cw-briefing-010722.jpg

Log4j, and challenges of securing open-source supply chains. Kazakhstan shuts down its Internet. Ransomware at a school website provider.

Dateline the Internet: the Log4j vulnerabilities and related risks.

Log4j and the offense-defense seesaw. (The CyberWire) Log4j vulnerabilities are now part of the familiar action-reaction cycle between attackers and defenders.

Log4Shell Vulnerabilities in VMware Horizon Targeted to Install Web Shells (NHS Digital) Attackers are actively targeting Log4Shell vulnerabilities in VMware Horizon servers in an effort to establish web shells.

UK NHS: Threat actor targets VMware Horizon servers using Log4Shell exploits (The Record by Recorded Future) The security team of the UK National Health Service (NHS) said that it detected an unknown threat actor using the Log4Shell vulnerability to hack VMWare Horizon servers and plant web shells for future attacks.

Attacks Target Log4j Bug in VMware Horizon (Decipher) An unknown threat group is exploiting the Log4j vulnerability in VMware Horizon servers to install webshells for further malicious activity.

CISA: Federal Agencies Taking Steps to Address Log4j Flaw (Decipher) CISA said that thousands of internet-connected assets have been mitigated by federal agencies under its Emergency Directive that addressed the Log4j flaw.

CISA Still Helping Federal Agencies Remediate Log4j Vulnerability (MeriTalk) The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) said today that it is continuing to help Federal agencies remediate the Log4j vulnerability that CISA first warned about in December.

Lesson from Log4j: Open-source software improvements need help from feds (POLITICO) The tech industry is readying solutions to the security risks posed by the collaborative software that underpins modern-day computing — but aid from Washington could be essential to the project’s success.

Attacks, Threats, and Vulnerabilities

Internet disrupted in Kazakhstan amid energy price protests (Netblocks) Network data from NetBlocks confirm a significant disruption to internet service in Kazakhstan from the evening of Tuesday 4 January 2022, progressing to a nation-scale communications blackout on Wednesday afternoon.

Massive internet outages continue to sow confusion amid Kazakhstan protests (The Record by Recorded Future) Nation-level internet traffic was cut off in Kazakhstan this week in the latest example of a petrostate trying to use shut downs to quell protests and sow confusion. 

Kazakhstan’s deadly protests hit bitcoin, as the world’s second-biggest mining hub shuts down (CNBC) The second-biggest country for bitcoin mining lost its internet access, taking as much as 15% of the network offline.

Night Sky is the latest ransomware targeting corporate networks (BleepingComputer) It’s a new year, and with it comes a new ransomware to keep an eye on called ‘Night Sky’ that targets corporate networks and steals data in double-extortion attacks.

Wine, Weapons and WhatsApp: A Skopje Spyware Scandal (Balkan Insight) A 30-year-old Skopje man heads the company identified by the Citizen Lab as producing spyware found in the phones of two exiled Egyptians. His family deals in wine and weapons, often with the state.

Fresh Warnings Issued Over Abuse of Google Services (SecurityWeek) US government agencies and cybersecurity companies have issued fresh warnings over the abuse of Google services.

Hackers exploit Google Docs comment feature in new phishing campaign (Computing) This is an appealing technique for attackers whose malicious messages are delivered by Google

Tek Fog: An App With BJP Footprints for Cyber Troops to Automate Hate, Manipulate Trends (The Wire) The Wire investigates claims behind the use of ‘Tek Fog’, a highly sophisticated app used by online operatives to hijack major social media and encrypted messaging platforms and amplify right-wing propaganda to a domestic audience.

JNDI-Related Vulnerability Discovered in H2 Database Console (JFrog) Critical JNDI-based vulnerability exploiting the same root cause of Log4Shell. Read more from the JFrog Security Research Team describing the attack vector >

The early signs of ransomware: A blitz game (Darktrace) When it comes to tackling the problem of ransomware, attack is the best form of defense. This blog explores how to spot the early indicators of ransomware, which can prove a pivotal advantage as the game develops.

FinalSite ransomware attack shuts down thousands of school websites (BleepingComputer) FinalSite, a leading school website services provider, has suffered a ransomware attack disrupting access to websites for thousands of schools worldwide.

FinalSite discloses ransomware attack that crippled websites for 8,000 schools (The Record by Recorded Future) A ransomware attack on FinalSite, a cloud-based web hosting provider specialized in school and educational websites, has crippled the school portals and web services of more than 8,000 schools across more than 110 countries.

