Attacks, Threats, and Vulnerabilities
Five Southeast Asian telcos hacked by three different Chinese espionage groups (The Record by Recorded Future) At least five major telecommunication providers from Southeast Asia have been hacked over the past years by different Chinese cyber-espionage groups.
Hackers Take Down Italian Vaccine-Booking Site (Wall Street Journal) A cyberattack took down an Italian region’s vaccine-scheduling website, highlighting hackers’ ability to topple Covid-19 infrastructure.
Hackers block Italian Covid-19 vaccination booking system in 'most serious cyberattack ever' (CNN) Hackers have attacked and blocked an Italian Covid-19 vaccination booking system, a source from Italy's cybercrime police told CNN on Monday, marking the worst cyberattack the country's health service has ever seen.
New sophisticated RAT in town: FatalRat analysis (AT&T Alien Labs) This blog was written by Ofer Caspi and Javi Ruiz.
Summary
AT&T Alien Labs™ has recently observed the presence of a new remote access trojan (RAT) malware in its threat analysis systems. The malware, known as FatalRAT, appears to be distributed via forums and Telegram channels, hidden in download links that attempt to lure the user via software or media articles.
Key takeaways:
AT&T Alien Labs performed a malware analysis of the FatalRAT threat.
We have observed a
Suspected Chinese hackers took advantage of Microsoft Exchange vulnerability to steal call records (CyberScoop) Hackers with ties to China took advantage of vulnerabilities in Microsoft Exchange for several months starting in late 2020 to steal call logs from a Southeast Asia telecommunication company, researchers at Cybereason report.ucting the same kinds of operations. The […]
An interview with BlackMatter: A new ransomware group that's learning from the mistakes of DarkSide and REvil (The Record by Recorded Future) A representative of the BlackMatter group talked to Recorded Future expert threat intelligence analyst Dmitry Smilyanets.
Inside a Ransomware Negotiation: This Is How ‘Asshole’ Russian Hackers Shake Down Companies (The Daily Beast) The Daily Beast obtained transcripts of a victim negotiating with a ransomware gang this summer, just as the Biden administration began to grapple with an onslaught of attacks.
Microsoft web servers targeted by hacker ‘Praying Mantis’ (CRN Australia) Users urged to patch .NET deserialisation vulnerabilities.
This new phishing attack is 'sneakier than usual', Microsoft warns (ZDNet) Microsoft issues an alert over a 'crafty' phishing campaign.
New Android Malware 'Vultur' Can Record Your Screen, Steal Bank Details: 1 Major Warning Sign and How to Stop It (iTech Post) A new malware has been reported stealing banking, social media, and cryptocurrency data from Android devices. Widespread damage occurred in areas like Italy, Spain, and Australia. Keep an eye out for signs of the malware Vultar and watch for the warning signs.
Jihadists flood pro-Trump social network with propaganda (POLITICO) GETTR, the new platform started by members of the former president’s inner circle, is awash with beheading videos and extremist content.
Ransomware Attacks Leave Lasting Damage (Security Boulevard) Organizations hit by ransomware attacks also report tightened budgets and lingering impacts on productivity, profitability and security posture,
How to Phish for User Passwords with PowerShell (Black Hills Information Security) tokyoneon // Spoofing credential prompts is an effective privilege escalation and lateral movement technique. It’s not uncommon to experience seemingly random password prompts for Outlook, VPNs, and various other authentication protocols in Windows environments. Adversaries will abuse functionalities built into Windows and PowerShell to invoke credential popups to acquire user passwords. As defined by the MITRE […]
What To Know About Microsoft's Registry Hive Flaw: #SeriousSAM (Black Hills Information Security) #hivenightmare / #lolwut Jeff McJunkin* // What is it? tl;dr — Unpatched privilege escalation in Windows 10 in nearly all supported builds. The vulnerability (CVE-2021–36934) allows an attacker with limited user code execution on Windows 10 (or 11) to gain administrative privileges locally, allowing any of the following follow-on attacks: Stealing credential material for any […]
Vulnerability Summary for the Week of July 26, 2021 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
CNA Overcame Cyber Attack to Finish Strong in Q2 (Insurance Journal) CNA Financial Corp. (CNA) announced second quarter 2021 net income of $368 million versus $151 million in the prior year quarter. The quarter saw
Security Patches, Mitigations, and Software Updates
Cisco fixes vulnerability that allowed criminals to remotely execute arbitrary code and control a firewall (Positive Technologies) Users are advised to install new versions of Cisco FDM On-Box, check for signs of penetration using NTA and SIEM systems
Microsoft to enable PUA protection for Windows 10 users this month (The Record by Recorded Future) Throughout the month of August 2021, Microsoft plans to enable a Windows Defender security feature for all Windows 10 users that will protect and warn them when downloading or attempting to install shady software commonly referred to as PUAs—or potentially unwanted applications.
