Attacks, Threats, and Vulnerabilities
US Government Probes VPN Hack Within Federal Agencies, Races to Find Clues (Voice of America) For at least the third time since the beginning of this year, the U.S. government is investigating a hack against federal agencies that began during the Trump administration but was only recently discovered, according to senior U.S. officials and private sector cyber defenders.
It is the latest supply chain cyberattack, highlighting how sophisticated, often government-backed groups are targeting vulnerable software built by third parties as a steppingstone to sensitive government and corporate computer networks.
Five federal agencies potentially breached in Pulse Connect Secure hack (CNN) At least five federal civilian agencies appear to have been breached in the latest hack to hit the US government, a discovery that follows emergency measures to mitigate potential damage from the incident, according to a top official at the Cybersecurity and Infrastructure Security Agency.
BadAlloc: Microsoft Flags Major Security Holes in OT, IoT Devices (SecurityWeek) Researchers at Microsoft detailed 25 remote code-execution vulnerabilities (BadAlloc) affecting a wide range of IoT and OT devices the industrial, medical, and enterprise networks.
Microsoft discloses ‘BadAlloc’ bugs affecting smart devices, industrial gear (The Record by Recorded Future) One of Microsoft’s bug hunting teams has discovered 25 vulnerabilities impacting a broad spectrum of smart IoT devices and industrial equipment.
Microsoft finds critical code execution bugs in IoT, OT devices (BleepingComputer) Microsoft security researchers have discovered over two dozen critical remote code execution (RCE) vulnerabilities in Internet of Things (IoT) devices and Operational Technology (OT) industrial systems.
NSA warns defense contractors to double check connections in light of Russian hacking (CyberScoop) The NSA warned defense contractors in a memo to examine the security of the connections between OT and IT in light of recent Russian hacking.
Stop Malicious Cyber Activity Against Connected Operational Technology (NSA) A significant shift in how operational technologies (OT) are viewed, evaluated, and secured within the U.S. is needed to prevent malicious cyber actors (MCA) from executing successful, and potentially damaging, cyber effects
PortDoor: New Chinese APT Backdoor Attack Targets Russian Defense Sector (Cybereason) In a highly targeted operation by a Chinese APT, a newly discovered backdoor dubbed PortDoor is being used in attacks targeting a Russian defense contractor…
Cybersecurity Firm Spots New CIA Malware That Could Have Been Used to Spy Network Traffic (Tech Times) The newly-discovered malware is believed to have been deployed by the CIA as early as 2014 and is capable of executing commands against its infected host.
More than 70 firms received CIA malware samples in 2019: Kaspersky sec chief (iTWire) The head of security firm Kaspersky's Global Research and Analysis Team, Costin Raiu, says in 2019 more than 70 security companies were given samples of malware that was created by the CIA. He did not say anything about who had handed out this malware. His statement came in response to a taunt f…
Saving World Health Day: UNICC and Group-IB Take Down Scam Campaign Impersonating the World Health Organization (UNICC) UNICC, together with Group-IB, took down a massive multistage scam campaign circulating online on April 7, World Health Day.
Saving World Health Day: UNICC and Group-IB Take Down Scam Campaign Impersonating the World Health Organization (PR Newswire) Group-IB, a global threat hunting and adversary-centric cyber intelligence company that specializes in investigating hi-tech cybercrimes, and…
Suspected Chinese hackers are breaking into nearby military targets (CyberScoop) Hackers with suspected ties to China’s PLA have been hacking into military and government organizations, according to Bitdefender.
UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat (FireEye) Mandiant has observed financially motivated UNC2447 exploiting a SonicWall VPN zero-day vulnerability and deploying ransomware.