A Vulnerability in Proctoring Software Should Worry Colleges, Experts Say (Chronicle of Higher Education) A vulnerability detected last year in an online-proctoring software used by more than 2,000 American colleges is raising new alarm bells for experts, who say that too many institutions — eager to assure the academic integrity of online assessments — have failed to evaluate those platforms and weigh the risk of cyberattacks.

Chemicals Company Element Solutions Discloses Cybersecurity Incident (SecurityWeek) Chemicals company Element Solutions says it has detected a cyber intrusion on some IT systems.

Insecure Amazon S3 bucket exposed personal data on 500,000 Ghanaian graduates (The Daily Swig) Cloud storage misconfiguration left sensitive data openly accessible

Bernalillo County, N.M., Systems Disrupted by Cyber Attack (GovTech) New Mexico’s most heavily populated county was hit with an apparent ransomware attack early Wednesday morning. Many systems are shut down, but public safety services remain in operation.

Booking management platform FlexBooker leaks 3.7 million user records (The Record by Recorded Future) FlexBooker, a company that provides a cloud-based online scheduling and booking service, has exposed the personal details of more than 3.7 million users.

Cyber-Attack on Fertility Centers of Illinois (Infosecurity Magazine) PHI of nearly 80,000 current and former FCI patients impacted by cyber-attack

RIPTA employees vote no confidence in management after massive data breach (WJAR) Rhode Island Public Transit Authority employees voted no confidence in management after a massive data breach. Thousands of state workers received letters last month saying theirpersonal information was compromised in the August attack. The union representing RIPTA workers, Local 618, is calling for the resignation of chief officers and senior staff. RELATED: ACLU of Rhode Island demands answers about massive RIPTA data breach.

Security Patches, Mitigations, and Software Updates

VMware Plugs Security Holes in Workstation, Fusion and ESXi (SecurityWeek) VMware ships patches for heap-overflow vulnerability that could lead to code execution attacks.

Microsoft: KB5008212 Windows security update breaks Outlook search (BleepingComputer) Microsoft has acknowledged an issue triggered by a Windows 10, version 21H2 security update released during the December 2021 Patch Tuesday that causes search issues in Outlook for Microsoft 365.

Philips Engage Software (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 2.6
ATTENTION: Exploitable remotely
Vendor: Philips
Equipment: Engage Software
Vulnerability: Improper Access Control
2. RISK EVALUATION

Successful exploitation of this vulnerability may allow improper viewing (read-only) of business contact information.

Omron CX-One (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Omron
Equipment: CX-One
Vulnerabilities: Stack-based Buffer Overflow
2. RISK EVALUATION

Successful exploitation of this vulnerability may allow arbitrary code execution.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of CX-One automation software are affected:

Fernhill SCADA (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Fernhill Software, Ltd.
Equipment: Fernhill SCADA Server
Vulnerability: Uncontrolled Resource Consumption
2. RISK EVALUATION

Successful exploitation of this vulnerability could cause a denial-of-service condition.

IDEC PLCs (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 7.6
ATTENTION: Exploitable remotely/low attack complexity
Vendor: IDEC
Equipment: PLCs (Programmable Logic Controllers)
Vulnerabilities: Unprotected Transport of Credentials, Plaintext Storage of a Password
2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to upload, alter, and/or download the PLC user program.

Cryptocurrency crime in 2021 hits all-time high in value -Chainalysis (Reuters) Cryptocurrency-linked crime surged to a record high last year in terms of value, with illegal addresses receiving $14 billion in digital currencies, up 79% from $7.8 billion in 2020, according to a blog from blockchain analysis firm Chainalysis released on Thursday.

Crypto Crime Trends for 2022: Illicit Transaction Activity Reaches All-Time High in Value, All-Time Low in Share of All Cryptocurrency Activity (Chainalysis) This blog is a preview of our 2022 Crypto Crime Report. Sign up here to reserve your copy and we’ll email you the full report when

Marketplace

Cyber Liability Insurance is Evolving; Prevention is Now Key for Coverage (IGI) Cyber liability insurance is getting harder to purchase and, in some cases, renew. Cyber liability programs are becoming significantly more expensive.

Cyber Ninjas shutting down after judge fines Arizona audit company $50K a day (TheHill) Cyber Ninjas, a firm hired by the Arizona state Senate to conduct a review of Maricopa County’s election results, on Thursday announced that it is shutting down after a county government report slammed the firm and a judge ordered it to pay $50,00

Cerberus Sentinel announces acquisition of True Digital Security (GlobeNewswire News Room) U.S. cybersecurity services firm expands security services and network monitoring capabilities…

The Briefing: Assent Compliance Raises $350M, PayFit Lands $287M, And More (Crunchbase News) Crunchbase News’ top picks of the news to stay current in the VC and startup world.

