Attacks, Threats, and Vulnerabilities
Chinese hackers use new SolarWinds zero-day in targeted attacks (BleepingComputer) China-based hackers actively target US defense and software companies using a vulnerability in the SolarWinds Serv-U FTP server.
Microsoft links Serv-U zero-day attacks to Chinese hacking group (The Record by Recorded Future) Microsoft said today that the recent wave of attacks that have targeted SolarWinds file transfer servers are the work of a Chinese hacking group the company has been tracking under the name of DEV-0322.
How a Small Dutch IT Company Caught Up in the Kaseya Attack Stepped Up for Customers (Wall Street Journal) In the days after the July 2 attack on software company Kaseya, employees of Dutch technology service provider VelzArt worked in shifts around the clock to repair customers’ computer systems.
REvil ransomware gang's web sites mysteriously shut down (BleepingComputer) The infrastructure and websites for the REvil ransomware operation have mysteriously gone offline as of last night.
Ransomware group REvil disappears from the internet (Engadget) The websites operated by the ransomware group REvil went down in the early hours of Tuesday..
The world’s biggest ransomware gang just disappeared from the internet (MIT Technology Review) The shutdown comes one day before US and Russian officials meet to talk about the ransomware crisis.
REvil gang vanishes from the internet (Computing) Pressure from American and Russian authorities is suspected
REvil ransomware gang's websites vanish soon after Kaseya fiasco, Uncle Sam threatens retaliation (Register) Has the US just had enough, or is it just a strategic retreat?
Russia’s most aggressive ransomware group disappeared. It’s unclear who disabled them. (New York Times) REvil, blamed for some of the most audacious attacks on the United States, suddenly cannot be found — even their negotiations with victims stopped. It is unclear if Russia or America disabled them.
Russian hacking group believed to be behind Kaseya cyber attack goes offline (TheHill) Websites on the dark web used by a criminal hacking group believed to be behind the recent massive ransomware attack on software company Kaseya went offline Tuesday.
REvil websites down after governments pressured to take action following Kaseya attack (ZDNet) Biden said last week that he expected the Russian government to "act" if given information on who and where ransomware actors are.
REvil: Ransomware gang websites disappear from internet (BBC News) The REvil group has been blamed for cyber-attacks on hundreds of businesses worldwide.
REvil Ransomware Sites Disappear After U.S. Pledges Action (MeriTalk) Websites on the dark web associated with ransomware gang REvil disappeared on July 13, according to analysts. It is not immediately clear who is responsible for the takedowns.
Websites run by notorious Russia-linked ransomware gang go offline (CityAM) Websites run by REvil, a notorious Russia-linked ransomware gang, have disappeared from the internet, according to multiple media reports. On
Analysis | The Cybersecurity 202: There are three big theories about why a major ransomware gang disappeared online (Washington Post) The REvil group dropped offline after launching the biggest ransomware attack to date and amid U.S. pressure on Russia.
Iranian hackers posed as British-based academic (BBC News) A group in Iran pretended to be a British-based academic and compromised a London university website.
Malware-infected documents found on the Kazakhstan government's portal (The Record by Recorded Future) The official website of the Kazakhstan government has hosted documents infected with malware for more than five months, since January this year.
Espionage Campaign Using Updated Variant of Bandook Spyware (GovInfoSecurity) Researchers at the security firm ESET have uncovered an ongoing espionage campaign using an updated variant of Bandook spyware to target corporate networks in
Hackers Move to Extort Gaming Giant EA (Motherboard) After trying to sell a cache of stolen data, hackers are now dumping some of the information publicly in the hopes of forcing EA to pay a ransom.
American Rescue Plan Act Lures in the Wild (DomainTools) DomainTools researchers discovered a cluster of credential harvesting sites masquerading as American Rescue Plan Act registration pages.
Etherpad 1.8.13 - Code Execution Vulnerabilities (SonarSource) We discovered two code execution vulnerabilities that affected Etherpad servers and data. Learn more about the technical details and how to avoid such coding issues.
