01-04-202103-04-2021

Security daily (02-04-2021)

CNA shares details about ransomware attack, recovery effort

Major U.S. insurer CNA confirmed this week that it was the victim of a ransomware attack and that it has taken several steps on the road to recovery. The company, one of the biggest players in cybersecurity insurance specifically, had previously acknowledged an attack, but stopped short of specifying exactly what kind. In an update on Thursday, the company said it had restored normal email operations after a ransomware attack, adding that it instituted multi-factor authentication and a security platform for detecting and blocking threats. “Our team deployed additional endpoint detection and monitoring tools for an added layer of security and visibility across our network,” the update reads. “We expect that there will be a number of other remediation and infrastructure enhancements.” The attack has proven a source of misery for the company since hackers hit on March 21. Like other insurers, CNA would represent a tempting target for hackers […] The post CNA shares details about ransomware attack, recovery effort appeared first on CyberScoop. (CyberScoop)

As ransomware stalks the manufacturing sector, victims are still keeping quiet

Halvor Molland was asleep on a brisk night in Oslo, Norway’s capital, two years ago when his phone rang around 3 a.m. The computer servers of Norsk Hydro, the global aluminum producer where Molland is senior vice president for communications, had seized up as a crippling ransomware infection spread through the company’s networks. “The feeling is: You really don’t believe it,” Molland recalled in a recent interview. “There was a decision then to shut down the network altogether, because at some point there was nothing left to isolate.” The ransomware attack would cost Norsk Hydro, which employs 35,000 people and has roughly 200 factories around the world, between $90 million and $110 million as production in some factories halted for weeks. Yet Molland and his team did something unusual for a large industrial organization disrupted by hackers: They told the public what happened in vivid detail, releasing video interviews in […] The post As ransomware stalks the manufacturing sector, victims are still keeping quiet appeared first on CyberScoop. (CyberScoop)

Advanced hackers use Fortinet flaws in likely attempt to breach government networks, feds warn

Advanced hackers are exploiting old flaws in popular enterprise software made by Fortinet in a possible attempt to access networks in multiple critical infrastructure sectors, the FBI and Department of Homeland Security warned on Friday. “Advanced persistent threat” actors — a term that usually refers to state-linked groups — are likely using the software flaws to breach “multiple government, commercial, and technology services networks,” states the advisory from the FBI and DHS’s Cybersecurity and Infrastructure Security Agency. The agencies said that the attackers, whom they did not identify, could be using the bugs in Fortinet software to access “key networks as pre-positioning for follow-on data exfiltration or data encryption attacks.” The three vulnerabilities are in FortiOS, security software that government agencies and big corporations use to manage their networks. Hackers could exploit the bugs to intercept sensitive data on networks. Fortinet disclosed the vulnerabilities in 2018, 2019 and 2020 and […] The post Advanced hackers use Fortinet flaws in likely attempt to breach government networks, feds warn appeared first on CyberScoop. (CyberScoop)

Dutch Watchdog Fines Booking.com 475,000 Euros For Keeping Customer Data Theft Quiet

(News ≈ Packet Storm)

Legacy QNAP NAS Devices Vulnerable To Zero-Day Attack

(News ≈ Packet Storm)

Feds Indict Kansas Man For Allegedly Hacking Into Water Supply

(News ≈ Packet Storm)

DeepDotWeb Dark Web Admin Pleads Guilty To Drug, Gun Kickbacks

(News ≈ Packet Storm)

How Cyrebro Can Unify Multiple Cybersecurity Defenses to Optimize Protection

Many enterprises rely on more than one security tool to protect their technology assets, devices, and networks. This is particularly true for organizations that use hybrid systems or a combination of cloud and local applications. Likewise, companies whose networks include a multitude of smartphones and IoT devices are likely to deploy multiple security solutions suitable for different scenarios. (The Hacker News)

Google limits which apps can access the list of installed apps on your device

Apps on Android have been able to infer the presence of specific apps, or even collect the full list of installed apps on the device. What's more, an app can also set to be notified when a new app is installed. Apart from all the usual concerns about misuse of such a data grab, the information can be abused by a potentially harmful app to fingerprint other installed apps, check for the presence (The Hacker News)

Hackers Set Up a Fake Cybersecurity Firm to Target Security Experts

A North Korean government-backed campaign targeting cybersecurity researchers with malware has re-emerged with new tactics in their arsenal as part of a fresh social engineering attack. In an update shared on Wednesday, Google's Threat Analysis Group said the attackers behind the operation set up a fake security company called SecuriElite and a slew of social media accounts across Twitter and (The Hacker News)

FBI: APTs Actively Exploiting Fortinet VPN Security Holes

Three security vulnerabilities in the Fortinet SSL VPN are being used to gain a foothold within networks before moving laterally and carrying out recon. (Threatpost)

Call of Duty Cheats Expose Gamers to Malware, Takeover

Activision is warning that cyberattackers are disguising malware -- a remote-access trojan (RAT) -- in cheat programs. (Threatpost)

From PowerShell to Payload: An Analysis of Weaponized Malware

John Hammond, security researcher with Huntress, takes a deep-dive into a malware's technical and coding aspects. (Threatpost)

Robinhood Warns Customers of Tax-Season Phishing Scams

Attackers are impersonating the stock-trading broker using fake websites to steal credentials as well as sending emails with malicious tax files. (Threatpost)

01-04-202103-04-2021

/security-daily/ 03-04-2021 23:44:23