoft Weighs Fixes to Code-Sharing Plan After Suspected Leak (Bloomberg) Huge hacking campaign followed tip off to select customers. Chinese companies focus of inquiry into sources of leak.
Report: Software Companies Exposed to Hacking in Major Data Breach (vpnMentor) Led by Noam Rotem, vpnMentor’s research team recently uncovered a data breach exposing sensitive internal data, which may presumably be owned by one of the biggest companies in
Email Security - Report Microsoft Table Logo Phishing Attacks (INKY) In January 2021, we began to see a new phishing technique that featured cleverly constructed emails infused with an HTML table impersonating the Microsoft logo. This report talks more about this type of attack.
Vulnerabilities in Eaton Product Can Allow Hackers to Disrupt Power Supply (SecurityWeek) Eaton has released updates for its Intelligent Power Manager (IPM) software to address several serious vulnerabilities, including ones that researchers say could allow hackers to disrupt power supply.
Ransomware gang targets Microsoft SharePoint servers (The Record by Recorded Future) Microsoft SharePoint servers have now joined the list of network devices being abused as an entry vector into corporate networks by ransomware gangs.
Two million database servers are currently exposed across cloud providers (The Record by Recorded Future) Censys said it scanned for MySQL, Postgres, Redis, MSSQL, MongoDB, Elasticsearch, Memcached, and Oracle databases and found that almost 60% of all exposed servers were MySQL databases, which accounted for 1.15 million of the total 1.93 million exposed DBs.
More than 5.6 Million records with Reverb sellers details leaked online (LinkedIn) On April 5th, 2021, I have discovered an unprotected Elasticsearch server (I just realized that this is the most common intro I've been writing for my recent articles) with more than 5.6M records containing: full name email phone number address Paypal email listing/order information At first, it was
Is Roblox secure? Static analysis reveals subpar security practices on Roblox Android app (CyberNews) Roblox appears to have numerous potential security issues on Android that could put the platform and its players at risk.
Google Promised Its Contact Tracing App Was Completely Private—But It Wasn’t (The Markup) Researchers say hundreds of preinstalled apps can access a log found on Android devices where sensitive contact tracing information is stored
Ransomware Attack Vectors shift as New Software Vulnerability Exploits Abound (Coveware) Ransomware attacks continued to proliferate in Q1 2021 as several common but unpatched software vulnerabilities created a fresh supply of compromised network access to ransomware affiliates.
Please Confirm: Payment Notice Gone Awry (Avanan) Avanan researchers uncovered an attack whereby a payment confirmation isn't what it seems.
Ransomware: don’t expect a full recovery, however much you pay (Naked Security) Turns out the ransomware crooks aren’t that good at keeping their promises…
Cyber attack disrupts cancer care (Atlanta Journal Constitution) A company with U.S. headquarters in Georgia was the target of a cyberattack that disrupted treatment at 42 health care sites nationwide, including an Atlanta hospital.
Security Patches, Mitigations, and Software Updates
NHS app to act as Covid passport for international travel, flaws emerge in Google track and trace API (Computing) Transport secretary reveals plans to open up international travel while Google says it will patch the contact tracing flaw
GitHub blocks Google FLoC tracking (BleepingComputer) GitHub has announced rolling out a mysterious HTTP header on all GitHub Pages sites to block Google FLoC tracking.
Trends
Is CISA’s third cyber emergency directive in five months a sign that things are getting worse? (Federal News Network) The Cybersecurity and Infrastructure Security Agency required agencies to take action against a major problem with the virtual private network software from Pulse Secure.
The Annual Remote Work Report by GitLab: There’s a New Status Quo (GitLab) Data reveals that developers can provision their own environments, sign of shifting responsibilities
Execs Are Under Siege As Hackers Target The Video Game Industry (BlackCloak) According to the Verizon DBIR, C-Suite executives are 12 times more likely to be targeted. And, that targeting extends to their personal lives.
Marketplace
AccuKnox Secures $4.6M in Seed Funding to Meet Growing Demand for Zero-Trust Kubernetes Security Solutions (PR Newswire) AccuKnox, formed in partnership with SRI (Stanford Research Institute), today announced that it has closed an over-subscribed $4.6 million seed...
Endpoint Management Firm Automox Raises $110 Million (SecurityWeek) Cyber hygiene and patch management company Automox has raised $110 million in a Series C funding round
VISO Trust Raises $3M Seed Round to Deliver Automated Third Party Cyber Due Diligence at the Speed of Business (PR Newswire) Today, VISO Trust announced that it has raised $3M in Seed funding to automate third party cyber due diligence with an AI-driven social due...
