Cybersecurity News of the Week, February 6, 2022

Individuals at Risk

News stories to inform and support your cybersecurity and privacy.

Cyber Privacy

Care about privacy? You need to change these browser settings: Better protect your privacy by tweaking a few settings in Google Chrome, Safari, Firefox, Edge or Brave. C|Net, January 29, 2022

Cyber Warning

Zelle scammers want to steal your cash. Here are 5 ways they’re doing it: Zelle users beware: Scammers have their sights aimed straight at you. That’s right – the money transfer service has quickly become the preferred method of thieves everywhere looking for instant gratification. In fact, our team receives daily pleas for help from shell-shocked victims of new Zelle scams. Elliott Advocacy, February 4, 2022

Intuit warns of phishing emails threatening to delete accounts: Accounting and tax software provider Intuit has notified customers of an ongoing phishing campaign impersonating the company and trying to lure victims with fake warnings that their accounts have been suspended. Bleeping Computer, February 3, 2022

How Phishers Are Slinking Their Links Into LinkedIn: If you received a link to via email, SMS or instant message, would you click it? Spammers, phishers and other ne’er-do-wells are hoping you will, because they’ve long taken advantage of a marketing feature on the business networking site which lets them create a link that bounces your browser to other websites, such as phishing pages that mimic top online brands (but chiefly Linkedin’s parent firm Microsoft). Krebs on Security, February 3, 2022

SEO poisoning pushes malware-laced Zoom, TeamViewer, Visual Studio installers: Be careful when you search. A new Search Engine Optimization (SEO) poisoning campaign … where threat actors create malicious websites that leverage SEO-friendly keywords and techniques to make them rank higher in search results … is underway, targeting professionals searching for productivity tool downloads, such as Zoom, TeamViewer, and Visual Studio. Bleeping Computer, February 2, 2022

Unpatched Security Bugs in Medical Wearables Allow Patient Tracking, Data Theft: Rising critical unpatched vulnerabilities and a lack of encryption leave medical device data defenseless, researcher warn. Threatpost, February 1, 2022

Cyber Humor

Cybersecurity in Society

News stories for the cyber-aware citizen.

Cyber Crime

How $323M in crypto was stolen from a blockchain bridge called Wormhole: This is a story about how a simple software bug allowed the fourth-biggest cryptocurrency theft ever.

… Hackers stole more than $323 million in cryptocurrency by exploiting a vulnerability in Wormhole, a Web-based service that allows inter-blockchain transactions. Ars Technica, February 4, 2022

Conti ransomware encrypted 80% of Ireland’s HSE IT systems: A threat brief published by the US Department of Health and Human Services (HHS) on Thursday paints a grim picture of how Ireland’s health service, the HSE, was overwhelmed and had 80% of its systems encrypted during last year’s Conti ransomware attack. Bleeping Computer, February 4, 2022

Hackers hold Hula Hoops hostage in cyber-raid on Britain’s KP Snacks: Hackers are hitting Britain where it hurts by targeting some of its favourite savoury snacks, with the likes of Hula Hoops, KP Nuts, Butterkist popcorn and Nik Naks in their cyber sights. Reuters, February 3, 2022

Kronos Still Dragging Itself Back From Ransomware Hell: And customers including Tesla, PepsiCo and NYC transit workers are filing lawsuits over the “real pain in the rear end” of manual inputting, inaccurate wages & more. Threatpost, February 3, 2022

Cyber Attack

Oil Shipments in European Oil Hub Delayed After Cyber Attacks: Tanker and barge shipments in and out of Europe’s biggest oil hub have been delayed by up to a week as four storage companies scramble to resume operations after cyber attacks, sources familiar with the matter said. gCaptain, February 4, 2022

Hacking team tied to Russia targeted Western ‘government entity’ in Ukraine: A hacking team that Ukraine says is controlled by Russian intelligence has targeted a wide range of organizations in the country, including a “western government entity,” according to cybersecurity research published on Thursday and Friday. Reuters, February 4, 2022

Wall Street Journal owner News Corp suffers cyberattack by hackers linked to China: News Corp, the media company that owns The Wall Street Journal, said in a Friday filing with the Securities and Exchange Commission (SEC) that it was the victim of a cyberattack last month. Its security consultant Mandiant, which is investigating the hack, believes the attackers “are likely involved in espionage activities to collect intelligence to benefit China’s interests,” Mandiant vice president of incident response David Wong said in an email to The Verge. The Verge, February 4, 2022

Cyber Surveillance

Another Israeli Firm, QuaDream, Caught Weaponizing iPhone Bug for Spyware: A now-patched security vulnerability in Apple iOS that was previously found to be exploited by Israeli company NSO Group was also separately weaponized by a different surveillance vendor named QuaDream to hack into the company’s devices. The Hacker News, February 4, 2022

Cyber Warning

FBI urges temporary phones for Olympic athletes: Athletes and visitors heading to the 2022 Winter Olympics in Beijing should leave their phones at home and use temporary ones instead, the FBI has urged. BBC, February 2, 2022

Cyber Privacy

The Hidden Failure of the World’s Biggest Privacy Law: This week, European authorities struck a massive blow to the digital data-mining industrial complex with a new ruling stating that, quite simply, most of those annoying cookie alert banners that sites were forced to onboard en masse after GDPR was passed haven’t… actually been compliant with GDPR. Gizmodo, February 4, 2022

Cyber Defense

North Korea Hacked Him. So He Took Down Its Internet: Disappointed with the lack of US response to the Hermit Kingdom’s attacks against US security researchers, one hacker took matters into his own hands. Wired, February 2, 2022

