Attacks, Threats, and Vulnerabilities
The Philippines government exposed 345,000 sensitive legal docs online (Rest of World) The files appear to have originated from the Office of the Solicitor General, which was also hacked in December.
Data breach exposed 345,000 sensitive SolGen documents in April —British cybersecurity firm (GMA News Online) Hundreds of thousands of documents from the Office of the Solicitor General containing sensitive information were made accessible to the public in a data breach last month, a British cybersecurity firm said.
DOJ: Solgen’s office looking into reported data breach (Philstar.com) The Office of the Solicitor General is looking into a reported data breach that allegedly exposed 345,000 of its files.
New Variant of Buer Loader Written in Rust (Proofpoint) Proofpoint researchers identified a new variant of the Buer malware loader distributed via emails masquerading as shipping notices in early April. Buer is a downloader sold on underground marketplaces that is used as a foothold in compromised networks to distribute other malware, including ransomware. Proofpoint first observed Buer in 2019.
H&M Israel said targeted by Iranian cyberattack (Times of Israel) Group identified as N3tw0rm threatens to release customer data unless its demands are met
Chinese Crypto Exchange Paralyzed After Suffering Serious Cyber Attack (The Daily Hodl) Hotbit is temporarily shutting down following a cyber attack that paralyzed a number of its central services.
China-linked APT group targets Russian nuclear sub designer with an undocumented backdoor (The Record by Recorded Future) A threat actor believed to be operating on behalf of Chinese state-sponsored interests was recently observed targeting a Russian defense contractor.
Unknown Chinese APT Targets Russian Defense Sector (SecurityWeek) Researchers at Cybereason say they have discovered an undocumented malware targeting the Russian military sector and bearing the hallmarks of originating in China.
A Tale of Two Hacks: From SolarWinds to Microsoft Exchange (Threatpost) Oliver Tavakoli, CTO of Vectra AI, discusses the differences between the massive supply-chain hack and the Exchange zero-day attacks, and their legacy and ramifications for security professionals.
New Spectre Exploits Beat All Mitigations: Fixes to Severely Degrade Performance (Tom’s Hardware) Micro-op caches prone to attacks.
Previously undocumented backdoor targets Microsoft’s Equation Editor (CSO Online) RoyalRoad backdoor delivered via spear phishing was identified in an attack on a Russian-based defense contractor.
BIND Vulnerabilities Expose DNS Servers to Remote Attacks (SecurityWeek) Several vulnerabilities patched recently in the BIND DNS software can be exploited for DoS attacks and possibly even remote code execution.
The Hack of a Small Tech Vendor Casts a Wide Net (Wall Street Journal) The Accellion breach continues to ripple outward in courtrooms and at kitchen tables months after the initial hack.
Apple’s Ransomware Mess Is the Future of Online Extortion (Wired) This week, hackers stole confidential schematics from a third-party supplier and demanded $50 million not to release them.
Stealthy RotaJakiro Backdoor Targeting Linux Systems (SecurityWeek) Previously undocumented and stealthy Linux backdoor named RotaJakiro has been discovered targeting Linux X64 systems, and has been undetected for at least three years
Babuk gang says it will stop ransomware attacks after DC Police incident (The Record by Recorded Future) The operators of the Babuk Locker ransomware have announced plans to stop carrying out ransomware intrusions and focus on data theft and extortion instead.
Ransomware Gangs move toward efficient self-automated attacks (Analyst1) In early April 2021, Analyst1 published a whitepaper analyzing a self-proclaimed ransom cartel. While conducting research for the whitepaper, we reviewed several ransomware gangs and their activities. Now, we want to expand on one of our findings, which poses an extreme threat to enterprise organizations.
PHP community sidesteps its third supply chain attack in three years (Naked Security) Third time lucky! (The first two times were lucky, too, luckily.)
Swiss Cloud becomes the latest web hosting provider to suffer a ransomware attack (The Record by Recorded Future) Swiss Cloud, a Switzerland-based cloud hosting provider, has suffered this week a ransomware attack that brought the company’s server infrastructure to its knees.
Virgin Active cyber attack results in freeze of online systems (Eyewitness News) The health club says it has been targeted by sophisticated cybercriminals.