Bot protection now generally available in Azure Web Application Firewall (BleepingComputer) Microsoft has announced that the Web Application Firewall (WAF) bot protection feature has reached general availability on Azure on Application Gateway starting this week.
Trends
Supply chain attacks are getting worse, and you are not ready for them (ZDNet) EU cybersecurity think tank looks at 24 recent supply chain attacks, and warns that defences against them are not good enough.
Cyber Risk Index (Trend Micro) We teamed up with the Ponemon Institute to investigate the level of cyber risk across organizations and create a Cyber Risk Index (CRI). Refreshed regularly, the CRI is a comprehensive measure of the gap between an organization's current security posture and its likelihood of being attacked. The latest round added Latin/South America to the other three regions, North America, Europe, and Asia-Pacific to provide a global view of organizations’ risk level.
Egress | 73% of organisations suffered data breaches caused by phishing in the last year (RealWire) Half of IT leaders say that future remote or hybrid work will make it harder to prevent phishing incidents
London, UK – 3rd August 2021 – Egress’ 2021 Insider Data Breach Survey has revealed that almost three-quarters (73%) of organisations have suffered data breaches caused by phishing attacks in the last year
Global Incident Response Threat Report: Manipulating Reality (VMware Carbon Black) Download the Global Incident Response Threat Report today and learn how to build resilient, cyber-vigilant incident response teams, while also taking a deeper look at the increasingly sophisticated threats facing organizations today.
Cybercriminals Manipulate Reality via Integrity and Destructive Attacks, VMware Report Finds (VMware) Defenders fight back against weaponization of new technologies, industrialization of e-crime, and burnout
3 Out Of 4 People Want Companies to Use Consumer Consented Data (Invisibly) We not only lack the sleep we need, but we also recognize there’s plenty of room for improvement and understand how extra sleep could benefit us.
GlobalSign 2021 PKI Survey Results (GlobalSign GMO Internet, Inc.) GlobalSign’s 2021 PKI survey shows certificate automation still lags and deep confusion around electronic vs digital signatures.
Ransomware attacks on Korean companies on the rise: KISA (The Korea Herald) The number of ransomware attacks on Korean companies, organizations and schools is on the rise and hackers are using more sophisticated techniques to exploit vulnerabilities in security systems, the country’s state-run cybersecurity body warned. Ransomware refers to malware that infects computer and mobile devices by exploiting system vulnerabilities, and threatens to destroy data unless a ransom is paid. A...
Most Greek Workers Don't Get Cybersecurity Training or Use VPN's (The National Herald) Greece's capital is home to the European Union's cybersecurity agency ENISA but despite a proliferation of hack attacks in the bloc – and Greece- 75 percent of workers
Electronics buyers find more value in security features as threats rise (The Economic Times) The steep rise in incidents of cyberattacks, malware and hacking has led to an increase in demand for smartphones and laptops with enhanced inbuilt privacy measures and anti-virus software.
Marketplace
Ivanti Acquires Vulnerability Management Software Company RiskSense (MSSP Alert) IT asset & service management software solutions provider Ivanti acquires RiskSense for vulnerability management & prioritization software.
Galois Creates Standalone Organization to Develop Microelectronic Systems; Robert Wiltbank Quoted (GovCon Wire) Looking for the latest GovCon News? Check out our story: Galois Creates Standalone Organization to Develop Microelectronic Systems. Click to read more!
Amazon will pay you $10 in credit for your palm print biometrics (TechCrunch) The retail giant has a spotty history with biometric data.
ReversingLabs Named Winner in Black Unicorn Awards for 2021 (GlobeNewswire News Room) ReversingLabs Named a Top 10 Black Unicorn in Awards for Cybersecurity Companies With Potential Market Value of $1B CEO Mario Vuksan Named Winner of the...
XM Cyber Named "Black Unicorn" for Third Year in a Row (PR Newswire) XM Cyber, the multi-award-winning leader in attack path management, announced today that it has won a 2021 Cyber Defense Black Unicorn Award in...
HUMAN Honors Late Co-Founder and Chief Scientist with the Dan Kaminsky Fellowship (BusinessWire) HUMAN honors late co-founder and chief scientist with the Dan Kaminsky Fellowship.
Jawahar Sivasankaran Appointed President and COO (Appgate) Jawahar Sivasankaran--SaaS and cybersecurity industry veteran--appointed President and COO of Appgate to lead business operations and growth strategy.
SailPoint Announces Appointment of Ron Green to Board of Directors (BusinessWire) SailPoint, the leader in enterprise identity security, announces the appointment of Ron Green to its Board of Directors, effective on July 27, 2021.
Products, Services, and Solutions
New CyberSN Marketplace Empowers Cybersecurity Professionals to Take Ownership of their Careers and Enables Organizations to Build Their Teams for Lasting Success (BusinessWire) New CyberSN Marketplace Empowers Cybersecurity Professionals to Take Ownership of their Careers and Enables Organizations to Build Teams for Success
IDX Announces Complimentary ForgetMe Privacy Service for All Current & Former U.S. Law Enforcement Officers (PR Newswire) Today, IDX, the leading privacy platform and data breach services provider, is making their ForgetMe service available to all 800,000+ current...
Qualys Collaborates with Red Hat to Enhance Security for Red Hat Enterprise Linux CoreOS and Red Hat OpenShift (PR Newswire) Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of disruptive cloud-based IT, security and compliance solutions, today announced it...
INTERPOL and Onfido provide training for airport officers in digital identity fraud (Onfido) Joint training sessions support border control and immigration officers at U.S. airports to detect fake physical and digital identity documents.
Traceable AI releases the industry's first free API security solution (PR Newswire) Traceable AI, the leader in API security protection, today announced the introduction of the industry's first free API security solution....
Saltworks, Bit Discovery Partner to Advance Attack Surface Management (BusinessWire) Appsec company Saltworks announces partnership with Bit Discovery, advancing attack surface management.
SpotCrime Enlists Woolpert to Deliver Google Maps Platform Services, Technical Support (Yahoo Finance) Woolpert has been contracted by SpotCrime to provide Google Maps Platform services and technical team support for its independent, public facing crime alert service. SpotCrime, which is based in Baltimore, tracks incidents of crime across the U.S. and in select countries and recently implemented a nationwide missing persons database.
Fortinet expands security services to protect digital infrastructure (Security Brief) “As the digital attack surface expands with billions of edges that need to be protected, organisations are struggling to support an array of point security solutions and disparate services.
Nuspire Launches New Managed Endpoint Detection and Response (EDR) Service That Supports Leading EDR Technology Providers Including Carbon Black, SentinelOne and Others - Nuspire (Nuspire) Nuspire, leading Managed Security Services Provider (MSSP) that is revolutionizing the cybersecurity experience, today announced its new managed EDR service that supports best in breed EDR technologies from Carbon Black, SentinelOne and others to help clients manage their EDR solutions and automate responses. “As organizations shifted to remote work last year,…
Corelight Introduces Smart PCAP to Give Security Teams Immediate Access to the Right Network Evidence (PR Newswire) Black Hat Booth #1671 -- Corelight, provider of the industry's leading open network detection and response (NDR) platform, today launched Smart...
Code42 and Rapid7 Partner to Deliver Enhanced Detection and Investigation of Insider Threat Events (BusinessWire) Code42 Incydr has been integrated with Rapid7 InsightIDR, giving security teams the ability to better triage critical insider threat events.
Exabeam Announces the XDR Alliance to Ensure Industrywide Collaborative Framework for Cybersecurity (BusinessWire) Exabeam today announced the XDR Alliance.
Technologies, Techniques, and Standards
Software supply chains and security - will the Software Bill of Materials approach work? (Computing) SBOMs are now law in the US, but it will be a challenge to make them work
Protecting SMBs Against Kaseya Supply Chain, Zero Day, and Ransomware Attacks (Check Point Software) The Highlights Massive Kaseya supply chain attack carried out by REvil in early July weekend impacted numerous customers with millions of USD in ransom
SolarWinds CEO Talks Securing IT in the Wake of Sunburst (InformationWeek) Lessons learned from the pandemic and the aftermath of the Sunburst cyberattack puts the IT trends report issued by SolarWinds in a special context.
