Cybersecurity News of the Week, September 12, 2021


The first annual SecureTheVillage Golf Tournament is October 20! Celebrate cybersecurity awareness month on the links. Includes breakfast, lunch, and cocktail reception afterwards. Not a golfer? That’s OK. Come to the reception. A limited number of foursomes and sponsorships are still available.

Individuals at Risk

Cyber Privacy

How Facebook Undermines Privacy Protections for Its 2 Billion WhatsApp Users: WhatsApp assures users that no one can see their messages — but the company has an extensive monitoring operation and regularly shares personal information with prosecutors. ProPublica, September 7, 2021

ProtonMail deletes ‘we don’t log your IP’ boast from website after French climate activist reportedly arrested: Encrypted email service ProtonMail has become embroiled in a minor scandal after responding to a legal request to hand over to Swiss police a user’s IP address and details of the devices he used to access his mailbox – resulting in the netizen’s arrest. TheRegister, September 7, 2021

Cyber Warning

This Seemingly Normal Lightning Cable Will Leak Everything You Type: It looks like a Lightning cable, it works like a Lightning cable, and I can use it to connect my keyboard to my Mac. But it is actually a malicious cable that can record everything I type, including passwords, and wirelessly send that data to a hacker who could be more than a mile away. Vice, September 2, 2021

Cyber Humor

Information Security Management for the Organization

Cybersecurity in the C-Suite & Board

Three US state laws are providing safe harbor against breaches: Laws passed in Ohio, Utah and Connecticut are redefining the idea of reasonable cyber security controls across the US, writes global cyber security thought leader and CS Hub Advisory Board member Kayne McGladrey CISSP. Cyber Security Hub, September 8, 2021

The SEC Is Serious About Cybersecurity. Is Your Company?: This summer, the U.S. Securities and Exchange Commission (SEC) signaled a significant change in how it thinks about what constitutes a threat to companies: It now considers cyber vulnerabilities to be an existential business risk. This was evident in fines levied against two companies over inadequate disclosures of cybersecurity issues — British publishing company Pearson PLC and First American Financial Corp. In mid-August, the SEC announced that Pearson had agreed to pay $1 million to settle charges that it misled investors following a 2018 breach and theft of millions of student records. And in June, the SEC announced another settlement and $500,000 fine against real estate services company First American Financial for lack of disclosure controls following the discovery of a vulnerability in its system that exposed 800 million image files, including Social Security numbers and financial information. HBR, September 8, 2021

Information Security Management

OWASP shakes up web app threat categories with release of draft Top 10: The Open Web Application Security Project (OWASP) has published its draft Top 10 2021 list revealing a shake-up of how modern threats are categorized. The Daily Swig, September 10, 2021

91% of IT teams have felt ‘forced’ to trade security for business operations: When it comes to remote work, security is often the last thing on the priority list. ZDNet, September 9, 2021

Patch now? Why enterprise exploits are still partying like it’s 1999: FEATURE Some vulnerabilities remain unreported for the longest time. The 12-year-old Dell SupportAssist remote code execution (RCE) flaw – which was finally unearthed earlier this year – would be one example. TheRegister, September 8, 2021

Building Blocks: How to Create a Privileged Access Management (PAM) Strategy: Privileged access management (PAM) has long been central to a good enterprise cybersecurity strategy. However, its nature is changing. The pace of digital change is speeding up and reliance on the cloud increasing. So, businesses and agencies must develop new PAM strategies to keep up. Processes and tools that could support yesterday’s on-premises IT rarely meet the needs of today. SecurityIntelligence, September 8, 2021

Cyber Warning

Microsoft: Attackers Exploiting Windows Zero-Day Flaw: Microsoft Corp. warns that attackers are exploiting a previously unknown vulnerability in Windows 10 and many Windows Server versions to seize control over PCs when users open a malicious document or visit a booby-trapped website. There is currently no official patch for the flaw, but Microsoft has released recommendations for mitigating the threat. KrebsOnSecurity, September 8, 2021

Secure The Human

Where Digital Meets Human: Letting HR Lead Cybersecurity Training: One of my favorite questions to ask when I’m interviewing a business decision-maker is if they are confident in their company’s current defenses. Most people tell me yes. So, I was surprised to read that an IDG Research Services survey commissioned by Insight Enterprises found that 78% of respondents reported that they do not think their organization is sufficiently protected against cyberattacks. The same study found that, as a result, 91% of respondents are increasing their cybersecurity budget in 2021. However, investing dollars in technology and resources only solves a part of the problem. That’s where good cybersecurity training comes in. SecurityIntelligence, September 8, 2021

Cyber Update

CISA warns of Zoho server zero-day exploited in the wild: The US Cybersecurity and Infrastructure Security Agency urged organizations today to apply the latest security update to their Zoho ManageEngine servers to patch a zero-day vulnerability that is currently being actively exploited in the wild for more than a week. TheRecord, September 8, 2021

