CISA and FBI describe Cozy Bear's style. Gelocation as opsec risk. Apple fixes Gatekeeper bypass. DC Police doxed. What tweet? -

CISA and FBI describe Cozy Bear’s style. Gelocation as opsec risk. Apple fixes Gatekeeper bypass. DC Police doxed. What tweet?

Attacks, Threats, and Vulnerabilities

The Ease of Tracking Mobile Phones of U.S. Soldiers in Hot Spots (Wall Street Journal) The armed forces are facing a challenge of how to protect personnel in an age when highly revealing data are being bought and sold in bulk, and available for purchase by America’s adversaries.

Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders (CISA) The Federal Bureau of Investigation (FBI), Department of Homeland Security (DHS), and Cybersecurity and Infrastructure Security Agency (CISA) assess Russian Foreign Intelligence Service (SVR) cyber actors—also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear, and Yttrium—will continue to seek intelligence from U.S. and foreign entities through cyber exploitation, using a range of initial exploitation techniques that vary in sophistication, coupled with stealthy intrusion tradecraft within compromised networks.

Federal Agencies Detail Russian Tactics Used in Recent Cyber Intrusions ( The FBI, Homeland Security Department and Cybersecurity and Infrastructure Security Agency issued an alert on Russian government cyber tradecraft and mitigation techniques for targets.

FBI, CISA Warn of Ongoing Russian Cyberthreats (BankInfo Security) The FBI and CISA are warning of continued cyberthreats stemming from Russia’s Foreign Intelligence Service, or SVR, which the Biden administration formally accused

CISA Calls for Emergency Actions: VPN Compromise Targets U.S. Defense Sector (ClearanceJobs) Ivanti’s Pulse Connect Secure VPN compromise puts at risk the U.S. defense industrial base and other executive branch agencies.

FBI-DHS-CISA Joint Advisory on Russian Foreign Intelligence Service Cyber Operations (Homeland Security Today) The Federal Bureau of Investigation (FBI), Department of Homeland Security, and CISA have released a Joint Cybersecurity Advisory (CSA) addressing Russian Foreign Intelligence Service (SVR) cyber actors—also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear, and Yttrium—continued targeting of U.S and foreign entities.

US warns of Russian state hackers still targeting US, foreign orgs (BleepingComputer) The FBI, the US Department of Homeland Security (DHS), and the Cybersecurity and Infrastructure Security Agency (CISA) warned today of continued attacks coordinated by the Russian-backed APT 29 hacking group against US and foreign organizations.

Federal Agencies Detail Russian Tactics Used in Recent Cyber Intrusions ( The FBI, Homeland Security Department and Cybersecurity and Infrastructure Security Agency issued an alert on Russian government cyber tradecraft and mitigation techniques for targets.

US Urges Organizations to Implement MFA, Other Controls to Defend Against Russian Attacks (Dark Reading) Actors working for Moscow’s Foreign Intelligence Service are actively targeting organizations in government and other sectors, FBI and DHS say.

A software bug let malware bypass macOS’ security defenses (TechCrunch) The Shlayer malware has been exploiting this newly discovered vulnerability since at least January.

Hackers Used ‘Mind-Blowing’ Bug to Sneak Past macOS Safeguards (Wired) The vulnerability was patched Monday, but hackers had already used it to spread malware.

Nvidia Warns: Severe Security Bugs in GPU Driver, vGPU Software (Threatpost) The gaming- and AI-friendly graphics accelerators can open the door to a range of cyberattacks.

Organizations can no longer afford to overlook encrypted traffic (Help Net Security) Not inspecting the encrypted traffic entering and leaving can be a costly mistake, one that companies can’t dare to overlook.

Outages Blamed on Malware Still Plaguing Budget Airlines (SecurityWeek) A technology provider says a malware attack triggered a dayslong outage that has caused reservations systems to crash at about 20 low-cost airlines around the world.

Don’t Risk Getting Caught by Kr3pto Phishing Kits (Akamai) Akamai’s threat research team recently published a report showing that a new phishing toolkit named Kr3pto was targeting UK banking customers. A phishing kit is an all-in-one software package that lets just about anyone create and launch phishing attacks designed to steal user data by posing as a trusted entity. In the past, attackers needed to clone the target site, but now kits have evolved to include the decoy, making phishing attacks easier to replicate.

