Attacks, Threats, and Vulnerabilities
UPDATE 1-Russian defence ministry says its website hit by foreign cyberattack (Reuters) The Russian defence ministry said it had been hit by a distributed-denial-of-service (DDoS) attack launched from abroad after its website was knocked offline on Friday.
Facebook Catches Iranian Spies Catfishing US Military Targets (Wired) The hackers posed as recruiters, journalists, and hospitality workers to lure their victims.
Iranian Hackers Target US Military, Defense Companies (Voice of America) Iran appears to be intensifying its effort to exploit U.S. and Western targets in cyberspace, running a campaign aimed at manipulating American military personnel and defense companies on social media.
Tehran's latest campaign, orchestrated on Facebook by a group known as Tortoiseshell, used a series of sophisticated, fake online personas to make contact with U.S.
Facebook: Iranian Hackers Target Military, Aerospace Entities in the US (SecurityWeek) Facebook's security team issues a warning about Tortoiseshell, an Iranian hacking group targeting military personnel and defense organizations in the United States.
Facebook disrupts Iranian hackers using platform to target US military personnel (TheHill) Facebook on Thursday announced that it had taken steps to disrupt a group of Iranian-based hackers that had leveraged the platform as part of a wider effort to target U.S. military personnel and the defense industry in other countries.
Facebook says Iranian hacker group targeted U.S. military personnel (SeekingAlpha) Facebook said Thursday it has taken down around 200 accounts that were part of an Iranian cyber-spying ring targeting U.S. military and defense industry personnel
Microsoft, Google, Citizen Lab blow lid off zero-day bug-exploiting spyware sold to governments (Register) 100+ dissidents, politicians, journos targeted by Israeli espionage toolkit
Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware (Microsoft Security Blog) The Microsoft Threat Intelligence Center (MSTIC) alongside the Microsoft Security Response Center (MSRC) has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits (CVE-2021-31979 and CVE-2021-33771).
Microsoft says Israeli group sold tools to hack Windows (Reuters) An Israeli group sold a tool to hack into Microsoft Windows, Microsoft and technology human rights group Citizen Lab said on Thursday, shedding light on the growing business of finding and selling tools to hack widely used software.
Hooking Candiru: Another Mercenary Spyware Vendor Comes into Focus (The Citizen Lab) Candiru is a secretive Israel-based company that sells spyware exclusively to governments. Using Internet scanning, we identified more than 750 websites linked to Candiru’s spyware infrastructure. We found many domains masquerading as advocacy organizations such as Amnesty International, the Black Lives Matter movement, as well as media companies, and other civil-society themed entities.
Mysterious Israeli Spyware Vendor’s Windows Zero-Days Caught in the Wild (Motherboard) Microsoft and Citizen Lab found a new kind of spyware made by the mysterious Israeli vendor Candiru, and targeting someone in Europe based on their political beliefs.
Israeli firm accused of selling spyware used to target journalists and dissidents (Computing) The firm's spyware infrastructure included websites masquerading as advocacy group, such as Black Lives Matter and Amnesty International
Windows spyware and zero-days linked to prodigious Israeli hack-for-hire company (The Record by Recorded Future) Microsoft and Citizen Lab said today that an Israeli company named Candiru is behind two Windows zero-day exploits that have been used to infect and deploy a never-before-seen spyware strain on the devices of at least 100 victims, including politicians, human rights activists, journalists, academics, embassy workers and political dissidents.
The Cybersecurity 202: Another spyware company is helping authoritarian regimes snoop on their critics (Washington Post) Nations that want to spy on their citizens and adversaries increasingly don’t need to develop their own hacking tools to do it.
The SolarWinds Hackers Used an iOS Flaw to Compromise iPhones (Wired) Security researchers say the group exploited a zero-day in Apple’s operating system to target European government officials over LinkedIn.
Con Connections: LinkedIn Phishing Using Google Forms (Armorblox) This blog focuses on a LinkedIn credential phishing attack that was sent from a compromised university email account and hosted its phishing page on Google Forms.
Linux version of HelloKitty ransomware targets VMware ESXi servers (BleepingComputer) The ransomware gang behind the highly publicized attack on CD Projekt Red uses a Linux variant that targets VMware's ESXi virtual machine platform for maximum damage.
Researchers warn about possible cyberthreats to Tokyo Olympics (Yahoo) Amid a rise in cyberattacks and ransomware incidents, security experts are looking out for digital threats to the Tokyo Olympics.
