Stay ahead of the game with CrowdSec, an open-source security suite that offers crowdsourced protection against malicious IPs. With its simple integration into your existing security infrastructure, you gain behavioral detection and automated remediation. Plus, you will benefit from highly actionable cyber threat intelligence with zero-false positives and a reduced volume of alerts built from a network of 170k+ machines spread over 180+ countries. Don’t fight alone, let the crowd support you. Get started with CrowdSec for free!
We’re very pleased to announce that the Retail & Hospitality ISAC Podcast has joined the CyberWire Podcast Network. Join host Luke Vander Linden for chats with members of the InfoSec community to discuss the latest challenges, opportunities, and best practices unique to cybersecurity in the retail and hospitality industry. Tune in and subscribe.
The White House this morning released the National Cybersecurity Strategy, planned to “secure the full benefits of a safe and secure digital ecosystem for all Americans,” said the executive branch in a fact sheet also released today. The strategy refocuses roles, responsibilities, and resource allocations in the digital ecosystem, with a five pillar approach. The White House shared that two primary goals of the strategy are to “rebalance the responsibility to defend cyberspace,” by shifting the burden of cybersecurity away from individuals and onto specialized organizations in the sector, as well as to “realign incentives to favor long-term investments” by balancing threat defense with smart planning and investment. The strategy is planned to prioritize ease and effectiveness of cybersecurity implementation, quick recovery from incidents, and reinforcement of digital values in three points highlighted by the administration: defensibility, resiliency, and values-alignment. The strategy has five core tenets: “Defend critical infrastructure, disrupt and dismantle threat actors, shape market forces to drive security and resilience, invest in a resilient future, and forge international partnerships to pursue shared goals.” For more on the US National Cybersecurity Strategy, see CyberWire Pro.
Why are you struggling with interpreting threat intel by yourself? Engage Nisos to achieve better risk insights and outcomes. Rely on the experts with a managed service that gives you the people, process, and technology to control costs while improving your defenses. Nisos leverages automation efficiency and analyst expertise that eliminates noise, identifies risks, and prioritizes your company-specific threats. We help you respond to threats faster and more effectively through assessments, monitoring, and investigations.
The US Cybersecurity and Infrastructure Security Agency (CISA) has published the findings of a red team assessment the agency carried out against a large critical infrastructure organization last year. The operation, conducted at the request of the organization, lasted three months. The red team was able to gain access to two workstations via spearphishing attacks. The team was also able to move laterally within the network, but were unable to gain access to the organization's sensitive business systems after running up against multifactor authentication measures and time constraints. However, CISA believes that “by using Secure Shell (SSH) session socket files ... they could have accessed any hosts available to the users whose workstations were compromised.” For more on the assessment, see CyberWire Pro.
Other CISSP certification training providers don't have a way to determine exam readiness until a practitioner passes (or fails) their certification exam. CyberVista's online CISSP course includes predictive analytics to show who is ready, who needs more time, and where to focus training. Through diagnostic exams, custom quizzes, a mock Computer Adaptive Test (CAT) Exam, and more, employers and practitioners alike feel confident in passing their CISSP the first time with CyberVista.
Cado Security researchers shared in a blog this morning their discovery of a campaign targeting insecure Redis deployments for cryptojacking. The campaign leverages open-source command line file transfer service transfer[.]sh, which has seen activity since at least 2014. The service, however, didn’t see any malware distribution, until researchers noticed it early this year. The Cado team suspects that the move to the file transfer service may represent an attempt to evade detection.
The researchers write, “Redis is exploited to register a simple cron job that is executed every second minute and runs a cURL command silently to retrieve a payload at https://transfer[.]sh/QQcudu/tmp[.]fDGJW8BfMC. This file is saved as .cmd and executed with bash.” Using bash acts as an anti-forensics measure. The malware being distributed through Redis is a cryptojacker, intended for mining alt-coin, so once the script is executed, eventually the binaries for XMRig and pnscan are dropped. (XMRig registers the miner with a number of pools, and pnscan is used to pivot across other vulnerable servers.)
