A quick Saturday digest of cybersecurity news articles from other sources.
Colonial Pipeline CEO: Paying Ransom ‘Right Thing to Do for the Country’
The Colonial Pipeline ransomware saga continues to unfold before our eyes. This week, company CEO Joseph Blount admitted to paying $4.4 million in ransom to cybercriminals following the attack that shut down the largest fuel pipeline in the U.S. In an interview with the Wall Street Journal, Blount says he made the decision to pay the ransom within hours of the attack. “I know that’s a highly controversial decision. I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this… but it was the right thing to do for the country.” The company learned of the attack on May 7th after an employee found a ransom note on a control room computer. That evening, Blount decided to pay because he was unsure how badly the breach… Read more
Updates to Alert on Pulse Connect Secure
Original release date: May 27, 2021
CISA has updated Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities to include new threat actor techniques, tactics, and procedures (TTPs), indicators of compromise (IOCs), and updated mitigations.
CISA encourages users and administrators to review AA21-110A and the following resources for more information:
• Re-Checking Your Pulse
• Ivanti KB44755 – Pulse Connect Secure (PCS) Integrity Assurance
• Ivanti Security Advisory SA44784
• Emergency Directive 21-03: Mitigate Pulse Connect Secure Product Vulnerabilities
The no-code movement is in the early stages but will bring exciting new possibilities, expert says
The future is full of innovation potential with no-code and low-code systems. It will help developers as well as citizen developers who don’t know any programming languages
FBI warns of Conti ransomware attacks against healthcare organizations
The attacks have targeted US healthcare and first responder networks with ransom demands as high as $25 million, says the FBI.
Advanced Persistent Threat Uses New Spoofed Domains in Social Engineering Attacks
Researchers at Cisco Talos warn that the threat actor known as APT36 is using new spoofed, 100%-cloned websites combined with malicious documents to deliver Remote Access Trojans and compromise networks.
“Our latest research confirms that the group continues to create malicious domains mimicking defense-related entities as a core component of their operations,” the researchers write.
Cisco Talos also notes that the threat actor is targeting more verticals than usual in the latest campaign. “While military and defense personnel continue to be the group’s primary targets, APT36 is increasingly targeting diplomatic entities, defense contractors, research organizations, and conference attendees, indicating that the group is expanding its targeting,” the researchers write.
The researchers add that APT36 is putting more effort into making its phishing lures more convincing. “The actors recently deviated from the CrimsonRAT infection chains to make their ObliqueRAT phishing maldocs appear more legitimate,” the researchers write.
“For example, attackers leveraging ObliqueRAT started hosting their malicious payloads on compromised websites instead of embedding the malware in the maldoc. APT36 also used HTTrack, a website copying tool, to create identical duplicates of legitimate sites.
“These examples highlight APT36 heavy reliance on social engineering as a core TTP and the group’s efforts to make their operations appear as legitimate as possible,” the researchers conclude.
These types of attacks happen all over the world, often by state-sponsored hacking groups. You absolutely need a strong human firewall as your last line of defense to block social engineering attacks like this.
Microsoft Build 2021 kicks off with “next generation of Windows” tease
Satya Nadella’s keynote centered the speed of digital transformation and the role of developers in the process, but he also dropped a hint about the biggest update to Windows “in over a decade.”
“Unpatchable” vuln in Apple’s new Mac chip – what you need to know
It’s all over the news! The bug you can’t fix! Fortunately, you don’t need to. We explain why.
Top 5 things to know about government digital coins
With cryptocurrencies gaining traction, it should come as no surprise that governments are beginning to use them as well. Tom Merritt lists five facts about government digital coins.
MAY
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com