Dataware Pioneer, Cinchy Named One of Canada’s Companies-to-Watch in Deloitte’s Technology Fast 50™ Program (Cinchy) TORONTO, ON, January 6, 2022: Cinchy, the leading pioneer in the fast-growing Dataware space, today announced that it has received the prestigious Deloitte Technology Fast 50 Companies-to-Watch 2021 award. The program spotlights emerging companies that exhibit strong growth and show potential to be a future candidate of the Technology Fast 50 award.

After Fishtech merger, founder aims to help other entrepreneurs ‘realize their dreams’ (Kansas City Business Journal) Fishtech Group LLC started with a “dangerous combination” — deep industry relationships, capital and prowess in scaling and selling cybersecurity companies.

What Fishtech’s merger means for KC’s tech scene (Kansas City Business Journal) Gary Fish says Kansas City helped seal Fishtech Group’s merger with Herjavec Group. The combined company envisions a bigger office footprint in the area and more local jobs in the future.

Mozilla pauses accepting crypto donations following backlash (The Verge) It’s also reviewing its crypto policy.

GameStop Entering NFT and Cryptocurrency Markets as Part of Turnaround Plan (Wall Street Journal) The retailer is launching a division dedicated to the buzzy new technologies amid a push to turn a profit

Cybereason Named One of Boston’s ‘Best Places to Work’ by Built In Bos (PRWeb) Cybereason, the XDR company, today announced it has been named one of Boston’s ‘Best Places to Work’ by Built In Boston. In fact, Cybereason was named to three dif

Immuta Names Will Rahim Chief Customer Officer (Yahoo Finance) Tech industry leader Will Rahim joins Immuta as Chief Customer Officer to lead customer experience and help scale Cloud Data Access Control leader

Sectigo Announces Executive Appointment of David Mahdi as Chief Strategy Officer and CISO Advisor (GlobeNewswire News Room) Former Gartner VP and Identity Cryptography and Cybersecurity Visionary Joins Award-Winning Executive Team of Digital Identity Leader…

Michael Zembrzuski Named Chief Growth Officer of NetCentrics; Kenny Cushing Quoted (ExecutiveBiz) NetCentrics, a leading provider of cybersecurity services to the U.S. government, announced on Thursday that the company has named Michael Zembrzuski as its new chief growth officer.“NetCentrics will benefit from Mr. Zembrzuski’s multi-faceted expertise. He has decades of experience in cybersecurity, as well as established relationships across the Federal, Intelligence, DOD and Law Enforcement sectors,”

Christina Kosmowski, LogicMonitor’s New Customer Centric CEO (Forbes) Christina Kosmowski established her career creating customer success at hyper-growth companies Salesforce and Slack. We recently discussed her path and her appointment as CEO at LogicMonitor, the cloud-based infrastructure monitoring and observability platform provider.

LogicMonitor makes leadership changes after sudden exit of CRO and CFO last year (CRN) Infrastructure monitoring vendor promotes president to CEO post while filling CRO and CFO positions after high-ranking execs suddenly left the business last year

NeoSystems Names Susan Mitchell as CFO and Brad Wolf as Senior Vice President of IT Operations (NeoSystems LLC) New Leadership Additions to Accelerate Growth for Managed Services Provider TYSONS CORNER, Va., January 7, 2022 – NeoSystems, a full…

Products, Services, and Solutions

Microsoft Announces Zero-Touch Onboarding for ‘Defender for Endpoint’ on iOS (SecurityWeek) Microsoft this week announced the public preview of zero-touch onboarding for Defender for Endpoint on iOS.

Technologies, Techniques, and Standards

Preventing BlackMatter Ransomware from Encryption of Available Remote Share (illusive) A logic flaw in BlackMatter ransomware could have enabled organizations to prevent the encryption of shared folders by employing this method.

The code must go on: An Afghan coding bootcamp becomes a lifeline under Taliban rule (MIT Technology Review) In Afghanistan, tech entrepreneurship was once promoted as an element of peace-building. Now, young coders wonder whether to stay or go.

