InfoSecSherpa Newsletter — 07 May 2021
3 min readMay 7, 2021
- New TsuNAME Flaw Could Let Attackers Take Down Authoritative DNS Servers
(The Hacker News, 07 May 2021)
The flaw, called ‘TsuNAME,’ was discovered by researchers from SIDN Labs and InternetNZ, which manage the national top-level internet domains ‘.nl’ and ‘.nz’ for the Netherlands and New Zealand, respectively. - NCSC, CISA publish new information on Russia’s Cozy Bear
(Computer Weekly, 07 May 2021)
New intelligence from UK and US cyber agencies suggests that APT29, or Cozy Bear, has been switching up its tactics. - Twitter’s Tip Jar May Send Your Address To Recipients: How To Avoid It
(Screen Rant, 07 May 2021)
Using Twitter’s new Tip Jar feature may send someone more than just a small tip. When sending money via PayPal, full addresses can be shared, too. - Amazon Sidewalk launches June 8 with support for Tile trackers
(C|Net Home, 07 May 2021)
Starting next month, select Echo speakers and Ring gadgets will be able to connect with devices outside of the home — including other people’s devices. - Axa halts coverage for ransoms paid to ransomware gangs
(Business Insurance, 07 May 2021)
French insurer Axa SA has decided to cease cyber insurance coverage for ransoms paid by the policyholders to the ransomware gangs, US News & World Report reported citing the Associated Press. - Are Smart Cities a Vision of the Future, or Just Another Security Nightmare?
(Digit, 07 May 2021)
New security guidance from the NCSC raises questions over how connected we want our towns and cities to be. - Canada’s Tokyo hopefuls hit with credit card fraud on top of pandemic challenges
(Peace Arch News, 07 May 2021)
A number of Canadian athletes have discovered fake applications for a Walmart MasterCard were approved in their names. - Bill seeks to bolster National Guard’s role in cyber response
(C4ISRNET, 06 May 2021)
A bill introduced this week in the House seeks to bolster the National Guard’s ability to respond to cyber threats, including critical infrastructure attacks in their states. - DHS to hire 200 more cyber pros as Biden administration grapples with hacking threats
(Cyber Scoop, 06 May 2021)
The Department of Homeland Security announced on Wednesday that it intends to hire 200 new cybersecurity professionals by July as the Biden administration aims to curb ransomware attacks affecting U.S. corporations, as well as foreign espionage operations. - Cyber Policy Legislative Tracker
(Mintz, 07 May 2021)
The bills listed reflect a relatively active cybersecurity agenda for the 117th Congress. As reflected in the proposed legislation, many Members are interested in focusing federal policy on matters such as supply chain security, cyber workforce training, and international competitiveness, particularly with China.
