{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


linkedin facebook twitter instagram
We don't know if Iran will use cyberattacks to avenge the death of Gen. Qassem Soleimani, but it didn't take long for a new hashtag promising payback to take off. Meanwhile, the U.S. military banned TikTok, and the FBI is warning companies about Maze ransomware. Here's all that, and everything else you might have missed during the holiday break. This is CyberScoop for Monday, January 6.

Soleimani's death triggers Twitter propaganda

Twitter accounts claiming to be located in Iran and throughout the Middle East pushed out many thousands of tweets under a handful of hashtags, such as #HardRevenge and #DeathToAmerica, promising payback against the U.S. for President Donald Trump’s order to kill Iranian general Qassem Soleimani. The #HardRevenge hashtag was included in 95,000 tweets between Jan. 1 and Jan. 3, according to Kanishk Karan, a researcher at the Atlantic Council’s Digital Forensics Research Lab. There were zero mentions in all of December 2019, he added. Jeff Stone has more context.

A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.

Understanding Iran's cyber capabilities

Iran could tap its hacking capabilities, much matured in recent years, as part of a campaign to avenge the U.S. assassination of its top general. Iranian hackers have a penchant for data-wiping attacks and a recent interest in targeting industrial control systems. Experts told CyberScoop there are pros and cons to Iran responding to Soleimani’s killing in cyberspace, though. On the one hand, it is an asymmetrical option short of war. On the other, it is not the unambiguous response that Iran craves right now, they said. Sean Lyngaas and Shannon Vavra had the story.

The military's about-face on TikTok

Back in November, the U.S. Army was using the video-sharing app TikTok to recruit new personnel. Then, on Dec. 30, an Army spokeswoman told reporters the app, used by some 1.3 billion people, includes "potential security risks associated with its use," and it's not allowed on any government-issued phones (the Defense Department, Navy and Marines all banned TikTok already).The Coast Guard and Air Force have followed suit, the Wall Street Journal reported. The bans are based on concerns that TikTok's parent company, ByteDance, may be forced to share users' personal data, like their location and movements, with the Chinese government. Jeff has more on the decision.

FBI warns companies about Maze ransomware

The FBI is warning U.S. companies about a series of recent ransomware attacks in which the perpetrator, sometimes posing as a government agency, steals data and then encrypts it to further extort victims. In a December advisory to the private sector, the FBI called for vigilance to combat the so-called Maze ransomware, which the bureau said began hitting U.S. organizations in November. “From its initial observation, Maze used multiple methods for intrusion, including the creation of malicious look-a-like cryptocurrency sites and malspam campaigns impersonating government agencies and well-known security vendors,” it says. Sean has the alert.

Microsoft scrubs 50 sites used by North Korean hackers

Microsoft announced last week it won a court order allowing it to take over 50 websites that a hacking group Microsoft refers to as Thallium (also known as APT37, or Reaper) has used as part of a campaign to steal sensitive data. Thallium would send phishing emails which directed would-be victims to malicious websites, where they would be prompted to enter their username and password. A successful effort would provide Thallium access to victimized account data including messages, contact lists and appointments. This effort marks the fourth time Microsoft has used U.S. courts to sink nation-state hacking infrastructure. Jeff has the details.

Ryuk ransomware clean-up forced maritime facility offline for 30 hours

The incident resulted in the disruption of “the entire corporate IT network,” and difficulties for camera and physical access controls, among other tasks, according to a Coast Guard advisory. The facility shut down its primary operations for 30 hours while incident responders reacted to the situation. This bulletin came five months after the Coast Guard encouraged mariners to focus on basic cybersecurity measures after a ship headed toward the Port of New York and New Jersey endured a “significant” cyber incident. Since then, the Coast Guard has simulated cyberattacks against critical trading hubs, using military personnel to ferret out malware that, if real, could have disabled key functionalities at a seaport. Jeff has the bulletin.

A post-Christmas reminder

A critical vulnerability was announced in Citrix’s Application Delivery Controller (ADC) and Gateway products that could give attackers unauthorized access to enterprise networks as well as the ability to run code on them. The company says the vulnerability spans several years’ worth of Citrix technology, impacting Citrix ADC and Citrix Gateway 13.0, 12.1, 12.0, 11.1, and 10.5. Citrix says customers should follow the company's stopgap mitigation, which blocks certain SSL VPN requests. It will be pushing a firmware update for the appliance to fully fix the issue, though there is no date for when that will be issued. Greg Otto has the full story.

Tweet Of The Day


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}