Global Cyber News Digest

Events

Cyber Insider Podcast

Press Room

Daily News Digest

Stay current on the global cyber threat landscape and industry developments with CCOE’s daily digest and library of cybersecurity news and articles.

  • China Intensifies Cyber-Attacks After Disengagement From Pangong Lake: Report

    • Indian government organisations such as Computer Emergency Response Team (CERT-IN) and National Critical Information Infrastructure Protection Centre (NCIIPC) have reported that Chinese hackers have attempted to infiltrate the countrys cyberspace after troops from the two neighbours disengaged from Pangong Lake in eastern Ladakh.
    • NCIIPC's Threat Assessment group has identified Emissary Panda, also known as APT-27, which is a China-based threat actor that targets foreign embassies for stealing data related to technology, government and defence sectors.
    • The hackers were attempting to steal data and disrupt the power supply in the state. The attempt was successfully thwarted because CERT-IN has issued an alert and subsequently GENCO blocked the suspected IP addresses and changed the user credentials of all officials operating remotely as precautionary measure, as reported by the local media.
    • India's response to these cyber-attacks has been restrained, and in the short term can be considered rational. Attribution remains a problem in the cyber domain, since the Chinese government has repeatedly denied responsibility for these actions.
    • Unlike with the use of conventional weapons that are the domain of the country's military, the government can deny its connection to hackers that makes threat of escalation risky.
    • Another preventative measure put in place is aimed at developing indigenous microprocessors and reducing the dependence on the country's import of military software.
    | March 13, 2021
    hak-iq.us20.list-manage.comMarch 13, 2021

  • 2gether compensates for its crypto cyber-attack losses

    • One thing that has dogged the blockchain industry, more than most, is cyber-attacks.
    • On 31 July 2020, 2gether - a collaborative crypto-trading platform - suffered a cyber-attack at the hands of hackers who stole 114 BTC and 281 ETH worth a combined €1.18 million from its users' investment accounts.
    • While these hacks are nothing new, those stolen funds are usually gone forever. 14 of these kinds of attacks, starting with Bithumb in February 2017 to Zaif in September 2018, saw $882 million in crypto and USD funds go missing.
    • 2gether is compensating its users to give back the cryptocurrency stolen from their accounts.
    • To raise the capital to execute the plan, 2gether worked with the community, private investors, and partners to generate an equity crowdfunding round, which closed at the legal maximum of €1.5 million, 125 percent of its target.
    • It's rare to see any blockchain organization compensate for cyber-attack losses. If the industry is to become seen as legitimate by a mainstream audience, more schemes like this could make the difference.
    - Stewart Rogers | March 11, 2021
    hak-iq.us20.list-manage.comMarch 11, 2021

  • Cyber Attack Taps Operations at Molson Coors

    • When a breach impacts critical infrastructure or a food and beverage manufacturer, it seems to take the seriousness to another level. After all, in either instance, the impact could result in serious injuries or even fatalities.
    • This is what made the recent attack on a small Florida city’s water treatment facility so alarming. It is also what makes the “cyber incident” recently acknowledged by Molson Coors a scary occurrence.
    • “Given the round-the-clock nature of operations in food and beverage companies, much of the IT equipment in manufacturing plants can’t be patched frequently, making these assets a prime target for attacks such as ransomware..." - Grant Geyer, CPO, Claroty
    • While the adult beverage manufacturer has yet to provide many details, a regulatory filing Thursday noted the event has resulted in taking key systems offline, including impacting portions of its production and distribution operations.
    - Peter Fretty | March 11, 2021
    hak-iq.us20.list-manage.comMarch 11, 2021

  • Tax Time Guide: Make protecting tax and financial information a habit

    • The Internal Revenue Service today urged people to continue practicing proper cybersecurity habits by securing computers, phones and other devices.
    • As a reminder, the IRS doesn't initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. Generally, the IRS first mails a paper bill to a person who owes taxes.
    • A few tips to help minimize exposure to fraud and identity theft:
      • Protect personal information. Treat personal information like cash – don't hand it out to just anyone.
      • Set password and encryption protections for wireless networks.
      • Never download "security" software from a pop-up ad.
      • Use security software. An anti-virus program should provide protection from viruses, Trojans, spyware and adware. The IRS urges people, especially tax professionals, to use an anti-virus program and always keep it up to date.
      • Set security software to update automatically so it can be updated as threats emerge.
      • Back up files. No system is completely secure. Copy important files, including federal and state tax returns, onto removable discs or back-up drives and cloud storage.
    | March 11, 2021
    hak-iq.us20.list-manage.comMarch 11, 2021

  • Verkada breach exposed live feeds of 150,000 surveillance cameras inside schools, hospitals and more

    • A group of hackers have breached a database containing security camera feeds collected by Verkada Inc., a Silicon Valley startup. The database includes live feeds of 150,000 surveillance cameras inside hospitals, organizations, police departments, prisons and schools. 
    • Tesla Inc. and software provider Cloudflare Inc. were exposed in the breach.
    • The breach was carried out by a hacker with the goal of demonstrating the "pervasiveness of video surveillance and the ease with which systems could be broken into." One of the hackers claiming credit for this breach include Tillie Kottmann, who has reportedly hacked Intel Corp. and Nissan Motor Co.
    • A Verkada spokesperson said they had disabled all internal administrator accounts to prevent any further unauthorized access.
    • This latest breach should be a reminder that a compromised privileged account can lead to access to extremely sensitive devices when it is not protected with privileged access best practices, notes Joseph Carson, Chief Security Scientist at Thycotic. "Questions should be raised on whether a single user account should have that much privileged access to so many security cameras. When I was a System Administrator, we practiced separation of duties meaning that my accounts had limited access and for me to gain access to other systems I had to go through a security control before that would be permitted.  This latest security breach is a stark reminder on the importance of the Principle of Least Privilege and why a single privileged account should be controlled with more verifications and requirements."
    - Maria Enriquez | March 11, 2021
    hak-iq.us20.list-manage.comMarch 11, 2021

