Deepfaked Zoom. Europol disables Emotet. US response to Holiday Bear assessed. Data breach disrupts hospitals. Oscar phishbait. – The CyberWire


Did you know that geoFence helps stop hackers from getting access to the sensitive documents that I use for my work. Now I can get even more gigs as a freelancer and - advertise that I have top security with even my home computer?

Attacks, Threats, and Vulnerabilities

European MPs targeted by deepfake video calls imitating Russian opposition (the Guardian) Politicians from the UK, Latvia, Estonia and Lithuania tricked by fake meetings with opposition figures

Dutch MPs in video conference with deep fake imitation of Navalny's Chief of Staff (NL Times) Dutch parliamentarians, like their British and Baltic colleagues, had a conversation via Zoom with a deep fake imitation of the chief of staff of the Russian opposition leader Alexei Navalny on Wednesday.

National newspaper de Volkskrant reports that this was confirmed by the registry of the House of Representatives on Friday evening.

VPN Hacks Are a Slow-Motion Disaster (Wired) Recent spying attacks against Pulse Secure VPN are just the latest example of a long-simmering cybersecurity meltdown.

Businesses need to patch Pulse Secure VPNs (Reseller News) Vulnerabilities in Pulse Connect Secure VPN software have reportedly been exploited by attackers, some believed linked to China.

HashiCorp is the latest victim of Codecov supply-chain attack (BleepingComputer) Open-source software tools and Vault maker HashiCorp has disclosed a security incident that occurred due to the recent Codecov attack. HashiCorp, a Codecov customer, has stated that the recent Codecov supply-chain attack aimed at collecting developer credentials led to the exposure of HashiCorp's GPG signing key.

Apple AirDrop shares more than files (Computer Science – Technical University of Darmstadt) Apple users can share files with each other using AirDrop. But studies by TU researchers at the Department of Computer Science show that uninvited people can also tap into data. The research team developed a solution that could replace the flawed AirDrop. Apple has not yet closed the discovered privacy gap – the users of more than 1.5 billion Apple devices are still vulnerable.

10,000+ unpatched home alarm systems can be deactivated remotely (The Record by Recorded Future) Thousands of ABUS Secvest smart alarm systems are currently unpatched and vulnerable to a bug that would allow miscreants to remotely disable alarm systems and expose homes and corporate headquarters to intrusions and thefts.

Iran-Linked Threat Actor The MABNA Institute’s Operations in 2020 (Recorded Future) The MABNA Institute, an Iranian group, continued its global operations against academic and research sector institutions throughout 2020.

Tor-Based Linux Botnet Abuses IaC Tools to Spread (SecurityWeek) A malware botnet targeting Linux systems is employing many of the emerging techniques among cyber-criminals, such as the use of Tor proxies and legitimate DevOps tools.

Passwordstate users warned to ‘reset all passwords’ after attackers plant malicious update (TechCrunch) More than 29,000 organizations, including governments, use the password manager.

Password manager Passwordstate hacked to deploy malware on customer systems (The Record by Recorded Future) A mysterious threat actor has compromised the update mechanism of enterprise password manager application Passwordstate and deployed malware on its users' devices, most of which are enterprise customers.

Breach at Click Studios-owned password manager left clients exposed for more than 24 hours (CyberScoop) For more than 24 hours this week, hackers had unfettered access to the update mechanism for a popular password manager that claims hundreds of thousands of IT professionals as clients, incident responders revealed on Friday.

Moserpass supply chain (CSIS Group) The company ClickStudios recently notified their customers about a breach resulting in a supply chain attack conducted via an update of the password manager PASSWORDSTATE.

US Drilling Giant Gyrodata Reveals Employee Data Breach (Infosecurity Magazine) US Drilling Giant Gyrodata Reveals Employee Data Breach. Ransomware attack earlier this year to blame

New cryptomining malware builds an army of Windows, Linux bots (BleepingComputer) A recently discovered cryptomining botnet is actively scanning for vulnerable Windows and Linux enterprise servers and infecting them with Monero (XMRig) miner and self-spreader malware payloads.

‘PARETO’ Connected TV botnet discovered (Advanced Television) Cybersecurity company HUMAN (formerly White Ops) has confirmed the discovery and disruption of a new, highly--sophisticated botnet focused on defrauding the Con

Google, Roku and others take down CTV ad fraud botnets (FierceVideo) Google and Roku along with a group of cybersecurity and connected TV advertising companies teamed up to take down an ad fraud botnet operation responsible for an average of 650 million ad requests a day.