Why Good Cybersecurity Requires Leadership Buy-In, Culture Shift (Government CIO) Federal agencies can start by applying a zero trust security model to cloud operations.
Design and Innovation
Twitter uses HackerOne bounties to find biases in its image-cropping AI model (Register) Claims it's the first algorithmic bias bounty competition
Academia
TikTok kicks off partnership to help the first US Cyber Team compete on the world stage (Newsroom | TikTok) TikTok is an entertainment platform powered by a diverse and vibrant global community. To safeguard TikTok as a destination for creative self-expression and joy, we continuously invest in our people,
Legislation, Policy, and Regulation
The Challenges of Fourth Generation Espionage (Cipher Brief) In a rare December 2018 public address, then-British Secret Intelligence Service (SIS) Chief Alex Younger, (who is now a Cipher Brief Expert) used the term ‘fourth-generation espionage’ to describe the new mindset that intelligence leaders need in order to address the challenges of the fourth industrial revolution. He noted that “The digital era has profoundly changed our operating environment. Bulk data combined with modern analytics make the modern world transparent. We need to ensure that technology is on our side, not that of our opponents”.
HSE spent nearly €700,000 setting up 'war room' after ransomware attack (Irish Mirror) Details of the spending have emerged following the publication of contract award notices by the health authority
The rise of the private surveillance industry (CyberNews) Pegasus is just a small part of a much more pervading problem spreading across the globe. And it will only get worse before it gets better.
When ransomware attacks US infrastructure, it’s tricky to know when to return fire (Federal News Network) Jason Healey is a senior research scholar at Columbia University’s School for International and Public Affairs.
The US Needs a Department of Cybersecurity (Defense One) As the saying goes, when everyone is in charge, no one is in charge.
Cybersecurity for critical infrastructure gets a boost in US (Smart Energy International) A Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems has been signed by US President Joe Biden.
Litigation, Investigation, and Law Enforcement
Pegasus spyware found on journalists’ phones, French intelligence confirms (the Guardian) Announcement is first time an independent and official authority has corroborated Pegasus project findings
Bipartisan report finds agencies plagued by cyber woes (The Record by Recorded Future) Several major federal agencies continue to fail to address recurring cybersecurity vulnerabilities or implement basic standards that would protect the public’s sensitive information, according to the results of a new bipartisan congressional investigation.
The Cybersecurity 202: Government cyber protections are poor and not getting better, a Senate report finds (Washington Post) A blistering Senate report in 2019 found dangerous cybersecurity lapses at eight government agencies, including unpatched computer bugs and citizens’ personal information left vulnerable to hacking.
ICO reports 'surprising' decline in personal data breaches (CRN) Reports fell from 11,854 in the 2019/20 financial year to 9,532
Facebook’s Kustomer Takeover Gets In-Depth EU Investigation (Bloomberg) EU sets Dec. 22 deadline to examine customer-service software. EU will also examine Facebook’s ad-targeting “data advantage”.
Police Release Details On Killing Of Cybersecurity Executive Juanita Koilpillai (CBS Baltimore) Almost a week after well-known tech executive, Juanita Koilpillai was found dead outside her Anne Arundel County home, her 23-year-old son has been charged with her murder. Andrew Beavers was arrested in Virginia. He's been charged with first and second-degree murder.
A tech CEO was found dead outside her home in Md., police say. Her son is now charged with murder. (Washington Post) Detectives said Andrew Weylin Beavers fatally stabbed his mother, Juanita Koilpillai, at their home, hid her body and then fled in her car to Leesburg, Va.
'They became the scapegoats': Security contractors arrested at Dallas County Courthouse in 2019 sue county, sheriff (Des Moines Register) The men had been contracted to test courthouse security by state judicial officials when they were arrested by the county sheriff's office.
Maricopa County defies state subpoena seeking to expand GOP ballot review, calling it an ‘adventure in never-never land’ (Washington Post) The latest spat between local officials and the Arizona Senate shows the divide among Republicans over the recount.