How to Use the Principle of Least Privilege for Account Security (Santa Clarita Valley Signal) Privileged accounts, such as administrator, root, and service accounts, are common to all computerized networks. These accounts carry a great deal of power. It is, therefore, natural for hackers to target these privileged accounts to achieve their goal of breaching the system successfully. One of the most effective ways for protecting your privileged account from […]

How to Secure the Files in Your S3 Buckets (Votiro) Explore the concept of S3 buckets, how they are being used, and some common security issues enterprises face when using S3. Find out how you can enhance your S3 security strategy.

Research and Development

AFRL updates Quantum Information Sciences BAA (Intelligence Community News) On January 6, the Air Force Research Laboratory posted an updated broad agency announcement (BAA) for Quantum Information Sciences. For best funding consideration in FY23, white papers should be submitted by 2:00 p.m. Eastern on September 29, 2022.

Academia

How To Teach Students To Thwart Cyber Hackers (BW Education) The large number of young and bright students entering the digital world, positions India to be perhaps the largest producer of skilled cybersecurity professionals in the world.

Legislation, Policy, and Regulation

The Case for Cyber-Realism (Foreign Affairs) Geopolitical problems don’t have technical solutions.

Russian troops intervene in protest-roiled Kazakhstan, where security forces have killed dozens of demonstrators (Washington Post) Russian troops landed in Kazakhstan on Thursday after the Central Asian country’s president asked for help to quell sweeping anti-government protests — a major test of a Moscow-led military alliance as the Kremlin deepened its role in the crisis.

Kazakh president gives shoot-to-kill order to put down uprising (Reuters) Kazakhstan’s president said on Friday he had ordered his forces to shoot-to-kill to deal with disturbances from those he called bandits and terrorists, a day after Russia sent troops to put down a countrywide uprising.

Kazakhstan unrest: From Russia to US, the world reacts (Al Jazeera) Bloody protests have drawn the attention of regional powers Russia and China, as well as Western capitals.

West must stand up to Russia in Kazakhstan, opposition leader says (Reuters) The West must pull Kazakhstan out of Moscow’s orbit or Russian President Vladimir Putin will draw the Central Asian state into “a structure like the Soviet Union”, a former minister who is now a Kazakh opposition leader told Reuters.

How Kazakhstan could shift Putin’s calculus on Ukraine (Atlantic Council) The unrest poses a question for Putin: Should he continue his intimidation campaign on his western flank or address the dangers to his south? 

What’s Behind Russia’s Latest Demands (Foreign Policy) Moscow has long chafed at Ukraine’s relationship with the West, so why the sudden urgency?

Putin has painted himself into a corner | Opinion (Newsweek) Russia’s president is undertaking a colossal gamble.

France says Putin trying to bypass EU over Ukraine by talking solely to U.S. (Reuters) France’s foreign minister said on Friday that Russia was trying to bypass the European Union by holding talks directly with the United States over Ukraine.

U.S. and Germany touch base before meeting with Russia about Ukraine tensions (NPR.org) With Russian troops massed on the Ukrainian border, Secretary of State Antony Blinken and his German counterpart huddle before next week’s meetings with Russian officials aimed at defusing the crisis.

Europe Is Playing Bystander to the U.S. and Russia on the Ukraine Crisis (World Politics Review) The Russian invasion of Ukraine that some in Europe were expecting in recent weeks did not materialize, but Russian troops amassed at their border have still not dispersed. The biggest question for Brussels remains whether to use a carrot or stick approach to convince Russia to scale back its full-court press of Ukraine.

Europe Strong and Safe (Foreign Affairs) To deter Russia, America must help revive the region’s security architecture.

What It Will Take to Deter Russia (Foreign Affairs) Sanctions alone won’t stop Putin from launching another invasion.

China cyberspace regulator says it will build solid national cyber security barrier (Reuters) China will speed up establishment of a comprehensive internet governance system and build a solid national cyber security barrier, the cyberspace regulator said on Thursday.

U.S. and Japan sound alarm on China, seek new defence collaboration (Thomson-Reuters Foundation) UPDATE 3-U.S. and Japan sound alarm on China, seek new defence collaboration

Japan, US concerned over China bid to undermine rules-based order (The Mainichi) TOKYO (Kyodo) — Japanese and U.S. foreign and defense chiefs on Friday shared their concerns about China’s attempts to

Cyber Command Task Force Conducted Its First Offensive Operation As The Secretary Of Defense Watched (The Drive) The operation is another sign of the rapidly evolving nature of warfare in the digital domain and the future importance of offensive cyber operations.

Fears grow that cyber chaos will spark wars as hack attacks become more aggressive (The Washington Times) National Cyber Director John C. Inglis told the House Oversight and Reform Committee in November that a cyberattack is typically considered an act of war when it achieves the same amount of damage as a kinetic weapon, including things like the ‘loss of health safety, national security of a significant nature.’ Some cyberattacks have come dangerously close to Mr. Inglis’ generic definition of cyber warfare.

