29-04-202101-05-2021

Security daily (30-04-2021)

Justice Department launches review of cyber policies after ransomware, supply chain scourges

The Justice Department is undertaking a four-month review of its approach to combatting a range of malicious cyber activity from foreign governments and criminals amid a spate of ransomware attacks and supply chain compromises. “We need to rethink … and really assess are we using the most effective strategies” against such hacking, Deputy Attorney General Lisa Monaco said Friday at the Munich Cyber Security Conference. The review of Justice Department policies, which began this week, will cover the cryptocurrencies that cybercriminals use to cash in on ransomware, along with the “blended threat of nation-states and criminal enterprises, sometimes working together, to exploit our own infrastructure against us,” Monaco said. The policy review is an acknowledgement that, despite the Justice Department and FBI investing heavily in efforts to indict and arrest criminals and take down hacking forums, cyberthreats to U.S. businesses and government agencies remain unrelenting. The 120-day Justice Department review […] The post Justice Department launches review of cyber policies after ransomware, supply chain scourges appeared first on CyberScoop. (CyberScoop)

Navalny adviser urges vigilance after impersonation attempts of Kremlin foes

A top aide to jailed Russian opposition figure Alexei Navalny is urging Western policymakers and think tanks to be more wary of suspected Kremlin-backed information operations to undermine their work. Navalny, a prominent critic of Russian President Vladimir Putin, has been detained since January, when he returned to Russia after being poisoned with a chemical nerve agent last year. In February, a Russian court sentenced him to two years in prison in a case that human rights organizations have described as a “mockery” of justice. In the meantime, digital operatives have been posing as Leonid Volkov, Navalny’s chief of staff — and other perceived threats to Kremlin interests — in apparent efforts to smear critics of the Russian government. “It looks like not enough lessons have been drawn from John Podesta clicking those phishing [links] back in 2016,” he said, referring to Russian intelligence agents’ breach of the Hillary Clinton […] The post Navalny adviser urges vigilance after impersonation attempts of Kremlin foes appeared first on CyberScoop. (CyberScoop)

PHP community sidesteps its third supply chain attack in three years

Third time lucky! (The first two times were lucky, too, luckily.) (Naked Security)

Ransomware Group Targeted SonicWall Vulnerability Pre-Patch

(News ≈ Packet Storm)

Multi-Gov Task Force Plans To Take Down The Ransomware Economy

(News ≈ Packet Storm)

Australia Proposes Teaching Cybersecurity To 5 Year Olds

(News ≈ Packet Storm)

The IRS Wants Help Hacking Cryptocurrency Hardware Wallets

(News ≈ Packet Storm)

Hackers Exploit SonicWall Zero-Day Bug in FiveHands Ransomware Attacks

An "aggressive" financially motivated threat group tapped into a zero-day flaw in SonicWall VPN appliances prior to it being patched by the company to deploy a new strain of ransomware called FIVEHANDS. The group, tracked by cybersecurity firm Mandiant as UNC2447, took advantage of an "improper SQL command neutralization" flaw in the SSL-VPN SMA100 product (CVE-2021-20016, CVSS score 9.8) that (The Hacker News)

Microsoft Finds 'BadAlloc' Flaws Affecting Wide-Range of IoT and OT Devices

Microsoft researchers on Thursday disclosed two dozen vulnerabilities affecting a wide range of Internet of Things (IoT) and Operational Technology (OT) devices used in industrial, medical, and enterprise networks that could be abused by adversaries to execute arbitrary code and even cause critical systems to crash. "These remote code execution (RCE) vulnerabilities cover more than 25 CVEs and (The Hacker News)

A New Slack channel for Cybersecurity Leaders Outside of the Fortune 2000

Perhaps due to the nature of the position, the InfoSec leadership roles tend to be solitary ones. CISOs, or their equivalent decision-makers in organizations without the role, have so many constant drains on their attention – keeping their knowledge fresh, building plans to secure their organizations further – that they often find themselves on an island. It’s even more challenging for (The Hacker News)

Passwordstate Warns of Ongoing Phishing Attacks Following Data Breach

Click Studios, the Australian software firm which confirmed a supply chain attack affecting its Passwordstate password management application, has warned customers of an ongoing phishing attack by an unknown threat actor. "We have been advised a bad actor has commenced a phishing attack with a small number of customers having received emails requesting urgent action," the company said in an (The Hacker News)

PortDoor Espionage Malware Takes Aim at Russian Defense Sector

The stealthy backdoor is likely being used by Chinese APTs, researchers said. (Threatpost)

WeSteal: A Cryptocurrency-Stealing Tool That Does Just That

The developer of the WeSteal cryptocurrency stealer can’t be bothered with fancy talk: they say flat-out that it’s “the leading way to make money in 2021”. (Threatpost)

A Tale of Two Hacks: From SolarWinds to Microsoft Exchange

Oliver Tavakoli, CTO of Vectra AI, discusses the differences between the massive supply-chain hack and the Exchange zero-day attacks, and their legacy and ramifications for security professionals. (Threatpost)

Microsoft Warns of 25 Critical Vulnerabilities in IoT, Industrial Devices

Azure Defender security team discovers that memory allocation is a systemic problem that can allow threat actors to execute malicious code remotely or cause entire systems to crash. (Threatpost)

29-04-202101-05-2021

/security-daily/ 01-05-2021 23:44:23