- SysAdmin of Billion-Dollar Hacking Group Gets 10-Year Sentenceon April 17, 2021
A high-level manager and systems administrator associated with the FIN7 threat actor has been sentenced to 10 years in prison, the U.S. Department of Justice announced Friday. Fedir Hladyr, a 35-year-old Ukrainian national, is said to have played a crucial role in a criminal scheme that compromised tens of millions of debit and credit cards, in addition to aggregating the stolen information,
- What are the different roles within cybersecurity?on April 17, 2021
People talk about the cybersecurity job market like it's a monolith, but there are a number of different roles within cybersecurity, depending not only on your skill level and experience but on what you like to do. In fact, Cybercrime Magazine came up with a list of 50 cybersecurity job titles, while CyberSN, a recruiting organization, came up with its own list of 45 cybersecurity job categories
- BazarLoader Malware Abuses Slack, BaseCamp Cloudson April 16, 2021 in Malware, Web Security
Two cyberattack campaigns are making the rounds using unique social-engineering techniques.
- iOS Kids Game Morphs into Underground Crypto Casinoon April 16, 2021 in Mobile Security
A malicious ‘Jungle Run’ app tricked security protections to make it into the Apple App Store, scamming users out of money with a casino-like functionality.
- NSA: 5 Security Bugs Under Active Nation-State Cyberattackon April 16, 2021 in Government, Malware, Vulnerabilities
Widely deployed platforms from Citrix, Fortinet, Pulse Secure, Synacor and VMware are all in the crosshairs of APT29, bent on stealing credentials and more.
- FIN7 'technical guru' sentenced to 10 years in prisonon April 16, 2021 in Government, cybercrime, Department of Justice (DOJ), FIN7, Financial services, Western District of Washington
A U.S. federal judge on Friday sentenced Fedir Hladyr to 10 years in prison for his alleged role as an administrator of the multibillion-dollar cybercrime group known as FIN7, which has breached hundreds of U.S. firms. The 10-year sentence includes three years Hladyr has already spent in detention since his arrest, and $2.5 million in restitution to be distributed to victims. FIN7 is one of the most formidable cybercriminal groups of the last decade, allegedly siphoning off millions of credit card numbers from restaurant and hospitality chains in 47 U.S. states. And Hladyr, a Ukrainian in his mid-30s, is allegedly a big reason that FIN7 operated like a well-oiled multinational corporation. Hladyr allegedly controlled an instant messaging service that the crime group used to upload stolen payment card data and screenshots from hacked financial firms. He also allegedly organized FIN7’s work through a project-tracking software that managed thousands of stolen usernames The post FIN7 'technical guru' sentenced to 10 years in prison appeared first on CyberScoop.
- Codecov dev tool hit in another supply chain hackon April 16, 2021 in Technology, Exchange Server, SolarWinds, supply chain, supply chain security
There’s another supply chain hack on the block. Starting in January, attackers began altering Codecov’s Bash Uploader script and accessing Codecov customers’ information, the firm announced Thursday. Codecov, a platform that provides customers with reviews of code, found out about the unauthorized access and meddling on April 1. Bash Uploader is a tool that customers use to share code reports with Codecov. The incident could impact Codecov customers’ credentials, tokens or keys passed through users’ continuous integration environments, as well as any services or datastores that could be accessed with those credentials or keys, the firm said in a blog. The incident may also have impacted the Codecov-actions uploader for Github, the Codecov CircleCl Orb and the Codecov Bitrise Step, the firm warned. Codecov customers include Atlassian, Mozilla, Sweetgreen, Tile and The Washington Post, according to Codecov’s website. Codecov has 29,000 customers in all, Codecov said. Codecov is just the The post Codecov dev tool hit in another supply chain hack appeared first on CyberScoop.
- How (and why) cyber specialists hacked a North American utility's smart meteron April 16, 2021 in Technology, critical infrastructure, energy, industrial control systems (ICS), Mandiant, red team, Saudi Arabia, smart homes, Trisis, Ukraine
The hackers behind some of the most impactful intrusions of industrial organizations in the last five years have meticulously searched for ways to move from facilities’ IT networks to the more sensitive computers that interact with machinery. Before alleged Russian hackers cut power in Ukraine in 2015, for example, they spent many months mapping out utility computer networks and gathering grid workers’ credentials. And the hackers that triggered the 2017 shutdown of a Saudi petrochemical plant with the so-called Triton malware are known for using dozens of different tools to maintain access to IT and industrial networks. As state-sponsored hackers continue to probe U.S. infrastructure, cybersecurity experts regularly emulate those landmark attacks today to break into their clients’ networks in order to protect them. The latest example comes from Mandiant, FireEye’s incident response unit, which this week publicized the techniques it used to infiltrate a North American utility’s industrial control systems The post How (and why) cyber specialists hacked a North American utility's smart meter appeared first on CyberScoop.
- Royal Caribbean uses wearables for contact tracing; sees facial recognition as best long-term solutionon April 16, 2021
Wearables provide public health and security teams onboard Royal Caribbean with a solid means of contact tracing, but the future may be in facial recognition.
- Mandiant Front Lines: How to Tackle Exchange Exploitson April 16, 2021 in InfoSec Insider, Malware, Vulnerabilities
Matt Bromiley, senior principal consultant with Mandiant, offers checklists for how small- and medium-sized businesses (SMBs) can identify and clear ProxyLogon Microsoft Exchange infections.
- Geraldine Hart named Hofstra University’s Director of Public Safetyon April 16, 2021
Geraldine Hart, currently the Suffolk County Police commissioner, will become Hofstra University’s next Director of Public Safety in June.
- Google Project Zero Cuts Bug Disclosure Timeline to a 30-Day Grace Periodon April 16, 2021 in Bug Bounty, Vulnerabilities
The zero-day flaw research group has revised its disclosure of the technical details of vulnerabilities in the hopes of speeding up the release and adoption of fixes.
- A push for cybersecurity philanthropic giving launcheson April 16, 2021 in Financial, Technology, Center for Internet Security, Craig Newmark, Cyber Threat Alliance, cybercrime, education, Hewlett Foundation, information sharing and analysis centers (ISACs), law enforcement, Tenable
Over nearly a decade, cybersecurity-related philanthropic giving has constituted a fraction of one percent of the billions of dollars devoted to peace and security causes. An open letter Friday signed by trade associations, non-profits, charitable foundations, think tanks and well-known cybersecurity professionals aims to change that trend as part of what could be a series of future steps. “We believe that private philanthropy is ideally suited to support the development of an emerging field of theorists and practitioners across cybersecurity domains,” reads the letter. “Anyone who cares about national security, innovation, economic development, personal privacy, or civil liberties should care about cybersecurity. Private philanthropy is a critical missing piece to meet this urgent need.” The William and Flora Hewlett Foundation, Craig Newmark Philanthropies, and Gula Tech Foundation led the effort to organize the letter, signed by 30 different organizations and individuals. They include former White House cyber coordinator and current The post A push for cybersecurity philanthropic giving launches appeared first on CyberScoop.
- Severe Bugs Reported in EtherNet/IP Stack for Industrial Systemson April 16, 2021
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued an advisory warning of multiple vulnerabilities in the OpENer EtherNet/IP stack that could expose industrial systems to denial-of-service (DoS) attacks, data leaks, and remote code execution. All OpENer commits and versions prior to February 10, 2021, are affected, although there are no known public exploits that
- US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattackon April 16, 2021
The U.S. and U.K. on Thursday formally attributed the supply chain attack of IT infrastructure management company SolarWinds with "high confidence" to government operatives working for Russia's Foreign Intelligence Service (SVR). "Russia's pattern of malign behaviour around the world – whether in cyberspace, in election interference or in the aggressive operations of their intelligence services
- President Biden issues sanctions against Russia for cyberattacks, election interferenceon April 16, 2021
U.S. President Biden has signed a new executive order imposing new sanctions on Russia for actions by "its government and intelligence services against the U.S. sovereignty and interests." The administration formally named Russian Foreign Intelligence Service (SVR), also known as APT 29, Cozy Bear, and The Dukes, as the perpetrator of the broad-scope cyber espionage campaign that exploited the SolarWinds Orion platform and other information technology infrastructures.
- Product spotlight on cybersecurity, data protection, and privacy solutionson April 16, 2021
Check out the latest cybersecurity products, all designed to protect your networks, infrastructure, critical data, assets and private information.
- Gaining a video surveillance ‘edge’ in the cloudon April 16, 2021
Video storage is an important consideration in any surveillance project while simultaneously being one of the most overlooked. Let’s face it: storage does not exactly provide the “wow factor” of analytics or 4K image quality, but it is the backbone on which entire video security systems are built. If you cannot retrieve and review footage in a timely manner, all the other shiny features you have incorporated into your security surveillance solution is for naught.
- How do you define the value of security?on April 16, 2021
Benchmarking your security program against others in your sector can prove extremely valuable for your organization and key stakeholders.
- Russian foreign intelligence service exploiting five publicly known vulnerabilities to compromise U.S. and allied networkson April 16, 2021
The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) jointly released a Cybersecurity Advisory, “Russian SVR Targets U.S. and Allied Networks,” to expose ongoing Russian Foreign Intelligence Service (SVR) exploitation of five publicly known vulnerabilities. This advisory is being released alongside the U.S. government’s formal attribution of the SolarWinds supply chain compromise and related cyber espionage campaign. We are publishing this product to highlight additional tactics, techniques, and procedures being used by SVR so that network defenders can take action to mitigate against them.