Free Cybersecurity Toolkit for Mission-Based Organizations: The Global Cyber Alliance (GCA) in collaboration with the Public Interest Registry has released the GCA Cybersecurity Toolkit, a set of free tools, guidance, and training designed to help mission-based organizations take key cybersecurity steps and be more secure. Global Cyber Alliance, February 1, 2022

Cyber Readiness

Despite Decades of Hacking Attacks, Companies Leave Vast Amounts of Sensitive Data Unprotected: A surge in identity theft during the pandemic underscores how easy it has become to obtain people’s private data. As hackers are all too happy to explain, many of them are cashing in on it.  ProPublica, January 25, 2022

Know the Enemy

FBI Director Wray says scale of Chinese spying in the U.S. ‘blew me away’: The FBI opens a new China-related counterintelligence investigation every 12 hours on average, and it now has over 2,000 such cases.  NBC News, February 1, 2022

Inside Trickbot, Russia’s Notorious Ransomware Gang: When the phones and computer networks went down at Ridgeview Medical Center’s three hospitals on October 24, 2020, the medical group resorted to a Facebook post to warn its patients about the disruption. One local volunteer-run fire department said ambulances were being diverted to other hospitals; officials reported patients and staff were safe. The downtime at the Minnesota medical facilities was no technical glitch; reports quickly linked the activity to one of Russia’s most notorious ransomware gangs. Wired, February 1, 2022


How Scared Should We Be of Deepfakes? A New Exhibit Provides a Revealing Look: On a recent visit to the Museum of the Moving Image in Astoria, I strolled directly from a 21st-century Queens sidewalk into a living room straight out of the 1960s, outfitted with patterned wallpaper, two armchairs and a large console TV. Onscreen, the venerable CBS anchor Walter Cronkite says solemnly, “If all goes well, Apollo 11 astronauts are going to lift off from pad 39A out there . . . on the voyage man always has dreamed about. Next stop for them: the moon.” gothamist, February 3, 2022

Information Security Deep-Dive

News stories for the cybersecurity professional and others.

Cybersecurity in the C-Suite & Board

Cybersecurity: Many executives just don’t want to understand the risks: According to research by cybersecurity company Trend Micro. Executives are putting businesses at risk of cyberattacks and data breaches because they don’t understand cybersecurity issues and, in some cases, don’t even want to learn about the dangers. ZDNet, February 3, 2022

Information Security Management

Strong authentication protects against phishing. So why aren’t more companies using it?: Almost every compromised Microsoft account lacks multi-factor authentication, but few organizations enable it even though it’s available, according to Microsoft. ZDNet, February 4, 2022

CVSS 9.9-Rated Samba Bug Requires Immediate Patching: A critical vulnerability in a popular open-source networking protocol could allow attackers to execute code with root privileges unless patched, experts have warned. Infosecurity, February 2, 2022

CISA adds 8 vulnerabilities to list of actively exploited bugs: Update now as the US Cybersecurity & Infrastructure Security Agency (CISA) has added eight more flaws to its catalog of exploited vulnerabilities that are known to be used in attacks, and they’re a mix. Bleeping Computer, January 31, 2022

National Cyber Defense

What It Will Take for NIST, CISA and OMB to Align on Zero Trust: Establishing a successful zero-trust architecture without implementing integrity monitoring is not possible. Nextgov, February 4, 2022

Alpha-Omega Project takes a human-centered approach to open-source software security: Following the Log4j vulnerability crisis, the Linux Foundation and OpenSSF project, with backing from Microsoft and Google, aims to improve security of 10,000 open-source projects. CSO, February 1, 2022

Cyber Warning

Low-Detection Phishing Kits Increasingly Bypass MFA: A growing class of phishing kits – transparent reverse proxy kits – are being used to get past multi-factor authentication using MiTM tactics, typically by stealing authentication tokens via a man-in-the-middle (MiTM) attack. Threatpost, February 3, 2022

Cyber Attack

New Malware Used by SolarWinds Attackers Went Undetected for Years: The threat actor behind the supply chain compromise of SolarWinds has continued to expand its malware arsenal with new tools and techniques that were deployed in attacks as early as 2019, once indicative of the elusive nature of the campaigns and the adversary’s ability to maintain persistent access for years. The Hacker News, February 2, 2022

Ransomware: Over half of attacks are targeting these three industries: According to detections by Trellix, banking and finance was the most common target for ransomware during the reporting period, accounting for 22% of detected attacks. That’s followed by 20% of attacks targeting the utilities sector and 16% of attacks targeting retailers. Attacks against the three sectors in combination accounted for 58% of all of those detected.  ZDNet, January 31, 2022

Cyber Talent

The Real-World Impact of the Global Cybersecurity Workforce Gap on Cyber Defenders: The demand for cybersecurity professionals continues to outpace available supply. Although more than 700,000 professionals joined the field in 2021, the cybersecurity workforce gap stands at 2.72 million worldwide, according to the (ISC)² 2021 Cybersecurity Workforce Study. … To more fully understand the impact of staffing shortages on practicing cybersecurity professionals and their organizations, we expanded our research. DARKReading, February 2, 2022

Secure the Human

Phishing Simulation Study Shows Why These Attacks Remain Pervasive: Email purportedly from human resources convinced more than one-fifth of recipients to click, the majority of whom did so within an hour of receiving the fraudulent message. DARKReading, January 27, 2022

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge