TSA to Issue Cybersecurity Rules for Pipeline Companies

New data-wiping Iranian threat actor hides under ransomware, New threat actor targets flaws in Bluetooth Core and Mesh Profile Specs, Operator of Deer.io sentenced to 30 months, more

Don’t miss out on upcoming content available to only premium subscribers. Plus, gain access to our archives by signing up for a premium subscription now. Thank you!

In the aftermath of the highly disruptive ransomware attack on Colonial Pipeline, the Transportation Safety Administration (TSA), a unit inside the Department of Homeland Security, will issue a security directive this week requiring pipeline companies to report cybersecurity incidents to federal authorities, according to DHS officials.

The directive will require pipeline companies to report cyber incidents to TSA and CISA and to have a security official, such as a chief information security officer, with a 24/7 direct line to TSA and CISA to report an attack. It will also require companies to assess the security of their systems against existing cyber guidelines, although fixing any gaps is voluntary.

In addition, TSA will issue more robust rules over the coming weeks that will require companies to correct any problems and address shortcomings or face financial penalties, officials said. (Ellen Nakashima and Lori Aratani / Washington Post)

Related: IT ProReddit - cybersecurityWashington PostCNN.com - PoliticsCyberscoopInfosecurity MagazineBusiness Insider, isssource.comEngadgetAssociated Press TechnologyABC News: U.S., The IndependentChannel News AsiaSlashdotInforisk TodayZDNet SecurityThe Hill: CybersecurityTribLIVEWashington Post - Cybersecurity 202JD SupraMondaq.ComCybereason BlogBlogs | Zscaler

SentinelOne researchers discovered a new threat actor operating out of Iran named Agrius, which heavily relied on data-wiping malware to destroy its targets’ IT infrastructure and masked their attacks as ransomware extortions.

In the initial attacks, Agrius used a data-wiping malware named DEADWOOD (aka Detbosit), a tool that has also been used by other Iranian threat actors in past attacks. After the initial compromise, Agrius asked for a ransom payment to distract the victim’s IT teams from the real purpose of their attacks. (Catalin Cimpanu / The Record)

Related: ZDNet SecurityBleeping ComputerSentinelLabsLaw & Disorder – Ars Technica

An advisory from Carnegie Mellon CERT Coordination Center warned that malicious actors could exploit newly discovered security weaknesses in Bluetooth Core and Mesh Profile Specifications to masquerade as legitimate devices and carry out man-in-the-middle (MitM) attacks.

The Android Open Source Project (AOSP), Cisco, Cradlepoint, Intel, Microchip Technology, and Red Hat are among the identified vendors with products impacted by these security flaws. AOSP, Cisco, and Microchip Technology said they are currently working to mitigate the issues. (Ravie Lakshmanan / The Hacker News)

Related: SoftpediaSensors Tech ForumIT Pro, SecurityWeek, Carnegie Mellon University

Google added an extra layer of protection to its My Activity service that allows users to put a password on their web and activity pages, thereby protecting anyone from accessing users’ browsing histories.

However, Google warns that the extra protection applies only to My Activity. Users’ history may still appear in other Google products. (Hagop Kavafian / Android Police)

Related: Android CentralBGRInputPhandroidLifehackerTelecomlive.comGulf News TechnologyTechJuiceSlashGearMacworld

Russian security researcher Kirill Firsov, the operator of the now-defunct site Deer.io, has been sentenced to 30 months in prison for his role in administering the online marketplace, which sold stolen account credentials, credit card information, and hacked accounts.

When he was arrested, Firsov’s site hosted about 3,000 active shops with sales exceeding $17 million. (Adam Janofsky / The Record)

Related: Dark Reading: Attacks/BreachesThe Daily SwigTechNaduJustice.gov

Facebook-owned messaging app WhatsApp filed suit in India’s New Delhi High Court seeking to stop new government rules that would require the company to trace users’ encrypted messages.

Those new rules grant the Indian government sweeping powers to remove content that undermines national security, public order, and “decency or morality” and require communications platforms like WhatsApp to trace content back to its creator. (Newley Purnell and Jeff Horwitz / Wall Street Journal)

Related: MediaNamaiPhone HacksVarietyNYT > WorldRT NewsDeccan ChronicleCNN.comFinancial Times TechnologyTechCrunchiMoreForbesNeowinIndia Today Latest StoriesChannel News AsiaReutersThe GuardianAssociated Press TechnologyThe IndependentZDNet.com.auAndroid CentralInfosecurity Magazine

In a bid to comply with China’s “cybersecurity” laws, automaker Tesla said that it would store all data generated from cars it sold in China in a new data center there.

Tesla’s decision follows government and public scrutiny in China of its handling of potentially sensitive data about vehicle users, car performance, and geographical information. (Trefor Moss / Wall Street Journal)

Related: TechCrunchSouth China Morning PostGizmodo

A new report from the U.S. Government Accountability Office found that rising premiums and struggles by some insurers to quantify the costs and losses that stem from cybersecurity incidents remain some of the biggest obstacles to further adoption of cybersecurity insurance.

The report also said that education and healthcare had the highest take up rates of cyber insurance between 2016 and 2020. (Derek B. Johnson / SC Magazine)

Related: Cybersecurity ReviewSilicon UKSecurity MagazineInfosecurity Magazine, General Accounting Office

VMware is urging its vCenter users to update vCenter Server versions 6.5, 6.7, and 7.0 immediately, after a pair of vulnerabilities, one of which can lead to remote code execution, were reported to the company.

The more serious flaw, CVE-2021-21985, relates to a remote code execution vulnerability in a vSAN plugin enabled by default in vCenter that an attacker could use to run whatever they wished on the underlying host machine, provided they can access port 443. (Chris Duckett / ZDNet)

Related: The Hacker NewsGovCert.gov.hkSecurity Affairs, VMWare

Ecommerce fraud detection company Forter has raised $300 million in a Series F venture funding round.

Tiger Global Management led the round with new backers, Third Point Ventures and Adage Capital Management, and existing investors Bessemer Venture Partners, Sequoia Capital, March Capital, NewView Capital, Salesforce Ventures, and Scale Venture Partners, also involved. (Ingrid Lunden / TechCrunch)

Related: CTech

Email security company Material Security has raised $40M in Series B venture funding round.

The round was led by solo Silicon Valley venture capitalist Elad Gil with Andreessen Horowitz and several individual tech industry leaders and investors participating in the round. (Robert Hackett / Fortune)

Related: Yahoo Finance

Email security startup Tessian has closed $65 million in a Series C venture funding round.

March Capital led the round. Existing investors Accel, Balderton Capital, Latitude, and Sequoia Capital also participated, along with new investor Schroder Adveq. (Natasha Lomas / TechCrunch)

Related: SecurityWeek, UKTN (UK Tech News), Private Equity Wire, Global Security Magazine, VentureBeat, Security Informed

API security company Salt Security has raised $70 million in a Series C venture funding round.

The round was led by Advent International, through Advent Tech, with participation from Alkeon Capital and DFJ Growth. Existing investors Sequoia Capital, Tenaya Capital, S Capital VC, and Y Combinator also participated in the round. (Chris Metinko / Crunchbase News)

Related: Venture Beat, Yahoo Finance

Photo by Jay Skyler on Unsplash