DHS to issue first-ever cybersecurity regulations for pipelines after Colonial hack

The Department of Homeland Security is moving to regulate cybersecurity in the pipeline industry for the first time in an effort to prevent a repeat of the Colonial Pipeline incident. The Transportation Security Administration, a unit of the DHS, will issue a security directive this week requiring pipeline companies to report cyber incidents to federal authorities. It will follow up in coming weeks with a more robust set of mandatory rules for how pipeline companies must safeguard their systems against cyberattacks and the steps they should take if they are hacked, the officials said. The agency has offered only voluntary guidelines in the past.

(Washington Post)

Audio technology maker Bose discloses data breach after ransomware attack

A ransomware attack hit the company’s systems in early March. Bose Media Relations Director Joanne Berthiaume told BleepingComputer, “we did not make any ransom payment … we recovered and secured our systems quickly with the support of third-party cybersecurity experts.” The company discovered that some of its current and former employees’ personal information was accessed by the attackers, but to date there has been no evidence of leaked stolen data on the dark web.

(Bleeping Computer)

Malware exploited macOS zero-day flaw to secretly take screenshots

Apple Mac users are being advised to update their operating system after hackers discovered a way to bypass privacy protections. The XCSSET malware hunts for installed apps which victims have already granted permission to take a screenshots, such as Zoom, Discord, Skype and TeamViewer. The malware, written in AppleScript, then injects malicious commands into the legitimate apps – telling them to take snapshots of the user’s screen. This can be used for not just recording victim’s screens, but also accessing microphones, webcams, or capturing keypresses – all without the user granting consent.

(Hot For Security)

Microsoft Exchange admin portal blocked by expired SSL certificate

The Microsoft Exchange admin portal became inaccessible from some browsers yesterday after Microsoft forgot to renew its SSL certificate. Microsoft Exchange admins who attempted to access admin.exchange.microsoft.com suddenly found that their browsers were issuing security warnings. It is expected that similar stories will arise, with expired certificates becoming common as almost all online services have now switched over to secure connections.

(Bleeping Computer)

Thanks to our episode sponsor, Sumo Logic

Join security leaders and practitioners at Sumo Logic’s Modern SOC Summit June 8-9. Explore, learn and think about the future of your security strategy and direction with a half day program designed for all skill and interest levels. Reserve your spot for this virtual event at sumologic.com and click on the link at the top of the screen.

Iranian hacking group Agrius pretends to encrypt files for a ransom, destroys them instead

The Agrius hacking group has shifted from using purely destructive wiper malware to a combination of wiper and ransomware functionality — and will pretend to hold data to ransom as a final stage in attacks. However, unlike ransomware groups such as Maze and Conti, the use of ransomware appears to be a bolt-on to attacks focused on cyberespionage and destruction. Agrius “intentionally masked their activity as a ransomware attack,” the researchers at SentinelOne said, while actually engaging in destructive attacks against Israeli targets. The researchers suspect the group is state-sponsored.


UK spy agency’s data collection techniques found as unlawful

The European court of human rights has ruled that UK spy agency GCHQ’s methods for bulk interception of online communications violated the right to privacy and the regime for collection of data was unlawful, although it did not itself violate the European convention on human rights The judgment is the culmination of a legal challenge to GCHQ’s bulk interception of online communications begun in 2013 by Big Brother Watch and others after Edward Snowden’s whistleblowing revelations concerning the interception, processing and storing of data about millions of people’s private communications by the eavesdropping agency.

(The Guardian)

Pulse Secure VPNs get quick fix for critical RCE

The workaround was issued for a critical remote-code execution (RCE) vulnerability in its Pulse Connect Secure VPNs that may allow an unauthenticated, remote attacker to execute code as a user with root privileges. Parent company Ivanti issued the out-of-band advisory on May 14, explaining that the high-severity bug – CVSS 8.5 affects Pulse Connect Secure versions 9.0Rx and 9.1Rx.


Smart keyboards as the next frontier against insider threats

In an editorial posted to ThreatPost, Dale Ludwig from Cherry Americas, proposes that greater attention be given to smart, secure keyboards, a technology that he says is often overlooked in the race to deploy software-driven countermeasures to cyberattacks. Newer keyboard technologies now provide higher security through two-factor authentication using smart cards and contactless card readers, and can be partnered with new mouse technology, that uses fingertip sensors for user authentication, to greatly improve security. Full disclosure, Cherry Americas is a manufacturer of computer input devices, however, the article poses some good food for thought.