Control Loop is up.
Listen to the latest episode of Control Loop, the OT cybersecurity podcast. The current episode highlights the challenges of carrying out vulnerability management.
Most security breaches can be linked to an email, from phishing and impersonation to BEC and zero-day threats. As one of the most used apps in business, email deserves better protection. Mimecast helps 40,000+ organizations work fearlessly. Get the best layer of protection with Mimecast and the most dangerous threats can be the least of your worries.
Listen to the latest episode of Control Loop, the OT cybersecurity podcast. The current episode highlights the challenges of carrying out vulnerability management.
A formerly unnamed cybercrime group, APT43, was named and described by Mandiant in a report last week. It was also shown to have ties to the Democratic People’s Republic of Korea. Mandiant explains that after five years of tracking the activities of APT43 they can attribute the group to the Democratic People’s Republic of Korea because their “collection priorities align with the mission of the Reconnaissance General Bureau (RGB), North Korea's main foreign intelligence service.” Mandiant also highlights how APT43 acquires and launders stolen cryptocurrency to fund its own espionage operations. This differs from other DPRK cyber threat actors who seem to funnel cryptocurrency to fund the DPRK government as a whole.
Google released a follow-up report on 5 April which focused on that subset of APT43’s activities Google calls “ARCHIPELAGO.” Google notes that it “observed the group target individuals with expertise in North Korea policy issues such as sanctions, human rights and non-proliferation issues.” Google goes on to expose how ARCHIPELAGO conducts its phishing and various malware operations explaining “ ARCHIPELAGO invests time and effort to build rapport with targets, often corresponding with them by email over several days or weeks before finally sending a malicious link or file.” Google also notes, “For several years, ARCHIPELAGO focused on conducting traditional credential phishing campaigns. More recently, TAG has observed ARCHIPELAGO incorporate malware into more of their operations,...To protect their malware from AV scanning, ARCHIPELAGO commonly password-protects their malware and shares the password with recipients in a phishing email.” For more on Archipelago and APT43, see CyberWire Pro.
Other CISSP certification training providers don't have a way to determine exam readiness until a practitioner passes (or fails) their certification exam. CyberVista's online CISSP course includes predictive analytics to show who is ready, who needs more time, and where to focus training. Through diagnostic exams, custom quizzes, a mock Computer Adaptive Test (CAT) Exam, and more, employers and practitioners alike feel confident in passing their CISSP the first time with CyberVista.
Europol yesterday reported that Tuesday’s seizure of the Genesis Market criminal marketplace was a combined operation involving 17 countries. 119 people were arrested, 208 properties were searched, and a reported 97 “knock and talk measures” took place. This combined effort was spearheaded by the US Federal Bureau of Investigation (FBI) and the Dutch National Police (Politie). A US Department of Justice (DoJ) yesterday disclosed that law enforcement seized 11 domain names that were in support of the Genesis Market infrastructure. For more on Operation Cookie Monster and the Genesis Market arrests, see CyberWire Pro.
Broaden the reach of your ads, fill your funnel, and build partnerships with valuable leads. Having the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, means companies trust us to get their messages out. Feature your brand with the source that top security leaders choose. Learn more.
The US government is providing $25 million to Costa Rica to help the country build up its cybersecurity defenses, Moody’s reports. The money will be used to “support new training, equipment, and a collaboration between the US and the Costa Rican government to establish a Security Operations Center to oversee and address future cyber threats.” The financial assistance comes after a series of cyberattacks affected Costa Rican government institutions over the course of 2022 and early 2023. Moody’s states, “Even though Costa Rica has a relatively strong cybersecurity score, efforts to prevent future attacks will limit disruption to fiscal performance and economic activity.”
