|
Apple fixes 2 iOS zero-day vulnerabilities actively used in attacks
"Apple is aware of a report that this issue may have been actively exploited," the company said in multiple security advisories published today.[...] These vulnerabilities are tracked as CVE-2021-30665 and CVE-2021-30663, and both allow arbitrary remote code execution (RCE) on vulnerable devices simply by visiting a malicious website.
https://www.bleepingcomputer.com/news/apple/apple-fixes-2-ios-zero-day-vulnerabilities-actively-used-in-attacks/
Worldwide phishing attacks deliver three new malware strains
The malware used by UNC2529 in these attacks is heavily obfuscated to hinder analysis, and it attempts to evade detection by deploying payload in-memory whenever possible. "The threat actor made extensive use of obfuscation and fileless malware to complicate detection to deliver a well coded and extensible backdoor," Mandiant said.
https://www.bleepingcomputer.com/news/security/worldwide-phishing-attacks-deliver-three-new-malware-strains/
Scripps Health Knocked Offline by Ransomware
The San Diego-headquartered provider said that outpatient urgent care centers and Scripps HealthExpress locations and emergency departments remain open for patient care, and tried to reassure patients that its “physicians and employees are well-trained and thoroughly prepared to respond to this sort of situation.”
https://www.infosecurity-magazine.com/news/scripps-health-knocked-offline-by/
The impact of TCP/IP vulnerabilities in healthcare devices
- Healthcare organizations are roughly five times more affected by TCP/IP vulnerabilities than any other vertical. There are in total 79 vulnerable types of devices and 259 vulnerable vendors.
- The most common vulnerable device types in healthcare organizations are printers, VoIP, infusion pumps, networking equipment and building automation devices. The most common vulnerable medical device types are infusion pumps, patient monitors and point-of-care diagnostic systems.
https://securityboulevard.com/2021/05/the-impact-of-tcp-ip-vulnerabilities-in-healthcare-devices/
Use longitudinal learning to reduce risky user behavior
HR and security leaders can create a cyber-secure culture by prioritizing the most crucial defense against cyberthreats — humans. Businesses must focus on positively changing user behavior to improve their security posture. In order to do this, enterprises need to use contextualized, longitudinal learning to consistently educate users over time.
https://www.helpnetsecurity.com/2021/05/04/longitudinal-learning/
Financial institutions experiencing jump in new pandemic-related threats
“We’re noticing a clear collaboration emerging between different groups of criminals across the wider landscape of serious and organized crime. Fraudsters and cybercriminals seek to exploit fear, uncertainty and change, and the pandemic has offered them new opportunities to probe for weaknesses they can monetise and new ways to disguise their activity.”
https://www.helpnetsecurity.com/2021/05/04/pandemic-related-threats/
NYDFS: SolarWinds hack is a harbinger of the next big financial crisis
“This incident confirms that the next great financial crisis could come from a cyber attack,” says superintendent of Financial Services Linda A. Lacewell. “Seeing hackers get access to thousands of organisations in one stroke underscores that cyber attacks threaten not just individual companies but also the stability of the financial industry as a whole.”
https://www.finextra.com/newsarticle/37979/nydfs-solarwinds-hack-is-a-harbinger-of-the-next-big-financial-crisis
Cyber Solarium Members Worried About Water Infrastructure Cybersecurity
Ravich went on to decry the sector’s lack of investments in cybersecurity and the lack of attention paid to cybersecurity in water distribution in general. “It’s a very different condition than other lifeline infrastructures, such as energy financial services or telecom where cybersecurity – while it’s not perfect by any means – has significantly had more attention paid to it,” Ravich said.
https://www.meritalk.com/articles/cyber-solarium-members-worried-about-water-infrastructure-cybersecurity/
OT/IoT Security: Start From a Never Trust, Always Verify Mindset
NERC CIP could be a model for other critical infrastructure like water treatment systems. The American Water Infrastructure Act is brand new. Oldsmar is in the smaller category and was not required to submit the risk and resilience assessment or emergency response plan at the time of the breach. The AWIA appears much less prescriptive than CIP at this moment. But compliance will only get us to a set of minimal standards.
https://www.automation.com/en-us/articles/may-2021/ot-iot-security-never-trust-always-verify-mindset
OMB Prioritizes Cyber, COVID Tech For New TMF Payback Model
Prior to the recent cash infusion, Congress was reticent to put more than a few hundred million in the fund. But the COVID-19 pandemic and multiple high-level, potentially high-impact cybersecurity breaches in recent months highlighted many gaps in federal technology and moved a newly Democratic Congress to invest big in the TMF.
