Attacks, Threats, and Vulnerabilities
Mandiant uncovers Chinese espionage group UNC215’s activity in Israel (CTECH) "This cyber-espionage activity is happening against the backdrop of China’s multi-billion-dollar investments related to the Belt and Road Initiative (BRI) and its interest in Israel’s robust technology sector," read Mandiant's report
Selling Breaches: The Transfer of Enterprise Network Access on Criminal Forums (Intsights) The sale and purchase of unauthorized access to compromised enterprise networks has become a significant enabler for criminal cyberattacks, particularly ransomware infections. Some cybercriminals specialize in network compromises and sell the access that they have obtained to third parties, rather than exploiting the networks themselves. By the same token, many criminals that exploit compromised networks — particularly ransomware operators — do not compromise those networks themselves but instead buy their access from other attackers.
Abusing Misconfigured Salesforce Communities for Recon and Data Theft (Varonis) A misconfigured Salesforce Community may lead to sensitive Salesforce data being exposed to anyone on the internet. Anonymous users can query objects that contain sensitive information such as customer lists, support cases, and employee email addresses.
Understanding Smishing Attacks (Digital Shadows) The bad news is that I’ve been receiving a lot of phishing SMS messages over the past months. Unauthorized bank transfers, suspicious crypto account activity, DMV notices.
Microsoft Exchange Servers in Attacker Crosshairs (SecurityWeek) The internet has been scanned for Microsoft Exchange servers vulnerable to ProxyShell attacks. The activity started shortly after details were disclosed.
Conti Ransomware Gang Playbook Mentions MSP Software (ChannelE2E) Conti Ransomware Gang Playbook mentions Atera RMM software. But the cloud software (widely used by MSPs) has not been compromised, Atera says.
Hackers threaten to leak sensitive data stolen from Gigabyte servers (Computing) The company says that the incident affected only some of its internal servers, which were taken down and isolated
Synology Warns NAS Owners of Botnet-Creating StealthWorker Malware (PCMAG) Synology issues a security advisory regarding the StealthWorker malware family's attempts to enlist NAS devices into a botnet.
Remote Workforce Security Survey shows the human problems behind cybersecurity (Axiad) To explore how organizations are dealing with this challenge, read our key takeaways of the 2021 Remote Workforce Security Report from Axiad and Cybersecurity Insiders.
Data breach exposes millions of seniors' data (IT PRO) Misconfigured S3 bucket had exposed personal information on three million people
University of Kentucky Discloses Large Data Breach (WebProNews) The University of Kentucky has sent out a letter disclosing a data breach impacting some 355,000 individuals.
Renaissance Life & Health Insurance Company of America Provides Notice of Third-Party Data Incident (PR Newswire) Renaissance Life & Health Insurance Company of America ("Renaissance") is providing notice of an incident experienced by its third-party...
Illinois’ FOID Card System Hit By Cyber Attack (1440 WROK) Some parts of Illinois state government have really been taking it on the chin from the bad guys in cyberspace. On the heels of cyber attacks on the Illinois Attorney General's Office and the Illinois Department of Employment Security, comes word of trouble for the Illinois State Police (ISP).
Cyber attack costs Ardagh Group $34 million (Glass International) Ardagh Group said that cyberattack on the packaging group in May led to a $34 million overall financial hit.
SmileDirectClub stock drops after cyberattack and pandemic ding results (MarketWatch) SmileDirectClub Inc. shares dropped in the extended session Monday after the teledentistry company’s quarterly results and outlook came in worse than...
Vulnerability Summary for the Week of August 2, 2021 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security Patches, Mitigations, and Software Updates
Google discontinues Bluetooth security keys to focus on NFC versions (The Record by Recorded Future) This decision might be related to the fact that Bluetooth keys need to be paired with a device—such as a smartphone or a laptop—before they can be used, something that might not be intuitive for non-technical users.
Trends
Global Ransomware Report - July 2021 (BlackFog) July racked up 29 ransomware attacks, up from just 12 reported in the same month last year. The REvil gang was particularly busy with their attack on Kaseya which resulted in a 70 million USD ransom. The incident affected up to 1500 organizations including a large chain of supermarkets in Sweden, an animal hospital in Maine and a school district in Tennessee. In an interesting turn of events the Babuk gang became victims of ransomware at the hands of an unknown group who took control of their Dark Web forum and demanded a $5000 ransom which they refused to pay
Human factor report reveals how 2020 transformed today’s threat landscape (Gulf Business) More than 48 million observed messages containing malware capable of downloading ransomware foreshadowed the risk of recent cyber attacks.
Employees using 'Shadow IT' systems fuels cyber risks for businesses (Human Resources Director) Secret use of programs like WhatsApp is putting businesses at risk of cyber attacks
34% of Indians afraid to use dating apps due to scams: Report (Hindu Businessline) Around, 27% were targeted by cyber criminals
The Cybersecurity 202: Apple’s move against child pornography is shifting battle lines for law enforcement and technologists (Washington Post) Apple’s latest move to fight the digital sharing of child pornography is opening up some fissures in a seven-year standoff between technologists and law enforcement over fighting the spread of criminal activity online.
Apple Revives Encryption Debate With Move on Child Exploitation (SecurityWeek) Apple's announcement that it would scan encrypted messages for evidence of child sexual abuse has revived debate on online encryption and privacy, raising fears the same technology could be used for government surveillance.
Apple plan to scan users’ iCloud photos raises new fears of government-mandated data access (CSO Online) Experts argue that Apple is clearing a path for governments to gain access to their citizens' data--essentially an encryption backdoor.
Apple CSAM FAQ addresses misconceptions and concerns about photo scanning (9to5Mac) Apple has responded to misconceptions and concerns about its photo scanning announcements by publishing a CSAM FAQ – answering frequently ...
Marketplace
Cybersecurity M&A Roundup for August 1-8, 2021 (SecurityWeek) Nearly a dozen cybersecurity acquisitions were announced in the first week of August 2021.
OT Security Firm SIGA Raises $8.1 Million in Series B Funding Round (SecurityWeek) Industrial cybersecurity company SIGA has raised $8.1 million in a Series B funding round, which brings the total raised by the firm to $15 million.
Data443 Signs Letter of Intent to Acquire Ransomware Protection Innovator Centurion Technologies (GlobeNewswire News Room) With over 3,000,000 seats sold in all regions of the world, Centurion Technologies’ patented ransomware generated unaudited revenues of nearly $1MM in 2020...
Qualys Acquires TotalCloud to Further Automate, Scale Cloud Security (MSSP Alert) Qualys acquires TotalCloud. MSSP partners may gain no-code cloud automation tools for security, backup, monitoring and other use cases.
GDPR Chill: Investment In Startups Has Fallen Since Law Took Effect (Mediapost) Mature startups have taken a bigger hit than firms at the seed stage, Marketing Science reports.
CrowdStrike CEO George Kurtz Takes Big Swings At Microsoft, SentinelOne (CRN) CrowdStrike CEO George Kurtz pulls no punches on why he believes his company has the edge over rivals Microsoft and SentinelOne.
Fortinet opens technical assistance centre in Sydney’s CBD (CRN Australia) Aims to ‘cement’ position in Aussie market.
IMA Financial Group Welcomes Garrett Droege as Director of Innovation + Strategy (IMA Financial Group) IMA Financial Group, a North American insurance brokerage firm specializing in risk management, insurance, wholesale brokerage and wealth management, has appointed H. Garrett Droege as IMA Director of Innovation + Strategy.
Masha Sedova Named as One of Fast Company's 2021 Most Creative People in Business (Business Insider) Elevate Security, an innovator in predictive analytics and attack surface management, today announ...
Professor Jarno Limnéll appointed head of Innofactor's cybersecurity business with the objective of strengthening trust and security in digital Finland, in co-operation with Microsoft and KPMG (Yahoo Finance) Effective from August 9, 2021, Innofactor has appointed Jarno Limnéll, Professor of Practice, Cybersecurity at Aalto University, as head of the company’s new Cybersecurity Unit. Together with HUS Helsinki University Hospital, KPMG and Microsoft, Innofactor is organizing a virtual media event today, at 12:00 noon, on the topic of cybersecurity in Finnish organizations. Event participants will have the opportunity to ask Limnéll
ForgeRock Appoints Two New Members to Board of Directors (Yahoo Finance) ForgeRock announces the appointment of Rinki Sethi, CISO of Twitter, and Johanna Flower, former CMO of CrowdStrike, to its Board of Directors.
TransGrid CISO Garry Bentlin joins PwC’s cyber team as a partner (Consultancy) Former TransGrid chief information security officer Garry Bentlin has joined PwC as a cybersecurity partner, with Bentlin to focus on growing the firm’s business in Canberra.
Riverbed hires TechOne exec Tony Wright as ANZ lead after a 12-month search (CRN Australia) Tony Wright replaces Frank Ong.
LogMeIn Names Bill Robinson as Chief Revenue Officer (GlobeNewswire News Room) LogMeIn, Inc., a leading provider of cloud-based SaaS solutions such as GoToConnect, GoToMeeting, LastPass and...
Products, Services, and Solutions
AT&T Cybersecurity announces enhanced, simplified MSSP Partner Program (AT&T Cybersecurity) At AT&T Cybersecurity, we believe in the exceptional expertise of our managed security service provider (MSSP) partners. That’s why we are delighted to announce the launch of our new, simplified MSSP Partner Program that will help enhance your business.
Microsoft MISA Organization Expands MSSP, Cybersecurity Software Relationships (MSSP Alert) Microsoft Intelligent Security Association (MISA) now spans 67 MSSP members that support 165 managed security services offers, Microsoft says.
DNAnexus' biomedical informatics platform exceeds security and compliance requirements (Help Net Security) DNAnexus' biomedical informatics platform exceeds online security policy objectives outlined in the new national security memorandum.
Forescout Expands Partnership with BT to Enhance Enterprise Network Security Globally (GlobeNewswire News Room) Long-term partnership adds new solutions to tackle today’s most pressing security concerns ...
ZeroNorth Delivers “DevSecOps for Dummies” Book (ZeroNorth) Educational Book Delivers Background, Actionable Steps to Help Organizations Build a Best-in-Class DevSecOps Program Boston, August 10, 2021 –– ZeroNorth, the only company to unite security, ...
PRESS RELEASE: Fudo Security Expands Critical Enterprise IT Infrastructure Protection, Strengthens Zero Trust Approach to Privileged Access (Fudo Security) Fudo Five Incorporates Just-In-Time Access, Auto-Discovery, Session Recording Backups, and System Health Checks
Intel, ConsenSys Health Advance Pandemic Research (BusinessWire) ConsenSys Health applies privacy-preserving blockchain security, with support from Intel, to help combat COVID-19.
Technologies, Techniques, and Standards
How to Protect Against Cyber and Ransomware Attacks (Buildings) Colonial Pipeline. JBS. CNA Financial Corp. Kaseya. The Houston Rockets. What do these five organizations have in common? All of them—along with hundreds of other large- and small-scale companies in the U.S. and abroad—have been the target of ransomware attacks. Overnight, networks were locked down or sensitive data was stolen, and in most cases, operations either ceased completely or were severely hampered.
Transparency after a cyber attack: How much is too much? (SearchSecurity) Infosec experts and vendors weigh in on the negative and positives of transparency following a cyber attack.
Cybersecurity pros are burning out faster than ever as threats rise. Here's how experts say firms should cope. (Times News Express) Cecilie Arcurs/Getty Images Cybersecurity pros are burning out faster than ever, with security teams facing increasing turnover. A rise in threats and
Academia
Schools Brace for More Cyberattacks After Record in 2020 (Bloomberg) Reported hacking incidents have increased nearly fivefold since 2016. Virtual learning during the pandemic created even more access points for attackers.
Legislation, Policy, and Regulation
U.S. warned Brazil that Huawei would leave it 'high and dry' on 5G (Reuters) U.S. national security adviser Jake Sullivan raised concerns about Huawei (HWT.UL) equipment in Brazil's 5G telecoms network during his visit to the country last week, a White House official said on Monday, but Brazil made no promises about whether it would use products from the Chinese company.