Ransomware gang now warns they will leak new Apple logos, iPad plans (BleepingComputer) The REvil ransomware gang has mysteriously removed Apple’s schematics from their data leak site after privately warning Quanta that they would leak drawings for the new iPad and new Apple logos.

Reverse Jinx: Scammers Ask Why They Paid Victim in Credential Harvesting Scheme (Avanan) A scam bypassing ATP asks the user why they received nearly $2,000 in funds in what is actually a credential harvesting scheme.

COMB: The Big Password Leak (Syhunt) Following customer and media requests, we now analyzed the COMB21, the biggest known compilation of password leaks published on Feb 2, 2021 by a hacker on the same Internet forum that last month hosted links and information about the mega leak of Brazilian data.

Burglary, possible data breach could have exposed 3K Peak Vista patients’ health information (KKTV) Peak Vista Community Health Centers alerted roughly 3,000 patients that their health information may have been stolen.

Is an Activist’s Pricey House News? Facebook Alone Decides. (New York Times) The New York Post has complained that Facebook is blocking and downplaying its stories. But the platform doesn’t pay any special deference to journalists.

Reverb suffers data breach unknown in size or impact (Techaeris) It seems the company has been hit with a data breach that included names, addresses, phone numbers, and emails. This information was publicly accessible for a

Healthcare provider UnitingCare Queensland hit by ransomware (ITWire) Australian healthcare provider UnitingCare Queensland has been hit by what appears to be Windows ransomware, with the company saying it was hit by a "cyber incident" on Monday. The statement said some of the organisation's digital and technology systems were inaccessible due to the incid…

Ransomware gang publishes files stolen from D.C. police department (StateScoop) Files belonging to the city’s police department appeared on a leak site affiliated with Babuk, a newer form of ransomware.

Ransomware gang threatens to expose police informants if ransom is not paid (The Record by Recorded Future) A ransomware gang is threatening to leak sensitive police files that may expose police investigations and informants unless the Metropolitan Police Department of the District of Columbia agrees to pay a ransom demand.

Blox Tales: Chase Credential Phishing Attacks (Armorblox) This blog focuses on two email attacks that impersonated Chase in an attempt to steal login credentials. One attack claimed to contain a credit card statement, and the other impersonated a locked account workflow.

Cyber-attack on NBA Team (Infosecurity Magazine) Investigation launched into cyber-attack on Houston Rockets

Guilderland CSD investigating cyberattack on district (ABC 10) All students grades 7 through 12 in the Guilderland Central School District will be remote Monday after school officials say the district was hit by a cyberattack last Thursday.

Special operations unit finally admits its strange tweet did not come from a hacker (Task & Purpose) Right, a ‘hacker’ did it.

Security Patches, Mitigations, and Software Updates

About the security content of iOS 14.5 and iPadOS 14.5 (Apple Support) This document describes the security content of iOS 14.5 and iPadOS 14.5.

Apple patches Gatekeeper bypass bug abused by malware gang (The Record by Recorded Future) On Monday, Apple has released macOS Big Sur 11.3 with a security fix for a vulnerability that was being abused by a malware gang to bypass the operating system’s security checks.

Apple Patches Worst Zero-Day Bug ‘in Recent Memory’ (BankInfo Security) Apple has patched a zero-day flaw in macOS 11.3 that attackers have been exploiting since at least January to install advertising software on victims’ systems. The

The New iOS Update Lets You Stop Ads From Tracking You—So Do It (Wired) Facebook and other advertisers fought the move, but App Tracking Transparency is finally here.

The Cybersecurity 202: Apple’s move marks significant milestone in consumer privacy debate (Washington Post) Apple’s move yesterday to give users more control over their data marks a significant milestone in its approach to consumer privacy at the same time as Washington has expressed a growing interest in regulating such behavior by technology behemoths.

New Research: Outdated Vendor Firmware and Unsecured Services Leave Healthcare Environments Highly Vulnerable to Cyber Attack (Cynerio) Cynerio researchers studied hundreds of threats driving healthcare organizations to consider adopting a Zero Trust approach after concluding that the three most common threats to healthcare organizations today are ransomware, outdated vendor firmware, and unsecured services.

