Search
Close this search box.

Global Cyber News Digest

Events

Cyber Insider Podcast

Press Room

Daily News Digest

Stay current on the global cyber threat landscape and industry developments with CCOE’s daily digest and library of cybersecurity news and articles.

  • States look to fight back against cybercrime as hackers leverage pandemic to their advantage

    • COVID-19 made its U.S. debut in Washington state, but the virus was only the first of several intruders to attack the state in the past year.
    • Rocked by the massive SolarWinds hack, unemployment system breaches and other attacks, several states are trying to bolster their cybersecurity in the midst of the public health crisis.
    • Alerts from the federal Cybersecurity and Infrastructure Security Agency warned that the SolarWinds campaign posed “a grave risk” to federal, state and local governments, and private companies. The hackers had the “resources, patience, and expertise to gain access to and privileges over highly sensitive information if left unchecked,” the agency cautioned.
    • The SolarWinds attack wasn’t Washington state’s only cyber crisis this past year.
    • In late spring, Washington was one of more than a half-dozen states victimized in a massive fraud scheme in which cybercriminals struck unemployment systems, which already were overburdened with a huge influx of claims.
    • A cybersecurity company linked the attacks to a Nigerian crime ring it nicknamed Scattered Canary. Washington state officials say they were scammed out of hundreds of millions of dollars in fraudulent claims.
    • In response to the attacks, a group of Washington state senators in February introduced a measure to bolster cybersecurity, at the request of Democratic Gov. Jay Inslee.
    • The bill would create an Office of Cybersecurity by statute within the office of the state chief information officer. The office would set standards and policies for safely storing sensitive data and develop a centralized cyber protocol for all state agencies, including those run by independently elected officials, such as the state auditor.
    - Jenni Bergal | March 1, 2021
    hak-iq.us20.list-manage.comMarch 1, 2021

  • Far-Right Platform Gab Has Been Hacked—Including Private Data

    • When Twitter banned Donald Trump and a slew of other far-right users in January, many of them became digital refugees, migrating to sites like Parler and Gab to find a home that wouldn't moderate their hate speech and disinformation.
    • Gab, which inherited some of Parler's displaced users, has been badly hacked. An enormous trove of its contents has been stolen—including what appears to be passwords and private communications.
    • WikiLeaks-style group Distributed Denial of Secrets is revealing what it calls GabLeaks, a collection of more than 70 gigabytes of Gab data representing more than 40 million posts.
    • Gab CEO Andrew Torba acknowledged the breach in a brief statement Sunday.
    • Passwords for private groups are unencrypted, which Torba says the platform discloses to users when they create one. Individual user account passwords appear to be cryptographically hashed.
    • The Gab hack is just the latest in a recent string of apparent "hacktivist" breaches, many of which have ended with DDoSecrets publishing reams of stolen data, or making it privately available to journalists and researchers.
    - Andy Greenberg | February 28, 2021
    hak-iq.us20.list-manage.comFebruary 28, 2021

  • Threat Intelligence: It’s Not Just for IT Anymore

    • Threat intelligence—being able to anticipate how a would-be cybercriminal might attack an organization—is a crucial competency for businesses of every size.
    • Threat intelligence is a wide-ranging discipline encompassing knowledge of the capabilities, resources, motives, and goals of potential security threats to an organization and the application of this knowledge in protecting against security breaches and data theft.
    • As the c-suite turns more attention to the importance of threat intelligence in protecting everything from IP and employee records to massive data sets, a coordinated approach to threat intelligence is crucial.
    • The sophistication and strength of threat intelligence platforms and other tools increase by the day.
    - Justin Stokes | February 27, 2021
    hak-iq.us20.list-manage.comFebruary 27, 2021

  • SolarWinds software: Big takeways from the congressional hearing

    • On February 26th, a congressional hearing pertaining to the SolarWinds hack got underway. Executives from a suite of major software companies briefed senators on the latest SolarWinds-related findings and discussed how to prevent similar attacks in the future.
    • The SolarWinds attack took place on US soil. While the National Security Administration (NSA) may have the agency to surveille international computer networks, it cannot legally surveille domestic ones. This helps to explain why the attack was missed by the NSA.
    • Although invited to attend the hearing, the company declined to send a representative. The hackers used EC2 (Amazon Elastic Compute Cloud). Amazon has reportedly shared AWS-related information with the federal government. However, the company does not wish to make the information public.
    • In the US, information often sits in silos. The engineers behind the SolarWinds breach may have known about the lack of US public-private cyber security-related information sharing. The “fingerprints” of the attack loosely existed across a variety of different organizations. However, none of those organizations communicated the details to one another, which is an aspect of why the attack quietly persisted for more than a year.
    • According to the senate, there may be interest in creating an incentive-based program that encourages public and private reporting of cyber security breaches.
    | February 26, 2021
    hak-iq.us20.list-manage.comFebruary 26, 2021

  • Lawmakers line up behind potential cyber breach notification legislation

    • House lawmakers on both sides of the aisle expressed strong support Friday for legislation to put in place national breach notification requirements in the wake of a massive foreign cyber espionage attack.
    • FireEye CEO Kevin Mandia confirmed to the Senate Intelligence Committee earlier this week that FireEye was not legally required to reveal the cyber incident, and that many companies impacted as part of the Russian cyberattack had not come forward. 
    • Concerns that the federal government would still be unaware of the hack, one of the largest in U.S. history, have spurred efforts on Capitol Hill this week to address cyber incident reporting with legislation, an effort that has been ongoing for decades.
    • Legislation is already in the pipeline. House Foreign Affairs Committee ranking member Michael McCaul (R-Texas) announced Friday that he and Rep. Jim Langevin (D-R.I.), the chair of the House Armed Services Committee’s cybersecurity subcommittee, are working on a bill to create “mandatory breach notification.”
    • SolarWinds President and CEO Sudhakar Ramakrishna testified at the joint House hearing on Friday and urged Congress to consider designating or creating a federal group to take on compiling breach notification reports, with Clarke suggesting CISA.
    • “Having a single entity for which all of us can report to will solve the fundamental purpose of speed and agility in this process,” Ramakrishna said. “Information is very fragmented, and oftentimes the dots are not connected because they are separate.”
    - Maggie Miller | February 26, 2021
    hak-iq.us20.list-manage.comFebruary 26, 2021