Thousands of Artists and Customers Exposed in Online Artwork Management Platform Data Breach (WizCase) WizCase’s team of ethical hackers, led by Ata Hakçıl, has found a major breach in online art retail platform Artwork Archive. This breach compromised users’ names, surnames, email addresses, physical addresses, and other sensitive information. Thousands of artists, collectors and their customers were left vulnerable. There was no need for a password or login ...
Cardinal Contracting Data Breach Includes Medical Information (Health IT Security) Cardinal Contracting began notifying individuals about the medical data breach this week.
Tulsa Says Network Hack Gained Some Social Security Numbers (SecurityWeek) Hackers gained access to the Social Security numbers of more than two dozen people during a ransomware attack that forced the city of Tulsa to shut down parts of its computer network for months, officials said.
Nottingham City Transport: Bus operator hit by cyber-attack (BBC News) The company says in an email to users it believes no personal data has been accessed.
London Borough of Hackney Struggles With Recovery Months After Ransomware Attack (Wall Street Journal) Some ransomware victims deal with IT problems and backlogged work for long periods after an attack.
The 'Freedom Phone' that far-right leaders are hawking is a cheap Chinese Android—and a security nightmare (The Daily Dot) Security experts are raising concerns over the 'Freedom Phone,' a new device touted by conservatives as both secure and censorship-resistant.
Famous Smoke Shop website is operational again after cyber attack (Lehigh Valley Live) The site for the Forks Township-based cigar retailer was shut down due to a ransomware attack.
Security Patches, Mitigations, and Software Updates
Google patches Chrome zero-day, eighth one in 2021 (The Record by Recorded Future) Google has released security updates today for its Chrome web browser, including a patch to address a zero-day vulnerability that was exploited in the wild.
Palo Alto Networks Patches Flaws in Prisma Cloud Compute, Cortex XDR Agent (SecurityWeek) Palo Alto addresses vulnerabilities that could allow an attacker to execute arbitrary JavaScript code in the web console or to execute programs with SYSTEM privileges.
Lenovo Working on Patches for BIOS Vulnerabilities Affecting Many Laptops (SecurityWeek) Lenovo this week published information on three vulnerabilities that impact the BIOS of two of its desktop products and approximately 60 laptop and notebook models.
Ypsomed mylife (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Ypsomed
Equipment: mylife Cloud, mylife Mobile Application
Vulnerabilities: Insufficiently Protected Credentials, Not Using an Unpredictable IV with CBC Mode, Use of Hard-coded Credentials
2.
Instagram rolls out new tool to help users secure hacked accounts (The Record by Recorded Future) Instagram has begun rolling out a new security feature that will help users secure compromised accounts and kick out hackers.
Trends
Cloudian Ransomware Survey Finds 65% of Victims Penetrated by Phishing Had Conducted Anti-Phishing Training (GlobeNewswire News Room) Failure of Traditional Defenses in Preventing Attacks Highlights Need for Greater Focus on Being Able to Recover Quickly Without Paying Ransom...
Pondurance Cybersecurity Quarterly Review | Pondurance (Pondurance) Q2 2021 Pondurance Cyber Security Quarterly Review Download the Report Attackers Are Increasing Focus on the Manufacturing Industry Manufacturing cyberattacks are on the rise, and while the recent attack on the Colonial Pipeline made headlines, the company wasn’t the only one battling attackers. Our Pondurance Managed Detection and Response (MDR) team recorded a 10% increase...
The Code Red worm 20 years on – what have we learned? (Naked Security) “It was 20 years ago today…” that we learned a few lessons that are well worth revisiting!
Marketplace
ID Technologies Acquires Attila Security (Attila Security) Attila Security Adds IP, Customers, Capability and Scale to the Company’s Archon Secure Solutions Division
Passwordless Authentication Startup Stytch Raises $30 Million (SecurityWeek) Passwordless authentication startup Stytch this week announced that it has raised $30 million in a Series A funding round. To date, the company raised $36.3 million.
ThreatWarrior Raises $10M in Series A Funding | FinSMEs (FinSMEs) ThreatWarrior, an Austin TX-based cloud-native network threat intelligence company, raised $10M in Series A funding
Nym gets $6M for its anonymous overlay mixnet to sell privacy as a service (TechCrunch) Switzerland-based privacy startup Nym Technologies has raised $6 million, which is being loosely pegged as a Series A round. Earlier raises included a $2.5M seed round in 2019. The founders also took in grant money from the European Union’s Horizon 2020 research fund during an earlier R&D…
NortonLifeLock, Avast In Advanced Merger Talks (CRN) The advanced merger discussions between NortonLifeLock and Avast is only the latest example in a string of security mergers in 2021.
Forcepoint closes acquisition of UK cybersecurity firm (CRN) Security vendor announced acquisition of Deep Secure in June
Attivo Networks® Awarded U.S. Department of Defense Contracts for Active Cyber Defense and Cyber Deception Technology (BusinessWire) Attivo Networks® Awarded U.S. Department of Defense Contracts for Active Cyber Defense and Cyber Deception Technology.
National Cyber Security Alliance Announces Leadership Transition (Yahoo Finance) NCSA Executive Director Kelvin Coleman Will Depart Following Successful Tenure; Lisa Plaggemier Named Interim Executive DirectorWASHINGTON, July 15, 2021 (GLOBE NEWSWIRE) -- The National Cyber Security Alliance, the leading non-profit organization that focuses on driving cybersecurity behavior change, today announced that following nearly a three year stint as Executive Director Kelvin Coleman is stepping down from the position and will leave his post as of July 18th. The National Cyber Security
Keyavi Data Appoints Shai Guday as Chief Product Officer (Valdosta Daily Times) Keyavi Data Corp., a cybersecurity trailblazer whose breakthrough technology is transforming the very nature of the data security industry, today announced that Shai Guday has joined the company as its first chief product officer, reporting to CEO Elliot Lewis.
Products, Services, and Solutions
Nok Nok Labs Delivers the 'Power of 5' with 1H2021 Major Momentum & Milestones (PR Newswire) /PRNewswire/ -- Nok Nok Labs (Nok Nok™), the trusted leader in passwordless authentication, today announced major market momentum with a number of landmark...
Anexinet Strengthens Customer Cybersecurity Offerings With Ping Identity Partnership (GlobeNewswire News Room) Partner Brings Zero Trust, Identity-Defined Security To Anexinet’s Award-Winning Digital Transformation Services...
1Password Launches Events API To Provide Real-time Data Streaming To Third-party Platforms. (PR Newswire) 1Password, the leader in enterprise password management, today launched Events API, a new way to empower security teams with greater data...
OMNICOMMANDER™ Launches a Solution to Help Protect Credit Unions From Cyber Threats and Ransomware Attacks (PR Newswire) OMNICOMMANDER™, the leader in credit union marketing services with over 400 clients across 47 states, announced today a complimentary...
June ‘21 Product Update: Support for All the Databases (Tonic.ai Blog) At Tonic, we’ve been mimicking structured data since day 1. But let’s face it: not all data belongs in columns and rows. Which is why we’re very excited to announce our newest database integration: Tonic can now mimic your document-based data in MongoDB.
Technologies, Techniques, and Standards
Biden administration launches new website to combat ransomware (Federal News Network) This summer’s Post Office rate increases are expected to decrease business and make more money, and the U.S. Fleet Forces Command has a new leader.
Stop Ransomware (CISA) Ransomware incidents can severely impact business processes and leave organizations without the data they need to operate and deliver mission-critical services. The economic and reputational impacts of ransomware incidents, throughout the initial disruption and, at times, extended recovery, have also proven challenging for organizations large and small.
CISA URGES WATER, WASTEWATER FACILITIES TO PROTECT THEMSELVES FROM RANSOMWARE (KMMO) In recent months, an increased number of ransomware attacks have occurred against U.S. critical infrastructure, including targeted attacks against the water sector. Ransomware as defined by DHS’s Cybersecurity & Infrastructure Security Agency (CISA) is “an ever-evolving form
Utilities will be able to share resources during cyber attacks (Times Union) New York state's largest electric and gas utilities were granted permission by state...
Utilities guard against cyber attacks (The Cullman Times) The cyber attack on the Colonial Pipeline earlier this year, which shut down the pipeline for several days, demonstrated the danger of public utilities being the target of ransomware. According
Academia
Georgia Cyber Center leader named to Army ROTC Hall of Fame (Jagwire) “His leadership in the growth and development of the Georgia Cyber Center has helped change the future of the CSRA.”
Legislation, Policy, and Regulation
India internet law adds to fears over online speech, privacy (AP NEWS) It began in February with a tweet by pop star Rihanna that sparked widespread condemnation of Indian Prime Minister Narendra Modi’s handling of massive farmer protests near the capital, souring an already troubled relationship between the government and Twitter.
FAST THINKING: The geopolitics of Iran’s kidnapping plot (Atlantic Council) How should the United States respond to a kidnapping plot on American soil? And what do the revelations mean for sensitive nuclear negotiations with Tehran? Our Iran experts are on the case.
A US-UK hacking probe offers a fresh approach against Russia (Atlantic Council) The international collaboration underscores the importance of being carefully narrow about scoping cyberspace “red lines” in talks with the Russian government.
US government launches plans to cut cybercriminals off from cryptocurrency (CyberScoop) The White House on Thursday announced a flurry of actions launched by a new interagency task force to combat ransomware.
$10 million rewards bolster White House anti-ransomware bid (AP NEWS) The State Department will offer rewards up to $10 million for information leading to the identification of anyone engaged in foreign state-sanctioned malicious cyber activity, including ransomware attacks , against critical U.S.
TSA Pipeline Security Guideline Update (Dragos) TSA updated security standards with additional requirements to better understand industrial cyber risks, operating environments, & incident response capabilities. Read our blog to learn more.
US reinforces Huawei stance as Biden meets with Merkel (Fox Business) The U.S. Commerce Department's Bureau of Industry and Security reinforced the United States' position against Chinese telecom giant Huawei on Thursday, as President Joe Biden met with German Chancellor Angela Merkel.
Here's how the US government plans to destroy Huawei's equipment (Light Reading) The FCC's "rip and replace" program is scheduled to officially get underway later this year. The program promises to allocate almost $2 billion in Congressional funding to US network operators so they can replace equipment from Chinese vendors Huawei and ZTE with gear from "trusted" suppliers.
Surgeon General Calls On Tech Platforms, Media Outlets To Take Greater Steps To Combat Covid-19 Misinformation; White House Singles Out Facebook (Deadline) UPDATED, with Facebook comment: As the rate of Covid-19 vaccination slows and cases rise again, U.S. Surgeon General Vivek Murthy on Thursday called on tech platforms and the news media to take gre…
Lawmakers Look to Improve Cyber Workforce, Especially for Acquisitions (Nextgov.com) The effort is happening through major Department of Homeland Security reform legislation recently introduced in the House and a supply-chain bill that just cleared committee in the Senate.
No, Facebook and Google Are Not Public Utilities (Wired) It’s time to retire one of the most half-baked ideas for regulating Big Tech.
Missouri to beef up cybersecurity with commission to target risks (Courier-Tribune) Missouri is home to a number of cybersecurity companies, including Global Velocity, Bandura and Norse Corp., and state lawmakers created an award-winning Office of Cyber Security
Search begins for new NSA top lawyer, following a controversial resignation (The Record by Recorded Future) The Defense Department has begun a new search for the top lawyer at the NSA roughly six months after the organization was ordered to install an ex-GOP operative in the job.
Is the HIPAA Exemption Enough? A Look at the Impact of New California and Virginia Privacy Laws on Healthcare and Life Sciences Entities (JD Supra) With the recent enactment of Virginia’s Consumer Data Privacy Act (VCDPA), and similar bills under consideration in several state legislatures,...
Litigation, Investigation, and Law Enforcement
China Sends State Security, Police Officials to Didi for Cybersecurity Probe (Wall Street Journal) China sent regulators including state security and police officials to the ride-hailing business as part of a cybersecurity investigation, the latest development in a regulatory saga that has gripped China’s tech industry.
Cancer patient to sue Cork's Mercy Hospital over cyber hack (Irish Examiner) Case lodged at Cork Circuit Court on behalf of man who had received treatment for cancer at the hospital and whose files were put up on dark web
Facebook's Use Of WhatsApp Data Is Subject Of Irish Probe (Law360) The European Union's data protection authorities on Thursday directed their colleague in Ireland to investigate how Facebook uses personal information from its WhatsApp subsidiary, although they rejected a request by a German regulator to immediately ban Facebook from processing that data.
EU regulator rejects call from Germany to ban Facebook from processing WhatsApp data (Computing) Instead, the EDPB has asked the Irish Data Protection Commission to investigate how Facebook uses personal information of WhatsApp users
Facebook Dodges EU Ban on WhatsApp Data as Scrutiny Heats Up (Bloomberg) Data chiefs reject Hamburg watchdog’s bid for EU-wide order. Data chiefs decide Irish regulator should investigate data-use.
Records of Arizona’s review of the 2020 election must be made public, a judge rules. (New York Times) Republican state senators overseeing a review of the 2020 election in Arizona’s most populous county must make public the records of private companies hired to conduct the audit, a county judge ruled on Thursday, emphatically rejecting a bid by the senators to keep the documents secret.
Arizona election auditors seek more records, voter canvass (Washington Post) Contractors hired by Arizona Senate Republicans to oversee a partisan review of the 2020 election said Thursday that they don’t have enough information to complete their report, and urged legislators to subpoena more records and survey voters at home.
The Matt Hancock CCTV footage leak - why it’s right for the ICO to investigate (Graham Cluley) The ICO, the UK's data watchdog, has raided two properties while investigating the leak of CCTV footage from inside the Department of Health and Social Care.