Hacking campaign targets FileZen file-sharing network appliances (The Record by Recorded Future) Threat actors are using two vulnerabilities in a popular file-sharing server to breach corporate and government systems and steal sensitive data as part of a global hacking campaign that has already hit a major target in the Japanese Prime Minister's Cabinet Office.

Oscar-Bait, Literally: Hackers Abuse Nominated Films for Phishing, Malware (Threatpost) Judas and the Black Messiah may be a favorite for Best Picture at the 93rd Academy Awards on Sunday, but it's a fave for cybercriminals too.

A ransomware gang made $260,000 in 5 days using the 7zip utility (BleepingComputer) A ransomware gang has made $260,000 in just five days simply by remotely encrypting files on QNAP devices using the 7zip archive program.

Qlocker ransomware gang is using 7zip utility to lock files on QNAP devices (Computing) The gang has generated $260,000 in just 5 days from victims

MacKenzie Scott Gave Away Billions. The Scam Artists Followed. (New York Times) She has no large foundation, headquarters or public website. That makes it easier to dispense money on her own terms — and for others to prey on the vulnerable in her name.

‘They were triaging patients to other health systems’: Yale New Haven Health scrambles to care for cancer patients after data breach (WTNH) Yale New Haven Health confirms it is among more than 40 health systems across the country affected by a cyber security breach targeting a vendor who administers radiation treatment machines.

Yale New Haven Health says at least 200 patients were impacted by data breach (Fox61) At least 40 health systems across the country were impacted by software issues at Elekta, a company that provides software for radiation treatments.

Big Basket Data Breach: Hacker Group Shiny Hunters Claims to Leak User Database of Online Indian Grocery Delivery Service (LatestLY) Hacker Group Shiny Hunters claimed to have leaked user data base of online Indian grocery app Big Basket. According to reports, data of around 20 lakh users were leaked online. However, there is no official confirmation from Big Basket about the data breach. The online grocery delivery service has not issued any statement in this regard.

Hacker leaks 20 million alleged BigBasket user records for free (BleepingComputer) A threat actor has leaked approximately 20 million BigBasket user records containing personal information and hashed passwords on a popular hacking forum.

3.2 Billion Leaked Passwords Contain 1.5 Million Records with Government Emails (The Hacker News) 1.5 million credentials associated with government domains have been discovered in 3.2 billion leaked email and password dumps.

ShopBack Data Breach: How To Find Out If Your Account Is Affected (Lowyat.NET) Last September, the popular cashback reward service ShopBack disclosed that its backend system has suffered a data breach that affected users in several markets including Malaysia. Not only that, the leaked data then made its

Phone House Cyber Attack Could See Data From 13 Million People Exposed Online (Euro Weekly News Spain) 13 Million Phone House Customers In Spain Could Have Their Personal Details Revealed Online After Cyber Attack

CORRECTED-French champagne group Laurent Perrier has been victim of cyber attack (Reuters) French champagne group Laurent Perrier said on Saturday it had been the victim of a cyber attack, disconnecting servers after discovering its information network was hacked.

Internet down in Tumbler Ridge, B.C., after beaver chews through fibre cable (CBC) Internet service is down for about 900 customers in Tumbler Ridge, B.C., after a beaver chewed through a crucial fibre cable, causing "extensive" damage.

Ransomware Gangs: We Applied for a Job With One Online (CyberNews) We spoke with threat actors who were running a Ragnar Locker ransomware affiliate operation for more than a decade.

The Slander Industry (New York Times) Who makes money from destroying reputations online?

US: Ireland Is a Target for Cyber-Criminals (Infosecurity Magazine) Vast amount of data stored on Emerald Isle a lure for cyber-criminals, warns America’s National Security Division

GCSD suffers cyber attack, moves to remote learning (The Altamont Enterprise) All Guilderland secondary students are learning remotely on Monday because the district was the victim of a cyber attack.

The state of incident response 2021: It’s time for a confidence boost (Kroll) There’s a need now more than ever for security organizations to implement a structured, detailed, and well-practiced incident response plan. As the Navy SEALs training philosophy goes, “slow is smooth and smooth is fast”—a mantra that can, and arguably should, be adopted by all security teams. In incident response, speed comes from being prepared to methodically and efficiently shut down adversaries in cases where they manage to get past defenses.