Report Confirms Rapid Cloud-Native Adoption ( In collaboration with Enterprise Strategy Group (ESG), cybersecurity provider Coalfire has released a research report confirming that cloud-native is resulting in more complex IT architectures and introducing new risks.

Over 5 billion personal records were leaked in Q1 of 2021 (Atlas VPN) In these times of technology, everybody that uses the internet has a lot of personal information online. However, vicious cybercriminals find weaknesses in huge companies which hold sensitive data about you, and with a blink of an eye, it could be all stolen away.

Hacktivism’s reemergence explained: Data drops and defacements for social justice (CSO Online) A record amount of leaked data to expose far-right groups signals a more focused and serious approach to hacking for a cause. To understand the risk, CISOs should pay attention to the news.


10 Things To Know About The Thoma Bravo-Proofpoint Deal And Stock Hike (CRN) Here’s a look at the fallout of Thoma Bravo’s record-breaking acquisition of Proofpoint, including why this deal is likely to kick off a tech M&A spree.

Thoma Bravo’s $12.3 billion purchase of Proofpoint is the largest private equity cloud deal (CNBC) Proofpoint shares surged 31% on Monday after private equity firm Thoma Bravo agreed to buy the security software vendor in a deal valued at $12.3 billion.

Window Snyder Launches IoT Security Company Thistle Technologies (SecurityWeek) Window Snyder — who has occupied security leadership positions at Microsoft, Mozilla, Apple, Fastly, Intel and Square — has launched a new IoT security company named Thistle Technologies.

SAIC To Acquire Data Intelligence Firm Koverse (Defense Daily) Science Applications International Corp. on Monday said it has agreed to acquire Koverse, which provides a scalable data management platform that enables a

SAIC has big plans for the NSA-inspired data analytics firm it just scooped up (Washington Business Journal) The Reston contractor acquired a Seattle data analytics firm founded by a pair of former NSA data scientists.

Yes, It’s a $3 Million Ransomware Defense Warranty (BankInfo Security) Guy Caspi, CEO of Deep Instinct, is so sure of the power of his company’s ransomware defense solution that he’s now offering a performance guarantee that

Darktrace deep dive: a risky IPO? (Sifted) Darktrace have filed to IPO. Sifted’s innovation editor and product analyst look at the risks investors should be weighing up.

Darktrace IPO books covered, source says (Yahoo) The books for the listing of British cybersecurity company Darktrace have been covered on the first day of the road show, a source familiar with the matter said on Monday. Darktrace, which counts Rolls Royce and Coca-Cola as its customers, wants to raise $200 million from the listing, with a greenshoe extension option potentially taking the overall money raised to $230 million, a separate source told Reuters earlier on Monday. Darktrace plans to sell between 51.1 million and 65.1 million new shares in a listing that would value between 1.6 billion and 1.9 billion pounds ($2.22 billion-$2.6 billion), the source said earlier.

Zscaler and Varonis Systems are among the top 7 cybersecurity stocks this earnings season, Wedbush says (Business Insider) Wedbush says cybersecurity spending will increase by more than 20% in 2021 amid a push to move workloads to the cloud.

Changes at Basecamp (Word Hey) At Basecamp, we treat our company as a product. It’s not a rigid thing that exists, it’s a flexible, malleable idea that evolves. We aren’t stuck with what we have, we can create what we want. Just as we improve products through iteration, we iterate on our company too. Recently, we’ve made some internal company changes, which, taken i…

Facebook Stopped Employees From Reading An Internal Report About Its Role In The Insurrection. You Can Read It Here. (BuzzFeed News) After BuzzFeed News reported on an internal document that examined the social network’s failings leading up to the Capitol riot, many of Facebook’s employees were prevented from accessing it.

CACI Awarded $447 Million Contract by National Security Agency (BusinessWire) CACI International Inc (NYSE: CACI) announced today that it has been awarded a five-year single award contract, with a ceiling value of $447 million,

CORRECTING and REPLACING Axonius Secures Contract to Support DHS CDM for Group F Federal Agencies (BusinessWire) Axonius secured a contract to provide cybersecurity asset management to support DHS CDM for 70+ Group F federal agencies.

