|
Hafnium: Detecting and Mitigating Microsoft Exchange Compromise
Over the past 24 hours, it has become clear just how many organizations have been impacted. The attack against on-premise Microsoft Exchange Servers from Hafnium is widespread and continuing. Today, we sent a communication to our customers with indicators, how to search for evidence of a webshell, what to do if found, and links to patches and other tools. We are sharing that customer communication; the link is a PDF with the security alert and action items from CI's Deputy CISO, John-Luke Peck.
https://www.ci.security/resources/news/article/how-to-handle-the-hafnium-threat-to-microsoft-exchange
CISA Orders Federal Agencies to Patch Exchange Servers
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive, warning that its partners have observed active exploitation of the bugs in Microsoft Exchange on-premises products, which allow attackers to have “persistent system access and control of an enterprise network.”
https://threatpost.com/cisa-federal-agencies-patch-exchange-servers/164499/
Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow
Researchers have spotted malicious packages targeting internal applications for Amazon, Lyft, Slack and Zillow (among others) inside the npm public code repository — all of which exfiltrate sensitive information. The packages weaponize a proof-of-concept (PoC) code dependency-confusion exploit that was recently devised by security researcher Alex Birsan to inject rogue code into developer projects.
https://threatpost.com/malicious-code-bombs-amazon-lyft-slack-zillow/164455/
Cybercriminals post health system employee information online
According to NBC News, the group stole sensitive employee files from Rehoboth McKinley Christian Health Care Services and posted them to its website, seemingly in an attempt to extort payment. The files reportedly included job applications and background check authorizations that included Social Security numbers.
https://www.healthcareitnews.com/news/cyber-criminals-post-health-system-employee-information-online
100K Patients Impacted by Cochise Eye and Laser Ransomware Attack
However, some information was deleted during the security incident, which rendered it impossible to access any data in the scheduling system. The impacted data could include patient names, dates of birth, contact details, and some Social Security numbers stored within the billing software.
https://healthitsecurity.com/news/100k-patients-impacted-by-cochise-eye-and-laser-ransomware-attack
HIPAA Security Requirements: What They Really Mean
“[N]othing in HHS’s regulation says that a covered entity’s failure to encrypt three devices means that it never implemented “a mechanism” to encrypt anything at all. … The regulation requires only “a mechanism” for encryption. It does not require a covered entity to warrant that its mechanism provides bulletproof protection of “all systems containing ePHI.”
https://securityboulevard.com/2021/03/hipaa-security-requirements-what-they-really-mean/
Scammers impersonate execs to target big payout of investor dollars
Researchers have spotted a new business email compromise (BEC) trend that, if perfected, could represent a significant social engineering threat to the financial investment and private equity community. The scammers are impersonating c-level executives and instructing accounts payable employees to complete a capital call transaction to a fraudulent bank account.
https://www.scmagazine.com/home/email-security/scammers-impersonate-execs-to-target-big-payout-of-investor-dollars/
The integration of small business cybersecurity protection and cyber insurance: An emerging trend in 2021
In this situation both parties win: Insurers lower their overall risk by vetting and utilizing the latest technology to reduce the likelihood of an attack, and small business owners no longer need to navigate this complex landscape to determine the correct technology and policy that will cover them in the event of a breach.
https://www.securitymagazine.com/articles/94746-the-integration-of-small-business-cybersecurity-protection-and-cyber-insurance-an-emerging-trend-in-2021
Cyber insurance rates to increase 20-50% this year: Aon
“To maintain a commitment to long-term stable cyber capacity, insurers are reviewing areas in their portfolio where underwriting action is needed, and reevaluating capacity deployment, specifically as it relates to ransomware losses,” the report said.
https://www.businessinsurance.com/article/20210304/NEWS06/912340248/Cyber-insurance-rates-to-increase-20-50-this-year-Aon
Cyber insurance: How it has evolved and what lies ahead
“Going forward, we’re working with markets globally to determine how they will approach physical losses (i.e., property damage) if caused by a cyber incident under cyber insurance policies. Very much a work in progress here as a whole industry,” he continued.
https://www.insurancebusinessmag.com/nz/news/breaking-news/cyber-insurance-how-it-has-evolved-and-what-lies-ahead-248373.aspx
Biden makes cybersecurity ‘top priority’ in national security guidance
White House Press Secretary Jen Psaki told reporters in a press briefing Wednesday that the guidance communicates the administration’s central priorities for national security policy and seizes on a “once-in-a-generation opportunity to renew America’s advantages at home and abroad.”
https://federalnewsnetwork.com/cybersecurity/2021/03/biden-makes-cybersecurity-top-priority-in-national-security-guidance/
Biden’s Pick For Defense Policy Chief Outlines Cyber Deterrence Position
“We need a mix of deterrence by punishment—that is the ability to retaliate in cyberspace and other domains against those who attack us,” Kahl said. He later added this can include actions in cyberspace but also activities like sanctions and diplomatic isolation. “We have to be able to defend our networks.
https://www.nextgov.com/cybersecurity/2021/03/bidens-pick-defense-policy-chief-outlines-cyber-deterrence-position/172457/
Report: Russian hackers exploit Lithuanian infrastructure
The annual national security threat assessment report claimed that, among others, the Russian cyber-espionage group APT29 with alleged links to Russia’s intelligence services “exploited” Lithuania’s information technology infrastructure “to carry out attacks by APT29 against foreign entities developing a COVID-19 vaccine.”
https://fredericksburg.com/news/world/report-russian-hackers-exploit-lithuanian-infrastructure/article_f132f72a-c9b9-5058-8645-adc239968391.html
Russia-Iran intelligence pact
While information security and cyber security are the agreement’s main objectives, scholars of intelligence studies are well aware of the close connection between information security and counterintelligence. Many would argue that information security is indeed the main objective of counterintelligence (or “intelligence protection,” to use the Islamic regime’s term).
https://www.jns.org/opinion/the-russia-iran-intelligence-pact/
Privacy Bill Essentials: Illinois
A new data protection and privacy bill has been introduced in Illinois. This comprehensive bill, titled Consumer Privacy Act (ICPA), would provide more explicit notice and extended rights on what consumers can do with the categories and specific pieces of personal information that a business collects.
https://www.jdsupra.com/legalnews/privacy-bill-essentials-illinois-6043571/
Progress towards gender equality in cyber still slow
Ahead of International Women’s Day on 8 March 2021, CIISec’s research paints a disappointing picture of progress around equality in the sector, with 47% of respondents saying that had experienced or observed blatant misogyny that went undisciplined, while 61% said a lack of self-confidence was holding them back, and 50% did not believe they had the needed skills to move to more advanced roles.
https://www.computerweekly.com/news/252497260/Progress-towards-gender-equality-in-cyber-still-slow
Google Patches Actively Exploited Flaw in Chrome Browser
Beyond Google noting that it “is aware of reports that an exploit for CVE-2021-21166 exists in the wild,” further information about the glitch is unavailable. That’s because “access to bug details and links may be kept restricted until a majority of users are updated with a fix,” according to Google.
https://threatpost.com/google-patches-actively-exploited-flaw-in-chrome-browser/164468/
Would you let users vouch for unknown software's safety with an upvote? Google does
Google has revealed that its internal anti-malware tools include a “social voting” scheme that lets staff vouch for code they want to install won’t do any damage. The ad and search giant’s rationale is that blocking all unknown software works but may limit productivity, while blocking only known unsafe software requires a lot of vetting.
https://www.theregister.com/2021/03/04/google_malware_upvote/
|
