Attacks, Threats, and Vulnerabilities
Iran-Linked Hackers Expand Arsenal With New Android Backdoor (SecurityWeek) The Iran-linked hacking group named Charming Kitten has added a new Android backdoor to its arsenal and successfully compromised individuals associated with the Iranian reformist movement, according to security researchers with IBM’s X-Force threat intelligence team.
China-Linked Cyberespionage Operation Suggests Interest in SCADA Systems (SecurityWeek) A threat group possibly based in China has been seen targeting critical infrastructure organizations in Southeast Asia, and they may be interested in SCADA systems.
Report Draws Attention to Vulnerabilities in Commercial-Off-the-Shelf Products (Nextgov.com) Commercial products bought without modification are largely exempt from government acquisition regulations, including the Defense Department’s emerging certification program.
GrammaTech | Osterman Research Report Download (Gramma Tech) Osterman Research | Uncovering the Presence of Vulnerable Open-Source Components in Commercial Software
Threat Thursday: Don't Let njRAT Take Your Cheddar (BlackBerry) njRAT, also known as Bladabindi, is a remote access Trojan (RAT) used in attacks targeting organizations in Middle Eastern countries. The malware’s capabilities include logging keystrokes, capturing screenshots, password stealing, exfiltrating data, accessing web cameras and microphones, and downloading files.
Phishing scheme targets unemployment insurance benefits and PII (Consumer Information) Have you gotten an alarming text message about your unemployment insurance benefits from what seems to be your state workforce agency?
Protect Against BlackMatter Ransomware Before It’s Offered (Recorded Future) BlackMatter encrypts victim's files and appears to have been developed by a relatively sophisticated group.
LockBit ransomware recruiting insiders to breach corporate networks (BleepingComputer) The LockBit 2.0 ransomware gang is actively recruiting corporate insiders to help them breach and encrypt networks. In return, the insider is promised million-dollar payouts.
Ransomware poses threat to vulnerable local governments (Washington Post) Ransomware is the invisible threat that’s sweeping the nation.
Disgruntled ransomware affiliate leaks the Conti gang's technical manuals (The Record by Recorded Future) A disgruntled member of the Conti ransomware program has leaked today the manuals and technical guides used by the Conti gang to train affiliate members on how to access, move laterally, and escalate access inside a hacked company and then exfiltrate its data before encrypting files.
Initial access brokers unaffected by ransomware content bans (ComputerWeekly.com) Banning ransomware content from cyber crime forums has done little to prevent initial access brokers from advertising their services, with the number of access listings increasing in the second quarter of 2021.
The heist: nobody is safe from Russia’s digital pirates (Spectator) In April, the Harris network of London schools was held to ransom by hackers. ‘The first thing I did was panic,’ said Sir Dan Moynihan, the chief executive. It wasn’t simply that their computers didn’t work; many of the 50 schools couldn’t function. Some couldn’t open because their internet-controlled doors were jammed shut.
Ransomware Gangs and the Name Game Distraction (KrebsOnSecurity) It's nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. We hang on to these occasional victories because history tells us that most ransomware moneymaking collectives don't go away so much…
Researchers turn the spotlight on the hidden workers of the cybercrime world (ZDNet) Phishing schemes, malware campaigns and other operations involve an array of workers beyond the criminal masterminds. Could giving them better opportunities for legitimate work help cut crime?
Red Canary Intel: When Dridex and Cobalt Strike give you Grief (Red Canary) Many conspicuous, detectable behaviors manifest in the leadup to a Grief ransomware infection. Here’s what you need to look out for.
Critical Cobalt Strike bug leaves botnet servers vulnerable to takedown (Ars Technica) New exploit available for download lets hackers crash Cobalt Strike team servers.
“Cobalt Strike” network attack tool patches crashtastic server bug (Naked Security) Ahhhh, the irony! Red-team network attack tool has its very own bug for Blue Teams to counterexploit.
Messaging Apps Have an Eavesdropping Problem (Wired) Vulnerabilities in Signal, Facebook Messenger, Google Duo, and more all point to a pervasive privacy issue.
Amazon Kindle Vulnerabilities could have led Threat Actors to Device Control and Information Theft (Check Point Software) Check Point Research (CPR) found security flaws in Amazon Kindle, the world’s most popular e-reader. By tricking victims into opening a malicious e-book,
EU officials investigating breach of Cybersecurity Atlas project (The Record by Recorded Future) The European Commission is investigating a breach of its Cybersecurity Atlas project after a copy of the site's backend database was put up for sale on an underground cybercrime forum on Monday.
