Hackers Targeted Russian Radio Station to Protest Moscow's Invasion of Ukraine
Tehran blames Mossad for cyberattack last fall, Mixed reports suggest U.S. might remove NSO Group from blacklist, Emotet is trying to steal credit card data from Chrome profiles, much more
My latest CSO column looks at the prominence of software supply chain security fixes at RSA, from SBOMs as discussed by Allan Friedman and Katie Stewart to a new proposal floated by SolarWinds CEO Sudhakar Ramakrishna, plus thoughts from Tony Sager and Steve Lipner.
In the latest of a string of attacks on Russian media outlets, hackers targeted Russian radio station Kommersant FM, broadcasting the Ukrainian national anthem and anti-war songs to protest Moscow’s invasion of Ukraine.
The hackers’ anti-war offering included Russian rock band Nogu Svelo!’s song "We Don't Need a War," which repeatedly features a quote from Russian Foreign Minister Sergei Lavrov that roughly translates to “a tough guy always keeps his word.” The station was quickly pulled off the air. “The radio station has been hacked. The internet stream will soon be reinstated,” the station confirmed in a statement. (The Moscow Times)
The head of the Tehran City Council blamed the Mossad and anti-government groups for a cyberattack against the municipality last November when Iranian websites were defaced with the message "Death to Khamenei - greetings to Rajavi."
Last week, a group called "Uprising until Overthrow," affiliated with The People's Mujahedin Organization of Iran (the Mujahedin-e-Khalq or MEK), claimed it had hacked into the Tehran municipality's security cameras and defaced the municipality's website with a graphic that criticized the "anti-human Khomeini." Referring to the cyberattack, the head of the Tehran City Council, Mehdi Chamran, said that "detailed planning was carried out by the Mossad and the hypocrites and the cooperation of all counter-revolutionaries" to hack the municipality's systems on the anniversary of Khomeini's death. (Tzvi Joffre / The Jerusalem Post)
According to two Israeli sources and one U.S. official, U.S. officials are pushing the Biden administration to remove Israeli cyber spying company NSO from the Department of Commerce blacklist.
According to the sources, the Biden administration is considering the Israeli request, although one source denies the administration is considering removing NSO from the blacklist. Removing NSO from the blacklist would be a reversal by the Biden administration. It would likely be criticized by progressives in the Democratic Party and Congress and many in the cybersecurity community. (Barak Ravid / Axios)
Security researcher Bob Diachenko discovered online a massive trove of more than 120,000 passports, driver’s licenses, and identity documents uploaded by users of the once-promising Chinese bike-sharing service Mobike.
Anyone who knew the easily guessable bucket name could browse the trove of passports and identity documents dating back to 2017 and growing in size every day from their web browser. The bucket stored identity documents that users must upload before using Mobike. The bucket also contained 94,000 customer selfies and 49,000 customer signatures for user identity verification. Almost all identity documents were for users in Latin America, including Argentina and Brazil. But none of the data was encrypted. (Zack Whittaker, Rita Liao / TechCrunch)
Zack Whittaker @zackwhittakerMobike was once a $2.7B bike-sharing giant. Users upload their passports and IDs to use the service. But those user IDs were left exposed until @MayhemDayOne found it in February. Even then, it took months to secure because nobody wanted to own up to it.🤦 https://t.co/lDRd2eFGC9
Researchers at Proofpoint report that the Emotet botnet is attempting to infect potential victims with a credit card stealer module designed to harvest credit card information stored in Google Chrome user profiles.
After stealing the credit card info (i.e., name, expiration month and year, card numbers), the malware will send it to command-and-control (C2) servers different than the Emotet card stealer module uses. (Sergiu Gatlan / Bleeping Computer)
Related: The Hacker News
Representative Jim Langevin (D-RI), an influential member of the House Homeland Security Committee and the Cyberspace Solarium Commission (CSC), is sounding the alarm over what he describes as continued inaction by the Environmental Protection Agency (EPA) to bolster the water sector’s cybersecurity defenses.
Speaking at a water sector cybersecurity virtual event hosted by the national security think tank the Foundation for the Defense of Democracies (FDD), Langevin said, “Knowing what we know about the cyber threats facing the water sector, this status quo simply cannot continue.” (Suzanne Smalley / Cyberscoop)
Suzanne Smalley @SuzanneMSmalleyCyberspace Solarium Commission official: @EPA only has 3 people working on water cybersecurity w/ a budget of less than $7 million. @WaterISAC official agrees, decries situation, saying “it’s a wonder” the water sector hasn’t been hit w/ more cyberattacks https://t.co/eGLFUZK10r
As the war in Ukraine continues, a long-standing battle between Russia and the United States over cyberspace is also heating up, with a top Russian diplomat, Andrei Krutskikh, the top cyber expert at the Russian foreign ministry, warning of “catastrophic” consequences if the United States or its allies “provoke” Russia with a cyberattack.
The U.S.-Russian contest over cyberspace will play out in this September’s election for a new secretary-general of the International Telecommunications Union, a U.N. agency that could, in theory, take over internet governance. Two leading candidates are Doreen Bogdan-Martin, an American who currently runs one of the ITU’s bureaus, and Rashid Ismailov, a Russian who has worked in his country’s communications ministry and for Huawei, Nokia, and other companies. (David Ignatius / Washington Post)
Saxophonist Merryl Goldberg who in 1985 traveled with three fellow musicians from the Boston Klezmer Conservatory Band, developed her own code to maintain the secrecy of the group’s activities and hide their communications from the prying eyes of Soviet officials.
Goldberg obscured names, addresses, and other details the group would need for their trip in handwritten compositions that looked, to an untrained eye, like the authentic melodies she’d written on other pages of a music composition book. The group had plans to meet the Phantom Orchestra, a dissident ensemble that Goldberg describes as an amalgamation of Jewish refuseniks (Jews who were barred from emigrating out of the USSR), Christian activists, and Helsinki monitors, watchdogs who tracked Soviet compliance with the 1975 Helsinki Accords. (Lily Hay Newman / Wired)
The Cybersecurity and Infrastructure Security Agency (CISA) launched the Cyber Innovation Fellows program to bring private sector experts into the agency on a short-term, part-time basis to lend their expertise to some of CISA’s most critical teams.
Fellows will work as part of the CISA team part-time for up to four months and be compensated by their private-sector employer. The first team of up to eight participants will begin this fall. Nomination packages for the Cyber Innovation Fellows will be received through July 8, 2022. (Steve Zurier / SC Magazine)
According to a newly-released report by the Government Accountability Office, the Columbia-class submarine program jumped billions in price, the Air Force’s T-7A trainer has a bird problem, and cyber concerns remain prevalent across the department.
Cybersecurity concerns are spread throughout the report, GAO’s Weapon System Annual Assessment, with a particularly eye-catching issue with the F-15EX raised by the watchdog. “The program continues to track a cybersecurity vulnerability risk stemming from the F-15EX design, derived from FMS aircraft and, according to the program, not designed to U.S. Air Force cybersecurity requirements,” the GAO found. (Aaron Mehta / Breaking Defense)
Researchers at Sentinel Labs discovered a previously unknown Chinese-speaking threat actor they call Aoqin Dragon that they link to malicious activity going as far back as 2013.
The hacking group is focused on cyber-espionage, targeting government, education, and telecommunication organizations based in Singapore, Hong Kong, Vietnam, Cambodia, and Australia. Since 2018, Aoqin Dragon has used a removable disk shortcut file that, when clicked, performs DLL hijacking and loads an encrypted backdoor payload. The malware runs under the name "Evernote Tray Application" and executes upon system start. If the loader detects removable devices, it copies the payload to infect other devices on the target's network. (Bill Toulas / Bleeping Computer)
Eric Goldstein, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), said the severe lack of ransomware incident reporting in the U.S. is hampering efforts by the government to protect organizations and businesses and also take retaliatory measures against the gangs launching attacks.
“A tiny fraction of ransomware infections are reported to the government and the problem is getting worse because we don’t even know what that actual number is. We have no idea the actual denominator of ransomware instructions that are occurring across the country on any given day,” Goldstein explained. (Jonathan Greig / The Record)
Tenafly Public Schools in New Jersey reverted to pen and paper after a ransomware attack crippled the district’s computer system.
Final exams were also canceled for all of the district’s high school students as the Bergen County school district tries to get its system back online with the help of cybersecurity consultants, officials said. When asked if the school district would pay the ransom, Corliss said “there was nothing definitive at this time.” (Jackie Roman / NJ.com)
Automated security and compliance company Vanta raised $110 million in a Series B venture funding round.
Craft Ventures led the round with participation from Sequoia, Y Combinator, and other existing investors. (Maria Deutscher / Silicon Angle)
Cloud-based cybersecurity, compliance and fraud solutions company DefenseStorm raised $15 million in a Series C venture funding round.
A $5 million investment led the round from JAM FINTOP, a venture fund with more than 80 community and mid-size bank limited partners. The remaining $10 million in funds came from existing investors. (Ionut Arghire / Security Week)
Orna, a Toronto, Canada-based provider of an AI-powered Security Orchestration, Automation and Response (SOAR) platform, raised $1M in a seed venture funding round.
WGG Capital Canada led the round. (FinSMEs)