cw-briefing-011322.jpg

Open source security concerns. Cyberespionage, with some catphishing. Spyware in El Salvador.

Dateline Washington: open source security and threats to critical infrastructure.

Open-source software and threats to critical infrastructure. (The CyberWire) Open-source software is vital to the tech industry. The bad actors haven’t overlooked that.

NATO, Russia in a standoff after talks in Brussels (POLITICO) Russian officials refuse to commit to withdraw troops from Ukrainian border as West rejects Moscow’s core security demands.

Russia Conducts Military Drills by Ukraine, Says U.S. Must Ease Tensions (Newsweek) A top Russian lawmaker has said the onus is on Washington to decrease tensions with Moscow as international talks continue about the Kremlin’s build-up of troops by the border with Ukraine.

Federal agencies warn of Russian hackers targeting critical infrastructure (TheHill) Federal agencies are warning about Russian hackers potentially targeting critical infrastructure in the United States.

U.S. Security Agencies Issue Advisory on Russian Cyber Attacks on Infrastructure (Insurance Journal) Federal cybersecurity officials are again warning of Russian cyber attacks and urging critical infrastructure networks in particular to be on alert. The

Russian APTs: Why Stakes Are So High for Healthcare Sector (Gov Info Security) Healthcare and public health sector entities must heed the warnings this week by federal authorities of Russian state-sponsored cyberthreats to critical

As the Russian Threat to Ukraine Grows, U.S. Warns of Cyber Disruption (The Maritime Executive) As the possibility of a Russian attack on Ukraine grows, Americas federal cybersecurity agencies are…

White House hosts open-source software security summit in light of expansive Log4j flaw (CyberScoop) Tech giants and federal agencies will meet at the White House on Thursday to discuss open-source software security, a response to the widespread Log4j vulnerability that’s worrying industry and cyber leaders.

The Open Source Software Security Summit: securing the world’s code together (The GitHub Blog) My colleague Stormy Peters and I are proud to represent GitHub at the White House’s Open Source Software Security Summit.

Attacks, Threats, and Vulnerabilities

Iranian intel cyber suite of malware uses open source tools (U.S. Cyber Command) To better enable defense against malicious cyber actors, U.S. Cyber Command’s Cyber National Mission Force has identified and disclosed multiple open-source tools that Iranian intelligence actors are

US Cyber Command links MuddyWater to Iranian intelligence (ZDNet) Official notice confirms suspicion that the group is state-backed.

US military links prolific hacking group to Iranian intelligence (CNN) The US military’s Cyber Command on Wednesday detailed multiple hacking tools that officials say Iran’s Ministry of Intelligence and Security has used against computer networks “around the world.”

U.S. military publicly links Iran to MuddyWater hacker group (UPI) The U.S. military publicly disclosed multiple tools on Wednesday that it says “Iranian intelligence actors are using in networks around the world,” linking the country to a known hacker group.

U.S. Cyber Command shares new samples of suspected Iranian hacking software (CyberScoop) U.S. Cyber Command posted more than a dozen malware samples to a public repository Wednesday, saying that if network administrators see two or more of these samples on their systems, they may have been targeted by Iranian military hackers.

Cyber Command ties hacking group to Iranian intelligence (The Record by Recorded Future) U.S. Cyber Command on Wednesday revealed that a hacking group reputed for its cyberespionage campaigns is actually part of Iran’s intelligence apparatus.

Open Source Software Security Under Scrutiny (Claroty) A White House meeting convenes to discuss the use of open source software in critical infrastructure and whether it’s a cybersecurity risk.

Log4j: How hackers are using the flaw to deliver this new ‘modular’ backdoor (ZDNet) Some state-backed hackers go to great lengths to cover their tracks. This Iran-backed group does not, according to Check Point.

Iranian state-sponsored hacking group exploiting Apache Log4j vulnerabilities (SiliconANGLE) An Iranian state-sponsored hacking group has been found to be actively exploiting vulnerabilities in Apache Log4j to distribute a new modular PowerShell toolkit for nefarious purposes.

Project Torogoz: Extensive Hacking of Media & Civil Society in El Salvador with Pegasus Spyware (The Citizen Lab) Journalists and members of civil society had their phones successfully infected with NSO’s Pegasus spyware between July 2020 – November 2021.

Journalists in El Salvador Targeted With Spyware Intended for Criminals (New York Times) The announcement came months after the U.S. government blacklisted the Israeli firm that produces Pegasus, the technology used to target the journalists.

NSO Spyware Linked to Phone Hacks of Journalists, Activists in El Salvador (Bloomberg) Dozens of phones compromised in effort to control free press, rights groups say

NSO spyware found targeting journalists and NGOs in El Salvador (ZDNet) Citizen Lab and Access Now find hacking was taking place while journalists were reporting on issues surrounding President Bukele.

NSO Group Spyware Targeted Dozens of Reporters in El Salvador (Wired) The newly disclosed campaign shows how little the company has done to curb abuses of its powerful surveillance tools.

Hackers take over diplomat’s email, target Russian deputy minister (BleepingComputer) Hackers believed to work for the North Korean government have compromised the email account of a staff member of Russia’s Ministry of Foreign Affairs (MID) and deployed spear-phishing attacks against the country’s diplomats in other regions.

As Kazakhstan Descends Into Chaos, Crypto Miners Are at a Loss (Wired) The central Asian country became No. 2 in the world for Bitcoin mining. But political turmoil and power cuts have hit hard, and the future looks bleak.

Threat Analysis Report: DatopLoader Exploits ProxyShell to Deliver QBOT and Cobalt Strike (Cybereason) At the beginning of 2021, security researcher Orange Tsai reported a series of vulnerabilities targeting Microsoft Exchange servers dubbed ProxyLogon.

The iLOBleed Implant: Lights Out Management Like You Wouldn’t Believe (Eclypsium) iLOBleed has been observed in the wild since 2020 and has proven to be stealthy, persistent, and damaging. A BMC implant can provide virtually omnipotent control over a compromised server, and in this case, attackers used iLOBleed to completely wipe the victim server’s disks. Just as importantly, iLOBleed used the unique powers of firmware to do this repeatedly. Since the malicious code was hidden within the BMC firmware, the implant was able to persist even after the server operating system was reinstalled; enabling the attacker to repeat the cycle of destroying data after the server was recovered.

GootLoader Hackers Are Compromising Employees of Law and Accounting… (eSentire) GootLoader Gang Launches Wide-Spread Cyberattacks Enticing Legal and Accounting Employees to Download Malware

Magniber ransomware using signed APPX files to infect systems (BleepingComputer) The Magniber ransomware has been spotted using Windows application package files (.APPX) signed with valid certificates to drop malware pretending to be Chrome and Edge web browser updates.

Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more (CyberArk) In this blog post we are going to discuss the details of a vulnerability in Windows Remote Desktop Services, which we recently uncovered. We reported the vulnerability to Microsoft in a…

New RCE bug is making APAC businesses vulnerable to Log Injection attacks (IT Brief) A new remote code execution bug could be making businesses in Asia Pacific vulnerable to Log4Shell log injection attacks.

Kaspersky warns of ‘highly unusual’ spyware campaign (ITWeb) Experts from Kaspersky have discovered a new strain of malware with advanced spying capabilities.

Sharing Malicious Files Within Adobe Cloud (Avanan) It’s easy for hackers to send malicious files through Adobe Cloud.

Decrypting Qakbot’s Encrypted Registry Keys (Trustwave) Since the return of the Qakbot Trojan in early September 2021, especially through SquirrelWaffle malicious spam campaigns, we’ve received a few Qakbot samples to analyze from our Trustwave DFIR and Global Threats Operations teams.