Major Tea Party Group Was Backed by Salsa Billionaire and Other Wealthy Donors, Hacked Documents Reveal (The Intercept) Tea Party Patriots’ web database contained only a small fraction of the “3 million patriots” it heralds on its site.
Ransomware Attack Forces Indiana Hospital to Turn Ambulances Away (The Daily Beast) Hackers are targeting U.S. hospitals just as COVID-19 cases surge again.
Ransomware attack forces Indiana hospital to divert patients (Becker's Hospital Review) Indianapolis-based Eskenazi Health shut down its IT network and went on diversion early Aug. 4 in response to an attempted ransomware attack, the hospital confirmed to Becker's Hospital Review.
Ransomware Attack Forces Indiana Hospital to Turn Ambulances Away (The Daily Beast) Hackers are targeting U.S. hospitals just as COVID-19 cases surge again.
Eskenazi Health diverting ambulances as cyber-attack investigation continues (Fox 59) Companywide email and online medical record keeping are all a part of the self-imposed network shutdown at Eskenazi Health. Eskenazi Spokesperson Tom Surber said they decided to shut…
Passwordstate customers complain of silence and secrecy after cyberattack (TechCrunch) The company was hit by a supply chain attack that sought to steal the passwords from customer servers around the world.
StarHub suffers data breach, but says no system was compromised (ZDNet) Personal data including mobile numbers and email addresses of 57,191 customers have been found on a third-party data dump website, the Singapore telco says, adding that the leaded information appears to date back to 2007.
Birth, death, marriage certificates are back online as state Vital Statistics returns after massive cyberattack took it down (Must Read Alaska) The Alaska Department of Health and Social Services completed the first of a three-step process to recover from the attack on its information technology infrastructure.
Security Patches, Mitigations, and Software Updates
HCC Embedded InterNiche TCP/IP stack, NicheLite (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: HCC Embedded
Equipment: InterNiche stack (NicheStack), NicheLite
Vulnerabilities: Return of Pointer Value Outside of Expected Range, Improper Handling of Length Parameter Inconsistency, Use of Insufficiently Random Values, Improper Input Validation, Uncaught Exception, Numeric Range Comparison Without Minimum Check, Generation of Predictable Numbers or Identifiers, Improper Check or Handling of Exceptional Conditions, Improper Null Termination
FATEK Automation FvDesigner (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: FATEK Automation
Equipment: FvDesigner
Vulnerabilities: Access of Uninitialized Pointer, Stack-based Buffer Overflow, Out-of-bounds Write
2. RISK EVALUATION
Successful exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.
mySCADA myPRO (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 X8.2
ATTENTION: Exploitable remotely/low attack complexity
Vendor: mySCADA
Equipment: myPRO
Vulnerabilities: Improper Access Control, Unrestricted Upload of File with Dangerous Type, Path Traversal, Exposure of Information Through Directory Listing
2.
Advantech WebAccess SCADA (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Advantech
Equipment: WebAccess/SCADA
Vulnerabilities: Cross-site Scripting (XSS), Relative Path Traversal, Stack-based Buffer Overflow
2.
Trends
Kaspersky: DDoS Attacks See Significant Decrease in Q2 2020 (Tech Times) According to Kaspersky, the total number of DDoS attacks has plunged to 38.% in the second quarter of 2020. Another decrease happened in the following quarter.
AEC Firms are Twice as Likely to Face Ransomware Attacks as Other Industries (For Construction Pros) More than 30% of architecture, engineering and construction companies that fall prey to successful cyberattacks are victims again one or more times, according to new research from Egnyte
Marketplace
Checkmarx Acquires Software Supply Chain Security Provider, Dustico (BusinessWire) Checkmarx, the global leader in developer-centric application security testing (AST) solutions, today announced that it has acquired Dustico, a SaaS-b
Cryptanalysis Firm Messari Concludes $ 21 Million Series A Led By Point72 Ventures (Bollyinside) “We haven’t yet burnt through our seed capital from 2019, and have been highly capital efficient to date. We expect this capital to help us expand for the
Sophos Acquires Refactr to Optimize Managed Threat Response (MTR) and Extended Detection and Response (XDR) with Security Orchestration Automation and Response (SOAR) Capabilities (Sophos) Deal Further Automates Sophos’ Adaptive Cybersecurity Platform, Which Underpins All of Sophos’ Product Solutions, Services, Threat Intelligence, and Data Lake
Cyber firm BlackCloak to more than double after VC investment (Orlando Inno) A Lake Mary-based cybersecurity startup’s Series A venture capital round will enable the company to more than double in size.
Cybersecurity trainer HackerU acquires Cybint for $50M, say sources (TechCrunch) Florida-based HackerU, which creates cybersecurity and other digital skills programs, is acquiring Cybint, a SaaS-based cyber education company. TechCrunch sources understand this to be a $50 million acquisition, though both companies declined to comment on the price. HackerU provided digital workf…
Exabeam Announces The XDR Alliance To Ensure Industrywide Collaborative Framework For Cybersecurity (AiThority) Exabeam, the security analytics and automation company, announced the XDR Alliance, a partnership of cybersecurity and information technology innovators
Mimecast joins XDR Alliance as founding member to drive open standards (Intelligent CIO Africa) Mimecast Limited, an email security and cyber resilience company, has announced it has joined Exabeam’s XDR Alliance as a founding member. The alliance is a partnership of leading cybersecurity industry innovators committed to an inclusive and collaborative extended detection and response (XDR) framework and architecture. The goal of the XDR Alliance is to foster an […]
CMMC Accreditation Body Names Raymond Karrenbauer Executive Vice President and Chief Financial Officer (BusinessWire) CMMC Accreditation Body Names Raymond Karrenbauer Executive Vice President and Chief Financial Officer
Orange Cyberdefense expands management team in Belgium (Telecompaper) Orange Cyberdefense announced the appointment of new members to its management team in Belgium. Corine Vanherf, previously at Ahold Delhaize, becomes Legal Counsel, while Hans Stevens and Bart van Kildonck from sister company Orange Business Services take the roles of respectively Head of Solution and Head of Large Projects.
Products, Services, and Solutions
Apple is prying into iPhones to find sexual predators, but privacy activists worry governments could weaponize the feature (Washington Post) Apple unveiled a sweeping new set of software tools Thursday that will scan iPhones and other devices for child pornography and text messages with explicit content and report users suspected of storing illegal pictures on their phones to authorities.
Apple to scan US iPhones for images of child sexual abuse (Baltimore Sun) Apple unveiled plans to scan U.S. iPhones for images of child sexual abuse, drawing applause from child protection groups but raising concern among some security researchers that the system could be misused by governments looking to surveil their citizens.
Code42 and Rapid7 Partner to Deliver Enhanced Detection and Investigation of Insider Threat Events (BusinessWire) Code42 Incydr has been integrated with Rapid7 InsightIDR, giving security teams the ability to better triage critical insider threat events.
Qualys partners with Red Hat to improve Linux and Kubernetes security (ZDNet) Security company Qualys is partnering with Red Hat to bring built-in Cloud Agent security to Red Hat Enterprise Linux CoreOS and Red Hat OpenShift.
Redspin is Approved to Offer CMMC Training as a Licensed Training Provider (Joplin Globe) Redspin, a division of CynergisTek (NYSE AMERICAN: CTEK), a leading cybersecurity firm helping organizations in highly regulated industries navigate emerging security and privacy issues, today announced the company is approved as a Licensed Training Provider (LTP) to offer Certified CMMC Professional (CCP), and both levels of Certified CMMC Assessor (CCA-1 and CCA-3) training in different classroom settings to accommodate all students.
IronNet Announces Expanded Support for Cyber Threat Detection and Management in Microsoft Azure Environments (BusinessWire) IronNet Cybersecurity, in its mission to transform cybersecurity through Collective Defense, announced today expanded support for detecting and preven
Kaspersky and the Coalition Against Stalkerware launch new technical training (TahawulTech.com) Kaspersky and the Coalition Against Stalkerware launch new technical training.
SentinelOne Unveils Storyline Active Response (STAR) To Transform XDR (BusinessWire) SentinelOne (NYSE: S), an autonomous cybersecurity platform company, today unveiled SentinelOne Storyline Active Response (STAR)TM, its cloud-based au
Joe Slowik of Gigamon Named Winner of Top 10 Cybersecurity Experts for 2021 by Cyber Defense Magazine (BusinessWire) Gigamon, the leader in cloud visibility and analytics, today announced that Joe Slowik has been named a Top 10 Cybersecurity Expert.
Nozomi Networks Launches New Program to Arm Industry-Leading MSSPs to Deliver Advanced Security Services for OT and IoT (Nozomi Networks) New global MSSP Elite Program provides Accenture, FireEye Mandiant, Moro Hub, Telefónica, and others with an advanced framework for the successful delivery of OT/IoT managed security services
Technologies, Techniques, and Standards
Cybersecurity Workforce Training Guide (CISA) The downloadable Cybersecurity Workforce Training Guide is for current and future federal, state, local, tribal, and territorial (SLTT) staff looking to expand their cybersecurity skills and career options. This Guide helps professionals develop a training plan based on their current skill level and desired career opportunities.
The $1 trillion infrastructure bill is a baby step toward the US grid we need (MIT Technology Review) It will take hundreds of billions of dollars, and far faster approvals, to build the interconnected network required to clean up the power sector.
13 Important Considerations When Obtaining Cyber Liability Insurance (Joseph Steinberg) (I co-wrote this article with Mark Lynd, CISSP, ISSAP & ISSMP, Head of Digital Business at NETSYNC.) While leveraging cyber-liability insurance has become an essential component of cyber-risk mitigation strategy, cyber-liability offerings are still relatively new, and, as a result, many parties seeking to obtain coverage are still unaware of many important factors requiring consideration […]
Cyber-Liability Insurance 101: First Party Vs. Third Party Risks (Joseph Steinberg) One of the important concepts about which people must be aware when evaluating their cybersecurity postures and related liabilities, but which, for some reason, many folks seem to be unaware, is the difference between first-party risks and third-party risks. Understanding the difference between the two is also essential when seeking to obtain – and when […]
VIEWPOINT: Cyber-“Ish” Tips: The Importance of Policy (Central New York Business Journal) Whether your organization calls it cybersecurity, information security, or information assurance, a strong security program is an important element in determining the durability and success of your business.
Legislation, Policy, and Regulation
Putin’s push for isolated internet will shift the Russian cyber landscape (Defense News) The U.S. and NATO bloc must pay more attention to domestic Russian internet policy developments, a cyber researcher argues.
SPIES UNLIKE US: Pegasus and the NSO Group: The dark world of cyber mercenaries (Daily Maverick) Revelations that President Cyril Ramaphosa’s smartphone was potentially a target of a highly sophisticated cyber attack is just the tip of the iceberg. Like the hacking of Transnet’s system, spyware installed on a president’s phone is an onslaught on national security. Increasingly, these attacks are happening in cyberspace, conducted by a different kind of gun-for-hire — the cyber mercenary.
China’s Corporate Crackdown Is Just Getting Started. Signs Point to More Tumult Ahead. (Wall Street Journal) Chinese regulators are pushing businesses to do more to serve the Communist Party’s goals—rattling markets in the process. Investors, analysts and company executives say it isn’t over yet.
Cyber Warfare: India Formulating National Cybersecurity Strategy (Punekar News) The Government of India is formulating the National cybersecurity strategy, which is in the final stages of approval, Raksha Rajya Mantri Ajay Bhatt today informed the Lok Sabha.
India’s tryst with a New National Cyber Security Policy: Here’s what we need (The Financial Express) The onset of the pandemic last year resulted in heavier dependence on technology, coupled with a deeper adoption of interconnected devices and hybrid work environments.
EU Takes Another Step to Harmonize Anti-Money-Laundering Rules (Wall Street Journal) The European Banking Authority has proposed guidance for financial-sector compliance officers, part of a wider revamp of how the EU deals with money laundering.
SEC Chief Gary Gensler Braces for Clash With Crypto Traders (Wall Street Journal) Gary Gensler wants to regulate digital assets to the same extent as stocks, bonds and commodity-related trading instruments.
National Cyber Director Chris Inglis: We need to become a ‘harder target’ for our adversaries (Atlantic Council) How do you strengthen an entire nation’s cyber defenses? That’s the task facing Inglis, who spoke about his priorities in his new White House role at the Atlantic Council.
National cyber director backs new Bureau of Cyber Statistics (Defense Systems) The White House is still considering whether to support the Cyberspace Solarium Commission's recommendation to establish a Bureau of Cyber Statistics, National Cyber Director Chris Inglis said on Monday, while stressing the urgent need for the federal government to begin assessing and publishing data on cybersecurity incidents.
America enlists Big Tech to help it develop and execute cyber security plans (Register) Players in ‘Joint Cyber Defense Collaborative’ include Microsoft, AWS, and Google
CISA teams up with Microsoft, Google, Amazon to fight ransomware (BleepingComputer) CISA has announced the launch of Joint Cyber Defense Collaborative (JCDC), a partnership across public and private sectors focused on defending US critical infrastructure from ransomware and other cyber threats.
CISA looks to tie together public-private partnerships through new cyber planning office (Federal News Network) A new “Joint Cyber Defense Collaborative” includes major cloud providers, telecommunications giants and cyber threat hunting companies.
WSJ News Exclusive | U.S. Taps Amazon, Google, Microsoft, Others to Help Fight Ransomware, Cyber Threats (Wall Street Journal) The creation of a joint initiative under an agency of the Department of Homeland Security follows cyberattacks on critical U.S. infrastructure.
US Senate panel passes bill to restrict sale of Chinese telecoms equipment (South China Morning Post) Huawei, ZTE, Hytera, Hikvision and Dahua are targets of ‘Secure Equipment Act of 2021’, which is intended to close a loophole that had let the companies continue to sell to the US market despite a prohibition that went into effect last year.
US Sen. Schatz Co-Introduces Bipartisan Bill To Fight Cybercrime & Online Scams (Maui Now) US Senators Brian Schatz (D-HI), Thom Tillis (R-NC), John Cornyn (R-TX) and Richard Blumenthal (D-CT) today introduced new legislation to fight cybercrime and help keep Americans safe from online scams.
New Vuln Disclosure Policy Pays Dividends For Federal Agencies (Forbes) Had it not been discovered and reported using the new Vulnerability Disclosure Program, the exposed State Department system might have given malicious actors access to internal Department of State network resources, according to a copy of a vulnerability report provided by the researchers.
New CISA chief announces Joint Cyber Defense Collaborative with private sector (The Record by Recorded Future) The new Cybersecurity and Infrastructure Security Agency Director Jen Easterly appealed to the private sector for help fending off digital attackers and announced an initiative called the Joint Cyber Defense Collaborative (JCDC) partnering with major tech and cybersecurity firms Thursday at the Black Hat Security conference.
The Cybersecurity 202: CISA’s new director brought a unique style to Black Hat (Washington Post) The government’s new cybersecurity quarterback made a strong appeal at the Black Hat conference for industry cyber pros to partner with government to counter hacking threats.
DHS boss Mayorkas encourages hackers to join government during Black Hat speech (CyberScoop) Department of Homeland Security Secretary Alejandro Mayorkas encouraged attendees at the Black Hat cybersecurity conference to collaborate with the agency on defining the future of cybersecurity policy. “We need your creativity, your ideas, your boldness, and your willingness to push limits.
Litigation, Investigation, and Law Enforcement
FBI and Europol cooperate with Italian police in Regione Lazio hacking investigation. (Wanted in Rome) The FBI and Europol are assisting Italian police with the investigation into the cyber attack on the website of the Regione Lazio, the region around Rome, which occurred last weekend.
Italy Probes Cyber Attack as an Act of Terrorism (OCCRP) Experts restored on Thursday the website that handles the services of Italy’s Lazio region after cybercriminals forced the administration to shut it down on Sunday, delaying the inoculation process in Italy's second most populous region.
SolarWinds urges US judge to toss out crap infosec sueball: We got pwned by actual Russia, give us a break (Register) Company says it didn't skimp on security before everything went wrong
Two years later: Optus data breach probed (InnovationAus) The Australian privacy regulator is formally investigating Optus for an alleged breach of customers’ privacy after the telco published nearly 50,000 customers’ personal information in the White Pages.
Fifth Circuit Supports Data Breach Coverage Under Commercial General Liability Insurance Policies - Insurance - United States (Mondaq) The United States Court of Appeals for the Fifth Circuit wrapped up the month of July by handing down a helpful ruling for policyholders seeking coverage for cybersecurity and data breach risks.
Son Charged in Murder of Cybersecurity ‘Genius’ (Infosecurity Magazine) Cops arrest son of fatally stabbed Cyberwolf co-founder after his DNA is found on alleged murder weapon