White House Unveils 100-Day Sprint to Better Power Grid Security

REvil gang demands $50 million ransom from Apple/Quanta, Hackers exploit Pulse VPN vulnerabilities to breach U.S. gov't and defense contractor systems, SonicWall flaws exploit by a hacking group, more

Don’t miss out on our special content and offers, and gain access to our archives by becoming a premium subscriber today!

The White House finally unveiled its 100-day plan to protect the U.S. power grid from cyberattacks which include a series of consultations between utilities and the government that will likely take years to implement.

The goal of the plan is to “continue to advance technologies and systems that will provide cyber visibility, detection, and response capabilities for industrial control systems of electric utilities,” according to the Department of Energy (DOE), which is in charge of the initiative. DOE released a new Request for Information (RFI) to “seek input from electric utilities, energy companies, academia, research laboratories, government agencies, and other stakeholders to inform future recommendations for supply chain security in U.S. energy systems.”

After suspending an executive order by the Trump Administration, EO 13920, that banned the supply of electric power components from certain foreign adversaries, particularly China, that order has now resumed effect under Biden’s new EO. (Michael Riley and Jamie Tarabay / Bloomberg)

Related: TIMEDefense Daily NetworkCircle IDDefense DailyIndustrial CyberDark Reading: Threat IntelligenceNextgovInsideDefense.comThe Hill: CybersecurityEnergy.govDale PetersonThe Record by Recorded FutureHomeland Security TodayInsideCyberSecurity.comCyberscoopUPI.comTripwire, TIMEIndustrial CyberNextgov, WGRZ - NewsTribLIVE Today's StoriesTech XploreCourthouse News ServiceStars and Stripes, WSJ Pro - Cybersecurity - Home, DataBreachToday.comCNN.com

The REvil ransomware gang is demanding that Apple pay a ransom demand to avoid having leaked on the dark web confidential information that it allegedly stole from laptop maker Quanta Computer.

The gang posted 21 screenshots depicting Macbook schematics and threatened to publish new data every day until Apple or Quanta paid the ransom demand. One source says that the hackers asked for a $50 million ransom demand, similar to the sum they requested from laptop maker Acer last month. (Catalin Cimpanu / The Record)

Related: GizmodoHackReadThe Record, BloombergCNA ENGLISH NEWSThe Register - SecurityTechCentralIGN AllDataBreachToday.comTechradarMacworldCyber KendraTrusted ReviewsTech - Nikkei Asian ReviewBusiness InsiderAppleInsiderSiliconANGLETechDator

Cybersecurity firm FireEye and VPN appliance maker Pulse Secure announced that two hacking groups, including at least one confirmed Chinese cyber-espionage outfit, have used a new zero-day vulnerability in Pulse Secure VPN equipment to get inside U.S. defense contractors and government facilities across the world.

The attacks, which exploited old Pulse Secure vulnerabilities plus one new zero-day flaw, began in August 2020, when the first group, which FireEye tracks as UNC2630, began targeting US defense contractors and European organizations. The attacks took over the Pulse devices, installing one of seven malware strains that acted as web shells and backdoors into the hacked organization. The attacks expanded in October 2020, when a second group, which FireEye named UNC2717, began using the same techniques and zero-day to install their own malware set. 

Ivanti, the company behind the Pulse Secure VPN brand, issued temporary mitigations to deal with the attacks, with a final fix slated for May. DHS issued an emergency directive ordering all federal agencies to patch their Pulse Secure appliances by Friday. (Catalin Cimpanu / The Record)

Related: Reddit - cybersecurityComputerWeekly: IT security, Cisco BlogDark Reading, FCWThe Register - SecurityThe Hill: CybersecurityCyberscoopBleeping ComputerReuters: World NewsMSSP AlertLaw & Disorder – Ars Technica,HotHardware.comTenable BlogCERT Recently Published Vulnerability NotesSlashdotSC MagazineETTelecom.com, Reuters, FireEye, Pulse Secure, CSO Online, Breaking DefenseBusiness InsiderTechTargetTechNaduCyber KendraGRIMM Blog, IT ProGovernmentCyber.comSecurity AffairsInfosecurity Magazine, Technology DecisionsDataBreachToday.comSiliconANGLEThe Hacker NewsHelp Net Security

FireEye analysts first discovered in March 2021 that a hacking group had used three zero-day vulnerabilities impacting SonicWall products to breach corporate networks and install backdoors.