Imperva warns of 3x bot traffic targeting bookmakers during Euro 2020 (SBC News) Data Privacy and Cybersecurity solutions provider Imperva Inc has revealed the level of security threats faced by bookmakers from bot traffic and account takeover attacks during the UEFA Euro 2020 tournament.
Euro 2020 messed with internet traffic in big and unexpected ways (TechRadar) Euro 2020 gave rise to a number of abnormal spikes in web traffic
Bitcoin and Cryptocurrency: 2021 Email Extortion Trends (GreatHorn) Cryptocurrencies have become the favored currency of extortionists. Unlike cash, they’re not completely anonymous. Learn more about top email extortion trends for 2021.
Exclusive extract: how Facebook's engineers spied on women (The Telegraph) In an exclusive extract, Sheera Frenkel and Cecilia Kang reveal how an ethos of openness meant private information could be misused
Scammers Poured Themselves a Glass and Got to Work on Wine-Themed Phishing Emails in 2020 (Security Intelligence) Phishing emails themed around wine were unusually popular in 2020. Learn how to spot this kind of scam and how organizations can protect their employees.
Fashion retailer Guess announces data breach (Security Magazine) Fashion retailer Guess recently announced a data breach, compromising 1,300 people and their information, including account numbers, debit and credit card numbers, social security numbers, access codes and personal identification numbers.
City Of Tulsa Still Recovering From May Cyberattack (NewsOn6) Mayor G.T. Bynum announced that all city services should be back up and running by mid-September following a cyberattack that hit the city of Tulsa back in May.
Security Patches, Mitigations, and Software Updates
Microsoft Patches 3 Under-Attack Windows Zero-Days (SecurityWeek) Microsoft’s Patch Tuesday bundle for July 2021 landed with a loud thud as the world’s largest software maker warns of a new wave of zero-day attacks hitting its flagship Windows operating system.
CISA Issues Emergency Directive Requiring Federal Agencies to Mitigate Windows Print Spooler Service Vulnerability (CISA) CISA Encourages All Organizations to Take Steps to Protect their Networks
SolarWinds patches zero-day exploited in the wild (CVE-2021-35211) (Help Net Security) SolarWinds releases emergency patch for CVE-2021-35211, a RCE in Serv-U Managed File Transfer and Serv-U Secure FTP exploited in the wild.
Adobe: Critical Flaws in Reader, Acrobat, Illustrator (SecurityWeek) Adobe releases patches for critical vulnerabilities in a wide range of software products, including the ever-present Adobe Acrobat and Reader application.
SAP Patches High-Risk Vulnerabilities in NetWeaver (SecurityWeek) German software maker SAP has released patches for a pair of high-severity Netweaver vulnerabilities.
Firefox 90 Adds Cross-Origin Protections, Advanced Tracker Blocker (SecurityWeek) Mozilla has released Firefox 90 with several security improvements, including better protections against cross-origin threats, as well as an advanced tracker blocking mechanism.
Researchers find big flaw in a Schneider Electric ICS system popular in building systems, utilities (CyberScoop) A vulnerability in Schneider Electric computer control systems popular in heating, air conditioning and other building systems could allow hackers to take control of them, researchers at security firm Armis warn. The remote code execution vulnerability puts millions of devices at risk, Armis said in a report out Tuesday.
Critical Vulnerability Can Be Exploited to Hack Schneider Electric's Modicon PLCs (SecurityWeek) A critical vulnerability dubbed ModiPwn can be exploited to remotely hack Schneider Electric’s Modicon PLCs.
Schneider Electric C-Bus Toolkit (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Schneider Electric
Equipment: C-Bus Toolkit
Vulnerability: Missing Authentication for Critical Function
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to enable remote access to the system.
Schneider Electric SCADApack RTU, Modicon Controllers, and Software (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.6
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Schneider Electric
Equipment: EcoStruxure Control Expert, EcoStruxure Process Expert, SCADAPack RemoteConnect x70, SCADAPack x70 RTUs, and Modicon M580 and M340 control products
Vulnerabilities: Insufficiently Protected Credentials, Authentication Bypass by Spoofing, Deserialization of Untrusted Data, Missing Encryption of Sensitive Data.
2.
Siemens PROFINET Devices (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: PROFINET Devices
Vulnerability: Allocation of Resources Without Limits or Throttling
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to perform a denial-of-service attack if a large amount of PROFINET Discovery and Configuration Protocol (DCP) reset packets is sent to the affected devices.
Siemens SINUMERIK Integrate Operate Client (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.4
ATTENTION: Exploitable remotely
Vendor: Siemens
Equipment: SINUMERIK Integrate Operate Client
Vulnerability: Improper Certificate Validation
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to spoof any SSL server certificate and conduct man-in-the-middle attacks.
Siemens SIMATIC Software Products (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: SIMATIC Software Products
Vulnerability: Classic Buffer Overflow
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to manipulate project files, create a denial-of-service condition or remotely execute code.
Siemens SIMATIC Software Products (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.3
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: SIMATIC Software Products
Vulnerability: Incorrect Permission Assignment for Critical Resource
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to manipulate parameters or the behavior of devices configured by the affected software products.
Siemens Industrial Products LLDP (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: Industrial Products
Vulnerabilities: Classic Buffer Overflow, Uncontrolled Resource Consumption
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition or execute arbitrary code.
Siemens Solid Edge (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: Solid Edge
Vulnerabilities: Heap-based Buffer Overflow
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could result in an out-of-bounds write, a buffer overflow condition that may allow remote code execution.
Siemens JT Utilities (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 5.5
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: JT Utilities
Vulnerabilities: Function Call with Incorrect Variable or Reference as Argument, NULL Pointer Dereference
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could cause a denial-of-service condition.
Siemens RUGGEDCOM ROS (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.1
ATTENTION: Exploitable remotely
Vendor: Siemens
Equipment: RUGGEDCOM ROS
Vulnerability: Classic Buffer Overflow
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker with network access to an affected device to cause a remote code execution condition.
Siemens Teamcenter Active Workspace (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.1
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: Teamcenter Active Workspace
Vulnerabilities: Generation of Error Message Containing Sensitive Information, Cross-site Scripting, Exposure of Sensitive Information to an Unauthorized Actor
2.
Siemens VxWorks-based Industrial Products (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: Wind River VxWorks-based Industrial Products
Vulnerability: Heap-based Buffer Overflow
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to cause a heap-based buffer overflow.
Siemens SINAMICS PERFECT HARMONY GH180 (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.1
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SINAMICS PERFECT HARMONY GH180
Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer
2. RISK EVALUATION
Successful exploitation of this vulnerability could result in arbitrary code execution and unauthorized access to sensitive data.
Siemens RWG Universal Controllers (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.5
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: RWG Universal Controllers
Vulnerability: Allocation of Resources Without Limits or Throttling
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition.
Siemens JT2Go and Teamcenter Visualization (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: JT2Go and Teamcenter Visualization
Vulnerabilities: Double Free, Infinite Loop, Out-of-bounds Write, Use After Free, Heap-based Buffer Overflow, Buffer Over-read, Out-of-bounds Read, Improper Restriction of Operations within the Bounds of a Memory Buffer
2.
Siemens Mendix (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 5.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: Mendix
Vulnerability: Incorrect Authorization
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow unauthorized users bypass write permissions to attributes of objects.
Siemens SINUMERIK ONE and SINUMERIK MCI (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.1
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SINUMERIK ONE and SINUMERIK MC
Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer
2. RISK EVALUATION
Successful exploitation of this vulnerability could result in arbitrary code execution and unauthorized access to sensitive data.
Siemens Linux Based Products (Update B) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.4
ATTENTION: Exploitable remotely
Vendor: Siemens
Equipment: Linux based products
Vulnerability: Use of Insufficiently Random Values
2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-21-131-03 Siemens Linux Based Products (Update A) that was published June 8, 2021, to the ICS webpage on us-cert.cisa.gov.
Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet Module (Update D) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet module
Vulnerabilities: Missing Authentication for Critical Function, Inadequate Encryption Strength
2.
Siemens UMC Stack (Update H) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.7
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: UMC Stack
Vulnerabilities: Unquoted Search Path or Element, Uncontrolled Resource Consumption, Improper Input Validation
2.
Siemens Industrial Products (Update N) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: Industrial Products
Vulnerabilities: Excessive Data Query Operations in a Large Data Table, Integer Overflow or Wraparound, Uncontrolled Resource Consumption
2.
Ring’s end-to-end encryption is rolling out globally (The Verge) The company is also adding support for authenticator apps.
Trends
New Enterprise Security Study from Hysolate Reveals Paradox in IT, Security Attitudes Toward Enabling Secure Work Access from Anywhere (GlobeNewswire News Room) Expanding the workforce’s IT freedom while simultaneously increasing IT restrictions headlines the contradictory sentiments of IT and Security leaders in...
Marketplace
AttackIQ Announces $44 Million in Series C Funding to Fuel Global Growth and Vision of Security Optimization (AttackIQ) Led by Atlantic Bridge, the investment also included new investors Saudi Aramco Energy Ventures (SAEV) and Gaingels, with participation from existing investors Index Ventures, Khosla Ventures, Salesforce Ventures, and Telstra Ventures.
IVIX Secures $13M Seed Funding, Unveils Technology Platform to Combat (PRWeb) IVIX, the first technology platform purpose-built to combat the shadow economy, today announced it has closed a $13 million seed funding round,
The Briefing: Quantexa Lands $153M, Xtremepush Raises $33M, And More (Crunchbase News) Crunchbase News' top picks of the news to stay current in the VC and startup world.
Cybereason Secures $275 Million in Crossover Financing to Extend Global Leadership in XDR (Cybereason) Cybereason Secures $275 Million in Crossover Financing to Extend Global Leadership in XDR
Microsoft to beef up security portfolio with reported half-billion-dollar RiskIQ buyout (Register) Imagine how many Print Spooler testers that would have bought
Microsoft Agrees To Buy Cybersecurity Firm RiskIQ For $500M: Report (Benzinga) Microsoft Corp (NASDAQ: MSFT) will pay more than $500 million in cash to buy San Francisco cybersecurity software company RiskIQ, Bloomberg reported on Sunday, citing people...
Barracuda completes acquisition of SKOUT Cybersecurity (PR Newswire) Barracuda Networks, Inc., a trusted partner and leading provider of cloud-enabled security solutions, today announced it has completed its...
Octo acquires defense & intelligence IT integrator (Washington Technology) Nearly six months after closing one large combination, Octo has moved onto the next transaction in this phase of its strategy to be the go-to technology modernization provider for federal agencies. Reston, Virginia-headquartered Octo said Tuesday it has acquired Volant Associates, an enterprise IT and software development company whose customer base stretches across the defense and intelligence communities. Terms were not disclosed.
ZoomInfo will pay $575M to acquire conversation intelligence startup Chorus.ai (GeekWire) ZoomInfo has agreed to acquire Chorus.ai for $575 million in cash, adding conversation analysis capabilities to the Vancouver-Wash.-based company’s offerings. ZoomInfo, which went public last year…
Salt Security Launches Salt Labs to Drive Global Awareness of API Security Threats (PR Newswire) Salt Security, the leading API security company, today announced the launch of Salt Labs, a now-public forum for publishing research on API...
Ubiq awarded contract with U.S. Army Combat Capabilities Development Command (Encryption Simplified) Engagement will utilize the company’s API-based platform to advance the military's encryption capabilities. San Diego, California — 13 July, 2021 – Ubiq Security, an API-first and Forbes Top 20 security startup, today announced that it was awarded a SBIR contract with the U.S. Army DEVCOM. Ubiq’s platform will be utilized to help deliver highly efficient, […]
Meet the tech experts behind Detroit’s emerging cybersecurity industry (Model D) In a year marred by massive breaches like the SolarWinds and Colonial Pipeline cyberattacks, it’s no secret that strong cybersecurity is more important than ever to keep information — and consumers — safe online.
Kudelski Security Hires Seasoned Cybersecurity Experts to Bolster Threat Intel and OT Security Capabilities (Kudelski Security) Roger Hill joins to lead OT security standards team, Steven Bay to lead company’s threat intelligence services Cheseaux-sur-Lausanne, Switzerland and...
Acronis CEO steps down, GoDaddy exec steps in (SearchDataBackup) Serguei Beloussov stepped down as Acronis' CEO and became its new chief research officer, while Patrick Pulvermueller joined Acronis as its new CEO.
Leaked email shows $9 billion cybersecurity startup Tanium just lost its fourth chief marketing officer in five years (Business Insider) The chief marketing officer at $9 billion Tanium is leaving – and the company is once again looking to fill a role that has seen significant turnover.
Cybersecurity Executive Rick Driggers Joins Accenture Federal Services (BusinessWire) Accenture Federal Services, (AFS), a subsidiary of Accenture, has hired cybersecurity expert and former CISA executive, Rick Driggers.
Egnyte Appoints Stan Hansen as Chief Revenue Officer (Egnyte) Egnyte, the leader in cloud content security and governance, today announced the appointment of Stan Hansen as Chief Revenue Officer (CRO). Hansen will be responsible for all sales functions globally.
Products, Services, and Solutions
UScellular x WMC Global's SpamResponse (WMC Global) WMC Global and UScellular have teamed up to help protect customers from SMS spam. As text messaging continues to be a dominant consumer touchpoint...
Cybersixgill Accelerates Vulnerability Management with Swimlane Automation (PR Newswire) Cybersixgill, the leader in threat intelligence enablement, today announced that its Dynamic Vulnerability Exploit (DVE) Score is now available...
Giant Oak Achieves SOC-2 Type II Compliance Following Rigorous Examination of Security, Availability, and Confidentiality Controls (Giant Oak) Leading accounting firm conducted Service and Organization Controls report to ensure Giant Oak’s safe handling of data in compliance with AICPA requirement
Illumio Introduces Automated Enforcement to Accelerate the Path to Zero Trust Security (Illumio) Latest Innovation Lets Organizations Protect Key Assets from Cyberattacks and Ransomware in Minutes
Enso Security Introduces AppSec Map, a Free Industry Collaboration Initiative (GlobeNewswire News Room) Live, interactive map of AppSec vendors and community projects to empower the AppSec community...
Cyberhaven Unveils Full Context Blocking to Transform Stagnant and Ineffective DLP Market (Cyberhaven) Innovative Data Detection and Response (DDR) Platform Provides Security Teams with Breakthrough Visibility and Control Over All High-Value Enterprise Data
Infrascale Backup and Disaster Recovery Launches Five New Appliance Options for SMB & Mid-Market Customers (Infrascale) Building on the success of the recently launched Infrascale Backup & Disaster Recovery (IBDR) solution, Infrascale today announced the availability of five new IBDR appliance models for MSPs and VARs servicing SMB and mid-market companies. IBDR is a Disaster Recovery as a Service (DRaaS) hybrid cloud solution that prevents data loss and provides rapid recovery from crashes, ransomware/malware, natural disaster, human error, and all other forms of business disruption.
Secureworks delivers Taegis XDR for EU customers and channel partners (Help Net Security) Secureworks announced its new Taegis XDR cloud data storage instance in Frankfurt, Germany, for EU customers and channel partners.
CipherTrace and BAE Systems Applied Intelligence Partner for Cryptocurrency Intelligence Solutions (WFMZ.com) CipherTrace is partnering with BAE Systems Applied Intelligence, a proven regulatory compliance and transaction monitoring solution, to integrate CipherTrace's market-leading cryptocurrency intelligence
ThreadFix Integrates Top Developer Tool for Salesforce Extending Support for Top Cloud Service Providers (PR Newswire) Coalfire today announced the ThreadFix integration with Clayton, the developer tool for automated code and security reviews for Salesforce....
Docler Holding Selects DH2i’s DxEnterprise To Help Maintain Operations Uptime and Minimize Business Disruption Across Multinational Conglomerate (DH2i) Our team at DH2i is happy to announce the acquisition of our newest customer, Docler Holding. One of the world's most innovative and trusted ICT, media and entertainment companies, Docler Holding has deployed our DxEnterprise for Availability Groups solution for Linux to help maintain SQL Server database uptime and minimize disruption across its multinational business entities.
Experian Selected as a Leading Provider of Fraud Detection and Prevention (Valdosta Daily Times) Experian was named one of the established leaders in fraud detection and prevention in Juniper Research’s Online Payment Fraud Deep Dive Strategy & Competition 2021-2025. The report looks at the continuing growth in online payment and the vulnerability it has caused for online fraud and identity theft.
Technologies, Techniques, and Standards
Kaseya hack proves we need better cyber metrics (TheHill) If we want to keep Labor Day from looking like the 4th of July, we just have to ensure that the move to managed services includes cybersecurity.
Swimming past 2FA, part 1: How to spot an Okta MITM phishing attack (Expel) Crafty attackers are finding new ways to bypass multiple-factor authentication. Find out how our SOC detected an attack and get some tips on how your org can prevent credentials phishing.
Design and Innovation
A visit with the new chairwoman of the Federal Laboratory Consortium (Federal News Network) You might not think of the National Security Agency as a federal laboratory that does technology transfer, but it is, and it does. And now the director of its Office of Research and Technology Applications is the new chairwoman of the Federal Laboratory Consortium.
SES-led consortium defines quantum communication infrastructure for Europe (Help Net Security) SES announced it is leading a consortium to create a secure communications shield against cyber threats based on quantum technology.
Legislation, Policy, and Regulation
China tightens control over cybersecurity in data crackdown (C4ISRNet) The ruling party’s military wing is a global cyber warfare leader, and Beijing is increasingly sensitive about control over information about its people and economy.
China tightens control over cybersecurity in data crackdown (Washington Post) Tech experts in China who find a weakness in computer security would be required to tell the government and couldn’t sell that knowledge under rules further tightening the Communist Party’s control over information.
Chinese government lays out new vulnerability disclosure rules (The Record by Recorded Future) The Chinese government has published new regulation on Tuesday laying out stricter rules for vulnerability disclosure procedures inside the country's borders.
Study sheds light on cyber version of the Great Wall of China (Israel Defense) According to new research, China is regularly blocking about 311,000 domains, but only about 1,800 of them are among the most popular sites on the internet. Newly-registered domains are frequently blocked by default until they are approved by the authorities
Global leaders seek new technology partnerships to counter threat posed by China (C4ISRNet) The world leaders stressed that like-minded nations need to band together to set standards for emerging technologies including artificial intelligence.
Sullivan: Data Privacy Key To AI Race Against China (Defense One) New privacy-protecting technologies will enable democracies to work together to win the AI race against China, says Biden’s national security advisor.
Japan raises alarm over Taiwan security for first time in annual defense review (INQUIRER.net) Japan directly broached the subject of Taiwan security for the first time in its annual defense review released on Tuesday (July 13), as it raised the alarm over the growing
National Cyber Security Centre to create 45 new roles in five years (Silicon Republic) A significant budgetary package aims to strengthen the capacity of Ireland’s NCSC to respond to the growing threat from cybercriminals.
Information Warfare Looms Larger in Russia’s New Security Strategy (Defense One) Kremlin’s first update in six years decries foreign influence, calls for more Russian info ops.
Opinion | Russian hackers are sowing havoc. So why are we letting Moscow write the U.N.’s rules on cyberspace? (Washington Post) Washington should stop acting as though U.N. treaties are a solution
FCC Vote Broadens Replacement Fund For Chinese Tech (Law360) The Federal Communications Commission took another step toward shoring up American networks against foreign cybersecurity threats on Tuesday, voting to allow a broader range of small internet service providers to seek reimbursement for wider swaths of distrusted, largely Chinese-made network equipment they are being required to replace.
FCC votes to finalize program to replace Huawei equipment in U.S networks (Reuters) The U.S. Federal Communications Commission (FCC) voted unanimously on Tuesday to finalize a $1.9 billion program to reimburse mostly rural U.S. carriers for removing equipment from telecommunications networks from Chinese companies deemed national security threats like Huawei (HWT.UL) and ZTE Corp (000063.SZ).
FCC finalizes program to rip and replace Huawei, ZTE telecom equipment in the U.S. (CNBC) The U.S. government has considered the Chinese firms national security risks.
