Metacurity

Share this post
White House to Meet With Tech Leaders to Discuss Open Source Software Security
metacurity.substack.com

White House to Meet With Tech Leaders to Discuss Open Source Software Security

Cyber Command releases samples of Iranian military hacking group, FCC eyes data breach reporting revamp, Ukraine police detain ransomware gang members, NSO spyware used in El Salvador, more

Cynthia Brumfield
Jan 13
2
Share this post
White House to Meet With Tech Leaders to Discuss Open Source Software Security
metacurity.substack.com

Biden administration officials will meet with key software developers and top tech firms today to discuss making open-source computer code more secure after a critical vulnerability emerged in the Java-based Log4j logging application last month.

The White House, the Defense Department, the Department of Homeland Security, and other departments and agencies will attend the virtual meeting and will discuss "what has worked and what else can be done to secure the open-source software that we all fundamentally rely on," according to a White House source. Amazon, Facebook parent company Meta, IBM, and Microsoft, among other businesses, and the Linux, Apache, Github, and other open-source software organizations will attend the meeting. (Sean Lyngaas / CNN)

Related: Reuters, Fox Business, Github, Techregister.co.uk, CIO News, MacRumors, NDTV, Protocol, Cyberscoop, AppleInsider, WRAL Tech Wire, Fox Business

U.S. Cyber Command posted more than a dozen malware samples to a public repository, saying that if network administrators see two or more of these samples on their systems, they may have been targeted by Iranian military hackers called MuddyWater, linked to the Iranian Ministry of Intelligence and Security (MOIS).

The samples represent “open-source tools Iranian intelligence actors are using in networks around the world,” according to CyberCom. (AJ Vicens / Cyberscoop)

Related: The Record, CyberCommand, CNN.com, Al Arabiya, Bleeping Computer, CyberNews, Infosecurity Magazine, Iran International | Home Page, Security Affairs, The Hacker News, Security Week, Haaretz

Twitter avatar for @ncdinglisChris Inglis @ncdinglis
Great work by our CNMF teams to disrupt adversary activity through exposure of tactics, techniques, and procedures. Cyber is a team sport, and the collaboration between @FBI and @US_CYBERCOM to reveal Iranian cyber campaigns is a perfect example of how we’re stronger together.

USCYBERCOM Cybersecurity Alert @CNMF_CyberAlert

Iranian MOIS hacker group #MuddyWater is using a suite of malware to conduct espionage and malicious activity. If you see two or more of these malware on your network, you may have MuddyWater on it: https://t.co/xTI6xuQOg3. Attributed through @NCIJTF @FBI

January 12th 2022

2 Retweets4 Likes

Federal Communications Commission Chairwoman Jessica Rosenworcel said she has circulated among her fellow commissioners a notice of proposed rulemaking to update its data breach reporting regulations for communications carriers.

Among the proposed updates are eliminating the current seven business day mandatory waiting period for notifying customers of a breach, expanding customer protections by requiring notification of inadvertent breaches, and requiring carriers to notify the Commission of all reportable breaches in addition to the FBI and U.S. Secret Service. (Tonya Riley / Cyberscoop)

Related: Engadget. FCC, DataBreaches.net, Slashdot, The Record

Ukraine’s Cyber Police Force said it had detained five who are part of a ransomware gang that carried out attacks against more than 50 companies across Europe and the Americas. The arrests followed a joint operation with the Main Investigation Department of the National Police, SBU officers, and in cooperation with law enforcement officers from Great Britain and the United States.

The arrests, which occurred earlier this week, targeted the group’s leader, a 36-year-old Kyiv resident, his wife, and three acquaintances. Officials say that the group hacked into government and private enterprise networks to steal data, installed ransomware to extort the victims, and carried out DDoS attacks to paralyze the hacked networks. The gang members are also accused of using underground money mule networks to transfer their profits to payment cards owned by fictitious persons. (Catalin Cimpanu / The Record)

Related: Ukraine Cyber Police, Ukrainian Secret Service, Bleeping Computer

The University of Toronto’s Citizen Lab said that dozens of journalists and human rights defenders in El Salvador had their cellphones repeatedly hacked with NSO Group’s Pegasus spyware over the past year and a half.

Citizen Lab could not conclusively link the hacks to El Salvador’s government but said, “the strong country-specific focus of the infections suggests that this is very likely.” Twenty-two of those targeted work for the independent news site El Faro, which during the period of hacking was working on stories related to the Bukele administration’s alleged deal-making with El Salvador’s street gangs to lower the homicide rate and support Bukele’s party in mid-term elections in exchange for benefits to gang leaders. (Christopher Sherman and Frank Bajak / Associated Press)

Related: The Times of Israel, Citizen Lab, Bloomberg Technology, ZDNet.com.au, CBC , The Mainichi, The Independent, WSJ.com, The New Arab, Security News | Tech Times, Al Jazeera English, The Record by Recorded Future, Entorinteligente.com, Al Bawaba, Tech Xplore, Security Week, El Faro

Twitter avatar for @romangressierRoman Olivier Gressier @romangressier
At @_elfaro_ it's been evident for some time that there are outside eyes on our communications. @citizenlab and @accessnow confirmed that we've been a hotbed for Pegasus spyware attacks since 2020. And we're not the only ones in El Salvador...
22 Members of El Faro Bugged with Spyware PegasusA three-month expert analysis conducted by two international organizations concluded that over the last two years the cell phones of about two-thirds of El Faro staff were hacked using the spyware...elfaro.net

January 13th 2022

48 Retweets85 Likes

Apple has fixed a bug that could send an iPhone or iPad into a seemingly endless boot loop of death using Apple's Home app.

