US Postal Service’s “Internet Covert Operations Program.” GCHQ warns against Chinese tech. Tapping cables.

Attacks, Threats, and Vulnerabilities

Palestinian Hackers Tricked Victims Into Installing iOS Spyware (Wired) The groups used social engineering techniques on Facebook to direct targets to a wide range of malware, including custom tools.

New Qlocker ransomware is hitting hundreds of QNAP NAS devices per day (The Record by Recorded Future) A new ransomware strain named Qlocker is on a rampage and infecting hundreds of QNAP network-attached storage (NAS) devices every day, taking over hard drives, moving users’ files inside password-protected 7zip archives, and asking for a $550 ransom payment.

Attackers can hide ‘external sender’ email warnings with HTML and CSS (BleepingComputer) The “external sender” warnings shown to email recipients by clients like Microsoft Outlook can be hidden by the sender, as demonstrated by a researcher. Turns out, all it takes for attackers to alter the “external sender” warning, or remove it altogether from emails is just a few lines of HTML and CSS code.

AV Under Attack: Trend Micro Confirms Apex One Exploitation (SecurityWeek) Trend Micro confirms attackers are exploiting a critical security vulnerability (CVE-2020-24557) in its Apex One, Apex One as a Service, and OfficeScan product lines.

Chinese group attacking US government agencies through Pulse Secure (Computing) The threat actors are ‘very advanced’ in evading detection, according to security experts

Hackers Exploit SolarWinds, Pulse Secure For Credential Theft: Feds (CRN) A sophisticated hacking syndicate took advantage of Pulse Secure and a second SolarWinds Orion vulnerability for nearly a year to steal credentials, federal officials said.

Research Uncovers New Command Servers Used in SolarWinds Campaign
(Zero Day) Researchers at RiskIQ have discovered 18 additional command servers used in the hacking campaign, which may help identify more victims. They also spotted mysterious server activity in February 2020.

SolarWinds hack analysis reveals 56% boost in command server footprint (ZDNet) Researchers say newly identified targets are likely.

CISA Ties SUPERNOVA Malware to Pulse Secure, SolarWinds Exploits (HealthITSecurity) DHS CISA sheds light on SOLARWINDS malware variant, which has been tied to vulnerabilities in SolarWinds Orion and Pulse Secure VPNS. The report details the threat actor’s tactics.

The Logistics Supply Chain is Being Targeted by Both Cybercriminals and Nation States (SecurityWeek) A new report highlights that the logistics industry is not only susceptible to cyberattacks, it is already in the sights of the attackers.

APT Abuses Pulse Secure, SolarWinds Appliances at the Same Organization (SecurityWeek) The U.S. government’s CISA has identified a cyber-attack in which both a Pulse Secure VPN appliance and the SolarWinds Orion platform were abused for malicious purposes.

A New Facebook Bug Exposes Millions of Email Addresses (Wired) A recently discovered vulnerability discloses user email addresses even when they’re set to private.

Mount Locker Ransomware Steps up Counter-IR Capabilities, Hindering Efforts for Detection, Response and Investigation (GuidePoint Security) Over the past six weeks, GuidePoint Security threat researchers have noted a change in the tactics used by Mount Locker ransomware seen in recent engagements.

REvil’s Big Apple Ransomware Gambit Looks to Pay Off (Threatpost) The notorious cybercrime gang could make out whether or not Apple pays the $50 million ransom.

Joker Malware Targets More Android Devices (BankInfo Security) Joker malware has targeted more than 500,000 Android devices across the world through malicious apps in AppGallery, the official app store of Huawei, according to

Threat Thursday: Cuba Ransomware (Blackberry) The Cuba ransomware variant first appeared in mid-2020 and made the headlines recently due to its attack on the company known as American Funds Transfer Services (ATFS).

Bourbon confirms cyber attack (Splash247) French offshore vessel owner and services provider Bourbon has confirmed it has become the target of a cyber attack that affected its company-wide computer network earlier this month. Bourbon VP for communication Christelle Loisel said that the cyber attack was detected on Bourbons’s information system on April 9, 2021, with security measures immediately taken to …

Inside the Cyber Attack “Machine”: What Hospitals Need to Know about the Dark Web and Post-Pandemic Threats (CPO Magazine) The pandemic has created formidable challenges for industries across the board – but none more so than healthcare.

Bugs Allowed Hackers to Dox John Deere Tractor Owners (Vice) A security researcher found two bugs that allowed him to find customers who had purchased John Deere tractors or equipment.

Costco Issues Scam Warning (Infosecurity Magazine) Membership-only big-box wholesaler tells Americans to be wary of 14 digital scams

Security Patches, Mitigations, and Software Updates

QNAP removes backdoor account in NAS backup, disaster recovery app (BleepingComputer) QNAP has addressed a critical vulnerability allowing attackers to log into QNAP NAS (network-attached storage) devices using hardcoded credentials.