- U.S. government accuses Russian companies of recruiting spies, hacking for Moscowon April 15, 2021 in Government, APT29, Cozy Bear, espionage, FSB, GRU, offensive cybersecurity, Russia, Russian hackers, SVR, Treasury Department
The Biden Administration took a sideswipe at the Russian government’s network of companies it allegedly relies on to conduct intelligence and military hacking Thursday — part of a broader effort to beat back Russian government hacking and information operations targeting Americans, the U.S. private sector and the federal government. In one of the most striking actions the Biden administration took Thursday, the U.S. Treasury Department sanctioned Positive Technologies, a cybersecurity firm headquartered in Moscow. According to the Treasury Department, Positive Technologies may appear to be a regular IT firm, but it actually supports Russian government clients, including the Federal Security Service. The firm also “hosts large-scale conventions that are used as recruiting events for the FSB and GRU,” the Treasury Department said, referring to the Federal Security Service (FSB) and Russia’s Main Intelligence Directorate (GRU). U.S. intelligence documents show that the company has gone even further at times and has The post U.S. government accuses Russian companies of recruiting spies, hacking for Moscow appeared first on CyberScoop.
- Biden Races to Shore Up Power Grid Against Hackson April 15, 2021 in Critical Infrastructure, Government, Hacks, Malware
A 100-day race to boost cybersecurity will rely on incentives rather than regulation, the White House said.
- Gafgyt Botnet Lifts DDoS Tricks from Miraion April 15, 2021 in IoT, Malware, Vulnerabilities, Web Security
The IoT-targeted malware has also added new exploits for initial compromise, for Huawei, Realtek and Dasan GPON devices.
- 1-Click Hack Found in Popular Desktop Apps — Check If You're Using Themon April 15, 2021
Multiple one-click vulnerabilities have been discovered across a variety of popular software applications, allowing an attacker to potentially execute arbitrary code on target systems. The issues were discovered by Positive Security researchers Fabian Bräunlein and Lukas Euler and affect apps like Telegram, Nextcloud, VLC, LibreOffice, OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark, and Mumble.
- Oakland International Airport brings new security screeningon April 15, 2021
Oakland International Airport has installed identity technology and touchless security lanes from CLEAR.
- Bowdoin College's Office of Safety and Security earns accreditation from IACLEAon April 15, 2021
Maine's Bowdoin College announced that its Office of Safety and Security achieved accreditation from the International Association of Campus Law Enforcement Administrators (IACLEA).
- White House slaps sanctions on Russian cyber activities while blaming SVR for SolarWinds campaignon April 15, 2021 in Government, APT29, Biden administration, Cozy Bear, deterrence, espionage, Jim Langevin, Joe Biden, Russia, Russian hackers, sanctions, SolarWinds, SVR, White House
The Biden administration on Thursday imposed sweeping sanctions on Russian intelligence operatives for their alleged interference in the 2020 U.S. election, and on Russian companies for allegedly supporting Moscow’s extensive cyber-espionage operations. The Treasury Department sanctioned 32 organizations and individuals for their alleged influence operations aimed at the U.S. election. The White House said it was part of an effort to “disrupt the coordinated efforts of Russian officials, proxies and intelligence agencies to delegitimize our electoral process.” As part of the crackdown, Treasury sanctioned six Russian tech firms for allegedly providing support to Russian intelligence services’ hacking operations by developing malicious software or setting up IT infrastructure. U.S. officials also made official what had long been rumored: They believe with “high confidence” that Russia’s foreign intelligence agency, the SVR, carried out the hacking campaign that has exploited software made by contractor SolarWinds and other vendors to infiltrate nine U.S. agencies The post White House slaps sanctions on Russian cyber activities while blaming SVR for SolarWinds campaign appeared first on CyberScoop.
- NSA, FBI, DHS expose Russian intelligence hacking tradecrafton April 15, 2021 in Government, APT29, Cozy Bear, Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), National Security Agency (NSA), Russia, Russian hackers, SolarWinds
The U.S. government warned the private sector Thursday that Russian government hackers working for Russia’s Foreign Intelligence Service (SVR) are actively exploiting five known vulnerabilities to target U.S. companies and the defense industrial base. The National Security Agency, the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) urged system administrators to patch immediately against the vulnerabilities the hackers, also known at APT29 or Cozy Bear, are exploiting. The SVR hackers are specifically actively exploiting vulnerabilities in Fortinet FortiGate VPN, Synacor Zimbra Collaboration Suite, Pulse Secure Pulse Connect Secure VPN, Citrix Application Delivery Controller and Gateway and VMware Workspace ONE Access to gain initial footholds into networks, the government said in its alert. The hackers have been using these initial footholds to collect victims’ authentication credentials to burrow further into networks. The announcement coincides with the U.S. intelligence community’s formal attribution of the supply chain hack The post NSA, FBI, DHS expose Russian intelligence hacking tradecraft appeared first on CyberScoop.
