DHS Orders Pipeline Operators to Report Cyberattacks, Review Security Posture – KK Hack Labs

DHS Orders Pipeline Operators to Report Cyberattacks, Review Security Posture – KK Hack Labs

DHS Orders Pipeline Operators to Report Cyberattacks, Review Security Posture On the heels of the Colonial Pipeline attack, the US Department of Homeland Security aims to force a reticent industry to improve its ability to detect and respond to cybersecurity attacks.

SolarWinds Attackers Return With Fresh Phishing Campaign

SolarWinds Attackers Return With Fresh Phishing Campaign

Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Fraud Risk Management Microsoft: Russians Used Malicious Messages Portrayed as Coming From USAID Scott Ferguson (Ferguson_Writes) • May 28, 2021     Here’s an example of a phishing email masquerading as a message from USAID. (Source: Microsoft) A Russian group that was behind the massive…

How the Hydra Darknet Market Broke the $1 Billion Barrier

How the Hydra Darknet Market Broke the $1 Billion Barrier

Cybercrime , Fraud Management & Cybercrime , Fraud Risk Management Research Report Describes Marketplace’s Evolving Tactics Doug Olenick (DougOlenick) • May 26, 2021     Source: Flashpoint and Chainalysis The Hydra darknet marketplace, which initially focused on narcotics sales, now also offers stolen credit cards, SIM cards, VPN access and cryptocurrency laundering services, with annual…

CVE-2021-20292 – Alert Detail – Security Database

CVE-2021-20292 – Alert Detail – Security Database

Executive Summary Informations Name CVE-2021-20292 First vendor Publication 2021-05-28 Vendor Cve Last vendor Modification 2021-05-28 Security-Database Scoring CVSS v3 Cvss vector : N/A Overall CVSS Score NA Base Score NA Environmental Score NA impact SubScore NA Temporal Score NA Exploitabality Sub Score NA   Calculate full CVSS 3.0 Vectors scores Security-Database Scoring CVSS v2 Cvss…

Canada Post reports data breach to 44 large businesses, 950K customers affected – National

Canada Post reports data breach to 44 large businesses, 950K customers affected – National

A malware attack on one of Canada Post’s suppliers has caused a data breach affecting 44 of the company’s large business clients and their 950,000 receiving customers, the postal agency confirmed Wednesday. It said the information affected is from July 2016 to March 2019, and 97 per cent of it comprised the names and…

CVE-2021-20236 – Alert Detail – Security Database

CVE-2021-20236 – Alert Detail – Security Database

Executive Summary This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this. Informations Name CVE-2021-20236 First vendor Publication 2021-05-28 Vendor Cve Last vendor Modification 2021-05-28 Security-Database Scoring CVSS v3 Cvss vector : N/A Overall CVSS Score NA Base Score NA Environmental Score NA impact SubScore NA…

US announces new security directive after critical pipeline hack

US announces new security directive after critical pipeline hack

The US Department of Homeland Security (DHS) has announced new pipeline cybersecurity requirements after the largest fuel pipeline in the United States was forced to shut down operations in early May following a ransomware attack. The new security directive requires critical pipeline owners and operators to report any confirmed and potential cybersecurity incidents to the Cybersecurity and Infrastructure Security…

Pulse Connect Secure VPNs Still Under Attack

Pulse Connect Secure VPNs Still Under Attack

Fraud Management & Cybercrime , Fraud Risk Management , Governance & Risk Management FireEye: Attackers Using New Malware and Procedures Doug Olenick (DougOlenick) • May 28, 2021     Two China-linked threat groups are still exploiting unpatched flaws in Ivanti’s Pulse Connect Secure VPN products, using additional malware variants to support cyberespionage, FireEye’s Mandiant Threat…

FBI to Share Compromised Passwords with Have I Been Pwned

FBI to Share Compromised Passwords with Have I Been Pwned

Governance & Risk Management , Identity & Access Management , IT Risk Management Will Help Prevent Users From Reusing Risky Passwords Jeremy Kirk (jeremy_kirk) • May 28, 2021     The FBI will soon begin sharing hashes of compromised passwords found in the course of its cybercrime investigations with Have I Been Pwned, the data…