Tresorit's Secure File Sharing Report 2021 shows gaps between IT-security awareness and security measures implemented (Tresorit Blog) Majority of surveyed companies do not use an end-to-end encrypted solution when sharing files with third parties.

5 new rules ransomware gangs play by nowadays: Kaspersky report (HT Tech) As tech moves ahead in leaps and bounds, cybercriminals are also finding new and more ingenious ways to distribute ransomware and malware, and also how they function. Here are 5 new ways they work.

Strengthening Weakest Link: Healthcare Cybersecurity Starts, Ends with (PRWeb) As healthcare organizations look for ways to cut costs, improve efficiency, centralize data, and boost employee productivity, many turn to cloud-based comput


Thoma Bravo buys cybersecurity vendor Proofpoint for $12.3B in cash (TechCrunch) More M&A activity is underway in the red-hot field of cybersecurity. In the latest development, private equity giant Thoma Bravo is buying Proofpoint, the SaaS security vendor, for $12.3 billion in cash. Proofpoint is traded publicly on the Nasdaq exchange and as of its closing price on Friday,…

Prescient Devices Lands $2M Seed To Speed IoT Adoption (Crunchbase News) Boston-based Prescient Devices closed a $2 million seed round as it looks to help companies move more quickly on their IoT plans

PE-backed security firm acquires Microsoft specialist (BusinessCloud) Berkshire-headquartered Performanta makes first acquisition

Italian arms firm Leonardo buys stake in Germany's Hensoldt (Washington Post) Italian arms manufacturer Leonardo said Saturday that it is buying large stake in Germany company Hensoldt from the U.S. investment firm KKR.

Thistle tackles IoT security by helping vendors update devices (VentureBeat) Thistle Technologies gets $2.5 million seed funding to help IoT vendors develop ways to securely and easily update their connected devices.

Cybersecurity startups ‘graduate,’ appeal for funding at demo day (St Pete Catalyst) Tampa Bay Wave’s CyberTech|X Accelerator held a virtual demo day on Friday that signified the “graduation” of 15 companies from the three-month program that provides support to cybersecurity startups. It also gave company founders and executives a chance, via Zoom, to make funding pitches directly to an audience of accredited investors. Tampa Bay Wave President [...]

Darktrace accused of Autonomy-like aggressive sales tactics (The Telegraph) The cybersecurity company is listing next month, but its links to Autonomy founder Mike Lynch are under renewed scrutiny

KnowBe4 CEO Stu Sjouwerman talks IPO, and the 'human firewall' (SC Media) SC Media spoke with CEO and founder Stu Sjouwerman on the company's plans to expand international sales and leverage machine learning to further explore the human layer of cybersecurity.

Shelley Lombardo Interviews Tasha Cornish, Executive Director at Cybersecurity Association of Maryland, Inc. (Citybizlist) Tasha Cornish is the Executive Director of the Cybersecurity Association of Maryland, Maryland's only organization

KnowBe4 Issues IPO to Drive Global Expansion, New Automation Features (Dark Reading) Security awareness firm aims expand into Europe and Asia, and add automation and machine learning to its technology.

Cybersecurity investor Ted Schlein: ‘I think the whole landscape needs to be completely rethought’ (The Record by Recorded Future) As someone who has been in the cybersecurity business for three decades, it might come as a surprise that Ted Schlein wants to tear a lot of it up.

Security research project: The easiest way to get "experience" and land a job in cybersecurity (Help Net Security) If you’re after a cybersecurity job, a way to set yourself apart is to demonstrate you have the skills with a security research project.

SolarWinds MSP Spinoff N-able Hires RSA Vet to Lead Tech, Product (Channel Futures) N-able, the planned SolarWinds MSP spinoff, has hired RSA Security vet Mike Adler as its new chief technology and product officer.

Products, Services, and Solutions

New infosec products of the week: April 23, 2021 (Help Net Security) The featured infosec products this week are from the following vendors: DataLocker, F5 Networks, HID Global and Zerto.

Saudi Aramco hires KPMG to oversee cyber security compliance among suppliers (National) Companies will need to certificates to make sure they have met security standards

Israel's Tri-Logical to supply IoT and cyber solutions to Thailand's railway network (Israel Defence) The tender is worth over $1 million for the first three years

Dell Technologies Safeguards IT Environments with New Security Service Powered by Secureworks (Secureworks) Subscription-based managed service provides around-the-clock access to security experts, endpoint protection and visibility across devices, data centers and cloud environments

Valencia CF incorporates Acronis as new 'Official Cyber Protection Partner' (Acronis) For information about Acronis and Acronis' products or to schedule an interview, please send an email or get through to Acronis' representative, using media contacts.

