Global Cyber News Digest

Events

Cyber Insider Podcast

Press Room

Daily News Digest

Stay current on the global cyber threat landscape and industry developments with CCOE’s daily digest and library of cybersecurity news and articles.

  • Bombardier Suffers Cyber Attack

    • The most recent victim is Canadian plane maker Bombardier, who announced yesterday that it suffered a limited cybersecurity breach. An initial investigation revealed that an unauthorized party accessed and extracted data by exploiting a vulnerability affecting a third-party file-transfer application, which was running on purpose-built servers isolated from the main Bombardier IT network.
    • Many security expects are speculating the attack is part of the Accellion "supply chain" breach.
    • The ongoing investigation indicates that the unauthorized access was limited solely to data stored on the specific servers. Manufacturing and customer support operations have not been impacted or interrupted. Bombardier can also confirm the company was not specifically targeted—the vulnerability impacted multiple organizations using the application.
    • The silver lining for Bombardier is that it can use the opportunity from this latest breach to invest more time in checking all entry points to systems and their global network and hopefully root out any other suspicious activity.
    Week - Peter Fretty | February 24, 2021
    hak-iq.us20.list-manage.comFebruary 24, 2021

  • SolarWinds hackers targeted NASA, Federal Aviation Administration networks

    • Hackers are said to have broken into the networks of U.S. space agency NASA and the Federal Aviation Administration as part of a wider espionage campaign targeting U.S. government agencies and private companies.
    • The two agencies were named by the Washington Post on Tuesday, hours ahead of a Senate Intelligence Committee hearing tasked with investigating the widespread cyberattack.
    • It’s believed NASA and the FAA are the two remaining unnamed agencies of the nine government agencies confirmed to have been breached by the attack. The other seven include the Departments of Commerce, Energy, Homeland Security, Justice and State, the Treasury and the National Institutes of Health, though it’s not believed the attackers breached their classified networks.
    • Anne Neuberger, the former NSA cybersecurity director who last month was elevated to the White House’s National Security Council to serve as the deputy national security adviser for cyber and emerging technology, said that the attack took “months to plan and execute,” and will “take us some time to uncover this layer by layer.”
    - Zack Whittaker | February 23, 2021
    hak-iq.us20.list-manage.comFebruary 23, 2021

  • VC firm Sequoia Capital suffers data breach, investor information stolen

    • Sequoia Capital, one of the most famous venture capital firms in Silicon Valley has suffered a data breach with investor information likely stolen.
    • It’s believed that the attack vector was via an employee being phished. Whether malware or ransomware was involved in the data breach is not clear with Sequoia informing its investors of the breach on Friday, Feb. 19.
    • The data potentially stolen is said to include personal and financial information.
    • Privileged access continues to be a major challenge for organizations. “Privileged access is no longer just about domain admins and it is also important to consider business users who have access to sensitive data as privileged access,” said Joseph Carson, Thycotic Software Ltd.
    - Duncan Riley | February 23, 2021
    hak-iq.us20.list-manage.comFebruary 23, 2021

  • What We Know About the Hackers Behind the Accellion Data Breach

    • Accellion recently discovered that a threat actor had been exploiting zero-day vulnerabilities in its legacy file-transfer service application (called “FTA” for short)—a file-sharing and storage product used by approximately 300 clients. Despite subsequent patches, there has been a steady stream of FTA-related data breaches involving banks, universities, large companies, government agencies, and more.
    • On Monday, Accellion announced that it has been working with cyber firm FireEye since the incident, and that researchers have identified a group, dubbed “UNC2546,” as the “criminal hacker behind the cyberattacks and data theft.”
    • “Ransomware groups are amorphous. The core dev [development] team may be involved in other ransomware operations and the affiliates certainly will be. A member of REvil, for example, claimed that Egregor ransomware and Maze were both created by Evil Corp [a large cybercrime network]. And Evil Corp is responsible for WastedLocker and BitPaymer, and there may also be links to DoppelPaymer. And all those groups have affiliates and specialists who likely also work for other groups. And all use smoke and mirrors, so working out who did what and who’s working with who is far from easy.” - Brett Callow, Emsisoft Analyst
    • Digital forensics have shown that the initial intrusion mechanism used by UNC2546 in its FTA attacks was an SQL injection—a common cyberattack that injects foreign code into an application via a vulnerability. The actor then leveraged a webshell (a malicious script), which researchers have dubbed “DEWMODE,” to steal data from the FTA. DEWMODE lifted and downloaded bulk data and metadata straight from the application’s MySQL database.
    • After the data had been stolen via DEWMODE, “UNC2582" would kick into gear with a barrage of extortion emails.
    - Lucas Ropek | February 23, 2021
    hak-iq.us20.list-manage.comFebruary 23, 2021

