Security daily (11-05-2021)

Colonial Pipeline didn't tell CISA about ransomware incident, highlighting questions about information sharing

Colonial Pipeline didn’t notify the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency of its ransomware incident, and CISA still didn’t have technical details about the attack as of Tuesday morning, the agency’s top official told senators. Acting director Brandon Wales also said he didn’t think Colonial would have reached out to CISA if the FBI hadn’t alerted his agency, he said in testimony before the Homeland Security and Governmental Affairs Committee. That exchange — and others over the course of a hearing that touched on several major recent security incidents — served as yet another reminder that despite the constant drumbeat for improved cybersecurity information sharing between industry and government, it still doesn’t happen fully in even some of the most dire circumstances. “This is potentially the most substantial and damaging attack on U.S. critical infrastructure ever,” said Ohio Sen. Rob Portman, the top Republican on the panel, in […] The post Colonial Pipeline didn't tell CISA about ransomware incident, highlighting questions about information sharing appeared first on CyberScoop. (CyberScoop)

Meet DarkSide, the ransomware gang blamed for the Colonial Pipeline attack

The cybercriminal syndicate accused of causing one of the largest U.S. pipeline operators to shut down is known for running an enterprise that vets criminal customers and avoids targeting Russian-speaking organizations, according to analysts who have tracked the group. Since emerging on underground criminal forums in August, the so-called DarkSide malicious software has allegedly been used in dozens of intrusions in the health care, energy and finance sectors. (Ransomware gangs and the software they use often have the same name, but multiple criminal entities sometimes buy access to the same malicious code.) The creators of DarkSide have boasted that their mechanism for encrypting data is the fastest of any, and analysts say the ransomware can encrypt Windows and Linux systems alike. Now, the ransomware developers have gained international attention after hackers last week allegedly deployed DarkSide to encrypt the servers of Colonial Pipeline, a Georgia-based company that transports some 45% […] The post Meet DarkSide, the ransomware gang blamed for the Colonial Pipeline attack appeared first on CyberScoop. (CyberScoop)

Facebook is observing a 'steady growth' in disinformation-for-hire services

Last week Facebook said it removed dozens of inauthentic accounts and pages that sought to boost the reelection campaign of Julián Zacarías, the current mayor of the Mexican city of Progreso, and denigrate his opponent, Lila Frías Castillo. The campaign managed several pages and accounts that appeared to be independent local news organizations, when, in fact, they were linked with Sombrero Blanco, a public relations firm in Mexico, and Zacarías himself, according to Facebook’s investigation. The company ultimately conducted a takedown of 44 Facebook accounts, 11 Pages and one Instagram account, adding that the operation had minimal reach. Government-sponsored disinformation campaign operators have long sought to hide their true identities by recruiting writers to publish articles for seemingly legitimate news organizations, or using manipulated photos to lend an air of authenticity to their fake accounts. The National Security Agency and Cyber Command confirmed that the Internet Research Agency, a Russian […] The post Facebook is observing a 'steady growth' in disinformation-for-hire services appeared first on CyberScoop. (CyberScoop)

Apple AirTag jailbroken already – hacked in rickroll attack

Ooooh, look! A shiny button-like object! (Naked Security)

Vulnerability Attacks Weakness In Microsoft Azure VM Extensions

(News ≈ Packet Storm)

Colonial Pipeline Ransomware Attack: Everything You Need To Know

(News ≈ Packet Storm)

Lemon Duck Cryptojacking Botnet Changes Up Tactics

(News ≈ Packet Storm)

Finance Giant Plaid Paid People $500 For Their Employer Payroll Logins

(News ≈ Packet Storm)

Alert: Hackers Exploit Adobe Reader 0-Day Vulnerability in the Wild

Adobe has released Patch Tuesday updates for the month of May with fixes for multiple vulnerabilities spanning 12 different products, including a zero-day flaw affecting Adobe Reader that's actively exploited in the wild. The list of updated applications includes Adobe Experience Manager, Adobe InDesign, Adobe Illustrator, Adobe InCopy, Adobe Genuine Service, Adobe Acrobat and Reader, Magento, (The Hacker News)

LIVE Webinar — The Rabbit Hole of Automation

The concept of automation has taken on a life of its own in recent years. The idea is nothing new, but the current interest in automation is a mix of both hype and innovation. On the one hand, it's much easier today to automate everything from small processes to massive-scale tasks than it's ever been before. On the other hand, are we really prepared to hand the reins over to completely (The Hacker News)

Experts warn of a new Android banking trojan stealing users' credentials

Cybersecurity researchers on Monday disclosed a new Android trojan that hijacks users' credentials and SMS messages to facilitate fraudulent activities against banks in Spain, Germany, Italy, Belgium, and the Netherlands. Called "TeaBot" (or Anatsa), the malware is said to be in its early stages of development, with malicious attacks targeting financial apps commencing in late March 2021, (The Hacker News)

U.S. Declares Emergency in 17 States Over Fuel Pipeline Cyber Attack

The ransomware attack against Colonial Pipeline's networks has prompted the U.S. Federal Motor Carrier Safety Administration (FMCSA) to issue a regional emergency declaration in 17 states and the District of Columbia (D.C.). The declaration provides a temporary exemption to Parts 390 through 399 of the Federal Motor Carrier Safety Regulations (FMCSRs), allowing alternate transportation of (The Hacker News)

Over 25% Of Tor Exit Relays Spied On Users' Dark Web Activities

An unknown threat actor managed to control more than 27% of the entire Tor network exit capacity in early February 2021, a new study on the dark web infrastructure revealed. "The entity attacking Tor users is actively exploiting tor users since over a year and expanded the scale of their attacks to a new record level," an independent security researcher who goes by the name nusenu said in a (The Hacker News)

Wormable Windows Bug Opens Door to DoS, RCE

Microsoft's May 2021 Patch Tuesday updates include fixes for four critical security vulnerabilities. (Threatpost)

GitHub Prepares to Move Beyond Passwords

GitHub adds support for FIDO2 security keys for Git over SSH to fend off account hijacking and further its plan to stick a fork in the security bane of passwords. (Threatpost)

Hackers Leverage Adobe Zero-Day Bug Impacting Acrobat Reader

A patch for Adobe Acrobat, the world’s leading PDF reader, fixes a vulnerability under active attack affecting both Windows and macOS systems that could lead to arbitrary code execution. (Threatpost)

Fake Chrome App Anchors Rapidly Worming ‘Smish’ Cyberattack

An ingenious attack on Android devices self-propagates, with the potential for a range of damage. (Threatpost)

Shifting Threats in a Changed World: Edge, IoT and Vaccine Fraud

Aamir Lakhani, researcher at FortiGuard Labs, discusses leading-edge threats related to edge access/browsers/IoT, and the COVID-19 vaccine, as a way of getting into larger organizations. (Threatpost)


/security-daily/ 12-05-2021 23:44:22