2021 Week 27 Security Roundup

-

 

Summary

Not a lot of news this week.  Most of the news seems to have been dominated by the report saying that Fancy Bear has been brute-forcing their way into networks worldwide.  Also news of a school software provider hack and some industrial control devices that have been patched.  

News

AcadeME hacked

School services company AcadeME was breached and the details of about 280,000 students were leaked.  DragonForce, which is a pro-Palestinian hacker group, took credit for the hack.  The group also claimed to have leaked Israeli passports.  

Fancy Bear / APT28 / Unit 26165 brute-forcing utilities, health care, and government systems

On Thursday (7/1/2021) the NSA, the FBI, CISA, and the UK's National Cybersecurity Centere issued a joining advisory that indicated Fancy Bear has not been resting on the success of the SolarWinds attack.  They have been busy using name and password lists against targets worldwide.  While it appears on the face to be a basic attack, the extent they have been using it has lead to great successes.  A couple of the articles below go into great detail about the different ways they accomplished this.  Definitely worth a further read.

Advisory


WAGO advises of critical vulnerabilities

WAGP's PFC100 and PFC209 PLC devices, Edge Controller product, and their Touch Panel 600 HMI's have a memory flaw that allows an attacker to cause a denial of service (DoS) and can lead to arbitrary code execution.  They have issued a patch labeled FW18 Patch 3.  

Industrial facilities at risk according to Trend Micro

Trend Micro released a report outlining their findings of attacks against industrial systems.  They found that Ryuk, Nefilim, Sodinokibi, and LockBit and their variants accounted for more than half of all ICS ransomware attacks.  

Legislative actions 

The move to make it against the law to pay ransoms after a breach is growing.  As well as the moves from the US legislators, many states are also exploring this.  Now, while it may seem a no-brainer to not pay, laws to this effect might not be the best option.  Another article this week also points out that there are already laws that can make it illegal to pay, so you should seek good counsel to direct your decisions.  

The state of Main passed the strongest facial recognition legislation to date.  LD1585 effectively bans all uses of facial recognition without warrants for investigations of serious crimes.  It also has an exemption for uses of missing persons.  

Jobs

Comments

Post a Comment

Popular posts from this blog

2021 Week 11 Security Roundup

-
  Summary This blog is geared towards cybersecurity events that are of interest to State, Local, Tribal, and Territorial (SLTT) governments in the United States of America.  It is hoped that this focus will help SLTT information technology workers and policymakers to get the information relevant to their mission.  If you are in other sectors hopefully there is information you can find useful as well.   News Windows Outlook Vulnerability The 0-Day for Microsoft Exchange Server keeps making news.  Over the course of the week threat actors outside of the Haifum Chinese cyber espionage group started to take advantage of the exploit.  Many new breaches were identified over the weekend as organizations large and small rushed to update vulnerable servers.  From the briefings I have sat through over the last week or so, I can only add my echo to the chorus saying that you should immediately patch your on-premises version of Outlook.  Here are some of the developments that we have seen: ZDNet a
Read more

2021 Weeks 32-40 Security Roundup

-
  Summary Let me apologize for the long delay right upfront.  First, we had a round of Covid in the household in a person who is immune-compromised.  Next, I started a new semester in college and the workload was far greater than I expected.  Lastly, this is the start of the budget year for us and I had several projects that have demanded almost every second of my work time.  I hope to get back to weekly updates by November. Lots of news that covers:  health care, education, infrastructure, and SLTT governments around the world.  Since I am hitting the length limitations of Blogger, I will simply invite you to read and try and get caught up yourself.  News UC San Diego Health sued over breach In what is becoming a growing trend UC San Diego Health is being sued for failure to have proper data protection protocols.  The suit is citing breach of contract, negligence, and violating California consumer and medical privacy laws.  Specifically, the suit alleges failure to adequately train em
Read more

2021 Week 29 Security Review

-
  Summary Sorry, this was late this week.  I was in training on Friday with the good folks at the LSU Academy of Counter-Terrorist Education.  If you are a Tribal or other American first responder or researcher in the field of terrorism and not taking advantage of their amazing resources, please check them out at  https://www.ncbrt.lsu.edu/ . Not a lot of new things this week.  There was an update from the City of Tulsa and their breach.  We also saw REvil disappear from both the Web and the dark Web.  Lastly, CIS tools are taking the forefront in the defensive posture of the SLTT landscape. News City of Tulsa Oklahoma breach Tulsa, which was breached back in May ( https://yasb2018.blogspot.com/2021/05/2021-week-19-security-roundup.html ), has announced that at least 27 people had their Social Security number accessed.  The city said they have attempted to reach out to those affected.  To date, more than 18,000 files from the hack have been released to the dark web. https://www.securit
Read more