Attacks, Threats, and Vulnerabilities
‘Ferocious Kitten’: the cyberspies preying on Iranian web users (France 24) For years “Ferocious Kitten” has been harvesting information from Iranian web users, while remaining undetected by cybersecurity firms. Its espionage tools are ideally suited for domestic surveillanc…
Russian hackers breached Dutch police systems during MH17 probe (Computing) The hack was uncovered after the Dutch intelligence service noticed a police IP address communicating with malicious servers
Fake DarkSide Campaign Targets Energy and Food Sectors (Trend Micro) Threat actors behind a recent campaign pose as DarkSide in a bid to deceive targets into paying ransom.
China unit targets Indian telcos, firms in cyber espionage (Hindustan Times) In March 2021, the Indian Computer Emergency Response Team (Cert-IN) said it found signs of China-linked cyber actors conducting an espionage campaign against the Indian transportation sector.
Puzzling New Malware Blocks Access to Piracy Sites (Infosecurity Magazine) Newly discovered threat could be the work of an anti-piracy vigilante
Malware-packed pirated games infected millions of PCs, stealing data and hijacking webcams to photograph users (TechSpot) NordLocker writes that a hacking group revealed the location of a database containing the stolen data by accident. Security researchers then analyzed the information in partnership with...
Threat Thursday: FluBot - Android Spam is Malware in Disguise (BlackBerry) FluBot is an Android™ malware that disguises itself as a delivery notification. This threat has SMS spamming and information-stealing capabilities: once installed on an Android device it will go after victims’ banking credentials.
Certified Pre-Owned (Medium) Active Directory Certificate Services has a lot of attack potential!
Carnival Cruise hit by data breach, warns of data misuse risk (BleepingComputer) Carnival Corporation, the world's largest cruise ship operator, has disclosed a data breach after attackers breached some email accounts and accessed personal, financial, and health information belonging to customers, employees, and crew.
Wegmans reports possible breach of customer data (Rochester Democrat and Chronicle) Customer names, addresses, phone numbers, birth dates and Wegmans.com passwords may have been exposed. What you can do.
Cyberattack shuts down computers at Savannah's largest hospital system (Savannah Morning News) The computer systems at St. Joseph's/Candler experienced an outage Thursday.
Fake Ledger devices mailed out in attempt to steal from... (HOTforSecurity) In December last year, we reported how the email and mailing addresses of some 270,000 Ledger customers had been published on a hacking forum following a data breach. At the time we warned users of the hardware cryptocurrency wallet to watch out for phishing scams that might attempt to steal...
Ledger Users Receive Fake Devices in New Phishing Scam (Securities.io) Navigating the world of digital assets can some times be a dangerous feat. In addition to dealing with volatility and a continually rising tide of projects suspect in quality, there are a plethora of scams that take place. Popular hardware wallet maker, Ledger, has just seen its users become victims of one such scam, through the unsanctioned distribution of fake devices.
Cyberium Domain Targets Tenda Routers in Botnet Campaign (GovInfoSecurity) Malware hosting domain Cyberium has spread multiple Mirai variants, including one that targeted vulnerable Tenda routers as part of a botnet campaign, AT&T Alien
Virgin, Westpac, ANZ, CommBank hit by widespread net outages (CRN Australia) Due to an Akamai Technologies systems issue.
Hackers Will Not Only Take Your Money, They Could Also Take Your Patients’ Lives (JD Supra) Go to just about any news site today and there is probably a new story about a data breach that costs a company millions of dollars. ...
Dealing with the challenge of beg bounties (ComputerWeekly.com) The rise of so-called beg bounties is becoming a challenge for security teams, and can be a drain on time and resources. But what is a beg bounty, you may ask, and how does it differ from a bug bounty?
Out of Office risks: Vacations and cybersecurity (AwareGO) There are certain Out of Office risks and cybersecurity issues that we need to keep in mind when we go on vacation.
Quick Heal detects 8 new apps infected by Joker spyware on Play Store (InfotechLead) Cybersecurity firm Quick Heal Technologies said that it detected a new batch of 8 Joker malware-laced apps
Cyber crooks target Amazon Prime users ahead of retail bonanza (ComputerWeekly) A surge in malicious domain registrations ahead of Amazon Prime Day indicates cyber criminals have set their sights on exploiting vulnerable shoppers.
Check Point Research warns of a surge in malicious activity around Amazon Prime Day (Security Brief) Researchers warn of increased cybercrime on and around Amazon Prime Day 2021 as malicious activity surges.
Akamai apologises after outage left Australia's major banks and airline systems offline (ZDNet) A cyber attack was not the cause behind an Akamai outage that took down the systems of Commonwealth Bank of Australia, Australia Post, and Virgin Australia.
Hiccup in Akamai’s DDoS Mitigation Service Triggers Massive String of Outages (Threatpost) An hour-long outage impacting airlines, banks and Hong Kong Stock exchange is believed to be caused by a service designed to protect against outages tied to distributed denial of service attacks.
You had one job: Akamai's Prolexic Denial-of-Service protection system fingered after users in Australia denied, er, services (Register) Major banks, websites, gaming services, and more taken down
UnitingCare Queensland restores IT systems after cyber attack (ComputerWeekly) Australian healthcare service provider has restored key corporate systems and integrations between applications following a cyber attack earlier this year.
Security Patches, Mitigations, and Software Updates
Microsoft no longer offers Windows 7 drivers via Windows Update (BleepingComputer) Microsoft says it no longer offers drivers for Windows 7 and Windows Server 2008 systems through Windows Update starting today.
Schneider Electric Enerlin'X Com’X 510 (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Schneider Electric
Equipment: Enerlin'X Com’X 510
Vulnerability: Improper Privilege Management
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow elevation of privileges, which could result in unintended disclosure of device configuration information to any authenticated user.
Softing OPC-UA C++ SDK (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Softing
Equipment: OPC-UA C++ SDK
Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer
2. RISK EVALUATION
A remote attacker may be able to crash the device, resulting in a denial-of-service condition.
Advantech WebAccess/SCADA (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Advantech
Equipment: WebAccess/SCADA
Vulnerabilities: Open Redirect, Relative Path Traversal
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to read files outside the intended directory or redirect a user to a malicious webpage.
WAGO M&M Software fdtCONTAINER (Update C) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.3
ATTENTION: Low skill level to exploit
Vendor: M&M Software GmbH, a subsidiary of WAGO Kontakttechnik
Equipment: fdtCONTAINER
Vulnerability: Deserialization of Untrusted Data
2.
Rockwell Automation ISaGRAF5 Runtime (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.1
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Rockwell Automation
Equipment: ISaGRAF5 Runtime
Vulnerabilities: Use of Hard-coded Cryptographic Key, Unprotected Storage of Credentials, Relative Path Traversal, Uncontrolled Search Path Element, Cleartext Transmission of Sensitive Information\
Trends
IBM Consumer Survey: Security Side Effects of the Pandemic (IBM) Global respondents shifted further into digital interactions during COVID-19 and are likely to continue digital-first interactions in life after the COVID-19 pandemic.
Marketplace
Ransomware claims are roiling an entire segment of the insurance industry (Washington Post) Cyber insurance carriers are raising premiums and limiting coverage in the face of severe ransomware attacks, just as organizations are clamoring for more protection
Cyber threats offer opportunity for startups as spending heats up (Crain's New York Business) Security firms have raised $9.9B globally from investors this year
Stealthbits, Now Part of Netwrix, Named to Carahsoft ITES-SW2 Contract to Support U.S. Army Enterprise Infrastructure Goals (Stealthbits Technologies) Stealthbits, Now Part of Netwrix, Named to Carahsoft ITES-SW2 Contract to Support U.S. Army Enterprise Infrastructure Goals
Navy picks 10 computer companies to provide cyber security software development and hardware engineering (Military & Aerospace Electronics) Companies to provide cyber security, software development and training, hardware engineering, network engineering and information assurance.
Amazon hackers earned $ 832,135 in just 10 days — here's how - Illinois News Today (Illinois News Today) If you think it’s a bad idea to have a hacker in your system, it’s probably because you’re conditioned to equate the hacker with a criminal. However, in reality, many cybercrimes include hacking, but not all hackers are criminals, and hacking itself is not a crime. “Hacking means finding a solution to a problem. Those …
Products, Services, and Solutions
NERC partners with Dragos on operational security, collective defense for electric sector (Utility Dive) Utilities will utilize Dragos' network defense system "Neighborhood Keeper" to share information and threat intelligence.
DigiCert Brings Next-Generation Digital Signature Trust and Remote Identity Verification to Document Signing
(DigiCert) DigiCert, Inc., announced DigiCert Document Signing Manager, a next-generation, cloud-based solution for highly secure, legally binding digital signatures for documents
eSentire Revolutionizes Incident Response Services Introducing 4-hour Remote Threat Suppression Globally (GlobeNewswire) eSentire is extending its core response capabilities deeper into the incident lifecycle as it announces the acquisition of CyFIR, further enhancing its unparalleled time to value with incremental IP and tooling for investigation and threat suppression
ConnectWise Launches Complete Backup Data Recovery Offering to Help Partners Monitor and Manage All Their Solutions (GlobeNewswire) Company also announces the first of several planned BDR integrations
Next Pathway Extends Snowpark to Allow Developers to Execute Workloads Natively in Snowflake (PR Newswire) Next Pathway Inc., the Automated Cloud Migration company, today announced that it has extended Snowpark, Snowflake's powerful developer tool, to...
NXM Unveils First PSA Compliance Platform that Simplifies Arm-based Chip Security Across the IoT Supply Chain (PR Newswire) NXM, the leader in Autonomous Security technology for connected devices, unveiled TrustStar ™, the first chip vendor agnostic platform that...
Protegrity protects kinetic data by making it worthless in the wrong hands (SiliconANGLE) The rise of ransomware attacks has heightened companies’ concerns about cybersecurity and paralyzed organizations from freely using their kinetic data to gain insights.
Akamai Technologies' fights fraud with new account protection solution (Security Brief) We're addressing this critical need with a highly sophisticated digital fingerprint approach that strengthens protection without placing additional burdens on the end user.
MS-ISAC expands member services to include Deloitte’s cyber portal (GCN) State and local governments that are members of the Multi-State Information Sharing and Analysis Center (MS-ISAC) now have free access to Deloitte’s secure online threat-intelligence platform.
Deep Instinct launches world’s highest value £2m warranty against ransomware in the UK (Business Leader) Deep Instinct, a deep learning-based cybersecurity form for predicting and preventing cyberattacks, is today announcing the world’s first combined ransomware and low false-positive warranty.
Technologies, Techniques, and Standards
NSA Releases Guidance on Securing Unified Communications and Voice and Video over IP Syste (National Security Agency | Central Security Service) NSA released a Cybersecurity Technical Report today that provides best practices and mitigations for securing Unified Communications (UC) and Voice and Video over IP (VVoIP) call-processing systems.
NSA shares guidance on securing voice, video communications (BleepingComputer) The National Security Agency (NSA) has shared mitigations and best practices that systems administrators should follow when securing Unified Communications (UC) and Voice and Video over IP (VVoIP) call-processing systems.
What We Can Learn from the Colonial Pipeline Breach (Bitglass) The May 2021 ransomware attack of Colonial Pipeline leveraged stolen credentials of an unused VPN account. Learn how the Bitglass ZTNA solution could have thwarted this attack.
Council Post: Hidden In Plain Sight: There Is No Such Thing As A Low-Risk Vulnerability (Forbes) Today's cybersecurity professionals face the most complex, sophisticated threats in history and must triage thousands of vulnerabilities across the average enterprise.
Sixty-four Percent of Businesses are Adopting or Plan to Adopt SASE in the Next Year, but Confusion Abounds Around its True Definition, Finds Global Survey (BusinessWire) Global research commissioned by Versa Networks examining the adoption of Secure Access Service Edge (SASE) by businesses during the lockdown revealed
Google Intros SLSA Framework to Enforce Supply Chain Integrity (SecurityWeek) Google unveils a new end-to-end framework to help drive the enforcement of standards and guidelines to ensuring the integrity of software artifacts throughout the software supply chain.
NIST Releases OSCAL 1.0.0 (CSRC) NIST's OSCAL 1.0.0 provides a stable release for wide-scale implementation.
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training? (Dark Reading) Consider four factors and behaviors that impact a particular employee's risk, and how security training should take them into account.
Research and Development
Bombshell Report Finds Phone Network Encryption Was Deliberately Weakened (Vice) A new paper shows that two old encryption algorithms still used in mobile networks can be exploited to spy on phones' internet traffic.
Academia
Norwich hosts Air Force JROTC virtual cyber camp with NSF grant (Vermont Business) Norwich University is proud to partner with Whatcom Community College to support the National Science Foundation and the U.S. Air Force initiative for AFJROTC Cyber Academies. Norwich will host one of the five virtual summer Cyber Academies for 20 Air Force JROTC cadets.
Legislation, Policy, and Regulation
Washington’s Dangerous New Consensus on China (Foreign Affairs) Developing a mutually beneficial relationship with China will not be easy. But we can do better than a new Cold War.
Russian lawmakers vote to force U.S. tech giants to open local offices (Reuters) Russian lawmakers passed legislation on Thursday that would oblige U.S. tech giants to open offices in Russia by January 2022 or face punitive measures, part of a push by Russia to beef up what it calls internet "sovereignty".
Takeaways From Biden-Putin 'Cyber Summit' (Voice of America) Cybersecurity experts have been poring over the transcripts from Wednesday's news conferences in Geneva to determine whether the U.S.-Russia summit will produce real progress in halting a wave of high-profile ransomware attacks.