  • The hidden business costs of working remotely

    • The thousand-pound gorilla in the room is how remote workers are being affected by the pandemic. "As we approach a year of working from kitchen tables or makeshift offices, it's time for organizations to consider the human impact of long-term remote working and what this means for security," said Tony Pepper, CEO of Egress.
    • Pepper suggests the loss of data security is the overarching hidden cost of remote working.
    • Three things have changed that make remote users more apt to lose data accidentally:
    - Michael Kassner | February 26, 2021
    hak-iq.us20.list-manage.comFebruary 26, 2021

  • Austin's SolarWinds grapples with fallout from cybersecurity breach

    • Austin-based software maker SolarWinds – along with the cybersecurity industry at large – continues to grapple with how to move forward from the massive cyber breach last year that allowed hackers access to multiple federal agencies and more than 100 private-sector companies.
    • Since the start of the year, SolarWinds has debuted a new CEO as it continues its investigation into the breach and works to ramp up its own security.
    • "It's been a living nightmare for the industry, and SolarWinds has been front and center," Dan Ives of Wedbush Securities said. "No company in their wildest nightmares wants to be the center of a congressional investigation that spawned a massive fear around threats."
    • Executives from SolarWinds, Microsoft and cybersecurity firms FireEye and CrowdStrike testified Tuesday about the attack before the U.S. Senate's Select Committee on Intelligence. The companies are also expected to testify Friday before the House Oversight and Homeland Security Committees.
    • SolarWinds said the breach is believed to be the result of hackers making their way into a number of systems by tampering with an update server on the company's network management system.
      • Once in, the hackers were able to gain remote access and insert malicious code that hitched a ride into other systems on a SolarWinds software update.
    - Kara Carlson | February 25, 2021
    hak-iq.us20.list-manage.comFebruary 25, 2021

  • Students’ Information Compromised by Data Breach at Harvard Business School

    • Harvard Business School is working to respond to a data breach that compromised students’ personal information, including some social security numbers and exam submissions.
    • HBS Chief Information Officer Ronald “Ron” S. Chandler initially announced the breach in an email to school affiliates on Jan. 11.
    • Chandler wrote that the Business School was notified by a software vendor of unauthorized access to its files on Dec. 29, after which the school launched an investigation. The investigation found that one or more “unauthorized third parties” had downloaded “files containing personal information” between Dec. 21 and Dec. 23.
    • Brian C. Kenny, a spokesperson for the Business School, wrote in an emailed statement Wednesday that HBS had been informed of the software vulnerability prior to Dec. 29, and had accepted a “software patch” that the vendor provided.
    - Carrie Hsu | February 25, 2021
    hak-iq.us20.list-manage.comFebruary 25, 2021

  • District says cyber attack prompted ‘code red’ lockdown of Cobb schools

    • District officials earlier said an AlertPoint system “malfunction” on Feb. 2 caused employees to receive a message indicating an active alarm.
    • Following the incident, Cobb schools said it began investigating and found the alarm was intentionally set off and was “uniquely limited to the AlertPoint system.”
    • Cobb school board members said the cyber attack on AlertPoint and the malfunctioning of the UV lights have raised more questions about the vulnerability of technology used by the district.
    • “If the safety mechanisms can be manipulated as we just witnessed, then the question is how safe are we?”
    • “How safe is the system and is it the right system if it can be easily targeted?”
    • Board member Brad Wheeler said the incident should propel the district to explore “what can be put in place to prevent it from happening again.”
    - Kristal Dixon | February 24, 2021
    hak-iq.us20.list-manage.comFebruary 24, 2021

  • Bombardier Suffers Cyber Attack

    • The most recent victim is Canadian plane maker Bombardier, who announced yesterday that it suffered a limited cybersecurity breach. An initial investigation revealed that an unauthorized party accessed and extracted data by exploiting a vulnerability affecting a third-party file-transfer application, which was running on purpose-built servers isolated from the main Bombardier IT network.
    • Many security expects are speculating the attack is part of the Accellion "supply chain" breach.
    • The ongoing investigation indicates that the unauthorized access was limited solely to data stored on the specific servers. Manufacturing and customer support operations have not been impacted or interrupted. Bombardier can also confirm the company was not specifically targeted—the vulnerability impacted multiple organizations using the application.
    • The silver lining for Bombardier is that it can use the opportunity from this latest breach to invest more time in checking all entry points to systems and their global network and hopefully root out any other suspicious activity.
    Week - Peter Fretty | February 24, 2021
    hak-iq.us20.list-manage.comFebruary 24, 2021

451 A Street, Suite 500
San Diego, CA 92101

[email protected]

CONNECT WITH US

Linkedin Twitter

Cyber Center of Excellence is a San Diego-based nonprofit dedicated to growing the regional cyber economy and creating a more secure digital community for all.

JOIN US
Linkedin Twitter
Cyber Center of Excellence | Privacy Policy  |  Terms & Conditions
Linkedin Twitter
Privacy Policy  |  Terms & Conditions
© 2024 Cyber Center of Excellence