Security researcher Trevor Spiniolas warned Apple about the bug, but Apple had not issued a patch as of early this month. "I believe this bug is being handled inappropriately as it poses a serious risk to users and many months have passed without a comprehensive fix," Spiniolas warned. (Paul Wagenseil / Tom’s Guide)

Related: Engadget, 9to5Mac, TechCrunch, Macworld, Security Week, MacDailyNews, AppleInsider, Bleeping Computer, The Apple Post, iMore, iPhone Hacks, Trevor Spiniopolas

Mozilla released Firefox 96 with patches for 18 security vulnerabilities affecting its flagship web browser and the Thunderbird mail program.

Of the newly patched security flaws, nine are high-severity while six carry a "medium-severity" rating, the most important of which is CVE-2022-22746, a race condition leading to the bypass of full-screen notification on Windows machines. (Ionut Arhire / Security Week)

Related: Malwarebytes Labs, ZDNet, WinBuzzer, Mozilla

A Nottingham Crown Court in the UK sentenced Robert Davies, a software engineer who remotely accessed his victims' files, photos, and webcams, to two years and two months in prison.

Davies hacked into a schoolgirl's webcam and secretly filmed her showering and undressing. He targeted 25 people in total, including some he knew, stealing chat histories and, in some cases, intimate photos and videos. (BBC News)

Related: HackRead, Malwarebytes Labs, Daily Mail, The Mirror, ITV, The Sun, Nottingham Post

Researchers at Cisco Talos discovered that threat actors have been distributing Netwire, Nanocore, and AsyncRATs malware by leveraging AWS and Microsoft Azure cloud services.

The researchers say that using cloud infrastructure is a way for cyber attackers to avoid owning or managing their own private, paid infrastructure, such as through 'bulletproof' hosting, which may eventually capture the interest of law enforcement. The majority of victims in a recent campaign discovered by the researchers are in the US, Canada, and Italy, with a handful from Spain and South Korea. (Charlie Osborne / ZDNet)

Related: Reddit - cybersecurity, TheDigitalHacker, Dark Reading, Talos Intelligence, Tech Republic, Computing.co.uk

According to new court records, a ransomware attack against Bernalillo County, New Mexico, confined county jail inmates to their cells because the incident disabled the facility’s surveillance cameras and data-collection capabilities.

The incident made the Albuquerque Metropolitan Detention Center unable to comply with the terms of a settlement agreement in a years-running lawsuit over jail conditions. (Ryan Boetel / Albuquerque Journal)

Related: Exploit One, The Register, StateScoop, The Verge, KRQE, KOB4, Security Week

The Maryland Department of Health confirmed that a ransomware attack crippled its systems last month and forced many of its services offline.

For weeks, the department described the event as a “network security breach” and offered few other details about the nature of the incident. Chip Stewart, Maryland’s chief information security officer, said the threat actors demanded payment, but he and other department officials declined to specify the amount. They did not give in to the payment demands, according to Stewart. (Hallie Miller / Capital Gazette)

Related: Fox5DC, PYMNTS.com, StateScoop

Twitter avatar for @campuscodiCatalin Cimpanu @campuscodi
One month later, Maryland confirms they got hit by ransomware

Mike Hellgren @HellgrenWJZ

State confirms it was a ransomware attack against the Maryland Department of Health. Maryland did not pay the ransom. The incident left the public in the dark about covid numbers for weeks while the state worked to protect its network and isolate against the threat. @wjz https://t.co/cnlH3jPBpQ

January 12th 2022

13 Retweets27 Likes

People who use the drive and collect system at Australian hardware at Bunnings Warehouse may have had their data compromised due to a massive security breach at scheduling platform FlexBooker.

The incident occurred in December. The FlexBooker breach affected 3.7 million people in total. (Alex Druce / News.com.au)

Related: PerthNow, New Zealand Herald

Cybersecurity startup Eureka, which provides holistic security across cloud data stores, raised $8 million in a seed funding round.

YL Ventures led the round with participation from renowned security executives and serial entrepreneurs, including Edna Conway (VP, Security & Risk Officer, Azure Hardware Systems & Infrastructure at Microsoft), David Hannigan (Director of Product Security Assurance at Google Cloud), Andy Ellis (Former CSO at Akamai Technologies), Maarten Van Horenbeeck (CISO at Zendesk), Assaf Rappaport (CEO at Wiz) and Ben Bernstein (Former CEO at Twistlock, acquired by PANW). (Frederic Lardinois / TechCrunch)

Related: FinSMEs

Photo by Kristina Volgenau on Unsplash

Share
Share this post
White House to Meet With Tech Leaders to Discuss Open Source Software Security
metacurity.substack.com
TopNew

No posts

Ready for more?

© 2022 DCT Associates
Privacy ∙ Terms ∙ Collection notice
Publish on Substack Get the app
Substack is the home for great writing