CFAA Ruling, Amazon Sidewalk, Agile Security Testing, & WordPress Plugins – PSW #697

"Virtually anything could become a security vulnerability, from applications containing legacy components, old software versions and outdated OS to even employees and users. In the fast-changing IT environment with several moving parts, third-party components and services, it is easy to miss updates, and this creates new vulnerabilities"

"data security is always YOUR responsibility."

"REvil and its affiliates account for about 4 percent of attacks on the public and private sectors. In most respects, REvil is a fairly average ransomware enterprise. What sets it apart is the cruelty of its tactics, which are designed to exert maximum pressure on victims."

"I explore the idea of agile security testing, where penetration testing is performed first and test cases are automated after that. Agile security testing would be made in iterations of 1) test case execution, 2) penetration testing, and 3) creation of new test cases. The iterative approach naturally leads to constantly updating tests, which addresses the problem of evolving threat landscape."

"Like WordPress, WordPress Plugins are vulnerable to hacking. Why? For two reasons: (i) not all plugins follow the security protocol, and (ii) we can see the codes of the plugins. Hackers always analyze the code to find vulnerabilities in them. If you use a plugin, and the plugin is vulnerable to hacking, or you have not updated to the latest version, your website is then easily hackable. Since WordPress is open source, hackers know what the endpoints (URL) are, what data to use, and how to inject the scripts. "

"The Supreme Court issued a 6-3 ruling Thursday determining that improper use of a computer system by someone allowed to use it does not fall under the Computer Fraud and Abuse Act, the nation’s landmark hacking law."

The Army informed its teleworking workforce that they must immediately remove Internet of Thing (IOT) devices from their teleworking workspaces that possess the capability to listen for keywords that would automatically activate them.

UC Browser promised that with its “incognito” mode, no web browsing or search history would be recorded. Researcher discovers on both Android and iOS versions of UC Browser, every website a user visits, regardless of whether they’re in incognito mode or not, is sent to servers owned by UCWeb.

The White House stated the attack against the world’s largest meat-packer was likely conducted by Russian hackers; several U.S. government agencies are assisting the Brazilian company with cyber assistance.

Meat processor JBS has warned it could take the company some time to recover from an “organised cyber security attack” that has impacted servers in Australia, US and other locations.

Siemens on Friday shipped firmed updates to address a severe vulnerability in SIMATIC S7-1200 and S7-1500 programmable logic controllers (PLCs) that could be leveraged by attackers to obtain remote access to protected areas of memory, allowing them to perform unrestricted and undetected code execution.

Cozy Bear (APT29) group was spotted just days ago leveraging an election fraud-related lure document attached to a phishing email that purports to originates from the U.S. Agency for International Development (USAID) in attacks targeting government agencies, research institutions, and non-governmental organizations (NGO) in the U.S. and Europe.

U.S. government cybersecurity and counterintelligence officials have revealed that the DarkSide cybercrime gang responsible for the Colonial Pipeline ransomware attack may soon reemerge, if it ever stopped operating at all.

TSA has issued a directive mandating that U.S. pipeline owners and operators hire a cybersecurity coordinator, conduct regular cybersecurity assessments, and report any and all cyber incidents to the U.S. federal government.

APT actors recently exploited old vulnerabilities affecting Fortinet firewalls and breached a web server hosting the domain belonging to a local U.S. government, and then moved laterally through the compromised network and created new domain controller, server, and workstation user accounts mimicking already existing accounts in order to exfiltrate or encrypt data and perform other malicious activities.

Mandiant Threat Intelligence says it has spotted four new malware samples (Bloodmine, Bloodbank, Cleanpulse, and Rapidpulse) that were specifically created to target Pulse Secure VPN appliances and are being used in attacks targeting defense, government, and financial organizations.

Foreign hackers compromised Russian federal agencies in a digital espionage campaign that Russian officials described as unprecedented in scope and sophistication.

The Japanese government has disclosed it suffered a data beach after hackers accessed Fujitsu's "ProjectWEB" information-sharing software, which is widely used by public offices and business in Japan, and gained access to data related to air traffic control.

Last week, French authorities have seized the dark web marketplace Le Monde Parallèle and arrested two of the platform's administrators following a months-long investigation.

Researchers say they found an unsecured, exposed database belonging to DailyQuiz containing some 13 million users' PII and plaintext passwords.

PC prices are likely to move higher in the second quarter and rest of 2021 as vendors pass along higher component and logistics costs amid strong demand.