Security daily (11-10-2021)

059| Keeping Your Latest Tech from Becoming the Latest Threat

Cyber crime is a constantly evolving game. As soon as new technology is introduced, attackers start figuring out how to exploit it for malicious purposes. No one understands this better than F-Secure Chief Technology Officer Christine Bejerasco. Christine joins Janne to discuss the changing world of cyber crime, and how companies can avoid having their new technologies exploited by taking a secure-by-design approach.  Links: Episode 59 transcript (Cyber Security Sauna)

Peanut butter and ProtonMail: US charges underscore evolution of espionage in digital age

It’s a case so outlandish that the renowned espionage writer John le Carré would have rejected the idea as too difficult to believe. The U.S. Department of Justice on Saturday unsealed charges against a Navy engineer who allegedly tried passing classified information about nuclear submarines in exchange for a payment. The engineer is accused of working with his wife to transmit military secrets to a removable memory card, hiding the device in a peanut butter sandwich and then passing it to an individual they believed was an agent for an unnamed foreign government. In fact, the agent worked for the FBI. The complaint against the couple, Jonathan and Diana Toebbe, reads like a modern day spy thriller, complete with details about protected national secrets, cryptocurrency and the use of encrypted email in an attempt to secure sensitive communications. Like the Russian government’s weaponization of social media to influence American voters, […] The post Peanut butter and ProtonMail: US charges underscore evolution of espionage in digital age appeared first on CyberScoop. (CyberScoop)

Iran-linked hackers targeted maritime and defense contractors, compromised Office 365 accounts

Hackers likely supporting Iranian national interests attempted to compromise U.S. and Israeli defense technology and global maritime companies, Microsoft researchers shared Monday. The attacks, which began in July, targeted the Office 365 accounts of more than 250 Microsoft users, the company said. Less than 20 of the targeted victims were successfully compromised, according to a security alert. Other targeted industries included defense companies supporting the European Union, geographic information systems and regional ports in the Persian Gulf. Hackers attempted to break into the accounts using a technique called “password spraying” in which hackers rapidly cycle through different passwords in an effort to access an account. Microsoft researchers say the “activity likely supports the national interests of the Islamic Republic of Iran” and the attacks’ techniques and targets align with other Iran-sponsored campaigns. “Microsoft assesses this targeting supports Iranian government tracking of adversary security services and maritime shipping in the Middle […] The post Iran-linked hackers targeted maritime and defense contractors, compromised Office 365 accounts appeared first on CyberScoop. (CyberScoop)

OMB orders federal agencies to let CISA access defenses of devices, servers

The White House is directing agencies to let the Cybersecurity and Infrastructure Security Agency work with them on their efforts to protect endpoints, such as computer workstations and servers — an area where officials have said the federal government fell short in the SolarWinds hack. The Office of Management and Budget issued a memo on Friday that sets a 90-day deadline for CISA, the main cyber wing of the Department of Homeland Security, to access agencies’ current endpoint detection and response deployments. It then spells out timelines for other steps to improve their endpoint defenses. OMB says the goal is to establish “improved agency capabilities for early detection, response, and remediation of cybersecurity incidents on their networks, using advanced technologies and leading practices.” The memo is an outgrowth of President Joe Biden’s cybersecurity executive order from May. And the focus on endpoints reflects one of the main takeaways from a […] The post OMB orders federal agencies to let CISA access defenses of devices, servers appeared first on CyberScoop. (CyberScoop)

Cybersecurity awareness month: Fight the phish!

Phishing crooks get to try over and over again. But you only need to make one mistake... (Naked Security)

US Nuke Sub Plans Leaked On SD Card Hidden In Peanut Butter Sandwich, Claims FBI

(News ≈ Packet Storm)

Ransomware Is Now The Most Urgent Cyber Threat To Business

(News ≈ Packet Storm)

FontOnLake Malware Infects Linux Via Trojanized Utils

(News ≈ Packet Storm)

ZTE Widens Bug Bounty To Focus On 5G Security

(News ≈ Packet Storm)

Microsoft Warns of Iran-Linked Hackers Targeting US and Israeli Defense Firms

An emerging threat actor likely supporting Iranian national interests has been behind a password spraying campaign targeting US, EU, and Israeli defense technology companies, with additional activity observed against regional ports of entry in the Persian Gulf as well as maritime and cargo transportation companies focused in the Middle East. Microsoft is tracking the hacking crew under the (The Hacker News)

Ukraine Arrests Operator of DDoS Botnet with 100,000 Compromised Devices

Ukrainian law enforcement authorities on Monday disclosed the arrest of a hacker responsible for the creation and management of a "powerful botnet" consisting of over 100,000 enslaved devices that was used to carry out distributed denial-of-service (DDoS) and spam attacks on behalf of paid customers. The unnamed individual, from the Ivano-Frankivsk region of the country, is also said to have (The Hacker News)

Verify End-Users at the Helpdesk to Prevent Social Engineering Cyber Attack

Although organizations commonly go to great lengths to address security vulnerabilities that may exist within their IT infrastructure, an organization's helpdesk might pose a bigger threat due to social engineering attacks. Social engineering is "the art of manipulating people so they give up confidential information," according to Webroot. There are many different types of social engineering (The Hacker News)

Indian-Made Mobile Spyware Targeted Human Rights Activist in Togo

A prominent Togolese human rights defender has been targeted with spyware by a threat actor known for striking victims in South Asia, marking the hacking group's first foray into digital surveillance in Africa. Amnesty International tied the covert attack campaign to a collective tracked as "Donot Team" (aka APT-C-35), which has been linked to cyber offensives in India and Pakistan, while also (The Hacker News)

Ransomware Group FIN12 Aggressively Going After Healthcare Targets

An "aggressive" financially motivated threat actor has been identified as linked to a string of RYUK ransomware attacks since October 2018, while maintaining close partnerships with TrickBot-affiliated threat actors and using a publicly available arsenal of tools such as Cobalt Strike Beacon payloads to interact with victim networks. Cybersecurity firm Mandiant attributed the intrusions to a (The Hacker News)

Iranian Hackers Abuse Dropbox in Cyberattacks Against Aerospace and Telecom Firms

Details have emerged about a new cyber espionage campaign directed against the aerospace and telecommunications industries, primarily in the Middle East, with the goal of stealing sensitive information about critical assets, organizations' infrastructure, and technology while remaining in the dark and successfully evading security solutions. Boston-based cybersecurity company Cybereason dubbed (The Hacker News)


/security-daily/ 12-10-2021 23:44:22