Daily Briefing for 02.21.24

Attacks, Threats, and Vulnerabilities

A first analysis of the i-Soon data leak | Malwarebytes (Malwarebytes) Data from a Chinese cybersecurity vendor that works for the Chinese government exposed a range of hacking tools and services.

Russian Hackers Launch Email Campaigns to Demoralize Ukrainians (Infosecurity Magazine) ESET researchers reveal a Russian threat actor has targeted Ukrainian citizens with PYSOPs messages warning of impacts such as food and medicine shortages from the war

Earth Preta Campaign Uses DOPLUGS to Target Asia (Trend Micro) In this blog entry, we focus on Earth Preta's campaign that employed a variant of the DOPLUGS malware to target Asian countries.

Knight ransomware source code for sale after leak site shuts down (BleepingComputer) The alleged source code for the third iteration of the Knight ransomware is being offered for sale to a single buyer on a hacker forum by a representative of the operation.

New Migo malware disables protection features on Redis servers (BleepingComputer) Security researchers discovered a new campaign that targets Redis servers on Linux hosts using a piece of malware called 'Migo' to mine for cryptocurrency.

VMware urges admins to remove deprecated, vulnerable auth plug-in (BleepingComputer) VMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched.

DC-area school system says data of 100,000 people affected in ransomware attack (The Record) Prince George’s County Public Schools (PGCPS) in Maryland finished its review of the incident earlier this year and determined that “personal information was included in the potentially impacted data set.”

VoltSchemer attacks use wireless chargers to inject voice commands, fry phones (BleepingComputer) A team of academic researchers show that a new set of attacks called 'VoltSchemer' can inject voice commands to manipulate a smartphone's voice assistant through the magnetic field emitted by an off-the-shelf wireless charger.

Legislation, Policy, and Regulation

Biden to sign executive order to give Coast Guard added authority over maritime cyber threats (CyberScoop) National security officials have been sounding the alarm over a China-linked hacking group that’s been targeting critical infrastructure.

NSA Cybersecurity Director Rob Joyce to retire, agency says (The Record) The National Security Agency’s Cybersecurity Director Rob Joyce will retire at the end of March after a 34 year career at the NSA, the agency announced on Tuesday.

Litigation, Investigation, and Law Enforcement

Court blocks $1 billion copyright ruling that punished ISP for its users’ piracy (Ars Technica) "Cox did not profit from its subscribers' acts of infringement," judges rule.

Europe announces launch of formal probe into TikTok under digital rights law (The Record) Investigators will examine whether TikTok violated the Digital Services Act on several fronts, including its policies on access by minors, how it handled advertising data and its overall potential to be harmfully addictive.

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

SO-CON Summit (Arlington, Virginia, USA, Mar 11 - 15, 2024) It will feature over 20 unique cybersecurity sessions from industry experts. They’ll be sharing new research, new open source tools, best-practices, and much more. The first day of the summit will be followed by several days of training (including red teaming, tradecraft analysis, AD security fundamentals, and much more).

Insider Risk Management Program Evaluation & Optimization Training Course (Vienna, Virginia, USA, Apr 8 - 9, 2024) The training course will be taught on April 8-9, 2024. Students will receive extensive training, knowledge and resources to help them evaluate an Insider Risk Management (IRM) Program, identify gaps and provide cost effective strategies to optimize the program. This training will provide a 360 perspective for detecting Insider Risks / Threats and also covers establishing an Employee Continuous Monitoring & Reporting Program and employee monitoring on computer systems and networks using Insider Threat Detection Tools. Our student satisfaction levels are in the exceptional range. Over 900+ individuals have attended our training courses and received ITP Manager Certificates. The Insider Threat Defense Group offers the most affordable, advanced / next generation and value packed training for IRM. This provides students with IRM training that is taught from a real world, practical and operational perspective.

Events

SANS Security East New Orleans 2024 (New Orleans, and virtual, Louisiana, USA, Feb 19 - 24, 2024) At SANS Security East New Orleans 2024, choose from 41 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!

Spring 2024 CISSP Study Group presented by ISSA Central MD (Columbia, or virtual, Maryland, USA, Feb 20 - May 1, 2024) Our Study Group fosters a learning environment to better absorb and understand the material. This is much better than the alternative of cram it in and regurgitate it on a test immediately following. Our approach simply makes the information more useful and easier to interpret! You can attend each session in-person in Columbia, MD, or attend virtually on line.

Trellix Public Sector Cybersecurity Summit (Washington, DC, USA, Feb 27, 2024) Public sector organizations continue to face a constant barrage of sophisticated cyber threats. And with new cybersecurity mandates and guidance — from recent executive orders to the release of the 2023 National Cyber Strategy — public sector leaders must make considerable decisions about their cyber enterprise that will have lasting impacts for years to come. On top of this, the emergence of novel security capabilities built on machine learning, AI, predictive analytics and extended detection and response has given security leaders a new arsenal of tools to defend against the next sophisticated attack. Join top technology leaders from across the public sector at the Trellix Public Sector Cybersecurity Summit as they discuss emerging topics in cybersecurity like ransomware, zero trust, global security and XDR. Throughout the summit, you’ll have the opportunity to engage in conversations about how the arrival of AI will intersect with public sector cybersecurity, evolving partnerships to strengthen threat intelligence, how to navigate, take action on and go beyond new cybersecurity policy directives, and much more.

SANS Las Vegas 2024 (Las Vegas (and virtual), Nevada, USA, Mar 4 - 9, 2024) At SANS Las Vegas 2024, choose from 41 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!

SO-CON Summit (Arlington, Virginia, USA, Mar 11 - 15, 2024) It will feature over 20 unique cybersecurity sessions from industry experts. They’ll be sharing new research, new open source tools, best-practices, and much more. The first day of the summit will be followed by several days of training (including red teaming, tradecraft analysis, AD security fundamentals, and much more).