Attacks, Threats, and Vulnerabilities
Russian 'Evil Corp' Cybercriminals Possibly Evolved Into Cyberspies (SecurityWeek) The infamous cybercrime organization known as Evil Corp may be running cyberespionage operations on behalf of a Russian intelligence agency
Are The Notorious Cyber Criminals Evil Corp Actually Russian Spies? (TRUESEC Blog) Truesec has documented how Russian ransomware gangs profit from being left alone by Russian law enforcement, but connections seem to go even deeper.
US spy agencies review software suppliers' ties to Russia following SolarWinds hack (CyberScoop) U.S. intelligence agencies have begun a review of supply chain risks emanating from Russia in light of the far-reaching hacking campaign that exploited software made by SolarWinds and other vendors, a top Justice Department official said Thursday.
CISA has a better understanding of critical software post-SolarWinds hack (FedScoop) Following the SolarWinds hack, the Cybersecurity and Infrastructure Security Agency believes it has developed a better understanding of critical software across government. CISA’s National Risk Management Center has spent the four months since the hack was discovered determining the risks such software poses to national critical functions and developing tools to mitigate the threat, said […]
Bob Kolasky: CISA Gains Insight Into 2020’s SolarWinds Cyber Attack (Executive Gov) Bob Kolasky, assistant director of the Cybersecurity and Infrastructure Security Agency's (CISA)
AI consumes a lot of energy. Hackers could make it consume more. (MIT Technology Review) The latest generation of neural networks are vulnerable to a new kind of attack that makes them use too much energy.
CISA Publishes Analysis on New 'FiveHands' Ransomware (Dark Reading) Attackers used publicly available tools, FiveHands ransomware, and SombRAT to successfully target an organization, officials report.
FiveHands Ransomware (CISA) Initial Access
The initial access vector was a zero-day vulnerability in a virtual private network (VPN) product (Exploit Public-Facing Application [T1190]).
Pingback: Backdoor At The End Of The ICMP Tunnel (Trustwave) In this post, we analyze a piece of malware that we encountered during a recent breach investigation. What caught our attention was how the malware achieved persistence, how it used ICMP tunneling for its backdoor communications, and how it operated with different modes to increase its chances of a successful attack.
Qualys researchers uncover 21 bugs in Exim mail servers (CyberScoop) Qualys researchers have found 21 vulnerabilities in Exim that would allow hackers to run remote code execution against targets.
Qualcomm Modem Chip Flaw Exploitable From Android: Researchers (SecurityWeek) A vulnerability (CVE-2020-11292) in Qualcomm’s Mobile Station Modem (MSM) chip– installed in around 30% of the world’s mobile devices – can be exploited from within Android.
Intel, AMD Dispute Findings on Chip Vulnerabilities (BankInfo Security) Intel and AMD are disputing the findings of researchers from two universities who say they've discovered new attacks on Intel and AMD processors that can bypass
Popular routers found vulnerable to hacker attacks (WeLiveSecurity) Millions of Brits use Wi-Fi routers that contain various security flaws and may put them at risk of cyberattacks, an investigation by British consumer watchdog Which? has found.
Ryuk ransomware finds foothold in bio research institute through student who wouldn’t pay for software (ZDNet) The incident started with a student who didn't want to pay for a license and ended with the loss of research.
Attackers Seek New Strategies to Improve Macros' Effectiveness (Dark Reading) The ubiquity of Microsoft Office document formats means attackers will continue to use them to spread malware and infect systems.
Scripps Health Ongoing Cyber Attack Wreaks Havoc With Appointments, Services (KPBS Public Media) The security breach was first reported on Saturday and it is unclear when online services could be restored for one of the regions largest health care providers.
Potential impact of Scripps cyberattack (Yahoo) Ted Harrington, executive partner of Independent Security Evaluators, talks to ABC 10News about the effects of the weekend cyberattack of Scripps Health.
Facebook Dating Service Issues (Avast) Facebook is piloting a new video speed dating service that will connect people for virtual “dates.” Before jumping on the bandwagon, there are several privacy concerns you should take into consideration.
Cyber security experts warn over online wine scams (Decanter) A cyber security report by two US-based specialists has highlighted a rise in 'malicious' wine-themed domain names during the Covid-19 lockdown.
