Cyber Attacks, Threats, and Vulnerabilities
Several German politicians reportedly targeted in hack blamed on Russia (The Record by Recorded Future) At least seven members of Germany’s Bundestag and 31 members of the state parliament have been targeted by a hack that is believed to be the work of Russia’s GRU military intelligence unit.
Hackers target German lawmakers in an election year (CyberScoop) Hackers have attempted to breach the private email accounts of certain German parliamentarians, a spokesperson for the legislative body confirmed Friday, in the latest example of cyber campaigns aimed at German politicians.
Possible Cyber Attack Targets U.S. Virgin Islands Government (Government Technology) Lt. Gov. Tregenza Roach announced Thursday that his office was investigating a “possible breach in its computer systems that has affected service delivery by its Recorder of Deeds and Cadastral Divisions.
Hackers backdoor PHP source code after internal repo hack (The Record by Recorded Future) Hackers have breached the internal Git repository of the PHP programming language and have added a backdoor to the PHP source code in an attack that took place over the weekend, on Sunday, March 28.
A massive hack that Google thwarted was actually a counterterrorism operation (BGR) Security researchers regularly reveal software vulnerabilities that hackers can exploit, or even have exploited in the past. In some cases, they’re software issues that have not been used to …
Google staff split as tech giant shuts down Western counter-terror operation (The Telegraph) Google shut down a nine-month long counterterrorism effort by a Western government, it has been reported.
Suspected Chinese Group Exploiting Microsoft Exchange Servers (Recorded Future) Suspected Chinese Group Calypso APT is believed to be exploiting the recently disclosed Microsoft Exchange vulnerabilities.
Brian Krebs: No, I didn’t hack your Microsoft Exchange server (ZDNet) The KrebsOnSecurity name is, once again, being abused by cyberattackers.
Severe Flaws in Official ‘Facebook for WordPress’ Plugin (SecurityWeek) Researchers flag a critical security hole in the official Facebook for WordPress plugin and warn it could be abused for remote code execution attacks.
SolarWinds Hack Got Emails of Top DHS Officials, Sources Say (NBC 5 Dallas-Fort Worth) U.S. officials discovered last December that federal agencies had fallen victim to a cyberespionage effort pulled off largely through a hack of SolarWinds software
Mimecast’s Forensic Investigation Found That SolarWinds Hackers Copied Limited Number of Source Code Repositories (CPO Magazine) A forensic investigation conducted by Mimecast and FireEye Mandiant incident response division found that SolarWinds hackers downloaded a limited number of the company’s source code repositories.
New Advanced Android Malware Posing as “System Update” (Zimperium Mobile Security Blog) Zimperium’s zLabs is warning Android users about a sophisticated new malicious app that disguises itself as a System Update application. It is stealing data, messages, images and taking control of Android phones.
A new Android spyware masquerades as a ‘system update’ (TechCrunch) The malware can take complete control of a victim’s device.
Honeywell Suffers Cyber-Attack (JD Supra) Aerospace and energy equipment manufacturer Honeywell has reportedly been hit with a cyber-attack in the form of a malware intrusion that disrupted…
Cyber insurance giant CNA hit by ransomware attack (Graham Cluley) Insurance firm CNA Hardy says that it has suffered a “sophisticated cybersecurity attack” that has impacted its operations, including its email system. Which probably means that the cybercriminals…
Insurance Giant CNA Hit with Novel Ransomware Attack (Threatpost) The incident, which forced the company to disconnect its systems, caused significant business disruption.
Australia’s Nine network hit by suspected cyber attack: source (Reuters) Australian broadcaster Nine Entertainment was unable to air its Sunday news bulletin from its Sydney headquarters due to “technical difficulties” which a source with knowledge of the matter blamed on a suspected cyber attack.
Australian Broadcaster Nine Says Cyber-Attack Affected Show (Bloomberg) Australia’s largest locally-owned media business, Nine Entertainment Co., said it suffered a cyber-attack that disrupted its live television programming on Sunday.
