|
Microsoft's MSERT tool now finds web shells from Exchange Server attacks
These web shells are detected using the following names by Microsoft Defender:
- Exploit:Script/Exmann.A!dha
- Behavior:Win32/Exmann.A
- Backdoor:ASP/SecChecker.A
- Backdoor:JS/Webshell (not unique to these attacks)
- Trojan:JS/Chopper!dha (not unique to these attacks)
- Behavior:Win32/DumpLsass.A!attk (not unique to these attacks)
- Backdoor:HTML/TwoFaceVar.B (not unique to these attacks)
https://www.bleepingcomputer.com/news/security/microsofts-msert-tool-now-finds-web-shells-from-exchange-server-attacks/
Chinese hackers targeted SolarWinds customers in parallel with Russian op
On Monday, researchers said the attack was likely carried out by a China-based hacking group they’ve dubbed “Spiral.” The finding, laid out in a report published on Monday by Secureworks’ Counter Threat Unit, is based on techniques, tactics, and procedures in the hack that were either identical or very similar to an earlier compromise the researchers discovered in the same network.
https://arstechnica.com/gadgets/2021/03/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op/
US teases retaliation over state-backed cyber attacks
“The difference could be if one side publicly defines the rules that they are going to play with in the future,” said Connor. “Such rules might provide a useful deterrent to antagonists, but might also create internal discomfort when managing essential foreign relationships.
https://www.computerweekly.com/news/252497440/US-teases-retaliation-over-state-backed-cyber-attacks
How provider orgs need to respond to 2021's cybersecurity threats
Segmentation makes sense where you have two digital assets that don't need to talk to one another. Don't make it easy for bad guys to jump from one to the other. Isolate important assets from other types of assets. If they do need to talk to each other, make certain they cross through a point that can be easily monitored and controlled.
https://www.healthcareitnews.com/news/how-provider-orgs-need-respond-2021s-cybersecurity-threats
When it comes to healthcare cybersecurity, the best defense is also the most simple
“The healthcare industry is so overworked right now, it’s really hard to ask them to pay attention to cybersecurity,” Waseem said. “So, the best thing that I think anyone can do for healthcare right now is to give them a budget to allow them to hire people to manage and educate on these issues.”
https://medcitynews.com/2021/03/when-it-comes-to-healthcare-cybersecurity-the-best-defense-is-also-the-most-simple/
4 ways to keep the cybersecurity conversation going after the crisis has passed
“It’s not just the board ignoring things or executives minimizing things, but cybersecurity people staying in their lane,” says Jon Oltsik, senior principal analyst at Enterprise Strategy Group and author of the report. “We need progressive and proactive CISOs to kind of shake the world up.”
https://www.csoonline.com/article/3609094/4-ways-to-keep-the-cybersecurity-conversation-going-after-the-crisis-has-passed.html
Mortgage Lender Settles NYDFS Charges for Failure to Report Cyber Breach
NYDFS concluded that the company's failure was egregious, considering the employee whose email was breached regularly handled consumers' sensitive personal data, including Social Security numbers and bank account numbers. [...] To settle the violations, the mortgage lender agreed (i) to pay a $1.5 million civil monetary penalty and (ii) to an undertaking to further enhance its existing cybersecurity program.
https://www.findknowdo.com/news/03/04/2021/mortgage-lender-settles-nydfs-charges-failure-report-cyber-breach
Ransomware Gang Fully Doxes Bank Employees in Extortion Attempt
"It often motivates to reconsider the decision," the hackers said in an email sent to Motherboard. "This is advertising for future customers =)" The site displayed a table that included the names, social security numbers, and home addresses of 18 alleged employees of Flagstar Bank. The hackers also posted other documents that include private personal information.
https://www.vice.com/en/article/3an9vn/ransomware-gang-fully-doxes-bank-employees-in-extortion-attempt
Cyberattacks stemming from software on the rise
A report from the Atlantic Council last year found cyberattacks on software supply chains, which includes all that goes into open-source and proprietary code used to develop and deploy applications, can infiltrate deep into an organisation’s technology stack, undermining development and administrative tools, code signing, and device firmware.
https://www.fm-magazine.com/news/2021/mar/cyberattacks-stemming-from-software-on-the-rise.html
You’ve got state-sponsored mail hacks
The New York Times reported the Biden administration was already planning over the next three weeks “a series of clandestine actions across Russian networks that are intended to be evident to President Vladimir V. Putin and his intelligence services and military but not to the wider world”.
https://www.ft.com/content/57ffbfe7-6c4f-453e-a908-ffa7bf1883c5
Vague contract language hampers cybersecurity for weapons systems, GAO says
GAO evaluated five programs across the Army, Air Force, Navy and Marine Corps and found that three of the five programs reviewed didn't have cybersecurity requirements in their contracts when awarded, but modified after the fact to include them.