Hacking group exploited SonicWall zero-day for ransomware attacks, FireEye says (CyberScoop) A hacking group exploited a SonicWall zero-day software flaw before a fix was available in order to deploy a previously unreported ransomware strain, FireEye researchers said Thursday. The disclosure of the ransomware comes one week after FireEye revealed three previously unknown vulnerabilities in SonicWall’s email security software. But the latest hacking tool emerges from an earlier zero-day found in SonicWall’s mobile networking gear.
Vulnerability Exposes F5 BIG-IP to Kerberos KDC Hijacking Attacks (SecurityWeek) F5 Networks this week released patches to address an authentication bypass vulnerability affecting BIG-IP Access Policy Manager (APM), but fixes are not available for all impacted versions.
QNAP warns of AgeLocker ransomware attacks against NAS devices (The Record by Recorded Future) Taiwanese hardware vendor QNAP said today that its network-attached storage (NAS) devices are under attack by a ransomware operation known as AgeLocker.
QNAP warns of AgeLocker ransomware attacks on NAS devices (BleepingComputer) QNAP customers are once again urged to secure their Network Attached Storage (NAS) devices to defend against Agelocker ransomware attacks targeting their data.
Deepfakes advertised on underground markets, signaling possible shift, Recorded Future says (CyberScoop) Malicious use of manipulated visual and audio files — technology known as deepfakes — is swiftly migrating toward crime and influence operations, according to findings published Thursday. Threat intelligence company Recorded Future pointed to a recent surge in such activities and a burgeoning underground marketplace that could spell trouble for individuals and companies that use tools like facial identification technology as part of multi-factor authentication.
Experian API Flaw Raises Questions (BankInfo Security) Some security experts are questioning whether Experian is doing enough to ensure security after a researcher discovered that an API the credit reporting firm uses
Police warn of fake Microsoft reseller linking customers to offshore scammers (CRN Australia) Police said company claimed to offer official Microsoft support services.
Contract tracing breach impacts private info of 72K people (AP NEWS) Employees of a vendor paid to conduct COVID-19 contact tracing in Pennsylvania may have compromised the private information of at least 72,000 people, including their exposure status and their sexual orientation, the state Health Department said Thursday.
Pa. COVID Contact-Tracing Data Breach Exposes Thousands (Law360) Thousands of Pennsylvanians’ personal information may have been exposed in a data breach at Insight Global, which was contracted to provide COVID-19 contact-tracing services for the Keystone State’s health department, the company confirmed Thursday.
Whistler resort municipality hit by new ransomware operation (BleepingComputer) The Whistler municipality in British Columbia, Canada, has suffered a cyberattack at the hands of a new ransomware operation.
Leaping Down a Rabbit Hole of Fraud and Misdirection (Domain Tools) While much security research and analysis focuses on active, disruptive attacks such as ransomware or state-directed espionage operations, computer-facilitated fraud remains one of the most impactful threats in terms of financial cost to most organizations.
Security Patches, Mitigations, and Software Updates
Texas Instruments SimpleLink (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Texas Instruments
Equipment: SimpleLink Wi-Fi, MSP432, CC13XX, CC26XX, CC32XX, CC3100
Vulnerabilities: Stack-based Buffer Overflow, Integer Overflow or Wraparound
Cassia Networks Access Controller (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.2
ATTENTION: Low attack complexity
Vendor: Cassia Networks
Equipment: Access Controller
Vulnerability: Path Traversal
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to read any file from the Access Controller server.
Johnson Controls Exacq Technologies exacqVision (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.0
Vendor: Exacq Technologies, Inc., a subsidiary of Johnson Controls, Inc.
Vulnerability: Off-by-one Error
2. RISK EVALUATION
A local attacker could exploit this vulnerability to obtain “Super User” access to the underlying Ubuntu Linux operating system.
Multiple RTOS (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vulnerabilities: Integer Overflow or Wraparound
CISA is aware of a public report, known as “BadAlloc” that details vulnerabilities found in multiple real-time operating systems (RTOS) and supporting libraries.
