Attacks, Threats, and Vulnerabilities
Russian Hackers Continue With Attacks Despite Biden Warning (BloombergQuint) Russian Hackers Continue With Attacks Despite Biden Warning
Dozens of active Cozy Bear C2 servers for data-stealing malware identified (Computing) WellMess and WellMail malware strains have been used in espionage campaigns targeting Covid-19 research
RiskIQ Uncovers Infrastructure Patterns Leading to 35 Active Russian APT29, aka Cozy Bear, C2 Servers (GlobeNewswire News Room) RiskIQ, a leader in internet security intelligence, has uncovered more than 30 active command and...
Bear Tracks: Infrastructure Patterns Lead to More Than 30 Active APT29 C2 Servers (RiskIQ) One year ago, amid a global pandemic, the UK, US, and Canadian governments issued a joint advisory detailing a Russian espionage campaign that targeted COVID-19 vaccine research efforts in their respective countries. They attributed the campaign to Russia's APT29 (The Dukes, Yttrium, Cozy Bear) and explicitly identified the group as an extension of Russia's Foreign Intelligence Services (SVR). They attributed the malware used in the campaign, known as WellMess and WellMail, with APT29, for the first time publicly.
Spyware features found in Chinese state benefits app (The Record by Recorded Future) Spyware-like features have been discovered inside an app named "Beijing One Pass" that foreign companies operating in China are forced to install on their systems in order to access a digital platform to manage employee state benefits.
Phantom Warships Are Courting Chaos in Conflict Zones (Wired) The latest weapons in the global information war are fake vessels behaving badly.
South Africa's Transnet restores operations at ports after cyber attack (Reuters) South African state logistics firm Transnet has fully restored operations at ports following a cyber attack that forced the firm to declare force majeure at its container terminals, the Ministry of Public Enterprises said.
Hackers used never-before-seen wiper in recent attack on Iranian train system (ZDNet) SentinelOne analysts were able to recreate the July 9 attack and identify the threat actor behind it.
Leaked Documents Reveal Iran’s Contingency Plans for Sinking Cargo Ships, Attacking Fuel Infrastructure With Cyber Attacks (CPO Magazine) A set of documents obtained by Sky News, allegedly obtained from the Iranian cyber command, details plans by Iran to do advanced real-world damage with cyber attacks.
Leaked Iranian intel sheds light on proxy war with Israel (Haaretz) Sky News obtained five top secret reports by Iranian Revolutionary Guards intel unit potentially revealing plans by Iran to use possible cyberattacks to target ships. However, sources say it may be more defensive than offensive
Hacker downloads close to 300,000 personal ID photos (ERR) A hacker was able to obtain over 280,000 personal identity photos following an attack on the state information system last Friday. The suspect is reportedly a resident of Tallinn.
Estonia says a hacker downloaded 286,000 ID photos from government database (The Record by Recorded Future) Estonian officials said they arrested last week a local suspect who used a vulnerability to gain access to a government database and download government ID photos for 286,438 Estonians.
Northern Ireland suspends vaccine passport system after data leak (BleepingComputer) Northern Ireland's Department of Health (DoH) has temporarily halted its COVID-19 vaccine certification web service and mobile apps following a data exposure incident.
Crimea "manifesto" deploys VBA Rat using double attack vectors (Malwarebytes Labs) A Crimean "manifesto" hides an attack that infects victims with a VBA Rat, which we also found being deployed through a separate exploit.
ISOMorph Infection: In-Depth Analysis of a New HTML Smuggling Campaign (Menlo Security) Data breaches, malware, ransomware, phishing, and DDoS attacks are all on the rise. And now another type of attack is quickly emerging—HTML SmugglingTitle: ISOMorph Infection: In-Depth Analysis of a New HTML Smuggling Campaign
Python packages caught attempting to steal Discord tokens, credit card numbers (The Record by Recorded Future) The operators of the Python Package Index (PyPI), the official repository for Python components, have removed eight libraries this week that contained malicious code.
DoppelPaymer ransomware gang rebrands as the Grief group (BleepingComputer) After a period of little to no activity, the DoppelPaymer ransomware operation has made a rebranding move, now going by the name Grief (a.k.a. Pay or Grief).
Threat Thursday: Hancitor Malware (BlackBerry) Hancitor (AKA Chanitor) malware is a master of disguise. A Hancitor attack initially begins with a malspam email that directs the victim to a webpage serving a fake document. Recently, Hancitor has posed as email from the popular document signing utility DocuSign®.
How Low-level Hackers Access High-end Malware (SecurityWeek) The proliferation of pirated hacking tools and underground forums is allowing previously low-level actors to pose serious risks to enterprise security
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing) (Bitdefender) In the past two weeks, Bitdefender Antispam Lab has been tracking a couple of
extensive extortion campaigns leveraging user credentials exposed in data
breaches and leaks in recent years.
The attacks spread across the globe, with unusually high numbers of spam emails
reaching users in Romania (over 400,000 emails), Italy and the Netherlands. The
messages originate from multiple IP addresses in Europe, Asia, Africa and the
Americas. It seems they've been distributed en masse via a large spam bot
Microsoft researcher found Apple 0-day in March, didn’t report it (Naked Security) Ut tensio, sic uis! Does twice the bug pile on twice the pressure to fix it?
Python developers are being targeted with malicious packages on PyPI (JFrog) JFrog finds a new supply chain attack targeting python developers using the PyPI repository
Serious Vulnerabilities Found in Firmware Used by Many IP Camera Vendors (SecurityWeek) IP cameras from a dozen vendors are exposed to remote attacks due to serious vulnerabilities found in the firmware they all use.
Cyber experts warn of ransomware risks during the Tokyo Olympics (PropertyCasualty360) Should the Summer Games face a cyberattack, the losses would be significant.
Akamai outage is latest warning about Internet dependency (Urgent Communications) Dangerous things, software updates. Push the wrong button and they can be as devastating as any Chinese cyberattack, plunging parts of the Internet into darkness.
MassHealth Members Impacted by Health Data Breach (Health IT Security) A third-party vendor's data breach is impacting over 2,000 MassHealth patients' PHI.
Entertainment tech provider D-Box recovering from ransomware attack (The Daily Swig) Cyber-attack ‘limited to internal systems’
Security Patches, Mitigations, and Software Updates
Google Details New Privacy and Security Policies for Android Apps (SecurityWeek) Google this week announced a series of updates to its Google Play policies that are meant to improve overall user privacy and security and provide more control over ads personalization.
Mitsubishi Electric FA engineering software products (Update B) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Mitsubishi Electric
Equipment: FA engineering software products
Vulnerabilities: Heap-based Buffer Overflow, Improper Handling of Length Parameter Inconsistency
2.
Wibu-Systems CodeMeter Runtime (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.1
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Wibu-Systems AG
Equipment: CodeMeter Runtime
Vulnerabilities: Buffer Over-read
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to read data from the heap of the CodeMeter Runtime network server, or crash the CodeMeter Runtime Server (i.e., CodeMeter.exe).
Hitachi ABB Power Grids eSOMS (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Low attack complexity
Vendor: Hitachi ABB Power Grids
Equipment: eSOMS
Vulnerability: Insufficiently Protected Credentials
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow access to user credentials that are stored by the browser.
Trends
Half of Employees are Still Using Their Personal Computers for Work as Hybrid Landscape Intensifies Enterprise Cybersecurity Threat (PRWeb) 49% of U.S. WFH employees say they continue to use their personal laptop or computer as they work remotely, according to Morphisec’s 2021 WFH ...
For hackers, space is the final frontier (Vox) As the commercial space industry heats up, security experts worry about cyberattacks.
Marketplace
BlackCloak Raises $11 Million for Its Executive Protection Platform (SecurityWeek) BlackCloak, a company that provides cyber protection services for corporate executives and high-profile individuals, has raised $11 million in a Series A funding round.
MSSP SolCyber Emerges From Stealth With $20 Million Series A Funding (SecurityWeek) SolCyber has emerged from stealth with $20 million in Series A funding from ForgePoint Capital, claiming to be the first modern MSSP for the mid-market
LogicGate Raises $113 Million in Series C Funding (SecurityWeek) The risk and compliance solutions provider will invest in an upcoming risk quantification solution, as well as in expanding its market presence globally.
Spectro Cloud Announces $20M Completion of Series A Funding to Unleash Full Potential of Kubernetes in Production Environments with Next-Gen Management Platform (BusinessWire) Spectro Cloud, a next-gen Kubernetes enterprise management platform that makes it easy for teams to manage the full lifecycle of any combination of ne
eCommerce Fraud Prevention Firm Riskified Prices IPO at $21 Per Share (SecurityWeek) eCommerce fraud prevention company Riskified has priced its IPO at $21 per share and is hoping to raise more than $360 million.