Russia's Internet watchdog Roskomnadzor has banned nine foreign messaging apps, Computing reports. Roskomnadzor's statement singles out the apps as being foreign-owned, and as providing a way for users to communicate directly with one another. The sender determines the recipient of the message with no possibility for public mediation of the content, and this direct, unmediated communication seems to be the more troubling aspect of the services. As Computing points out, other foreign-owned apps (like Zoom) remain acceptable. Rozkomnadzor's statement makes no specific accusation of subversion or direct complicity with anti-Russian forces, as had marked earlier bans on Facebook and Instagram. The apps that fall under the new restrictions include Discord, Microsoft Teams, Skype for Business, Snapchat, Telegram, Threema, Viber, WhatsApp, and WeChat.
There have been no reports of major cyberattacks in recent days, but hacktivists have remained active. The US Consulate in Milan, for example, had its Twitter account hijacked, on February 27th, and the attackers used it to disseminate tweets associating Ukraine's government with Nazis. The State Department regained control of the account, but not, Newsweek reports, before the pro-Russian hacktivists' tweets achieved about 140,000 views.
The CyberWire's continuing coverage of Russia's war against Ukraine may be found here.
Today's issue includes events affecting Belarus, Cambodia, China, Italy, NATO/OTAN, Russia, Ukraine, the United Kingdom, and the United States.
Ukraine at D+371: General Mud. (CyberWire) Mud impedes operations, as no major changes in the lines are reported. Hacktivism continues, and Russia bans some messaging apps.
Russia-Ukraine war at a glance: what we know on day 372 of the invasion (the Guardian) Ukraine hangs on to Bakhmut as at least three killed in missile strike on Zaporizhzhia; German chancellor cautions China against arming Russia
Putin’s army stuck in mud like Hitler's in 1941 (The Telegraph) Russia has been relying on rapid advancement which the recent change of weather has made more difficult
Russia claims it repelled ‘massive’ Crimea drone attack (The Telegraph) Russia's defence ministry on Wednesday claimed it had thwarted what it described as a massive Ukrainian drone attack on Crimea.
Russia Says Ukrainian Saboteurs Launch Cross-Border Attack (Military.com) Russian officials say Ukrainian saboteurs have crossed into western Russia and attacked villages there, as the war extends into its second year.
Russia’s Invasion of Ukraine: One Year Later (Foreign Affairs) A Conversation With Dara Massicot, Liana Fix, and Michael Kimmage
One year in, finding a path forward for a Ukrainian victory (Breaking Defense) One volunteer ferrying supplies and vehicles into the city of Bakhmut told Breaking Defense the Russian forces attacking act "like a zombie army."
Russia-Ukraine war live: Blinken tells Lavrov US will support Kyiv for as long as it takes during meeting in margins of G20 summit (the Guardian) US secretary of state speaks to Russian foreign minister in what is believed to be their first one-on-one conversation since invasion of Ukraine
The Limits of the No-Limits Partnership (Foreign Affairs) China and Russia can’t be split, but they can be thwarted.
Putin’s Oligarchs Fall in Line (Puck) The shock and disgust that many Russian elites felt at the beginning of the war—at the notion that Putin had just single-handedly made a disastrous decision that would destroy their own country—has abated. “The universal position is to trust their commander in chief.”
Russia bans foreign messaging apps (Computing) The Russian internet watchdog, Roskomnadzor, has banned several foreign messaging applications from being used in government and state agencies.
U.S. Consulate hacked by "Putin supporters" (Newsweek) The account was hijacked to share posts comparing Ukraine to Nazi Germany.
The Satellite Hack Everyone Is Finally Talking About (Bloomberg) As Putin began his invasion of Ukraine, a network used throughout Europe—and by the Ukrainian military—faced an unprecedented cyberattack that doubled as an industrywide wake-up call.
When Ukraine goes dark (Washington Post) One Kyiv apartment building coping with power outages shows the day-to-day toll of war in Ukraine away from the front line.
Ukraine’s Startups Kept Innovating Through 1 Year of War (WIRED) Founders and coders have shipped updates through blackouts and from bomb shelters. “There’s no way out except to fight for the future,” one worker says.
The tech workers exiled from Europe’s last dictatorship (Rest of World) Ruthless political repression has decimated Belarus’ once-thriving tech scene.
Kherson torture centres were planned by Russian state, say lawyers (the Guardian) Investigators say sites set up during occupation of Ukrainian city were part of ‘calculated plan to terrorise’ locals
US Marshals Service target of 'major' cyber-attack (BBC News) The security breach at the federal law enforcement agency was categorised as a "major incident".
