Russia infiltrates satellites, Gmail’s end-to-end encryption, NSA’s Russia warning
CISA says Russia’s Fancy Bear infiltrated US satellite network
Researchers at CISA recently discovered suspected Russian hackers lurking inside a U.S. satellite network, raising fresh concerns about Moscow’s intentions to infiltrate and disrupt the rapidly expanding space economy – a threat they made publicly in October. While details of the attack are scant, researchers are blaming this most recent incident on the Russian military group known as Fancy Bear, or APT28 which had been in the victim’s networks for months. The satellite network intrusion came from the exploitation of a 2018 vulnerability found in an unpatched virtual private network, giving its hackers the ability to scrape all the credentials with active sessions.
Google introduces end-to-end encryption for Gmail on the web
Google made the announcement on Friday that allows enrolled Google Workspace users to send and receive encrypted emails within and outside their domain. Client-side encryption was already available for users of Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar (beta). Once enabled, Gmail client-side encryption will ensure that any sensitive data delivered as part of the email’s body and attachments (including inline images) cannot be decrypted by Google servers. But the email header (including subject, timestamps, and recipients lists) will not be encrypted.
NSA cyber director warns of Russian digital assaults on global energy sector
Rob Joyce said Thursday he remains concerned about significant cyberattacks from Russia, warning that Moscow could unleash digital assaults on the global energy sector in the coming months. He said, “I would not encourage anyone to be complacent or be unconcerned about the threats to the energy sector globally. As the [Ukraine] war progresses there’s certainly the opportunities for increasing pressure on Russia at the tactical level.” Joyce said there was an enormous amount of activity in cybersecurity this year and it often felt as if the U.S. was “one bad compromise away from Colonial Pipeline.”
Cybercriminals’ latest grift: powdered milk and sugar by the truckload
Cybercriminals are increasingly targeting companies in the food and agriculture sector with business email compromise (BEC) schemes, resulting in truckloads of products ending up in scammers’ hands. In a joint Cybersecurity Advisory from the FBI, Food and Drug Administration and U.S. Department of Agriculture, released on Thursday, officials warned of the prevalence of BEC scams. In one instance, in August, a supplier received a request for a truckload of sugar on credit from a senior employee at an unnamed U.S. company. The recipient of the request noticed the extra letter in the domain name of the address and, after contacting the company, discovered there was nobody there with that name. Others weren’t so fortunate, however. Also in August, a food distributor received an email from a multinational food and beverage company for two truckloads of powdered milk. The request came from the company’s chief financial officer, and the shipment was sent. In fact, the email address had one extra letter in the domain name and the distributor ended up on the hook for more than $160,000.?
领英推荐
Thanks to this week’s episode sponsor, Tines
Facebook ups its RCE bug bounty program
Meta has updated its bug bounty program to offer up to $300,000 to security researchers who report vulnerabilities allowing attackers to remotely execute code on its mobile apps, the company said on Thursday. In a newsroom post accompanying reports about the threats facing Facebook and Instagram users from spyware and covert information operations, Meta said it had so far this year paid out $2 million in rewards to researchers from more than 45 countries. Out of about 10,000 reports made to the company, Meta offered rewards to more than 750 submissions. The company has paid more than $16 million for more than 8,500 reports since 2011.
Fire and rescue service in Victoria, Australia confirms cyber attack
The acting Commissioner of Fire Rescue Victoria, (FRV) Gavin Freeman revealed that the outage was first observed between 4am and 5am on Thursday. FRV operates 85 fire and rescue stations across the state, an area roughly similar to the combined area of Tennessee, Alabama, Georgia and South Carolina. The cyberattack is affecting most of FRV’s systems, including network, emails and dispatch. “Importantly, community safety has not been compromised and FRV continues to dispatch crews and appliances through mobile phones, pagers and radios,” reads a statement published on Friday. “Preliminary investigations confirm this has been a cyber-attack by an external third party and that FRV systems are impacted.” Ransomware has not yet been confirmed.
Rezilion releases year-end vulnerabilities recap
Released just this morning, Monday, the recap document lists some of the most prominent vulnerabilities of this past year. These include the privilege escalation vulnerabilities PwnKit, and Dirty Pipe, the zero-day Remote Code Executions Spring4Shell, ProxyNotShell, and SpookySSL, as well as a few others. The report describes these vulnerabilities along with their CVE numbers, features and of course recommendations for remediation and mitigation.?
(Rezilion)
Last week in ransomware
Coordinated reports from Microsoft, Mandiant, Sophos, and SentinelOne indicated that multiple threat actors used malware signed using compromised accounts, including the Hive and Cuba ransomware operations. Clop ransomware was found to be using TrueBot malware for access to networks. Azov Ransomware was determined to be a Polymorphic Wiper. Royal Ransomware continued to expand beyond healthcare. Agenda Ransomware Uses Rust to Target More Vital Industries. A LockBit attack hit California’s Department of Finance. The Play ransomware operation claimed an attack on the Belgian city on Antwerp, and BlackCat ransomware attacked EPM, one of the largest energy suppliers in Colombia.
Just ask …??