TSA Releases Second Cybersecurity Directive for Pipeline Companies
Pegasus shows iPhones are not immune to malware, Norway blames China for parliament cyberattacks, Ransomware hackers demand $70 million from WVA school system, much more
(Check out my latest column on the Biden administration’s efforts to shame China and recruit a broad coalition of allies to do the same.)
The TSA (Transportation Safety Administration) has issued the second tranche of pipeline cybersecurity rules to shore up the weaknesses that brought down Colonial Pipeline earlier this year during a ransomware attack.
According to two people familiar with the matter, the rules in the draft viewed by the industry were requirements related to password updates, disabling Microsoft Corp. macros, and emerging programmable logic controllers. (Ari Natter and Jennifer Dlouhy / Bloomberg)
Homeland Security @DHSgovIn response to the ongoing cybersecurity threat to pipelines, @TSA today announced a second Security Directive requiring owners/operators of critical pipelines to implement a number of urgently needed protections against #cyber intrusions. https://t.co/batNORKJ4I
The zero-click attacks that allowed NSO group’s Pegasus spyware to infect targeted users’ phones can work on the newest generations of iPhones despite Apple’s efforts to harden their devices against malware.
Amnesty International’s Security Lab examined 67 smartphones whose numbers were on the Forbidden Stories list and found forensic evidence of Pegasus infections or attempts at infections in 37, of which 34 were iPhones. (Craig Timberg, Reed Albergotti and Elodie Guéguen / Washington Post)
Related: DataBreachToday.com, The Guardian, Thomas Brewster - Forbes, Thomas Brewster - Forbes, 9to5Mac, Bleeping Computer, Spyware news, The Washington Post, Forbes, Business Insider, Apple 3.0, Daily Mail, DataBreachToday.com, The Guardian, Philip Elmer DeWitt's Apple 3.0, Tech Insider, CRN, AppleInsider, Business Insider, GBHackers On Security, Schneier on Security, CNBC Technology, Times of India, Washington Post, 9to5Mac
Norwegian Foreign Minister Ine Eriksen Soereide said that China carried out a March 10 cyberattack on the Nordic country's parliament e-mail system.
The attack was attributed to the Chinese threat group Hafnium, which infiltrated Microsoft’s Exchange email server to implant malicious surveillance software. (Nori Buli / Reuters)
Narendra Modi’s government in India has been accused of treason by political opposition following the revelations of widespread infection of mobile phones with NSO Group’s Pegasus software by despotic regimes.
Two of the infected phone numbers belong to India’s most prominent political opposition figure, Rahul Gandhi, who led the Congress party to defeat in the 2019 elections. According to a statement issued by Congress, “This is clearly treason and total abdication of national security by the Modi government, more so when the foreign company could possibly have access to this data.” (Hannah Ellis-Petersen and Michael Safi / The Guardian)
Related: Washington Post
The Morgan County school system in West Virginia is trying to recover from a ransomware attack in which the purported Russian threat actors are demanding $70 million to unlock files seized earlier this month.
School officials have reached out to the West Virginia Board of Risk Insurance Management (BRIM) about a claim to cover the damages. (Steve Cohen / WDVM)
Related: Morgan Messenger
A threat actor group known as ZeroX is offering for sale 1 TB of proprietary data stolen from oil giant Saudi Aramco. The files in the dump are as recent as 2020 but go back to 1993.
Saudi Aramco has pinned this data incident on third-party contractors and says the attackers gained access to the data by exploiting an unspecified zero-day flaw. (Ax Sharma / Bleeping Computer)
Researchers at ZecOps say that an innocuous bug discovered by Danish security researcher Carl Schou turns out to be far because it can be used for remote code execution attacks.
The bug could crash any up-to-date iPhone that connected to an access point or WiFi network with a name of %p%s%s%s%s%n. iOS experts said that disabling WiFi and resetting iOS network settings could easily set things right. However, ZecOps researchers applied a new string pattern that, when added to WiFi network names, could allow threat actors to abuse the crash-pattern loop in the WiFi service to execute custom code in what could be described as a use-after-free vulnerability. ZecOps is now advising iPhone and iPad users to update their devices to the latest iOS version to prevent threat actors from exploiting this issue (Catalin Cimpanu / The Record)
Campbell Conroy & O'Neil, a US law firm counseling dozens of Fortune 500 and Global 500 companies, has disclosed a data breach following a February 27, 2021 ransomware attack.
Campbell said the hackers were able to access "certain individuals' names, dates of birth, driver's license numbers/state identification numbers, financial account information, Social Security numbers, passport numbers, payment card information, medical information, health insurance information, biometric data, and/or online account credentials (i.e., usernames and passwords)." Campbell offered 24 months of free credit monitoring, fraud consultation, and identity theft restoration services to all individuals whose Social Security numbers or equivalent information was exposed during the attack. (Sergiu Gatlan / Bleeping Computer)
UK government train operator Northern Trains shut down its ticket machines following a suspected ransomware attack.
Northern said that it was infected by a ransomware attack last week and took all ticket machines offline. (Hannah Murphy and Philip Georgiadis / Financial Times)
One of the title industry’s leading cloud-hosting providers, Cloudstar, has been sidelined by a ransomware attack, which can create havoc throughout the title industry if customers cannot close housing loans.
Cloudstar said it has contacted law enforcement and does not know when its system will be accessible to customers. (The Title Report)
Boston-based cybersecurity company Rapid7 said it had acquired Intsights, a threat intelligence firm with Israeli roots, in a deal valued at $335 million.
This deal is the fourth in a string of acquisitions made by Rapid7 as it looks to enhance its platform’s ability to detect and respond to cyberattacks. (Pranshu Verma / Boston Globe)
OPSWAT, a critical infrastructure protection (CIP) solutions provider, has acquired operational technology (OT) and industrial control systems (ICS) security company Bayshore Networks.
As part of the acquisition, OPSWAT will integrate Bayshore Networks products and teams, extending OPSWAT's CIP capabilities to OT/ICS environments. The financial terms of the deal were not announced. (Dan Kobialka / MSSP Alert)