TSA's New Pipeline Cybersecurity Directive Mandates Hack Incident Reports
Hafnium hackers infiltrated Belgian government, Hackers got inside Fujitsu's information-sharing tool, Rowhammer attacks come closer to reality, European watchdogs warn of Clearview AI, more
Know anyone who would benefit from a premium subscription to Metacurity? Please give them the gift of staying up-to-date on cybersecurity developments.
On the heels of the highly disruptive ransomware attack on Colonial Pipeline, a new directive issued by the Transportation Security Administration (TSA) will require certain pipeline operators to report hacking incidents to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) within 12 hours. The directive will also levy fines starting at approximately $7,000 on operators for failing to comply with security guidelines, officials say.
The directive further requires pipeline operators to designate an executive to be available at all hours of the day to coordinate with DHS officials in the event of a cybersecurity incident. Finally, it orders pipeline companies to review current cyber practices and identify gaps and risks and report the results of those reviews to TSA and CISA within thirty days. (Sean Lyngaas / Cyberscoop)
Related: The Independent, Business Standard, Channel News Asia, The Seattle Times, CNN.com, Cyberscoop, The Hill: Cybersecurity, Inside Cybersecurity, NYT > Politics, Politico, CyberNews, Cyberscoop, ET news, Security Intelligence, NPR, Axios, DHS.gov
Belgian newspaper De Standaard reported that the entire computer system of the Belgian federal home affairs ministry was subject to a full, complicated cyberattack as far back as April 2019, with China identified as the culprit.
The hack appears to be an information-gathering effort related to the Hafnium hacking group that exploited Microsoft’s Exchange server vulnerabilities. (Alan Hope / The Brussels Times)
Security researchers at Check Point say that Chinese-speaking hackers posing as the United Nations targeted a small group of Uyghur Muslims inside China and Pakistan.
The hackers also tried to trick targets into running a fake antivirus scanner before opening the malicious documents in an attempt to exploit their fears of getting hacked. (Lorenzo Franceschi-Bicchierai / Motherboard)
The Ministry of Land, Infrastructure, Transport and Tourism and the National Cyber Security Center (NISC) of Japan announced that attackers obtained inside information via Fujitsu's "ProjectWEB" information sharing tool.
Fujitsu confirmed that attackers had gained unauthorized access to projects that used ProjectWEB and stolen proprietary data. The hackers were able to obtain 76,000 e-mail addresses and proprietary information, including the e-mail system settings. Fujitsu says they will be notifying the relevant authorities and work with their customers to identify the cause of the breach. (Ax Sharma / Bleeping Computer)
A software engineer at Asahi Linux, Hector Martin, discovered the first-ever vulnerability in Apple M1 chips, dubbed M1RACLES, that cannot be fixed without a silicon redesign.
The bug allowed two apps running on the same device to exchange data between one another via a secret channel at the CPU’s level, without using memory, sockets, files, or other standard operating system features. Martin said he notified Apple of the flaw, which has limited abuse potential in the wild for several reasons. In the meantime, Martin mounted a tongue-in-cheek website that skewers similar chip vulnerability websites of the past. (Catalin Cimpanu / The Record)
A group of Google security researchers says that improvements in how computer chips are designed, particularly miniaturization, have led them to develop an attack technique known as half-double. The method shows how the theoretical concern of something called a Rowhammer attack could be exploited in reality.
Rowhammer allows attackers to physically manipulate the electric charge in computer memory chips (known as DRAM) to corrupt or exfiltrate data. Google disclosed its findings to the semiconductor engineering trade organization JEDEC, which has issued two stop-gap mitigations. (Lily Hay Newman / Wired)
A hacktivist who runs a dark web site called The Concerned Citizen's Citizen Hack has scraped from the neighborhood watch app Citizen data related to 1.7 million crime or perceived crime incidents or events that Citizen relays to its users. The data includes GPS coordinates of where the incidents took place, their update history, a clip of the police radio that the incidents relate to, and associated images.
Although this data is ordinarily available to users of the Citizen app, its mass scraping provides it with more significant descriptive, predictive, and explanatory power. "It's like a full log of police activity in multiple U.S. cities," the hacktivist said. (Joseph Cox / Motherboard)
Public interest campaigners, including Privacy International and Noyb, filed a wave of complaints with data watchdogs in Austria, France, Greece, Italy, and the U.K. against facial recognition company Clearview AI.
The advocates urge regulators to declare that Clearview’s practices “have no place in Europe” because they violate privacy and civil liberties. (Stephanie Bodoni / Bloomberg)
Researchers from the CISPA Helmholtz Center for Information Security used a custom framework to assess the number of Chrome extensions tampering with security headers, putting users at risk for web-based attacks.
The research team analyzed 186,434 Chrome extensions available on the official Chrome Web Store last year and found that 2,485 extensions were intercepting and modifying at least one security header used by today's Top 100 most popular websites. They also found 553 extensions disabling four security headers. (Catalin Cimpanu / The Record)
Canadian postal agency Canada Post announced that Commport Communications, an electronic data interchange solution supplier, had notified them that Canada Post customers’ data had been “compromised” in an attack on May 19.
The postal agency informed 44 of its large business customers that malicious actors compromised information relating to more than 950,000 customers after Commport fell victim to a malware attack late last week. (Jackie Dunham / CTV News)
Related: Mobile Syrup
President Biden’s upcoming budget proposes increasing the size of U.S. Cyber Command’s Cyber Mission Force by 600 people, or 10%. If approved, this increase would be the first expansion of the Cyber Mission Force since its structure was set in 2012.
The estimated cost of this increase would be $100 million. (Martin Matishak and Lara Seligman / Politico)
Related: Defense Daily
Cloud security startup Wiz raised $120 million in a Series B venture funding round.
The funding round was led by Salesforce and Blackstone Group, with existing investors Greenoaks Capital, Advent International, Sequoia, and Insight Partners also participating. (Yaacov Benmeleh / Bloomberg)
Security analytics company Uptycs announced it had raised $50 million in a Series C venture investing funding round.
Norwest Venture Partners led the round with participation from Sapphire Ventures and ServiceNow Ventures. (Ron Miller / TechCrunch)
Cloud security vendor Zscaler agreed to buy Smokescreen Technologies to proactively hunt for emerging adversary tactics and techniques using deception technology. The terms of the deal were not disclosed.
The company believes that once the Smokescreen acquisition closes, its customers will change the economics of cyberattacks by making them far more costly, complex, and difficult for the adversary. (Michael Novinson / CRN)
Greg Goebel from Loveland CO, USA, CC BY-SA 2.0 via Wikimedia Commons