It's Russia's turn to chair the United Nations Security Council, and it used its first week in that role to convene a meeting to share its own view of the widespread abduction of Ukrainian children. It featured a video presentation by the director of Russia's child protection agency, Maria Lvova-Belova, presently wanted by the International Criminal Court for war crimes involving the kidnapped children. Ms Lvova-Belova said she welcomed the opportunity to “dispel the fakes and show the opposite side.” She added that Russia did not recognize the jurisdiction of the International Criminal Court, and claimed that Russia's custody of the children was protective, and that Moscow stands ready to help reunite the children with their families. Criticism of Russian policy, she said, amounted to lies designed to slander Russia. “We have no doubt that this is a campaign to discredit our country and attempts to conceal their irresponsible actions about children,” the New York Times quotes her as saying. Several Western members of the Council walked out on the presentation, returning once it was over to denounce Russian disinformation. It seems likely that Russia's month in the chair will be devoted to more such tendentious propaganda.
Marital aids, not drones. The Ukrainian hacktivist group Cyber Resistance took control of an AliExpress account organized by the Russian milblogger Mihail Luchin to solicit donations for Russian forces. Numerama reports that the hacktivists then used the pirated account to spend about €23,000 on tacky erotic novelties. InformNapalm explained the motive: "The hacktivists of 'Cyber Resistance' punished Z-volunteer Mikhail Luchin. They hacked his email and charged $25,000 worth of adult toys to his card, which is linked to AliExpress. He planned to spend the money to buy #drones for the #Russian #army." The hacktivists themselves counted coup in their own Telegram channel, posting (in what the New York Post archly calls "a happy ending") "But instead of drones, Misha will now send truckloads of d*ldos, str*p-*ns, and other things useful to every Russian to the occupiers, which we ordered and paid for with his card on AliExpress.” OK, but really, boys. AliExpress is Alibaba's e-commerce service. First Post says that Mr. Luchin attempted to return the items but found that all sales were final, so he'll try reselling the marital aids to raise even more money for Russia's cause.
The CyberWire's continuing coverage of Russia's war against Ukraine, with special attention to the cyber phases of that war, may be found here.
Vade today released a report detailing a newly identified phishing campaign that utilizes YouTube attribution links and a CAPTCHA in order to fly under the radar. The victims receive a fake email alerting them that their Microsoft 365 password has expired. In reality, this email comes from a hacker that utilizes display name spoofing in order to feign legitimacy. The email contains Microsoft’s logo and branding, and provides a button with a link for the user to keep their same password. The link redirects to a YouTube URL, and later a page with a Cloudflare CAPTCHA. Once the capture is completed, the user will be redirected to a phishing page that auto-populates the email address of the user, and provides a space to enter a password. Both YouTube and Cloudflare are commonly whitelisted, so using these URLs allows for the bypassing of much security software, as well as email gateways. Vade advises good cyber hygiene, and cautiousness around emails that ask for account access or credentials.
Today's issue includes events affecting Albania, Australia, Canada, the European Union, the Bailiwick of Jersey, the Democratic People's Republic of Korea, Malta, the Netherlands, New Zealand, Russia, Singapore, Ukraine, the United Kingdom, the United Nations, and the United States.
Ukraine at D+406: Drop ship these, sir. (CyberWire) Russia has the counteroffensive jitters, although no Ukrainian counteroffensive is so far underway. In cyberspace at midweek, it's mostly hacktivism and disinformation.
Russia-Ukraine war: List of key events, day 407 (Al Jazeera) As the Russia-Ukraine war enters its 407th day, we take a look at the main developments.
Russia-Ukraine war live: EU warns China against arming Putin and says Xi should reach out to Zelenskiy (the Guardian) European Commission president Ursula von der Leyen and Chinese president Xi Jinping discuss ‘strategic mutual trust’ in Beijing
Explosions rock Melitopol as Russia warns of Ukraine counter-attack (The Telegraph) Pro-Kremlin officials claim Ukrainian forces are ‘ready and waiting for a go-ahead’ to launch their spring offensive
Russia-Ukraine war at a glance: what we know on day 407 of the invasion (the Guardian) Macron says he counts on Xi to bring Russia to reason; Swedish prosecutor says actors behind Nord Stream sabotage still unclear
Bulgaria’s defense ministry: Russia committing systematic war crimes in Ukraine (Ukrinform) The Russian army is committing systematic war crimes in Ukraine, according to a 2022 report by Bulgaria’s defense ministry published by the Council of Ministers this week. — Ukrinform.