Kosovo bans cryptocurrency mining to save electricity (Reuters) Kosovo’s government on Tuesday introduced a ban on cryptocurrency mining in an attempt to curb electricity consumption as the country faces the worst energy crisis in a decade due to production outages.

A look inside the TSA’s new cybersecurity regime for pipelines and railroads (Federal News Network) Operators of pipelines, freight railroads and passenger transit systems face a parade of cybersecurity deadlines this year.

UN says measures to improve cyberspace safety needed now (Open Access Government) With 782 million people joining the internet since 2019, what is being done to protect people when they are online?

The Former NSA Official Vying to Steer Biden’s Cyber Policy (Bloomberg) Anne Neuberger is at the center of a bureaucratic tussle within the White House.

POLITICO Pro Q&A: Cyberspace Solarium Commission co-chairs Sen. Angus King and Rep. Mike Gallagher on the group’s legacy (POLITICO) As the congressionally chartered group winds down, its two leaders reflect on what they accomplished and how they’re moving forward.

A cyber commission was Congress’ secret weapon (Washington Post) The last two years have been big ones for cyber legislation. And the Cyberspace Solarium Commission was a driving force.

Key Considerations for Canadian National Cyber Security Strategy (The State of Security) Trudeau tasked national defense, foreign affairs, public safety, and industry ministers to develop a new “National Cyber Security Strategy.”

Litigation, Investigation, and Law Enforcement

NSO Loses Latest Challenge to Meta Lawsuit Over WhatsApp Spyware (Bloomberg Law) Israeli spyware maker NSO Group lost its bid to challenge a Ninth Circuit ruling that let Meta Platforms Inc.‘s WhatsApp pursue claims that users of the messaging service were illegally targeted with surveillance software.

Rights group verifies Polish senator was hacked with spyware (The Independent) Amnesty International says it has independently confirmed that an Israeli company’s powerful spyware was used to hack a Polish senator when he was running the opposition’s 2019 parliamentary election campaign

Polish leader admits country bought powerful Israeli spyware (AP NEWS) Poland’s most powerful politician has acknowledged that the country bought advanced spyware from the Israeli surveillance software maker NSO Group, but denied that it was being used to target his political opponents.

DHS warns online threats targeting lawmakers on the rise (CBS News) The FBI’s Washington Field Office confirmed that it “does not have any information indicating specific or credible threats.”

DHS warns online threats have increased on extremist platforms over past 48 hours with some against lawmakers (CNN) There has been an increase in online extremist content in the past 48 hours, including threats to lawmakers and the President, according to a Department of Homeland Security intelligence memo obtained by CNN.

France Fines Google, Facebook for Privacy Violations (Wall Street Journal) Facebook and Google required several steps to reject cookies, leading users to accept the technology because doing so required just one click, a French regulator said.

France Hits Google, Facebook With Huge Fines Over ‘Cookies’ (SecurityWeek) French regulators have hit Google and Facebook with 210 million euros ($237 million) in fines over their use of “cookies”, the data used to track users online

Office of the New York State Attorney General Releases Results of Credential Stuffing Investigation (PerimeterX) NY OAG issued a report on the growing threat of credential stuffing attacks and recommended bot detection, MFA and passwordless authentication.

Cyber Ninjas ordered to pay $50,000 a day until Maricopa audit records produced (Washington Examiner) Cyber Ninjas, the lead contractor hired by the Arizona Senate to conduct an audit of the 2020 election in Maricopa County, was found in contempt of court Thursday in a legal dispute over access to documents.

Man used stolen usernames and passwords to download personal pictures (Lancashire Telegraph) A MAN who illegally obtained usernames and passwords of people’s private social media accounts later perused and downloaded images and videos of…

Hacker stole intimate photos of women because he ‘liked the detective work’ (LancsLive) Michael Grime became obsessed and ‘enjoyed the detective work’ of hacking accounts

New Jersey settles CFA and [HIPAA} violations following 2019 data breach (Lexology) On December 15, the acting New Jersey attorney general and the Division of Consumer Affairs reached a settlement with three New Jersey-based medical…

Running Warehouse Faces Proposed Class Action Over Data Breach (Bloomberg Law) Running Warehouse LLC was hit with a proposed class action in California federal court alleging it fails to secure and safeguard consumers’ personally identifiable information against hackers.

Leave a Comment