Don’t sell your cybersecurity incident short.

That’s the lesson from the Securities and Exchange Commission (SEC)’s late October announcement of charges (and settlements) with four companies—Unisys, Avaya, Check Point, and Mimecast. Following impacts from the 2019–2020 compromise of SolarWinds’s Orion software, the four vendors, according to the agency, made “materially misleading disclosures regarding cybersecurity risks and intrusions.”

Each “negligently minimized its cybersecurity incident in its public disclosures,” the SEC said in an Oct. 22 announcement:

• Unisys, the commission said, had “deficient disclosure controls” and described its cyber risks as hypothetical “despite knowing that it had experienced two SolarWinds-related intrusions involving exfiltration of gigabytes of data.”
• For Avaya, the SEC disputed a threat actor’s access to what the company called a “limited number of [the] Company’s email messages.”
• The SEC claims Check Point described its cyber intrusions in “generic terms.”
• The commission charged Mimecast with minimizing the attack “by failing to disclose the nature of the code the threat actor exfiltrated and the quantity of encrypted credentials the threat actor accessed.”

When reached for comment, Unisys, Avaya, Check Point, and Mimecast each sent paragraph-long statements to IT Brew via representatives emphasizing, in part, their voluntary and extensive cooperation with the SEC and desire to better serve their customers. SolarWinds stated it is not part of the proceedings and had no further comment.

Read the rest here.—BH

For some, taking on the inaugural role of CIO at one of the country’s oldest manufacturing companies might appear daunting. However, when Chuck Scharnagle was given the opportunity with Revere Copper Products, a more than 200-year-old employee-owned copper manufacturing company, he was ready for the challenge.

“I came in and suddenly I’m blowing the place up,” Scharnagle said. “Instead of, ‘Let’s use Scotch tape to make that machine keep working,’ it was, ‘No, we need to replace the machine because we don’t have time to keep working on it.’”

New sheriff in town. One of Scharnagle’s first priorities when joining Revere was revamping the Rome, New York-based manufacturing company’s infrastructure, which he said was largely outdated.

“We had an AS/400 that was probably 14 years old,” he said. “You could literally sit in the room beside it and hear the blade spinning up on it and [you would wonder] is today the day that it’s going to die?”

For Scharnagle—who has had stints at the government of the Mohegan Tribe, Fruit of the Loom, and Black+Decker—those efforts quickly paid off. By the following summer, Revere had all new infrastructure in place and experienced a significant decrease in failures since his arrival.

Read more here.—BM

Rolling in the deep.

That’s the warning from BlackBerry. The smartphone maker-turned-enterprise software company announced on Nov. 12 that it had uncovered a new framework in LightSpy, a malware campaign allegedly connected to Chinese cybercrime group APT41.

“Despite facing indictments from the US Department of Justice and ongoing FBI investigations, APT41 is intensifying its espionage activities, now deploying the advanced DeepData framework to monitor widely used communication tools​ such as WhatsApp and Signal on compromised devices,” BlackBerry VP of Threat Research and Intelligence Ismael Valenzuela told IT Brew in an email. “The group continues to target high-value political activists, politicians, and journalists.”

Played to the beat. The new DeepData tool is a “a modular Windows-based surveillance framework that significantly broadens their espionage capabilities,” BlackBerry researchers wrote.

LightSpy utilizes malware plugins to infiltrate systems and obtain user data. DeepData is the latest in the software’s toolkit deployment and appears to present an escalation in capabilities for the technology.

For LightSpy users, DeepData represents a potential attack vector they can use to exploit VPNs and other more secure communication systems. Volexity researchers discovered that Fortinet’s Windows VPN client was breached through a zero-day attack utilizing DeepData.

Keep reading here.—EH