(Check out my latest column on the Biden administration’s efforts to shame China and recruit a broad coalition of allies to do the same.)

The TSA (Transportation Safety Administration) has issued the second tranche of pipeline cybersecurity rules to shore up the weaknesses that brought down Colonial Pipeline earlier this year during a ransomware attack.

According to two people familiar with the matter, the rules in the draft viewed by the industry were requirements related to password updates, disabling Microsoft Corp. macros, and emerging programmable logic controllers. (Ari Natter and Jennifer Dlouhy / Bloomberg)

Related: Reuters, DHS, Washington Post, Devdiscourse News Desk, Homeland Security Today, InsideCyberSecurity.com

Cybersecurity and Infrastructure Security Agency @CISAgov

The latest Security Directive requires critical pipeline owners & operators to take proven steps to strengthen their cybersecurity. We advised @TSA in the development of this directive and we are ready to support our partners to fulfill these requirements.

Homeland Security @DHSgov

In response to the ongoing cybersecurity threat to pipelines, @TSA today announced a second Security Directive requiring owners/operators of critical pipelines to implement a number of urgently needed protections against #cyber intrusions.    https://t.co/batNORKJ4I

July 20th 2021

9 Retweets16 Likes

The zero-click attacks that allowed NSO group’s Pegasus spyware to infect targeted users’ phones can work on the newest generations of iPhones despite Apple’s efforts to harden their devices against malware.

Amnesty International’s Security Lab examined 67 smartphones whose numbers were on the Forbidden Stories list and found forensic evidence of Pegasus infections or attempts at infections in 37, of which 34 were iPhones. (Craig Timberg, Reed Albergotti and Elodie Guéguen / Washington Post)

Related: DataBreachToday.com, The Guardian, Thomas Brewster - Forbes, Thomas Brewster - Forbes, 9to5Mac, Bleeping Computer, Spyware news, The Washington Post, Forbes, Business Insider, Apple 3.0, Daily Mail, DataBreachToday.com, The Guardian, Philip Elmer DeWitt's Apple 3.0, Tech Insider, CRN, AppleInsider, Business Insider, GBHackers On Security, Schneier on Security, CNBC Technology, Times of India, Washington Post, 9to5Mac

Norwegian Foreign Minister Ine Eriksen Soereide said that China carried out a March 10 cyberattack on the Nordic country's parliament e-mail system.

The attack was attributed to the Chinese threat group Hafnium, which infiltrated Microsoft’s Exchange email server to implant malicious surveillance software. (Nori Buli / Reuters)

Related: RT News, Insider Paper

󠀌Sergiu Gatlan @serghei

China behind March 2021 breach of Storting, the Norwegian Parliament: stortinget.no/no/Hva-skjer-p… More details here: bleepingcomputer.com/news/security/… Storting members' emails also breached last year by Russian-backed attackers per Norwegian Police Security Service: bleepingcomputer.com/news/security/…

July 19th 2021

2 Retweets1 Like

Narendra Modi’s government in India has been accused of treason by political opposition following the revelations of widespread infection of mobile phones with NSO Group’s Pegasus software by despotic regimes.

Two of the infected phone numbers belong to India’s most prominent political opposition figure, Rahul Gandhi, who led the Congress party to defeat in the 2019 elections.  According to a statement issued by Congress, “This is clearly treason and total abdication of national security by the Modi government, more so when the foreign company could possibly have access to this data.” (Hannah Ellis-Petersen and Michael Safi / The Guardian)

Related: Washington Post

The Morgan County school system in West Virginia is trying to recover from a ransomware attack in which the purported Russian threat actors are demanding $70 million to unlock files seized earlier this month.

School officials have reached out to the West Virginia Board of Risk Insurance Management (BRIM) about a claim to cover the damages. (Steve Cohen / WDVM)

Related: Morgan Messenger

Brett Callow @BrettCallow

An unnamed group is demanding $70 million - yup, *million* - from a W-Va school district. The previous biggest ask from an SD was the $50 million Conti demanded from Broward County. Morgan County is the 56th SD to be hit this year. Morgan County, W.Va. school system working its way out of a ransomware attackBERKELEY SPRINGS, W.Va. (WDVM) — The Morgan County school system is trying to recover from a ransomware attack. The FBI has been alerted after a hacker group, possibly from Russia, is demanding $70 million dollars from the school system to unlock files that were seized earlier this month. The school…localdvm.com

July 19th 2021

104 Retweets156 Likes

A threat actor group known as ZeroX is offering for sale 1 TB of proprietary data stolen from oil giant Saudi Aramco. The files in the dump are as recent as 2020 but go back to 1993.