Horner Automation Cscape (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 8.4
ATTENTION: Low attack complexity
Vendor: Horner Automation
Equipment: Cscape
Vulnerabilities: Improper Input Validation, Improper Access Controls

Successful exploitation of these vulnerabilities may allow code execution in the context of the current process or locally escalate privileges.

Mitsubishi Electric GOT (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 5.9
ATTENTION: Exploitable remotely
Vendor: Mitsubishi Electric
Equipment: GOT
Vulnerability: Improper Authentication

Successful exploitation of this vulnerability may allow an attacker to gain unauthorized access.

Big Takeaways from the Juniper Networks Global Summit (Channel Futures) From technology such as automation and SD-WAN, to how software is changing business strategy, here’s what came out of the Juniper Networks Global Summit.

Why Ransomware Is Making Our Healthcare Worse (Morphisec) For healthcare the impact of ransomware does not quickly fade. That’s according to Morphisec’s 2021 Consumer Healthcare Cybersecurity Threat Index

Cyber security spending heading for $200 billion a year — Bloomberg (Information Age) A new Bloomberg Intelligence (BI) report has found that spending on cyber security is set to exceed $200 billion a year by 2024


Fraud prevention platform Sift raises $50M at over $1B valuation, eyes acquisitions (TechCrunch) With the increase of digital transacting over the past year, cybercriminals have been having a field day. In 2020, complaints of suspected internet crime surged by 61%, to 791,790, according to the FBI’s 2020 Internet Crime Report. Those crimes — ranging from personal and corporate data breac…

Why Did Dell Spin-Off VMware? (Analytics India Magazine) The Chairman and chief executive officer of Dell Technologies, Michael Dell, will continue to remain the chairman of the VMware board.

Deep North Secures Department of Homeland Security Award To Provide Video Analytics for Transportation Security Administration Checkpoint Screenings (PR Newswire) Deep North, a pioneer in computer vision and artificial intelligence- (AI-) powered video analytics, has been selected by the Department of…

SailPoint joins The Investment Association to tackle cyber crime (Finextra Research) SailPoint Technologies Holdings, Inc. (NYSE: SAIL), leader in enterprise identity security, announced today that it has become a member of The Investment Association, the trade body representing investment managers and asset management firms in the UK.

Digital Guardian Appoints Security Industry Veteran Richard Orange as EMEA Sales VP (Digital Guardian) Former Forescout Executive to Lead EMEA Expansion Amid Surge in Buyer Demand for Data Loss Prevention

RSA Announces Key Executive Hires to Accelerate Fraud & Risk Intelligence Business (BusinessWire) RSA today announced Armen Najarian, Leah Evanski, and Dan Welch as three new additions to the Fraud & Risk Intelligence executive team.

Products, Services, and Solutions

CrowdStrike Security Cloud Integrates with Network Detection and Response Solutions For Comprehensive Platform Responses to Threats (CrowdStrike) CrowdStrike announced today a series of integrations with CrowdStrike Security Cloud for greater end-to-end visibility and contextual insights to combat threats.

Evalian earn CREST accreditation for penetration testing services (Evalian) Evalian has recently achieved globally recognised CREST accreditation for our penetration testing services.

Better detection from endpoint to network: IronNet partners with CrowdStrike (IronNet) IronNet partners with Crowdstrike to deliver advanced detection and Collective Defense across endpoints and networks to increases visibility of attacks.

SecurityScorecard to Offer Comprehensive Cybersecurity Ratings and Remediation Intelligence to Users of EY BRETA Platform (PR Newswire) SecurityScorecard, a global leader in cybersecurity ratings, has announced that it will start providing users of EY BRETA (Business…

Technologies, Techniques, and Standards

Silent guardians of the telecoms universe (Techerati) The gap in thinking between cyber security and physical security in communications and data asset management is closing.

Securing Privileged Access: The New Cyber Security “Perimeter” (Thycotic) The Definitive Guide to Securing Privileged Access explains the fast-evolving landscape of privileged access and how to meet its challenges.

Cloud Security Alliance Shines Light on Excellence in Cloud (CSA) Trusted Cloud Provider program allows organizations to demonstrate commitment to holistic security

Stanford student finds glitch in ransomware payment system to save victims $27,000 (CyberScoop) The hackers behind a nascent strain of ransomware hit a snag this week when a security researcher found a flaw in the payment system and, he says, helped victims save $27,000 in potential losses.

STRATCOM Head Tells Hill He’s ‘Confident’ In NC3 Cybersecurity (Breaking Defense) “If you try to life-extend a weapon system that was built before the invention of the Internet, and then turn around and ask me why it’s not cyber-secure — I don’t know how,” Adm. Charles Richard told SASC today.

Design and Innovation

Understanding Phishing – Banner Effectiveness (INKY) One of INKY’s most distinguishing features is its banner system. In this guide, we’ll discuss effectiveness rates of banners on emails to prevent phishing.