Akeyless Reimagines Cloud Security, Raises $14M Series A (PRWeb) Akeyless, the secrets management company, today announced it has secured a $14 million Series A round of financing led by Team8 and with parti
Sysdig’s Valuation Hits $1.19B After $188M Series F (Crunchbase News) San Francisco-based Sysdig raised a $188 million Series F at a $1.19 billion valuation as developer and container security remains hot among investors.
Thoma Bravo in talks to fund Sunnyvale cybersecurity unicorn Illumio at $2.9B valuation (Silicon Valley Business Journal) Illumio Inc. is reportedly in talks to raise about $250 million in a funding that would boost its valuation to about $2.9 billion.
Thoma Bravo in Talks to Back Illumio at $2.9 Billion Value (Bloomberg) Cybersecurity startup is looking to raise about $250 million. Startup counts Morgan Stanley, BNP Paribas among its clients.
Proofpoint Shares Rise on Thoma Bravo Takeover Deal (Wall Street Journal) Shares of Proofpoint Inc. rose more than 30% on Monday after the cybersecurity and compliance company agreed to be taken private by Thoma Bravo in an all-cash deal valued at about $12.3 billion.
BitTitan Acquires Perspectium, Expands Portfolio to Address Growing Market Demand for IT Transformation Solutions (BusinessWire) BitTitan® has entered into an agreement to acquire Perspectium, the global innovator in packaged integration processes for ServiceNow® customers.
CACI bags $447M contract by National Security Agency (SeekingAlpha) CACI has been awarded a five-year single award contract, with a ceiling value of $447M, by the National Security Agency to provide process and mission technology.
FireEye CEO: ‘We’ve Never Been More Relevant Or More Needed’ (CRN) The increased weaponization of zero-day vulnerabilities has resulted in unprecedented demand for FireEye’s threat intelligence and expertise, according to CEO Kevin Mandia.
Inside the Mind of a Cybersecurity Professional: Part 1 (IGI) Hiring a cybersecurity team is about finding the right partner to help meet your security goals.
Army seeking architect for fifth building for Fort Meade east campus (Baltimore Sun) Construction for the future headquarters of the U.S. Cyber Command and the National Security Agency continues with plans for a fifth building expected to hold up to 4,000 people.
Strategic Advisors Help to Drive Licel's Ambitious Growth Targets (PR Newswire) Licel is pleased to announce that it has appointed the experienced cybersecurity business advisor, Andy Williams, to its Advisory Board....
Infrascale Names Sarah Hamilton Senior Vice President, Marketing - Infrascale (Infrascale) Infrascale, a cloud-based data protection company providing industry-leading backup and disaster recovery solutions, today announced the appointment of Sarah Hamilton as Senior Vice President, Marketing. Hamilton brings more than 20 years of experience to Infrascale, having held key positions at companies including Sungard Availability Services, RSA, FireMon, and Dell EMC.
Guardicore Appoints Nick Baglin as VP of EMEA Sales (BusinessWire) Company Adds Proven Leadership in EMEA Region to Accelerate Record Growth on Global Scale
Products, Services, and Solutions
Symantec Endpoint Shines in the 2020 MITRE Engenuity ATT&CK® Evaluations (Symantec) Finding breaches is good but preventing them is critical
Cybersecurity Protection for Smart City of Aurora, IL (eSentire) eSentire and Data Defenders partner to provide cost-saving, powerful MDR services to protect the Smart City of Aurora, IL from cyberattacks.
Fidelis Detects Adversary Tactics & Techniques Early and Often Across All Stages of the Attack Lifecycle in MITRE Engenuity’s 2020 ATT&CK® Evaluation (Fidelis Cybersecurity) The MITRE Engenuity ATT&CK 2020 evaluation showed Fidelis Endpoint EDR detected simulated Carbanak and Fin7 cyber crime attacks early
Attivo Networks’® EDN Solution Integrates with SentinelOne Singularity XDR to Deliver Protection Against Credential-Based Attacks (BusinessWire) Attivo Networks’® EDN Solution Integrates with SentinelOne Singularity XDR to Deliver Protection Against Credential-Based Attacks
Tala Security Integrates with Fastly’s Compute@Edge Platform to Deliver High-Performance, Automated Implementation of its Data Security and Privacy Platforms (GlobeNewswire) Starting today, Tala Security customers can integrate with Fastly to leverage the full capabilities of Tala Protect and Tala Detect products to provide the actionable insights needed to immediately address data leakage and vulnerabilities using Fastly’s Compute@Edge serverless compute offering.
Pluribus Netvisor® ONE R6.1 Delivers Innovations in Data Center Fabric Scalability, Services and Automation and Expands Portfolio of Disaggregated Switches - Pluribus Networks (Pluribus Networks) Enhancements within Netvisor ONE and the Adaptive Cloud Fabric™ Resonate with Customers, Supporting Larger, Seamlessly Interconnected Fabrics and a Dynamic Packet Broker Solution
Intel SGX Protects German Electronic Patient Records (Intel) Intel Software Guard Extensions is government-verified technology to help secure sensitive patient and health information in Germany.
