Dateline the Internet: the Log4j vulnerabilities and related risks.
Log4 j in industrial systems. Regulatory response. Exploitation for ransomware. (The CyberWire) ICS vendors review their products for Log4j vulnerabilities. Regulators are working through their response to the open source library issue, as Log4shell is exploited in ransomware attacks.
ICS Vendors Respond to Log4j Vulnerabilities (SecurityWeek) SecurityWeek has compiled a list of the advisories published by ICS and other industrial-related vendors in response to the recent Log4j vulnerabilities.
FTC threatens legal action over unpatched Log4j systems (Register) Apply fixes responsibly in a timely manner or face the wrath of Lina Khan
FTC to Go After Companies that Ignore Log4j (Threatpost) Companies that fail to protect consumer data from Log4J attacks are at risk of facing Equifax-esque legal action and fines, the FTC warned.
FTC warns legal action against businesses who fail to mitigate Log4J attacks (Security Affairs) The US Federal Trade Commission (FTC) has warned legal action against companies who fail to secure their infrastructure against Log4Shell attacks. The US Federal Trade Commission (FTC) warns legal action against companies who protect their systems against Log4Shell (CVE-2021-44228) attacks. The move aims at urging organizations in protecting their infrastructure while both nation-state actors and cybercriminals are […]
Log4j Vulnerability Demonstrates Need For Mandatory Cyber Incident Reporting, Peters Says (Defense Daily) The disclosure in December of a widespread and active cybersecurity vulnerability that has put at risk millions of government and private sector computer
Dark Cubed and Vulnerability Management (Dark Cubed) In a 2018 interview, former US Navy SEAL Robert O’Neil was asked about the infamous SEAL training “drown-proofing evolution” in which their hands are tied behind their backs, and their feet tied together. They then jump into a deep pool. He said the first thing that exercise teaches you is “panic d
Fintech firm hit by Log4j hack refuses to pay $5 million ransom (BleepingComputer) One of the largest Vietnamese crypto trading platforms, ONUS, recently suffered a cyber attack on its payment system running a vulnerable Log4j version. Soon enough, threat actors approached ONUS to extort $5 million and threatened to publish customer data should ONUS refuse to comply.
Attacks, Threats, and Vulnerabilities
New Konni Campaign Kicks Off the New Year by Targeting Russian Ministry of Foreign Affairs (Lumen) Black Lotus Labs, the threat research team of Lumen Technologies, uncovered a series of targeted actions against the Russian Federation’s Ministry of Foreign Affairs (MID).
Malware Can Fake iPhone Shutdown via 'NoReboot' Technique (SecurityWeek) Researchers have shown how a piece of iOS malware can achieve “persistence” by faking the iPhone shutdown process via a technique dubbed “NoReboot.”
Can You Trust a File’s Digital Signature? New Zloader Campaign exploits Microsoft’s Signature Verification putting users at risk (Check Point Research) Research by: Golan Cohen Introduction Last seen in August 2021, Zloader, a banking malware designed to steal user credentials and private information, is back with a simple yet sophisticated infection chain. Previous Zloader campaigns, which were seen in 2020, used malicious documents, adult sites and Google ads to infect systems. Evidence of the new campaign... Click to Read More
Malsmoke hackers abuse Microsoft signature verification in ZLoader cyberattacks (ZDNet) Malware exploits the system to steal credentials and other data.
Info-Stealing Malware Hits 100+ Countries (Infosecurity Magazine) ZLoader could also deliver ransomware, warns Check Point
MalSmoke attack: Zloader malware exploits Microsoft's signature verification to steal sensitive data (Tech Republic) Already impacting more than 2,000 victims, the malware is able to modify a DLL file digitally signed by Microsoft, says Check Point Research.
Hackers Are Exploiting a Flaw Microsoft Fixed 9 Years Ago (Wired) Unless you go out of your way to install the patch, your system could be exposed.
Zloader Banking Malware Exploits Microsoft Signature Verification (SecurityWeek) Researchers document a credential -stealing banking malware campaign exploiting Microsoft's digital signature verification.
Google Docs Comment Exploit Allows for Distribution of Phishing and Malware (Avanan) An exploit in the Google Docs comment feature allows hackers to easily spread malware and phishing.
Purple Fox rootkit discovered in malicious Telegram installers (ZDNet) Slicing up files allows the malware to stay under the radar.