Australian TV station Channel 9 misses broadcasts after cyber-attack (The Record by Recorded Future) A mysterious cyber-attack, believed to have been a ransomware infection, has hit Australian TV station Channel 9 over the weekend and prevented the network from airing some of its normal shows on Sunday.
EXCLUSIVE | Claims Russian hackers behind Channel 9 cyber attack (TV Blackbox) Russia has been blamed for a cyber attack which has stopped Nine’s live programming from being able to air
Effects of cyber attack on Nine set to linger (Australian Financial Review) While the attack on Nine Entertainment’s North Sydney headquarters has the appearance of ransomware, it has not received any demands. The reason for the attack is also unclear.
Why was Nine hacked and how do cyber attacks work? (WAtoday) Anything that’s online can be hacked. But what do attackers want? And what can be done to stop them?
Retailer Fat Face Pays $2 Million Ransom to Conti Gang (BankInfo Security) Left unsaid in Fat Face’s “strictly private and confidential” data breach notification to affected customers this week was any indication that the fashion
FatFace pays $2 million ransom to Conti gang (Computing) After collecting its ransom, the criminal group gave FatFace advice on how to protect its network in the future
FatFace sends controversial data breach email after ransomware attack (BleepingComputer) British clothing brand FatFace has sent a controversial ‘confidential’ data breach notification to customers after suffering a ransomware attack earlier this year.
Independent Researcher Says Biggest-ever Data Breach At Mobikwik; Company Denies Claim (Moneycontrol) The massive breach reportedly includes 36,099,759 files.
Petlog accused of mishandling details of customers and pets (Computing) A database migration appears to have caused a data breach, with pet owners able to see other people’s details and potentially register their pets as their own
Petlog ‘misplaces’ pet owners’ details in database ‘cock-up’ (BBC News) A website that matches chipped cats and dogs to their owners has lost customer data.
Surge in ‘devastating’ ransomware attacks cripples schools (Schools Week) Investigation reveals impact of attacks, as the government security centre warns of the ‘growing threat’ facing schools
University of Miami Won’t Discuss Details of Ransomware Hack (Governing) The university was just one of many institutions and businesses hit by a ransomware attack that compromised personal information of medical patients. But officials won’t provide details.
Beyond Local: Hackers demand ransom from Town of Didsbury in cyber attack (AirdrieToday.com) Read the full story and comment on AirdrieToday.com
Hackers breach SalusCare patient and employee records; nearly 86,000 files at risk (The News-Press) The Southwest Florida mental health provider believes Ukrainian hackers may have accessed as many as 85,688 records and stored them on an Amazon data storage site.
105,000 patients affected in Cancer Treatment Centers employee email hack (Becker’s Health) Cancer Treatment Centers of America at Midwestern Regional Medical Center implemented additional security measures after an email hack breached 104,808 patients’ data.
Molson Coors Reaffirms Key Financial Guidance for Full Year 2021 and Provides an Update on the Impact of the Cybersecurity Incident and Texas Storms (Wire19) Molson Coors Beverage Company (NYSE: TAP; TSX: TPX) today reaffirms key financial guidance for full year 2021 and provides an update on the impacts to its business resulting from the systems outages caused by a cybersecurity incident previously disclosed on March 11, 2021 as well as the eleven-day closure of the Fort Worth, Texas brewery caused by the winter storms in February 2021.
Sierra Wireless Recovering from Ransomware Attack; Announces Resumption of Production (BusinessWire) Sierra Wireless (NASDAQ: SWIR) (TSX: SW), the world’s leading IoT solutions provider, today announced that the company has resumed production and star
Employee Lockdown Stress May Spark Cybersecurity Risk (Threatpost) Younger employees and caregivers report more stress than other groups– and more shadow IT usage.
“I’m Afraid to Open Twitter”: Next-Level Harassment of Female Journalists Is Putting News Outlets to the Test (Vanity Fair) Newsrooms that once preached “don’t feed the trolls” are being forced to grapple with a daily deluge of smears. “Even the most open-minded media organizations are still run by men who don’t fundamentally understand the misogynistic nature of these attacks,” says one reporter.
Security Patches, Mitigations, and Software Updates
Apple releases iPhone, iPad, and Watch security patches for zero-day bug under active attack (TechCrunch) The bug is being “actively exploited” by hackers, Apple says.
QNAP Urges Users to Secure Devices Against Brute-Force Attacks (SecurityWeek) QNAP says weak passwords, the use of default ports, and public network connections render devices vulnerable to brute-force attacks.
Patching is trucking along on Microsoft flaws, but hackers are still meddling (CyberScoop) Over 92% of servers that were vulnerable to Microsoft flaws have been patched or mitigated, but hackers are still exploiting organizations.
Smart Factory Cyber Attacks Knock Out Production for Days (PR Newswire) Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in cybersecurity, today revealed that most (61%) manufacturers have…
Top Takeaways from the Code42 Data Exposure Report Vol. II (Code42) Study finds that more than 75% of respondents suffered a data breach over the past year.
47% of Organizations Don’t Properly Monitor Insider Risk Indicators (Code42) An infographic on how security leaders currently monitor IRIs and potential solutions to help them better manage Insider Risk.
Kaspersky Sees Rise in Ransomware Attacks on ICS Devices in Developed Countries (SecurityWeek) Kaspersky says ransomware attacks on ICS devices decreased globally in the second half of 2020, but increased in developed countries.
Cybercriminals are more concerned about gaining ‘high-value access’ than ever (ITProPortal) As businesses shift resources to the cloud, hackers’ interest in login credentials grows.
Engineering, Operations, and Maintenance often do not view cyber security as their problem (Control Global) I am not a stranger to the Operations and Maintenance (O&M) area. Before I got involved in cyber security in 2000, my focus was the O&M of utility and nuclear plant assets and I led several electric utility initiatives on reliability centered maintenance (RCM).
SANS survey finds firms continue to downplay cybersecurity awareness (SiliconANGLE) More organizations are still faring poorly in addressing the one dimension of cybersecurity over which they have the most control: people’s behavior.
Half of UK businesses had no security policies in place in 2020 (IT PRO) Businesses struggled to keep track of devices or employees during the pandemic, DCMS finds
Using Major League Baseball team names as passwords is a homerun for hackers (Specops Software) The Cincinnati Reds, America’s oldest baseball team, may have one of Major League Baseball’s (MLB) worst pre-season odds to win the World Series, but the…
Darktrace valued at over $3bn ahead of IPO (The Telegraph) Shareholders privately value UK cybersecurity company at double valuation of last fundraising
News analysis: Pandemic boom in cybercrime could spark interest in cyber cover (Insurance Age) With the rise in remote working during the Covid crisis – and the increased opportunities for cyber criminals to attack – could brokers see an uptick in
3 Reasons To Watch Zscaler And Other Cybersecurity Stocks (Seeking Alpha) For as long as there have been computers, there have been hackers.
Cybersecurity Firm Telos Jumps on Guidance, Price-Target Rises (TheStreet) Telos had a solid start to its first quarter as a public company, an analyst says. The stock is higher.
The Top 20 Cybersecurity Startups To Watch In 2021 (Enterprise Irregulars) Cybersecurity, privacy and security startups have raised $1.9 billion in three months this year, on pace to reach $7.6 billion or more in 2021, over four times more than was raised throughout 2010 ($1.7 billion), according to a Crunchbase Pro query today. 22,156 startups who either compete in or rely on cybersecurity, security and privacy …
F Secure Oyj : Secure named winner in 2021 Artiicial Intelligence Excellence Awards (MarketScreener) The Business Intelligence Group today announced that cyber security provider F-Secure’s Project Blackfin was named a winner in its Artificial…
Microsoft is offering big money if you can hack Teams (TechRadar) Bounty program will soon extend to other apps as well
Cybersecurity Board Reform Blows Into Place For SolarWinds (Forbes) SolarWinds data breach is the stuff of plaintiff attorney’s dreams and corporate director nightmares.
