Tag Archive for: holiday

More from CISA on Holiday Bear’s tactics. Efforts towards securing the US power grid.

/in


The Ease of Tracking Mobile Phones of U.S. Soldiers in Hot Spots (WSJ) The armed forces are facing a challenge of how to protect personnel in an age when highly revealing data are being bought and sold in bulk, and available for purchase by America’s adversaries.

Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders (CISA) The Federal Bureau of Investigation (FBI), Department of Homeland Security (DHS), and Cybersecurity and Infrastructure Security Agency (CISA) assess Russian Foreign Intelligence Service (SVR) cyber actors—also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear, and Yttrium—will continue to seek intelligence from U.S. and foreign entities through cyber exploitation, using a range of initial exploitation techniques that vary in sophistication, coupled with stealthy intrusion tradecraft within compromised networks.

Federal Agencies Detail Russian Tactics Used in Recent Cyber Intrusions (Nextgov.com) The FBI, Homeland Security Department and Cybersecurity and Infrastructure Security Agency issued an alert on Russian government cyber tradecraft and mitigation techniques for targets.

FBI, CISA Warn of Ongoing Russian Cyberthreats (Bank Info Security) The FBI and CISA are warning of continued cyberthreats stemming from Russia’s Foreign Intelligence Service, or SVR, which the Biden administration formally accused

CISA Calls for Emergency Actions: VPN Compromise Targets U.S. Defense Sector (ClearanceJobs) Ivanti’s Pulse Connect Secure VPN compromise puts at risk the U.S. defense industrial base and other executive branch agencies.

FBI-DHS-CISA Joint Advisory on Russian Foreign Intelligence Service Cyber Operations (Homeland Security Today) The Federal Bureau of Investigation (FBI), Department of Homeland Security, and CISA have released a Joint Cybersecurity Advisory (CSA) addressing Russian Foreign Intelligence Service (SVR) cyber actors—also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear, and Yttrium—continued targeting of U.S and foreign entities.

US warns of Russian state hackers still targeting US, foreign orgs (BleepingComputer) The FBI, the US Department of…

Source…

North Korea continues targeting security researchers. Holiday Bear gained access to DHS emails. Charming Kitten is phishing for medical professionals.

/in


By the CyberWire staff

North Korea continues targeting security researchers.

Google’s Threat Analysis Group (TAG) has published an update on a North Korean cyberespionage campaign targeting security researchers. TAG warned in January that a threat actor was messaging researchers on various social media platforms asking to collaborate on vulnerability research. They also set up a watering hole site that posed as a phony research blog, using an Internet Explorer zero-day.

Now, Google says the actor is using a new website and social media profiles posing as a fake company called “SecuriElite.” TAG writes, “The attacker’s latest batch of social media profiles continue the trend of posing as fellow security researchers interested in exploitation and offensive security. On LinkedIn, we identified two accounts impersonating recruiters for antivirus and security companies. We have reported all identified social media profiles to the platforms to allow them to take appropriate action.” Google also believes the attackers are using more zero-days.

Holiday Bear gained access to DHS emails.

The Associated Press reports that the suspected Russian hackers behind the SolarWinds attack gained access to the emails of former acting Department of Homeland Security Secretary Chad Wolf and other DHS officials. So far it doesn’t appear that classified communications were compromised, but POLITICO says the number of emails stolen was in the thousands. A State Department spokesperson told POLITICO, “the Department takes seriously its responsibility to safeguard its information and continuously takes steps to ensure information is protected. For security reasons, we are not in a position to discuss the nature or scope of any alleged cybersecurity incidents at this time.”

5 Top ICS Cybersecurity Recommendations in the Year in Review

Find out about the major ICS cyber threats, vulnerabilities and lessons learned from our field work in the just released Year in Review report. You’ll discover 5 recommendations to secure your industrial environment and the 4 new threat activity groups we’re tracking.  Read the executive summary. 

Charming Kitten is phishing for medical professionals.

Proofpoint reports that…

Source…

As holiday mobile commerce breaks records, retail apps display security red flags

/in


Driven by the pandemic, many consumers rely on mobile apps to buy everything from daily essentials to holiday gifts. However, according to a recent analysis, there are some alarming security concerns among some of the top 50 Android retail mobile apps.

retail apps security

Retail mobile apps are missing basic security functionality

Most of the top 50 retail mobile applications analyzed in September 2020 did not apply sufficient code hardening and runtime application self-protection (RASP) techniques.

These security techniques protect the application against tampering or being copied and distributed by a malicious third party as fake apps. Competitors can also exploit a lack of code hardening to execute business or technical denial of service attacks, making the mobile app difficult for customers to use. Or they can create competitive third-party aggregators that weaken the brand and lead to a loss in revenue.

Nearly all of the applications in the analysis fell short across basic application hardening techniques. These included code hardening techniques such as name obfuscation, which hides identifiers in the application’s code to prevent hackers from reverse engineering and analyzing source code. In addition, encryption techniques such as string, asset/resource, and class encryption prevent malicious actors from gaining insight into sensitive information, assets, or the internal logic of applications.

Application hardening also includes RASP techniques such as root/jailbreak and emulator detection, which shows when an attacker is attempting to bypass application sandboxes and conduct unapproved actions. Nearly a quarter of apps were completely unprotected in these areas. Without adequate protection, retail mobile apps could be tampered with or even copied and turned into “fake apps.” Fake retail apps are especially risky because they can capture sensitive personally identifiable information (PII) from shoppers, such as names, credit card numbers, addresses, and more.

Consumers must be on the lookout for fake mobile apps

With the massive rise in mobile commerce, consumers must be on the lookout for telltale signs of fake mobile apps. There are a few ways to spot these apps in the…

Source…

IoT gadgets dominate the holiday sales – and so do their security risks

/in

The annual retail conventions of Black Friday and Cyber Monday have long had a tradition of drumming up the latest tech products ahead of Christmas. Internet of Things (IoT) enabled products have become an increasingly popular mainstay of the sales rush, including virtual home assistants, wearable tech, smart toys and connected appliances.

However, as these connected products continue to dominate the holiday sales scene, they are also highlighting longstanding security concerns with IoT devices. Products are often found to be lacking even basic security safeguards, potentially exposing users to privacy invasions, cyberattacks, and even physical danger. 

Those who splurged on IoT-enabled devices in this year’s sales will need to be aware of potential new security threats against themselves and their employers.

About the author

Richard Hughes is Head of Technical Cyber Security at A&O IT Group 

How weak IoT security invites hackers into the home

IoT security vulnerabilities are extremely common, and our own investigators have found major flaws in everything from kettles to sex toys. There has been a steady cadence of IoT security breaches making the headlines over the last few years, including both the discovery of potential vulnerabilities and cases of actual exploitation.

One of the most prominent recent examples has been the Ring smart doorbell produced by Amazon. The device is ostensibly designed to help users with home security, enabling them to remotely access video and audio feeds from their smartphone, as well as receiving alerts when they have a visitor.

However, it quickly became apparent that Ring was lacking several important security features. The device is controlled by a mobile app but did not set any limits on incorrect login attempts or notify users when there was a failed attempt or a successful login from a new location or device. This meant it was straight forward for a threat actor to brute force their way into the user’s account and connect to the device. There were multiple examples of Ring devices being hijacked to spy on households, as well as the speaker function being used to harass and threaten people with physical violence. Connecting to a Ring device…

Source…