Alert! Want to Download Telegram? Beware of Bogus Telegram Apps (The Hans India) Be careful while downloading the Telegram app! These Bogus Telegram apps are reported to be hacking into devices and stealing user data.
FTC Sees Explosive Robocall Growth, Driven By 'Spoofing' (Law360) U.S. consumers have endured a major spike in illegal robocalls in recent years, and reported violations of the National Do Not Call Registry continued to increase over the last 24 months, the Federal Trade Commission said Wednesday.
The Beginner׳s Guide to the Untold Dangers of Web Extensions (Talon Cyber Security) Extensions offer great value to their users, with essential features such as ad-blocking, password management, and productivity boosters. However, they require broad permissions to modify the browser, its behavior, and the visited websites to deliver these enhancements.
Hackers interrupt briefing by lawyers for those killed in airliner downed by Iran (Reuters) Hackers on Tuesday interrupted a video briefing by lawyers for relatives of those who died when Iran shot down a Ukrainian airliner, playing clips of loud music and showing sometimes violent images for more than two minutes.
Hacking the Brazilian health system: there have been no official data on the coronavirus for 25 days (Market Research Telecast) Brazil, the South American country most affected by the coronavirus pandemic, recorded 18,759 cases and 175 deaths in the last 24 hours, a number much…
Canadian heavy equipment maker confirms cyber attack by Karakurt (IT World Canada) A Canadian manufacturer of blades, buckets and other heavy equipment that is attached to tractors and excavators has acknowledged it suffered a security breach by the Karakurt hacking gang. However, Lyle Makus, IT manager of Edmonton-based Weldco-Beales Manufacturing, said it isn't clear if the gang copied any data. "We have no way to prove or […]
70 investors lose $50 million to fraudsters posing as broker-dealers (BleepingComputer) A California man confirmed his role in a large-scale and long-running Internet-based fraud scheme that allowed him and other fraudsters to siphon roughly $50 million from dozens of investors over eight years, between 2012 to October 2020.
Conservatory: 4.9K people affected by ransomware attack (NBC4 WCMH-TV) Hackers targeting Franklin Park Conservatory created a data breach last July, and now the organization is working to notify affected people after the ransomware attack…
Franklin Park Conservatory experiences data breach; notifying affected patrons (The Columbus Dispatch) This summer, the Franklin Park Conservatory experienced a data breach and is in the process of notifying affected patrons.
Albuquerque impacted by ransomware attack on Bernalillo County government (The Record by Recorded Future) County government buildings and public offices were closed on Wednesday across the cities of Albuquerque, Los Ranchos, and Tijeras after a ransomware attack crippled the IT network of the Bernalillo County government.
Capital Region says patient information accessed in data breach (ABC17NEWS) The provider took its network down Dec. 17 after noticing suspicious activity, Capital Region said previously.
Data breach following school Covid testing sees results sent to wrong parents (Evesham Journal) A data breach during Covid testing at an Evesham school has seen results sent to the wrong people.
Army hospital’s Facebook page hijacked by angry person demanding money (Task & Purpose) An Army hospital's Facebook page was taken over by an angry person, possibly in London, who claimed to have been robbed of $400
NBC 10 I-Team: Nationwide cyber attack hits hundreds of local employees (WJAR) Working on the frontlines during the current COVID-19 surge was already tough. But some Care New England employees told NBC 10 News they haven't received all the pay they're owed due to a cyber attack on a nationwide payroll company, making the situation at work even tougher. "I didn't get the holiday pay on Christmas," one Kent Hospital nurse who asked not to be identified told NBC 10. "It's a very stressful environment. I mean, everybody is doing the best we can.
Some Md. medical licenses are delayed due to health department’s cyber attack (WTOP News) Some medical licenses in Maryland have been delayed because of a cyber attack that impacted the health department’s operations.
Security Patches, Mitigations, and Software Updates
Google Issues Warning For 2 Billion Chrome Users (Forbes) Google has issued a serious upgrade warning to all Google Chrome users worldwide...
Chrome 97 Patches 37 Vulnerabilities (SecurityWeek) Google this week announced the release of Chrome 97 in the stable channel with a total of 37 security fixes, including 24 for vulnerabilities reported by external researchers.