Okta Welcomes Kendall Collins As Chief Marketing Officer (Enterprise Talk) Okta, Inc. (NASDAQ:OKTA), the leading independent identity provider, welcomes Kendall Collins as Chief Marketing Officer (CMO), reporting to Susan St. Ledger, President of Worldwide Field Operations.
Products, Services, and Solutions
Comcast Gets SASE With Palo Alto Networks (SDxCentral) Comcast Business and Palo Alto Networks partnered to provide networking and cloud-delivered security services to customers.
Boca Raton Christian School Selects Comodo’s Advanced EndPoint Protection and Comprehensive Cybersecurity Platform for Complete Protection (Yahoo) Boca Raton Christian School (BRCS) chose to implement the Comodo Dragon Platform and Advanced Endpoint Protection (AEP) to gain the benefits of comprehensive security and network management platfor…
Stephen Kovac: Zscaler Chooses Telos Platform for Cyber Risk Management (GovConWire) Zscaler (Nasdaq: ZS) will implement Telos‘ (Nasdaq: TLS) Xacta enterprise cyber risk management framework as part of a partnership aimed at helping federal civilian and defense customers simplify information technology security compliance processes, ExecutiveBiz reported March 18.
Optus puts McAfee monitoring on its home router for WiFi Secure (ZDNet) Blocking software to sit on home routers as Optus looks to prevent malware and other threats.
Technologies, Techniques, and Standards
Securing the twins: Space and cyber can’t exist without each other | Opinion (Florida Today) Space and cyber represent critical infrastructure twins, born of the same era, that also represent the next warfighting domains for our country.
From Creative Password Hashes to Administrator: Gone in 60 Seconds (Or Thereabouts) (Trustwave) Picture the scene, you’re on an application penetration test (as a normal user) and you’ve managed to bag yourself some password hashes from the application. This can happen in various ways but in my experience, this is often the result of either a SQL injection vulnerability (resulting in the dumping of the users table) or finding that the application (or associated API) spits these hashes out in responses (because they are only hashes and what could go wrong!?).
Setting up a SOC in the Midst of a Pandemic (Security Boulevard) Setting up a new business is never easy. Ask any entrepreneur and they will tell you about the sleepless nights, long hours and endless anxieties along the way. But, when starting a business in the midst of a global pandemic, each of these issues is magnified tenfold and there are numerous new challenges along the way. Despite this, it hasn’t put some business owners off starting up, while the rest of the world is in lockdown.
The importance of diversifying your cybersecurity team (SmartCompany) “An army of clones is a predictable foe”: Cybersecurity is broad, so your approach to cybersecurity talent should be broad too.
Disney testing facial recognition technology for entry to Magic Kingdom in Walt Disney World (ABC7 Los Angeles) The new technology converts a guest’s face into a unique number ID that is linked to their admission ticket.
Red Flag 21-2 creates agile, multi-domain problem-solvers (U.S. Air Force) Understanding how another allied fighting force maintains and conducts its missions is vital to asymmetric strategic advantage. During Red Flag Nellis 21-2, around 2,500 U.S. and international
Design and Innovation
Booz Allen’s Steve Escaravage: Ethical Approach Needed for AI Tech Adoption (GovCon Wire) Looking for the latest GovCon News? Check out our story: Booz Allen’s Steve Escaravage calls ethical approach in AI tech adoption. Click to read more!
NFTs are a new financial frontier in cyberspace (University of Miami) Non-fungible tokens have exploded in popularity as a way for people to purchase unique digital items, but the expansion of this market highlights the blockchain technology behind it.
Legislation, Policy, and Regulation
Russia’s policy of preventing conflicts in cyberspace must be preserved, says Putin (TASS) He recalled that the previous version of the document was adopted in 2013. It set a task of promoting the formation of a global system of protecting the international cyberspace”
Now Russia Has Its Own Ultimatum for Twitter (Foreign Policy) If Twitter doesn’t remove content Putin dislikes, he’ll ban it. But that will hurt him more than the platform.
