Title: North Korean Hackers Expand Targeting of Security Community
Date Published: April 1, 2021
https://www.infosecurity-magazine.com:443/news/north-korean-hackers-target/
Excerpt: “The new website claims the company is an offensive security company located in Turkey that offers pen-tests, software security assessments and exploits. Like previous websites we’ve seen set up by this actor, this website has a link to their PGP public key at the bottom of the page,” explained TAG’s Adam Weidemann. Alongside the website, the North Korean group has created some more fake social media profiles related to both security researchers and non-existent recruiters for AV companies. One is misspelled “Trend Macro” rather than the legitimate firm Trend Micro.”
Title: Report: USB Threats to ICS Systems Have Nearly Doubled
Date Published: April 1, 2021
Excerpt: “Overall, we are witnessing an increase in attacks targeting Operational Technology (OT). But, at the same time, we can see an increased awareness of the consequences of such attacks due to broad news coverage of Industroyer, TRITON, Havex, Ekans, USBCulprit, and more. USB devices continue to play an important role in these types of targeted attacks, since they are the second most prevalent attack vector into industrial control and automation systems behind network-based threats.”
Title: 22-Year-Old Charged With Hacking Water System and Endangering Lives
Date Published: April 1, 2021
https://thehackernews.com/2021/04/22-year-old-charged-with-hacking-water.html
Excerpt: “The indictment doesn’t specify if the attack was successful and how it was detected. If found guilty, Travnichek faces up to 25 years in federal prison and a total fine of $500,000. The development comes months after unidentified actors staged an intrusion at a water treatment facility in the state of Florida and changed a setting that drastically altered the levels of sodium hydroxide (NaOH) in the water.”
Title: US CISA warns of DoS flaws in Citrix Hypervisor
https://securityaffairs.co/wordpress/116190/security/citrix-hypervisor-dos-flaws.html
Date Published: April 1, 2021
Excerpt: “Citrix Hypervisor (XenServer) is a high-performance hypervisor optimized for virtual app and desktop workloads and based on the Xen Project hypervisor. “Citrix has released security updates to address vulnerabilities in Hypervisor (formerly XenServer). An attacker could exploit some of these vulnerabilities to cause a denial-of-service condition.”
Title: Ubiquiti Cyberattack May Be Far Worse Than Originally Disclosed
Date Published: April 1, 2021
Excerpt: “The data breach report from Ubiquiti in January is allegedly a cover-up of a massive incident that put at risk customer data and devices deployed on corporate and home networks. In the short communication, the company said that an attacker had accessed some of its IT systems hosted by a third party cloud provider and that it found no indication of unauthorized activity impacting user accounts.”
Title: 800gbps DDoS Extortion Attack Hits Gambling Company
Date Published: March 31, 2021
Excerpt: “According to Akamai, the perpetrators used a new DDoS attack vector: a networking protocol known as the Datagram Congestion Control Protocol (DCCP) or protocol 33. Leveraging DCCP for DDoS leads to a volumetric attack and can bypass the defenses set up for the TCP and UDP traffic flows that are more commonly seen during these incidents.”
Title: Hackers Using a Windows OS Feature to Evade Firewall and Gain Persistence
https://thehackernews.com/2021/04/hackers-using-windows-os-feature-to.html
Date Published: April 1, 2021
Excerpt: “A novel technique adopted by attackers finds ways to use Microsoft’s Background Intelligent Transfer Service (BITS) so as to deploy malicious payloads on Windows machines stealthily. In 2020, hospitals, retirement communities, and medical centers bore the brunt of an ever-shifting phishing campaign that distributed custom backdoors such as KEGTAP, which ultimately paved the way for RYUK ransomware attacks.”
Title: Booking.com Fined $558,000 for Late Breach Notification
Date Published: April 1, 2021
https://www.infosecurity-magazine.com:443/news/bookingcom-fined-558k-for-late/
Excerpt: “After obtaining their login credentials to a Booking.com system, they were able to access the personal details of over 4100 customers who had booked a hotel room in the UAE via the site. Credit card details on 283 customers were also exposed, and in 97 cases the security (CVV) code was compromised.”
Title: CISA Gives Federal Agencies 5 Days to Find Hacked Exchange Servers
Date Published: March 31, 2021
Excerpt: “The newly issued emergency directive provides federal civilian executive branch agencies with additional forensic triage and server hardening requirements. “Specifically, this update directs federal departments and agencies to run newly developed tools —Microsoft’s Test-ProxyLogon.ps1 script and Safety Scanner MSERT—to investigate whether their Microsoft Exchange Servers have been compromised,” the CISA said.”
Title: Child Tweets Gibberish from U.S. Nuke Account
Date Published: March 31, 2021
https://threatpost.com/child-tweets-gibberish-nuke-account/165140/
Excerpt: “A nonsense tweet sent out from the official account of U.S. Strategic Command is no reason for alarm, according to the department. The social media manager’s kid found an open laptop, pounded on a few random keys and sent the tweet, which read, “;l;;gmlxzssaw” last Sunday. Adding another layer of confusion to the situation, QAnon conspiracy theorists began sharing the tweet as some sort of sign.”