Apple Patches Security Bypass Vulnerability Impacting Macs With M1 Chip (SecurityWeek) Apple’s latest macOS updates patch three vulnerabilities that can be exploited to bypass security mechanisms, including one that only impacts Macs with M1 chips.
Several High-Severity Vulnerabilities Expose Cisco Firewalls to Remote Attacks (SecurityWeek) Cisco this week released patches for multiple vulnerabilities in Firepower Threat Defense (FTD) software, including high-severity issues that could be exploited for arbitrary command execution or denial-of-service (DoS) attacks.
Are your buildings and cloud cyber secure? (Control Global) ”Joe Weiss PE CISM CRISC ISA Fellow and I had a robust call with a cloud service provider with the IT company that brought us to them on Monday…
2021 Cloud-native Security Trends and Insights (Coalfire) Developed in collaboration with ESG, TechTarget’s research and analyst division, Coalfire’s latest Securealities research report provides actionable guidance for navigating the complexities of cloud-native security, helping you to find the smartest path to your secure cloud.
How Cyber Attacks affect the Enterprise (SaltDNA) Despite increased corporate cybersecurity spending, 2021 is shaping up to be the worst year for data breaches ever.
The Life-Threatening Rise of Ransomware in Healthcare (Morphisec) The rise in ransomware attacks on healthcare organizations increases the risk of a life-threatening interruption of patient care. What can hospitals do to tackle this trend?
Threat Detection Firm Vectra Raises $130 Million at $1.2 Billion Valuation (SecurityWeek) Threat detection and response company Vectra AI has raised $130 million and has become a cybersecurity unicorn at a valuation of $1.2 billion.
Data Risk Management Leader Qohash Expands Operations with U.S. Office (Qohash – Modern Data Security) Data Risk Management Leader Qohash Expands Operations with U.S. Office
GitHub to review its exploit-hosting policy in light of recent scandal (The Record by Recorded Future) Code-hosting platform GitHub has asked the infosec community to provide feedback on a series of proposed changes to the site’s policies that dictate how its employees will deal with malware and exploit code uploaded to its platform.
Microsoft May Update Its Vulnerability-Sharing Program (GovTech) After a recent cyber attack against thousands of Microsoft Exchange email clients, the company is reportedly reconsidering how and when it releases information about software vulnerabilities.
IDX Post Breach Care Awarded Gold Stevie® Award in Business-to-Business Service Category for 2021 American Business Awards® (PR Newswire) IDX, the leading privacy platform and data breach response provider, announced its recognition in the prestigious American Business Awards®….
Arete Incident Response Achieves Record Sales in Q1 of 2021 (PR Newswire) Arete Incident Response, a leading global provider of cybersecurity services and technology to corporations, law firms, insurance carriers, and…
Cloudentity Appoints New CPO, Bolstering its Executive Team to Drive Innovation in Authorization Governance (BusinessWire) Today Cloudentity, a cloud-based provider of dynamic fine-grained authorization and governance solutions, announced its new CPO, Brook Lovatt, who joi
Forcepoint Announces New Appointments to Board of Directors (PR Newswire) /PRNewswire/ — Forcepoint, the global leader in cybersecurity solutions that protect the critical data and networks of thousands of customers throughout the…
Products, Services, and Solutions
Coalfire Launches Risk Based Attack Surface Manage (Coalfire) Coalfire launched its Attack Surface Management (ASM) solution to enhance the company’s growing offensive security portfolio.
Tanium partners with Oracle to offer cloud-based endpoint management, security (ZDNet) After building up business with the largest enterprises for the last 10 years, Tanium is working with multiple cloud partners to make its endpoint management and security products more accessible to the mid-market.
How to take advantage of Apple’s new iPhone privacy features (NBC News) Apple iOS 14.5 update: What to know about new privacy features that are coming to your smartphone.
