Security Weekly
Paul's Security WeeklySubscribe
Vulnerability Management, Distributed Workforce, Identity, Threat Management

Elite Hackers, HerpaDerps, Unskilled Hackers, & CyberWarfare – PSW #729

In the Security News for this week: Unskilled hacker linked to years of attacks on aviation, transport sectors, The Elite Hackers of the FSB, Bionic Eyes Go Dark, Herpaderping, & more!

Full episode and show notes

Announcements

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Hosts

Principal Security Evangelist at Eclypsium
  1. 1. The Rise and Fall of log4shellThe Rise and Fall of log4shell, Author: Johannes UllrichSANS Internet Storm Centerisc, sans, internet, security, threat, worm, virus, phishing, hacking, vulnerability
  2. 2. This Is the ‘Hacking’ Investigation Into Journalist Who Clicked ‘View Source’ on Government Website
  3. 3. Ubuntu addresses Linux kernel vulnerabilities
  4. 4. Samsung shipped ‘100m’ Android phones with flawed encryption
  5. 5. New Sandworm Malware Cyclops Blink Replaces VPNFilter
Founder at Guardedrisk
Product Security Research and Analysis Director at Finite State
  1. 1. PyPI XMLRPC Search Disabled
  2. 2. New Sandworm malware Cyclops Blink replaces VPNFilter
  3. 3. Bionic Eyes Go Dark
  4. 4. SP 800-219 (Draft), Automated Secure Configuration Guidance from the mSCP
  5. 5. Herpaderping: Security risk or unintended behavior?
  6. 6. The Elite Hackers of the FSB
Senior Cyber Advisor at Lawrence Livermore National Laboratory
  1. 1. New Sandworm Malware Cyclops Blink Replaces VPNFilter
    The United Kingdom’s National Cyber Security Centre, CISA, the National Security Agency, and the Federal Bureau of Investigation have released a joint Cybersecurity Advisory (CSA) reporting that the malicious cyber actor known as Sandworm or Voodoo Bear is using new malware, referred to as Cyclops Blink. Cyclops Blink appears to be a replacement framework for the VPNFilter malware exposed in 2018, which exploited network devices, primarily small office/home office routers and network-attached storage devices.
  2. 2. Expeditors shuts down global operations after likely ransomware attack
    Seattle-based logistics and freight forwarding company Expeditors International has been targeted in a cyber attack over the weekend that forced the organization forcing it to shut down the majority of its worldwide operations. Downtime notice: https://www.expeditors.com/022022-downtime-notification
  3. 3. CISA Launches New Catalog of Free Public and Private Sector Cybersecurity Services
    CISA has published a catalog of free public and private sector cybersecurity services. The Free Cybersecurity Services and Tools webpage “includes cybersecurity services provided by CISA, widely used open source tools, and free tools and services offered by private and public sector organizations across the cybersecurity community.” CISA plans to include additional tools and services in the future. Services and tools page: https://www.cisa.gov/free-cybersecurity-services-and-tools
  4. 4. CISA Warns Critical Infrastructure Organizations of Foreign Influence Operations
    The CISA has issued new guidance to critical infrastructure organizations about how to adequately prepare for and address foreign influence operations that use misinformation, disinformation, and malinformation (MDM) as well as other tactics in order to undermine the security of the U.S. and its allies. CISA Guidance: https://www.cisa.gov/sites/default/files/publications/cisa_insight_mitigating_foreign_influence_508.pdf
  5. 5. Port of LA’s new Cyber Resilience Center aims to bolster physical and digital supply chain defenses
    The Port of Los Angeles has reportedly established a new "Cyber Resilience Center" that will create an automated, portwide "community cyber defense solution" intended to combat increasing threats to the physical and digital supply chains. According to reports, the center will include some 20 stakeholders that include terminal operators, shipping lines, and truck and rail freight companies.
  6. 6. FBI: Cybercriminals Using Virtual Meeting Platforms to Wage BEC Attacks
    The FBI warned today that some business email compromise (BEC) scammers have moved their attack vectors to virtual meeting platforms, where they dupe employees into transferring money to them by posing as the CEO or CFO of the victim organization.
  7. 7. Unskilled hacker linked to years of attacks on aviation, transport sectors
    A low-skilled hacking group tracked as "TA2541" that is believed to be operating out of Nigeria has been targeting firms operating in the aviation, aerospace, defense industries, transportation, and manufacturing sectors since 2017 leveraging off-the-shelf malware that is delivered via malicious Word documents.
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

Related

Why Is Your TV & NAS On The Internet? – PSW #824

Ahoi new VM attacks ahead! HTTP/2 floods, USB Hid and run, forwarded email tricks, attackers be scanning, a bunch of nerds write software and give it away for free, your TV is on the Internet, Rust library issue, D-Link strikes again, EV charging station vulnerabilities, and rendering all cybersecurity useless.