Attacks, Threats, and Vulnerabilities
Hackers Target Critical Infrastructure in Southeast Asia (GovInfoSecurity) An unidentified hacking group with suspected Chinese ties is targeting critical infrastructure in Southeast Asia as part of a cyberespionage campaign to exfiltrate
Critical Infrastructure Organizations in South East Asia Targeted in Espionage Campaign (Symantec) Attackers made extensive use of living-off-the-land techniques in campaign that lasted several months.
Chinese hackers, backed by their own government, have hit American companies: Cybereason - El Financiero (The Daily Guardian) State-backed Chinese hacking groups have infiltrated at least five global telecom companies and stole phone records and location data, according to
FlyTrap Android Malware Compromises Thousands of Facebook Accounts (Zimperium Mobile Security Blog) A new Android Trojan codenamed FlyTrap has hit at least 140 countries with thousands of victims losing control of their social media accounts.
New DNS Attack Enables 'Nation-State Level Spying' via Domain Registration (SecurityWeek) A new DNS attack method that involves registering a domain with a specific name can be leveraged for what researchers described as “nation-state level spying.”
Australian cybersecurity agency warns of spike in LockBit ransomware attacks (The Record by Recorded Future) Australia's cybersecurity agency has issued a security advisory on Friday warning about a sudden spike in LockBit ransomware attacks across the country.
LockBit 2.0 ransomware incidents in Australia (ACSC) The ACSC has received reporting from a number of Australian organisations that have been impacted by LockBit 2.0 ransomware. This activity has occurred across multiple industry sectors. Victims have received demands for ransom payments. In addition to the encryption of data, victims have received threats that data stolen during the incidents will be published.
Golang Cryptomining Worm Offers 15% Speed Boost (Threatpost) The latest variants of the Monero-mining malware exploit known web server bugs and add efficiency to the mining process.
Microsoft Exchange Server: threat actors actively scanning for ProxyShell vulnerability, researchers warn (Computing) ProxyShell is a set of three security flaws that have already been addressed by Microsoft, but not all instances are patched
IIStealer: A server‑side threat to e‑commerce transactions (WeLiveSecurity) ESET research looks at IIStealer, a previously undocumented IIS web server threat that intercepts server transactions to steal credit card information.
Anatomy of native IIS malware (WeLiveSecurity) ESET researchers publish a white paper and a series of articles putting IIS web server threats targeting governement and e-commerce under the microscope.
AI Wrote Better Phishing Emails Than Humans in a Recent Test (Wired) Researchers found that tools like OpenAI's GPT-3 helped craft devilishly effective spearphishing messages.
Routers and modems running Arcadyan firmware are under attack (The Record by Recorded Future) Routers and modems running a version of the Arcadyan firmware, including devices from ASUS, Orange, Vodafone, and Verizon, are currently under attack from a threat actor attempting to ensnare the devices into their DDoS botnet.
Researchers Find Significant Vulnerabilities in macOS Privacy Protections (Dark Reading) Attacks require executing code on a system but foil Apple's approach to protecting private data and systems files.
Unintended Risks Of Apple Child Protection Features (Avast) Privacy advocates worry that Apple's new features created to combat child sexual abuse materials may have serious unintended consequences.
Flaws in John Deere Systems Show Agriculture's Cyber Risk (BankInfoSecurity) Flaws uncovered in tractor manufacturer John Deere's systems underscore the cyber risks that come in tandem with the productivity gains from high-tech farming. John
Israeli cyber company detects severe Amazon security breach (Jerusalem Post) Check Point, an Israeli cybersecurity provider, found that by clicking an e-book infected by malware, users could lose control of both their Kindle tablet and their Amazon accounts.
Motherboard vendor GIGABYTE hit by RansomExx ransomware gang (The Record by Recorded Future) Taiwanese computer hardware vendor GIGABYTE has suffered a ransomware attack, and hackers are currently threatening to release more than 112 GB of business data on the dark web unless the company agrees to their ransom demands.
Data leak affects about 3,000 NYC students and 100 employees, officials confirm (Chalkbeat New York) At least one student managed to access a Google Drive that contained the private information of students and department employees across the city.
CERT-RO: Phishing attacks detected targeting Romanian bank customers (ACT Media) Provider of cybersecurity services ProDefence offered the National Cyber Security Incident Response Team CERT-RO several phishing samples as seen in the attacks...
Thousands of Florida unemployment accounts blocked by DEO security measure (WKMG) Thousands of state unemployment accounts were locked without warning this week in a move to counter a potential data breach.
Security Patches, Mitigations, and Software Updates
Ivanti Releases Security Update for Pulse Connect Secure (CISA) Ivanti has released Pulse Connect Secure system software version 9.1R12 to address multiple vulnerabilities an attacker could exploit to take control of an affected system.
CISA encourages users and administrators to review Ivanti's Security Advisory SA44858 and apply the necessary update.
Critical Code Execution Vulnerability Patched in Pulse Connect Secure (SecurityWeek) Ivanti has released patches for multiple vulnerabilities in its Pulse Connect Secure VPN appliances, including a critical issue that could be exploited to execute arbitrary code with root privileges.
Black Hat: Microsoft's Patch for Windows Hello Bypass Bug is Faulty, Researchers Say (Threatpost) Researchers show how to circumvent Microsoft’s Windows Hello biometric authentication using a spoofed USB camera.
Apple fixes AWDL bug that could be used to escape air-gapped networks (The Record by Recorded Future) Apple has fixed a vulnerability in its Apple Wireless Direct Link (AWDL) technology that could have been abused by threat actors to escape and steal data from air-gapped networks.
Child Safety (Apple) Expanded Protections for Children
Apple’s New ‘Child Safety’ Initiatives, and the Slippery Slope (Daring Fireball) The stakes are incredibly high, and Apple knows it. Whatever you think of Apple’s decision to implement these features, they’re not doing so lightly.
Apple Privacy Letter: An Open Letter Against Apple's Privacy-Invasive Content Scanning Technology (Appleprivacyletter.com) Read and sign the open letter protesting against Apple's roll-out of new content-scanning technology that threatens to overturn individual privacy on a global scale, and to reverse progress achieved with end-to-end encryption for all.
Facebook’s WhatsApp Takes Aim At Apple Over Child Safety Software Plan (Wall Street Journal) Facebook’s messaging unit blasted Apple’s plan to monitor sexually exploitative images of children on iPhones as bad for privacy, opening a new front in the battle between two tech titans.
Apple defends its new anti-child-abuse tech against privacy concerns (MIT Technology Review) Apple’s radical new anti-abuse technology provoked both criticism and praise by scanning directly on iPhones.
Trends
4 things I learned at Black Hat 2021 (VentureBeat) When it comes to cybersecurity, the fortunes of private companies are now irrevocably intertwined with those of the government.
Patients Cite Privacy, Cybersecurity Fears with Vax Credentials (Health IT Security) A new poll shows that Americans have doubts about the cybersecurity of a digital vaccine card.
Hospitals lag other companies in cybersecurity risk ratings (Healthcare IT News) A study published this week in the Journal of the American Medical Informatics Association found that hospitals with low cybersecurity ratings were more likely to experience a data breach. The research, which also compared hospital cybersecurity ratings with Fortune 1000 firms, found that health systems remain statistically more vulnerable to botnets, spam and malware.
Service members are the most frequent victims of identity theft (Federal News Network) Scamming of military members has become big business, and it’s one of the fastest growing areas of cybercrime.
Nordic Enterprises Seek Help with Ransomware Schemes (BusinessWire) Facing a dramatic rise in cyberattacks, Nordic enterprises are turning to cybersecurity providers to help thwart intrusions, ISG (Nasdaq: III) says.
Hybrid Workforce Needs Cybersecurity Rollout from Day One (MENAFN) he hybrid workforce is a permanent reality for most companies these days. The sudden onset of the pandemic and associated shutdowns gave organizations
Big Tech call center workers face pressure to accept home surveillance (NBC News) Workers at one of the world’s largest call center companies said additional monitoring would violate the privacy of their families in their homes.
Marketplace
Mandiant Forges Bond With Microsoft As FireEye Sale Nears (CRN) Mandiant has struck paydirt wrapping its managed detection and response services around Microsoft’s endpoint security technology as the sale of its FireEye products business nears.
Dave DeWalt wants to build more cybersecurity unicorns (The Record by Recorded Future) Former McAfee and FireEye chief executive Dave DeWalt is amassing one of the fastest-growing war chests for cybersecurity investments.
Here's why DataTribe founder Mike Janke says so many cyber companies are getting acquired now (Baltimore Business Journal) Instead of spending many years and many millions of dollars trying to build new cybersecurity tools, DataTribe Co-founder Mike Janke said companies with means are quickly buying up young cyber companies that are already developing the technologies needed.
Allegis Capital, Leading Silicon Valley VC, Becomes a Strategic Partner of New Frontier Capital Management International (Yahoo Finance) Allegis Capital, a prominent Silicon Valley VC, and New Frontier Capital Management International ("NFCM"), a leading Asian GP, have jointly announced today that they have signed an MOU to become strategic partners.
Corvus Insurance Acquires Wingman Insurance, Launches Acquisition Strategy to Further Accelerate Growth (Yahoo) Acquisition enables Corvus to enter the admitted coverage marketplace and increase digital platform partnerships
Black Hat 2021: Microsoft Wins Worst of Pwnie Awards (SecurityWeek) Microsoft came up the big winner in this year’s Pwnie Awards, but for all the wrong reasons as the security industry mocks the company's problems keeping its code secure
CACI Awarded $96 Million Task Order to Modernize the State Department's Diplomatic Security Information Systems (Guru Focus) GuruFocus Article or News written by Business Wire and the topic is about:
Three Companies To Watch In Cybersecurity (Forbes) Analyst Will Townsend examines three bold new companies on the cybersecurity front.
ForgeRock Appoints Two New Members to Board of Directors (ForgeRock) ForgeRock®, a global digital identity leader, today announced the appointment of two new members to its Board of Directors: Rinki Sethi, Chief Information Security Officer (CISO) of Twitter and Johanna Flower, former Chief Marketing Officer (CMO) of CrowdStrike.
Products, Services, and Solutions
New infosec products of the week: August 6, 2021 (Help Net Security) The featured infosec products this week are from the following vendors: McAfee, AppOmni, Satori, Optiv Security, and SentinelOne.
Security tools showcased at Black Hat USA 2021 (The Record by Recorded Future) While everyone associates the Black Hat security conference with high-profile keynotes and state-of-the-art cybersecurity research, ever since the 2017 edition, the conference has also been the place where the cybersecurity community has also announced and released security tools part of the lesser-known "Arsenal" track.
Entrust HSM certified on VMware Tanzu™ Kubernetes Grid™ (WhaTech) Entrust has announced the certification of its nShield® hardware security modules (HSMs) with VMware Tanzu™ Kubernetes Grid™. Entrust nShield HSMs...
SentinelOne Unveils Storyline Active Response (STAR) To Transform XDR (Totaltelecom) SentinelOne, an autonomous cybersecurity platform company, today unveiled SentinelOne Storyline Active Response (STAR)TM, its cloud-based automated hunting, detection, and response engine. Integrated with SentinelOne’s ActiveEDR®, STAR empowers security teams to create custom detection and response rules and deploy them in real time to the entire network or desired subset, to proactively detect and respond to threats.
SentinelOne Announces Automated Threat Hunting, Detection Engine (MSSP Alert) SentinelOne integrates Storyline Active Response automated threat hunting, detection & response engine into endpoint detection & response (EDR) software.
SilverSky Inks Reseller Agreement with PatientLock (The Mountaineer) SilverSky, a cybersecurity innovator offering powerful managed detection and response (MDR) services, today announced it signed a reseller partnership agreement with Overland Park,
Noblis Launches Run Solutions Suite to Bring New Levels of Automation and Insight to Complex Federal Processes (Noblis) The Company Released The Initial Solution Within The Suite, RunCyberAssuranceTM, Today To Help Agencies And Cloud Service Providers Streamline Cybersecurity Compliance
Silverfort Partners with IDSA to Build Awareness for Identity-based Zero Trust (BusinessWire) Silverfort and IDSA will work on initiatives for deploying identity-based Zero Trust across modern hybrid and multi-cloud infrastructures.
Technologies, Techniques, and Standards
NIST Seeks Comments for Draft Publication on Cyber-Resilient Systems (Executive Gov) The National Institute of Standards and Technology (NIST) seeks comments on a draft publication made
SP 800-160 Vol. 2 Rev. 1 (Draft), Developing Cyber-Resilient Systems: SSE Approach | CSRC (NIST Computer Security Resource Center) Cyber attacks are a reality. Sometimes even with the best protective measures in place, adversaries can breach perimeter defenses and find their way into systems.
Analysis of ICS Exploits Can Help Defenders Prioritize Vulnerability Remediation (SecurityWeek) An analysis of public ICS exploits can help defenders determine which vulnerabilities should be prioritized for remediation or mitigation.
Managing Machine Identities: How To Protect Your Data & Systems Against Cyber Attack (CPO Magazine) For connected companies, authentication of user identities is often top of mind for IT security leaders who aim to control secure access to networked applications and sensitive data.
Using three random words is safer than using complex passwords, NCSC says (Computing) If you can't use a password manager, three random words make a strong password that's easy to remember
Coast Guard Details Cyber Actions to Protect Marine Transportation System in More Complex Environment (Homeland Security Today) The vulnerability of the critical maritime sector to cyber attack along with a threat landscape “markedly more complex than ever before, posing novel threats to our national security and economic strength and stability” underscore the need to apply tested risk management principles to guarding the cyber domain, according to the service’s newly updated Cyber Strategic Outlook.
5 ways to overcome barriers to cyber insurance (Canadian Underwriter) The Insurance Bureau of Canada says 99% of Canadian organizations have reported an increase in cyberattacks since COVID-19 began, but many brokers appear to be struggling to sell cyber. “Anecdotally, Canadian brokers have indicated that many clients don’t believe a…
Mitigating the Risk of Cyber Fraud (Today's Conveyancer) Lawyer Checker can help conveyancing firms verify the bank account details of firms on the other side of the property transaction
Nude Sharing Spikes During Pandemic: Here’s How To Deal With Revenge Porn (Forbes) As the sharing of nudes booms during the pandemic so does the distribution of these intimate images without consent: here's how to deal with revenge porn
Design and Innovation
CROWS partners with industry to bring focus to cyber resiliency (U.S. Air Force) The virtual discussion featured a program overview, a discussion of their Systems Security Engineering Cyber Guidebook, and a cyber resiliency roundtable between government and industry experts, which
Open Source Security: A Big Problem (eSecurityPlanet) With open source software at the heart of most codebases, Black Hat speakers discussed a major effort to shore up security.
Academia
CyberCops program: ROTC students as future cybersecurity gatekeepers (Help Net Security) The CyberCops program will introduce the critical field of cybersecurity to students recruited from the three universities' ROTC programs.
Community college program a response to cyber attacks (Herald Standard) Cyber attacks have become a common occurrence that can impact all kinds of businesses and organizations.
Legislation, Policy, and Regulation
Cybersecurity Is the New ‘Great Game’ (SDxCentral) Building a broad-based national cyber-defense plan took the center stage at this week’s Black Hat cybersecurity event.
Govt moves to disallow MP's question on Pegasus in Parliament (Hindustan Times) CPI MP Binoy Viswam says the government is misusing Rajya Sabha rules and taking an alien stand on truth
Pegasus attack has serious implications for rule of law, say senior retired police officers (The Hindu) Julio Ribeiro, Vikash Narain Rai, S.R. Darapuri voice concern on the impact of surveillance and planting of evidence
What does the NSO hacking scandal mean for Israel's cyber diplomacy? (Jerusalem Post) The 50,000-cellphones list itself never made any sense, considering that each client is usually limited to a dozen or a few dozen targets and NSO has just 60 clients.
Ex-ombudsman said to highlight human rights concerns about NSO Group last year (Times of Israel) Report says Yosef Shapira was among a group of former officials who warned the Defense Ministry that without greater oversight of cyber firms, 'this will blow up in Israel's face'
Pegasus in the Room: Law of surveillance and national security’s alibi (ORF) “Surveillance is not new, but technology has permitted surveillance in ways that are unimaginable,” noted Justice Sanjay Kishan Kaul
Iran ‘working systematically to build serious cyber-attack capabilities’ (Cleveland Jewish News) Revelations about malign plans by Tehran’s leaders serve as the latest confirmation of how seriously the Islamic Republic takes cyber warfare, said Professor Col. (res.) Gabi Siboni, an expert on
Imperatives of a safer cyberspace for Nigeria (Nation) The changing wind of global socio-economic atmosphere has brought with it the inevitability of transfer of most of human activities unto virtual networks – the internet and its technological accompaniments.