- Attackers Target ProxyLogon Exploit to Install Cryptojackeron April 15, 2021 in Hacks, Malware, Vulnerabilities
Threat actors targeted compromised Exchange servers to host malicious Monero cryptominer in an “unusual attack,” Sophos researchers discovered.
- April's Cybersecurity & Geopolitical podcast is up!on April 15, 2021
Episode three of the Cybersecurity and Geopolitical video podcast is up and ready for viewing! We are also now offering an audio version to listen to anytime, anywhere, including from Apple podcasts.
- Malware Variants: More Sophisticated, Prevalent and Evolving in 2021on April 15, 2021
A malicious program intended to cause havoc with IT systems—malware—is becoming more and more sophisticated every year. The year 2021 is no exception, as recent trends indicate that several new variants of malware are making their way into the world of cybersecurity. While smarter security solutions are popping up, modern malware still eludes and challenges cybersecurity experts. The evolution
- YIKES! Hackers flood the web with 100,000 pages offering malicious PDFson April 15, 2021
Cybercriminals are resorting to search engine poisoning techniques to lure business professionals into seemingly legitimate Google sites that install a Remote Access Trojan (RAT) capable of carrying out a wide range of attacks. The attack works by leveraging searches for business forms such as invoices, templates, questionnaires, and receipts as a stepping stone toward infiltrating the systems.
- New WhatsApp Bugs Could've Let Attackers Hack Your Phone Remotelyon April 15, 2021
Facebook-owned WhatsApp recently addressed two security vulnerabilities in its messaging app for Android that could have been exploited to execute malicious code remotely on the device and even exfiltrate sensitive information. The flaws take aim at devices running Android versions up to and including Android 9 by carrying out what's known as a "man-in-the-disk" attack that makes it possible for
- NSA Discovers New Vulnerabilities Affecting Microsoft Exchange Serverson April 15, 2021
In its April slate of patches, Microsoft rolled out fixes for a total of 114 security flaws, including an actively exploited zero-day and four remote code execution bugs in Exchange Server. Of the 114 flaws, 19 are rated as Critical, 88 are rated Important, and one is rated Moderate in severity. Chief among them is CVE-2021-28310, a privilege escalation vulnerability in Win32k that's said to be
- 54% of teens today do not believe schools are equipped to respond effectively to emergency incidents or mental health needson April 15, 2021
The third poll in a series of nationwide surveys conducted by Navigate360 and John Zogby Strategies, a national polling firm, shows the majority (54%) of teens today do not feel prepared to deal with the anxiety of returning to school and do not believe schools are equipped to respond effectively to emergency incidents or mental health needs.
- NJOHSP, NJ ROIC launch New Jersey Shield Program to foster information sharing, collaborationon April 15, 2021
The New Jersey Office of Homeland Security and Preparedness (NJOHSP) and New Jersey Regional Operations and Intelligence Center (NJ ROIC) launched New Jersey Shield on April 14, a program focused on strengthening information sharing and collaboration among the public and private sectors.
- 5 minutes with Ray Espinoza - Common cybersecurity hurdles leadership teams may encounter when restructuringon April 15, 2021
Meet Ray Espinoza, Chief Information Security Officer at Cobalt. With over 20 years of technology experience and 14+ years in information security, Espinoza’s collaborative leadership style has enabled him to build information security and risk management programs that support business objectives and build customer trust. Here, we talk to Espinoza about common cybersecurity hurdles leadership teams may encounter when restructuring.
- US firms repurposing their existing video monitoring systems to support return to the workplaceon April 15, 2021
A multi-country survey of organizations running video monitoring systems, conducted by Ava Security, found that U.S. firms are avidly repurposing their existing video monitoring systems to support the ‘COVID Safe’ return to offices and workplaces across North America.
- The force of biometrics in post-pandemic financial services securityon April 15, 2021
Biometric technology, and specifically its most modern iteration, facial recognition, has found its way into security systems essential to everyone. We rely on it to safeguard some of our most prized belongings, including our smartphones, laptops and now, with Apple Pay, even our bank accounts and credit cards. Security experts applaud facial recognition as one of the most secure and efficient means of authentication available today. Why then, has the industry most hinged on security and identification – Banking, Financial Services and Insurance (BFSI) – been so slow to adopt this new wave of technology?
- Security Bug Allows Attackers to Brick Kubernetes Clusterson April 14, 2021 in Cloud Security, Vulnerabilities
The vulnerability is triggered when a cloud container pulls a malicious image from a registry.