FSB likely to hold back Iran-Russia cyber cooperation (Robert Lansing Institute) Iran seeks to bolster the cyber attack capacity, with more control of telecommunication networks to minimize
In China, Macron appeals to Xi to help end Ukraine conflict (Nikkei Asia) Europe leaders face hard task of coaxing Chinese president to drop Russia support
Emmanuel Macron et Xi Jinping appellent à des pourparlers «le plus vite possible» entre Kiev et Moscou (Le Temps) Le président français a entamé, jeudi, ses entretiens à Pékin pour tenter de «bâtir un chemin commun» avec la Chine, qu’il ne désespère pas de voir jouer un rôle pour la paix en Ukraine. Le président russe va lui poursuivre les discussions avec son homologue biélorusse. Notre suivi
Ukraine may be willing to hold talks on Crimea, suggests Zelenskiy adviser (the Guardian) Andriy Sybiha expresses Kyiv’s interest in negotiations with Moscow should Ukrainian forces reach region
‘Outrageous’: Russia Accused of Spreading Disinformation at U.N. Event (New York Times) Moscow used its rotating presidency of the Security Council to host a session on deported Ukrainian children, leading some officials to walk out.
What is a responsible cyber power? (The Economist) Britain’s principles for cyberwarfare are a good start
There’s no place for impunity in cyberspace (The Strategist) Estonia’s prime minister, Kaja Kallas, spoke at ASPI’s Sydney Dialogue about how Russia’s invasion of Ukraine has highlighted the importance of securing democracies against malicious cyber actors. An edited transcript of her speech follows. Two ...
Des hackers ont acheté 23.000 euros de sex-toys avec de l’argent russe (20 minutes) Le compte AliExpress piraté était utilisé par le propagandiste pour acheter des drones et les fournir à l'armée russe
Who was behind the St. Petersburg bombing? (POLITICO) In this whodunnit — as with so many in Russia — we are unlikely to discover the real identity of the murderer.
US reporter ‘wrongfully detained’ by Russia, Blinken says (Federal Times) A formal determination of Evan Gershkovich’s wrongful detention, which would elevate the priority of his case within the U.S. government, hasn't been made.
Russian Activist Documenting Losses in Ukraine Says Fled Country (The Moscow Times) A Russian activist who has been documenting Russia’s war losses in Ukraine was forced to flee the country after the authorities opened two criminal cases against him, local news outlet Protokol reported Wednesday. “I’ve left Russia.
How we’re protecting users from government-backed attacks from North Korea (Google) Google's Threat Analysis Group shares information on ARCHIPELAGO as well as the work to stop government-backed attackers.
Google TAG Warns of North Korean-linked ARCHIPELAGO Cyberattacks (The Hacker News) North Korean-backed threat actor ARCHIPELAGO targets South Korean & US government, military, and policy experts.
Phishing From QuickBooks (Avanan) Hackers can send phishing emails directly from QuickBooks.
Clop Ransomware Leak Site Shows Increased Activity (Secureworks) Learn how Secureworks CTU researchers are investigating an increase in the number of victims posted on the Clop ransomware leak site.
Tax Return Filing Service eFile.com Caught Serving Malware (SecurityWeek) Online tax return filing service eFile.com was injected with malicious JavaScript code serving malware to visitors.
CryptoClippy: New Clipper Malware Targeting Portuguese Cryptocurrency Users (The Hacker News) New CryptoClippy malware steals cryptocurrency by replacing wallet addresses during transactions.
Governments Under Attack: Examining a New PureCrypter Campaign (Infosecurity Magazine) Brett Raybould highlights a surge in attacks targeting the public sector, including one malware specifically designed for this purpose
Three-day Capita outage was result of cyber attack (Computer Weekly) Public sector outsourcer Capita has confirmed a major outage which began on 31 March was the result of a cyber attack affecting its Office 365 apps.
