CISA releases Supplemental Direction on Emergency Directive for Microsoft Exchange Server Vulnerabilities
As of March 31, the Cybersecurity and Infrastructure Protection Agency (CISA) has issued supplemental direction to Emergency Directive (ED) 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities providing additional forensic triage and server hardening, requirements for federal agencies. Specifically, this update directs federal departments and agencies to run newly developed tools —Microsoft’s Test-ProxyLogon.ps1 script and Safety Scanner MSERT—to investigate whether their Microsoft Exchange Servers have been compromised.
Although the Emergency Directive only applies to Federal Civilian Executive Branch agencies, CISA encourages state and local governments, critical infrastructure entities, and other private sector organizations to review the supplemental direction and the following resources for additional information:
(Source: CISA)
States enact safe harbor laws against cyberattacks, but demand adoption of cybersecurity frameworks
Connecticut might soon follow Ohio and Utah by enacting a law that offers liability protection against ransomware and other cyberattacks, but only if victims follow security best practices.
While sophisticated ransomware and nation-state threat actors target US critical infrastructure, the only protection most organizations have against these attacks is tight and effective cybersecurity. These attacks have drawn government attention and sparked calls for liability protection against malicious intrusions. If organizations want this protection, however, lawmakers say they need to step up their game to implement better cybersecurity practices.
Against the backdrop of this heightened federal-level focus, a number of states have quietly moved forward with their own liability exemption measures that seek to boost best cybersecurity practices. These states have enacted laws that incentivize the adoption of robust and thorough industry-leading cybersecurity frameworks and recommendations such as the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework or the Center for Internet Security’s (CIS) Critical Security Controls by making them requirements for obtaining liability protections.
(Source: CSO Online)
North Korean hackers expand targeting of security community
A North Korean espionage campaign targeting security researchers has taken another turn with the creation of a new fake company, website and social media accounts to lure victims, according to Google.
The tech giant’s Threat Analysis Group (TAG) first discovered the campaign back in January. At the time, the threat group launched a research blog which it posted links to via fake social media profiles on LinkedIn, Twitter and Keybase. It then approached researchers in the cybersecurity community, asking if they wanted to collaborate on projects. They would either be sent backdoor malware or pointed to a blog site seeded with malware. However, in mid-March, TAG analysts observed the group had launched a fake security company, ‘SecuriElite,’ with its own website.
Alongside the website, the North Korean group has created some more fake social media profiles related to both security researchers and non-existent recruiters for AV companies. One is misspelled “Trend Macro” rather than the legitimate firm Trend Micro.
Although the fake security company site as yet is not serving up malware to those who visit it, the group itself means business, Google warned.
(Source: Infosecurity Magazine)
A ransomware gang is asking victims’ customers to aid in extortion efforts
The Clop ransomware crew is reportedly using a surprising new tactic in which they ask customers of the breached company for extortion help. The sophisticated hacking group has been linked to high-profile hacks, most recently the Accellion File Transfer appliances compromise. Like most other cyber-criminal groups, Clop steals data from its victims to pressure them into paying ransom demands, threatening to release the sensitive data if the money isn’t fronted.
More recently, Clop has been approaching victims’ C-level executives directly.
(Source: OODA Loop)
|