Cybersecurity in Society

Cyber Crime

Victims duped out of US$1.8 million by BEC and Romance scam ring: Elderly men and women were the main targets of the romance scams operated by the fraudsters. WeLiveSecurity, September 10, 2021

Days after a cyberattack, Howard U is still largely offline. Here’s how colleges need to protect themselves: Although Labor Day is in the rearview, some Howard University students and staff saw their time off extended this week. The reason: a ransomware attack that has left the school offline, even days later., September 10, 2021

Cyber Attack

AZ Ransomware Attack Leads to Unrecoverable EHRs, Data Loss: An Arizona medical center will have to rebuild thousands of patient records after a ransomware attack resulted in corrupted EHRs and data loss. HealthITSecurity, September 10, 2021

UN computer networks were breached by cybercriminals: Earlier this year, cybercriminals gained access to United Nations (UN) networks using stolen credentials. SecurityMagazine, September 10, 2021

Stolen Credentials Led to Data Theft at United Nations: Threat actors accessed the organization’s proprietary project management software, Umoja, in April, accessing the network and stealing info that can be used in further attacks. ThreatPost, September 10, 2021

Cyber Espionage

BladeHawk group: Android espionage against Kurdish ethnic group: ESET researchers have investigated a targeted mobile espionage campaign against the Kurdish ethnic group, and that has been active since at least March 2020. WeLiveSecurity, September 7, 2021

Know Your Enemy

LockBit 2.0: Ransomware Attacks Surge After Successful Affiliate Recruitment: After a brief slowdown in activity from the LockBit ransomware gang following increased attention from law enforcement, LockBit is back with a new affiliate program, improved payloads and a change in infrastructure. According to IBM X-Force, a major spike in data leak activity on the gang’s new website indicates that their recruitment attempts have been successful. IBM’s data shows that LockBit is nearly six times more active than other groups, such as the Conti ransomware operators. This blog post delves into LockBit’s 2.0 version, its recent activity and an analysis of the new payloads. SecurityIntelligence, September 9, 2021

REvil Ransomware Group’s Sudden Re-emergence Sparks Concerns: Some had hoped the notorious Russia-based group had been pressured to quit for good after a couple of especially egregious attacks on US targets earlier this year. DarkReading, September 9, 2021

Russia Influences Hackers but Stops Short of Directing Them, Report Says: The arrangement allows the Russian government some plausible deniability for attacks, researchers found. The New York Times, September 9, 2021

Meet Meris, the new 250,000-strong DDoS botnet terrorizing the internet: A new botnet consisting of an estimated 250,000 malware-infected devices has been behind some of the biggest DDoS attacks over the summer, breaking the record for the largest volumetric DDoS attack twice, once in June and again this month. TheRecord, September 9, 2021

This is the perfect ransomware victim, according to cybercriminals: An investigation into what ransomware groups want has painted the picture of the perfect target. ZDNet, September 6, 2021

“FudCo” Spam Empire Tied to Pakistani Software Firm: In May 2015, KrebsOnSecurity briefly profiled “The Manipulaters,” the name chosen by a prolific cybercrime group based in Pakistan that was very publicly selling spam tools and a range of services for crafting, hosting and deploying malicious email. Six years later, a review of the social media postings from this group shows they are prospering, while rather poorly hiding their activities behind a software development firm in Lahore that has secretly enabled an entire generation of spammers and scammers. KrebsOnSecurity, September 6, 2021

National Cybersecurity

Ransomware Stopper: Mandatory Ransom Payment Disclosure: Why Requiring Victims to Reveal Payments Would Help Blunt Criminal Business Model. BankInfoSecurity, September 10, 2021

Cyber Regulation

Exclusive: Wide-ranging SolarWinds probe sparks fear in Corporate America: Sept 10 (Reuters) – A U.S. Securities and Exchange Commission investigation into the SolarWinds Russian hacking operation has dozens of corporate executives fearful information unearthed in the expanding probe will expose them to liability, according to six people familiar with the inquiry. Reuters, September 10, 2021

Cyber Talent

Building a More Diverse Cyber Industry: Despite tech and cybersecurity companies proclaiming to advance new initiatives to advance diversity, equity and inclusion (DEI) in recent years, not nearly enough progress has been made in the cybersecurity industry, which remains stubbornly white and male. Recent statistics show that only 24 percent of cybersecurity workers identify as women, 9 percent as Black and 4 percent as Hispanic. Women and people of color are less likely to serve in leadership positions in cybersecurity companies, and there are stark cybersecurity salary discrepancies across race and gender. Yet the government and private sector laments a cybersecurity talent gap, as thousands of cybersecurity positions remain unfilled due to a supposed lack of qualified workers. Aspen Institute, September 9, 2021

Cyber Enforcement

Money launderer who helped North Korean cybercriminals sentenced to more than 11 years: A Canadian man who plead guilty to laundering tens of millions of dollars stolen in bank fraud schemes, including a massive cyberheist carried out by North Korean cybercriminals, was sentenced to more than 11 years in prison, the US Department of Justice announced on Wednesday. TheRecord, September 9, 2021

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge