Cybersecurity News & Trends – 05-07-21

By

This week’s news was full of attacks on government — including the Alaskan state government, the Belgian federal government and the U.S. Agency for Global Media.


SonicWall in the News

SonicWall capture ATP aces latest ICSA Lab test, finds more malware — The Evolving Enterprise

  • After 35 days of testing and 1,741 total tests, the multi-engine SonicWall Capture ATP sandbox service with RTDMI received a perfect score in the latest ICSA Labs Advanced Threat Defense test.

Video: 10 Minute IT Jams – SonicWall manager dissects zero trust security — Security Brief Asia

  • SonicWall Head of Presales for APAC Yuvraj Pradhan discusses the importance of zero-trust and its role in the future of cybersecurity.

Industry News

Belgian government, parliament, colleges hit by cyberattack — The Washington Times

  • The company providing internet services for Belgium’s parliament, government agencies, universities and scientific institutions announced that its network was under cyberattack.

CISA used new subpoena power to contact US companies vulnerable to hacking — Cyberscoop

  • The Department of Homeland Security’s cybersecurity agency used a new subpoena power for the first time to contact at least one U.S. internet service provider with customers whose software is vulnerable to hacking.

New Spectre attack once again sends Intel and AMD scrambling for a fix — Ars Technica

  • A new transient execution variant is the first exploit micro-ops caches.

Panda Stealer dropped in Excel files, spreads through Discord to steal user cryptocurrency — ZDNet

  • The malware hones in on cryptocurrency funds as well as VPN credentials.

U.S. Agency for Global Media data breach caused by a phishing attack — Bleeping Computer

  • The U.S. Agency for Global Media (USAGM) has disclosed a data breach that exposed the personal information of current and former employees and their beneficiaries.

Alaska Court System briefly forced offline amid cyber threat — The Washington Times

  • The Alaska court system has temporarily disconnected most of its operations from the internet after a cybersecurity threat on Saturday, including attacks on its website and the removal of the ability to look up court records.

TurgenSec finds 345,000 files from Filipino solicitor-general’s office were breached — ZDNet

  • Sensitive documents from the solicitor-general of the Philippines, including information on ongoing legal cases and passwords, were breached and made publicly available online, a UK security firm has said.

Digital Dollar Project to launch five U.S. central bank digital currency pilots — The Wall Street Journal

  • The U.S. nonprofit Digital Dollar Project said on Monday it will launch five pilot programs over the next 12 months to test the potential uses of a U.S. central bank digital currency, the first effort of its kind in the United States.

NSA Issues Guidance on Securing IT-OT Connectivity — Security Week

  • The NSA’s advisory, “Stop Malicious Cyber Activity Against Connected Operational Technology,” addresses the Department of Defense, national security system and defense industrial base organizations — but the recommendations can be useful to any industrial company.

Pulse Secure fixes VPN zero-day used to hack high-value targets — Bleeping Computer

  • Pulse Secure has fixed a zero-day vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance that is being actively exploited to compromise the internal networks of defense firms and government agencies.

New Buer Malware Downloader Rewritten in E-Z Rust Language — Threat Post

  • It’s coming in emails disguised as DHL Support shipping notices and is apparently getting prepped for leasing on the underground.

Codecov starts notifying customers affected by supply-chain attack — Cyberscoop

  • Codecov has started notifying the maintainers of software repositories, via both email and the Codecov application interface, that the company believes the affected repositories were downloaded by threat actors.

US prosecutors fine German software company for violating sanctions against Iran — The Hill

  • Software giant SAP SE agreed to pay over $8 million as part of the resolution with the Department of Justice, Commerce Department and Treasury Department, authorities said.

Researchers find two dozen bugs in software used in medical and industrial devices — Cyberscoop

  • Microsoft researchers have discovered some two dozen vulnerabilities in software embedded in popular medical and industrial devices that an attacker could use to breach those devices, and in some cases cause them to crash.

In Case You Missed It

Amber Wolff
Senior Digital Copywriter | SonicWall
Amber Wolff is the Senior Digital Copywriter for SonicWall. Prior to joining the SonicWall team, Amber was a cybersecurity blogger and content creator, covering a wide variety of products and topics surrounding enterprise security. She spent the earlier part of her career in advertising, where she wrote and edited for a number of national clients.