Global Cyber News Digest

Events

Cyber Insider Podcast

Press Room

Daily News Digest

Stay current on the global cyber threat landscape and industry developments with CCOE’s daily digest and library of cybersecurity news and articles.

  • Microsoft to add 'nation-state activity alerts' to Defender for Office 365

    • The feature was added on Saturday to the Microsoft 365 roadmap website.
    • The idea behind the feature is not new. Since 2016, Microsoft began tracking nation-state hacking groups and the attacks they orchestrate against Microsoft email accounts.
    • If a user is targeted or compromised in one of these attacks, Microsoft sends them an email about the attack, along with basic advice they need to take to re-secure their inbox and devices.
    • Microsoft said in 2019 that it usually notifies around 10,000 users per year of nation-state attacks.
    • For organizations who are customers of Microsoft's Office 365 service, the OS maker now plans to add these notifications inside the dashboard of Microsoft Defender for Office 365, the cloud-based security platform that scans a company's Office 365 accounts for threats.
    • Besides Microsoft, which does this for Microsoft Outlook email accounts, similar alerts for nation-state attacks are also available for Yahoo accounts, public Gmail accounts, and G Suite accounts. Facebook also warns users of nation-state attacks against its social media accounts.
    - Catalin Cimpanu | February 8, 2021
    hak-iq.us20.list-manage.comFebruary 8, 2021

  • Police: Hacker Breached Florida Treatment Plant to Poison the Water Supply

    • The intrusion occurred at a water treatment plant in Oldsmar, Florida, which is home to about 15,000 people, according to Pinellas County Sheriff Bob Gualtieri. Last Friday, an operator at the facility noticed some suspicious activity: an unknown user had remotely gained access to a computer system that controls chemical processes at the plant.
    • “The hacker changed the sodium hydroxide from about one hundred parts per million to 11,100 parts per million,” according to Gualtieri, who noted that sodium hydroxide is a main ingredient in liquid drain cleaners. Indeed, the CDC lists it as a highly corrosive substance.
    • The plant itself had “redundancies in place,” such as pH monitoring, ensuring the tainted water would have never reached the main pipelines without detection, according to city officials.
    • According to the county's sheriff, the hacker gained access via an unnamed remote software program that allows employees to troubleshoot IT problems. The same program also includes some screen-monitoring capabilities. As a result, the operator who first noticed the intrusion initially suspected the remote access belonged to another worker.
    - Michael Kan | February 8, 2021
    hak-iq.us20.list-manage.comFebruary 8, 2021

  • A hack showed that an Austin policing program may be overstepping. Here's what we know.

    • For years, the Austin Regional Intelligence Center has operated a community-level surveillance program.
    • A privacy policy constrains this program to the collection of intelligence related to crime or terrorism. But leaked documents show that the program may be straying beyond its mission.
    • In June 2020, a hacker group breached the Houston-based web development company Netsentinal, which had contracts with hundreds of law enforcement agencies for web-hosting services. Nearly 270 gigabytes of sensitive police data was compromised.
    • Known as “BlueLeaks,” the hack-and-leak operation is considered one of the largest data breaches in law enforcement history.
    • The problem is that purging isn’t happening, the leaked data reveals. And many of the reports submitted by threat liaison officers fail to demonstrate a terrorism or criminal nexus and stay in the system for years.
    • Since the leak, the center has imposed a 30-day information retention period, after which reports or information that is not determined to have a terrorism or criminal nexus will be purged from the system.
    - Brandon Mulder | February 7, 2021
    hak-iq.us20.list-manage.comFebruary 7, 2021

  • Google Chrome Has A Strong Password Generator: How To Avoid Password Hell

    • In the past, most of us created and managed our passwords. But that often turned into a dark abyss of forgotten passwords and, in the worst case, account lockouts.
    • Google provides an easier and safer way to have password management done for you with strong, machine-generated passwords.
    • Google also has a password manager where you can view, change, or remove passwords.
    • Google provides other tools too like a Password Checkup, which shows which passwords were exposed in a third-party data breach.
    • This tool can be invaluable as large data breaches are happening all of the time, possibly exposing your password to cyber gangs who can potentially break into your accounts (and in the worst case steal your money).
    - Brooke Crothers | February 7, 2021
    hak-iq.us20.list-manage.comFebruary 7, 2021

  • 12 security career-killers (and how to avoid them)

    • The stories are out there: the smart co-workers who get in their own way instead of getting ahead.
    • There are many ways to kill your career, say CISOs, career coaches and executive consultants. Some actions, such as illegally accessing computer systems, are obviously fireable offenses, while numerous others will simply halt any upward mobility.
    • 12 common traits that security leaders say will keep you from advancing your cybersecurity career – and how you can avoid such a fate...READ ON.
    - Mary K. Pratt | February 4, 2021
    hak-iq.us20.list-manage.comFebruary 4, 2021