“The Pfizer of the cybersecurity world”: Deep Instinct lands $100M (Geektime) Israeli startup Deep Instinct’s artificial neural network can stop cyber threats in less than 10-milliseconds

IBM Business Partners shine bright winning Beacon Awards (IBM Business Partners Blog) IBM Business Partners positively impact their customers and the world by creating and delivering innovative solutions using IBM technology.

Optiv Security Announces Key Executive Appointments to Support Growth Strategy (Optiv) Optiv has announced three key appointments: Heather Strbiak, CHRO; Heather Rim, CMO; and Ahmed Shah, SVP, Strategic Alliances.

RSA announces key executive hires to the Fraud & Risk Intelligence executive team (Help Net Security) RSA announced Armen Najarian, Leah Evanski, and Dan Welch as three new additions to the Fraud & Risk Intelligence executive team.

Products, Services, and Solutions

Milton Security Announces the Launch of Expert Services (Yahoo) Milton Security, a leading provider of Threat Hunting as a Service, XDR & MDR (MxDR) SOC Services, announced today that it will be providing a new range of Expert Services to meet client demand for enhanced security capability. The move will greatly strengthen Milton Security’s ability to deliver great services to clients with a focus on current security capability, offensive security services, and executive security consulting.

Keeper Security Establishes Secure Cloud Data Center in Australia (Acrofan) The New Data Center Enables Keeper’s Customers to Securely Host Data within Australia

ThreatQuotient powers automotive sector with threat intelligence (ITP) ThreatQ platform will support turning threat data into threat intelligence to be shared and applied to security solutions for automotive products

Swimlane Platform Provides Key Automation Capabilities for EMEA Region (BusinessWire) Swimlane today shared that Q4 2020 was the company’s strongest ever quarter in Europe, Middle East and Africa (EMEA).

Devo Technology Brings Cloud-Native Logging and Security Analytics Platform to ANZ Region (GlobeNewswire) Leading Security Solution Enters New Market at Pivotal Moment of Digital Transformation

Fortinet reduces cyber skills gap with training advancement agenda (Express Computer) Read Article Fortinet, a global firm in integrated and automated cybersecurity solutions, is continuing to make significant progress in helping close the skills gap through the NSE training institute programs and its Training Advancement Agenda (TAA).  By increasing the access of training, developing cybersecurity career pathways and connecting individuals to employers, the NSE training institute […]

Corvus Insurance Enhances Digital Policyholder Experience with vCISO (BusinessWire) Corvus Insurance, the leading provider of smart commercial insurance products powered by AI-driven risk data, today announced vCISO, an expansion of i

WhiteHat Security Adds Enterprise-Grade Attack Surface Management Features Through Bit Discovery Partnership (PR Newswire) WhiteHat Security, a wholly-owned, independent subsidiary of NTT Ltd. and a world leader in application security, today announced the rollout…

Kaspersky launches new course to defend users against doxing (Security Brief) Knowing the threats that are out there makes it easier to take measures to avoid them, and one such threat is doxing – the act of gathering and revealing identifying information about someone online against their will.

Rewind Adds Backups for Trello to Cloud Backup Solution Portfolio (PRWeb) Rewind today announced the launch of Backups for Trello, an automated backup and on-demand data recovery tool that protects Trello boards and all associated

CrowdStrike Security Cloud integrates with NDR and NTA solutions to defend against any threats (Help Net Security) CrowdStrike Security Cloud integrates with network detection and response solutions for comprehensive platform responses to threats.

Digital Risk Company ZeroFox Aims to Double Sales from Partners (Channel Futures) Baltimore-based external theat intelligence and protection provider ZeroFox announced a global program for its channel partners.

ProLion targets ransomware protection market in global expansion drive (PR Newswire) ProLion, a best-in-class active ransomware and data protection solution for ONTAP storage, is set to target the global market for ransomware…

Cobalt Iron Compass Enterprise SaaS Backup Platform Now Provides SAML Integration

( Compass Customers Are Now Able to Manage User Administration Securely Through Third-Party Identity Providers for Significant Time and Cost Savings

HCL Technologies and IBM Collaborate to Modernize Security Operations (IBM News Room) IBM Security announced it has collaborated with HCL Technologies (HCL) to help unify and streamline threat management for clients via a modernized security operation center (SOC) platform.