IOTW: University of California Schools Hit with Ransomware Attack (Cyber Security Hub) The company released a patch for the 20-year-old product within 72 hours to the less than 50 customers that had been affected. In early February, Accellion stated it had notified all affected FTA customers by December 23, 2020. However, that was before the January exploit hit.
Flex On ‘Em: Leveraging Legitimate Sites to Launch Attacks (Avanan) Hackers are utilizing a site called Flexitive to bypass static layers and launch attacks.
Ghost Town Security: What Threats Lurk in Abandoned Offices? (Dark Reading) Millions of office buildings and campuses were rapidly abandoned during the pandemic. Now it’s a year later. What happened in those office parks and downtown ghost towns? What security dangers lurk there now, waiting to ambush returning businesses?
Ransomware Attack On Midwest Transplant Network Affects More Than 17,000 (KCUR 89.3) The attackers were able to obtain some personal health information about deceased donors and organ recipients, including names, dates of birth and types of organ donation or transplantation procedures.
Thieves break Experian’s credit freeze, ‘thaw’ accounts: report (Fox Business) A cybersecurity blog reported that a reader had his credit freeze “thawed” without authorization on Experian’s website, demonstrating “how truly broken authentication and security remains in the credit bureau space.”
Mumbai: IITian loses Rs 1 lakh to cyber fraud (Free Press Journal) A 26-year-old IIT Bombay student became a victim of a cyber-crime fraud wherein in a bid to enable her sister to get refund of Rs 2600 from an airline company, the victim spoke to a cyber-fraudster over a conference call with her sister and the fraudster induced the victim to download a remote access application on her phone and within minutes the victim lost a lakh rupee from her account.
Mumbai: IIT Bombay student loses Rs 1 lakh in minutes to a cyber fraud (Free Press Journal) The victim’s sister informed her that she had cancelled her flight ticket and was unable to figure out the refund process and had called the victim for help
Want to ring the prime minister? Boris Johnson’s phone number reportedly available online for 15 years. (Washington Post) National security concerns were raised following media reports that British Prime Minister Boris Johnson’s personal cellphone number has been publicly available on the Internet for the past 15 years.
Almost a quarter of users are still running a Windows OS without mainstream support: Survey (Hindu Businessline) 24% of users are still running a Windows OS without mainstream support
Breach reported by attorney general confirmed to be ransomware attack (Effingham Daily News) A data breach reported by Attorney General Kwame Raoul’s office nearly three weeks ago was a ransomware attack, according to a Thursday news release.
Ransomware Reality Shock: 92% Who Pay Don’t Get Their Data Back (Forbes) New ransomware research reveals that you really can’t trust a criminal.
Control system cyber incidents are much more plentiful than people realize (Control Global) Control systems are systems of systems. Consequently, when one device or system is compromised, it can impact many others, potentially numbered in the tens to thousands.
As U.S. cities embrace tech, cyberattacks pose real-world risks (ETTelecom) The word “cyberattack” usually brings to mind hackers breaking into a company or government agency, wreaking havoc and stealing valuable data.
Security Operations and Management Startup StrikeReady Emerges From Stealth (SecurityWeek) Cloud-based security operations and management startup StrikeReady this week emerged from stealth mode after raising $3.6 million in seed funding.
Accenture to acquire French cybersecurity company Openminded (Silicon Republic) The acquisition of Openminded would accelerate growth in France for Accenture and bolster its cybersecurity capabilities across Europe.
Darktrace Surges 32% After Rushing Smaller IPO to Market (Bloomberg) Valuation is lower than what the company had previously sought. Company priced IPO at 250 pence per share, midpoint of range.
Steeped in spycraft, cybersecurity firm Darktrace rockets on London debut By Reuters (Investing.com) Steeped in spycraft, cybersecurity firm Darktrace rockets on London debut
The Darktrace share price shoots up 40%, but there’s more to this IPO than meets the eye (Yahoo) With another keenly watched IPO earlier this week, Jonathan Smith explains why the Darktrace share price jump is a little misleading due to the valuation. The post The Darktrace share price shoots up 40%, but there’s more to this IPO than meets the eye appeared first on The Motley Fool UK.