Biden administration expected to unveil new Belarus sanctions (CNN) The Biden administration is expected to unveil new Belarus sanctions and a new executive order amid continued crackdowns by the regime of strongman leader Alexander Lukashenko.
Mandiant CTO: Cyber Attribution, Deterrence More Vital Than Defense (Breaking Defense) "We're on the defense," Ron Bushar, senior vice president at Mandiant says. "I don't think we've hit a real deterrence level in this space yet. And that's going to be key to thinking through our strategy over the next few years."
Second Opinion: How the U.S. can deter ransomware attacks (Yahoo) To discourage cyber hackers, the U.S. must make it harder for them to profit — and signal that the country is ready and willing to retaliate.
PM appoints cybersecurity expert to lead vaccine certification (iPolitics) The federal government took another step on Friday toward vaccine certification for Canadians wishing to travel outside the country when restrictions ease. In addition to a negative polymerase chain reaction (PCR) test — the PCR test is considered the “gold standard” for detecting active COVID-19 infections — before departure, many countries also require proof of […]
Black Hat: This is how a naive NSA staffer helped build an offensive UAE security branch (ZDNet) If that job offer looks too good to be true, something else may be afoot.
Deepfake Task Force: The danger of disinformation needs a new collaboration (TheHill) An empowered consumer base could identify disinformation based on the characteristics of the content before it spreads.
SLGs, Utilities Win Big Cyber Funding in Infrastructure Bill (MeriTalk) The much-anticipated $1 trillion Senate bipartisan infrastructure bill unveiled on August 1 shows big cybersecurity funding wins for state and local governments with a $1 billion for a cybersecurity grant program, and electric utilities that will be receiving $1.25 billion through a cybersecurity grant program to protect the electric grid.
https://www.washingtonpost.com/business/2021/08/07/cryptocurrency-infrastructure-bill-lobby-bitcoin/ (Washington Post) The infrastructure bill is in part stalled as negotiations proceed on how closely to regulate the crypto industry
Gov. Little forms cybersecurity task force (Idaho State Journal) Idaho is forming a cybersecurity task force to combat the ever-growing threat of cyberattacks to public and private sectors in the state.
Litigation, Investigation, and Law Enforcement
17 journalists join RSF’s complaint against NSO over Pegasus spyware (Dawn) They fear that they were spied on by their govts for having carried out independent reporting in public interest.
SEC charges crypto exchange execs for the first time over unregistered token sales (The Verge) The move comes as Congress ramps up crypto scrutiny.
Only CFTC Have Authority Over The Crypto Market (Tokenhell) Despite the US Securities and Exchange Commission (SEC)’s request to exercise regulatory rights over the virtual asset class, Christopher Giancarlo has argued otherwise. Giancarlo, a former commissioner for the commodities futures trading commission (CFTC), opined that cryptocurrency oversight falls under the purview of the CFTC and not the SEC. CFTC And SEC Clash Over Crypto …
Wiretaps for Facebook? Maryland authorities are getting permission to tap digital and social media apps. (Baltimore Sun) It’s common for investigators to get warrants to collect information stored within social media accounts. But the Harford case, authorized by a Circuit Court judge in February 2020, was one of only nine social media or digital app wiretaps applied for by authorities in Maryland last year.
Black Hat: How cybersecurity incidents can become legal minefields (ZDNet) Facing a cyberattack? Pick up the phone and talk to legal help as well as incident response.
Black Hat 2021: Lessons from a lawyer (WeLiveSecurity) As cybersecurity has become critical to a business, companies and their security teams need to engage with a lawyer before an incident occurs.
Data Collection Is Crucial For Equity In Diversion Programs (Law360) Prosecutorial diversion programs are intended to create equity in the criminal justice system by stopping the incarceration of people who have mental health and substance abuse problems, but without proper data collection, prosecutors can't ensure equity in these programs, experts say.