Chinese embassy lodges protest at US’ smearing Huawei 5G in Brazilian market (Global Times) The US government attack on the security of China’s 5G technology and related Chinese companies is malicious, aimed at smearing China and containing Chinese high-tech firms to protect American business supremacy and technological monopoly, the Chinese Embassy in Brazil said in a statement on
Dutch government to stop issuing TLS certs because of ever-complicated standards (The Record by Recorded Future) The Dutch government, the last EU country that is still running its own certificate authority (CA), announced plans last week to stop issuing new TLS certificates starting December 2021.
Op-Ed: How the U.S. can deter ransomware attacks (Los Angeles Times) To discourage cyber hackers, the U.S. must make it harder for them to profit — and signal that the country is ready and willing to retaliate.
A Deeper Dive Into Zero-Trust and Biden's Cybersecurity Executive Order (SecurityWeek) Cybersecurity experts, who generally guide the opinion of the government, say implementing a zero-trust architecture is key to improving the nation’s cybersecurity posture
New ground rules for confronting cyber-attacks (BIC Magazine) As WTI has increased 15% over the last few months, the White House recently passed a significant Executive Order (EO) regarding cybersecurity that establishes new ground rules for confronting cyber-attacks challenging the government.
Senators Reach Bipartisan Crypto Deal Amid Vote Uncertainty (Bloomberg) Yellen, industry association endorse the new language. Wyden concerned compromise falls short on privacy, security.
Bitcoin Lobby Loses: Senate Rejects Revised Crypto Tax Provisions in Infrastructure Bill (Decrypt) U.S. Senators have been negotiating amendments to a cryptocurrency provision within an infrastructure bill.
Proposed U.S. Bureau of Cyber Statistics May Gather MSSP Cyberattack Data (MSSP Alert) Proposed Bureau of Cyber Statistics within U.S. Department of Homeland Security may gather incident data from MSSPs & MDR service providers.
UPDATED FOR COLORADO: What Is Considered Sensitive Personal Information? (The National Law Review) Some privacy statutes explicitly reference “sensitive” or “special” categories of personal information. While such terms, when used, often include similar data types that are g
Litigation, Investigation, and Law Enforcement
INSIGHT-Pegasus spyware scandal: years of questions, no answers for Mexico victims (Reuters) A decade after Mexico became a testbed for the global spy tool now known as Pegasus, prosecutors still cannot say who ordered the mass surveillance of innocent civilians and government critics, people familiar with the investigation said.
New Standard Contractual Clauses Under the GDPR (The National Law Review) On June 4, 2021, the European Commission issued two new sets of Standard Contractual Clauses (“SCCs”): (i) one for the processing of personal information between data controllers and data
Apple’s Mistake (Stratechery by Ben Thompson) While it’s possible to understand Apple’s motivations behind its decision to enable on-device scanning, the company had a better way to satisfy its societal obligations while preserving…
SEC hits crypto exchange Poloniex with $10 million fine (The Block) The SEC has fined crypto exchange Poloniex $10 million for operating an "unregistered online digital asset exchange."
HIPAA Violations and How to Remain Compliant | ESF (Enterprise Storage Forum) Health care and data storage providers with access to private patient information are affected by HIPAA. Here’s what you need to know.
Mesa County’s election equipment passwords end up online, prompting state investigation (The Denver Post) In what the Colorado secretary of state calls an “extremely serious event,” images of Mesa County’s election software were posted to Telegram and a conservative blog on Aug. 2.
Republican issues subpoenas for Wisconsin election info (AP NEWS) The leader of the Wiscocnsin Assembly's elections committee issued subpoenas Friday demanding extensive election materials, including all ballots and voting machines from two counties in what she called a “top-to-bottom” investigation of the state's 2020 presidential results.
Tucker Carlson’s Spying Allegations Being Investigated by National Security Agency Watchdog (Wall Street Journal) The Fox News host says the spy agency had improperly targeted his communications for surveillance.
Proofpoint drops lawsuit, transfers phishing domains to Facebook (The Record by Recorded Future) Cyber-security firm Proofpoint has dismissed its lawsuit against Facebook and has agreed to transfer a series of disputed web domains to the social networking giant, The Record has learned today.