EY Australia acquires Melbourne MSP SecureWorx (CRN Australia) To bolster cybersecurity capabilities.
Cyolo raises $21M for zero trust networking tech (VentureBeat) Cyolo, a company providing a platform for zero trust access, has raised $21 million in a series A funding round.
Securitas acquires leading electronic security company in Turkey (PR Newswire) Securitas, the world's leading intelligent protective services partner, has agreed to acquire Tepe Güvenlik A.S., a leading electronic security...
Noetic Cyber emerges from stealth with $15M led by Energy Impact Partners (TechCrunch) The asset management startup says it'll double its headcount by the end of the year.
London-based cybersecurity startup launches Noetic Cyber with £14M funding to reduce cyber risk (UKTN (UK Tech News)) Based in London, Noetic Cyber is a new entrant to cyber asset and controls management markets. The company uses a cloud-based platform to provide teams
McAfee and FCN secure $281M contract from the U.S. Department of Veterans Affairs (Help Net Security) McAfee and FCN announced they have been awarded a contract from the U.S. Department of VA to provide several cybersecurity solutions.
Booz Allen Hamilton - Great Company On The Cusp Of Buyability (Seeking Alpha) Booz Allen Hamilton is amongst the foremost management consulting firms in the entire world. The company has been trading at rich multiples for some time now.
Microsoft Security: 5 Big Statements From Satya Nadella (CRN) Microsoft CEO Satya Nadella said during the company’s Q4 2021 earnings call that the Microsoft security business is seeing rapid sales growth.
Check Point Software Wins Microsoft US Award for Energy, Emphasizing Commitment to Customers (Check Point Software) A few years ago, Gas South was small, local company providing natural gas to a few hundred thousand
CynergisTek Shares Drop After CEO Caleb Barlow Resigns (MarketWatch) CynergisTek Inc.'s shares retreated Tuesday in the wake of the departure of Chief Executive Caleb Barlow, who was appointed two years...
CynergisTek, Inc. Announces the Return of Mac McMillan as CEO and President to Lead Next Phase of Growth (BusinessWire) Re-appointment of the Company’s founder, Mac McMillan, to the positions of Chief Executive Officer and President effective immediately
EY Announces Brian NeSmith of Arctic Wolf as an Entrepreneur Of The Year® 2021 Heartland Award Winner (BusinessWire) Ernst & Young LLP (EY US) today announced that Brian NeSmith, chief executive officer and co-founder of Arctic Wolf, was named an Entrepreneur Of
Druva Appoints Industry Veteran Ash Parikh as Chief Marketing Officer (Druva) Parikh’s Extensive SaaS Knowledge and Industry Expertise in Data Management to Play Critical Role in Company’s Growth and Global Expansion
Query.AI Appoints Dan Burns to Board of Directors to Support Company Mission to Make Security Investigations Efficient and Cost-Effective (BusinessWire) Query.AI today announced the appointment of former Optiv CEO and co-founder Dan Burns to its board of directors.
Products, Services, and Solutions
Tenable Helps Organizations Disrupt Attacks with New Active Directory Security Readiness Checks (Tenable®) In the wake of a growing number of both ransomware and sophisticated attacks, Tenable®, Inc., the Cyber Exposure company, has developed 10 foundational configuration checks for its solutions, including Tenable.io, Tenable.sc and both Nessus Professional and Nessus Essentials, that assess Microsoft Active Directory security readiness and align remediation efforts based on the threat landscape. These checks leverage Tenable’s expertise in securing Active Directory environments through Tenable.ad and are available immediately for existing customers at no extra charge.
Armis and Fortified Health Security Join Forces to Protect Healthcare (GlobeNewswire News Room) Strategic Partnership Operationalizes IoMT Security For Healthcare Customers & Secures The Patient Care Journey...
Kajeet Launches DirectAccess, Enabling Organizations to Securely Manag (PRWeb) Kajeet®, a leading provider of wireless connectivity, software and hardware solutions that deliver safe, reliable and controlled internet access, announced today
Cynerio, A Leading Provider of Healthcare IoT Cybersecurity Solutions, (PRWeb) Cynerio, the leading provider of Healthcare IoT cybersecurity and asset management solutions, today announced the formal launch of its global channel partner progra
Everest Effect Introduces Industry’s First Crisis Impact Score™ To Improve Distribution of Resources To People Who Need It the Most (Everest Effect) Everest Effect Leverages Proprietary Machine Learning in Partnership with KPMG To Enable Intelligent Decisions That Can Minimize Fraud, Eliminate Waste, and Accelerate Economic Recovery July 29th, 2021 – New York, NY – Everest Effect, the leading platform for needs verification, today announced the introduction of the first proprietary machine learning tool with KPMG to […]
Darktrace buttons up 4,000 cyber threats a week for Ted Baker (BusinessWeekly) Cyber security AI world leader Darktrace has stopped fashion icon Ted Baker from being stitched up by online fraudsters. The Cambridge company’s self-learning technology is being used by the luxury clothing brand retailer to intercept 4,000 cyber threats every week. The quintessentially British global lifestyle brand reveals that of these cyber-threats over 200 are targeted
Entrust nShield HSMs Deliver High Assurance Cryptographic Services to VMware Tanzu Kubernetes Grid (BusinessWire) Entrust nShield HSMs deliver high assurance cryptographic services to VMware Tanzu Kubernetes Grid
ContraForce Joins Microsoft Intelligent Security Association (Yahoo Finance) The ContraForce XDR console integrates into Microsoft Azure Sentinel
Technologies, Techniques, and Standards
NSA Issues Guidance on Securing Wireless Devices in Public Settings (National Security Agency Central Security Service) NSA released the Cybersecurity Information Sheet, “Securing Wireless Devices in Public Settings” today to help National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base
Securing Wireless Devices in Public Settings (National Security Agency Central Security Service) Telework has become an essential component of business, and many people are teleworking from home or during travel.
US critical infrastructure cyber security is backwards – it’s the process that counts not the data (Control Global) Control system cyber security is about keeping lights on, water flowing, etc. It is not simply matter of maintaining network availability. If control systems are affected by a cyber incident, whether it’s an unintentional incident or a deliberate attack, critical infrastructure reliability, availability, and safety may be impacted. Industrial, manufacturing, transportation, and others rely on Operational Technology (OT) Internet protocol-based (IP) networks to bring significant productivity improvements. However, along with those improvements come significant cyber vulnerabilities.
Turn Off, Turn On: Simple Step Can Thwart Top Phone Hackers (SecurityWeek) Regularly rebooting phones can make even the most sophisticated hackers work harder to maintain access and steal data from a phone.
Design and Innovation
Mimecast Makes Security Training a Laughing Matter (Security Boulevard) Mimecast has found the best way to train employees on cybersecurity is with a healthy dose of humor. The company has developed a sitcom-style training
Legislation, Policy, and Regulation
White House has spoken to Israeli officials about spyware concerns following Pegasus Project revelations (Washington Post) The talks follow reporting by The Washington Post and other news organizations into how the NSO Group’s phone-hacking tool was used to surveil human rights activists and journalists around the world.
China Cracks Down On Its Tech Giants. Sound Familiar? (Wired) Companies like Alibaba, Baidu, and Tencent were once regarded with national pride. Now they’re being slapped with fines and other penalties.
Beijing Regulators Zero in on Chinese Big Tech (Wall Street Journal) Beijing is increasing pressure on the country's tech firms to get into line with national ambitions. Reporter Stephanie Yang joins host Zoe Thomas to discuss the ways regulators are stepping up scrutiny and what it means for the future of Chinese tech.
Europe 5G blacklisting is 'politics', says Huawei (Euronews) Huawei told Euronews Next “political motivations” were behind some EU states' moves to ban the company's 5G infrastructure, after US authorities blacklisted it in 2019.
U.S. Leads Coalition Accusing China of Hacking (Lawfare) Lawfare’s biweekly roundup of U.S.-China technology policy and national security news.
Biden hypes China's cyber threat to intel agency to 'justify own online attacks,' ratchets up pressure on Beijing (Global Times) The Biden administration is mobilizing the US intelligence community to speed up its strategic containment to crush China by hyping cyber threats from China, which increased the risks of its rationalizing its cyberattacks against other countries, analysts said on Wednesday after President Joe Biden highlighted growing
GDPR Three Years on the Road: The 10 Key Developments You Should Know (cyber/data/privacy insights) On the third anniversary of the General Data Protection Regulation, Cooley started a series of webinars focused on the GDPR.
Our first webinar covers what we consider “the Top 10 key developments you should know” concerning the implementation of this ground-breaking personal data privacy regime.
Canada lays out major plans to target illegal content on Facebook, YouTube, Pornhub and other platforms (Toronto Star) A new regulatory framework aimed at curbing illegal content online has been proposed by the federal government.