ZeroFOX Embraces Partner-First Strategy to Further Accelerate Rapid Growth, Launches New Global Partner Program (Yahoo) ZeroFOX, leader in External Threat Intelligence and Protection, today announced the launch of the ZeroFOX Global Partner Program, a strategic pivot to a partner-first strategy. This move significantly increases ZeroFOX’s investment in partner enablement and commitment to conducting all business with and through their full partner ecosystem.

Technologies, Techniques, and Standards

NFC Forum specifications offer cryptology security for NFC application development (Help Net Security) The NFC Forum released two specifications providing security for NFC-enabled mobile devices by using a cryptographic framework.

Cost of Account Unlocks, and Password Resets Add Up (The Hacker News) Account unlock and password reset activities are incredibly costly to IT helpdesk operations.

How Cyber-Attack Automation Turned SMEs into Sitting Ducks: And How to Change This (Infosecurity Magazine) SMEs need to take a new approach to protecting themselves from cyber-attacks

SolarWinds hack and security - What is a software bill of materials? (JAXenter) We spoke with Jyoti Bansal, Brian Fox, and Jeff Hudson about the SolarWinds hack and the security behind a software bill of materials.

How Do You Retire Technology and Limit Risk? ( The challenge is that while many get excited about the new software when it’s installed, too few make long-term plans for removal at software end of life.

Zoom Is 16th CVE Numbering Authority Appointed in 2021 (SecurityWeek) Zoom can now assign CVE identifiers to vulnerabilities found in Zoom and Keybase products, after becoming a CVE Numbering Authority (CNA).

Transitioning to a SASE architecture (Help Net Security) A SASE architecture, once deployed, can provide the basis for an AI/ML-driven secure network, according to Juniper Networks.

Stop using your work laptop or phone for personal stuff, because I know you are (ZDNet) A former IT pro turned end user explains why blending your work and personal tech was, is and always will be a bad idea for you and your employer.

Design and Innovation

Minutes before Trump left office, millions of the Pentagon’s dormant IP addresses sprang to life (Washington Post) After decades of not using a huge chunk of the Internet, the Pentagon has given control of millions of computer addresses to a previously unknown company in an effort to identify possible cyber vulnerabilities and threats

The big Pentagon internet mystery now partially solved (Military Times) The military hopes to “assess, evaluate and prevent unauthorized use of DoD IP address space,” said a statement issued by the chief of the Pentagon’s Defense Digital Service.

Research and Development

Ethereum Won't Hide From Quantum Computers Behind PoS Shield (Cryptonews) There are two mechanisms by which a quantum computer might violate a cryptoasset.
Quantum computing poses a threat that concerns PoS and PoW in equal measure.
It’s difficult to predict whether such a threat would emerge suddenly or gradually.

Legislation, Policy, and Regulation

As Outbreak Rages, India Orders Critical Social Media Posts to Be Taken Down (New York Times) Aimed at Facebook, Twitter and Instagram, the move sets up a clash over free speech amid a widening political and public health crisis.

Germany falls in line with EU on Huawei (POLITICO) Berlin government was on the fence on how to handle Huawei for almost two years.

Why is the government cutting troops for emerging forms of warfare? (IT PRO) Are plans to reduce troop numbers to 72,000 in order to invest in newer forms of warfare future-proofing, or a mistake?

Top White House cyber official says action taken so far not enough to deter further Russia cyberattacks (CNN) The White House's top official on the response to the massive SolarWinds hack says the sweeping measures announced by the Biden administration against Russia are unlikely on their own to prevent Moscow's malicious cyber activity against the US and did not dispute that the hackers responsible for the massive breach are still lurking on American networks.

The Cybersecurity 202: Nearly two-thirds of cybersecurity experts think Biden's response to Russian hack is sufficient (Washington Post) Sixty-three percent of cybersecurity experts surveyed by The Cybersecurity 202 said the Biden administration had done enough to respond to the Russian hacking of SolarWinds software that led to a breach of at least nine government agencies.

SolarWinds, Microsoft Hacks Prompt Focus on Zero-Trust Security (Wall Street Journal) In the wake of the massive breach of computer systems of multiple government agencies discovered in December, current and former officials say the U.S. must adopt a cybersecurity approach that assumes hackers are already inside a network’s defenses.

