Attacks, Threats, and Vulnerabilities
Cyber directorate warns of anticipated attacks to mark Iran’s ‘Jerusalem Day’ (Times of Israel) Hackers expected to try corrupting websites with propaganda messages, hit Israeli information systems around May 7
FireEye Explains Nobelium Exploit of Active Directory Federation Services (Redmondmag) Security solutions firm FireEye on Tuesday described how Active Directory Federation Services could have been exploited to gain access to Microsoft 365 e-mails during the Nobelium ('Solorigate') attacks used for espionage purposes.
Cyberspies target military organizations with new Nebulae backdoor (BleepingComputer) A Chinese-speaking threat actor has deployed a new backdoor in multiple cyber-espionage operations spanning roughly two years and targeting military organizations from Southeast Asia.
APT actors increasingly turn to exploits to launch attacks (ITProPortal) Advanced actors have a greater focus on exploits than attacks that rely on human error.
Vulnerability Spotlight: Information disclosure vulnerability in the Linux Kernel (Cisco Talos) A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
The Sodinokibi Chronicles: A (R)Evil Cybercrime Gang Disrupting Organizations for Trade Secrets and Cash (Security Intelligence) Sodinokibi/REvil emerged in 2019 and has gained considerable momentum. See the indicators of compromise and recent evolutions of this attack.
How phishing attacks spoofing Microsoft are evading security detection (TechRepublic) The phishing emails use a Microsoft logo within an HTML table, which is not analyzed by security programs, says Inky.
Decode This: Another Obfuscated File Getting Past Scanners (Avanan) Attackers continually use obfuscated files and messages to get past traditional email scanners.
Silverfort Researchers Discover KDC Spoofing Vulnerability in F5 Big-IP (Silverfort) F5 Big-IP Application Delivery Services is a solution that delivers applications in a secure and scalable manner. One of its core components is Access Policy Manager (APM), which manages and enforces policies to ensure access is properly authenticated and authorized
Have You Been Smished? Mass Smishing Operation Targeting Mobile Users with Fake Amazon and USPS Update Messages (Menlo Security) In this blog, we’ll focus on the risk of visiting "Smishing"w links from a mobile device, and why mobile devices should be considered for a Zero Trust architecture.
Experian API Exposed Credit Scores of Most Americans (KrebsOnSecurity) Big-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned. Experian says…
Exposure of Laboratory Test Result Data Described (Wyoming Department of Health) The Wyoming Department of Health (WDH) is announcing a mistaken exposure of laboratory test result data involving the health information of thousands of Wyoming residents and others, as well as describing its plan to respond. The department became aware of a breach involving protected health information on March 10, 2021. It was discovered a workforce […]
First Horizon discloses data security breach (American Banker) The Tennessee company said an unauthorized party gained access to dozens of accounts and obtained less than $1 million from some of those accounts.
Ransomware gang leaks court and prisoner files from Illinois Attorney General Office (The Record by Recorded Future) The operators of the DopplePaymer ransomware have leaked a large collection of files from the Illinois Office of the Attorney General after negotiations have broken down and officials refused to pay a ransom demand, The Record has learned.
Hackers publish extensive dossiers on D.C. police officers in extortion attempt (NBC News) Cybercriminals seeking to extort Washington’s Metropolitan Police Department have published extensive private dossiers of five current and former officers.
Cyber-attack disrupts cancer care across U.S. (Security Info Watch) High-tech radiation treatment machines knocked offline following software breach
DigitalOcean says customer billing data accessed in data breach (TechCrunch) The data breach happened between April 9-22.
Data breach at DigitalOcean exposes customer billing profiles (Computing) The breach exposed billing names, addresses and card expiry dates, among other information
Report: Paleo Lifestyle Brand Exposes Customers to Fraud in Massive Data Breach (vpnMentor) Led by Noam Rotem, vpnMentor’s research team discovered a data breach affecting health and lifestyle brand Paleohacks.
UK rail network Merseyrail likely hit by Lockbit ransomware (BleepingComputer) UK rail network Merseyrail has confirmed a cyberattack after a ransomware gang used their email system to email employees and journalists about the attack.
The Force won’t save you from these breached passwords #StarWarsDay (Specops Software) If your colleagues are Star Wars fans, they might be at risk for breached password use. This May the 4th, the unofficial Star Wars fandom holiday, Specops...
Cyber attack warning from DfE (Cambridge Network) You may be aware the DfE has again issued a warning to schools, regarding the high levels of Cyber Attacks on schools and MATs. A recent letter from Jon Gilbert, Chief Information Security Officer, explains the increased levels of Cyber Attacks.
Security Patches, Mitigations, and Software Updates
Gamers update! Nvidia patches GPU driver kernel escalation bugs (Naked Security) Patch early, patch often. Here’s why it’s worth it.
Apple's macOS 11.3 fixes a zero-day exploit and includes M1 improvements (TechRepublic) The latest update to Apple's Big Sur includes critical security patches, which is why Cory Bohon advises upgrading your macOS devices now.
Apple Patches Zero-Day Bypass MacOS Bug (Threatpost) A variant of Mac No. 1 threat Shlayer since January already has been exploiting the vulnerability, which allows payloads to go unchecked through key OS security features.
COVID Cyber Crime: 74% of Financial Institutions Experience Significant Spike in Threats Linked To COVID-19 (BusinessWire) Financial institutions (FIs), such as banks and insurance providers, are reporting significantly increased threat levels from COVID-related cyber crim
The COVID Crime Index: What was the true cost to Financial Services and consumers? (BAE Systems) With 75% of financial institutions experiencing pandemic-related cyber crime losses, we look at how pandemic-related fraud and cyber crime delivered a new blow to FIs and consumers
Leading Industry Research Firm Identifies Greater Demand for Modern Data Protection (Zerto) Leading Industry Research Firm Identifies Greater Demand for Modern Data Protection
The State of Data Protection and Disaster Recovery Readiness: 2021 (Zerto) The value of data-driven business has never been more powerful. Hence, the demand for data availability and protection is greater than ever. Zerto sponsored a recent study by IDC and found that 60% of organizations have taken steps to be more “data driven” — implementing tools and methods to utilize data more effectively to make decisions faster and with greater accuracy and certainty.
Risks from ‘bad bots’ rising for banks (The Banker) Almost one fifth of all traffic on financial services websites last year was by bad bots, according to study.
Accenture acquires French cybersecurity firm Openminded (ZDNet) The bid is aimed at expanding Accenture’s European footprint.
Cigent Announces $7.6M Series A Funding Round; In-Q-Tel, Cyberjunction, Westwave Capital Participate (Cigent) Funding Enables Commercialization of Cybersecurity Technologies Initially Developed for Government Use
Illumio Eyes $250M Funding Round At $2.9B Valuation: Report (CRN) Illumio is looking to raise about $250 million in a Thoma Bravo-led funding round that values the cybersecurity company at about $2.9 billion, Bloomberg reported.
Vectra AI Raises $130 Million led by Blackstone Growth (BXG) (PR Newswire) Vectra AI, a leader in threat detection and response, today announced a $130 million round of funding led by funds managed by Blackstone Growth...
Why Thoma Bravo's Acquisition Of Proofpoint Is Good For Mimecast (Seeking Alpha) Proofpoint announced that Thoma Bravo will be acquiring it for $176 per share, a 34% premium to the prior day's closing price. The acquisition values Proofpoint at $12.3 billion, or ~8.7x 2022 consensus revenue.
Thoma Bravo Lacks Options with Proofpoint (Security Boulevard) The announcement that Thoma Bravo is acquiring publicly traded Proofpoint for $12.3 billion is the latest and largest private equity deal in the cybersecurity industry.
Kickfurther Raises $5.9 Million Seed Plus Funding Round Led by Paychex Founder Tom Golisano (GlobeNewswire) Kickfurther, the first crowdfunded inventory funding platform, today announced a $5.9 million Seed Plus funding round led by Grand Oaks Capital, an investment firm founded by Paychex founder Tom Golisano. The round also included previous investors Tim Draper through Draper Associates and venture capitalist Bill Tai, the first investor in Zoom and seed in Wish, Canva, and Treasure Data amongst others.
Operatix has Supported 30 Vendors on Their Path to Acquisition (PR Newswire) Operatix has helped to accelerate business growth for dozens of software vendors worldwide on their path to acquisition. Customers such as...
Securiti Positioned as a Worldwide Leader in IDC MarketScape for Data Privacy Management Software (Yahoo) IDC says Securiti is a pioneer of PrivacyOps and software that provides simple, intuitive and automated data privacy compliance functionality.
FCC Taps Ernst & Young to Handle Huawei Gear Removal Compensation (Bloomberg Law) The Federal Communications Commission has selected Ernst & Young LLP to oversee a $1.9 billion program that will reimburse carriers to replace network gear made by Huawei Technologies Co. and other foreign suppliers said to pose a national security threat.
US sanctions are starting to catch up to Huawei (Quartz) Huawei's earning report shows that sales revenue shrank for a second straight quarter after US sanctions hurt its consumer business.
Huawei takes hit from technology bans in first quarter (ComputerWeekly) Bans batter revenues at Huawei, which is bracing for more challenges but insists good times are ahead in 5G and comms software.
China's Huawei says sales down 16.5% amid US sanctions (ABC News) Embattled Chinese tech giant Huawei says its revenue fell in the first quarter of 2021 after it sold its lower-priced Honor smartphone brand but profitability improved
Collibra Named a Leader in the Inaugural IDC MarketScape: Worldwide Data Privacy Management Software Vendor Assessment (Yahoo) Collibra, the Data Intelligence company, today announced it has been named a Leader in the inaugural IDC MarketScape: Worldwide Data Privacy Management Software 2021 Vendor Assessment. Collibra was highlighted in the report for its automated data discovery and classification capabilities and persona-based UI that is configurable for governance, privacy, legal, IT and security stakeholders.
Tala welcomes Jim Routh to its Board of Advisors (Tala Security) Tala announces a new addition to its Board of Advisors.
Forcepoint Announces New Appointments to Board of Directors (PR Newswire) Forcepoint, the global leader in cybersecurity solutions that protect the critical data and networks of thousands of customers throughout the...
KELA Names David Carmiel New CEO; Promotes Nir Barak to Chairman of KELA Board (PR Newswire) KELA, the global leader in actionable threat intelligence, today appoints David Carmiel as new CEO, taking over for former CEO and founder Nir...
Synopsys Software Integrity Group Expands Channel Partner Program Under New Leadership (PR Newswire) Synopsys, Inc. (Nasdaq: SNPS) today announced it is expanding the Software Integrity Group's partner program under the leadership of Tom...
Products, Services, and Solutions
Cigent Technology Launches New Cybersecurity Solutions to Thwart Ransomware Attacks and Stop Data Theft Even After a Security Breach (Cigent) Releases Software and Storage Hardware Products Aimed at Providing File-Level Zero Trust Access and Embedded Advanced Cybersecurity to Prevent Network, Endpoint and Cloud-Based Attacks
Retailer DeinDeal Secures its API-driven E-commerce Platform with Salt Security (PR Newswire) Salt Security, the leading API security company, today announced that DeinDeal, a leading Swiss e-commerce retailer, has deployed the Salt...
Introducing Goals: Connecting team learning to on-the-job outcomes (Cybrary) Cybrary’s new Goals feature makes it easy to measure and demonstrate the impact of cybersecurity training and skills development
Code42 Incydr Delivers Innovative Detection of Browser Uploads to Combat Insider Risk (BusinessWire) Code42 enhances capabilities to Incydr for identifying insider risk related to file uploads to unsanctioned websites.
Mandiant Selects PlexTrac for its Proactive Assessment Reporting Platform (Dark Reading) Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.
Dashlane's New Essentials Plan: Because Everyone Should Have a Password Manager (PR Newswire) Dashlane today unveiled a new Essentials plan, giving people a more flexible choice when deciding their password management needs. Based on...
Tanium solves challenges for the most demanding IT environments (Business in Vancouver) Tanium’s breakthrough approach decentralizes data collection, aggregation and distribution down to the endpoint, dramatically reducing direct client-to-server communications to deliver real-time visibility, comprehensive control, and rapid response.
Cybrary Launches “Goals” to Help Leaders Translate Cybersecurity Skill Development into Meaningful Outcomes (Security Boulevard) New platform feature enables cybersecurity leaders to demonstrate the impact of their teams’ cybersecurity skill development on their organization
Cellebrite Physical Analyzer Tool Drops Full iPhone Support After High-Profile Signal Hack (Hot Hardware) Last week, the CEO of messaging app Signal got his hands on Cellebrite software, which is typically used for extracting data from mobile devices. Several security vulnerabilities were discovered with this acquisition, leading to Signal including files in its app that would corrupt all present and future data collected by the Cellebrite utility.
CrowdStrike launches integrations to advance NDR for enterprise (IT Brief) This integration with NDR partners provides mutual customers a comprehensive, holistic cybersecurity solution with enhanced visibility, streamlined detection and response and frictionless automation.
Egnyte Launches New Data Security Tools for Mid-Market IT Organizations (Homeland Security Today) Egnyte has announced new governance tools and services aimed at helping mid-market IT organizations improve their data security and compliance competence.
Finding simplicity in Cyber Threat Intelligence (Centripetal) Multi-vendor environments can be challenging, particularly when facing tightening budgets and an overworked security team. We offer a simpler solution.
Braxton-Grant Technologies Achieves ISO/IEC 20000-1:2018 Certification from NSF International Strategic Registrations (EIN News) ISO/IEC 20000-1:2018 certification demonstrates Braxton-Grant’s commitment to service management.
Alert Logic Powers Fully-Managed AWS Threat Detection and Incident Response for Mission MDR (PR Newswire) Alert Logic managed detection and response (MDR), delivering comprehensive coverage across all IT environments, is powering Mission MDR. The...
‘A Perfect Score’: SonicWall Capture ATP Aces Latest ICSA Lab Test, Finds More ‘Never-Before-Seen’ Malware Than Ever (SonicWall) SonicWall Real-Time Deep Memory Inspection™ (RTDMI) technology awarded patent by the U.S. Patent and Trademark Office MILPITAS, Calif. — APRIL 29, 2021 — After 35 days of testing and the completion of 1,741 total tests, the multi-engine SonicWall Capture Advanced Threat Protection (ATP) sandbox service, with Real-Time Deep Memory Inspection™ (RTDMI), received a perfect score …
Rackspace Technology Announces Strategic Investment in Platform9 and Launches Rackspace Managed Platform for Kubernetes (GlobeNewswire) Companies will collaborate on products, technologies, and go to market activities
Third Parties See Massive Benefits from CyberGRX Assessments with Framework Mapper (BusinessWire) CyberGRX extends Framework Mapper capability to third parties, enabling them to map CyberGRX’s assessment back to industry standards and frameworks
Technologies, Techniques, and Standards
Prime targets: Governments shouldn’t go it alone on cybersecurity (WeLiveSecurity) ESET reveals new research into activities of the LuckyMouse APT group and looks at the complex nature of the threat that APT groups pose for governments.
As Web Scraping Is on the Rise, Residential IP Providers Come into Question: Experts Advise on How to Avoid Large Scale Fraud and Use Scraping Legitimately (IPRoyal.com) Large corporations and tech-savvy SMEs are utilizing IP address hopping to boost their website performance and gain a competitive advantage in the market. While the technology helps genuine companies advance their businesses, it could be simultaneously enabling new forms of large-scale internet abuse. CEO at a residential IP provider IPRoyal comments on how to avoid […]
CISO Conversations: Raytheon and BAE Systems CISOs on Leadership, Future Threats (SecurityWeek) This issue of CISO Conversations features Jennifer Watson of Raytheon and Mary Haigh of BAE Systems, dealing with cybersecurity in the defense sector
Death of the Manual Pen-Test: Blind Spots, Limited Visibility (SecurityWeek) A survey showed that manual pen-testing still has a place in testing the security of perhaps the customer’s most important assets; but only as an addition to overall attack surface automated monitoring
New CyCognito Security Report Reveals Failures of Penetration Testing (GlobeNewswire) Research shows cost, coverage, and cadence limitations leave organizations exposed when they rely on penetration testing to assess security readiness and prevent breaches
Resilience Series Bug Bytes (CISA) Bug Bytes, the second graphic novel in CISA’s Resilience Series, communicates the dangers and risks associated with threat actors using social media and other communication platforms to spread mis-, dis-, and malinformation (MDM) for the sole purpose of planting doubt in the minds of targeted audiences to steer their opinion.