DMV warns customers of phishing scam (Los Altos Town Crier) In a press release issued last month, DMV officials said they have heard from multiple customers who have received a text message stating, “Our records indicate that your contact information must be updated for REAL ID compliance. Provide an up-to-date mailing address and phone number.” When c
Security Patches, Mitigations, and Software Updates
Fix for critical Qualcomm chip flaw is making its way to Android devices (Ars Technica) Higher-end devices made by Google, Samsung, LG, Xiaomi, and OnePlus are affected.
Firefox for Android gets critical update to block cookie-stealing hole (Naked Security) This browser update is for everyone, but it’s for Android users particularly.
Google to Automatically Enable Two-Step Verification for Some Accounts (SecurityWeek) Google wants to automatically enroll some accounts in two-step verification (2SV) — ones that are “appropriately configured.”
Google Wants to Make Everyone Use Two Factor Authentication (Vice) The company is making some changes to encourage more people to adopt a key digital security mechanism.
Google Play’s app listings will require privacy info next year, just like the App Store (The Verge) Giving users info on data collected, and how it’s used.
Dell security flaw from 2009 affects 'hundreds of millions' of PCs: How to fix it (PCWorld) Newly discovered security vulnerabilities put Dell PCs going back to 2009 at risk, but there are steps you can take to fix them.
Multiple RTOS (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendors: Multiple
Equipment: Multiple
Vulnerabilities: Integer Overflow or Wraparound
CISA is aware of a public report, known as “BadAlloc” that details vulnerabilities found in multiple real-time operating systems (RTOS) and supporting libraries.
Open Design Alliance Drawings SDK (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Open Design Alliance
Equipment: Drawings SDK
--------- Begin Update A Part 1 of 3 ---------
Trends
Datadobi Points to Research Highlighting the Impact of Data Growth on Storage Management (BusinessWire) Datadobi today released a new report by 451 Research which reveals the major impact that data growth is having on storage management.
Americans Have Real Concerns for Vaccine Passport Privacy (NordVPN) Over one third (35%) of Americans would prefer a chip to a vaccine passport.
Class Is In Session With Dashlane's "Worst Password Awards" (PR Newswire) Ahead of World Password Day, Dashlane shares its first-ever, mid-year Worst Password Awards—a reminder of how easy it is to make a password...
A crisis in third-party remote access security | SecureLink (SecureLink) Download the 2021 Ponemon Institute Report sponsored by SecureLink.
Users Are Getting More Privacy Conscious. Is That Enough? (Built In) At a panel discussion for EFF’s 30-year anniversary, Edward Snowden and others examined the state of surveillance and privacy in 2021.
Marketplace
Fast-Growing Data Security Company Dasera Closes $6 Million in Seed Funding (Yahoo) Data security company Dasera today announced $6 million in seed funding to accelerate sales and product development. This takes the total capital raised to $9 million. The round was led by Sierra Ventures, with participation from Saama Capital, One Way Ventures, Sand Hill Angels, and prominent security professionals and angels including Mark Weatherford and Andy Chou.
Forcepoint Acquires Remote Browser Isolation Innovator Cyberinc (PR Newswire) Forcepoint, a global leader in data-first cybersecurity solutions that protect critical information and networks for thousands of customers...
Databarracks acquires 4sl (RealWire) Business Continuity and IT Disaster Recovery specialist acquires enterprise backup expert 4sl
Databarracks has acquired 4sl for an undisclosed sum, to create a combined company with 75 staff, including 50 data protection experts
Exclusive: Cyber firm ThreatLocker raises VC, plans to quadruple staff (BusinessWire) The company has doubled its staff since October 2020.
Huntress Funding Signals Accelerating MDR, MSP Security Momentum (MSSP Alert) Huntress series B funding, led by JMI Equity, reinforces MDR (managed detection and response) momentum with MSPs that provide SMB security services.
ForgeRock IPO Expected In 2021 With Valuation Of Over $3B: Report (CRN) ForgeRock is putting together an initial public offering that could value the digital identity vendor at $3 billion to $4 billion, or possibly higher, Bloomberg reported.
Darktrace IPO reflects strong product offering, but challenges remain (The Armchair Trader) Shares in Darktrace, the AI cyber defence company shot up around 40% when listed last week, but who are they and do they deserve the hype?
