|
Rethink the Urgency of Patching As If your Network Depends On It (because it does!).
“Crucial severity vulnerabilities must be treated as incidents requiring an emergency response. This means changing foundational concepts in IT management and building something new. But because we cannot control the attackers' methods, and they have found the holes in our IT processes, they will bury us if we fail to respond."
https://www.darkreading.com/risk/nation-state-attacks-force-a-new-paradigm-patching-as-incident-response/a/d-id/1340609
NSA-CISA-FBI Joint Advisory on Russian SVR Targeting U.S. and Allied Networks
Specifically, SVR actors are targeting and exploiting the following vulnerabilities:
- CVE-2018-13379 Fortinet FortiGate VPN
- CVE-2019-9670 Synacor Zimbra Collaboration Suite
- CVE-2019-11510 Pulse Secure Pulse Connect Secure VPN
- CVE-2019-19781 Citrix Application Delivery Controller and Gateway
- CVE-2020-4006 VMware Workspace ONE Access
https://us-cert.cisa.gov/ncas/current-activity/2021/04/15/nsa-cisa-fbi-joint-advisory-russian-svr-targeting-us-and-allied
US expels Russian diplomats, imposes new round of sanctions
The actions, foreshadowed for weeks by the administration, represent the first retaliatory measures announced against the Kremlin for the hack, familiarly known as the SolarWinds breach. [...] Besides that hack, U.S. officials last month alleged that Russian President Vladimir Putin authorized influence operations to help Donald Trump in his unsuccessful bid for reelection as president, though there’s no evidence Russia or anyone else changed votes or manipulated the outcome. Russia swiftly denounced the actions and warned of retaliation.
https://apnews.com/article/us-expel-russia-diplomats-sanctions-6a8a54c7932ee8cbe51b0ce505121995
CMS bans coding hospitals use to hide prices from web searches
In March, the Journal reported that hundreds of hospitals have embedded special coding within their websites to block previously confidential pricing information from appearing in web searches. [...] CMS' statement said the hospital regulation requires the data to be "easily accessible and void of barriers" and that digital files "be digitally searchable," according to the report. HHS previously said it expects hospitals to comply with the price transparency guidelines and will enforce them.
https://www.beckershospitalreview.com/consumerism/cms-bans-coding-hospitals-use-to-hide-prices-from-web-searches.html
COVID-19 Vaccine Cold Chain Entities Remain Key Spear-Phishing Target
The prime targets of the campaign are the transportation, healthcare, and IT and electronics sectors. Researchers also found the attackers targeting government agencies and vendors that support public health entities, among other targets.
https://healthitsecurity.com/news/covid-19-vaccine-cold-chain-entities-remain-key-spear-phishing-target
Hackers Steal Data of 200K During CareFirst BlueCross DC Cyberattack
The compromised data included full names, contact details, dates of birth, Social Security numbers, Medicaid identification numbers, medical information, claims data, and some clinical information. [...] All individuals will receive two free years of credit monitoring and identity theft protection services.
https://healthitsecurity.com/news/hackers-steal-data-of-200k-during-carefirst-bluecross-dc-cyberattack
Behind the Great Firewall: Chinese cyber-espionage adapts to post-Covid world with stealthier attacks
IntSights’ Prudhomme commented: “Chinese cyber-espionage groups previously targeted foreign healthcare and pharmaceutical companies for their intellectual property. “The pandemic merely made this industry a higher priority and narrowed the focus of their attacks to Covid-19 vaccine research.”
https://portswigger.net/daily-swig/behind-the-great-firewall-chinese-cyber-espionage-adapts-to-post-covid-world-with-stealthier-attacks
Data for more than 20 million Pittsburgh parking app users stolen after major hack
The Pittsburgh Parking Authority is asking people who use their Park Mobile app to change their password. The stolen info includes license plates, email addresses, phone numbers, vehicle nicknames and even home addresses. No credit card information was accessed, officials said. Park Mobile said hackers were able to steal passwords even though the data was encrypted.
https://www.wpxi.com/news/top-stories/more-than-20-million-pittsburgh-parking-app-users-info-stolen-after-major-hack/NUKBHUKXUREZ5MDXQ72VZIMWQE/
Rippling Cyberattacks Force Corporate Boards to Rethink Risk
The recent hits have forced boards of directors to rethink cybersecurity challenges and their potential ripple effects as companies face mounting legal and reputational risks from costly hacks. The attacks also show how cyber incidents in a connected system can quickly spread to contaminate thousands of companies at once.
https://news.bloomberglaw.com/privacy-and-data-security/rippling-cyberattacks-force-corporate-boards-to-rethink-risk
NATO Wargame Examines Cyber Risk to Financial System
Similar exercises such as the Securities Industry and Financial Markets Association’s biannual Quantum Dawn events have also focused specifically on financial services. What sets Locked Shields apart is the scale of the exercise and the scope of the simulation.
