Cyber Security Headlines – May 12, 2021

U.S. declares emergency in 17 states over fuel pipeline cyber attack

The U.S. Federal Motor Carrier Safety Administration (FMCSA) has issued a regional emergency declaration in 17 states and the District of Columbia (D.C.) that provides a temporary exemption to Parts 390 through 399 of the Federal Motor Carrier Safety Regulations (FMCSRs), allowing alternate transportation of gasoline, diesel, and refined petroleum products to address supply shortages stemming from the attack. Colonial is halting its pipeline operations until the end of the emergency or June 8, 2021, 11:59 p.m., whichever is earlier. According to Crowdstrike, the DarkSide ransomware is believed to be the handiwork of a financially-motivated threat actor called Carbon Spider (aka Anunak, Carbanak, or FIN7), whose high-level manager and systems administrator, Fedir Hladyr, a 35-year-old from Ukraine, was recently sentenced to 10 years in prison in the U.S.

(The Hacker News)

Japanese manufacturer Yamabiko targeted by Babuk ransomware

The ransomware group that claimed to be retiring after its attack on Washington DC’s police department last month has reportedly targeted Yamabiko, a Tokyo-headquartered manufacturer of power tools and agricultural and industrial machinery. Although official confirmation is still pending from the victim company, it appears the Russian-speaking threat actors have already released some of the data on their data leak site. This includes personally identifiable information (PII) on employees, product schematics, financial data and more, according to TechNadu.

(Info Security Magazine)

Microsoft May 2021 Patch Tuesday fixes 55 flaws, 3 zero-days

The update meant Microsoft has fixed 55 vulnerabilities, with four classified as Critical, 50 as Important, and one as Moderate. The three zero-day vulnerabilities patched were publicly disclosed but not known to be used in attacks. As usual, it is expected that threat actors will analyze the patches to create exploits for the vulnerabilities, especially the one for Microsoft Exchange. Therefore it is vital to apply the security updates as soon as possible. A full list of Patch Tuesday from Microsoft and other vendors is available at Bleeping Computer.

(Bleeping Computer)

Britain’s NHS app ready to become vaccine passport next week

As of next Monday, people who have received both doses of the COVID vaccine will be able to use the app for foreign travel, which is expected to be opened up as of May 17. This National Health Service (NHS) app is separate from the NHS Covid-19 app, which is used for contact tracing, and which ran into privacy conflicts with Google and Apple, as we reported last month. The UK Government advised people to register to use the app at least two weeks before travelling, and reminds travelers that few countries currently accept proof of vaccination, so people will still need to follow other rules when travelling abroad – like getting a negative pre-departure test.

(BBC News)

Thanks to our episode sponsor, Altitude Networks

Imagine an employee just left and went to a competitor: did they take proprietary documents or critical roadmaps with them? Did they add a backdoor access via personal accounts to documents? You’re a cloud-forward company on G Suite, how would you know your data is at risk?
Altitude Networks can automatically tell you who is trying to steal your critical cloud data from G Suite and Office 365. Altitude Networks is addressing the data security gap in Google Workspace and Office 365. Check them out at AltitudeNetworks.com and be sure your sensitive data stays when your employees leave!

U.S. Intelligence agencies warn about 5G network weaknesses

Analysis released jointly on Monday from the NSA, the Office of the Director of National Intelligence (ODNI) and CISA warns that inadequate implementation of telecom standards, supply chain threats, and weaknesses in systems architecture could pose major cybersecurity risks to 5G networks, potentially making them a lucrative target for cybercriminals and nation-state adversaries. Specifically, the report cites undue influence from adversarial nations on the development of technical standards, which may pave the way for adopting untrusted proprietary technologies and equipment that could be difficult to update, repair, and replace. Also in the report, a warning about supply chain vulnerability with components procured from third-party suppliers, vendors, and service providers that are counterfeit or compromised, with security flaws and malware injected during the early development process.

(The Hacker News)

GitHub now supports security keys when using Git over SSH

GitHub has added support for securing SSH Git operations using FIDO2 security keys for added protection from account takeover attempts. This follows the discovery of more than 100,000 GitHub repositories with leaked API tokens and cryptographic (SSH and TLS) keys after a scan of roughly 13% of GitHub’s public repositories, as well as the discovery of thousands of new repositories were also leaking secrets daily. The added feature uses portable FIDO2 devices for SSH authentication to secure Git operations and prevent accidental private key exposure and malware initiating requests without approval.

(Bleeping Computer)

Experts warn of a new Android banking trojan stealing users’ credentials

Cybersecurity researchers on Monday disclosed a new Android trojan being used to facilitate fraudulent activities against banks in Spain, Germany, Italy, Belgium, and the Netherlands. Called “TeaBot” (or Anatsa), the malware is said to be in its early stages of development, with a rash of infections in the first week of May against Belgium and Netherlands banks. Its main goal is stealing victim’s credentials and SMS messages for enabling fraud scenarios against a predefined list of banks, by obtaining a live stream of an infected device screen as well as interaction via Accessibility Services.

(The Hacker News)

Research firm finds disappointing stats in internal risk mitigation

Elevate Security, a leader in human attack surface management, released new findings yesterday on the state of human cybersecurity risk in the workforce, revealing that traditional employee risk mitigation efforts such as security awareness training and phishing simulations have a limited impact on improving employees’ real-world cybersecurity practices. The three year study involving 114,000 users found that security training has no significant effect at the organizational level or in real-world attacks, and in fact users with five or more training sessions are actually more likely to click on a phishing link than those with little or no training. The full report is available at ElevateSecurity.com.

(Elevate Security)

Steve Prentice
Author, speaker, expert in the area where people and technology crash into each other, viewed from the organizational psychology perspective. Host of many podcasts, voice actor and narrator for corporate media and audiobooks. Ghost-writer for busy executives.