Unemployment-Benefits Fraud Has Soared in the Pandemic. Here’s What to Do. (Wall Street Journal) People should protect their Social Security number and other personal information whether they are identity-theft victims or not.
FBI, CISA warn of Russian intelligence cyberattackers in password spraying campaign: 10 tips to protect your hospital (Becker's Hospital Review) Russian Foreign Intelligence Service cyberattackers are targeting American companies to gain leverage for exploitation. To secure your hospital, the FBI, Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency recommends 10 tips for users and administrators on implementing mitigation measures.
Design and Innovation
Bruce Schneier Wants You to Make Software Better (IEEE Spectrum) Producing effective code means understanding more than just programming
MAGIC CTF-X Winners - Magic (Magic) The Capture The Flag (CTF) Event Reached Over 250 Students Worldwide
Rochester Rising: RIT is helping make Rochester a next-generation technology hub (RIT) Move over, Silicon Valley. Rochester, N.Y., can be the next great American technology hub.
Commonwealth Cyber Initiative funds $1 million in experiential learning projects for Virginia students (Virginia Tech) The projects address the cybersecurity workforce needs in such areas as autonomous systems, startups, cyber biosecurity, electrical power systems, ports, and more.
Legislation, Policy, and Regulation
Iran updates budget to allocate $71.4 million to 'cyberspace' operations (The Record by Recorded Future) The Tehran government has updated its national budget to allocate an extra $71.4 million for the cyberspace programs of two government-controlled organizations.
В РФ заявили о способности страны отследить "невидимые" кибератаки США (Interfax.ru) Реализация "невидимых" кибератак со стороны США в отношении России технологически невозможна, заявил в среду спецпредставитель президента РФ по вопросам международного сотрудничества в сфере информационной безопасности Андрей Крутских.
G7 Leaders Sign Declaration on Online Safety as U.K. Announces New Cyber Laws (Homeland Security Today) Leaders from Canada, France, Germany, Italy, Japan, the U.K., U.S. and EU have signed a declaration containing a series of shared principles on how to tackle the global challenge of online safety, including that online firms should have systems and processes in place to reduce illegal and harmful activity and prioritize the protection of children.
Cyber Security Begins Abroad (War on the Rocks) The Russian Foreign Intelligence Service’s compromise of U.S. company SolarWinds and a variety of other information technology infrastructures has been
The Missing Pieces of the US Cyber Strategy of ‘Persistent Engagement’ (The Diplomat) Washington has to take steps to square its ambitions with the differing perceptions of its Indo-Pacific partners.
Will the Public and Private Cybersecurity Sector Join Forces Against Ransomware? (SDxCentral) How much will it cost, in dollars and lives, before the public and private cybersecurity sector work together to stop ransomware attacks?
RTF Report: Combatting Ransomware (Institute for Security and Technology (IST)) A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force
New ransomware task force wants more support for victims who don’t pay (The Record by Recorded Future) A new government and industry coalition on Thursday put its weight behind a number of aggressive measures aimed at curbing ransomware.
The Cybersecurity 202: A group of industry, government and cyber experts have a big plan to disrupt the ransomware crisis (Washington Post) A task force of more than 60 experts from industry, government, nonprofits and academia is urging the U.S. government and global allies to take immediate steps to stem a growing global crisis of cyberattacks in which hackers seize computer systems and data in exchange for a ransom.