Ransomware attack on US Marshals compromises sensitive information (the Guardian) Federal agency best known for tracking down fugitives suffered security breach on 17 February
BlackLotus UEFI bootkit: Myth confirmed (WeLiveSecurity) ESET researchers are the first to publish an analysis of BlackLotus, the first in-the-wild UEFI bootkit capable of bypassing UEFI Secure Boot.
Approov Mobile Threat Lab Finds 92% of Popular Fintech Apps Immediately Expose Valuable, Exploitable Secrets (Business Wire) Inadequate Protection of API Keys at Runtime Places Consumer Data and Treasure at Sharp Risk. Stolen API Keys Can be Used to Steal Personal and Financial Data.
Redis Miner Leverages Command Line File Hosting Service (Cado Security | Cloud Investigation) Cado Labs researchers recently discovered a novel cryptojacking campaign targeting insecure deployments of Redis.
Security Defects in TPM 2.0 Spec Raise Alarm (SecurityWeek) Security defects in the Trusted Platform Module (TPM) 2.0 reference library specification expose devices to code execution attacks.
Gitpod remote code execution 0-day vulnerability via WebSockets (Snyk) In this post, we present the first findings from our current research into Cloud Development Environments (CDEs) — which allowed a full account takeover through visiting a link, exploiting a commonly misunderstood vulnerability (WebSocket Hijacking), and leveraging a practical SameSite cookie bypass.
Cyber Threats Unveiled: SSH Scanning and XorDDos Propagation (Avertium) This report discusses the apparently automated approach used by a threat actor to identify vulnerable hosts, install the XorDDoS bot, & launch DDoS attacks
Introducing The Top 10 Open Source Software (OSS) Risks (Endor Labs) The Endor Labs Station 9 research team teamed up with over 20 CISOs and CTOs to identify the top 10 security and operational risks introduced through reliance on open source code.
LastPass CEO acknowledges mistakes, takes 'full responsibility' for recent breach failures (Axios) Attackers gained access to millions of users' password vaults and other sensitive information in two breaches.
Dish Network Shares Hit 14-Year Low After Cyber Attack Caused Major Outage (Forbes) Dish Network’s website and customer services systems went black in a major outage that started last week.
Retailer WH Smith reports cyberattack, says employee data compromised (The Record from Recorded Future News) U.K.-based retailer WH Smith told regulators that a cyberattack exposed data of current and former employees.
Washington state public bus system confirms ransomware attack (The Record from Recorded Future News) Pierce Transit, which serves the Tacoma area, said a ransomware attack disrupted systems and necessitated some temporary workarounds.
How Cambodia-based scammers made an estimated $3 million in ‘pig butchering’ scheme (The Record from Recorded Future News) Last October, Sean Gallagher received an unexpected text message from a young Malaysian woman calling herself Harley.
The VulnCheck 2022 Exploited Vulnerability Report - A Year Long Review of the CISA KEV Catalog - Blog - VulnCheck (VulnCheck) A review of the vulnerabilities added to the CISA KEV Catalog in 2022. VulnCheck examines which vulnerabilities were added in 2022, who exploited them, and how long it took to add them to the Catalog.
2023 Global Threat Report (CrowdStrike) The latest edition of the CrowdStrike Global Threat Report comes at an important time for protectors around the world.
Americans lost nearly $4 billion to investment scams in 2022 (Atlas VPN) Over the past few years, investment scams have become increasingly sophisticated and widespread, taking advantage of the rise of digital technologies.
How Shock Sites Shaped the Internet (Vice) We owe the cultural evolution of the internet to the likes of 'Two Girls, One Cup,' 'Goatse,' and 'Tubgirl.'
BlackFog Global Ransomware Report (BlackFog) A total of 40 ransomware attacks were publicly reported in February, a 21% increase on January. Government was the most heavily targeted sector, closely follow by healthcare. Several large organizations made headlines including, ION, Five Guys and Dole Foods, while we closed out the month with an attack on the US Marshals.
Virtru Joins NIST NCCoE Data-Centric Security and Classification Consortium (GlobeNewswire News Room) Joint effort with NIST, Google, Adobe, JPMorgan Chase & Co., and other global tech innovators aims to advance data-centric security at scale...
Deep Instinct Included in the 2022 Gartner® Magic Quadrant™ for Endpoint Protection Platforms (EPP) (PR Newswire) Deep Instinct, the first company to develop a purpose-built, AI-based deep learning (DL) framework for cybersecurity, announced their inclusion...
