Attacks, Threats, and Vulnerabilities
Positive Technologies: APT group targeting government agencies around the world detected in Russia for the first time (Positive Technologies) Positive Technologies Expert Security Center (PT ESC) revealed new attacks by APT31 and analyzed its new tool—a malicious software that allows criminals to control a victim’s computer or network by using remote access.
Chinese Hackers Compromised Telecom Firms, Researchers Say (Bloomberg) Hacking groups said to exploit flaws in Microsoft Exchange. Attackers pulled off ‘holy grail of espionage’ in breaches.
Iranian APT Lures Defense Contractor in Catfishing-Malware Scam (Threatpost) Fake aerobics-instructor profile delivers malware in a supply-chain attack attempt from TA456.
LemonDuck botnet evolves to allow hands-on-keyboard intrusions (The Record by Recorded Future) Over the past two years, a once-tiny crypto-mining malware strain has evolved into a massive botnet and is now experimenting with hands-on-keyboard intrusions into hacked networks, signaling a dangerous turn that could see the group's operators deliver ransomware or more dangerous threats in the coming future.
When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure (Microsoft Security Blog) LemonDuck, an actively updated and robust malware that’s primarily known for its botnet and cryptocurrency mining objectives, adopted more sophisticated behavior and escalated its operations. Today, beyond using resources for its traditional bot and mining activities, LemonDuck steals credentials, removes security controls, spreads via emails, moves laterally, and ultimately drops more tools for human-operated activity.
When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks (Microsoft Security Blog) LemonDuck is an actively updated and robust malware primarily known for its botnet and cryptocurrency mining objectives. Today, beyond using resources for its traditional bot and mining activities, LemonDuck steals credentials, removes security controls, spreads via emails, moves laterally, and ultimately drops more tools for human-operated activity.
INFRA:HALT - Forescout (Forescout) Forescout Research Labs and JFrog Security Research discover 14 new vulnerabilities affecting closed source TCP/IP stack NicheStack, allowing for Denial of Service or Remote Code Execution primarily affecting operational technology (OT) and industrial control system (ICS) devices.
INFRA:HALT vulnerabilities affect OT devices from more than 200 vendors (The Record by Recorded Future) Security researchers have disclosed today 14 vulnerabilities that impact a popular TCP/IP library commonly used in industrial equipment and Operational Technology (OT) devices manufactured by more than 200 vendors.
Report: Over 63 Million US Citizens Exposed in Massive Data Leak (vpnMentor) Led by Ran Locar and Noam Rotem, vpnMentor’s research team discovered that B2B marketing company OneMoreLead was leaking the private data of up to 126 million American
A Silicon Valley VC firm with $1.8B in assets was hit by ransomware (TechCrunch) Advanced Technology Ventures said investor data was stolen from the company's servers.
Cyber attack at Ardagh Group cost $34m (RTE.ie) A cyber attack at Ardagh Group in May cost the company $34 million.
LVHN patients' info hacked in cyber attack (WFMZ) LVHN is warning patients their data could have been stolen in a hack earlier this year.
Isle of Wight schools hit by ransomware (Computing) Six schools and the Isle of Wight of Education Federation have had data encrypted in an attack that could delay the start of the new term
Security Patches, Mitigations, and Software Updates
Swisslog Healthcare Translogic PTS (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Swisslog Healthcare
Equipment: Translogic PTS (Pneumatic Tube Systems)
Vulnerabilities: Use of Hard-coded Password, Execution with Unnecessary Privileges, Improper Authentication, Download of Code without Integrity Check, Out-of-Bounds Write
2.
Trends
Acronis Cybertreats Report: Mid-year 2021 (Acronis) Acronis was the first company to implement completely integrated cyber protection to protect all data, applications, and systems.
Contrast Security Study Highlights Lower Application Security Debt Equates to Reduced Risk (Newswire) 2021 Application Security Observability Report from Contrast Labs also reported a 31% jump in serious vulnerabilities and a 29% increase in likelihood of attacks on vulnerabilities
Proofpoint’s Annual Human Factor Report Reveals How 2020 Transformed Today’s Threat Landscape (Proofpoint) More than 48 million observed messages containing malware capable of downloading ransomware foreshadowed the risk of recent high-profile cyber attacks
The Human Factor 2021: Cybersecurity, Ransomware and Email Fraud in a Year that Changed the World (Proofpoint) As the global pandemic upended work and home routines in 2020, cyber attackers pounced. Dive deep into how this extraordinary time has changed the threat landscape—and what it means for the year ahead. Our premiere threat report draws from one of cybersecurity's largest and most diverse data sets to explore user vulnerability, attacks and privilege through a people-centric lens. You'll learn:
Kaseya ransomware attack sets off race to hack service providers -researchers (KELO-AM) A ransomware attack in July that paralyzed as many as 1,500 organizations by compromising tech-management sof...
Deep Instinct identifies top 5 ransomware attacks in the first half of 2021 (CTECH) Mid-year threat landscape report has highlighted some of the ways that organizations and individuals are at risk online
Increase in DDoS extortion campaigns and hit-and-run assaults (IT Brief) The window between the disclosing and weaponising of new vulnerabilities is getting very slim.
What's behind the explosion in zero-day exploits? (IT PRO) Projections show the industry will detect almost three times as many exploits in 2021 as were found last year
Remote code execution the most common cyber threat faced by Canadian firms: Report (IT World Canada) Canadian cybersecurity teams face a wide range of threats, but the most common vulnerability exploit type is remote code execution (RCE), according to a report from Check Point Software Technologies. In its annual mid-year attack trends report, which uses data from customers, the company said that in 61 per cent of attacks against Canadian organizations […]
29% of corporate users in Kenya experienced financial malware attacks in the first half of 2021 (Africanews) Although Kaspersky’s (https://africa.Kaspersky.com) research shows that the overall number of financial malware attacks in Kenya has decreased in the first half of 2021, when compared
Marketplace
Feedzai Acquires World's Most Advanced Biometric Platform, Revelock, Creating the World’s Largest Financial Intelligence Network (FIN) to Secure Cashless Commerce (GlobeNewswire News Room) Industry leader reinvents digital trust, adding pre-transaction behavioral intelligence to prevent financial crime in real-time before it happens, without...
Cerberus Sentinel announces acquisition of VelocIT (GlobeNewswire News Room) U.S. cybersecurity services firm expands managed security services offerings...
CDW acquires cybersecurity company Focal Point Data Risk (ZDNet) Terms of the deal were not disclosed.
Ivanti Acquires RiskSense to Revolutionize the Patch Management Market and Help Customers Proactively Combat Cyber Threats and Ransomware Attacks (BusinessWire) Ivanti, the automation platform that discovers, manages, secures, and services IT assets from cloud to edge, today announced it has acquired RiskSense
Venari Security Raises £4.2M in Series A Funding (FinSMEs) Venari Security, a London, UK –based defender of encrypted networks, raised £4.2m in Series A funding at a post money valuation of £14.2m
Columbus cybersecurity startup raises $30M (NBC4 WCMH-TV) A Columbus cybersecurity startup that looks for hackers’ backdoors into internet of things devices has raised $30 million in venture capital from in…
Ivanti Acquires Industrial Internet of Things Platform to Help Supply Chain Customers Further Automate Workflows and Achieve Operational Excellence (BusinessWire) Ivanti Wavelink, the supply chain business unit of Ivanti, today announced it has acquired an industrial internet of things (IIoT) platform owned by t
MOD pays ethical hackers to uncover IT flaws (Computing) The MOD crowdsourced pen-testing with US-based HackerOne
Darktrace’s customer base in Australia grows by 60% (iTWire) British American AI company Darktrace says its customers in Australia has grown by over 60% as more organisations are tightening their security defence. The company’s employee headcount in Sydney, Melbourne, and Perth also doubled. The number of Darktrace customers in Australia has grown by over 60%...
KnowBe4 Gives Notice of Lock-Up Agreement (TylerPaper.com) KnowBe4, Inc. (NASDAQ: KNBE), provider of the leading security awareness training and simulated phishing platform, today announced that pursuant to the
Adaptive Shield Named Winner in Black Unicorn Awards for 2021 (PR Newswire) Adaptive Shield, the leading SaaS Security Posture Management (SSPM) company, today announced that is has been named a winner in the Black...
Rezilion Named Finalist for Top 10 Cybersecurity Startups for 2021 by Cyber Defense Magazine (Webster County Citizen) Rezilion, a leading DevSecOps automation platform, today announced that it has been named a Finalist for the Top 10 Cybersecurity Startups for
Alexis Breslin Joins Effectual as Chief Human Resources Officer (KPVI) Effectual, a modern, cloud first, managed and professional services company, has named Alexis Breslin as Chief Human Resources Officer. Breslin will lead
ReliaQuest Expands Product and Go-To-Market Teams with Executive Appointments (BusinessWire) ReliaQuest, the leader in Open XDR-as-a-Service, today announced the appointments of Brian Foster as Vice President of Product, Paul Kraus as Vice Pre
Cybersecurity XDR Innovator Cynet Expands Into North America with Appo (PRWeb) Cynet, the world’s first autonomous breach protection platform, announced today its expansion into the U.S. with the appointment of Daniel Klein to Chief Business O
Download the 2021 Mid Year Data Breach QuickView Report Today (Risk Based Security) Download Risk Based Security's 2021 Mid Year Data Breach QuickView Report. Powered by Cyber Risk Analytics, get key insights into specific industries.
Download the 2021 Mid Year Vulnerability QuickView Report Today (Risk Based Security) Download Risk Based Security's 2021 Mid Year Vulnerability QuickView Report. Powered by VulnDB, get key insights into specific industries.
Pentera Appoints Morgan Jay as VP of Sales for EMEA and APAC to Accelerate Record Growth on Global Scale (BusinessWire) Automated Security Validation Leader Adds Veteran Leadership in EMEA and APAC Regions
Products, Services, and Solutions
Blumira Unveils Industry’s Fastest Detection System & Cloud Security Deployment Time at Black Hat (Blumira) Blumira introduced the fastest cloud security monitoring solution available today, enabling organizations to set up cloud security in a matter of minutes.
Agio Disrupts the IT Support Landscape with AI-Enabled Service Platform (PR Newswire) Today Agio, a leading hybrid cybersecurity and managed IT organization, unveils their new AI-enabled service platform, AgioNow, a powerful tech...
IDX Launches 2.0 Update to IDX Privacy's Mobile App (PR Newswire) Today, IDX, the leading privacy platform and data breach services provider, announced the 2.0 launch of the mobile app version of its...
Sumo Logic and SYNNEX Collaborate to Deliver Modern Cloud-Native Security Solutions (Sumo Logic) Sumo Logic and SYNNEX Collaborate to Deliver Modern Cloud-Native Security Solutions
Optiv Security Launches Next-Gen Managed XDR to Stop Threats Earlier in Attack Lifecycle, Minimize Business Impact (PR Newswire) Optiv Security, the leading end-to-end cybersecurity solutions partner, launched its Managed Extended Detection and Response (MXDR) offering at...
Elastic Introduces the Industry’s First Free and Open Limitless XDR (Elastic) New Capabilities Unify SIEM, Security Analytics and Endpoint Security, Enabling Customers to Stop Threats at Cloud Scale on a Single Platform
Hunters Announces New Open XDR Capabilities Making it the Leading SIEM Alternative (GlobeNewswire News Room) Black Hat USA 2021 -- Hunters, the leading Open Extended Detection and Response (XDR) platform, announced...
Microsoft Security adds second podcast to the CyberWire Network (Yahoo Finance) The CyberWire announced today that Microsoft Security's popular podcast, "Security Unlocked," is joining the rapidly growing CyberWire Podcast Network. Each week, the hosts of the show, Nic Fillingham and Natalia Godyla, examine the latest innovations in threat intelligence, security research, and data science, with a special focus on understanding the use of artificial intelligence and machine learning in cybersecurity.
A new voice in the cybersecurity conversation (Medium) I’m excited to introduce README, a new cybersecurity publication that will feature provocative and practical viewpoints, exceptional tech…
Say goodbye to the weakest link in cyber security (ITWeb) VL Telecom has partnered with KnowBe4 to offer integrated security awareness training to organisations across the Middle East and Africa, including South Africa.
ThreatX Announces API Catalog to Provide Enterprises a Clear View of Attack Surface (BusinessWire) ThreatX Announces API Catalog to Provide Enterprises a Clear View of Attack Surface.
Satori Announces Data Security Policy Engine to Streamline and Revolutionize Data Security for Large Enterprises (GlobeNewswire News Room) Satori, the industry’s leading DataSecOps platform, today announced the Satori Data Security Policy...
NetWitness® Ransomware Defense Cloud Service Helps Enterprises Avoid and Mitigate the Impact of Ransomware Attacks (NetWitness.com) New Managed Cloud Service Combines Endpoint Monitoring Technology, Research, Proactive Threat Hunting and Domain Expertise to Hunt Threat Actors in IT Environments
NetWitness® IoT Provides Enterprises with Threat Monitoring and Behavioral Detection Across Their Internet of Things and Operational Technology Systems (NetWitness.com) SaaS-native Solution Monitors Disparate IoT Systems and Devices, and Traditional OT Networks, Across a Digital Infrastructure
Technologies, Techniques, and Standards
NSA, CISA release Kubernetes Hardening Guidance (National Security Agency Central Security Service) The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Technical Report, “Kubernetes Hardening Guidance,” today. This report
NSA, CISA issue Kubernetes security guidance (GCN) A new report, “Kubernetes Hardening Guidance,” details threats to the container orchestration environment and provides configuration guidance to minimize risk.
NSA, CISA publish Kubernetes hardening guide (The Record by Recorded Future) The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published today a 59-page technical report containing guidance for hardening Kubernetes clusters.
What is an SBOM? A deep dive. (Grammatech) A software bill of materials - SBOM - is a list of components that make up a software product that contains the primary list of components for your product but also all the dependencies each of those components bring to the table. Industry standards are coalescing around the work the NTIA is doing in terms of basic elements of the SBOM, use cases and interoperability. Generally improving the software supply chain requires software product suppliers to make SBOMs a standard artifact of software development, integrated into deployment and delivery with standardized formats.
Disaster Recovery Is the Secret Weapon of Cybersecurity (Channel Futures) When executed properly, an effective disaster recovery plan is the secret weapon MSPs need in the fight against cyberthreats.
Five tips to protect against IoT search engines targeting vulnerable devices (Security Brief) Internet of Things (IoT) search engines present both good solutions and serious risks of weaponised exploits.
Splunk BrandVoice: Five Essential Ways To Prepare For A Future Ransomware Attack (Forbes) While Splunk was not directly affected by the ransomware attack, it’s critical that we work together as a community to counter cybersecurity threats and share information about events like these.
Who says you can't fight ransomware attacks? (Construction Dive) Cybercriminals have their sights set on construction companies. It’s a growing peril you can stop now.
Arctic Wolf Introduces New Innovations to Its Industry-Leading Security Operations Platform to Support Organizations in New Hybrid Work Era (Arctic Wolf) New releases further bolster company’s position as the leading security operations data platform to end cyber risk
Leading Security Companies Join the Arctic Wolf Alliance Ecosystem to Strengthen Security Operations for Customers Worldwide (Arctic Wolf) Robust partner and alliance network adds unparalleled attack surface coverage, threat telemetry, and attack detection capabilities to keep customers safe
Academia
UK universities awarded funding for research into IoT, smart home security (The Daily Swig) Academics say that smart technology is a ‘balancing act’, and that consumers need to be aware of the risks
Legislation, Policy, and Regulation
A Cold War is raging in cyberspace. Here's how countries are preparing their defenses (ZDNet) Much like conventional militaries, countries also need to perform occasional drills of their cybersecurity defenses. Instead of soldiers and tanks, these involve virtual machines – and months of pestering executives for their login credentials.
War in cyberspace: The rules of engagement are what matter (TechBeacon) How can cyber-attacks can be understood within the framework that existing treaties provide?
US Facing ‘Pearl Harbor Moment’ From Cyber Attacks, Vice Adm. Trussler Says (Seapower) Vice Adm. Jeffrey Trussler, deputy chief of naval operations for information warfare and director of naval intelligence, said cybersecurity threats to the United States are such that “frankly, where we sit today in 2021, we ought...
Federal Cybersecurity: America's Data Still at Risk (Committee on Homeland Security and Governmental Affairs, US Senate) In June 2019, the Permanent Subcommittee on Investigations (Investigations) issued a bipartisan report titled: Federal Cybersecurity: America's Data at Risk (the 2019 Report).
The State Department and 3 other US agencies earn a D for cybersecurity (Ars Technica) Two years after a damning cybersecurity report, auditors find little has improved.
The Cryptocurrency Surveillance Provision Buried in the Infrastructure Bill is a Disaster for Digital Privacy (Electronic Frontier Foundation) The forthcoming Senate draft of Biden's infrastructure bill—a 2,000+ page bill designed to update the United States’ roads, highways, and digital infrastructure—contains a poorly crafted provision that could create new surveillance requirements for many within the blockchain ecosystem. This could...
The White House Is Deciding Whether to Support a Bureau of Cyber Statistics (Nextgov.com) A key senator introduced a bill containing one of the more controversial recommendations of the Cyberspace Solarium Commission.
Some Cyber Experts Want to Investigate Hacks Like Plane Crashes (Wall Street Journal) President Biden in May ordered the Department of Homeland Security to create a public-private board to investigate major hacks but offered few details on how the initiative would work. Some security wonks say the administration should look to transportation disasters for clues.
Senate infrastructure bill includes $20M for cyber response and recovery (FedScoop) The $1 trillion infrastructure bill would put $20 million in the Cyber Response and Recovery Fund in fiscal 2022 and every year thereafter through fiscal 2027, a bipartisan group of senators revealed Sunday. The fund supports the Cybersecurity and Infrastructure Security Agency‘s response efforts after the Homeland Security secretary, in consultation with the national cyber […]
Senators Introduce Cyber Incident Notification Act (The National Law Review) On July 21, 2021, a bipartisan group of Senators introduced the Cyber Incident Notification Act of 2021 (the "Act";). ;The Act would require federal government agencies...
Coast Guard launches new cyber strategy (FedScoop) The new "Cyber Outlook" updates the 2015 cybersecurity strategy and calls for more teams to focus on protecting critical infrastructure.
Alaska’s IT department centralizes services as it seeks new cybersecurity chief (Fairbanks Daily News-Miner) Alaska continues to have a shortage of IT professionals to fill jobs and is actively recruiting for a cybersecurity chief.
Litigation, Investigation, and Law Enforcement
Totally Concocted (London Review of Books Blog) The documents seemed to reveal a plan to assassinate Narendra Modi; discussed buying arms and setting up guerrilla...
Huawei CFO Enters Final Extradition Hearings Facing Steep Odds (Bloomberg) Final round of hearings are scheduled to run Aug. 4 to 20. Historical odds of beating extradition are about 1 in 100.
Whatever Huawei did, the case against Meng looks spiteful (Light Reading) Held in Canada since December 2018, Huawei's Meng Wanzhou returns to a Vancouver courtroom this week to fight a US demand for extradition. With a final Canadian decision due in October or November, this month's legal battle could be critical in determining if Meng will ultimately face charges of fraud on US soil.
Chip plant says it has not heard anything from UK government on national security probe (CNBC) The U.K. government has not informed Newport Wafer Fab that its sale to Nexperia is under investigation, according to two sources close to the company.
What in-house counsel need to know about “reasonable” data security measures (Reuters) Increasing cybersecurity attacks and fast-evolving data privacy and security law mean there’s so much more data for in-house legal departments to track.
Libertarians built a crypto mecca in New Hampshire — then Feds tore it down (The Verge) The rise and fall of a Bitcoin empire.
Rubio Requests Formal Investigation Into Tucker Carlson Unmasking (U.S. Senator Marco Rubio) U.S. Senator Marco Rubio (R-FL) sent a letter to Director of National Intelligence Avril D. Haines to request a “formal inquiry into allegations that Fox News host Tucker Carlson’s communications were subject to NSA collection, and that Mr. Carlson’s identity was “unmasked” component to that collection.