Security daily (16-02-2021)

Tim Maurer takes front office DHS cybersecurity job advising Mayorkas

Tim Maurer, director of the Cyber Policy Initiative at the Carnegie Endowment for International Peace, is joining the Department of Homeland Security as a senior political appointee in the role of senior counselor for cybersecurity to Secretary Alejandro Mayorkas, two sources familiar with the move told CyberScoop. It’s a job title that a number of cybersecurity luminaries to pass through the department have held over the years, including the current acting director of DHS’s Cybersecurity and Infrastructure Agency, Brandon Wales, former CISA Director Chris Krebs and CISA’s former assistant secretary for cybersecurity, Jeanette Manfra. According to his Carnegie bio, Maurer “works on the geopolitical implications of the Internet and cybersecurity, with a focus on the global financial system, influence operations, and other areas of importance as actors exploit the gray space between war and peace.” He also was a senior fellow at Carnegie’s Technology and International Affairs program. He recently […] The post Tim Maurer takes front office DHS cybersecurity job advising Mayorkas appeared first on CyberScoop. (CyberScoop)

France blames Sandworm, a notorious Russian group, for breach that leveraged IT provider

A notorious group of hackers known as Sandworm breached multiple French IT firms and web hosting companies as part of an apparent espionage operation dating back to 2017, France’s national cybersecurity agency said on Monday.  France’s Agence nationale de la sécurité des systèmes d’information (ANSSI) issued a report detailing how attackers exploited an IT resource monitoring tool called Centreon, built by a company of the same name, to infiltrate other organizations. While ANSSI did not specifically blame Russia, its report detailed how Sandworm, a hacking group affiliated with the Russian military agency GRU, spent three years from 2017 through 2020 hidden in some networks. The report also did not specify how attackers may have used that access, though security experts told Wired magazine that the group’s mere involvement in such an effort is enough to cause concern. Investigators previously blamed Sandworm for the 2017 NotPetya attack on Ukraine, a 2015 […] The post France blames Sandworm, a notorious Russian group, for breach that leveraged IT provider appeared first on CyberScoop. (CyberScoop)

Romance scams at all-time high: here’s what you need to know

It's heartbreaking to get sucked into a romance scam, or to watch a friend or family member getting sucked in. Here's what to do... (Naked Security)

How one man silently infiltrated dozens of high-tech networks

Ever counted how many external source code dependencies your fancy new software product has? Be prepared for a surprise! (Naked Security)

Unpatched Android App With 1 Billion Downloads Threatens Spying, Malware

(News ≈ Packet Storm)

Cybercrooks Rake In $304M In Romance Scams

(News ≈ Packet Storm)

Obvious Supply Chain Attack Hits Dozens Of Companies

(News ≈ Packet Storm)

North Korea Accused Of Hacking Pfizer For Covid-19 Vaccine Data

(News ≈ Packet Storm)

Complaint Blasts TikTok’s ‘Misleading’ Privacy Policies

TikTok is again in hot water for how the popular video-sharing app collects and shares data - particularly from its underage userbase. (Threatpost)

Let’s Encrypt Gears Up to Replace 200M Certificates a Day

The open CA prepares for ‘worst scenarios’ with new fiber, servers, cryptographic signing and more. (Threatpost)

DDoS Attacks Wane in Q4 Amid Cryptomining Resurgence

The volume of attacks fell 31 percent in the last part of 2020, as Bitcoin values skyrocketed. But there were still several notable trends, such as a rise in Linux botnets. (Threatpost)

Misconfigured Baby Monitors Allow Unauthorized Viewing

Hundreds of thousands of individuals are potentially affected by this vulnerability. (Threatpost)


/security-daily/ 17-02-2021 23:44:22