Capita confirms cyber-attack as outsourcing giant races to restore IT systems (the Guardian) Outsourcing firm used by NHS, local councils and British army says attack mainly affected internal systems
Nordik Spa warns customers of data breach involving gift cards (Ottawa) In an email to customers, Nordik Spa says "an event" occurred with its gift certificate system that may have resulted in the access of personal information, including credit card information, by a non-authorized party.
Our Lady of the Lake University Notifies Data Breach Victims (GovTech) After suffering a cyber attack around Aug. 30, 2022, a private Catholic university in Texas concluded its investigation March 3 and began notifying victims March 31 that their Social Security numbers were compromised.
Ransomware hackers leak second batch of city data from Oakland attack (Engadget) Hackers have dumped a second wave of data from a ransomware attack against Oakland..
Tas gov details data breached in GoAnywhere hack (iTnews) Department of education financial data may have been stolen.
600,000 customers who bought illegal access to Netflix, Disney have personal info compromised (The Desk) An online retailer that sold illegal access to Netflix and Disney Plus allowed personal information of 600,000 customers to leak online.
Royal Dutch Football Association says hackers stole employee data (Record) The governing body for soccer in the Netherlands said Tuesday that hackers were able to steal the personal information of its employees during a cyberattack.
Researcher Tricks ChatGPT Into Building Undetectable Steganography Malware (Dark Reading) Using only ChatGPT prompts, a Forcepoint researcher convinced the AI to create malware for finding and exfiltrating specific documents, despite its directive to refuse malicious requests.
Google will require Android apps to let you delete your account (BleepingComputer) Google has announced a new Google Play Store data deletion policy that will require Android developers to provide users with an online option to delete their accounts and in-app data.
Phishing Attacks Continue To Dominate Cybersecurity Landscape (ITPro Today) A news study showed that cybercriminals are using phishing attacks more than ever. Learn how to protect your organization.
Push Security Raises $15 Million in Series A Funding (SecurityWeek) Push Security has raised $15 million in a Series A funding round led by Google Ventures.
Versa Networks Recognized with 2023 Globee Cybersecurity Award for its Industry-Leading SASE Solution (Business Wire) International Judging Panel Honors Versa for Offering Industry’s Only Complete Unified SASE with Tightly Integrated Secure SD-WAN, Secure Web Gateway, Cloud Access Security Broker, Zero Trust, and Network Firewalling
Acalvio Named a Leader for Deception Technology (Business Wire) Recognized as the leading ‘Fast Mover’, Acalvio commended for bringing both breadth and depth to dynamic deception capabilities
NinjaOne Announces Joe Lohmeier as Company’s First Global Channel Chief (NinjaOne) Read first-hand accounts of how Ninja's products and superior support help companies deliver fast and effective IT management.
Obsidian launches new SaaS security and compliance tools (CSO Online) Obsidian’s multimodule security posture management offering comes with tools to secure SaaS interactions and ensure associated compliances.
BlackBerry Introduces Integrated Solution to Assure Secure Bi-Directional Response Communications During Cyber Incidents (Dark Reading) BlackBerry integrates award-winning CylanceGUARD and BlackBerry AtHoc technologies for "combat-ready" cyber event continuity planning and response.
New GRC Platform TrustRegister Links Risk to Revenue Impact (Dark Reading) The application allows companies to proactively surface risks and remediation plans via programmatic risk assessments.
Biometric Authentication Isn't Bulletproof —Here's How to Secure It (BleepingComputer) Biometric authentication is often thought of as nearly impossible to steal or fake. Not only are there ways around biometric authentication, but not all biometric methods are created equal.
Modernizing Cyber Defense for the U.S. Navy (AFCEA International) Navy commands change how they operate, secure and defend data.
Space Force plans late FY24 award for 'Digital Bloodhound' to sniff out cyber attacks (Breaking Defense) Digital Bloodhound will develop tools such as the Manticore software suite that identifies cyber vulnerabilities, and the Kraken software that throws up real-time defenses against ongoing attacks.