Biden Sets Red Line for Putin Over Ransomware Attacks (SecurityWeek) US President Joe Biden delivered a stern warning Wednesday to Russian leader Vladimir Putin over ransomware attacks emanating from Russia, saying he was prepared to retaliate against any more cyber assaults on American infrastructure.
FAST THINKING: The Biden-Putin staredown (Atlantic Council) Did Biden or Putin come away with any wins? Can US-Russian relations ever be “stable and predictable,” as Biden desires?
Time for a doctrine on cyberspace defense? (The American Legion) As American citizens, businesses and government agencies come under increasingly disruptive attacks in cyberspace, a change in our approach to defending this relatively new domain is long overdue.
Putin praises kind atmosphere of summit talks with US President Biden in Switzerland (TASS) Vladimir Putin believes that they have managed to understand each other and to agree on their positions on key issues
Political Summits Signal International Focus on Ransomware (Wall Street Journal) The U.S. is discussing ransomware with its allies. “This is an issue that has been starving for political attention for a long time,” a former U.S. official said.
CYBERSECURITY: Ransomware is disrupting energy. It might get worse (E&E News) President Biden and Russian President Vladmir Putin engaged in crossfire yesterday over recent cyberattacks that shut down the Colonial pipeline and U.S. transportation infrastructure. But experts say new details about the incidents show how difficult it may be to protect the energy sector.
DoD Leaders Identify Cybersecurity as ‘Vulnerable’ Area for US (MeriTalk) The United States has some of the most significant cyber capabilities in the world, but Department of Defense (DoD) leaders today agreed that cybersecurity is an area where the United States is “vulnerable” and still has “a lot more work to do” when it comes to developing cyber capabilities.
Lawmakers Urge Private Sector to Do More on Cybersecurity (Wall Street Journal) The private sector in the U.S. must do more to defend against cyberattacks, lawmakers from both major parties stressed Thursday as several senators introduced legislation designed to target hackers.
CISA under pressure to put more teeth in cyber requirements following Colonial Pipeline attack (Federal News Network) Lawmakers are questioning whether CISA is involved enough in responding to cyber incidents and overseeing the security of critical infrastructure sectors.
Senate bill proposes requiring cyber incident notification to feds within 24 hours (CyberScoop) Senate Intelligence Chairman Mark Warner is sharing draft bipartisan legislation that would require critical infrastructure owners, cybersecurity incident response firms and federal contractors to report cyber intrusions to the Homeland Security Department within 24 hours.
Draft CISA breach notification bill (Washington Post) To ensure timely Federal Government awareness of cyber intrusions that pose a threat to national security, enable the development of a common operating picture of national-level cyber threats, and to make appropriate, actionable cyber threat information available to the relevant government and private sector entities, as well as the public, and for other purposes.
The Cybersecurity 202: The race is on to make hacked companies more accountable to government. (Washington Post) Lawmakers are taking their first stab at requiring far more companies to tell the government when they’re hacked.
Biden Cyber Plan Leaves Key Agency Underfunded, Lawmakers Say (Bloomberg Law) Cybersecurity emerged as an area of bipartisan concern Thursday as Homeland Security Secretary Alejandro Mayorkas defended the agency’s proposed budget before House lawmakers.
U.S. FCC votes to advance proposed ban on Huawei, ZTE gear (Reuters) The U.S. Federal Communications Commission voted unanimously on Thursday to advance a plan to ban approvals for equipment in U.S. telecommunications networks from Chinese companies deemed national security threats like Huawei (HWT.UL) and ZTE (000063.SZ).
EXCLUSIVE: Top cyber leader warns of ransomware 'scourge,' admits government 'needs to do more' (WYFF) CISA Acting Director Brandon Wales shares his top tips for preventing ransomware.
First White House ‘Cyber Czar’ Is Confirmed By Senate (Forbes) Chris Inglis, a former NSA official, has said the government “[may] need to step in” to regulate cybersecurity of vital industries.
After Russian cyber attack, Freeport looking to fix gaps in its computer network (Press Herald) The town manager said that officials will look into recommendations from an IT support company after a Russian ransomware attack shut down the town's network for about a week.
Litigation, Investigation, and Law Enforcement
Russian Accused of Helping Kelihos Malware Evade Detection Convicted in U.S. (SecurityWeek) A Russian national accused of helping the operator of the Kelihos botnet has been convicted in the United States.
Google Must Face Shareholders' Claims Over Delayed Disclosure Of Data Breach (MediaPost) Siding against Google, a federal appellate court has revived shareholders' claims that the company violated securities laws by failing to disclose a data breach that affected Google+ users.