Policing cyberspace (HIndu BusinessLine) Rising cyber attacks on India’s infrastructure call for a concerted policy response
India’s highest cyber security office finalizes trusted gear vendor list; meets global vendors, chipmakers, telcos (ETTelecom.com) The National Cyber Security Coordinator (NCSC) has finalized the criteria for identifying trusted sources and products, and conveyed to the telcos and..
Updated Guidelines on Canada’s National Security Review Bring Greater Clarity (Competition chronicle) On March 24, 2021, the Minister of Innovation, Science and Industry (the “Minister”) announced updates to the Guidelines on the National Security Review
Minister Champagne highlights updated guidelines on national security review of foreign investments (Canada.ca) Today, the Honourable François-Philippe Champagne, Minister of Innovation, Science and Industry, made the following statement regarding updates to the 2016 Guidelines on the National Security Review of Investments, issued under the Investment Canada Act (ICA).
Guidelines on the National Security Review of Investments (Investment Canada Act) Guidelines on the National Security Review of Investments
Proposed Amendment to the Ministerial Ordinances of the Act on the Protection of Personal Information of Japan: Cross-Border Transfer Rules (Part V) (Lexology) In the following, we will deal with the details of the cross-border transfer rules. Please refer to Part I to this newsletter for a general…
Census 2021: How Safe Will Our Data Be Over the Next 100 Years? (Infosecurity Magazine) The digital-first citizen survey is crucial to government planning, but what are the cybersecurity implications?
EU, US Make New Attempt for Data Privacy Deal (SecurityWeek) Facebook, Google, Microsoft and thousands of other companies want a new data privacy deal to keep the internet traffic flowing without facing significant legal jeopardy over European privacy laws.
Even When Covid-19 Vaccines Arrive, EU Struggles to Get Shots in Arms (Wall Street Journal) Despite rising coronavirus cases, many European countries remain reluctant to overhaul slow and bureaucratic vaccination programs.
Director Says NSA’s Domestic Surveillance Authority ‘Rightly’ Limited (Nextgov.com) Gen. Paul Nakasone, who oversees both the intelligence agency and U.S. Cyber Command, stressed the need for greater visibility through private-sector information streams.
Nakasone Says Federal Cyber Defenders Need Better Visibility Within U.S. (Meritalk) As adversaries from overseas continue to threaten the cybersecurity of U.S. companies and organizations, National Security Agency (NSA) director and U.S. Cyber Command (CYBERCOM) chief Gen. Paul Nakasone told senators today that Defense Department (DoD) agencies need to be able to operate more freely within the U.S. to deal with those threats swiftly.
Senators Raise Concerns About Energy Dept. Cybersecurity (BankInfo Security) Eleven U.S. senators are raising concerns about the Department of Energy’s cybersecurity readiness as the department continues to investigate a breach related to
Biden Team Boosts Effort to Shield U.S. Power Grid From Hackers (Bloomberg) Moves to include plan for better coordination with industry. Effort seeks to harden cyber defenses and map U.S. responses.
Report: US Gov Executive Order to Mandate Data Breach Disclosure (SecurityWeek) Reuters is reporting that a U.S. government executive order would set new rules on data breach disclosure and use of multi-factor authentication and encryption in federal agencies.
US Vows ‘Consequences’ for Russian Actions (Voice of America) U.S. Secretary of State Antony Blinken says there will be “costs and consequences” for Russia for its allegedly malign activities against the United States.
“We will take the steps necessary to defend our interests” at the time of the U.S.’s choosing, Blinken said in a CNN interview that aired Sunday but was taped last week as he completed talks with other NATO diplomats in Brussels.
He said there was “a shared commitment” among Western allies to be “clear-eyed” about Moscow’s actions and hold the Kremlin accountable.
The top U.S.
Opinion | The United States has a major hole in its cyberdefense. Here’s how to fix it. (Washington Post) We must empower the Department of Homeland Security to quickly respond to attacks originating in the United States.
The Agency at the Center of America’s Tech Fight With China (New York Times) Washington lawmakers, lobbyists and other parties have been vying to influence how the Bureau of Industry and Security, under the Biden administration, will approach a technology relationship with China.