https://www.nextgov.com/it-modernization/2021/05/omb-prioritizes-cyber-covid-tech-new-tmf-payback-model/173806/
WHY THE UNITED STATES NEEDS AN INDEPENDENT CYBER FORCE
While the Department of Defense cannot and should not take ownership of every aspect of this ubiquitous challenge that spans the public and private sector alike, it must bring new focus, capacity, and transformative change to effectively address the military dimensions of this challenge. To do so, it needs to establish the U.S. Cyber Force as a new military service.
https://warontherocks.com/2021/05/why-the-united-states-needs-an-independent-cyber-force/
Space Security Challenge 2021: Hack-A-Sat 2 registration opens
The Space Security Challenge 2021: Hack-A-Sat 2 begins with a Qualification Event that takes place June 26, 10 a.m. EDT – June 27, 4 p.m. EDT. Teams will compete in a Jeopardy-style format, earning points based on speed and accuracy, for a chance to win one of ten prize packages that include $10,000.
https://www.af.mil/News/Article-Display/Article/2595343/space-security-challenge-2021-hack-a-sat-2-registration-opens/
Twitter restricts account of Intrusion Truth, which doxxes suspected Chinese hackers
Intrusion Truth’s Twitter account suggested it would publish new information on Wednesday about “hackers based in Chengdu,” a city in southwestern China. Twitter, though, plastered a warning on the account, saying that the account was “temporarily restricted” because “there has been some unusual activity.”
https://www.cyberscoop.com/intrusion-truth-twitter-china-hack/
Iran's Military Reportedly Backs Ransomware Campaign
Iran's Islamic Revolutionary Guard Corps was behind a ransomware campaign that used a contracting company called "Emen Net Pasargard," or ENP, to target over a dozen organizations, according to three leaked intelligence documents assessed by the security firm Flashpoint. [...] Another leaked spreadsheet revealed the ransomware campaign was launched at the end of October 2020, Flashpoint says.
https://www.bankinfosecurity.com/irans-military-reportedly-backs-ransomware-campaign-a-16517
Data privacy demands a unified view across siloes
To underscore the difference, consider an agency that secures sensitive constituent data through such tools as encryption, key management and access controls. While these are reasonable and practical data security measures, they do not address whether the data is collected, used or shared with the citizen’s consent. Without that consent, even if the data is secured, it is still possibly a violation of data privacy requirements.
https://gcn.com/articles/2021/04/30/data-privacy.aspx
Newer Generic Top-Level Domains a Security 'Nuisance'
"One aspect of this to ask if it was a valuable extension of the namespace or pointless nuisance" to add more TLDs in recent years, says Ben April, chief security officer at Farsight Security. The data around TLD use suggests that the latter might well be the case, he says.
https://www.darkreading.com/threat-intelligence/newer-generic-top-level-domains-a-security-nuisance-/d/d-id/1340922
New Pingback Malware Using ICMP Tunneling to Evade C&C Detection
Researchers on Tuesday disclosed a novel malware that uses a variety of tricks to stay under the radar and evade detection, while stealthily capable of executing arbitrary commands on infected systems. Called 'Pingback,' the Windows malware leverages Internet Control Message Protocol (ICMP) tunneling for covert bot communications, allowing the adversary to utilize ICMP packets to piggyback attack code, according to an analysis published today by Trustwave.
https://thehackernews.com/2021/05/new-pingback-malware-using-icmp.html
Bait Boost: Phishers Delivering Increasingly Convincing Lures
In one example from Q1 2020, Kasperky reported that clients of several Dutch banks received a fraud email which prompted them to scan a QR code to “unlock” mobile banking. Instead, they were directed to a web page loaded with malware. [...] Other phishing lures observed last quarter by Kaspersky included offers of government payouts, intended to steal credit-card information and personal data.
https://threatpost.com/bait-phishers-convincing-lures/165834/
'Millions' of Dell PCs will grant malware, rogue users admin-level access if asked nicely
This is made possible by five security vulnerabilities in Dell's dbutil_2_3.sys driver, which it bundles with its PCs. These are grouped under the label CVE 2021-21551, and they can be abused to crash systems, steal information, and escalate privileges to take total control. These programming blunders can only be exploited by applications already running on a machine, or a logged-in user.
https://www.theregister.com/2021/05/04/dell_driver_flaw/
|