IT Essentials: Welcome to the dark side (of supply chains) (Computing) Be in business for any length of time, and you'll soon have a sprawling web of suppliers and partners - and be part of your own customers' network, as well.
L'UE va se doter d'un « bouclier cyber », annonce Thierry Breton (Euractiv) Pour que l'Europe puisse résister aux cyberattaques majeures comme celles subies par l'Ukraine, elle compte se doter d'un « bouclier cyber », incluant une « cyberarmée de réserve », a annoncé mercredi (5 avril) le commissaire européen Thierry Breton, devant le Forum international de la cybersécurité.
New Zealand intelligence service says foreign interference attempts 'persistent' (Reuters) Attempts by some countries to interfere with New Zealand's democracy, economy and civil society "are persistent", according to New Zealand Security Intelligence Service's (NZSIS) annual report.
India opts against AI regulation (TechCrunch) India will not regulate the growth of AI within the South Asian market and has identified AI as a "significant and strategic" area.
Saudi Arabia confirms updates to the Personal Data Protection Law (Lexology) The Saudi Arabia Council of Ministers has approved a series of changes to the Kingdom's Personal Data Protection Law (PDPL) that was issued in 2021…
Singapore pushes greater action against ransomware gangs after Optus data hack (ABC) Last year's Optus data hack has resulted in Singapore's government calling for a greater international effort to fight cybercriminals.
Why Australia is such a juicy target for cybercriminals (Australian Financial Review) If you’re beginning to get the feeling that a day doesn’t go by without yet another major cyber breach, you’re not wrong.
Lawmakers Move to Elevate Leadership of Energy’s Cyber Office (Nextgov.com) Citing the threat posed by foreign adversaries, four Republican senators are pushing for a Senate-confirmed assistant secretary to helm Energy’s office tasked with cybersecurity.
‘Where the fast eat the slow’: NSA director discusses U.S. cybersecurity at Watson event (The Brown Daily Herald) Paul Nakasone described some of the issues and considerations he deals with as a leading expert in cybersecurity.
INSA Publishes Recommendations for Government-Industry Collaboration on Cyber Defense (Executive Gov) Looking for the latest Government Contracting News? Read about INSA Publishes Recommendations for Government-Industry Collaboration on Cyber Defense.
Jersey considers banning TikTok on government phones (BBC News) The States says it would consider banning TikTok on government phones, following the UK, US and EU.
4 states passed nearly half of all new cybersecurity laws enacted across the US in 2022 (Culpeper Star-Exponent ) Whether aimed at training workers or regulating insurers, Drata identified the states enacting the most cybersecurity laws over the last year.
Criminal Marketplace Disrupted in International Cyber Operation (U.S. Department of Justice) The Justice Department announced today a coordinated international operation against Genesis Market, a criminal online marketplace that advertised and sold packages of account access credentials – such as usernames and passwords for email, bank accounts, and social media – that had been stolen from malware-infected computers around the world.
Takedown of notorious hacker marketplace selling your identity to criminals | Europol (Europol) Simultaneous actions were also carried out across the globe against the users of this platform, resulting in 119 arrests, 208 property searches and 97 knock and talk measures. This international sweep was led by the U.S. Federal Bureau of Investigation (FBI) and the Dutch National Police (Politie), with a command post set up at Europol’s headquarters on the action day...
Notorious criminal marketplace selling victim identities taken down in international operation (National Crime Agency) An international operation involving the National Crime Agency has taken down one of the biggest online marketplaces selling stolen credentials to criminals worldwide.
Check your hack (Politie) The police worldwide are engaged in a major international investigation, headed by the FBI, which has led to the taking down of the criminal trading website Genesis Market. The website was used for trading the user profiles of victims of hacking, including their online fingerprint. If this data is sold, this can have major consequences for victims.
