TSA to Issue Cybersecurity Rules for Pipeline Companies
New data-wiping Iranian threat actor hides under ransomware, New threat actor targets flaws in Bluetooth Core and Mesh Profile Specs, Operator of Deer.io sentenced to 30 months, more
Don’t miss out on upcoming content available to only premium subscribers. Plus, gain access to our archives by signing up for a premium subscription now. Thank you!
In the aftermath of the highly disruptive ransomware attack on Colonial Pipeline, the Transportation Safety Administration (TSA), a unit inside the Department of Homeland Security, will issue a security directive this week requiring pipeline companies to report cybersecurity incidents to federal authorities, according to DHS officials.
The directive will require pipeline companies to report cyber incidents to TSA and CISA and to have a security official, such as a chief information security officer, with a 24/7 direct line to TSA and CISA to report an attack. It will also require companies to assess the security of their systems against existing cyber guidelines, although fixing any gaps is voluntary.
In addition, TSA will issue more robust rules over the coming weeks that will require companies to correct any problems and address shortcomings or face financial penalties, officials said. (Ellen Nakashima and Lori Aratani / Washington Post)
Related: IT Pro, Reddit - cybersecurity, Washington Post, CNN.com - Politics, Cyberscoop, Infosecurity Magazine, Business Insider, isssource.com, Engadget, Associated Press Technology, ABC News: U.S., The Independent, Channel News Asia, Slashdot, Inforisk Today, ZDNet Security, The Hill: Cybersecurity, TribLIVE, Washington Post - Cybersecurity 202, JD Supra, Mondaq.Com, Cybereason Blog, Blogs | Zscaler
SentinelOne researchers discovered a new threat actor operating out of Iran named Agrius, which heavily relied on data-wiping malware to destroy its targets’ IT infrastructure and masked their attacks as ransomware extortions.
In the initial attacks, Agrius used a data-wiping malware named DEADWOOD (aka Detbosit), a tool that has also been used by other Iranian threat actors in past attacks. After the initial compromise, Agrius asked for a ransom payment to distract the victim’s IT teams from the real purpose of their attacks. (Catalin Cimpanu / The Record)
An advisory from Carnegie Mellon CERT Coordination Center warned that malicious actors could exploit newly discovered security weaknesses in Bluetooth Core and Mesh Profile Specifications to masquerade as legitimate devices and carry out man-in-the-middle (MitM) attacks.
The Android Open Source Project (AOSP), Cisco, Cradlepoint, Intel, Microchip Technology, and Red Hat are among the identified vendors with products impacted by these security flaws. AOSP, Cisco, and Microchip Technology said they are currently working to mitigate the issues. (Ravie Lakshmanan / The Hacker News)
Google added an extra layer of protection to its My Activity service that allows users to put a password on their web and activity pages, thereby protecting anyone from accessing users’ browsing histories.
However, Google warns that the extra protection applies only to My Activity. Users’ history may still appear in other Google products. (Hagop Kavafian / Android Police)
Russian security researcher Kirill Firsov, the operator of the now-defunct site Deer.io, has been sentenced to 30 months in prison for his role in administering the online marketplace, which sold stolen account credentials, credit card information, and hacked accounts.
When he was arrested, Firsov’s site hosted about 3,000 active shops with sales exceeding $17 million. (Adam Janofsky / The Record)
Facebook-owned messaging app WhatsApp filed suit in India’s New Delhi High Court seeking to stop new government rules that would require the company to trace users’ encrypted messages.
Those new rules grant the Indian government sweeping powers to remove content that undermines national security, public order, and “decency or morality” and require communications platforms like WhatsApp to trace content back to its creator. (Newley Purnell and Jeff Horwitz / Wall Street Journal)
Related: MediaNama, iPhone Hacks, Variety, NYT > World, RT News, Deccan Chronicle, CNN.com, Financial Times Technology, TechCrunch, iMore, Forbes, Neowin, India Today Latest Stories, Channel News Asia, Reuters, The Guardian, Associated Press Technology, The Independent, ZDNet.com.au, Android Central, Infosecurity Magazine
In a bid to comply with China’s “cybersecurity” laws, automaker Tesla said that it would store all data generated from cars it sold in China in a new data center there.
Tesla’s decision follows government and public scrutiny in China of its handling of potentially sensitive data about vehicle users, car performance, and geographical information. (Trefor Moss / Wall Street Journal)
A new report from the U.S. Government Accountability Office found that rising premiums and struggles by some insurers to quantify the costs and losses that stem from cybersecurity incidents remain some of the biggest obstacles to further adoption of cybersecurity insurance.
The report also said that education and healthcare had the highest take up rates of cyber insurance between 2016 and 2020. (Derek B. Johnson / SC Magazine)
VMware is urging its vCenter users to update vCenter Server versions 6.5, 6.7, and 7.0 immediately, after a pair of vulnerabilities, one of which can lead to remote code execution, were reported to the company.
The more serious flaw, CVE-2021-21985, relates to a remote code execution vulnerability in a vSAN plugin enabled by default in vCenter that an attacker could use to run whatever they wished on the underlying host machine, provided they can access port 443. (Chris Duckett / ZDNet)
Ecommerce fraud detection company Forter has raised $300 million in a Series F venture funding round.
Tiger Global Management led the round with new backers, Third Point Ventures and Adage Capital Management, and existing investors Bessemer Venture Partners, Sequoia Capital, March Capital, NewView Capital, Salesforce Ventures, and Scale Venture Partners, also involved. (Ingrid Lunden / TechCrunch)
Email security company Material Security has raised $40M in Series B venture funding round.
The round was led by solo Silicon Valley venture capitalist Elad Gil with Andreessen Horowitz and several individual tech industry leaders and investors participating in the round. (Robert Hackett / Fortune)
Related: Yahoo Finance
Email security startup Tessian has closed $65 million in a Series C venture funding round.
March Capital led the round. Existing investors Accel, Balderton Capital, Latitude, and Sequoia Capital also participated, along with new investor Schroder Adveq. (Natasha Lomas / TechCrunch)
API security company Salt Security has raised $70 million in a Series C venture funding round.
The round was led by Advent International, through Advent Tech, with participation from Alkeon Capital and DFJ Growth. Existing investors Sequoia Capital, Tenaya Capital, S Capital VC, and Y Combinator also participated in the round. (Chris Metinko / Crunchbase News)