Google Patches 48 Vulnerabilities With First Set of 2022 Android Updates (SecurityWeek) Google has published information on the first set of 2022 security updates for Android, describing a total of 48 vulnerabilities that were addressed across Android OS, Pixel devices, and Android Automotive OS
Trends
Despite Mitigation Efforts, Cyber Attacks and Rate Hikes to Continue in 2022 (Insurance Journal) As dramatic as escalating ransomware attacks and rapidly climbing cyber insurance rates have been in 2021, both trends will continue to be a nuisance in
Advisers still struggle to close the gap with cybercriminals (InvestmentNews) The majority of global financial service institutions are facing serious issues securing their stored data, according to a recent survey.
The sophistication of underground eCrime laid bare (Tech Radar) Unpacking the growth and nature of eCrime
How ransomware gangs went pro (Register) They're developing new techniques 'in every area' says Darktrace
Marketplace
ReadyWorks Secures $8M in Series A Funding Led by Credit Suisse Asset Management's NEXT Investors (PR Newswire) ReadyWorks, a digital platform conductor (DPC) that leverages AI and intelligent automation to reduce the risk and costs of IT infrastructure...
Google Cloud and Recorded Future Begin New Year with Data Intelligence/Security Operations Acquisitions (OODA Loop) Cybersecurity M&A activity got off to a big start yesterday in the cloud-based and enterprise security subsector. Google Cloud announced the $500 million acquisition of Israeli-based Siemplify, a startup that specializes in security orchestration, automation, and response (SOAR) services.
Google is buying a company for half a billion dollars to boost cloud security (The Verge) Siemplify was bought out for $500 million.
Pwn2Own, ShmooCon security conferences postponed due to COVID-19 surge (The Record by Recorded Future) Two more security conferences have been postponed in the face of a rising wave of COVID-19 infections.
Long-time Cybersecurity Leader John N. Stewart Joins Vaultree’s Board of Directors (Vaultree) Former Cisco Security & Trust Officer Brings 30+ Years of Experience to Data Protection Startup
Six New Directors Elected to INSA Board (INSA) The Intelligence and National Security Alliance (INSA) welcomes six newly elected members to its 2022 Board of Directors. Led by Chair Letitia Long, the 18-member board provides INSA with strategic guidance, direction, and business oversight. INSA is the leading nonpartisan organization dedicated to advancing public-private partnerships to advance intelligence and […]
Don Boian Joins Hound Labs, Inc. as Its Chief Information Security Officer (StreetInsider.com) Hound Labs, Inc., a health technology company specializing in portable solutions, announced that Don Boian, an accomplished technology leader and award-winning information security expert, has...
Behind the scenes: A day in the life of a cybersecurity curriculum director (TechRepublic) The Kennedy Space Center kick-started Andee Harston's career in cybersecurity. Here's how she worked her way up to overseeing the cybersecurity curriculum for Infosec.
Palo Alto Networks appoints Helmut Reisinger to leadership team (Gulf Business) Reisinger joins as CEO, EMEA and Latin America, to accelerate global growth strategy.
XDR Innovator Cynet Appoints Mark Fullbrook to Chief Revenue Officer and Andy Wright to VP EMEA Sales (WFMZ.com) Cynet, autonomous XDR platform provider, announced today the appointment of Andy Wright to Vice President of Sales, EMEA and Mark Fullbrook to Chief Revenue
Products, Services, and Solutions
StrikeForce and Aite-Novarica develop a framework for secure video conferencing (Help Net Security) StrikeForce Technologies announced the introduction of an alternative approach to video conferencing security built for modern organizations.
GlobalDots’ partnership with Lacework enables security to speed business processes (ReBlonde) In its constant search for impactful and groundbreaking innovations to solve today’s IT and security challenges, GlobalDots has added data-driven cloud security provider Lacework to its portfolio
CloudSphere Completes Integration with Microsoft Azure Migrate (CloudSphere) The CloudSphere team is thrilled to announce the CloudSphere Cyber Asset Management Platform is now integrated with Microsoft Azure Migrate, making it easier and faster to complete cloud transformations. Whether spurred by the pandemic or simply a desire to modernize and take advantage of the scalability, flexibility and services from multiple cloud providers, organizations continue […]
Technologies, Techniques, and Standards
NCSC tweaks add-in to allow Office 365 users to report phishing attempts (Computing) Users reporting suspect emails to admins can now bcc the government cyber security agency
Why cyberstorage solutions are healthcare’s best option for ransomware defense (DotMed) After a brief quiet period through the fall, the ransomware crisis is beginning to accelerate again in the aftermath of the Log4j security flaw that has left thousands of organizations and enterprises alarmingly vulnerable to cyberattacks. The healthcare sector, in particular, is among the most at risk – as highlighted by the HHS Cybersecurity Program’s official alert issued on Dec. 14:
What to Do in the Aftermath of a Data Breach (PCMag Australia) Internet users in the United States rank first for data breaches. In this edition of SecurityWatch, we tell you what to do if your information winds up in someone else's possession.
