Executive Order, New & Old Wifi Vulns, Pipeline Hack, & Distro-Less Linux – PSW #694
This week in the Security News: President Biden issues a 34-page executive order on Cybersecurity, Did you hear about the pipeline hack?, New/Old Wifi vulnerabilities, get this Apple didn't want to talk about a malware attack that exposed users, fake Amazon review database, why ad-hoc scanning is not enough, distroless linux, wormable windows bug, codered 2.0 perhaps?, and the cryptowars continue!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Hosts
Joff Thyer
Security Analyst at Black Hills Information Security
Lee Neely
Senior Cyber Advisor at Lawrence Livermore National Laboratory
- 1. Executive Order on Improving the Nation’s CybersecurityPolicy Updates, Increased Threat Sharing, Modernizing Federal Cybersecurity, Supply Chain Security, Improved Detection and Response, NSS requirements, and more.
- 2. Cyberattack Forces a Shutdown of a Top U.S. PipelineThe operator, Colonial Pipeline, said it had halted systems for its 5,500 miles of pipeline after being hit by a ransomware attack. They shut down the pipeline, which it says carries 45 percent of the East Coast’s fuel supplies, in an effort to contain the breach.
- 3. All Wi-Fi devices impacted by new FragAttacks vulnerabilitiesNewly discovered Wi-Fi security vulnerabilities collectively known as FragAttacks (fragmentation and aggregation attacks) are impacting all Wi-Fi devices back to 1997. Three of the flaws are reported to be related to the Wi-Fi 802.11 standard design, while others are reported as programming mistakes in Wi-Fi products.
- 4. Researchers track down five affiliates of DarkSide ransomware serviceResearchers have provided the details of an investigation into cyberattacker activity linked to DarkSide ransomware. On Tuesday, FireEye researchers documented five separate clusters of activity suspected of being connected to DarkSide, the RaaS network responsible for the Colonial Pipeline security incident.
- 5. US and Australia warn of escalating Avaddon ransomware attacksThe FBI and the ACSC have issued a warning about an ongoing "Avaddon" ransomware campaign targeting organizations operating in the government, finance, energy, manufacturing, and healthcare industries around the world.
- 6. Hackers target Windows users exploiting a Zero-Day in ReaderAdobe has confirmed that hackers are actively exploiting a use-after-free memory corruption vulnerability (CVE-2021-28550) affecting its Adobe Reader for Windows in limited attacks in order to execute arbitrary code on targeted systems.
- 7. Russian Actors Change Techniques After UK and US Agencies Expose ThemAfter having its TTPs outed last month by U.K. and U.S. security agencies, APT29 has responded to the exposure by leveraging red-teaming software to infiltrate victims' networks under the guise of conducting a trusted pentesting exercise.
- 8. Facebook removes Ukraine political ‘influence-for-hire’ networkFacebook has taken down a network of hundreds of fake accounts and pages targeting people in Ukraine and linked to individuals previously sanctioned by the United States for efforts to interfere in US elections, the company said on Thursday.
- 9. Microsoft Detected a BEC Campaign Targeted at More than 120 OrganizationsMicrosoft says it has uncovered a large-scale BEC program leveraging typo-squatted domains that are designed to make bogus emails appear to originate from legitimate senders in the consumer products, process manufacturing, agriculture, real estate, distinct manufacturing, and professional services industries in attacks targeting more than 120 organizations.
- 10. CISA MAR report provides technical details of FiveHands RansomwareU.S. CISA has published an analysis of the FiveHands ransomware, the same malware that was analyzed a few days ago by researchers from FireEye’s Mandiant Threat Intelligence. Group "UNC2447" exploited a zero-day issue (CVE-2021-20016) affecting SonicWall Secure Mobile Access (SMA) devices that had not been patched.
- 11. New tsuNAME Flaw Could Let Attackers Take Down Authoritative DNS ServersResearchers disclosed a new and critical vulnerability dubbed "TsuNAME" on May 6 that affects DNS resolvers and could be exploited by attackers to conduct reflection-based DoS attacks targeting authoritative nameservers.
- 12. CaptureRx Data Breach Impacts Healthcare ProvidersThree U.S. healthcare providers have disclosed they suffered a data breach after San Antonio, Texas-based healthcare technology firm CaptureRx experienced a ransomware attack on Feb. 6.
- 13. City of Tulsa, is the latest US city hit by ransomware attackThe city of Tulsa, Okla. has revealed it suffered a ransomware attack on May 7 that impacted its government network as well as a portion of its infrastructure and forced it to shut down its official website last weekend.
- 14. City of Chicago Emails Compromised During Data Transfer To Law FirmThe city of Chicago on Friday said that employee emails were stolen in a Jones Day data breach during a data transfer to Accellion’s FTA file sharing service.