Blue Tech Inc. Develops CYF4 Blockchain for the Office (Yahoo) CYF4 has created an easy-to-use Blockchain program that can be used by companies to store their documents securely in the cloud.

CyberSeek™ Strengthens the US Cybersecurity Workforce with New Data and Resources on Careers, Credentials and Employment Options (CompTIA) CyberSeek™, the most comprehensive source of information on America’s cybersecurity workforce, has expanded and updated its resources in its ongoing effort to close the cybersecurity talent gap. The updates were unveiled today in conjunction with the Federal Cybersecurity Workforce Summit.

Appgate SDP Introduces Clientless Zero Trust Network Access (BusinessWire) Appgate launches latest version of its Software Defined Perimeter (SDP) solution enabling clientless, browser-based access to protected resources.

StorageOS powers media file movement for IMT’s SoDa (SearchStorage) Integrated Media Technologies is using StorageOS’s Kubernetes-based storage platform to help customers move files to and from the cloud cost-effectively.

Technologies, Techniques, and Standards

The Five Strategies Used to Determine Phishing: Which Work and Which Don’t? (Infosecurity Magazine) according to the Anti Phishing Working Group, the number of phishing websites are at an all-time high right now.

Water utility CISO offers tips to stay secure as IT and OT converge (SC Media) As critical infrastructure facilities converge their IT & OT systems, visibility into once isolated operational systems is key to security.

Intel Collaborates with Microsoft against Cryptojacking (Intel) Microsoft Defender for Endpoint integrates Intel’s silicon-based threat detection to advance endpoint detection and response against cryptojacking malware.

Defending against cryptojacking with Microsoft Defender for Endpoint and Intel TDT (Microsoft Security) With cryptocurrency mining on the rise, Microsoft and Intel have partnered to deliver threat detection technology to enable EDR capabilities in Microsoft Defender for Endpoint.

Design and Innovation

Despite acknowledged promise: Fear, uncertainty and doubt surround AI adoption (TechRepublic) Global research from Juniper Networks shows consumers and enterprises want more artificial intelligence, but why are three challenges continuing to hinder pulling the trigger?

Research and Development

Donovan to Lead New Spacepower Research Center – Air Force Magazine (Air Force Magazine) Matthew P. Donovan will lead the new Mitchell Institute Spacepower Advantage Research Center (MI-SPARC) advocating for space capabilities.

This Researcher Says AI Is Neither Artificial nor Intelligent (Wired) Kate Crawford, who holds positions at USC and Microsoft, says in a new book that even experts working on the technology misunderstand AI.

Towards a Post-Quantum Cryptography ( The quantum computing revolution will make many concepts and devices obsolete, thereby generating certain security problems. The National Institute of


Minnesota University Apologizes for Contributing Malicious Code to the Linux Project (The Hacker News)
University of Minnesota Apologizes for Contributing Malicious Code to Linux Project

Cybersecurity Team Wins 4th National Championship | University of Central Florida News (University of Central Florida News | UCF Today) Cybersecurity Team Wins 4th National Championship | Read more about UCF Alumni, Colleges & Campus, Science & Technology, Orlando and Central Florida news.

Legislation, Policy, and Regulation

We’re entering ‘a very dark and dangerous era’ of offensive cyber, says BAM’s Ian Hill (Computing) Will the next war start with a bang – or are we already living with it?

When It Comes to Political Warfare, China is at the Head of the Class (OODA Loop) Beijing appears to be engaging in political warfare where it is attempting to fester animosity between foreign governments that show favor to Taiwan, a threat to the long-standing policy of “One Country, Two Systems” with regard to the island.

Spy chiefs look to declassify intel after rare plea from 4-star commanders (POLITICO) Top military leaders said the U.S. is falling behind China and Russia in the information war.

New bill would task CISA with infrastructure risk assessments (FCW) A new Senate bill would mandate the Department of Homeland Security continually reassess risks to critical infrastructure and that the White House provide a report to lawmakers outlining what legislative steps should be taken to mitigate potential problems.