Dashlane Launches “Essentials” To Pick Up Angry LastPass Customers (Android Headlines) Dashlane has just launched a new plan called “Essentials”, which as you might expect by the name, only offers you the essentials at a lower price. This
Dell Technologies partners with SecureWorks for new security service (Security Brief) The new Dell Technologies Managed Detection and Response powered by Secureworks TaegisXDR provides 24/7 security across endpoint devices, data centre networks and cloud environments.
LogRhythm reduces cyber risk for Victoria’s public hospital network (LogRhythm) Award-winning NextGen SIEM platform was vital to protecting critical patient data for Victoria’s public hospital network, especially amid a global pandemic
Technologies, Techniques, and Standards
U.S. Space Command considers joint center to provide cyber security for satellite communications (SATCOM) (MIlitary & Aerospace Electronics) A critical part of defending SATCOM is building mesh networks to ensure system resilience in the event one part of the network is attacked.
‘Accelerate change or lose’: Applying Gen. Brown’s action orders to cyberspace education and training (Air Force Times) The author proposes steps to correct a lack of adequate training for a large number of Air Force cyberspace personnel.
Digital Assets and Data Management – Disruption and Transformation (BakerHostetler) Welcome to our seventh Data Security Incident Response Report (DSIR). It has been quite a year from many perspectives. Thank you to everyone we have continued to partner and work with to create this report.
Industrial cybersecurity is as much about efficiency as it is effectiveness (Smart Industry) At times it seems like cybersecurity is from another planet or out of a science-fiction movie. In the world of industrial-control systems, we are used to names like 800xa, Mark VI, Ovation, and Control Logix. It almost seems like a different language.
Spring Clean Your Digital Files (Associations Now) From messy desktops to old passwords, it’s time to make sure your digital life is up to date. Not just because it makes your job easier, either—it could help prevent organizational security risks.
Mitigating Security Threats on Nontraditional Platforms (CSO Online) Just because it doesn’t look like a computer, doesn’t mean it can’t be exploited. Here’s how to guard against attacks on nontraditional devices
Design and Innovation
NGA & GCHQ show commitment to neurodiversity in the federal workforce (SC Media) Two programs currently underway supporting military intelligence, demonstrate how neurodivergent men and women with an interest in cybersecurity are finding new opportunities to bring their unique ways of thinking to the government workforce.
GCHQ targets dyslexic people in recruitment drive (Computing) People tend to have a higher ability to innovate and imagine, which are invaluable to intelligence and cyber security organisations
Norwich GenCyber camps receive $170K NSA/NSF grant, registration deadline May 14 (Vermont Business) Norwich University has earned two grants totaling more than $187,000 from the National Security Agency (NSA) and the National Science Foundation (NSF) to host two virtual cybersecurity summer camps.
Tampa Bay university first in state to offer cybersecurity engineering bachelor’s (Tampa Bay Business Journal) Lakeland-based Florida Polytechnic University is the first university in the state to offer a bachelor’s degree program in cybersecurity engineering.
Legislation, Policy, and Regulation
Was China behind last October’s power outage in India? Here’s what we know. (Washington Post) Despite the conflict along the Indian border, China had reasons to avoid a cyberattack
EU adopts controversial law forcing one-hour takedowns of terrorist content (The Verge) The EU is getting tougher on online terrorist content
The Cybersecurity 202: The Defense Department isn’t armed to combat the growing threat of information warfare, experts warn (Washington Post) National security experts will warn Congress today that the U.S. government isn’t doing enough to fight back against the growing national security threat of information warfare aimed at sowing distrust in the U.S. government at home and abroad.
On Social Media, American-Style Free Speech Is Dead (Wired) Major platforms’ policies aren’t actually inspired by the First Amendment. This legal scholar says that’s a good thing.
Can There Ever Be Normalcy in Cyberspace (ISACA) Challenges face the US government amid an increasingly turbulent threat landscape foreshadowed by the December 2020 SolarWinds supply chain attack. But to categorize SolarWinds as merely a hack is a disservice, as it is now understood to be a major cybercampaign involving an estimated 1,000 nation-state actors.