Business Guide for Credential Stuffing Attacks (Office of the New York State Attorney General) Virtually every website and app uses passwords as a means of authenticating its users. Users — forced to contend with an ever-expanding number of online accounts they must manage — tend to reuse the same passwords across multiple online services.
5 ways hackers steal passwords (and how to stop them) (WeLiveSecurity) From social engineering to looking over your shoulder, here are some of the most common tricks that cybercriminals use to steal passwords.
Design and Innovation
DOD platform made for financial data finds battlefield use (FedScoop) The Advana platform was used in recent JADC2 experiments to give commanders real-time readiness and other types of data.
Putting Ransomware Gangs Out of Business With AI (Dark Reading) Organizations need to take matters into their own hands with a new approach.
Research and Development
Eying military gains, France goes big on national quantum technology (Defense News) Mastering quantum technology is an “absolutely strategic interest” for France’s national defense, said Defense Minister Florence Parly.
Academia
CYBERCOM Announces Academic Engagement Network Partners (U.S. Cyber Command) U.S. Cyber Command (CYBERCOM) will officially announce its newest Academic Engagement Network (AEN) college and university partners from 34 states and the District of Columbia this week.
Cyber superheroes prepare for battle (MSU Denver) With cybercrime soaring, the race is on to train a new generation of digital defenders.
Legislation, Policy, and Regulation
White House dismisses ‘crazy Russian claims’ that US is behind Kazakhstan unrest (New York Post) Jen Psaki insisted the United States has nothing to do with the unrest in the former Soviet republic.
Russian paratroopers arrive in Kazakhstan as unrest continues (the Guardian) Moscow-led ‘peacekeeping’ alliance enters country amid violent clashes between protesters, police and army
Borrell vows EU’s ‘full support’ for Ukraine on front line visit (Al Jazeera) EU’s top diplomat promises ‘massive consequences and severe costs’ for Russia if it launches a military offensive.
Finland and Sweden Are Done With Deference to Russia (Foreign Policy) Even if the two Nordic countries don’t join NATO, they have signaled a new era in relations with Moscow.
Australia, Japan to sign security cooperation treaty (ABC) Australia and Japan are set to sign a treaty to beef up defence and security cooperation, in the latest move to strengthen ties amid China's rising military power and economic clout in the Indo-Pacific region.
Swiss army backs home-grown IM service amid privacy concerns (AP NEWS) The Swiss army has told its ranks to stop using foreign instant-messaging services like WhatsApp, Signal and Telegram for official communications. Instead, it's opting for a Swiss alternative —- in part over concerns about legislation in Washington that governs how U.S.
Pentagon keeping pace in tech competition, official says (The Record by Recorded Future) The Defense Department is thus far managing to keep pace with peer competitors like China for dominance in cutting-edge technology areas such as cybersecurity, artificial intelligence and data, a senior Pentagon official said on Wednesday.
Senators Seek Clarity on DHS, DOT Cybersecurity Efforts (GovInfoSecurity) Ten U.S. senators this week wrote to the secretaries of both the Department of Homeland Security and the Department of Transportation inquiring about specific
USCG Assistant Commandant: ‘Shared Responsibility’ Crucial to Confront Escalating Maritime Cyber Threats (Homeland Security Today) "Collaboration with the industry is paramount, and focused on information sharing and good governance," Rear Adm. Mauger tells Congress.
Federal Agencies Announce a New 36-Hour Cybersecurity Incident Rule Reporting Requirement (JDSupra) On November 18, 2021, the Office of the Comptroller of the Currency (“OCC”), the Board of Governors of the Federal Reserve System (“Board”), and the Federal Deposit Insurance Corporation (“FDIC”) (collectively, the “Agencies”) issued a new rule (the “Rule”) that requires banking organizations and their bank service providers to report any “significant” cybersecurity incident within 36 hours of discovery, as set forth in the Federal Register (see 12 CFR Part 53 for the OCC, 12 CFR Part 225 for the Board and 12 CFR Part 304 for the FDIC).
The legacy of the Cyberspace Solarium Commission (Nextgov.com) The Cyberspace Solarium Commission is officially sunsetting after more than two years, dozens of recommendations and a slew of legislative changes. But since there’s more to be done, the panel is rebooting its efforts as a non-profit.
DoD CDO sees leadership shakeup as agency ‘doubling down’ on data goals (Federal News Network) The Defense Department is putting data and artificial intelligence at the center of all its domains.
White House closes in on three remaining Fed nominations (Washington Post) Biden is strongly considering nominating Sarah Bloom Raskin as the Fed’s top banking cop, and Lisa Cook and Philip Jefferson to the Fed board, according to people familiar with the matter
Litigation, Investigation, and Law Enforcement
Correcting the Record: Maricopa County's In-Depth Analysis of the Senate Inquiry (Maricopa County) Maricopa County is the second largest voting jurisdiction in the United States. With more than 2.6 million registered voters, Maricopa County represents more than 60 percent of Arizona’s registered voters. The Elections Department reports to both the County Board of Supervisors and the County Recorder and administers city, town, school district, special district, county, state, and federal elections in Maricopa County.
Russian businessman pleads not guilty in U.S. to insider trading through hacking (Reuters) A wealthy Russian businessman with ties to the Kremlin pleaded not guilty on Wednesday to U.S. charges that he participated in an $82 million insider trading scheme that relied on corporate information stolen through hacking.
Russian tied to $82M hacking scheme in U.S. deemed flight risk, denied bail (Newsweek) Vladislav Klyushin allegedly took part in a scheme to steal information on computer networks to use for insider trading, illegally profiting, authorities say.
The Capitol Riot Highlighted the Value—and Pitfalls—of Crowdsourced OSINT (World Politics Review) After the storming of the U.S. Capitol, tips from the public, often the result of online crowdsourcing and e-sleuthing, helped the FBI arrest over 700 suspects. This use of crowd-sourced open-source intelligence, or OSINT, highlights how rapidly this technique has spread, its value—and its potential pitfalls and misuses.
FTC settles with data analytics firm after millions of Americans’ mortgage files exposed (TechCrunch) The settlement comes two years after a TechCrunch investigation.
Massive data breach at T-Mobile lands giant class action in KC federal court (Kansas City Business Journal) Hackers stole the personal identification data for millions of past, present and prospective T-Mobile customers, leading to a huge class-action lawsuit.
Capital One Settles with Nearly 100M Data Breach Customers - (Legal Reader) Capital One Settles with Nearly 100M Data Breach Customers
Attorney General James Alerts 17 Companies to “Credential Stuffing” Cyberattacks Impacting More Than 1.1 Million Consumers (New York State Attorney General) New York Attorney General Letitia James today announced the results of a sweeping investigation into “credential stuffing” that discovered more than 1.1 million online accounts compromised in cyberattacks at 17 well-known companies.
New York OAG monitors hacking forums, notifies 17 companies of security breaches (The Record by Recorded Future) The New York Office of the Attorney General said today that it notified 17 well-known online retailers, restaurant chains, and food delivery services that have been the victims of credential stuffing attacks.
Feds see uptick in unspecified threats associated with Jan. 6 anniversary but no credible plots (NBC News) Numerous anniversary events are planned in and around the Capitol, while more than 100 vigils or ceremonies are expected across the country.
F.B.I. Arrests Man Accused of Stealing Unpublished Book Manuscripts (New York Times) Filippo Bernardini, an Italian citizen who worked in publishing, was charged with wire fraud and identity theft for a scheme that prosecutors said affected hundreds of people over five or more years.
Turkish hacker who stole a critic's Twitter account granted impunity by the government (Nordic Monitor) A hacker who works as a cybersecurity consultant in Turkey unlawfully obtained the password for the social media account of a government critic with no
Marine under investigation after 2-star Army general calls attention to sexual harassment allegations (Task & Purpose) 'What kind of leader would I be if I saw something that violated our values and standard of conduct and walked past it?'
Colorado's AG Targeting Robotexts, Social Platforms In 2022 (Law360) For Colorado Attorney General Phil Weiser, holding communications providers accountable takes on many forms, but it all comes back to giving customers control over their money, their services and their data.