Adobe Releases Open Source Anomaly Detection Tool "OSAS" (SecurityWeek) Adobe’s OSAS security intelligence toolset is meant to reduce data sparsity through introducing a new approach to data processing.
Tanium Helps Protect The University of Salford From Surge of Cyberattacks (Business Manchester) Tanium, the provider of endpoint management and security built for the world’s most demanding IT environments, today announced that the University of Salford has used the Tanium Platform to strengthen its defence against a surge of cyberattacks targeting the education sector. Tanium worked with the university to help it overcome several challenges that have emerged […]
Dashlane's New Essentials Plan: Because Everyone Should Have a Password Manager (WFMZ) Dashlane today unveiled a new Essentials plan, giving people a more flexible choice when deciding their password management needs. Based on feedback from
Egnyte Democratizes Data Security for the Mid-Sized Enterprise (PRWeb) Egnyte, the unified content security, compliance, and collaboration solution for multicloud businesses, today announced new governance tools and servi
Kasten by Veeam Launches Kasten K10 v4.0 (Kasten) New Kasten K10 v4.0, the Industry’s First Kubernetes Native Ransomware Data Protection Solution, provides immutability against ransomware attacks and more!
Technologies, Techniques, and Standards
CISA, NIST Provide New Resource on Software Supply Chain Attacks (SecurityWeek) CISA and NIST provide information on software supply chain attacks, the associated risks, and how organizations can mitigate them.
Defending Against Software Supply Chain Attacks (CISA) A software supply chain attack occurs when a cyber threat actor infiltrates a software vendor’s network and employs malicious code to compromise the software before the vendor sends it to their customers.
Supply Chain Integrity Month (CISA) April is National Supply Chain Integrity Month.
A new day for .gov (DotGov) .gov is the top-level domain for U.S.-based government organizations.
US Air Force Adopts Zero Trust to Secure Flightline Operations (SecurityWeek) Xage Security has have been awarded a contract by the Air Force Research Lab to digitize and secure flightline maintenance operations by leveraging zero trust principles,
Double Trouble – the Threat of Double Extortion Ransomware and How Your Organization Can Protect Itself - Check Point Software (Check Point Software) By the time you have finished reading this sentence, an organization somewhere in the world will have fallen victim to a ransomware attack and had at
Academia
CYBER.ORG Launches K-12 HBCU Feeder Program to Grow and Diversify the National Cybersecurity Workforce (BusinessWire) CYBER.ORG today announced the kickoff of a new pilot program created to recruit a diverse body of K-12 students to pursue undergraduate cybersecurity
Legislation, Policy, and Regulation
Russian defense chief scoffs at Western warnings on Ukraine (Military Times) Defense Minister Sergei Shoigu said Moscow was closely monitoring the deployment of U.S. troops and weapons in Europe as part of NATO’s Defender Europe 2021 drills.
US SolarWinds Response Unlikely to Change Russia’s Behavior, Highlights Need for Improved Cyber Defense (Russia Matters) The United States has unveiled its overt response to Russia’s SolarWinds cyber operation—the expulsion of 10 Russian Embassy personnel from Washington, along with new sanctions on Russian sovereign debt and on Russian IT firms that support Moscow’s cyber intelligence operations. A “unseen” response promised by national security adviser Jake Sullivan, presumably cyber operations against Russian intelligence networks, has yet to publicly manifest. In response, Russia has denounced the “illegal” sanctions and predictably expelled 10 U.S. diplomats from Moscow.
GCHQ: Cyber investment a guarantor of UK’s global status (ComputerWeekly) GCHQ director Jeremy Fleming sets out a vision for the UK’s cyber security future.
Technologie – «L’Europe creuse son retard dans le domaine digital» (Tribune de Genève) Ancien directeur R&D chez Bobst, Alexandre Pauchard a repris en janvier les rênes du CSEM, à Neuchâtel. Il livre son constat sur certains enjeux importants liés à la recherche et l’industrie.
Analysis | The Cybersecurity 202: Lawmakers want to create a reserve corps of cybersecurity experts to respond to the next SolarWinds (Washington Post) The reserve would provide backup talent to the Department of Defense and Department of Homeland Security.
Portman, Peters Debut Bill to Create $20M Cyber Incident Response Fund (Meritalk) Sens. Rob Portman, R-Ohio, and Gary Peters, D-Mich., introduced the Cyber Response and Recovery Act, which would authorize $20 million of spending to support Federal and non-Federal entities impacted by major cyber events, according to an April 23 press release.
‘Mandatory’ Cyber Info Sharing Bill Coming, Says Senate Intel Chair Warner (Breaking Defense) "My hope is that we can create this structure... to get an early warning system," the Senate Intel Committee chair said. "Voluntary sharing is no longer effective."