https://www.wsj.com/articles/nato-wargame-examines-cyber-risk-to-financial-system-11618479000
Hackers Exploit Known Sap Security Vulnerabilities With a Typical Cyber Attack Succeeding In Record Time
“Observed exploitation could lead in many cases to full control of the unsecured SAP application, bypassing common security and compliance controls, and enabling attackers to steal sensitive information, perform financial fraud or disrupt mission-critical business processes by deploying ransomware or stopping operations,” the report says.
https://www.cpomagazine.com/cyber-security/hackers-exploit-known-sap-security-vulnerabilities-with-a-typical-cyber-attack-succeeding-in-record-time/
Research details how cybersecurity’s reputation rose in the pandemic’s first months
While the study, developed by CRA Business Intelligence and published in summer 2020, offered other more sobering perspectives on the profession at peak pandemic — including elevated levels of stress and burnout — it stands also as a powerful reminder of cybersecurity professionals emerging role as the business world’s quintessential crisis managers.
https://www.scmagazine.com/home/cra-business-intelligence/research-details-how-cybersecuritys-reputation-rose-in-the-pandemics-first-months/
States can play greater role in shaping grid cybersecurity, NGA says
By roping in multiple sectors, these groups help advance the “whole-of-state” approach that the NGA has been promoting over the past few years. NGA’s report highlights eight states that have either created dedicated energy-sector working groups or subcommittees in existing cybersecurity boards as models of this behavior.
https://statescoop.com/nga-states-cybersecurity-grid-infrastructure/
Senate Bill Pushes for Federal Cybersecurity Employee Rotation System
The Federal Rotational Cyber Workforce Program Act would allow cybersecurity employees to work across multiple Federal agencies, allowing them to expand their skills and networks. Additionally, it would “provide opportunities to help attract and retain cybersecurity experts in the Federal government by offering civilian employees opportunities to enhance their careers[.]
https://www.meritalk.com/articles/senate-bill-pushes-for-federal-cybersecurity-employee-rotation-system/
U.S. government accuses Russian companies of recruiting spies, hacking for Moscow
But the administration’s efforts to reveal the Russian tech sector’s ties with the government’s hacking campaigns stand to expose an oft-rumored Russian espionage network with far-reaching tentacles into the world of contractors and billion dollar firms, a network that can obscure who is really behind cybersecurity work emanating from Russia.
https://www.cyberscoop.com/us-government-accuses-russian-companies-recruiting-spies-hacking/
Senators Seek Answers for Deterring Cyber Threats
Nakasone said he was “not sure” adversaries feel deterred. “But here’s what I know that our adversaries understand that’s different today than it was several years ago,” he said: “We are not going to be standing by on the sidelines, not being involved in terms of what’s going on with cyberspace and cybersecurity.”
https://www.airforcemag.com/senators-seek-answers-for-deterring-cyber-threats/
China Poses Serious Threat in Outer Space and Cyberspace
China’s substantial cyber capabilities at a minimum can cause localized temporary disruptions to critical infrastructure within the United States, she continued. The cyberspace threat to the infrastructure as a whole continues to grow, noted Gen. Paul M. Nakasone, USA, commander, U.S. Cyber Command. “Our adversaries continue to get better at what they’re doing,” he stated.
https://www.afcea.org/content/china-poses-serious-threat-outer-space-and-cyberspace
Unpatched Microsoft Exchange Servers hit with cryptojacking
The attackers, whom Sophos did not identify, began their apparently financially-motivated campaign shortly after Microsoft announced four zero-day vulnerabilities, according to Sophos. [...] But over the past month, the hackers have looked for new vulnerable servers to exploit, indicating some are still not paying attention to patching notices, Sophos warned.
https://www.cyberscoop.com/microsoft-exchange-server-flaws-monero-cryptojacking/
YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs
The attack works by leveraging searches for business forms such as invoices, templates, questionnaires, and receipts as a stepping stone toward infiltrating the systems. Users attempting to download the alleged document templates are redirected, without their knowledge, to a malicious website that hosts the malware.
https://thehackernews.com/2021/04/yikes-cybercriminals-flood-intrenet.html
A 23-Year-Old Coder Kept QAnon Online When No One Else Would
What’s undeniable is the niche Lim is filling. His blip of a company is providing essential tech support for the kinds of violence-prone hate groups and conspiracists that tend to get banned by mainstream providers such as Amazon Web Services.
https://www.bloomberg.com/news/features/2021-04-14/qanon-daily-stormer-far-right-have-been-kept-online-by-nick-lim-s-vanwatech
|