Saudi Aramco has pinned this data incident on third-party contractors and says the attackers gained access to the data by exploiting an unspecified zero-day flaw. (Ax Sharma / Bleeping Computer)

Related: Techradar, Exploit One

Researchers at ZecOps say that an innocuous bug discovered by Danish security researcher Carl Schou turns out to be far because it can be used for remote code execution attacks.

The bug could crash any up-to-date iPhone that connected to an access point or WiFi network with a name of %p%s%s%s%s%n. iOS experts said that disabling WiFi and resetting iOS network settings could easily set things right. However, ZecOps researchers applied a new string pattern that, when added to WiFi network names, could allow threat actors to abuse the crash-pattern loop in the WiFi service to execute custom code in what could be described as a use-after-free vulnerability. ZecOps is now advising iPhone and iPad users to update their devices to the latest iOS version to prevent threat actors from exploiting this issue (Catalin Cimpanu / The Record)

Related: The Sun, Reddit - cybersecurity, iPhone Hacks, ZecOps

Binni Shah @binitamshah

Meet WiFiDemon – iOS WiFi RCE 0-Day Vulnerability, and a Zero-Click Vulnerability That Was Silently Patched : blog.zecops.com/research/meet-… credits @ZecOps

July 19th 2021

48 Retweets147 Likes

Campbell Conroy & O'Neil, a US law firm counseling dozens of Fortune 500 and Global 500 companies, has disclosed a data breach following a February 27, 2021 ransomware attack.

Campbell said the hackers were able to access "certain individuals' names, dates of birth, driver's license numbers/state identification numbers, financial account information, Social Security numbers, passport numbers, payment card information, medical information, health insurance information, biometric data, and/or online account credentials (i.e., usernames and passwords)." Campbell offered 24 months of free credit monitoring, fraud consultation, and identity theft restoration services to all individuals whose Social Security numbers or equivalent information was exposed during the attack. (Sergiu Gatlan / Bleeping Computer)

Related: Heimdal Security Blog, ZDNet, CNN, Dark Reading, Campbell, Control & O’Neil

UK government train operator Northern Trains shut down its ticket machines following a suspected ransomware attack.

Northern said that it was infected by a ransomware attack last week and took all ticket machines offline. (Hannah Murphy and Philip Georgiadis / Financial Times)

Related: ZDNet, BBC News

Kevin Beaumont @GossiTheDog

My local train service has been ransomwared since last week. Guess I’ll not be getting the train. Northern’s ticket machines hit by ransomware cyber attackNorthern rail’s new self-service machines were installed at 420 stations two months ago.bbc.co.uk

July 19th 2021

44 Retweets146 Likes

One of the title industry’s leading cloud-hosting providers, Cloudstar, has been sidelined by a ransomware attack, which can create havoc throughout the title industry if customers cannot close housing loans.

Cloudstar said it has contacted law enforcement and does not know when its system will be accessible to customers. (The Title Report)

Related: Housing Wire, RISMedia, The Record

Boston-based cybersecurity company Rapid7 said it had acquired Intsights, a threat intelligence firm with Israeli roots, in a deal valued at $335 million.

This deal is the fourth in a string of acquisitions made by Rapid7 as it looks to enhance its platform’s ability to detect and respond to cyberattacks. (Pranshu Verma / Boston Globe)

Related: Venture Beat, CRN, ZDNet

OPSWAT, a critical infrastructure protection (CIP) solutions provider, has acquired operational technology (OT) and industrial control systems (ICS) security company Bayshore Networks.

As part of the acquisition, OPSWAT will integrate Bayshore Networks products and teams, extending OPSWAT's CIP capabilities to OT/ICS environments. The financial terms of the deal were not announced. (Dan Kobialka / MSSP Alert)

Related: Arc Viewpoints, PR Newswire, Help Net Security

Photo by JJ Ying on Unsplash