GOP Bill Attempts to Inject Life Into Stalled Internet Privacy Talks (Wall Street Journal) Sen. Roger Wicker (R., Miss.) plans Wednesday to introduce a bill for ensuring consumers’ control over personal data collected or processed by companies.
Wyden bill would require digital signatures for sensitive court orders (CyberScoop) Miscreants have leveraged counterfeit court documents to authorize wiretaps on romantic interests or dupe Google into removing embarrassing links from search results, among other instances of fraud, in recent years.
The US needs better tools to fight transnational repression. Here’s where to start. (Atlantic Council) As autocrats reach beyond their borders to punish their opponents, the United States must meet the challenge by preparing effective, forward-thinking policy.
Securing Cyberspace with Chris Krebs, Former Director of the Cybersecurity and Infrastructure Security Agency (Washington Post) There is increased concern about the rise in ransomware attacks and growing misinformation campaigns. In a conversation with Washington Post Live, Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency, discussed how the U.S. and allies should respond to adversaries’ cyberattacks and what role CISA should play in addressing ransomware and growing disinformation campaigns.
Joint Statement by Secretaries Mayorkas and Raimondo on President Biden’s New National Security Memorandum (U.S. Department of Commerce) Today, Secretary of Homeland Security Alejandro N. Mayorkas and Secretary of Commerce Gina M. Raimondo released a joint statement on President Biden’s signing of a new National Security Memorandum, “Improving Cybersecurity for Critical Infrastructure Control Systems.”
Replacing the Department of Homeland Security with Something Better (Brennan Center for Justice) A mistake made in panic would be best fixed by starting over.
DHS recent hiring sprint shows promise, but lawmakers still see gaps in the federal cybersecurity workforce (FCW) The federal government continues to face challenges in recruiting a skilled cybersecurity workforce, amid heavy private sector demand and obstacles built into the hiring process, but there are some recent signs that longstanding efforts to improve the situation are starting to pay off.
Litigation, Investigation, and Law Enforcement
Russia fines Google for violating data storage law (AP NEWS) A Moscow court ordered Google on Thursday to pay a fine of 3 million rubles (roughly $41,000) for refusing to store the personal data of Russian users on servers in Russia, a move that is part of the government's longstanding effort to tighten its grip on online activity.
Amazon Gets Record $888 Million EU Fine Over Data Violations (Bloomberg) Luxembourg watchdog wields new powers with highest data fine. Fine follows probe based on complaint by French privacy group.
« Projet Pegasus » : les analyses des autorités françaises confirment l’infection des téléphones personnels de plusieurs journalistes (Le Monde.fr) Des analyses techniques conduites par les autorités françaises ont confirmé la présence de traces du logiciel espion de NSO Group dans le téléphone d’un journaliste de France 24.
French finance minister's phone investigated in Pegasus spyware case (Reuters) The phone of France's finance minister Bruno Le Maire is currently being investigated to determine whether it has been infected by a spyware known as Pegasus.
Israeli Government Visits NSO Group Amid Spyware Claims (GovInfoSecurity) The Israeli government paid a visit on Wednesday to NSO Group, the company whose spyware is alleged to have been covertly installed on the mobile devices of
Bitcoin Seized by DOJ Headed to Crypto Custodian Anchorage in $6.6 Million Deal (Decrypt) Federal authorities have seized lots of Bitcoin and other cryptocurrencies. The U.S. Marshals Service contracted with Anchorage to manage it.
Google says it removed 71,132 content pieces in May, 83,613 items in June in India (ET CIO) In its maiden report, Google said it had received over 27,700 complaints in April this year from individual users in India over alleged violation of l..
Companies Face Growing Legal Risks Over Ransomware Data Leaks (Wall Street Journal) A cancer patient in Ireland is suing a hospital in Cork after his data was exposed online following a ransomware attack on the country’s healthcare system.
Republican-led Arizona ballot review grinds to rocky conclusion, with results expected next month (Washington Post) The Arizona Senate returned nearly 2.1 million ballots to the control of the state’s largest county Thursday as the GOP-led recount of votes cast in the 2020 presidential election drew to a rocky close, marked by upheaval that is likely to further undermine public confidence in its conclusions, set to be announced next month.
Rubio seeks additional details from ODNI on Tucker Carlson accusations (The Record by Recorded Future) The top Republican on the Senate Intelligence Committee says he intends to press the nation’s spy chief for more details about Tucker Carlson’s accusations that the NSA targeted his communications.