Security researcher claims to have hacked into over 25 Teslas in 13 countries (Computing) The problem is not with Tesla’s system or infrastructure, but rather with the third-party software, he says

TransCredit Data Leak Over 800,000 Records of Credit Reports (The Mac Observer) Jeremiah Fowler together with the Website Planet research team found an unsecured Transcredit data leak of 822,789 records.

600K Credit Reports, Financial Data, and Collections Records Exposed Online. (Website Planet) Security researcher Jeremiah Fowler together with the Website Planet research team discovered a non-password protected database that contained 822,789

Bunnings shoppers hit by cyber attack (news.com.au) People who use the drive and collect system at Bunnings Warehouse may have had their personal data compromised after a third-party software firm suffered a massive cyber security breach.

Clinical Review Vendor Reports Data Breach (Infosecurity Magazine) Nearly 135K individuals impacted by cyber-attack on Medical Review Institute of America

VUSD says personal info was obtained in data breach (The Sun-Gazette Newspaper) Tulare County’s largest school district is notifying some of its 3,000 employees and 32,000 students that some of their personal information has been compromised.

Attack on Health Dept. Computers Was “Ransomware,” Hogan and Cyber Czar Acknowledge (Maryland Matters) Gov. Lawrence J. Hogan Jr. and top officials acknowledged for the first time Wednesday that the Dec. 4 cyberattack was an act of ransomware.

Attack on health dept. computers was ‘ransomware,’ Hogan and cyber czar acknowledge (WTOP News) Gov. Lawrence J. Hogan Jr. and top Maryland Department of Health officials acknowledged for the first time Wednesday that the perpetrators of the attack on the agency’s computer system sought a ransom payment from the state.

Cyber Attack Closes New Mexico’s Largest School District (US News & World Report) New Mexico’s largest school district is canceling classes due to a cyber attack.

Cyber attack causes Albuquerque Public Schools to cancel classes Thursday (KRQE NEWS 13) Albuquerque Public Schools announced Wednesday that they will be closed Thursday, Jan. 13 due to a cyberattack. According to APS, the cyberattack has compromised som…

Meriwether County investigating cyber-attack on government systems (FOX 5 Atlanta) Meriwether County officials are investigating a cyber-attack that may have delayed county services on Wednesday.

US Police Warns About QR Code Parking Scams That Steal Your Money: What to Do If You’ve Been Victimized (iTech Post) Have you recently scanned a code to pay your parking fees? US Police warned people of QR code parking scams that are placed on parking meters.

Security Patches, Mitigations, and Software Updates

Microsoft fixes six zero-days in January Patch Tuesday update (ComputerWeekly.com) A larger than of late Patch Tuesday update from Microsoft comes as defenders continue to grapple with Log4Shell.

Wormable Windows HTTP hole – what you need to know (Naked Security) One bug in the January 2022 Patch Tuesday list is getting lots of attention: “HTTP Protocol Stack Remote Code Execution Vulnerability”.

2021 Ransomware Attack Report (BlackFog) The 2021 ransomware attack report from BlackFog highlights the key ransomware statistics for 2021 and changes since 2020.

Threat of cybercrime looms large for supply chains, according to World Economic Forum (Logistics Manager) Growing cyber threats have been listed among the greatest global risks in the annual World Economic Forum Global Risks Report, published yesterday. The Global Risks Report series tracks global risks perceptions among risk experts and world leaders in business, government and civil society. It examines risks across five categories: economic, environmental, geopolitical, societal, and technological.Read More

Public Sector Worrying About Nation-State Cyber Threats (MeriTalk) While cybersecurity threats continue to grow and evolve, public sector organizations are worrying the most about increasing cybersecurity threats from foreign governments.

The public sector is more concerned about external than internal threats (Help Net Security) The general hacking community is the largest source of cybersecurity threats at public sector organizations, followed closely by insiders.

Kaspersky expects more attacks on cryptocurrency firms this year – BusinessWorld Online (BusinessWorld Online) INTERNET security company Kaspersky expects a larger wave of attacks on cryptocurrency businesses this year, as well as cybercriminals targeting the growing non-fungible token (NFT) industry.