Carr Announces Investigation into Suspected Users of Genesis Dark Web Marketplace Following FBI Takedown of Illicit Site (Office of Attorney General of Georgia Chris Carr) ATLANTA, GA – Attorney General Chris Carr today announced that the Office of the Attorney General’s Prosecution Division is participating in a nationwide investigation into suspected users of Genesis Market, a dark net marketplace that is known to traffic in the stolen credentials of victims whose computers have been infected with malware. Over the course of their investigation into the illicit online marketplace, federal law enforcement worked to identify those who purchased and used these stolen access credentials to commit fraud and other cybercrimes.
U.S., European Police Shut Down Hacker Marketplace, Make 119 Arrests (Wall Street Journal) Genesis Market operators claimed stolen credentials would be kept up to date, “like a subscription,” a senior FBI official said.
120 Arrested as Cybercrime Website Genesis Market Seized by FBI (SecurityWeek) The FBI has seized Genesis Market, a major cybercrime website offering stolen device fingerprints.
International cops put the squeeze on Genesis Market users (Register) Feds managed to image entire backend server with full details
FBI obtained detailed database exposing 60,000 users of the cybercrime bazaar Genesis Market (CyberScoop) The Genesis Market seizure comes along with the arrest of nearly 120 people around the world, including Americans, officials said Wednesday.
Genesis Black Market Dismantled, But Experts Warn of Potential Vacuum (Nextgov.com) A major coordinated effort took down the black market for stolen data, but experts warn the fight to secure data is ongoing.
Locks, Stocks and Brokers: Hackers and Insider Trading (Security Intelligence) Hackers have begun using stolen data to get an edge in the stock market, with millions in profits. Here's what that means for organizations.
For a complete running list of events, please visit the Event Tracker.
CrowdStrike Government Summit (Washington and virtual, DC, USA, Apr 11, 2023) Join cybersecurity and government leaders for the first-ever CrowdStrike Government Summit featuring can’t-miss in-person discussions on the capabilities, tactics, and technologies that will protect your agency and power your efficiency.
SANS 2023 (Orlando (and virtual), Florida, USA, Apr 2 - 7, 2023) Learn real-world cyber security skills from top industry experts during SANS 2023 (April 2-7). Join us in Orlando, FL or Live Online to experience interactive training with hands-on labs, practice your skills during one of our NetWars Tournaments, and network with your peers in real time. Choose your course and register now!
Purple Hats 2023 (Virtual, Apr 6, 2023) Join us for the 3rd annual, award-winning virtual Purple Hats Conference — the industry destination for cybersecurity practitioners to collaborate, share ideas, and learn how to evolve from a reactive to proactive threat-informed defense! Founded by AttackIQ, Purple Hats provides free access to globally recognized experts, technical content, and innovative techniques for improving your security posture and building a stronger, more collaborative team.
Identity Management Day 2023 Virtual Conference (Virtual, Apr 11, 2023) Identity Management Day, started in 2021 and hosted by the Identity Defined Security Alliance and National Cybersecurity Alliance, aims to inform about the dangers of casually or improperly managing and securing digital identities by raising awareness and sharing best practices across the industry. In its second year, the 2023 Virtual Conference brings together identity and security leaders and practitioners from all over the world to learn and engage. The conference is presented virtually with a full day of sessions featuring leading identity and security experts discussing the role of identity in cybersecurity strategies and how to address the threats facing organizations today. Registration is free! The conference will be open April 11th 9am ET to 4:30pm ET, giving attendees an opportunity to visit with our exhibitors. The Virtual Conference kicks off at 10am ET.
CrowdStrike Government Summit (Washington and virtual, DC, USA, Apr 11, 2023) Join cybersecurity and government leaders for the first-ever CrowdStrike Government Summit featuring can’t-miss in-person discussions on the capabilities, tactics, and technologies that will protect your agency and power your efficiency.
SecureWorld Healthcare Virtual Conference (Virtual, Apr 12, 2023) Join with cybersecurity professionals for training and information sharing through an interactive online experience. Earn 5 CPE credits learning from nationally recognized industry leaders. The agenda offers 15+ educational presentations, including panel discussions, breakout sessions, and keynotes. Connect with your peers in the Networking Lounge, enter to win prizes, and see demos and resources from top solution vendors in the Exhibitor Hall.