31-03-202102-04-2021

Security daily (01-04-2021)

Biden's cyber executive order to include new rules for federal agencies, contractors

Under a forthcoming White House order, companies that do business with the federal government would have to meet software security standards and swiftly report cyber incidents to a new entity within the Department of Homeland Security, sources familiar with a draft version of the document said. The order, which could be made public in a matter of weeks, is meant to improve the government’s ability to detect, coordinate, respond to and investigate cybersecurity incidents, as well as promote supply chain security and push government contractors to up their defenses. It is spurred largely by the suspected Russian campaign in which hackers exploited the update process for SolarWinds’ Orion software, which led to the compromise of nine federal agencies and roughly 100 companies, the White House previously said. Some of the order’s measures are aimed at strengthening DHS and its Cybersecurity and Infrastructure Security Agency. The White House directive would establish […] The post Biden's cyber executive order to include new rules for federal agencies, contractors appeared first on CyberScoop. (CyberScoop)

Kansas man indicted in connection with 2019 hack at water utility

A U.S. grand jury has indicted a 22-year-old man for allegedly hacking the computer system of a rural water utility in Kansas and shutting down processes that affect procedures for cleaning and disinfecting water. Federal prosecutors allege in an indictment unsealed Wednesday that Wyatt Travnichek logged into Ellsworth County Rural Water District’s computer system in 2019 as part of an “unauthorized remote intrusion” that resulted “in the shut-down of the facility’s processes.” Travnichek is accused of tampering with a water system, and causing “reckless damage to a protected computer.” The charges carry maximum prison sentences of 20 years and five years, respectively. Angela Naegele, a customer service specialist at the water utility who answered the phone Thursday, said the 2019 incident had no impact on customers’ drinking water. The utility continuously monitors its water quality and safety, Naegele added. The facility serves Ellsworth County, a county of about 6,100 people […] The post Kansas man indicted in connection with 2019 hack at water utility appeared first on CyberScoop. (CyberScoop)

Criminals send out fake “census form” reminder – don’t fall for it!

Don't fall for fake text messages, no matter how realistic the website looks if you click through. (Naked Security)

S3 Ep26: Apple 0-day, crypto vulnerabilities and PHP backdoor [Podcast]

Latest episode - listen now! (Naked Security)

Activision Reveals Malware Disguised As Call Of Duty: Warzone Cheats

(News ≈ Packet Storm)

Fraud Ring Launders Money Via Fake Charity Donation

(News ≈ Packet Storm)

North Korean Hackers Return Targeting Infosec Researchers

(News ≈ Packet Storm)

Microsoft To Sell Augmented Reality Goggles To Army

(News ≈ Packet Storm)

DeepDotWeb Admin Pleads Guilty to Money Laundering Charges

The U.S. Department of Justice (DoJ) on Wednesday said that an Israeli national pleaded guilty for his role as an "administrator" of a portal called DeepDotWeb (DDW), a "news" website that "served as a gateway to numerous dark web marketplaces." According to the unsealed court documents, Tal Prihar, 37, an Israeli citizen residing in Brazil, operated DDW alongside Michael Phan, 34, of Israel, (The Hacker News)

22-Year-Old Charged With Hacking Water System and Endangering Lives

A 22-year-old man from the U.S. state of Kansas has been indicted on charges that he unauthorizedly accessed a public water facility's computer system, jeopardizing the residents' safety and health in the local community. Wyatt A. Travnichek, 22, of Ellsworth County, Kansas, has been charged with one count of tampering with a public water system and one count of reckless damage to a protected (The Hacker News)

How to Vaccinate Against the Poor Password Policy Pandemic

Data breaches remain a constant threat, and no industry or organization is immune from the risks. From Fortune 500 companies to startups, password-related breaches continue to spread seemingly unchecked. As a result of the volume of data breaches and cybersecurity incidents, hackers now have access to a vast swathe of credentials that they can use to power various password-related attacks. One (The Hacker News)

Hackers Using a Windows OS Feature to Evade Firewall and Gain Persistence

A novel technique adopted by attackers finds ways to use Microsoft's Background Intelligent Transfer Service (BITS) so as to deploy malicious payloads on Windows machines stealthily. In 2020, hospitals, retirement communities, and medical centers bore the brunt of an ever-shifting phishing campaign that distributed custom backdoors such as KEGTAP, which ultimately paved the way for RYUK (The Hacker News)

Hackers Set Up a Fake Cybersecurity Firm to Target Security Experts

A North Korean government-backed campaign targeting cybersecurity researchers with malware has re-emerged with new tactics in their arsenal as part of a fresh social engineering attack. In an update shared on Wednesday, Google's Threat Analysis Group said the attackers behind the operation set up a fake security company called SecuriElite and a slew of social media accounts across Twitter and (The Hacker News)

MobiKwik Suffers Major Breach — KYC Data of 3.5 Million Users Exposed

Popular Indian mobile payments service MobiKwik on Monday came under fire after 8.2 terabytes (TB) of data belonging to millions of its users began circulating on the dark web in the aftermath of a major data breach that came to light earlier this month. The leaked data includes sensitive personal information such as:customer names,hashed passwords,email addresses,residential addresses,GPS (The Hacker News)

New 5G Flaw Exposes Priority Networks to Location Tracking and Other Attacks

New research into 5G architecture has uncovered a security flaw in its network slicing and virtualized network functions that could be exploited to allow data access and denial of service attacks between different network slices on a mobile operator's 5G network. AdaptiveMobile shared its findings with the GSM Association (GSMA) on February 4, 2021, following which the weaknesses were (The Hacker News)

Chinese Hackers Used Facebook to Hack Uighur Muslims Living Abroad

Facebook may be banned in China, but the company on Wednesday said it has disrupted a network of bad actors using its platform to target the Uyghur community and lure them into downloading malicious software that would allow surveillance of their devices. "They targeted activists, journalists and dissidents predominantly among Uyghurs from Xinjiang in China primarily living abroad in Turkey, (The Hacker News)

80% of Global Enterprises Report Firmware Cyberattacks

A vast majority of companies in a global survey from Microsoft report being a victim of a firmware-focused cyberattack, but defense spending lags, but defense spending lags. (Threatpost)

Legacy QNAP NAS Devices Vulnerable to Zero-Day Attack

Some legacy models of QNAP network attached storage devices are vulnerable to remote unauthenticated attacks because of two unpatched vulnerabilities. (Threatpost)

Ragnarok Ransomware Hits Boggi Milano Menswear

The ransomware gang exfiltrated 40 gigabytes of data from the fashion house, including HR and salary details. (Threatpost)

Building a Fortress: 3 Key Strategies for Optimized IT Security

Chris Hass, director of information security and research at Automox, discusses how to shore up cybersecurity defenses and what to prioritize. (Threatpost)

Google: North Korean APT Gearing Up to Target Security Researchers Again

Cyberattackers have set up a website for a fake company called SecuriElite, as well as associated Twitter and LinkedIn accounts. (Threatpost)

31-03-202102-04-2021

/security-daily/ 02-04-2021 23:44:22