Senator Pitches Hack Reporting Requirements to Business Group (Wall Street Journal) Sen. Mark Warner said he is crafting legislation that would compel federal contractors and other businesses seen as critical to national security to share information about ongoing threats with federal officials.
Lawmakers start a push for new breach notification rules after SolarWinds attack (The Record by Recorded Future) “There was a ‘holy heck’ moment with SolarWinds,” Sen. Mark Warner told members of the U.S. Chamber of Commerce on Tuesday.
House Solarium Commission Members Press for More CISA Funding (Nextgov.com) “Congress was right to give the agency new authorities that allow it to better defend our interests in cyberspace, but without requisite funding, we’re setting CISA up for failure," the lawmakers wrote.
U.S. FCC commissioner urges tougher steps on China's Huawei, ZTE (ETTelecom.com) The FCC last year adopted rules requiring U.S. telecom carriers to remove and replace equipment produced by Huawei or ZTE if purchased using an $8.3 b..
FCC explores ‘additional consequences’ for banned IT vendors to secure supply chains (Federal News Network) The Federal Communications Commission is taking further steps to prohibit blacklisted Chinese IT vendors from doing business with U.S. telecommunications providers.
FCC Might Extend Security Crackdowns To Consumer Devices (Law360) The Federal Communications Commission's acting chairwoman is mulling whether to make foreign-made electronic devices ineligible for U.S. certification and sales if they pose security risks to end users, while FCC Republicans say they'd be on board with the plan.
Litigation, Investigation, and Law Enforcement
‘The next great financial crisis could come from a cyber attack:’ DFS releases report on SolarWinds Attack (Inform NY) The New York State Department of Financial Services released a report on Tuesday regarding the investigation of the New York’s financial services industry’s response to the supply chain attack of the information technology company SolarWinds.
FBI shares 4 million email addresses used by Emotet with Have I Been Pwned (BleepingComputer) Millions of email addresses collected by Emotet botnet for malware distribution campaigns have been shared by the Federal Bureau of Investigation (FBI) as part of the agency's effort to clean infected computers.
European police hope Google ads will steer teenagers away from a life of hacking (CyberScoop) In a series of new programs launching this year, European authorities are working to intervene with teen hackers before they break the law.
Project Jengo Redux: Cloudflare’s Prior Art Search Bounty Returns (The Cloudflare Blog) On March 15th, 2021, Cloudflare was sued by a patent troll called Sable Networks. Today, we are launching our efforts to fight back.
Lawyer Asks For New Trial After Cellebrite Vulnerability Discovery (Vice) The moves comes after the founder of Signal discussed the security issues in their own blog post.
Signal's Cellebrite Hack Is Already Causing Grief for the Law (Gizmodo) A Maryland defense attorney has decided to challenge the conviction of one of his clients after it was recently discovered that the phone cracking product used in the case, produced by digital forensics firm Cellebrite, has severe cybersecurity flaws that could make it vulnerable to hacking.
CPJ joins letter urging NSO to act on commitments to curb spyware abuse (Committee to Protect Journalists) The Committee to Protect Journalists and seven other civil society groups today co-signed an open letter asking the Israel-based NSO Group company to deliver on its commitments to improve transparency about sales of its advanced spyware, and due diligence to protect human rights. Research by CPJ and other organizations indicates that the company’s Pegasus product...
Robinhood's Bid To Toss Hacking Suit Meets Skeptical Judge (Law360) A California federal judge said Tuesday she's unlikely to toss a lawsuit accusing the stock-trading platform Robinhood of failing to adequately protect users' accounts from hackers, despite Robinhood's arguments that there was no data breach and that users, not the brokerage, failed to secure their accounts.
Russia fines Apple $12 mln for alleged app market abuse (Reuters) Russia said it had fined Apple $12 million for alleged abuse of its dominance in the mobile applications market, in the latest dispute between Moscow and a Western technology firm.
Deloitte wins second shot at HUD cyber contract (Washington Technology) Deloitte gets another shot at a cybersecurity contract with the Housing and Urban Development Department after a competitor used the wrong labor categories.
Apple Thinks That India’s Largest Android Game Store Is Also the Most Dangerous (IGN India) In the ongoing Apple versus Epic lawsuit, the iPhone company’s expert witness claims India’s most popular Android app store for games isn’t Google Play.
Facebook and Google are failing to take action against fake adverts (Computing) Two in five victims of online scam adverts do not report the scam to hosting platforms
GCSD works with FBI to investigate cyber attack (The Altamont Enterprise) “Our community can rest assured that we are taking all appropriate precautions to restore our systems in a safe and secure manner and we will be incorporating additional technologies into our cybersecurity program as we move forward,” said Guilderland Superintendent Marie Wiles.