Cybersecurity firm launched by ex-spies surges on London market debut (TechStory) Cybersecurity company, Darktrace touches a vague line of success on its market debut that took place on Friday.
Imperva® to Acquire CloudVector, Accelerates Vision for Web Application and API Protection (Imperva) Imperva, Inc., (@Imperva) the cybersecurity leader whose mission is to protect data and all paths to it, announced it has entered into an agreement to acquire CloudVector, a leader in advanced API security. CloudVector enables customers to discover, monitor, and protect all API traffic in any environment […]
Peraton unveils new business units, C-suite as it works to absorb Perspecta (Washington Business Journal) Here’s who’s staying and whose names appear to be missing on the combined leadership team thus far — and how the Peraton-Perspecta deal came about in the first place.
It’s Official: Okta Joins Forces With Auth0
(Okta) At Okta, we’ve spent the past 12+ years focused on transforming cloud-based identity and empowering everyone to safely use any technology. Today marks a significant milestone for our team and acceleration of our journey: Okta and Auth0 are now one team.
Huawei Australia battered in 2020 with 5G ban and consumer sales diving (ZDNet) The Australian arm of Huawei shed itself of 113 employees and its board during a tumultuous 2020.
Cybersecurity Community Unhappy With GitHub’s Proposed Policy Updates (SecurityWeek) The cybersecurity community is not happy with GitHub’s proposed policy updates related to malware and exploits.
GitHub Explores New Anti-Malware Policy but the Community Express Concerns (TechNadu) GitHub wants to update its policy on dealing with potentially malicious code, and the community isn’t happy about it.
GitHub: Microsoft’s clash with security researchers has finally arrived (iTWire) It was always expected after Microsoft acquired the software code repository GitHub that corporate interests would come first, not the interests of security researchers.
Riot will record voice chats in ‘Valorant’ to tackle harassment (Engadget) The publisher said it will only listen to a recording after a report is filed..
SentinelOne names ex-BlackBerry A/NZ boss Jason Duerden as new regional director (ARN) Cyber security vendor SentinelOne has appointed former BlackBerry Australia and New Zealand managing director Jason Duerden as its new A/NZ regional director.
Redhorse President John Zangardi Named to Forcepoint Board – GovCon Wire (GovCon Wire) Looking for the latest GovCon News? Check out our story: Redhorse President John Zangardi Named to Forcepoint Board. Click to read more!
BT Enhances Managed Firewall Service with Fortinet Secure SD-WAN (Fast Mode) BT recently launches a new managed secure SD-WAN service powered by Fortinet offering
Palo Alto Networks expands Prisma Cloud to secure unprotected cloud workloads (Express Computer) Read Article Palo Alto Networks is delivering innovations to Prisma Cloud to help organisations ensure no workload is left unprotected. The new capabilities also increase automation and detection, simplify compliance checks, and deepen visibility into malware threats for containers and hosts. Additionally, Palo Alto Networks is unveiling the cloud native attack dashboard that extends the […]
Products, Services, and Solutions
CallTower and Conquest Cyber Partner for Microsoft Cloud Security (AiThority) CallTower, announced a strategic partnership with Conquest Cyber, a leading builder of adaptive risk management programs
As Cyber Attacks Rise, Thales Chooses OVHcloud for Made in France Hosting of Citadel Team Encrypted Messaging Data (AiThority) Cybercriminals are taking advantage of the Covid-19 pandemic to infiltrate enterprise networks through vulnerabilities created by the massive numbers of people working from home.
The End of Ransomware: RevBits Endpoint Security Certified by ICSA Labs (PR Newswire) RevBits announces that it has passed ICSA Labs (an Independent Division of Verizon) certification testing for RevBits Endpoint Security…
Forescout Enhances Cyber Resilience for the Maritime Industry (GlobeNewswire) Forescout is first to support International Maritime Organization’s (IMO) requirements by securing ship automation and control systems
Trend Micro Announces Next Generation ICS Endpoint Security Solution (PR Newswire) Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today announced a first-of-its-kind OT-native endpoint security…
Technologies, Techniques, and Standards
Mitigating cyber risks from unmanaged devices (StateScoop) Though agencies loosened “bring-your-own-device” policies last year, they can still stay ahead of cyberthreats by integrating dynamic access policies.