  • The SolarWinds Cyber-Attack – The Devastation and Wreckage

    • In a recent 10-K disclosure, SolarWinds announced that it is the subject of ongoing investigations conducted by the Department of Justice, the Securities and Exchange Commission, and various state attorneys general focused on the cyberattack on its software.
    • Given the high-profile nature of the cyber-attack, DOJ and state enforcement actions are likely to seek relatively large settlements.  The E.U. will follow suit to underscore the importance of proactive security strategies.
    • SolarWinds’ 10-K filing reflects the devastating impact a cyber-attack can have on a business.
    • By the end of 2020, SolarWinds has incurred over $3 million in expenses.  These costs are likely to increase substantially as SolarWinds completes its investigation, remedies deficiencies in its cyber protection solutions.  Further, SolarWinds will incur legal and consulting expenses as it navigates the government enforcement and private litigation costs.
    JDSupra - Michael Volkov | March 10, 2021
    hak-iq.us20.list-manage.comMarch 10, 2021

  • There’s No Margin for Error in Port Cyber Security

    • With the global shipping industry already under pressure, and the UK facing new challenges in 2021 as the Brexit transition period has ended, addressing the risk to port infrastructure from cyber-attack has never been more critical.
    • Due to the critical nature of ports, and the publicity and knock-on effects of disruption, ports are an attractive target, and may be viewed as being more likely to pay up.
    • By getting access to data and systems within the port, they can get information on goods movements, or attempt to amend records to evade taxes and excise duties.
    • Information held by ports such as passenger movements, goods flows or operational techniques can be hugely revealing to help build a better picture of activity in a country or region.
    • Ports are especially exposed as they typically have to interact with a large number of stakeholders on a daily basis, which can give attackers a wide range of opportunities to attempt to impersonate legitimate entities.
    - Joel Snape | March 9, 2021
    hak-iq.us20.list-manage.comMarch 9, 2021

  • Careful where you selfie: Hackers are using WFH photos to steal your info

    • When you’re proud of your home office setup, it’s tempting to snap a selfie and share it with the world — but think twice before you hit “Post.” Hawk-eyed hackers can take a single detail from your background and pinpoint sensitive data, including corporate secrets.
    • If you post a selfie online, potential cybercriminals can zoom in and see the contents of your computer screen. If you left up an email from your boss, now they know which email address to use to target your team with Business Email Compromise (BEC) attacks.
    • If you still want to upload a photo of your home office setup, blur the background.
    - Serena O'Sullivan | March 9, 2021
    hak-iq.us20.list-manage.comMarch 9, 2021

  • LinkedIn to Stop Collecting IDFA Data from iOS Devices in respect to Apple’s App Tracking Transparency Feature

    • Apple announced a new App Tracking Transparency Feature which will be hitting on iOS devices in the coming spring.
    • What this App Tracking Feature will do once launched is that each app present on the App Store and downloaded on your phone will have to ask for user consent in order to retrieve and share your data.
    • LinkedIn announced that they will stop using the IDFA, also called “Identifier for Advertisements.” This is a program in applications which allows cross platform and cross app tracking between different applications by collecting user data and if a developer removes it permanently from their applications they will not have to ask for user consent from Apple users as their applications ability to share data around will finish.
    • This is great step from LinkedIn. Removing the use of IDFA will not have the users worry about their privacy and will save the company from updating to user consent notifications as well. Apart from LinkedIn, Google is also following on the same footsteps when they announced removing the use of their IDFA data in January.
    - Arooj Ahmed | March 7, 2021
    hak-iq.us20.list-manage.comMarch 7, 2021

  • Microsoft Shares Additional Mitigations for Exchange Server Vulnerabilities Under Attack

    • Microsoft on Friday released alternative mitigation measures for organizations who have not been able to immediately apply emergency out-of-band patches released earlier this week that address vulnerabilities being exploited to siphon e-mail data from corporate Microsoft Exchange servers.
    • Microsoft also provided a nmap script to help customers discover vulnerable servers within their infrastructure.
    • Analysts say that HAFNIUM, a state-sponsored hacking group operating out of China, has been on an an active hacking spree with a massive espionage campaign underway to siphon data from organizations globally.
    • “This is the real deal. If your organization runs an OWA server exposed to the internet, assume compromise between 02/26-03/03,” Ex-CISA Chief Chris Krebs tweeted. “Check for 8 character aspx files in C:\inetpubwwwrootaspnet_clientsystem_web. If you get a hit on that search, you’re now in incident response mode."
    - Mike Lennon | March 6, 2021
    hak-iq.us20.list-manage.comMarch 6, 2021

451 A Street, Suite 500
San Diego, CA 92101

[email protected]

CONNECT WITH US

Linkedin Twitter

Cyber Center of Excellence is a San Diego-based nonprofit dedicated to growing the regional cyber economy and creating a more secure digital community for all.

JOIN US
Linkedin Twitter
Cyber Center of Excellence | Privacy Policy  |  Terms & Conditions
Linkedin Twitter
Privacy Policy  |  Terms & Conditions
© 2024 Cyber Center of Excellence