Auth0 CEO Eugenio Pace on the $6.5 billion deal with Okta and his advice for entrepreneurs (GeekWire) Okta's giant $6.5 billion acquisition of Seattle-area startup Auth0 officially closed on Monday. But for Eugenio Pace, the major milestone is just another marker — albeit a lucrative one — in the…
Cybercrime: Insurance giant to stop covering French ransomware payouts (euronews) One of the five biggest insurance companies in Europe will stop writing policies that cover extortion by cybercriminals in France, the second worst-hit country by ransomware in the world.
Microsoft Says It Will Let EU Customers Keep Data Inside Bloc (Law360) Microsoft committed Thursday to allowing businesses and government entities that use its cloud services in the European Union to store all of their data locally, amid lingering uncertainties about how to legally transfer data outside the bloc.
Zentry Security Poised to Dominate Zero Trust Remote Access for SMEs with Strong Funding Support, Expanded Product Capabilities and Key Leadership Team Appointments (GlobeNewswire) Zentry Security, an emerging cybersecurity company offering Zero Trust remote access solutions for small and medium-sized enterprises (SMEs), today announced new cloud capabilities for its Zentry Trusted Access product and the appointment of seasoned security technology executives to the leadership team.
Barracuda Named A Leader in Enterprise Email Security (PR Newswire) Barracuda, a leading provider for cloud-enabled security solutions, today announced that it has been named a Leader in "The Forrester WaveTM:...
KnowBe4 Selected as an Excellence Award Winner for the SC Awards 2021 (Yahoo) KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced that it is the winner in the Best IT Security-Related Training Program category for the SC Awards 2021.
Avast opens arms to channel partners (MicroscopeUK) Security player is keen to expand its partner numbers and build on the momentum stirred by the signing of Westcoast earlier this year.
Bugcrowd Welcomes New CI&SO and CMO, Strengthening Mission to Secure Customers’ Innovation Sooner Amid Intense Digital Transformation (Bugcrowd) Industry leaders to support and drive security best practices, rapid-fire innovation and platform growth SAN FRANCISCO – May 6, 2021 – Bugcrowd, the industry-le
Sumo Logic CEO Ramin Sayar Joins Tessian’s Board of Directors (RealWire) Human Layer Security company Tessian today announces that Ramin Sayar, President and CEO of Sumo Logic, has joined its Board of Directors.
Goodwin Creates Chief Information Security Officer Role with the Appointment of Scott Kopcha (Goodwin Law) Global law firm Goodwin announced today the creation of a Chief Information Security Officer (CISO) position, and the appointment of Scott Kopcha to the role. As CISO, Kopcha, who previously served as the firm’s Managing Director of Information Security, will oversee all aspects of the firm’s global information security strategy, architecture, governance, and risk mitigation as CISO.
Bishop Fox Appoints IT Operations Veteran as Associate Vice President of Consulting Managed Services (GlobeNewswire) Tony Needler to Drive Excellence and Expand the Company’s Leading Strategic Programs
Tanium Appoints Marc Levine as Chief Financial Officer (BusinessWire) Tanium announced the appointment of Marc Levine as Chief Financial Officer. Levine will lead Tanium’s global finance organization.
Qualys Names Allan Peters Chief Revenue Officer (PR Newswire) Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of disruptive cloud-based IT, security and compliance solutions, today announced...
OPSWAT Appoints New Executives to Accelerate Global Growth (PR Newswire) OPSWAT, the leader in Critical Infrastructure Protection (CIP) cybersecurity solutions, announced it has added two new key hires: Chief...
Products, Services, and Solutions
New infosec products of the week: May 7, 2021 (Help Net Security) The featured products include: Panorays, FireEye, Mandiant, Trend Micro, Trilio, QOMPLX, Yubico, DigiCert, Semperis, IBM Security.
Malwarebytes Partners with Digitunity to provide Cyberprotection to Vulnerable Communities (PR Newswire) MalwarebytesTM, a global leader in real-time cyberprotection for people and organizations, and Digitunity, a national nonprofit organization...
Contrast Security Adds Go Language Support for Industry's First Interactive Application Security Analyzer (PR Newswire) Contrast Security today announced the addition of the Contrast Go agent to the Contrast Application Security Platform — the industry's most...
WM Motor Chooses BlackBerry QNX to Power Its W6 All-Electric SUV (PR Newswire) BlackBerry Limited (NYSE: BB; TSX: BB) today announced that Chinese electric carmaker WM Motor has selected its QNX® Neutrino® Realtime...
IBM Security announces new ways for customers to adopt a zero trust approach (TechRepublic) In addition to new blueprints, IBM Security also announced a partnership with the cloud and network security provider Zscaler.
NetSTAR Announces Availability of inSITE Threat Intelligence 2.0 (PR Newswire) NetSTAR, the global leader in OEM integrated solutions for internet categorization and threat intelligence, announced today the global...
Cybersixgill Darkfeed Now Certified in the ServiceNow Store (PR Newswire) Cybersixgill, the leader in threat intelligence enablement, today announced that Darkfeed, its automated indicator of compromise (IOC)...
KnowBe4 Launches Artificial Intelligence-Driven Phishing Feature (PR Newswire) KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced a new feature –...
McAfee offers cloud-delivered security solutions on the Ingram Micro Cloud Marketplace (Help Net Security) McAfee Device-to-Cloud suites are available globally for Ingram Micro’s channel partners via the Ingram Micro Cloud Marketplace.
Sophos Launches Industry’s Only XDR Solution that Synchronizes Native Endpoint, Server, Firewall, and Email Security (GlobeNewswire) Sophos XDR Extends New EDR Capabilities Across Next-Generation Cybersecurity Solutions, Creating the Most Comprehensive and Integrated Threat Detection and Response System
Technologies, Techniques, and Standards
Identity management and zero-trust. (The CyberWire) Zero-days and vulnerabilities introduced post-compromise are particularly difficult to deal with. Electrosoft Services and the not-for-profit association ITPA-NCC hosted a summit on April 22nd that offered perspectives on how they might be better addressed through effective identity management and a zero-trust approach to security.
A threat-based methodology is FedRAMP’s next step toward simplicity with rigor (Federal News Network) FedRAMP saw a huge increase in reuse of cloud security packages and the program management office is taking steps to make it easier.
Emerging open cloud security framework has backing of Microsoft, Google and IBM (TechCrunch) Each of the big cloud platforms has its own methodology for passing on security information to logging and security platforms, leaving it to the vendors to find proprietary ways to translate that into a format that works for their tool. The Cloud Security Notification Framework (CSNF), a new workin…
[Ponemon Institute Second Annual Study] Economics Of The SOC 2021 (FireEye) The second annual study on the economics of security operation centers (SOC) research is out. And, as expected, the study reveals that the world of cybersecurity is changing rapidly. According to the 2020 Cost of Data Breach study1, the average cost of a breach is now $3.86 million. In another Ponemon Institute study2, more companies are reporting data breaches.
Cybersecurity Experts Share Thoughts for World Password Day (SecurityWeek) Cybersecurity experts from several companies have shared thoughts for World Password Day.
Stalkerware Tip Sheet (Stay Safe Online) 53,870 mobile users were survivors of stalkerware in 2020. Stalkerware is a form of monitoring software which enables a remote user to track activities on another user's device, such as location data, call logs and messages. It is most often used to monitor a spouse or partner without their permission.
Email security is a human issue (Help Net Security) Email security, alongside many other areas of cyber defense, is a human issue and each member of the team poses a significant risk.
Web App Pen Testing in an Angular Context (Black Hills Information Security) Joff Thyer // If you are a fan of web application pen testing, you have been spoiled with a lot of easy pickings over the years. We all love our interception proxies, and I know a lot of us are huge fans of the great work that PortSwigger has done with Burp Suite over the years. Having said this, […]
Design and Innovation
Senetas and Thales Launch the World’s First Quantum Resistant Network Encryption Solution (Valdosta Daily Times) Thales and Senetas have collaborated to launch the world’s first quantum resistant network encryption solution, capable of protecting customer data (at speeds up to 100 Gbps) against future quantum attacks. Regarded as among the most significant threat to cybersecurity, quantum-computing looks set to render many of today’s security methods, such as encryption, obsolete.
Code Dx and Secure Code Warrior Join Forces to Launch "Project Better Code" (PR Newswire) Code Dx and Secure Code Warrior have teamed up to launch Project Better Code, an initiative to tackle a major challenge facing innovative...
Research and Development
AWS, QCI look to bridge classical and quantum computing (SearchDataCenter) AWS continued its push to link classical and quantum computing environments teaming up with QCI, makers of a SaaS-based offering that runs on both platforms.
GTX Corp to Collaborate with TulsaLabs to Develop Blockchain Authentication and Security for its NFC Supply Chain Tracking Solutions (Yahoo) GTX Corp (OTC: GTXO) (“GTX” or the “Company”), a pioneer in the field of wearable GPS human and asset tracking systems and a supplier of Health and Safety medical supplies and devices, announces collaboration with TulsaLabs, a division of AppSwarm, Corp. (OTC: SWRM), to develop blockchain solutions around GTX Corp's Near Field Communication (NFC) technology and GPS human and asset tracking platform.
Eclypsium Awarded AFWERX SBIR Phase One Contract to Explore Air Force Use of Enterprise Device Security Platform (Eclypsium) Portland, OR – May 7, 2021 –Eclypsium®, the enterprise device security company, today announced it has been awarded a U.S. Air Force, AFWERX Small Business Innovation Research (SBIR) Phase 1 contract. The contract will allow Eclypsium to conduct feasibility studies with the Department of Defense (DoD) to demonstrate how the company’s enterprise…
Legislation, Policy, and Regulation
Biden Administration Likely Retaining Trump Doctrine on Cybersecurity in Space (Nextgov.com) Vice President Kamala Harris is prioritizing cybersecurity as chair of the National Space Council, an official said.
The Cybersecurity 202: A leading House Republican wants to double funding to protect critical infrastructure from cyberattacks (Washington Post) Rep. John Katko (R-N.Y.) is requesting about $250 million — approximately double the current budget — for the Cybersecurity and Infrastructure Security Agency's center for detecting risks to critical infrastructure and the telecommunications supply chain.
Everything You’ve Heard About Section 230 Is Wrong (WIRED) These hallowed 26 words shield internet companies from being held responsible for what people post and share. But the web’s most sacred law is a false idol.
SEC to Explore Rules for Apps That ‘Gamify’ Trading, New Chairman Says (Wall Street Journal) Gary Gensler said the SEC was studying whether to impose restrictions on brokerage apps that facilitate trading of stocks and other securities, in testimony before a House committee.
Bill seeks to bolster National Guard’s role in cyber response (C4ISRNET) A new bill aims to improve governors' ability to decide when and how to deploy their state’s National Guard to respond to cyber threats.
ICS Security Requires Private-Public Sector Synergy (Decipher) Government officials and technology experts call for more collaboration between the public and private sectors when it comes to securing industrial control system environments.
States Push Back Against Use of Facial Recognition by Police (SecurityWeek) Concern about the accuracy of facial recognition and the growing pervasiveness of video surveillance is leading some state lawmakers to hit the pause button
State Data Privacy Bills Stumble (Wall Street Journal) Florida Republicans making last-minute changes to internet privacy legislation that died last week ran into a similar stumbling block as Democrats who failed to pass a law in Washington last month: how to enforce it.
Litigation, Investigation, and Law Enforcement
In U.S. Trial Of Alleged Hacker, Signs Of Larger Russian Cybercrimes (RadioFreeEurope/RadioLiberty) Methbot was one of the most sophisticated Internet fraud operations in history. As the trial of its alleged ringleader opened this week in New York, court filings hinted at broader networks that may also have played a role in Russia’s state-sponsored hacking that roiled the 2016 U.S. election.
Amnesty International to restore 'prisoner of conscience' status to Russia's Navalny: aide (euronews) Amnesty International will next week announce it is reversing a decision to strip jailed Kremlin critic Alexei Navalny of its “prisoner of conscience” status, a top aide said on Thursday.
FCC’s net neutrality rollback overwhelmed by bogus industry comments, investigation finds (The Verge) A multi-year probe found nearly 18 million fake comments
Crypto Trader Can't Nix SEC Subpoena On Privacy Grounds (Law360) A cryptocurrency company and its owner can't quash a U.S. Securities and Exchange Commission subpoena on privacy grounds, an Idaho federal court found, because the financial information sought was relevant to an enforcement investigation.
Cybersecurity Firm Says Rival Is Raiding Workers, Information (Law360) A cybersecurity firm is asking a Georgia federal judge to stop a rival from raiding its employees in what it calls an attempt to steal trade secrets and customers, and to force a former worker to delete any information he took with him to the new job.
[Massachusetts AG letter to pharmacies on customer privacy.] (Commonwealth of Massachusetts Office of the Attorney General) Dear all: We are writing in connection with your administration of vaccinations for the 2019 novel coronavirus.