Marketplace

Cybersecurity Venture Funding Surpasses $20B In 2021, Fourth Quarter Smashes Record (Crunchbase News) Last year saw an unprecedented $21.8 billion in venture capital poured into cybersecurity companies globally—and investors set the record in style

How China’s Huawei is betting big on chip packaging to counter US clampdown (DealStreetAsia) Washington has cut off Huawei’s access to advanced U.S. chipmaking technologies since 2019, citing national security concerns.

US firm Resecurity opens new AI-driven R&D centre in Saudi Arabia (Gulf Business) The new R&D centre in Riyadh will focus on security innovations for smart cities and cognitive surveillance technologies.

Aveshka is awarded subcontract with U.S. Marshals Service (USMS) Justice Prisoner Alien and Transportation System (JPATS) (PR Newswire) Aveshka, Inc. a trusted provider of innovative technologies was awarded a subcontract with the U.S. Marshals Service’s (USMS) Justice Prisoner…

Adaptive Shield Joins Cloud Security Alliance to Raise Awareness Around Critical SaaS Risks (PR Newswire) Adaptive Shield, the leading SaaS Security Posture Management (SSPM) company, today announced that it has joined the Cloud Security Alliance…

KnowBe4 Wins 2022 Awards for Best Relationship, Best Value and Best Feature Set From TrustRadius (Yahoo Finance) Tampa Bay, FL, Jan. 12, 2022 (GLOBE NEWSWIRE) — KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced that TrustRadius has recognized KnowBe4 with several 2022 Best Feature Set Awards. These three awards highlight companies with outstanding feature sets that have gone above and beyond to delight their users, companies that are providing customers with outstanding ROI and companies that provide their customers with accurate impl

SecureLink Wins Glassdoor’s Employee Choice Award (SecureLink) An Employee Choice Award by Glassdoor, recognizing the Best Places to Work in 2022 in the U.S small and medium business category.

Thycotic named Gartner Peer Insights customers’ choice for Privileged Access Management (Security Brief) Centrify was also listed as an Established PAM provider based on user interest and adoption. 

BedRock Systems Appoints Josh Dobies to Lead Product Management and Marketing (Business Wire) BedRock Systems which delivers secured computing from edge to cloud, today announced the hiring of Josh Dobies as VP of Products.

Expel Adds Growth Veterans to Leadership Team, Continues Momentum Following Fundraise and $1B+ valuation (Expel) With over 45 years of collective industry experience, Jennifer Lawrence and Kelly Fiedler will drive business growth as Chief Revenue Officer and Chief Marketing Officer, respectively.

Sophos’ Jon Fox jumps to CrowdStrike for APJ channel role (CRN Australia) Former Sophos ANZ channel chief departs after five years.

Lieut. Gen. (Ret.) H.R. McMaster and Charles Carmakal to Join Strider Technologies’ Strategic Advisory Board (KPVI) Strider Technologies, Inc. (“Strider”), the leading provider of Economic Statecraft IntelligenceTM, announced today the formation of a new advisory board. Former U.S.

Products, Services, and Solutions

Apple’s Private Relay Roils Telecoms Around the World (Wired) Security experts say there’s little reason for the criticism from Europe’s mobile operators and US limitations over the VPN-like iCloud tool.

IGI CyberLabs Releases Automatic Update to its Nodeware(R) Solution that Identifies Log4j Vulnerabilities (Morningstar) IGI CyberLabs, a subsidiary of IGI (OTCQB:IMCI), announces that its Nodeware solution now includes industry-leading technology to automatically and thoroughly scan for Log4j vulnerabilities.

Incognia Successfully Achieves SOC 2 Type II Certification (GlobeNewswire News Room) Location identity company meets stringent vendor security management standards…

Honeywell and Acalvio Technologies launch shared solution to stop zero-day attacks (Security Brief) Honeywell and Acalvio Technologies have launched a new solution designed to detect known and unknown (zero-day) attacks across the operational technology (OT) environments in commercial buildings.