Team Cymru Contributes to Critical Recommendations for New Ransomware (PRWeb) Team Cymru, in partnership with The Ransomware Task Force (RTF), a broad coalition of over 60 experts in industry, government, law enforcement, civil society,
EXCLUSIVE Government, industry push bitcoin regulation to fight ransomware scourge (Reuters) Government and industry officials confronting an epidemic of ransomware, where hackers freeze the computers of a target and demand a payoff, are zeroing in on cryptocurrency regulation as the key to combating the scourge, sources familiar with the work of a public-private task force said.
A civilian cybersecurity reserve corps is needed for the Pentagon and DHS, lawmakers from both parties say (Defense News) A bipartisan group of lawmakers is pushing to create a civilian reserve corps of cybersecurity experts to help defend national security interests.
Expanding the role of the National Guard for effective cybersecurity (TheHill) Enhancing the National Guard’s cyber capabilities should be a key part of a national cyber strategy.
The Cybersecurity 202: Lawmakers want to create a reserve corps of cybersecurity experts to respond to the next SolarWinds (Washington Post) A bipartisan group of lawmakers wants to create a National Guard-like program to address growing cybersecurity vulnerabilities faced by the U.S. government.
White House Endorses Inclusion of Cybersecurity in Water Infrastructure Bill (Nextgov.com) A recent attempt by hackers to poison the water supply in a Florida town prompted calls for more resources.
Navy SEALs to Shift From Counterterrorism to Global Threats (SecurityWeek) The U.S. Navy is adding personnel to the SEAL platoons to beef up capabilities in cyber and electronic warfare and unmanned systems, honing their skills to collect intelligence and deceive and defeat the enemy.
Litigation, Investigation, and Law Enforcement
US government taking creative steps to counter cyberthreats (AP NEWS) An FBI operation that gave law enforcement remote access to hundreds of computers to counter a massive hack of Microsoft Exchange email server software is a tool that is likely to be deployed “judiciously” in the future as the Justice Department, aware of privacy concerns, develops a framework for its use, a top national security official said Wednesday.
France’s Macron Eyes Artificial Intelligence to Monitor Terrorism (Wall Street Journal) The French president is under intense pressure to crack down on terrorism as well as Islamist separatism, an ideology his government says fuels attacks by radicalizing segments of the country’s Muslim minority.
Government 'avoiding accountability' in WhatsApp messages (BBC News) Campaigners threaten to sue the government if it does not explain its policies on using messaging platforms.
Google Data Protection Case to be Heard in UK Supreme Court (SecurityWeek) Britain's Supreme Court will hear arguments for two days before judges decide whether the claim against Google should proceed.
Experian Credit Report Wrongly Retained Debt, Appeals Court Says (Bloomberg Law) Experian Information Solutions Inc. must face a Fair Credit Reporting Act suit because its decision initially declining to correct a Florida resident’s credit report wasn’t reasonable as a matter of law, a federal appeals court said Wednesday.
Feds Arrest an Alleged $336M Bitcoin-Laundering Kingpin (Wired) The alleged administrator of Bitcoin Fog kept the dark web service running for 10 years before the IRS caught up with him.
Signal’s epic hack of Cellebrite already already has major consequences (BGR) Encrypted instant messaging app Signal hacked security company Cellebrite a few days ago. The Signal developers showed that the app law enforcement agencies use around the world to extract informat…
7th Circ. Says Cell Info Used Legally To Find Robber (Law360) The Seventh Circuit has found that the real-time AT&T cell site location data Indiana police obtained without a warrant to locate a convicted robber and confirm his whereabouts during a spree of robberies was constitutional under the Fourth Amendment.
FCC Asked To Nix Restrictive Telemarketing Consent Caveat (Law360) Several financial and public interest groups are questioning if the Federal Communications Commission made a mistake when it handed down an order late last year that required companies to get written consent before delivering robocalls.
I'm Starting to Lose Faith in the Cyber Ninjas (Esquire) In Arizona, a farcical "audit" of the 2020 election is beginning to come unstrung.