TSA Releases Second Cybersecurity Directive for Pipeline Companies

Pegasus shows iPhones are not immune to malware, Norway blames China for parliament cyberattacks, Ransomware hackers demand $70 million from WVA school system, much more

(Check out my latest column on the Biden administration’s efforts to shame China and recruit a broad coalition of allies to do the same.)

The TSA (Transportation Safety Administration) has issued the second tranche of pipeline cybersecurity rules to shore up the weaknesses that brought down Colonial Pipeline earlier this year during a ransomware attack.

According to two people familiar with the matter, the rules in the draft viewed by the industry were requirements related to password updates, disabling Microsoft Corp. macros, and emerging programmable logic controllers. (Ari Natter and Jennifer Dlouhy / Bloomberg)

Related: Reuters, DHS, Washington Post, Devdiscourse News DeskHomeland Security TodayInsideCyberSecurity.com

The zero-click attacks that allowed NSO group’s Pegasus spyware to infect targeted users’ phones can work on the newest generations of iPhones despite Apple’s efforts to harden their devices against malware.

Amnesty International’s Security Lab examined 67 smartphones whose numbers were on the Forbidden Stories list and found forensic evidence of Pegasus infections or attempts at infections in 37, of which 34 were iPhones. (Craig Timberg, Reed Albergotti and Elodie Guéguen / Washington Post)

Related: DataBreachToday.comThe GuardianThomas Brewster - ForbesThomas Brewster - Forbes9to5Mac, Bleeping ComputerSpyware newsThe Washington Post, Forbes, Business Insider, Apple 3.0, Daily MailDataBreachToday.comThe GuardianPhilip Elmer DeWitt's Apple 3.0Tech InsiderCRNAppleInsiderBusiness InsiderGBHackers On SecuritySchneier on Security, CNBC TechnologyTimes of IndiaWashington Post9to5Mac

Norwegian Foreign Minister Ine Eriksen Soereide said that China carried out a March 10 cyberattack on the Nordic country's parliament e-mail system.

The attack was attributed to the Chinese threat group Hafnium, which infiltrated Microsoft’s Exchange email server to implant malicious surveillance software. (Nori Buli / Reuters)

Related: RT NewsInsider Paper

Twitter avatar for @serghei󠀌Sergiu Gatlan @serghei
China behind March 2021 breach of Storting, the Norwegian Parliament:
stortinget.no/no/Hva-skjer-p… More details here: bleepingcomputer.com/news/security/… Storting members' emails also breached last year by Russian-backed attackers per Norwegian Police Security Service: bleepingcomputer.com/news/security/… Image

Narendra Modi’s government in India has been accused of treason by political opposition following the revelations of widespread infection of mobile phones with NSO Group’s Pegasus software by despotic regimes.

Two of the infected phone numbers belong to India’s most prominent political opposition figure, Rahul Gandhi, who led the Congress party to defeat in the 2019 elections.  According to a statement issued by Congress, “This is clearly treason and total abdication of national security by the Modi government, more so when the foreign company could possibly have access to this data.” (Hannah Ellis-Petersen and Michael Safi / The Guardian)

Related: Washington Post

The Morgan County school system in West Virginia is trying to recover from a ransomware attack in which the purported Russian threat actors are demanding $70 million to unlock files seized earlier this month.

School officials have reached out to the West Virginia Board of Risk Insurance Management (BRIM) about a claim to cover the damages. (Steve Cohen / WDVM)

Related: Morgan Messenger

A threat actor group known as ZeroX is offering for sale 1 TB of proprietary data stolen from oil giant Saudi Aramco. The files in the dump are as recent as 2020 but go back to 1993.

Saudi Aramco has pinned this data incident on third-party contractors and says the attackers gained access to the data by exploiting an unspecified zero-day flaw. (Ax Sharma / Bleeping Computer)

Related: TechradarExploit One

Researchers at ZecOps say that an innocuous bug discovered by Danish security researcher Carl Schou turns out to be far because it can be used for remote code execution attacks.

The bug could crash any up-to-date iPhone that connected to an access point or WiFi network with a name of %p%s%s%s%s%n. iOS experts said that disabling WiFi and resetting iOS network settings could easily set things right. However, ZecOps researchers applied a new string pattern that, when added to WiFi network names, could allow threat actors to abuse the crash-pattern loop in the WiFi service to execute custom code in what could be described as a use-after-free vulnerability. ZecOps is now advising iPhone and iPad users to update their devices to the latest iOS version to prevent threat actors from exploiting this issue (Catalin Cimpanu / The Record)

Related: The SunReddit - cybersecurityiPhone Hacks, ZecOps

Campbell Conroy & O'Neil, a US law firm counseling dozens of Fortune 500 and Global 500 companies, has disclosed a data breach following a February 27, 2021 ransomware attack.

Campbell said the hackers were able to access "certain individuals' names, dates of birth, driver's license numbers/state identification numbers, financial account information, Social Security numbers, passport numbers, payment card information, medical information, health insurance information, biometric data, and/or online account credentials (i.e., usernames and passwords)." Campbell offered 24 months of free credit monitoring, fraud consultation, and identity theft restoration services to all individuals whose Social Security numbers or equivalent information was exposed during the attack. (Sergiu Gatlan / Bleeping Computer)

Related: Heimdal Security BlogZDNet, CNN, Dark Reading, Campbell, Control & O’Neil

UK government train operator Northern Trains shut down its ticket machines following a suspected ransomware attack.

Northern said that it was infected by a ransomware attack last week and took all ticket machines offline. (Hannah Murphy and Philip Georgiadis / Financial Times)

Related: ZDNet, BBC News

One of the title industry’s leading cloud-hosting providers, Cloudstar, has been sidelined by a ransomware attack, which can create havoc throughout the title industry if customers cannot close housing loans.

Cloudstar said it has contacted law enforcement and does not know when its system will be accessible to customers. (The Title Report)

Related: Housing Wire, RISMedia, The Record

Boston-based cybersecurity company Rapid7 said it had acquired Intsights, a threat intelligence firm with Israeli roots, in a deal valued at $335 million.

This deal is the fourth in a string of acquisitions made by Rapid7 as it looks to enhance its platform’s ability to detect and respond to cyberattacks. (Pranshu Verma / Boston Globe)

Related: Venture Beat, CRN, ZDNet

OPSWAT, a critical infrastructure protection (CIP) solutions provider, has acquired operational technology (OT) and industrial control systems (ICS) security company Bayshore Networks.

As part of the acquisition, OPSWAT will integrate Bayshore Networks products and teams, extending OPSWAT's CIP capabilities to OT/ICS environments. The financial terms of the deal were not announced. (Dan Kobialka / MSSP Alert)

Related: Arc Viewpoints, PR Newswire, Help Net Security

Photo by JJ Ying on Unsplash