The hackers targeted SonicWall ES, an email security appliance that companies use in a cloud-hosted or on-premises format to scan email traffic for security threats. SonicWall released three patches for the flaws last week but failed to release information about their severity. (Catalin Cimpanu / The Record)

Related:ComputerWeekly: IT security, VentureBeatCyberNewsCyber KendraSecurity AffairsThe Hacker NewsSecurityWeek

On the heels of major data security breaches of users’ Facebook accounts, which the social media giant has attempted to portray as nothing more than mere data scraping, someone has released a tool that lets a user see which email address is linked to a Facebook account even if the Facebook user didn't publicly advertise their address.

Facebook admits that the video display a genuine bug, which the company says it overlooked by closing a bug bounty report too soon. (Joseph Cox / Motherboard)

Related: BBC NewsTechNaduCyberNewsThe Register - SecurityPrivacy News OnlineThe New Daily, CISO MAGBGRPocket-lintBusinessLine - HomeTech.CoWeb Pro NewsPogoWasRight.orgDataBreaches.netZDNet SecurityBusiness Insider, The Tribune

Researchers at Group IB say that hackers linked with the North Korean APT group Lazarus, also known as Hidden Cobra, have been using a malicious JavaScript skimming tool called BTC Changer to steal cryptocurrency.

Group IB estimates that Lazarus' profits from the use of crypto-stealing JS-sniffers at 0.89993859 BTC ($8,446,55 at the moment of the transaction and $52,611 as of April 9, 2021) and 4.384719 ETH ($9,047 as of April 9, 2021). (Ionut Ilascu / Bleeping Computer)

Related: Security AffairsGroup IB

Video app TikTok and its Chinese parent ByteDance might face monetary damages worth billions of pounds (dollars) in London's High Court over allegations they illegally harvested the private data of millions of European children.

Anne Longfield, the former Children's Commissioner for England, said that every child who has used TikTok since May 25, 2018, may have had private personal information illegally collected by ByteDance through TikTok for the benefit of unknown third parties. In a lawsuit, Longfield alleges that TikTok violated the UK and European Union data protection laws by processing youngsters' data without adequate security measures, transparency, the consent of guardians, or legitimate interest. (Kirstin Ridley / Reuters)

Related: Reddit - cybersecuritySydney Morning HeraldDaily MaverickThe South AfricanEvening StandardCity A.M. - TechnologyCyberNewsSilicon Republic

Researchers at ESET warn that attackers promote sites impersonating the Microsoft Store, Spotify, and an online document converter that distribute malware to steal credit cards and passwords saved in web browsers.

Users tricked into visiting the fake store receive an automatically downloaded file called the 'Ficker'’ or 'FickerStealer,' which is information-stealing malware in disguise. In addition to stealing passwords, the malware can steal over fifteen cryptocurrency wallets, swipe documents, and take screenshots of the active applications running on victims' computers. (Lawrence Abrams / Bleeping Computer)

Related: PetriTechTimesSlashGearE Hacking News

The latest research by Trend Micro shows that a Mac malware campaign targeting Xcode developers called XCSSET has been retooled to add support for Apple's new M1 chips and expand its features to steal confidential information from cryptocurrency apps.

The malware now further attempts to steal account information from multiple websites, including cryptocurrency trading platforms Huobi, Binance, NNCall.net, Envato, and 163.com, with abilities to replace the address in a user's cryptocurrency wallet with those under the attacker's control. (Ravie Lakshmanan / The Hacker News)

Related: TechRadarDataBreachToday.comTom's HardwareTrend Micro

Third-party SaaS applications visibility provider Grip Security landed $6 million in a seed funding round.

The round was led by cybersecurity-focused YL Ventures, with participation from CrowdStrike CEO and co-founder George Kurtz and a group of other angel investors with deep roots in the cybersecurity industry. (Frederic Lardinois / TechCrunch)

Related: FinSMEsBusiness Wire Technology NewsMSSP AlertFinSMEs, MSSP AlertSecurityWeek

Privacy-preserving platform company Cape Privacy raised $20 million in a Series A venture funding round.

Evolution Equity Partners led the round with participation from new investors Tiger Global Management, Ridgeline Partners, and Downing Lane. Existing investors Boldstart Ventures, Version One Ventures, Haystack, Radical Ventures, and many individual investors also participated. (Ron Miller / TechCrunch)

Related: VentureBeat

Photo by Dan Meyers on Unsplash