Cybersecurity News: April 17–23, 2021
2nd Sight Lab cloud security news and notable cyber security industry information for the week of April 17–23, 2021
2nd Sight Lab | Cybersecurity | Vulnerabilities | Malware | Threat Reports | Breaches and Attacks | Cost of a Data Breach | Laws & Legal | Investments
Free Content on Jobs in Cybersecurity | Sign up for the Email List
2nd Sight Lab News
Teri Radichel, CEO of 2nd Sight Lab, will be presenting at CloudLIVE 2021 ~ a cloud security conference from CloudHealth by VMWare. Cloud Offense Informs Cloud Defense. Register here:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you like this blog, please clap, follow, join, or pass it on. Thanks! 👏
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Cybersecurity
Securing the power grid…I’m glad people are listening to concerns about this threat to our every day way of life.
Assessments exist for a reason. Everyone wants to speed up and bypass security. That’s when things like the SolarWinds Hack occur.
It’s pretty much a given that governments are doing this to each other. It’s time to step up cybersecurity efforts instead of chastising other countries. It’s also well known that the United States has also done its fair share of espionage. Lead by example.
It’s nice to see cybersecurity taken seriously and as one of the top threats to national security, which it is.
Every organization should have a policy and process for evaluating third-party vendors. This guidance will help develop such a plan for service sand applications used to manage retirement plans.
Israel has some of the best cybersecurity professionals in the world.
If you are going to use a bug bounty program, take it seriously. If you want your security reports to stay private, hire a penetration tester. However, many are starting to believe large companies should all have a valid way to pay security researches for security vulnerabilities they discover and a bug bounty program is a good way to manage that.
Facebook said the bug bounty report was misrouted in this article.
Here is a related issue with Facebook and bug bounties. Pay a fair price if you’re going to have a bug bounty program.
Although attackers may have stolen your email and password, it doesn’t mean your email is compromised. If you use multi-factor authentication, they may not be able to access your account. Also, change your password frequently. Some recent data breach dumps are recycling or compiling data from old data breaches.
Cloud providers need to ensure users can tell if a cloud URL is trusted and coming from the expected source, as I wrote about in this blog post called CDN Wishlist. This concept applies to other cloud technologies that send users to random unidentifiable URLs.
The most concerning trend we’ve noted is the use of commercial cloud and web services as part of malware deployment, command and control.
Wrote about SASE in a prior post.
Vulnerabilities
Yeah, right:
Signal says it will share the specific vulnerabilities with Cellebrite — but only if the company will agree to “do the same for all the vulnerabilities they use in their physical extraction and other services to their respective vendors, now and in the future.
CVE-2018–13379 Fortinet FortiGate VPN, CVE-2019–9670 Synacor Zimbra Collaboration Suite, CVE-2019–11510 Pulse Secure Pulse Connect Secure VPN, CVE-2019–19781 Citrix Application Delivery Controller and Gateway, and CVE-2020–4006 VMware Workspace ONE Access.
Malware
SUNSHUTTLE, SOLARFLARE, China Chopper related to SolarWinds Hack
The VPN accounts were not using multi-factor authentication.
Use Zero Trust Networking. Don’t expose RDP to the Internet as I explain in my book: Cybersecurity for Executives in the Age of Cloud.
Wannabe a hacker? Test tools in a sandbox before using them and make sure they do not contain malware.
More Telegram Malware
Do not click links in unexpected text messages.
Avoid random apps.
Google Alerts redirecting to spam and scams.
I spoke about cryptominers and cryptojacking at Vancouver BSides in 2018.
Threat Reports
Breaches and Attacks
Codecov is a software auditing tool. The breach was discovered by a customer using the tool, not the company itself. That means other Codecov customers may have been affected as well. How are you assessing and auditing the vendors and tools you allow into your environment?
Belden: Does not describe how the attackers got in or indicators of compromise.
Domino’s Pizza India: 180 million order details, including 1 million credit card details discovered leaked online. Does not say how the attacker accessed the systems and data.
Geico: Broke into a sales website. Perhaps a penetration test was in order?
Auto insurer Geico recently reported that fraudsters have been stealing license numbers of its customers for the past few months and possibly using them to fraudulently apply for unemployment benefits.
Fastaway couriers: Does not say how but was identified by a third-party IT company.
Elliman: Doesn’t say how.
We take the security of our IT systems as well as the privacy of our clients very seriously…
Noticed this article from 2020. Wonder if the security staff got cut.
Vermont Health: Doesn’t say how. Sounds like could be bugs or security issues, but either way it’s a big a big problem. I wrote previously how how bugs can turn into security vulnerabilities.
Accellion: The breach that keeps on taking.
Public Defender for the 20th Judicial Circuit of Florida
Japanese Cabinet Office: Zero-Day vulnerability in FileZen may be responsible for exposing data.
Cardpool.com
Cards from Cardpool.com breach sold on the Dark Web
Connecticut Vehicle Emissions Testing
Cost of a Data Breach
$3M for violations for National Securities Corp.
$21.2M for BMO and $1.8M for CIBC
RBI says American Express and Diners Club not compliant with India’s data storage laws.
Data breaches can cost employees a job, too.
Pending final decisions:
Up to 4% of 86B or 3.4B revenue for Facebook for latest data breach.
Another lawsuit against Facebook by South Korean users:
TikTok
Northern Light
Geico
Laws & Legal
Part 3 of 6: Amendments to Hong Kong Data Protection Law Regarding the PCPD’s Sanctioning Powers
Investments
Unicorns: Snyk, Verkada, Arctic Wolf, Cato Networks, BigID, Coalition, Wiz, OwnBackup, Axonius, Socure, Orca Security, LaceWork, Aqua Security
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2021
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight LabNeed Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for PresentationFollow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab