InfoSecSherpa Newsletter — 08 June 2021
- New Vulnerabilities in Wi-Fi Security Revealed
(California News Times, 08 June 2021)
A new study has identified various flaws in the security of Wi-Fi connections. An attacker could exploit these vulnerabilities to gain access to private data. This flaw may have affected all Wi-Fi appliances.
- The dichotomy of cognitive bias in cyber security awareness
(Information Age, 08 June 2021)
Cognitive bias is something that hackers often exploit to craft their nefarious campaigns.
- Trickbot indictment demonstrates how one hacking tool built on older malware
(Cyber Scoop, 08 June 2021)
A U.S. indictment unsealed last week confirmed what security researchers had long suspected: From the ashes of Dyre sprung TrickBot, a piece of malicious code that has caused untold financial costs by infecting tens of millions of computers worldwide and playing a part in a series of ransomware attacks.
- Nefilim Ransomware Targets Victims with $1 Billion Revenue
(Street Insider, 08 June 2021)
The approach of modern ransomware families makes detection and response significantly more difficult for already stretched SOC and IT security teams. This matters not only to the bottom line and corporate reputation, but also the wellbeing of SOC teams themselves.
- Local high school students may be the future of cybersecurity
(WRAL, 07 June 2021)
Eighteen students across North Carolina have earned the title of National Cyber Scholar after winning a nationwide scholarship competition and of these 18, 13 are from the WRAL viewing area.
- Finally! A Cybersecurity Safety Review Board
(Lawfare, 07 June 2021)
Section 5 of the order establishes a Cyber Safety Review Board (CSRB) in the Department of Homeland Security. The board “shall review and assess, with respect to significant cyber incidents […] affecting Federal Civilian Executive Branch Information Systems or non-Federal systems, threat activity, vulnerabilities, mitigation activities, and agency responses.”
- CISA taps BugCrowd for federal vulnerability disclosure program
(TechTarget, 08 June 2021)
The new program follows a CISA directive from September that requires executive branch agencies to create and publish vulnerability disclosure policies.
- Top Congressional Vendor Targeted By Cyber Attack
(Daily Caller, 08 June 2021)
iConstituent offers a single platform for government officials to manage contacts, send messages to the people that they represent and track projects. Multiple state governments use iConstituent, including Georgia and Hawaii, Punchbowl News reported Tuesday.
- F.B.I. Investigates Cyberattack That Targeted N.Y.C. Law Department
(The New York Times, 07 June 2021)
Mayor Bill de Blasio said during a NY1 television appearance on Monday evening that city officials were not aware of any information being compromised or a ransom demand. But he cautioned that the situation was “emerging.”
- Former Hacker Sheds Light On How Cyber Criminals Operate
(NPR, 08 June 2021)
Hackers in Russia are responsible for recent ransomware attacks. NPR’s Leila Fadel talks to threat intelligence analyst Dmitry Smilyanets about cyber criminals.