CRN Names Versa Networks One of 20 Coolest Network Security Companies of 2023 (Business Wire) Also Featured on CRN’s 2023 Security 100 List, Versa Uniquely Equips and Offers Accredited Training for Channel Partners to Deliver the Leading Unified SASE Solution to Customers
DomainTools Expands Executive Team, Appoints Chad Bacher as Chief Product Officer (DomainTools) DomainTools, the global leader for Internet Intelligence, today announced the expansion of its C-suite leadership team with the appointment of Chad Bacher as Chief Product Officer (CPO.) As CPO, Bacher is responsible for DomainTools’ product vision, strategy, and execution and oversees the Company’s Product, Engineering, Architecture and Research teams. […]
Dashlane Passkey Support Coming to Android (Dashlane) Google released the first Android 14 developer preview, which contains changes that enable third-party apps to manage passkeys.
InfoTech partners with AU10TIX to securely, rapidly verify bankers' identities (ITWeb) The addition of AU10TIX to InfoTech’s solutions portfolio addresses the need for automated solutions to support fraud prevention, risk management and POPIA compliance.
WatchGuard’s XDR Solution, ThreatSync, Simplifies Cybersecurity for Incident Responders (WatchGuard Technologies) ThreatSync enables a comprehensive and simple-to-use XDR solution as part of WatchGuard’s Unified Security Platform, accelerating cross-product detections and faster responses to threats from a single pane of glass
New Fortinet releases provide better protection for operational technology environments - SiliconANGLE (SiliconANGLE) Cybersecurity firm Fortinet Inc. today announced enhanced products and services for operational technology environments as an expansion of the its Security Fabric for OT.
Sumsub introduces Travel Rule solution for crypto businesses (PR Newswire) Sumsub, a global tech company that provides customizable KYC, KYB, AML and transaction monitoring solutions, has launched a Travel Rule...
Viasat Launches Cybersecurity Service Using Classified Threat Intelligence to Help Protect U.S. Businesses and Critical Infrastructure (PR Newswire) Viasat Inc. (NASDAQ: VSAT), a global communications company, today announced the launch of its Trusted Cybersecurity Services (TCS) solution, a...
PC Magazine Selects Data443’s Ransomware Recovery Manager as One of the Best Ransomware Protections for 2023 (GlobeNewswire News Room) Data443 Risk Mitigation, Inc. (“Data443”) (OTCPK: ATDS), a data...
CISA Releases Decider Tool to Help with MITRE ATT&CK Mapping (Cybersecurity and Infrastructure Security Agency CISA) Today, CISA released Decider, a free tool to help the cybersecurity community map threat actor behavior to the MITRE ATT&CK framework. Created in partnership with the Homeland Security Systems Engineering and Development Institute™ (HSSEDI) and MITRE, Decider helps make mapping quick and accurate through guided questions, a powerful search and filter function, and a cart functionality that lets users export results to commonly used formats.
Cyber training expands to local leaders (GCN) The National Cybersecurity Center will offer the training every two years, and push local governments to take advantage of free resources and information-sharing.
SoftBank Corp. and SandboxAQ Jointly Verify Hybrid Mode Quantum-safe Technology (HPC) SoftBank Corp. (“SoftBank”) has announced that it completed a demonstration of combined classical encryption algorithms, represented by elliptic curve cryptography (ECC), with Post Quantum Cryptography (PQC) algorithms using a hybrid approach.
You Are Not a Parrot (Intelligencer) And a chatbot is not a human. And a linguist named Emily M. Bender is very worried what will happen when we forget this.
National Cybersecurity Strategy (The White House) Digital technologies today touch nearly every aspect of American life.
FACT SHEET: Biden-Harris Administration Announces National Cybersecurity Strategy (The White House) Read the full strategy here Today, the Biden-Harris Administration released the National Cybersecurity Strategy to secure the full benefits of a safe and secure digital ecosystem for all Americans. In this decisive decade, the United States will reimagine cyberspace as a tool to achieve our goals in a way that reflects our values: economic security…
Biden administration releases new cybersecurity strategy (AP NEWS) The U.S. government plans to expand minimum cybersecurity requirements for critical sectors and to be faster and more aggressive in preventing cyberattacks before they can occur, including by using military, law enforcement and diplomatic tools, according to a Biden administration strategy document released Thursday.
White House pushes for mandatory regulations, more offensive cyber action under National Cyber Strategy (The Record from Recorded Future News) The White House unveiled its National Cybersecurity Strategy on Thursday, calling for more regulations and offensive cyber action.