Research and Development

Linux team in public bust-up over fake “patches” to introduce bugs (Naked Security) Embarrassed overreaction or righteous indignation? An academic research group has provoked the Linux crew to ban their whole university!


Purdue researchers join Rolls-Royce, Carnegie Mellon network to create cyber-resilient systems (Purdue University) Proposed research at Purdue University is developing innovative solutions using artificial intelligence to enhance the security of current and future Rolls-Royce platforms powered by the company’s propulsion systems.

New Virginia Workforce Program Launched for COVID-19 Impacted Residents (VA Cyber Skills Academies) VA Cyber Skills Academies Open to Reskill and Upskill Individuals Economically Impacted for Cybersecurity Jobs

Legislation, Policy, and Regulation

Current International Law Is Not an Adequate Regime for Cyberspace (Lawfare) States will struggle to find cyber relevance in international law until new instruments of international law—or adaptations of current law—account for the core features of the cyber strategic environment.

GCHQ chief warns of tech ‘moment of reckoning’ (BBC News) As our cities become smarter, the West must rely less on Chinese tech, UK intelligence chief warns.

China could ‘control the global operating system’ of tech, warns UK spy chief (ZDNet) The head of the UK’s intelligence service warns that the West must be prepared to face a world where technology is developed and controlled by states with ‘illiberal values’ – and to set up cyber defences accordingly.

West faces ‘moment of reckoning’ in cybersecurity, claims GCHQ head (CRN) Jeremy Fleming believes Britain must adapt to face global threats and calls for ‘whole nation approach’

Russia to pull back troops from Crimea and Ukraine border (the Guardian) Defence minister announces decision after military buildup led to fears of possible invasion

Russia orders troop pullback but keeps weapons near Ukraine (Military Times) The U.S. and NATO have said the Russian buildup near Ukraine was the largest since 2014, when Russia annexed Crimea.

The Cybersecurity 202: Biden’s pick for White House cyber director wants to see better relationship building with the private sector (Washington Post) Cybersecurity experts stressed at a summit yesterday the urgency of ensuring that federal agencies and the private sector can effectively collaborate in taking on hackers.

Cyber Agency Wants Law to Improve Private Sector Data Sharing (Bloomberg Law) The government needs legislation to encourage the private sector to share its information about cyber vulnerabilities, the acting head of the Cybersecurity and Infrastructure Security Agency said Thursday.

Mark Montgomery: Cyber Intell Sharing Requirements for Defense Suppliers May ‘Kick Into Effect’ (Executive Gov) Mark Montgomery, executive director of the Cyberspace Solarium Commission (CSC), said he believes th

Existing Agency Threat Hunters Welcome CISA’s New Authorities  (Nextgov) For the Department of Education, proactive threat hunting means not just taking down questionable URLs but buying them up.

Litigation, Investigation, and Law Enforcement

Interpol joins fight against tech-enabled abuse (IT-Online) The International Criminal Police Organisation (Interpol) is set to enhance the ability of the global law enforcement community by allowing them to investigate the use of stalkerware, and support victims who require assistance. Monitoring someone through their phone or computer is a form of violence and causes considerable fear for victims. As such, ‘stalkerware’ – […]

The Postal Service is running a ‘covert operations program’ that monitors Americans’ social media posts (Yahoo) The law enforcement arm of the U.S. Postal Service has been quietly running a program that tracks and collects Americans’ social media posts, including those about planned protests, according to a document obtained by Yahoo News.

Outcry over US Postal Service reportedly tracking social media posts (the Guardian) Report obtained by Yahoo says USPS surveilling via covert program social media activity it describes as ‘inflammatory’

How a Chinese Surveillance Broker Became Oracle’s “Partner of the Year” (The Intercept) A network of local resellers helps funnel Oracle technology to the police and military in China.

Facebook Knows It Was Used To Help Incite The Capitol Insurrection (BuzzFeed News) An internal task force found that Facebook failed to take appropriate action against the Stop the Steal movement ahead of the Jan. 6 Capitol insurrection, and hoped the company could “do better next time.”

Supreme Court Clips FTC’s Power to Police Privacy Violations (Wall Street Journal) The Federal Trade Commission could find it more costly to go after companies that violate privacy rules.

Supreme Court Slashes FTC’s Power to Seek Monetary Awards (Bloomberg) The U.S. Supreme Court slashed the Federal Trade Commission’s power to seek monetary awards in court, throwing out a legal tool the consumer-protection agency has used to collect billions of dollars over the past decade.

‘The Supreme Court ruled in favor of scam artists,’ FTC chief says after justices gut agency’s powers (POLITICO) In a 9-0 ruling, the justices said the Federal Trade Commission cannot force companies that engage in wrongdoing to pay restitution to consumers.

Hertfordshire second worst area in UK for cybercrime (Watford Observer) Hertfordshire is one of the worst affected areas for cybercrime, a new study has revealed.