InfoSecSherpa Newsletter — 08 May 2021
3 min readMay 8, 2021
- US and UK Issue Joint Alert on Russian Cyber Activity
(Gov Info Security, 08 May 2021)
U.S. and U.K. cyber, law enforcement and intelligence agencies issued a joint advisory Friday offering detailed information on how to defend against the activities of the Russian Foreign Intelligence Service, or SVR, in the wake of the 2020 SolarWinds attacks. - DOE elevates energy security to National Security
(Philippine Information Agency, 08 May 2021)
The Department of Energy (DOE) held a joint briefing on 03 May for the National Security Council (NSC), National Intelligence Coordinating Agency (NICA), and the Office of the Civil Defense — National Disaster Risk Reduction and Management Council (OCD-NDRRMC) on the updated Philippine Energy Plan (PEP) for 2018–2040 and the threats/challenges of the energy sector. - MENA DDoS and Ransomware Attack Levels Sky-High; Finds State of the Market Report 2021
(The Fin Tech Times, 08 May 2021)
The first-of-its-kind to focus exclusively on digital security in the Middle East region, Help AG’s State of the Market Report 2021 delivers cybersecurity intelligence across a range of parameters, including the top threats over the course of 2020, the region’s biggest vulnerabilities, the kinds of attacks and attack vectors which are a cause for concern, the anatomy of some high-profile breaches, security investment patterns of organisations in the region, and where the market is headed in terms of technologies and evolution. - Vendor Vigilance: Supply Chain Cybersecurity Should Be Addressed Before a Breach
(New York Law Journal, 07 May 2021)
Attacks on third-party vendors have risen in number and severity. 2020 saw a 430% increase in attacks on third-party supply chains. Cyber Attacks: Better Vendor Risk Management Practices in 2021, Shared Assessments (Dec. 18, 2020). Ransomware attacks in particular have seen the most growth, increasing by 715%. BitDefender, Mid-Year Threat Landscape Report 2020 (2020). - Lawyer seeks new trial based on alleged cybersecurity flaws in phone-cracking product
(ABA Journal, 07 May 2021)
A Maryland defense lawyer is seeking a new trial for his client after a blog post claimed that a product used by police to extract cellphone data has cybersecurity flaws. - Malspam Campaign Uses Hancitor to Download Cuba Ransomware
(Gov Info Security, 08 May 2021)
Attackers have co-opted the Hancitor malware downloader and recently used it to deliver Cuba ransomware as part of an email spam campaign for data exfiltration and ransom extortion, a new report by security firm Group-IB finds. - Panda Stealer malware is gobbling up cryptocurrency like bamboo chutes
(Windows Central, 07 May 2021)
A new piece of malware dubbed Panda Stealer is spreading its way across the web. Panda Stealer can be utilized to steal cryptocurrency, including Dash, Bytecoin, Litecoin, and Ethereum. First reported on by Trend Micro, the Panda Stealer malware spread around the web through spam emails. - Rensselaer Polytechnic Institute suspends Internet access after hack
(Spectrum News, 08 May 2021)
RPI has suspended access to its Internet network after it was hacked. - Diversity in Cybersecurity Tools Is a National Security Issue
(The Heritage Foundation, 07 May 2021)
Securing our clouds, servers, networks, and computer endpoints to ensure that federal, state, and local governments can continue to operate must be considered a core function of government. - More than 128 million iPhone users were affected by ‘XcodeGhost’ malware
(Web News Observer, 08 May 2021)
It has been revealed that 12.8 lakh iOS users had downloaded more than 2,500 such apps, which were infected with malware with fake copy of Xcode.