Pacific Global Security Group partners with Dragos and IronNet to protect sensitive OT and IT systems (Help Net Security) Pacific Global Security Group (Pac-Sec) is partnering with Dragos and IronNet to provide IT and OT services for government agencies.

Cellebrite Joins AWS Partner Network as an Advanced Technology Partner (GlobeNewswire News Room) Company announces Cellebrite Guardian is available on AWS, part of the Company’s industry leading investigative Digital Intelligence platform Customers…

ThycoticCentrify adds new security controls and automation to Secret Server (Security Brief) Our continued focus on decreasing the steps required to safeguard secrets reduces the workload on security administrators and the attack surface area.

Sophos premiers Sophos Switch Series to strengthen, simplify connectivity at the access layer (Okay.ng) Sophos, a global leader in next-generation cybersecurity, today unveiled the Sophos Switch Series, featuring a range of network access layer switches to

Keeper Security Launches Keeper Secrets Manager, the First Zero-Trust, Zero-Knowledge and Cloud-Native Solution for Securing Infrastructure Secrets (Business Wire) Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software covering password management, dark web monitoring, digit

Prancer Enterprise announces the release of Penetration Testing as Code Framework (PAC) (Yahoo Finance) Prancer Enterprise, a company providing shift-left security strategies for the cloud, announces the release of Penetration Testing as Code Framework (PAC). Prancer’s Penetration Testing as Code Framework (PAC) is the main offensive security tool offered by the company to promote shift-left security strategies in cloud environments. The shift left movement has been growing since the last couple of years with initiatives like Prancer’s Infrastructure as Code (IaC) static code analysis. Prancer Ent

Microsoft touts first PCs to ship natively with secure Pluton chip (Computerworld) Along with thwarting malware, the Pluton chip handles BitLocker, Windows Hello, and System Guard and might help prevent physical insider attacks. The technology is also being used in Azure Sphere in the cloud.

CrowdStrike Expands Zero Trust Support to macOS and Linux (CrowdStrike) CrowdStrike announced the availability of Falcon Zero Trust Assessment (ZTA)  support for macOS and Linux platforms, extending protection across all platforms.

Technologies, Techniques, and Standards

Fixing Log4Shell: how a university patched all its endpoints over a weekend (Computing) It’s all about knowing what you have, how the software is interconnected and then getting boots on the ground, says SNHU’s endpoint team

Resources for Fraud Fighters | SEON (SEON) An eager fraud fighter is someone who submerges themselves into this world. Here are the best anti-fraud resources to get you started.

How the Gaming Industry Can Play it Safe and Not Get Pwned (CSO Online) Innovations by both gaming providers and cybercriminals have created new security obstacles to overcome.

Building Multi-Cloud in the Intelligence Community (Breaking Defense) Information superiority and speed to mission are the hallmark of multi-cloud environments, along with automation, cybersecurity, and governance.

Academia

Endicott Students Hack to Combat Police Violence (Endicott College) A team of Endicott computer science majors recently entered and won their first hackathon by developing a cutting-edge prototype for ALive, an app for witnessing and documenting police violence.

Securing a Future in Security – iSchool | Syracuse University (iSchool | Syracuse University) Anthony Herbert ’15 got an early start in the information technology field

Legislation, Policy, and Regulation

PRC’s New Efforts to Facilitate Data Trading: Shanghai Data Exchange Kicks Off Trading (cyber/data/privacy insights) The new year ushered in a new way to commoditize personal data: the Shanghai Data Exchange (SDE). With the Personal Information Protection Law (PIPL) becoming effective on November 1, 2021 – as well as the Data Security Law (DSL) effective September 1, 2021, and the Cybersecurity Law (CSL) effective

Senior S. Korean, US diplomats discuss alliance, regional security in phone call (The Korea Herald) Senior diplomats of South Korea and the United States held phone talks Wednesday to discuss the bilateral alliance and other issues on the Korean Peninsula, according to officials. Yeo Seung-bae, deputy foreign minister for political affairs, and his US counterpart Daniel Kritenbrink had comprehensive discussions on regional and global issues, a foreign ministry official said without elaborating. “I had a grea…

Nigeria lifts Twitter ban from midnight, government official says (Reuters) Nigeria will lift a ban on Twitter from midnight after the social media platform agreed to open a local office, among other agreements with authorities in the West African country, a senior government official said on Wednesday.

UK banned Huawei because US told us to, former minister (KBC) The UK government’s decision to ban Huawei 5G equipment and services “had nothing to do with national security,” and was because of American pressure, a former business and industry minister has said.

Putin Has Turned Russia Into Autocracy’s Defender of Last Resort (World Politics Review) There’s much that remains unknown about the violent turmoil that has engulfed Kazakhstan in recent days. But one clear fact has emerged from the mayhem: Vladimir Putin’s political doctrine now openly includes a promise to protect autocratic rulers in post-Soviet states when they face popular unrest.

How to Cyberproof the Private Sector (Foreign Affairs) The U.S. Can Harness the Market to Tackle the Cybersecurity Challenge

FCC Chair Proposes Updating Data Breach Reporting Requirements (Nextgov.com) The Commission is still waiting for an empty chair to be filled as observers call for a vote on Biden nominee Gigi Sohn.

FCC wants to revamp data breach laws for telecom carriers (CyberScoop) The FCC is exploring updating data breach laws for telecom carriers, the agency announced Wednesday. “Current law already requires telecommunications carriers to protect the privacy and security of sensitive customer information,” said FCC Chairwoman Jessica Rosenworcel. “But these rules need updating to fully reflect the evolving nature of data breaches and the real-time threat they pose to affected consumers.”

Senate passes cyber bills to address supply chain security, aid state and local governments (SC Magazine) The Supply Chain Security Training Act and State and Local Government Cybersecurity Act now head to the House, where companion legislation has been introduced.

2022 – a busy year for privacy legislation has already started (Lexology) On the privacy front, 2022 is already shaping up to be a busy legislative year. During the first week of January, a number of state and federal…

Intelligence Nominee Urged to Stabilize Troubled Homeland Unit | Bloomberg Government (Bloomberg Government) President Joe Biden’s pick to lead the Department of Homeland Security’s intelligence arm pledged to refine the office’s work and keep politics out of the picture.

Litigation, Investigation, and Law Enforcement

Ransomware gang behind attacks on 50 companies arrested in Ukraine (The Record by Recorded Future) Ukrainian authorities have detained five members part of a ransomware gang that carried out attacks against more than 50 companies across Europe and the Americas.

Israel Indicts Five Citizens Suspected of Spying for Iran (Bloomberg) Israel uncovered an attempt by Iran to recruit Israeli citizens as spies, the Israeli Security Agency said in a statement on Wednesday.

Israel says Iran ‘spy network’ recruited women online (France 24) An Iranian “espionage network” used Facebook to recruit Israeli women who were manipulated into photographing the US embassy and other activities, the Shin Bet domestic security agency said Wednesday…

Israeli Security Agency foiled an Iranian attempt to recruit Israeli Jewish women to spy for Iran (Yahoo) Israeli Security Agency (Shin Bet) foiled an Iranian attempt to recruit Israeli Jewish women to spy for Iran.

Meta’s real antitrust problems are only beginning (Platformer) Why an FTC inquiry into the company’s VR ambitions matters more than today’s lawsuit ruling

Kim Kardashian, Floyd Mayweather Jr., Others Sued Over Cryptocurrency Promotion (Wall Street Journal) A number of public figures are accused of misleading investors about EthereumMax in what a class-action lawsuit calls a ‘pump and dump’ scam, allegations the company disputes.

Leave a Comment