Wednesday, April 21, 2021

Pulse Secure VPN Flaws Exploited to Target US Defense Sector

China-linked attackers have used vulnerabilities in the Pulse Secure VPN appliance to attack US Defense Industrial Base networks.

Foreign Spies Target British Nationals With Fake Social Media Profiles

British security agency MI5 has launched a new education campaign to warn potential victims of the attacks.

Attackers Compromised Code-Checking Vendor's Tool for Two Months

A script used to upload sensitive reports-with access to credentials and datastores-likely sent information on hundreds, possibly thousands, of companies to attackers.

Dept. of Energy Launches Plan to Protect Electric Grid from Cyberattack

Over the next 100 days, the DoE will work with electric utilities to improve visibility, detection, and response for industrial control systems.

2020 Changed Identity Forever; What's Next?

For all the chaos the pandemic caused, it also sparked awareness of how important an identity-centric approach is to securing today's organizations.

7 Old IT Things Every New InfoSec Pro Should Know

Beneath all those containers and IoT devices, there's a rich patchwork of gear, protocols, and guidelines that have been holding it together since before you were born. Knowledge of those fundamentals is growing more valuable, not less. ...

Beware the Bug Bounty

In recent months, bug-bounty programs have shifted from mitigating risk to inadvertently creating new liabilities for customers and vendors.

White House Scales Back Response to SolarWinds & Exchange Server Attacks

Lessons learned from the Unified Coordination Groups will be used to inform future response efforts, a government official says.

Attackers Test Weak Passwords in Purple Fox Malware Attacks

Researchers share a list of passwords that Purple Fox attackers commonly brute force when targeting the SMB protocol.

Lazarus Group Uses New Tactic to Evade Detection

Attackers conceal malicious code within a BMP file to slip past security tools designed to detect embedded objects within images.

SolarWinds: A Catalyst for Change & a Cry for Collaboration

Cybersecurity is more than technology or safeguards like zero trust; mostly, it's about collaboration.

Pandemic Drives Greater Need for Endpoint Security

Endpoint security has changed. Can your security plan keep up?

High-Level Admin of FIN7 Cybercrime Group Sentenced to 10 Years in Prison

Fedir Hladyr pleaded guilty in 2019 to conspiracy to commit wire fraud and conspiracy to commit computer hacking.

Security Gaps in IoT Access Control Threaten Devices and Users

Researchers spot problems in how IoT vendors delegate device access across multiple clouds and users.

Security Gaps in IoT Access Control Threaten Devices and Users

Researchers spot problems in how IoT vendors delegate device access across multiple clouds and users.

How the Biden Administration Can Make Digital Identity a Reality

A digital identity framework is the answer to the US government's cybersecurity dilemma.

How the Biden Administration Can Make Digital Identity a Reality

A digital identity framework is the answer to the US government's cybersecurity dilemma.

Software Developer Arrested in Computer Sabotage Case

Officials say Davis Lu placed malicious code on servers in a denial-of-service attack on his employer.

Google Brings 37 Security Fixes to Chrome 90

The latest version of Google Chrome also introduces HTTPS as the browser's default protocol.

US Formally Attributes SolarWinds Attack to Russian Intelligence Agency

Treasury Department slaps sanctions on IT security firms that it says supported Russia's Foreign Intelligence Service carry out the attacks.
The Register

Japan accuses Chinese military of cyber-attacks on its space agency

200 other companies also targeted, but no data lost Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…
The Register

Japan accuses Chinese military of cyber-attacks on its space agency

200 other companies also targeted, but no data lost Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…

Tool links email addresses to Facebook accounts at scale

Enlarge (credit: Getty Images) Still smarting from last month’s dump of phone numbers belonging to 500 million Facebook users, the social media giant has a new privacy crisis to contend with: a tool that, on a mass scale,...
SC Magazine

With details sparse, vendors scramble to make sense of Biden 100-day grid security plan

The Biden administration launched what it called a “bold” 100-day sprint to improve the cybersecurity of electric utilities on Tuesday. The plan was not released in full to the public, or to many vendors who might be instrumental in...
The Register

China broke into govt, defense, finance networks via zero-day in Pulse Secure VPN gateways? No way

Crucial flaw won't be fixed until next month Dozens of defense companies, government agencies, and financial organizations in America and abroad appear to have been compromised via vulnerabilities in their Pulse Connect Secure VPN appliances – including a zero-day...