https://fcw.com/articles/2021/03/08/gao-cyber-weapons-systems.aspx
DHS looking for industry ideas on finding and keeping cyber talent
The Department of Homeland Security is asking for feedback from vendors on how it should pay in-demand cybersecurity experts. DHS is standing up a Cybersecurity Talent Management System, and is offering a contract award to support its new Cybersecurity Compensation System. DHS said both projects rethink long-held theories about how the federal government recruits and retains cybersecurity talent.
https://federalnewsnetwork.com/federal-newscast/2021/03/dhs-looking-for-industry-ideas-on-finding-and-keeping-cyber-talent/
Lawmakers introduce legislation to allow Americans to take foreign hackers to court
The legislation is likely to be among several bipartisan bills introduced in the coming weeks to respond to increasing foreign cyberattacks. There is a huge amount of bipartisan interest in taking action after the SolarWinds hack.
https://thehill.com/policy/cybersecurity/542157-lawmakers-introduce-legislation-to-allow-americans-to-take-foreign
U.S. reportedly prepares action against Russia after major cyberattack
The first of the U.S. actions could come in the next three weeks, unnamed officials told the Times, and kick off a series of actions in Russia meant to be noticed by President Vladimir Putin and his intelligence staff but not the public. The U.S. would also move to impose economic sanctions and President Joe Biden would sign an executive order to strengthen government networks, the officials said.
https://www.cnbc.com/2021/03/08/us-prepares-to-take-action-against-russia-after-major-cyber-attack.html
As India’s Physical Borders Quiet Down, Its Virtual Ones Are Under Siege
In its reported cyberattacks against India’s power generation and transmission nodes, Beijing may well be doing something similar to Russia’s hybrid warfare in Ukraine. There, Kremlin-linked groups have repeatedly launched cyberattacks against almost every sector of the country’s infrastructure since 2014.
https://foreignpolicy.com/2021/03/08/india-cyberattack-china-borders-biden-partnership/
The Sunshine State Jumps on the Bandwagon: Florida Considering Comprehensive Privacy Legislation with Private Right of Action
A consumer who is affected could file suit against a covered entity under this provision, either for damages – the bill provides for the greater of up to $750 per consumer per incident or actual damages – or injunctive or declaratory relief. This is a significant change from current Florida law. While Florida does have a data breach notification statute, that law does not include a private right of action.
https://www.lexology.com/library/detail.aspx?g=5388236d-505b-4390-b988-d472ea8964b1
2020 Was a Bright Spot for Women in Cyber, Report Finds
However, while women already in the cyber field are content, there is still work to be done to recruit more women to join the field. Tessian surveyed Generation Z college graduates and found that only 26 percent of women were considering joining the cybersecurity field, compared to 42 percent of men.
https://www.meritalk.com/articles/2020-was-a-bright-spot-for-women-in-cyber-report-finds/
Microsoft Exchange Cyber Attack — What Do We Know So Far?
"There are at least five different clusters of activity that appear to be exploiting the vulnerabilities," said Katie Nickels, director of threat intelligence at Red Canary, while noting the differences in the techniques and infrastructure from that of the Hafnium actor.
https://thehackernews.com/2021/03/microsoft-exchange-cyber-attack-what-do.html
Google Chrome users take at least one month to update, as zero-days lurk
In a blog posted by Menlo Security, researchers found that while Chrome 87 was released on Nov. 17, 2020, it took at least a month for 84% of customers to update their browsers. The same trend was observed with Chrome 88, which was released on Jan. 19, 2021, but also took a month until 68% of customers updated.
https://www.scmagazine.com/home/security-news/cloud-security/google-chrome-users-take-at-least-one-month-to-update-as-zero-days-lurk/
Fake Google reCAPTCHA Phishing Attack Swipes Office 365 Passwords
The phishing emails pretend to be automated emails from victims’ unified communications tools, which say that they have a voicemail attachment. For instance, one email tells users that “(503) ***-6719 has left you a message 35 second(s) long on Jan 20” along with a lone attachment that’s titled “vmail-219.HTM.” Another tells email recipients to “REVIEW SECURE DOCUMENT.”
https://threatpost.com/google-recaptcha-phishing-office-365/164566/
Google engineer urges web devs to step up and secure their code in this data-spilling Spectre-haunted world
"The bad news is that this is going to be a lot of work, much of it falling on the shoulders of web developers," writes West. "The good news is that a reasonable set of mitigation primitives exists today, ready and waiting for use."
https://www.theregister.com/2021/03/08/post_spectre_programming/
|