Here's why Biden's new cyber strategy is notable (Washington Post) Five under-the-radar parts of Biden’s national security strategy
How the U.S. National Cyber Strategy Reaches Beyond Government Agencies (Wall Street Journal) The Biden administration released its long-awaited national cybersecurity strategy Thursday, setting out in broad terms how the U.S. government should approach cybercrime, its own defenses, and the private sector’s responsibility for security over the next several years.
Biden National Cyber Strategy Seeks to Hold Software Firms Liable for Insecurity (Wall Street Journal) Markets have imposed “inadequate costs” on companies that build vulnerable technology, it says.
Why Biden Wants to Keep the Law That Allows NSA Mass Surveillance, and Republicans Want to Kill It (Slate Magazine) The Biden administration sent a letter to Congress urging reauthorization as “a top legislative priority.”
U.S. House panel approves bill giving Biden power to ban TikTok (Reuters) The U.S. House Foreign Affairs Committee voted on Wednesday along party lines to give President Joe Biden the power to ban Chinese-owned TikTok, in what would be the most far-reaching U.S. restriction on any social media app.
Why TikTok Is Being Banned on Gov’t Phones in US and Beyond (SecurityWeek) So how serious is the threat of using TikTok? And should TikTok users who don’t work for the government be worried about the app, too?
TikTok Isn't the Only China-Backed App the White House Is Worried About (Bloomberg) Concerns go beyond TikTok, Commerce Secretary Raimondo says. Senators ‘thinking hard’ about right way to protect security.
‘Havana syndrome’ not caused by energy weapon or foreign adversary, intelligence review finds (Washington Post) After a years-long assessment, five U.S. intelligence agencies conclude it is ‘very unlikely’ an enemy wielding a secret weapon was behind the mysterious ailment.
For a complete running list of events, please visit the Event Tracker.
Loyola Blakefield Cyber Challenge 2023 (Towson, Maryland, USA, Mar 25, 2023) The sixth annual Loyola Blakefield Cyber Challenge is an exciting event for all participants, new and experienced. It will take place on March 25, 2023, between 9 am and 3 pm, with awards given out at the end. The competition is created by students at Loyola Blakefield High School for students across the nation. Participants will be tasked with solving challenges on a wide variety of topics, all pertinent to real-life cyber threats prevalent in today’s society. Whether this is your first introduction into the world of cyber security, or you’ve mastered many skills in the field, this competition is open to you.
SecureWorld Charlotte (Charlotte, North Carolina, USA, Mar 2, 2023) Join your regional cybersecurity community for high-quality, affordable training and collaboration. Earn 6-12 CPE credits through 15+ educational elements learning from local and nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with peers in InfoSec.
Certified CMMC Professional (CCP) 2.0 Exam Prep (Virtual, Mar 13 - 17, 2023) This 5-day CCP course covers the foundational required curriculum along with CMMC Level 2 scoping and the full 110 practices. Edwards Cyber AB approved CCP 2.0 courses enable participants to sit for the CCP exam – making you a valuable resource to a consultancy providing CMMC preparation, C3PAO providing certified assessor support, or organization interested in having in-house CMMC trained resources. Edwards all-star lineup of Provisional Instructors (PIs) includes several of the CMMC industry’s most respected consultants along with Edwards’ internal SMEs to deliver their action packed bootcamps. Learn more and register now.
Security & Policing (Farnborough, England, UK, Mar 14 - 16, 2023) Security & Policing, the official Government global security event, returns to the Farnborough International Exhibition and Conference Centre between 14-16 March 2023. Hosted by the Home Office’s Joint Security & Resilience Centre (JSaRC), Security & Policing offers a world‐class opportunity to meet and discuss the latest advances in delivering national security and resilience with leading UK suppliers, UK and overseas Government officials and senior decision makers across the law enforcement and security sectors. There is no general admittance to Security & Policing and all visitors and exhibitors are subject to Home Office approval.
GISEC Global (Dubai, UAE, Mar 14 - 16, 2023) With the ever-changing global landscape, it is increasingly essential to strengthen cybersecurity across industries. GISEC Global offers a platform for key industry leaders and names to come together in order to stay ahead of potential threats, discover innovative strategies and remain secure from major disruptions.
SINET– Silicon Valley 2023 (Mountain View, California, USA, Mar 16, 2023) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on identifying solutions to Cybersecurity challenges.
