A quick Saturday digest of cybersecurity news articles from other sources.
NASA’s Perseverance Rover Lands on Mars
The technically complex landing marks the fifth successful U.S. bid to reach the Martian surface
Its Not Just SolarWinds: France Reveals Three-Year Long Supply Chain Attack
News of the SolarWinds data breach, where its software management updates were hacked, rocked the cyber world. And now comes news from France’s National Information Systems Security Agency (ANSSI) that a French software monitoring company has been under a supply chain attack, undetected for several years. ANSSI says the attack targeted Centreon and it’s been going on for years… Read more
Indicators of Compromise in multiple formats (English)
Detailed Centreon Sandworm attack counter measures (French)
A Message from SolarWinds President and CEO
Sudhakar Ramakrishna, our new president and CEO, details additional steps SolarWinds® is taking to enhance our security posture and policies.
SolarWinds New Digital Code-Signing Certificate
SolarWinds uses a digital code-signing certificate to sign each software build digitally and help end users authenticate the code comes from us. As part of our response to the SUNBURST cyberattack, the code-signing certificate used by SolarWinds to sign the affected software versions will be revoked on March 8, 2021. To ensure your SolarWinds product(s) performance, you must upgrade to these new builds before March 8. LEARN MORE
New Findings From the SolarWinds Investigation
We’ve partnered with multiple industry-leading cybersecurity experts to strengthen our systems, further enhance our product development processes, and adapt the ways we deliver powerful, affordable, and secure solutions to our customers.
We’re providing an update on the investigation thus far and an important development we believe brings us closer to understanding how this serious attack was carried out. READ NOW
Deplatformed: How Big Tech and Corporate America Help Subvert the 1st and 2nd Amendments
This article discusses the attacks being made on the First Amendment of the US Constitution by a small cabal of tech companies. Section 230 exempted these companies from prosecution for the views of their customers, as long as they could demonstrate that they were a common carrier providing equal access to all, and they weren’t engaging in moderating or editorializing this user created content. This is not the case any longer, as the viewpoints of the conservative right are being suppressed by these companies. An important article for our times.
Not Everyone is Having a Bad Year: Darknet Markets Are Booming
2020 was a year of polar opposites in the business world. Some businesses went bust while others boomed and set new records. One profitable line of work during the pandemic? Selling illicit goods and services on the Dark Web. These darknet markets hauled in a record amount of revenue last year, with customers around the globe spending $1.7 billion in cryptocurrency. Chainalysis tracks this kind of… Read more
Google Launches Open Source Vulnerability Database
Google recently launched its Open Source Vulnerabilities (OSV) database, as a “first step towards improving vulnerability triage for developers and consumers of open source software.” The purpose of OSV is to provide precise data on where a vulnerability was introduced and where it was fixed. This will help consumers of open source software determine if they were impacted and make the appropriate… Read more
9 New NIST Cybersecurity and Privacy Goals
The NIST Cybersecurity Framework (CSF) helps thousands of organizations around the world to better understand and improve their security posture. The NIST Privacy Framework (PF) is now more than a year old. And the NIST Risk Management Framework (RMF) provides details for creating cyber policies through a risk-based approach. Now, we are learning that more help from NIST is on the way… Read more
Top 4 COVID-19 Scams to Watch Out For
The ability to leverage current events is a dream scenario for modern-day cybercriminals. These criminals use events, such as the COVID-19 pandemic, to fuel their malicious intent.
With the global pandemic comes the desire to stay updated with the most current information. However, it can be difficult for internet users to navigate this information and separate fact from fiction. It is also difficult to ensure that links and resources are reliable. The reality is that malicious activity comes through just about every communication channel: email, social media, text and phone messages, and of course, misleading and malicious websites. continue reading →
Fallen victim to online fraud? Here’s what to do…
Practical tips on how to avoid getting scammed in the first place, as well as what to do if it does happen. Click on title link for full article.
Types of Online Fraud
- Get rich quick scams
- Job scams
- Fake e-commerce sites and “free” offers
- Fake cybersecurity warnings
- Romance and dating fraud
Getting Your Money Back
- Debit card
- Credit card
- Bank Transfer
- Wire transfer, cash, or crypto-currency
Maintaining Your Security
- Change your password
- Apply patches and updates
- Use a password manager
- Use two-factor authentication
- Report scams on IC3.gov
Below are scam reporting links for various English-speaking countries:
- AU: Scamwatch (Australian Competition and Consumer Commission)
- CA: Canadian Anti-Fraud Centre
- NZ: Consumer Protection (Ministry of Business, Innovation and Employment)
- UK: ActionFraud (National Fraud and Cyber Crime Reporting Centre)
- US: ReportFraud.ftc.gov (Federal Trade Commission)
- ZA: Financial Intelligence Centre
Malware Analysis Report (AR21-048C)
MAR-10322463-3.v1 – AppleJeus: Union Crypto
This Malware Analysis Report (MAR) is the result of analytic efforts among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Treasury (Treasury) to highlight the cyber threat to cryptocurrency posed by North Korea, formally known as the Democratic People’s Republic of Korea (DPRK), and provide mitigation recommendations. Working with U.S. government partners, FBI, CISA, and Treasury assess that Lazarus Group—which these agencies attribute to North Korean state-sponsored advanced persistent threat (APT) actors—is targeting individuals and companies, including cryptocurrency exchanges and financial service companies, through the dissemination of cryptocurrency trading applications that have been modified to include malware that facilitates theft of cryptocurrency.
Details, TTPs and IOCs at this site.
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com