Cyber Security Headlines – December 2, 2020

US Supreme Court eyes narrowing of CFAA

Continuing a story we covered on Monday, the Supreme Court has indicated serious reservations about the ambiguity and scope of the nation’s only major cybercrime law, hinting it may narrow the law’s applicability to avoid criminalizing such acts as checking social media at work. Justice Neil Gorsuch suggested that the Van Buren case upon which this Supreme Court case was based, the latest example of the government trying to broaden the scope of criminal laws in “contestable” ways. He stated the DOJ’s argument risked “making a federal criminal of us all.”

(Politico)

FBI warns of BEC scammers using email auto-forwarding in attacks

An FBI Private Industry Notification (PIN) coordinated with CISA and released November 25, highlights the abuse of auto-forwarding rules on web-based email clients as part of a Business Email Compromise culture that also includes social engineering, phishing, or hacking to compromise business email account with the goal of redirecting future or pending electronic payments. BEC scammers used email rules added to the target’s web-based email clients to hide their activity while impersonating employees or business partners.

(Bleeping Computer)

Trump lawyer calls for Christopher Krebs’ execution

Joe diGenova, a lawyer working on Mr. Trump’s election campaign was quoted on Monday as saying former DHS cybersecurity official Chris Krebs should be executed. Mr. Krebs was fired from the Trump administration in mid-November after releasing a statement that the 2020 election had been the most secure in American history. Mr. diGenova stated on a radio interview that Mr. Krebs was a “class-A moron. He should be drawn and quartered. Taken out at dawn and shot.” Mr. diGenova is active in the Trump campaign’s current strategy of planning to dispute the election at the Supreme Court level.

(Gizmodo)

Report suggests cybersecurity field needs to grow 89% to meet security requirements

Around 3.1 million professionals are needed to bridge the cybersecurity talent gap, according to a report published by the International Information System Security Certification Consortium, also known as (ISC)2. The report goes on to say that excessive requirements for years of experience and professional certifications plus inflated expectations for junior roles are the problem, rather than a lack of workers. (ISC)2 as well as other cybersecurity organizations suggest greater focus should be placed on hiring people from diverse, non-traditional backgrounds, with ongoing training replacing high barriers to entry.

(Wall Street Journal)

Thanks to our episode sponsor, SecureLayer7

Getting rid of vulnerabilities within the systems can be quite an intricate task. But why bother with anything else when there is an all in one cybersecurity package for organizations. A platform where existing, and prospective vulnerability threats can be identified and mitigated through their pentests within set time slots.
SecureLayer7, the cybersecurity solution for your organization. Discover SecureLayer7.net

Dozens of dormant North American networks resurrect simultaneously

Spamhaus, the Geneva-based international nonprofit organization focused on cyber threats, has revealed that last week, 52 dormant networks came back to life at the same time, which is essentially unheard of. Traceroutes and pings indicate that they are all physically hosted in the New York City area, but Spamhaus also notes that the Border Gateway Protocol paths that connect these networks to their hosting facility involve Ukrainian companies.

(SecurityWeek)

Biohacking can dupe DNA scientists into creating dangerous viruses and toxins

Academics from the Ben-Gurion University of the Negev have described in a report how biologists and scientists could become victims of cyberattacks designed to create new viruses, using malware that can replace sub-strings in DNA sequencing, circumventing current safety protocols. This attack scenario underscores the need to harden the synthetic DNA supply chain with protections against cyber-biological threats, one of the report’s authors Rami Puzis states, adding, “to address these threats, we propose an improved screening algorithm that takes into account in vivo gene editing.”

(ZDNet)

Brazilian plane company Embraer targeted in cyberattack

The world’s third largest commercial jets maker, and manufacturer of commercial, executive, military, and agricultural aircraft, said its IT systems were breached recently as part of an attack that was detected on November 25. The company shared few details about the incident, claiming that files on only a “single environment” became inaccessible due to the attack. Embraer said it quickly initiated its incident response procedures, which caused temporary disruptions to some operations due to the need to isolate some systems.

(Security Week)

The growing popularity of Microsoft Edge comes with fraudulent extensions

Microsoft has removed 18 Edge browser extensions from the Edge Add-ons portal after the extensions were caught injecting ads into users’ web search results pages. A subsequent investigation found multiple abusive extensions that had been uploaded on Microsoft’s new fledgling Edge Add-ons portal either as extensions that tried to pass as the official versions of various apps, even if those apps didn’t have official versions for Edge, or as extensions that were copied from authentic Chrome extensions, ported to Edge, and then had malicious code inserted. 

(ZDNet)


Steve Prentice
Author, speaker, expert in the area where people and technology crash into each other, viewed from the organizational psychology perspective. Host of many podcasts, voice actor and narrator for corporate media and audiobooks. Ghost-writer for busy executives.