New Initiative to Protect U.S. Electrical Grid From Cyberattacks: Feedback Friday (SecurityWeek) Industry professionals comment on the Biden administration’s 100-day plan for improving the cybersecurity of the U.S. electrical grid.

Tech execs will head to Senate for hearing on content algorithms (SeekingAlpha) Executives from Facebook (FB +1.6%), Twitter (TWTR +3%) and YouTube ([[GOOG]] +2.2%, [[GOOGL]] +2%) will testify at a Senate Judiciary hearing covering algorithmic amplification.

Breaking Point: How Mark Zuckerberg and Tim Cook Became Foes (New York Times) The chief executives of Facebook and Apple have opposing visions for the future of the internet. Their differences are set to escalate this week.

Senators introduce legislation to protect critical infrastructure against attack (TheHill) Sens. Maggie Hassan (D-N.H.) and Ben Sasse (R-Neb.) on Friday introduced legislation intended to protect critical infrastructure from cyberattacks and other national security threats. 

To defend democracy, we must protect truth online (TheHill) We need technologies that can help us prove what is true rather than detect what is fake.

Cyber-Coercion Must Be Fought with a Comprehensive National Strategy (Second Line of Defense) By Bernard Barbier, Jean-Louis Gergorin and Admiral Edourd Guillaud “Cyber-coercion” calls for putting together intelligence, protection, international action and retaliation capabilities, three former senior national security officials point out. Op-ed. At the beginning of the year 2020, in a world that was yet to imagine how much it would be disrupted by the Covid-19 pandemic, […]

Litigation, Investigation, and Law Enforcement

Senior GRU Leader Directly Involved With Czech Arms Depot Explosion (bellingcat) Bellingcat has established that the GRU operation which Czech authorities have linked to the explosion of the munition depot in Vrbetice on 16 October 2014, involved at least six operatives from GRU’s Unit 29155.

Emotet malware nukes itself today from all infected computers worldwide (BleepingComputer) Emotet, one of the most dangerous email spam botnets in recent history, is being uninstalled today from all infected devices with the help of a malware module delivered in January by law enforcement.

This software update is deleting botnet malware from infected PCs around the world | ZDNet (ZDNet) Law enforcement-designed update disconnects machines infected with Emotet malware from command and control servers.

Following similar move in US, Europol prepares coup de gras for Emotet's remains (SC Media) Emotet's final undoing comes two weeks after a similar FBI operation. But there are differences in subtlety and scope.

Supreme Court Is Right In Limiting Gov't Agency Authority (Law360) Although the U.S. Supreme Court's recent decisions in Facebook v. Duguid and AMG Capital Management v. Federal Trade Commission limit government agencies' power against robocallers and scam artists, they ultimately protect Americans from the greater threat of government overreach, says Eric Troutman at Squire Patton.

Interpol Now Supporting The Coalition Against Stalkerware To Fight Tech-enabled Abuse (Albawaba) The International Criminal Police Organization is set to enhance the ability of the global law enforcement community by allowing them to investigate the use of stalkerware.

Reliability of police mobile phone evidence questioned after hack (The Ferret) Concerns raised after possible security flaws in mobile phone analysis technology used by Police Scotland emerge.

Privacy commissioner investigating COVID Secretariat data breach (CKLB Radio) The Information and Privacy Commissioner (IPC) is investigating a data breach by the COVID-19 Secretariat where the identities of residents self-isolating were disclosed. The email...

A new lawsuit could weigh in on who’s the real inventor of bitcoin—why its creation is still shrouded in mystery (CNBC) A copyright lawsuit brought by Craig Wright — the man who has claimed to be Satoshi Nakamoto, the pseudonym used by the creator of bitcoin — could finally put to bed the years-long mystery over who actually invented the multibillion-dollar cryptocurrency.

BitGo Will Custody Crypto for US Marshals Service in $4.5M Deal (CoinDesk) BitGo will manage potentially tens of millions of dollars in seized cryptocurrencies, according to documents published Wednesday.

Whitepages Can't Escape Privacy Suit Over Ad Displays (Law360) A Washington federal judge has refused to release Whitepages Inc. from a putative class action accusing it of unlawfully using individuals' names and other identifying characteristics to entice website visitors to purchase the company's services, finding the displayed data has commercial value and the challenge didn't violate the First Amendment.

You know, I just wanted to mention that geoFence is the only solution you need to block NFCC countries and I know your mother would say the same!