How to Talk to Leadership About a Zero Trust Model That’s Right For You (Security Intelligence) Many executives have doubts about the security budgeting process. Here’s how you can soothe those concerns and encourage a zero trust model.
Security Needs a Seat at the Adults’ Table, Data Theorem CEO Says (SDxCentral) The new cyberattack surface is the API layer, according to Doug Dooley, CEO of application security startup Data Theorem.
Unemployment-Benefits Fraud Has Soared in the Pandemic. Here’s What to Do. (Wall Street Journal) Protect your Social Security number and other personal information whether or not you are an identity-theft victim
Stopping the Next SolarWinds Requires Doing Something Different (Dark Reading) Will the SolarWinds breach finally prompt the right legislative and regulatory actions on a broader, more effective scale?
Design and Innovation
Google’s Grand Plan to Eradicate Cookies Is Crumbling (Wired) Regulators in the EU and competitors have raised concerns about the company’s proposals to rewrite the rules of online advertising.
Research and Development
How a university got itself banned from the Linux kernel (The Verge) It all started with an email.
Cryptographers Are Racing Against Quantum Computers (Built In) Today’s security schemes will soon be obsolete.
Australia proposes teaching cyber-security to five-year-old kids (Register) By eight they should be telling you not to upload geo-tagged photos of them in school uniform
One Man’s Vision to Turn UTSA Into a New Hub for Cybersecurity (San Antonio Magazine) Guy Walsh, founding executive director of UTSA’s National Security Collaboration Center, hopes to create a space for data science and academics at the university’s downtown campus.
Two summer boot camps from Purdue can boost cybersecurity expertise, careers (Purdue University) Purdue University is offering two online summer boot camps designed to prepare information technology professionals to earn certifications that can lead to giant leaps in their careers by qualifying them for in-demand, highly paid jobs in cybersecurity.
Legislation, Policy, and Regulation
Biden-Putin summit in works for summer, says Sullivan (Defense News) National security adviser Jake Sullivan made his comments at the Aspen Security Forum.
China and Russia’s Dangerous Convergence (Foreign Affairs) On March 23, Chinese Foreign Minister Wang Yi and his Russian counterpart, Sergey Lavrov, sat down for an auspiciously timed meeting. The high-level talks came just a day after an unusually heated public exchange between senior U.S. and Chinese officials in Anchorage, Alaska, and in sharp contrast, the Chinese and Russian foreign ministers struck an amicable tone.
Huawei: An unexpected symbol of technological threat, says report (Yahoo) Beijing [China], May 1 (ANI): Chinese tech giant Huawei has become an unexpected symbol of “technological threat” as it poses danger to national security and economic integrity of the countries in which it operates, according to a report published in the Foreign Policy magazine.
Dutch Government Pauses Coronavirus App Over Data Leak Fears (SecurityWeek) The Dutch government has temporarily disabled its coronavirus warning app amid data privacy concerns for people who have the app installed on phones using the Android operating system.
A Complex Approach Is Needed to Win Cyber Wars (SIGNAL Magazine) If the U.S. government are to successfully defend against attacks, they will need to change their approach to defending their networks and systems.
The Cybersecurity 202: The Justice Department launched a 120-day review into its cybersecurity strategy (Washington Post) The Justice Department will launch a wide-ranging four-month review into its strategy for defending and deterring emerging cyberthreats, Deputy Attorney General Lisa Monaco said in her first comments on the international stage since her confirmation.
Ransomware is now a national security risk. This group thinks it knows how to defeat it (ZDNet) Recommendations ranging from additional support for victims to regulating Bitcoin to prevent it being used to extort payment aim to help protect society as a whole from being plagued by ransomware attacks.
An ambitious plan to tackle ransomware faces long odds (Ars Technica) Heavyweight task force proposes framework to tackle a major cybersecurity problem.
Ransomware Task Force Urges Tighter Crypto Regulation (Infosecurity Magazine) Ransomware Task Force Urges Tighter Crypto Regulation. Long-awaited document calls for closer international co-operation
In nod to Trump, Florida is set to ban ‘deplatforming’ on social media (NBC News) Florida is on track to be the first state in the nation to punish social media companies that ban politicians like former President Donald Trump.