DHS dissolves independent advisory council, ousting Trump-era officials (CNN) Department of Homeland Security Secretary Alejandro Mayorkas on Friday dissolved the Homeland Security Advisory Council, according to a letter obtained by CNN, ousting a board of independent advisers that included Trump-era officials and setting up a plan to reconfigure the council.
How Biden’s Administration is Revamping US Cybersecurity (Analytics Insight) The Biden administration has been formulating plans to rebuild the area of cybersecurity. One of the key steps is giving the top cybersecurity veterans the authority to lead administration positions. This is a new step towards advanced security.
Broken trust: Lessons from Sunburst (Atlantic Council) Sunburst was a startling reminder of the United States’ collective cyber insecurity and the inadequacy of current US strategy.
As US Loses its Edge, Game of Cyber Chicken Could Have Deadly Consequences (NewsClick) ‘…all countries have offensive and defensive capabilities and ‘stealing” data and knowledge from other countries are time-honoured tasks of spook agencies. It becomes an act of war only if it leads to physical damage to critical equipment or infrastructure.’
Did China cross a new red line in cyberspace? (The Sunday Guardian Live) The Mumbai hack showed complete disregard for collateral damage. Washington, DC: Did China cause the blackouts in Mumbai last year? Nearly six months later, the answer is still unclear, but if recent reports that a Chinese cyber operation bears partial responsibility are accurate, Beijing just signalled a willingness
States enact safe harbor laws against cyberattacks, but demand adoption of cybersecurity frameworks (CSO Online) Connecticut might soon follow Ohio and Utah by enacting a law that offers liability protection against ransomware and other cyberattacks, but only if victims follow security best practices.
Litigation, Investigation, and Law Enforcement
Parler says it sent the F.B.I. posts about threats to the Capitol ahead of Jan. 6. (New York Times) The social network’s statement raises fresh questions about whether law enforcement took threats of violence ahead of Jan. 6 seriously enough.
Six men arrested following Operation Safenet warrants (Tamworth Informed) “IT can be horrific,” says Sergeant Chris Hood when considering the indecent images of children officers must view as part of safenet
US charges close to 500 individuals for COVID-19 fraud, criminal activity (ZDNet) Everything from PPE fraud, disaster loan schemes, and unemployment scams are on the books.
Justice Department Takes Action Against COVID-19 Fraud (US Department of Justice) The Department of Justice announced an update today on criminal and civil enforcement efforts to combat COVID-19 related fraud, including schemes targeting the Paycheck Protection Program (PPP), Economic Injury Disaster Loan (EIDL) program and Unemployment Insurance (UI) programs.
Minnesota woman pleads guilty to sharing classified information (ABC 6 NEWS) A Minnesota woman pleaded guilty today to one count of delivering national defense information to aid a foreign government.
Defense contractor pleads guilty to sharing classified info with person linked to Hezbollah (Military Times) A woman who worked as a contract linguist for the U.S. military in Iraq pleaded guilty Friday to sharing classified information with a romantic interest linked to the Lebanese militant group Hezbollah.
Defense Department Linguist Pleads Guilty to Transmitting Highly Sensitive Classified National Defense Information to Aid a Foreign Government (US Department of Justice) A Minnesota woman pleaded guilty today to one count of delivering national defense information to aid a foreign government.
Experian Adds AIG, Lloyd’s Insurers To $18M Legal Fees Suit (Law360) Experian has pulled seven underwriters into a High Court spat to recoup more than $18 million from insurers in legal fees that the credit reporting company forked out while defending itself against mass lawsuits from consumers who said they were harmed by inaccurate scores.
Amazon Must Block Hacker’s Access To Stolen Patient Data (Law360) A Florida federal judge granted a not-for-profit mental health and substance abuse service provider’s request to make Amazon suspend a hacker’s access to troves of stolen data — including Social Security numbers and patient psychiatric and addiction counseling records — that were copied to Amazon’s virtual storage system.