  • Microsoft Sees Spike in BEC Attacks Targeting Schools

    • On Tuesday, Microsoft published a series of posts to Twitter warning of a visible uptick in BEC attacks targeting K-12 school teachers. This time, the operators behind the BEC attacks are impersonating teachers’ colleagues with gift-card themed emails.
    • The fake profiles are created using publicly available information, likely harvested from school websites or social media platforms. This process makes the BEC emails far more sophisticated and convincing.
    | February 4, 2021
    hak-iq.us20.list-manage.comFebruary 4, 2021

  • Spotify Suffers Second Credential-Stuffing Cyberattack in 3 Months

    • Spotify streaming music aficionados are in the crosshairs of yet another credential-stuffing cyberattack, just three months after the last one. The service has forced password resets for impacted users.
    • Cybercriminals carrying out credential-stuffing take advantage of people who reuse the same passwords across multiple online accounts.
    • In the first Spotify incident in November, researchers found a misconfigured and open Elasticsearch cloud database containing more than 380 million individual records, including login credentials and countries of residence for various people, all being actively being validated against Spotify accounts.
    • Compromised accounts could contain credit-card information, loyalty points that could be stolen or used, or physical shipping addresses.
    • Accounts can also contain information like birthdays, preferences (those Spotify playlists, for example) and other data that is ripe for abuse when it comes to developing social-engineering tricks for phishing attacks.
    - Tara Seals | February 4, 2021
    hak-iq.us20.list-manage.comFebruary 4, 2021

  • Security firm Stormshield discloses data breach, theft of source code

    • French cyber-security firm Stormshield, a major provider of security services and network security devices to the French government, said today that a threat actor gained access to one of its customer support portals and stole information on some of its clients.
    • The company is also reporting that attackers managed to steal parts of the source code for the Stormshield Network Security (SNS) firewall, a product certified to be used in sensitive French government networks, as part of the intrusion.
    • The Stormshield incident is currently being treated as a major security breach inside the French government. In its own press release, ANSSI officials said they've put Stormshield SNS and SNI products "under observation" for the duration of the investigation.
    • Stormshield, which is a fully-owned subsidiary of Airbus CyberSecurity, could not say if the attack was conducted by a nation-state group at this point in the investigation.
    - Catalin Cimpanu | February 4, 2021
    hak-iq.us20.list-manage.comFebruary 4, 2021

  • USDA Denies Data Breach at Payroll Facility

    • Reuters first reported on Tuesday that the department’s National Finance Center, which runs a payroll system serving over 600,000 federal employees across 160 agencies, was penetrated by suspected Chinese hackers exploiting a flaw in SolarWinds’ software.
    • "In compliance with CISA’s emergency directive and to protect USDA systems, USDA notified customers in December that it had removed SolarWinds Orion products from its networks due to the SolarWinds compromise,” a USDA spokesperson said. “While we continue to look into it, we have no evidence of a data breach of the USDA National Finance Center."
    • A USDA spokesperson initially acknowledged a breach of their systems in the Reuters article, which has since been updated to reflect USDA’s denial of the incident.
    • “Cyberattacks are conducted with silent weapons, and in some situations those weapons are undetectable,” Ron Ross, NIST fellow and chief architect of information security standards for the federal government, said. “Because you may not ‘feel’ the direct effects of the next hack yet, you may think it is coming someday down the road; but in reality, it’s happening right now.”
    • NIST said the enhanced security requirements should be implemented in addition to those in SP 800-171, since that publication is not designed to address advanced persistent threats. The enhanced requirements call for “dual authorization” under access control, for example, while the basic requirements say to “limit system access to authorized users.”
    - Mariam Bakh | February 3, 2021
    hak-iq.us20.list-manage.comFebruary 3, 2021

  • Over Three Million US Drivers Exposed in Data Breach

    • Over three million customers of a US car company have had their details compromised after a cyber-criminal posted them to a dark web forum.
    • It traced them back to DriveSure, an Illinois-based business owned by car dealership service provider Krex. Its website explains that the firm helps its clients to build strong customer relationships to encourage drivers back to dealerships for vehicle service and unplanned repairs.
    • Multiple databases were uploaded to a hacking forum on January 4 this year, although the data dump apparently took place on December 19 2020.
    • Although stronger than SHA1 and MD5, bcrypt could still be brute-forced if password strength is poor, said Risk Based Security.
    • “One leaked folder totalled 22GB and included the company’s MySQL databases, exposing 91 sensitive databases. The databases range from detailed dealership and inventory information, revenue data, reports, claims,and client data,” Risk Based Security explained.
    - Phil Muncaster | February 3, 2021
    hak-iq.us20.list-manage.comFebruary 3, 2021

451 A Street, Suite 500
San Diego, CA 92101

[email protected]

CONNECT WITH US

Linkedin Twitter

Cyber Center of Excellence is a San Diego-based nonprofit dedicated to growing the regional cyber economy and creating a more secure digital community for all.

JOIN US
Linkedin Twitter
Cyber Center of Excellence | Privacy Policy  |  Terms & Conditions
Linkedin Twitter
Privacy Policy  |  Terms & Conditions
© 2024 Cyber Center of Excellence