Fla. Privacy Bill Can’t Cross Finish Line As Session Ends (Law360) Florida lawmakers have fallen short in their bid to enact the nation’s third comprehensive consumer privacy law, with the state’s legislative session drawing to a close Friday without lawmakers being able to reach an agreement on whether consumers should be allowed to sue companies for alleged violations.
Litigation, Investigation, and Law Enforcement
CISA Investigates Possible Hacks of Federal Agencies (Breaking Defense) “We are working with each agency to validate whether an intrusion has occurred and will offer incident response support accordingly,” CISA’s deputy executive assistant director told Breaking Defense.
Steep drop in national security surveillance during pandemic (AP NEWS) The number of targets of secretive surveillance in national security investigations fell sharply last year in large part because of the coronavirus pandemic, according to a government report released Friday. The drop in eavesdropping targets under the Foreign Intelligence Surveillance Act, which among other things empowers the FBI to monitor the communications inside the United States of people suspected of being agents of a foreign power, followed a decline the year before after several years of substantially larger numbers.
National Security Surveillance Plummeted Amid Pandemic and Russia Inquiry Fallout (New York Times) But the F.B.I. is still using residual authority to obtain business records under a partly expired Patriot Act provision, a new report showed.
Editorial: Clamp down on FBI’s backdoor surveillance of Americans (Los Angeles Times) A judge faults the FBI for conducting improper data searches on Americans.
DOJ hiring new liaison prosecutor to hunt cybercriminals in Eastern Europe (The Record by Recorded Future) The Justice Department is hiring a new Liaison Prosecutor to work with authorities in Eastern Europe to combat the rising wave of organized cybercrime activity.
Havana syndrome: NSA officer’s case hints at microwave attacks since 90s (the Guardian) When Mike Beck developed a rare form of Parkinson’s US intelligence concluded he was the victim of a hi-tech weapon
Mysterious Havana syndrome attacks are now documented in the US (Vox) The Senate Intelligence Committee is investigating events that are targeting US spies and diplomats.
DarkPath scam group loses 134 domains impersonating the WHO (The Record by Recorded Future) United Nations security experts and security firm Group-IB said they worked together to take down 134 websites operated by a cybercrime group known as DarkPath.
Second Circuit Rules Individuals Have Standing to Sue for ‘Increased Risk’ of Identity Theft (cyber/data/privacy insights) Earlier this week, the United States Court of Appeals for the Second Circuit held that where personal information is disclosed without authorization, impacted individuals may have standing to sue if they can show an “increased risk” of identity theft or fraud, even if this hasn’t yet happened. The c
SAP admits to ‘thousands’ of illegal software exports to Iran (ZDNet) SAP says it accepts “full responsibility for past conduct.”
Cyber attack on mayor Arya Rajendran; FIR registered (The New Indian Express) Faces cyberbullying for Facebook post saying that gas furnaces in crematorium were opened on war-footing
NIA Denies Hacking Rona Wilson’s Laptop In Bhima Koregaon Case; Says Arsenal Consulting Has No Locus To Give Opinion Of Sub-Judice Matter (Live Law) The National Investigation Agency (NIA) has denied thereport by digital forensics firm Arsenal C
Bhima-Koregaon case: NIA challenges laptop hacking charge by US firm (Mumbai Mirror) Arsenal Consulting had prepared its report after Wilson’s lawyers requested help of American Bar Association (ABA) to conduct an independent forensic analysis of the clone copy of electronic copies given to him after the NIA chargesheet was filed.
Newsmax apologizes to Dominion worker for false allegations (Washington Post) Newsmax apologized on Friday for airing false allegations that an employee for Dominion Voting Systems manipulated machines or tallies on Election Day to the detriment of former President Donald Trump.
Signal’s hack of surveillance software a big concern for courts (PC World) A surveillance software used by Australian police to extract messages, photos and other crucial pieces of evidence used in criminal hearings, has come into question after vulnerabilities were discovered that could be exploited to create falsified evidence.