Date set for US telecoms carriers to access fund for Huawei, ZTE replacement (South China Morning Post) Federal Communications Commission approves rules to guide the allocation of a US$1.9 billion fund approved by Congress in December.
SecDef Austin Commits US To 'Responsible AI' (Breaking Defense) "AI is going to change many things about military operations, but nothing is going to change America’s commitment to the laws of war and the principles of our democracy," the Defense Secretary said.
Jen Easterly sworn in as director of DHS cyber agency (TheHill) Jen Easterly was sworn in Tuesday as director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), one day after the Senate unanimously approved her nomination.
A dozen of Biden’s national security nominees are on hold in the Senate (Defense News) At least three lawmakers are using the nominees as bargaining chips in talks on various concerns.
Warren Extracts Agreement for Nominees to Refuse Defense Industry Work for 4 Years (Military.com) The initiative is one step of Warren's broader work to stop contractors from hiring former senior government officials for four years.
Data breaches on track for record this year as Ohio bill hopes to create ‘data rights’ (Springfield News-Sun) Cybercriminals increasingly use ransomware attacks, phishing and third party attacks to steal or lock data
What State Leaders Need to Know About Cybersecurity (Governing) A new training program is an opportunity for lawmakers and their staffs to get up to speed so that the policies they craft address the issue in ways that don’t harm the economy.
Litigation, Investigation, and Law Enforcement
Met police seize nearly £180m of bitcoin in money laundering investigation (the Guardian) Seizure follows confiscation of £114m of the cryptocurrency in June
Seizing Cryptocurrency: How is Law Enforcement Tracing and Recovering Bitcoin Payments? (SecurityWeek) SecurityWeek explores several hypotheses on how U.S. and UK law enforcement could have effected two major bitcoin seizures
Trump Justice Dept. effort to learn source of leaks for Post stories came in Barr’s final days as AG, court documents show (Washington Post) Unsealed request for court order names three articles for which Trump administration sought to identify leakers.
ADT Customers Reject Settlements, Want Class Cert. (Law360) A group of ADT customers pushed for class certification on their claims that the security company is liable for a former technician's use of home cameras to invade their privacy, mostly arguing that their claims are closely related because they each had identical ADT systems in their homes.
Investor Sues FireEye Over $1.2B Private Equity Deal (Law360) A FireEye Inc. investor sued the cybersecurity company in Delaware Chancery Court on Tuesday, seeking to investigate claims that its planned $1.2 billion deal with Symphony Technology Group, a private equity firm, would rip off public investors for the benefit of its CEO.
FireEye Sued Over $1.2 Billion Private Equity Transaction (1) (Bloomberg Law) A FireEye Inc. investor sued it in Delaware on Tuesday, seeking to investigate claims that its planned $1.2 billion deal with Symphony Technology Group, a private equity firm, would rip off public investors for the benefit of the cybersecurity company’s CEO.
Dechert may face UK lawsuit over Indian hacking claim (Reuters) An Iranian-American businessman wants to sue U.S. law firm Dechert over allegations of hacking, seeking a London court's approval to add it as a defendant in a long-simmering dispute with the Ras Al Khaimah Investment Authority (RAKIA).
Iranian Intelligence Plotted to Kidnap U.S.-Based Activist, Prosecutors Say (Wall Street Journal) The alleged scheme targeted Masih Alinejad, a Brooklyn-based critic of Tehran who has rallied opinion against Iran’s compulsory head scarves for women.
US indicts dark web user 'The Bull' for insider trading (BleepingComputer) The U.S. Department of Justice (DoJ) has charged an individual for engaging in insider trading on the darknet. Greece-based Apostolos Trovias, known as the "The Bull" frequently used encrypted messaging services and the dark web for soliciting, exchanging and selling inside information.
Prairie Village Man Sentenced to 12 Years for $7.3 Million Dollar Payday Loan Fraud, $8 Million Tax Evasion (Department of Justice, U.S. Attorney’s Office, Western District of Missouri) A Prairie Village, Kansas, man was sentenced in federal court today for engaging in two separate fraud schemes related to millions of dollars in false payday loan debt and for tax evasion totaling more than $8 million.