CISA Intends to Keep On Keeping On

CISA says its mission is unchanged after Krebs' firing, APT 10 targets U.S. companies with Japanese connections, Canada's top intel arm warns of electricity attacks, IoT security bill passes, more

In the aftermath of the high-profile firing of Christopher Krebs, head of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) who worked for four years to shore up U.S. elections from threats, CISA appears unfazed in its mission to carry on what it was doing, despite the obvious wrath it might earn from Donald Trump.

The head of election security at CISA, Matt Masterson, tweeted yesterday that the “mission is unchanged.”

Wales, a longtime civil servant, receives high marks from specialists. He also sent an email to CISA employees stating, “We made great strides in our election security efforts, and we need to stay focused on continuing to provide the assistance and guidance that state and local election officials have come to rely on.” Sean Lyngaas at Cyberscoop has the details.

Chinese APT Hacking Campaign Targets Japan-Linked Companies in the U.S.

According to researchers at Symantec, a massive hacking campaign by a group code-named Cicada is using sophisticated tools and techniques to compromise the networks of companies around the world. The group is most likely funded by the Chinese government and carries the name APT10, Stone Panda, and Cloud Hopper from other research organizations. Although the companies targeted in the recent campaign are in the U.S., most have links to Japan or Japanese companies. (Dan Goodin / Ars Technica)

Related: FudzillaInfosecurity MagazineSecurity News | Tech TimesThe Register

Canada’s Top Intel Agency Says China, Russia, Iran, and North Korea Might Go After Electricity Supply

Canada’s primary foreign intel arm, the Communications Security Establishment (CSE) signals intelligence agency, identified state-sponsored programs in China, Russia, Iran, and North Korea as major cybercrime threats for the first time, saying it feared these adversaries are going after Canada’s power supply. “State-sponsored actors are very likely attempting to develop the additional cyber capabilities required to disrupt the supply of electricity,” CSE’s second-ever assessment said. CSE’s first assessment in 2018 mentioned foreign-based threat actors but didn’t name the countries. (David Ljunggren / Reuters)

Related: MobileSyrup.comCTVNews.ca, CBC, Global News

Congress Passes IoT Improvement Act That Asks NIST to Development Security Recommendations

The Senate passed by unanimous consent the Internet of Things Cybersecurity Improvement Act mandating certain security requirements for the internet of things devices purchased by the federal government. The legislation, which had been stalled since 2017, was passed by the House in September with Representatives Will Hurd (R-TX) and Robin Kelly (D-IL) as the sponsors. Senators Mark Warner (D-VA) and Cory Gardner (R-CO), co-chairs of the Senate Cybersecurity Caucus, have been sponsoring different legislation versions since 2017. The bill asks the National Institute of Standards and Technology (NIST) to devise recommendations for secure development, identity management, patching, and configuration management for IoT devices. OMB would be required to issue federal guidelines consistent with those recommendations. (Justin Katz / FCW)

Related: Security Week, i360govThe Hill: Cybersecurity, ZDNet Security, Rapid7

Cisco Fixes Flaws That Could Have Allowed Attackers to Join Ongoing Meetings

Cisco fixed three Webex meeting security vulnerabilities that would have allowed attackers to join ongoing meetings as ghost participants and gain access to meeting attendee information. Cisco has addressed the vulnerabilities by patching cloud-based Cisco Webex Meetings sites and releasing security updates for on-premises software such as the Cisco Webex Meetings mobile app and the Cisco Webex Meetings Server software. (Sergiu Gatlan / Bleeping Computer)

Related: Reddit - cybersecurityZDNet SecuritySecurity IntelligenceCyberscoopTechRepublicSecurity AffairsArs Technica, Dark Reading: Threat IntelligenceThreatpost

Google to Add New ‘Privacy Practices’ Button on Chrome Web Store for Extension Developers to Disclose the Data They Collect

Google will add a new “privacy practices” button on the Chrome Web Store where extension developers will disclose what user data they're collecting from users and what they plan to do with the information. The button is set to go into effect on January 18, 2021. In the meantime, Google has a new section today in the Web Store dashboard where extension developers will be able to disclose what data they collect from their users and for what purposes. (Catalin Cimpanu / ZDNet)

Related: Chromium Blogxda-developersAppleInsiderThreatpostWCCFtech9to5GoogleAndroid Police, Slashdot

Cryptocurrency Exchange Liquid Says Hackers Gained Access to Customers’ Personal Information

Cryptocurrency exchange Liquid disclosed details about a hack that exposed its customers’ personal information, possibly including names, addresses, and encrypted passwords. Liquid said that on November 13, hackers gained control over domain names (quoine.com, Liquid’s Japanese parent company) after hacking into its domain name hosting provider.  This breach allowed hackers to control company email addresses and gain access to document storage. Liquid said they intercepted and contained the attack but that the hackers stole personal information about customers and urged customers to change their passwords. (Robert Stevens / Decrypt)

Related: Liquid, CryptobriefingGraham CluleyPYMNTS.comZDNet Security, Databreaches.net

Email Breach at Hospital in Own May Have Exposed Detailed Information on Over 60,000 Iowans

Over 60,000 Iowans’ data may have been put at risk after an email account of a Mercy City Iowa employee was accessed by an authorized user between May 15 and June 24. The breach was discovered on June 24 by a forensics firm. Hospital officials discovered that the email account had access to personal information from names and Social Security numbers to medical treatments and health insurance information. The breach may have impacted around 60,473 Iowans. (Hillary Ojeda / Iowa City Press-Citizen)

Related: KCRGKWWLDatabreaches.net

Email Security Start-Up Abnormal Security Raises $50 Million in Series B Round

Email security start-up Abnormal Security, founded by two former Twitter employees, landed a $50 million Series B venture funding round led by Menlo Ventures with previous investor Greylock's participation. The company uses behavioral profiling to predict socially engineered email attacks. (Kenric Cai / Forbes)

Related: CRNSecurityWeek

Other Infosec Developments

  • Cryptocurrency security start-up Fireblocks raised $30 million in a Series B funding round led by Paradigm, with participation from Fireblocks’ existing investors Galaxy Digital, Digital Currency Group, Cyberstarts, Tenaya Capital, Swisscom, and Cedar Hill Capital. Fireblocks says it offers an enterprise-grade platform that helps institutional investors, such as hedge funds, exchanges, and over-the-counter trading desks, to move, store or issue digital assets securely. (Jeffrey Gogo / Bitcoin.com)

  • Managed.com, a major web hosting provider, suffered a ransomware attack on November 16 that impacted its public-facing web hosting systems, resulting in some customer sites having their data encrypted. Hours after the attack, the company took down its entire infrastructure and is now working to restore it. (Catalin Cimpanu / ZDNet)

    Related: Tech TimesDataBreaches.net

  • Popular dating app Bumble fixed a security flaw that could have allowed attackers to steal millions of its users' personal data. The flaw, discovered by Independent Security Evaluators researcher Sanjana Sarda, allowed attackers to bypass paying for Bumble Boost premium services and gain access to data on nearly 100 million users. (Becky Bracken / Threatpost)

Photo by Benedikt Geyer on Unsplash