White House to Meet With Tech Leaders to Discuss Open Source Software Security
Cyber Command releases samples of Iranian military hacking group, FCC eyes data breach reporting revamp, Ukraine police detain ransomware gang members, NSO spyware used in El Salvador, more
Biden administration officials will meet with key software developers and top tech firms today to discuss making open-source computer code more secure after a critical vulnerability emerged in the Java-based Log4j logging application last month.
The White House, the Defense Department, the Department of Homeland Security, and other departments and agencies will attend the virtual meeting and will discuss "what has worked and what else can be done to secure the open-source software that we all fundamentally rely on," according to a White House source. Amazon, Facebook parent company Meta, IBM, and Microsoft, among other businesses, and the Linux, Apache, Github, and other open-source software organizations will attend the meeting. (Sean Lyngaas / CNN)
U.S. Cyber Command posted more than a dozen malware samples to a public repository, saying that if network administrators see two or more of these samples on their systems, they may have been targeted by Iranian military hackers called MuddyWater, linked to the Iranian Ministry of Intelligence and Security (MOIS).
The samples represent “open-source tools Iranian intelligence actors are using in networks around the world,” according to CyberCom. (AJ Vicens / Cyberscoop)
USCYBERCOM Cybersecurity Alert @CNMF_CyberAlertIranian MOIS hacker group #MuddyWater is using a suite of malware to conduct espionage and malicious activity. If you see two or more of these malware on your network, you may have MuddyWater on it: https://t.co/xTI6xuQOg3. Attributed through @NCIJTF @FBI
Federal Communications Commission Chairwoman Jessica Rosenworcel said she has circulated among her fellow commissioners a notice of proposed rulemaking to update its data breach reporting regulations for communications carriers.
Among the proposed updates are eliminating the current seven business day mandatory waiting period for notifying customers of a breach, expanding customer protections by requiring notification of inadvertent breaches, and requiring carriers to notify the Commission of all reportable breaches in addition to the FBI and U.S. Secret Service. (Tonya Riley / Cyberscoop)
Ukraine’s Cyber Police Force said it had detained five who are part of a ransomware gang that carried out attacks against more than 50 companies across Europe and the Americas. The arrests followed a joint operation with the Main Investigation Department of the National Police, SBU officers, and in cooperation with law enforcement officers from Great Britain and the United States.
The arrests, which occurred earlier this week, targeted the group’s leader, a 36-year-old Kyiv resident, his wife, and three acquaintances. Officials say that the group hacked into government and private enterprise networks to steal data, installed ransomware to extort the victims, and carried out DDoS attacks to paralyze the hacked networks. The gang members are also accused of using underground money mule networks to transfer their profits to payment cards owned by fictitious persons. (Catalin Cimpanu / The Record)
The University of Toronto’s Citizen Lab said that dozens of journalists and human rights defenders in El Salvador had their cellphones repeatedly hacked with NSO Group’s Pegasus spyware over the past year and a half.
Citizen Lab could not conclusively link the hacks to El Salvador’s government but said, “the strong country-specific focus of the infections suggests that this is very likely.” Twenty-two of those targeted work for the independent news site El Faro, which during the period of hacking was working on stories related to the Bukele administration’s alleged deal-making with El Salvador’s street gangs to lower the homicide rate and support Bukele’s party in mid-term elections in exchange for benefits to gang leaders. (Christopher Sherman and Frank Bajak / Associated Press)
Related: The Times of Israel, Citizen Lab, Bloomberg Technology, ZDNet.com.au, CBC , The Mainichi, The Independent, WSJ.com, The New Arab, Security News | Tech Times, Al Jazeera English, The Record by Recorded Future, Entorinteligente.com, Al Bawaba, Tech Xplore, Security Week, El Faro
Apple has fixed a bug that could send an iPhone or iPad into a seemingly endless boot loop of death using Apple's Home app.
Security researcher Trevor Spiniolas warned Apple about the bug, but Apple had not issued a patch as of early this month. "I believe this bug is being handled inappropriately as it poses a serious risk to users and many months have passed without a comprehensive fix," Spiniolas warned. (Paul Wagenseil / Tom’s Guide)
Mozilla released Firefox 96 with patches for 18 security vulnerabilities affecting its flagship web browser and the Thunderbird mail program.
Of the newly patched security flaws, nine are high-severity while six carry a "medium-severity" rating, the most important of which is CVE-2022-22746, a race condition leading to the bypass of full-screen notification on Windows machines. (Ionut Arhire / Security Week)
A Nottingham Crown Court in the UK sentenced Robert Davies, a software engineer who remotely accessed his victims' files, photos, and webcams, to two years and two months in prison.
Davies hacked into a schoolgirl's webcam and secretly filmed her showering and undressing. He targeted 25 people in total, including some he knew, stealing chat histories and, in some cases, intimate photos and videos. (BBC News)
Researchers at Cisco Talos discovered that threat actors have been distributing Netwire, Nanocore, and AsyncRATs malware by leveraging AWS and Microsoft Azure cloud services.
The researchers say that using cloud infrastructure is a way for cyber attackers to avoid owning or managing their own private, paid infrastructure, such as through 'bulletproof' hosting, which may eventually capture the interest of law enforcement. The majority of victims in a recent campaign discovered by the researchers are in the US, Canada, and Italy, with a handful from Spain and South Korea. (Charlie Osborne / ZDNet)
According to new court records, a ransomware attack against Bernalillo County, New Mexico, confined county jail inmates to their cells because the incident disabled the facility’s surveillance cameras and data-collection capabilities.
The incident made the Albuquerque Metropolitan Detention Center unable to comply with the terms of a settlement agreement in a years-running lawsuit over jail conditions. (Ryan Boetel / Albuquerque Journal)
The Maryland Department of Health confirmed that a ransomware attack crippled its systems last month and forced many of its services offline.
For weeks, the department described the event as a “network security breach” and offered few other details about the nature of the incident. Chip Stewart, Maryland’s chief information security officer, said the threat actors demanded payment, but he and other department officials declined to specify the amount. They did not give in to the payment demands, according to Stewart. (Hallie Miller / Capital Gazette)
Mike Hellgren @HellgrenWJZState confirms it was a ransomware attack against the Maryland Department of Health. Maryland did not pay the ransom. The incident left the public in the dark about covid numbers for weeks while the state worked to protect its network and isolate against the threat. @wjz https://t.co/cnlH3jPBpQ
People who use the drive and collect system at Australian hardware at Bunnings Warehouse may have had their data compromised due to a massive security breach at scheduling platform FlexBooker.
The incident occurred in December. The FlexBooker breach affected 3.7 million people in total. (Alex Druce / News.com.au)
Cybersecurity startup Eureka, which provides holistic security across cloud data stores, raised $8 million in a seed funding round.
YL Ventures led the round with participation from renowned security executives and serial entrepreneurs, including Edna Conway (VP, Security & Risk Officer, Azure Hardware Systems & Infrastructure at Microsoft), David Hannigan (Director of Product Security Assurance at Google Cloud), Andy Ellis (Former CSO at Akamai Technologies), Maarten Van Horenbeeck (CISO at Zendesk), Assaf Rappaport (CEO at Wiz) and Ben Bernstein (Former CEO at Twistlock, acquired by PANW). (Frederic Lardinois / TechCrunch)