How does the US Department of Homeland Security combat transnational crime? (Lexology) The U.S. Department of Homeland Security (DHS) has a broad scope of duties to keep its nation safe, ranging from border security to cyber security…

When Should U.S. Cyber Command Take Down Criminal Botnets? (Lawfare) The Trickbot takedown and such military operations are a good idea only in cases that meet a five-part test of imminence, severity, overseas focus, nation-state adversary, and military as a last-ish resort.

U.S. Department of Energy Revokes December 2020 Prohibition Order Regarding Bulk-Power System Electric Equipment, Issues Additional Request for Information and Starts New, 100-Day Cybersecurity Initiative | JD Supra (JD Supra) On April 20, 2021, the U.S. Department of Energy (DOE or the “Department”) issued an order revoking its Prohibition Order Securing Critical Defense…

A Reality Check of the DOE 100-Day Plan to Address Cybersecurity Risks to the US Electric System (Control Global) Over the next 100 days, DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) will continue to advance technologies and systems that will provide cyber visibility, detection, and response capabilities for industrial control systems (ICSs) of electric utilities. The initiative modernizes cybersecurity defenses and encourages owners and operators to implement measures or technology that enhance their detection, mitigation, and forensic capabilities.

Congress needs to help modernize our digital infrastructure (TheHill) Ransomware attacks against small businesses and state and local governments increased exponentially over the last three years.

Space Command to Launch Dedicated Cyber Center (Infosecurity Magazine) Joint cyber center planned to help Cyber Command and Space Command integrate

Pentagon now using direct-hire authorities for a third of its cyber workforce (Federal News Network) Congress has given DoD several tools to recruit and hire employees with cyber expertise. Recent statistics appear to show the Pentagon is beginning to take advantage of those authorities.

Fla. Privacy Bill Would Be Compliance ‘Disaster,’ Group Says (Law360) An internet trade group that counts Google, Facebook and Amazon among its members is urging Florida lawmakers to refrain from enacting a consumer privacy bill that would give consumers more control over their personal data and could open the door to a flood of new lawsuits, arguing that the measure would be “disastrous” for both businesses and consumers. 

Litigation, Investigation, and Law Enforcement

‘Stop using Cellebrite’: Israeli, U.K. police urged to stop using phone-hacking tech (Haaretz) Signal, the world’s most encrypted app, revealed Cellebrite’s software is exposed and its data can be manipulated. Now activists in Israel and U.K. demand police stop using the phone-hacking tech

Court Chides F.B.I., but Re-Approves Warrantless Surveillance Program (New York Times) Newly disclosed episodes in which analysts improperly searched for data about Americans largely came before changes at the bureau.

EU countries hit with over €30 million in GDPR fines in Q1 2021 (Finbold) Data acquired by Finbold indicates that as of Q1 2021, EU countries were fined €33.61 million in GDPR fines for various violations.

People Can Sue Over ‘Increased Risk’ of Identity Theft From Data Breach, Appeals Court Rules (New York Law Journal) The unanimous ruling held that plaintiffs may establish an injury based on an increased risk of identity theft or fraud once their data has been leaked.

Geico Hit With Consumer Suit Over Data Breach (Law360) A California couple has hit Geico with a proposed class action in federal court, alleging the auto insurer failed to protect their data and allowed hackers to steal their financial information during a recent data breach.

California Donor Law Invalid In All Cases, Justices Told (Law360) California’s law requiring charitable organizations to disclose donor tax information is facially unconstitutional in all potential applications because it is not narrowly tailored, the law’s challengers told the U.S. Supreme Court in oral arguments Monday.

Courts Should Use Encryption Technology to Stay Safe (Bloomberg Law) IT network breaches of U.S. federal and state courts demonstrate the vulnerability of legacy IT systems used by the judiciary, say Guillermo Christensen, managing partner of Ice Miller LLP, and Chris Howell, co-founder of security tech company Wickr Inc. They say integrating end-to-end encryption in a “zero trust” environment is the only realistic solution.

Facebook and Gucci file joint lawsuit against persistent counterfeiter (The Record by Recorded Future) Social media giant Facebook and Italian fashion brand Gucci have filed a joint lawsuit today in a California court against a Russian national for abusing the Facebook and Instagram sites in a years-long campaign to promote and sell counterfeit products for more than a dozen of high-end fashion brands.

Source link

Subscribe to Infrabuddy Newsletter