  • Clubhouse confirms data spillage of its audio streams

    • The app allows users to join and participate in pop-up public or private audio chatrooms, promising that conversations are not recorded and have to be experienced live.
    • But US cyber-security researchers tweeted that a user had found a way to stream audio to another website.
    • Stanford's cyber-security researchers discovered several security flaws, including the fact that the users' unique ID numbers and the ID numbers of the Clubhouse chatrooms they created were being transmitted in plaintext and it could be possible connect IDs to specific user profiles.
    • The researchers were also concerned that the Chinese government could gain access to the raw audio files on Clubhouse's servers, because its back-end infrastructure is provided by a real-time engagement API firm called Agora, which has offices in both Shanghai and San Francisco.
    • While it might sound alarming to hear that audio conversations on Clubhouse can be taken out of the app, this isn't exactly new.
    • Users are already using the video and audio recording functions on their devices to capture conversations had by celebrities like Elon Musk and Kevin Hart, and uploading them to YouTube.
    - Mary-Ann Russon | February 23, 2021
    hak-iq.us20.list-manage.comFebruary 23, 2021

  • Toledo Public School students seeing effects of massive data breach

    • We're now seeing the first real signs of the fallout from that massive Toledo Public Schools’ data breach in October 2020.
    • Parents say they’re being notified about accounts trying to be opened in their kids’ names.
    • Here are some of the messages he’s received about his elementary schooler:
      • The first one was for denial for a credit card.
      • Another one happened when the child was denied for a car loan because it said the reason was because of his income ratio.
      • One of the last ones was to have fixed electric rates.
      • The family got a flier talking about the student’s Toledo Edison account and the gift card he could get by switching suppliers.
    • Parents need to be vigilant about what notices or letters they get and act quickly to shut anything down.
    - Shaun Hegarty | February 22, 2021
    hak-iq.us20.list-manage.comFebruary 22, 2021

  • Kroger reports data breach from third-party file transfer service

    • Kroger said late Friday that it received notification from Palo Alto, Calif.-based Accellion that an unauthorized person had gained access to certain Kroger files by exploiting a vulnerability in Accellion’s secure file-transfer appliance product, Accellion FTA.
    • Based on information from Accellion and its own investigation, Kroger estimated that fewer than 1% of customers — specifically, from Kroger Health and Kroger Money Services — had data exposed, including certain pharmacy and money services records.
    • Accellion reported that an investigation by cybersecurity firm Mandiant identified “UNC2546” as the criminal hacker behind the cyberattacks and data breach involving Accellion FTA. Some FTA customers attacked by UNC2546 had received “extortion emails” threatening to publish stolen data, Accellion said.
    - Russell Redman | February 22, 2021
    hak-iq.us20.list-manage.comFebruary 22, 2021

  • Sequoia Capital says it was hacked

    • Sequoia Capital told its investors on Friday that some of their personal and financial information may have been accessed by a third party, after a Sequoia employee's email was successfully phished.
    • Sequoia told investors that it's been monitoring the dark web, and has not yet seen any indication that compromised information is being traded or otherwise exploited.
    • "Our security team responded promptly to investigate, and we contacted law enforcement and engaged leading outside cybersecurity experts to help remediate the issue and maintain the ongoing security of our systems...we regret that this incident has occurred and have notified affected individuals. We have made considerable investments in security and will continue to do so as we work to address constantly evolving cyber threats."
    - Kia Kokalitcheva | February 22, 2021
    hak-iq.us20.list-manage.comFebruary 22, 2021

  • New malware found on 30,000 Macs has security pros stumped

    • A previously undetected piece of malware found on almost 30,000 Macs worldwide is generating intrigue in security circles, which are still trying to understand precisely what it does and what purpose its self-destruct capability serves.
    • Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute.
    • Also curious, the malware comes with a mechanism to completely remove itself, a capability that’s typically reserved for high-stealth operations. So far, though, there are no signs the self-destruct feature has been used, raising the question why the mechanism exists.
    • The malware has been found in 153 countries with detections concentrated in the US, UK, Canada, France, and Germany. Its use of Amazon Web Services and the Akamai content delivery network ensures the command infrastructure works reliably and also makes blocking the servers harder.
    • Researchers from Red Canary, the security firm that discovered the malware, are calling the malware Silver Sparrow.
    - Dan Goodin | February 20, 2021
    hak-iq.us20.list-manage.comFebruary 20, 2021

  • Healthcare Data Breaches Halved in January

    • The number of month-on-month healthcare data breaches of 500 or more records reported in the United States was halved in January.
    • Despite the massive decline in the number of breaches recorded in January, the total number of health records compromised in the first month of 2021—4,467,098—exceeded December's total by more than 225,000. A major data breach at Florida Healthy Kids Corporation that impacted 3.5 million individuals was key in driving January's figure past the four million mark.
    • Other notable data breaches reported in January include a ransomware attack on healthcare provider Hendrick Health that compromised 640,436 records and a phishing attack on Roper St Francis Healthcare in which 640,436 records were exposed.
    • Hacking and other IT incidents caused the majority of healthcare data breaches in January.
    - Sarah Coble | February 19, 2021
    hak-iq.us20.list-manage.comFebruary 19, 2021

451 A Street, Suite 500
San Diego, CA 92101

[email protected]

CONNECT WITH US

Linkedin Twitter

Cyber Center of Excellence is a San Diego-based nonprofit dedicated to growing the regional cyber economy and creating a more secure digital community for all.

JOIN US
Linkedin Twitter
Cyber Center of Excellence | Privacy Policy  |  Terms & Conditions
Linkedin Twitter
Privacy Policy  |  Terms & Conditions
© 2024 Cyber Center of Excellence