Ransomware Poses a Threat to National Security, Report Warns (Wall Street Journal) Tech companies want to tackle ransomware gangs may involve using laws designed to prosecute drug cartels and organized crime, a working group of dozens of technology companies and law-enforcement officials said.
DHS: Ransomware IS National Security Threat (Breaking Defense) The Ransomware Task Force report, a comprehensive effort on this topic, includes 48 recommendations to tackle this growing threat.
Coalition unveils plan to help government, industry confront ransomware attacks (TheHill) A coalition of experts on Thursday unveiled a road map for the federal government and industry to potentially use in combating ransomware attacks, which have spiked over the past year as hackers targeted organizatio
Amazon, Microsoft join Joe Biden and DHS in declaring war on ransomware (Newsweek) Experts from the public and private sectors collaborated to produce a report published Thursday that provides recommendations for responding to ransomware attacks.
Report Calls for Mandatory Disclosure of Ransomware Payments (Nextgov.com) DHS Secretary Alejandro Mayorkas said the department will work with a task force developed by the private sector on ways to tamp down the increase in ransomware attacks.
Ransomware Task Force aims to disrupt ransomware payments globally (Computing) The new coalition aims for a unified, comprehensive, public-private campaign against ransomware groups
An Ambitious Plan to Tackle Ransomware Faces Long Odds (Wired) A task force counting Amazon, Cisco, and the FBI among its members has proposed a framework to solve one of cybersecurity’s biggest problems. Good luck.
EXPLAINER: No ransomware silver bullet, crooks out of reach (Star Tribune) Political hand-wringing in Washington over Russia’s hacking of federal agencies and interference in U.S. politics has mostly overshadowed a worsening digital scourge with a far broader wallop: crippling and dispiriting extortionary ransomware attacks by cybercriminal mafias that mostly operate in foreign safe havens out of the reach of Western law enforcement.
In The Ransomware Battle, Cybercriminals Have The Upper Hand (NPR) Hackers say they’ve seized computer records from the Washington, D.C., police and are demanding ransom. As ransomware groups keep getting more sophisticated, law enforcement is struggling to keep up.
Biden Order Will Require New Cybersecurity Standards In Response To SolarWinds Attack (NPR) Six months after one of the largest cyberattacks in history, the White House will set up formal cyber investigations, require companies to report breaches and set software development standards.
Senate votes to open floodgates, passes bipartisan $35 billion water infrastructure bill (NBC News) The Drinking Water and Wastewater Infrastructure Act passed overwhelmingly by a vote of 89-2.
Telecom Italia looking to drop Huawei from Italy 5G network – sources (Reuters) Telecom Italia (TLIT.MI) is looking to cancel a contract with Huawei (HWT.UL) for supplying equipment to build part of the telecom firm’s 5G network in Italy, three sources close to the matter said on Thursday.
Litigation, Investigation, and Law Enforcement
Missile Defense Agency scrapped cybersecurity tests last year for a new approach, watchdog finds (C4ISRNET) The agency has failed since 2017 to complete assessments to identify cyber vulnerabilities for missile defense systems.
Tribunal challenged over alleged cyber-attack in Brazilian pulp case (Global Arbitration Review) Further explosive allegations have emerged of a cyber-attack in a multibillion-dollar ICC dispute over the sale of a Brazilian pulp maker as the respondents challenge the entire tribunal, arguing it has been “irreparably compromised.
Cellebrite hack might undo convictions (Fudzilla) If it can be hacked it could mean the evidence was tampered with
Arizona vote recount contractor releases privacy policies (Star Tribune) A contractor overseeing the Arizona Senate's unprecedented recount of 2.1 million ballots from the November election complied Thursday with a court order and released its policies for ensuring voter privacy and ballot secrecy.