Attacks, Threats, and Vulnerabilities
Google and Open Redirects: Preventing Your Users from Becoming a Victim of Attacks (GreatHorn) The GreatHorn Intelligence Team has identified an increase of 84% in phishing attacks leveraging Google’s open redirects using Google Meet and Google DoubleClick between Q1 2021 and Q2 2021. The use of the open redirects on these platforms allows for threat actors to evade detection by most email security solutions, allowing emails to land in […]
Magecart Group 8: Patterns in Hosting Reveal Sustained Attacks on E-Commerce (RiskIQ) Magecart Group 8 has been targeting online retailers since 2016. This distinct skimming group first came to light when RiskIQ, led by researcher Yonathan Klijnsma, analyzed its skimmer in 2017 and exposed attacks on Nutribullet in February 2020 and MyPillow and Amerisleep in 2019.
Phishing Lures Imitate Government Bodies Offering COVID-19 Relief (WMC Global) WMC Global has noticed a sharp spike in phishing attacks targeting consumers using COVID-19 phishing lures. Specifically, these lures have impersonated US...
Auth Bypass Bug Exploited, Affecting Millions of Routers (Threatpost) Three days after disclosure, cyberattackers are taking over home routers from 20 vendors and ISPs in order to add them to a Mirai-variant botnet used for carrying out DDoS attacks.
Home and small business routers under attack – how to see if you are at risk (Naked Security) Practical advice for homes and small businesses, following news that a recently disclosed router bug is actively being exploited by crooks.
July 2021’s Most Wanted Malware: Snake Keylogger Enters Top 10 for First Time (Check Point Software) Check Point Research reports that Trickbot is the most prevalent malware for the third month running, while Snake Keylogger enters the index for the first
Cybersecurity firm Bkav source codes leaked, put on sale for $250,000 - VnExpress International (VnExpress International) The source codes for certain products of major Vietnamese cybersecurity firm Bkav are being offered on sale on a data leak forum for a total of $250,000.
PrintNightmare vulnerability weaponized by Magniber ransomware gang (The Record by Recorded Future) The operators of the Magniber ransomware have weaponized the infamous PrintNightmare vulnerability and are now attempting to breach Windows systems in South Korea.
Hacker grabs $600m in cryptocash from blockchain company Poly Networks (Naked Security) Where have all the cryptocoins gone? Will we ever get them back?
Over half of crypto tokens stolen in $610 mln hack now returned, Poly Network says (Reuters) Hackers behind one of the biggest ever digital coin heists have now returned over half of the $610 million-plus they stole, the cryptocurrency platform targeted by the hack said on Thursday.
Hackers Return Portion of Record Crypto Heist Haul (SecurityWeek) Poly Network said that hackers have sent back a portion of the digital loot from a record haul valued at more than $600 million.
Cryptocurrency heist hacker returns $260m in funds (BBC News) The hacker behind the $600m Poly Network cryptocurrency heist has posted a Q&A on the blockchain.
Crypto Hackers Stole More Than $600 Million From DeFi Network, Then Gave Some of It Back (Wall Street Journal) Hackers stole cryptocurrencies worth more than $600 million from Poly Network, a decentralized finance platform, in one of the largest crypto heists of recent years.
Poly Network attacker returns $256 million of the stolen cryptocurrency (The Block) The Poly Network exploiter has started returning the stolen crypto assets less than a day after their ID was reportedly obtained.
Accenture breached in highly-targeted ransomware attack (NYSE:ACN) (SeekingAlpha) Accenture (ACN) is the latest target of ransomware hackers who threatened to release stolen data within several hours of the breach. Read more about the ransomware attack.
Accenture claims 'no impact' in apparent ransomware attack (AP NEWS) Cybercriminals have breached Accenture in an apparent ransomware attack but the global consulting giant says the incident was immediately contained with no impact on it or its systems.
Accenture says Lockbit ransomware attack caused 'no impact' (ZDNet) The IT giant was listed on Lockbit's leak website, and the group said the data came from an "insider", but there was 'no impact' on operations or clients.
Accenture fends off ransomware attack (CRN Australia) Said there was "no impact" on the company or its customers.
Accenture downplays ransomware attack as LockBit gang leaks corporate data (The Record by Recorded Future) Fortune 500 company Accenture has fell victim to a ransomware attack but said today the incident did not impact its operations and has already restored affected systems from backups.
Four years after FBI shut it down, AlphaBay dark web marketplace claims it's back in business - CyberScoop (CyberScoop) It might be time to update the obituary of one of the web’s most notorious marketplaces for hacking tools and drugs. Four years after the FBI shut down AlphaBay, which registered a reported $1 billion in transactions, a scammer is touting the launch of a new version of the illicit marketplace, according to threat intelligence firm Flashpoint. In an online posting earlier this week,
Researchers Create 'Master Faces' to Bypass Facial Recognition (Motherboard) According to the paper, their findings imply that facial recognition systems are “extremely vulnerable.”
New Attack Sends Phishing Via DocuSign (Avanan) Attackers have begun to send phishing links directly through DocuSign.
WSJ News Exclusive | Covid-19 Vaccine Scammers Target Authorities in Dozens of Countries Including Italy and Colombia (Wall Street Journal) Criminal organizations and individuals claiming access to Covid-19 vaccines have contacted authorities in dozens of countries including Italy and Colombia, hoping they will sign illegitimate contracts for millions of dollars.
A Critical Random Number Generator Flaw Affects Billions of IoT Devices (The Hacker News) Billions of IoT devices are affected by a critical flaw in the hardware random number generators.
Fundamental Flaw in RNGs Affects Many IoT Devices (Decipher) The use of weak random number generators in many IoT devices undermines the security of the encryption keys those devices generate.
You're Doing IoT RNG (Bishop Fox) Learn why hardware random number generators (RNG) used by billions of IoT devices to create encryption keys don't always generate random numbers.
Decryption Key for Ransomware Delivered via Kaseya Attack Made Public (SecurityWeek) A key that can be used to decrypt files encrypted by the REvil ransomware delivered in the Kaseya attack has been made public.
Cobalt Strike Vulnerability Affects Botnet Servers (Schneier on Security) Cobalt Strike is a security tool, used by penetration testers to simulate network attackers. But it’s also used by attackers — from criminals to governments — to automate their own attacks. Researchers have found a vulnerability in the product.
Transnet proves it — no company is safe from cyberattacks, fraud prevention service warns (TimesLIVE) The recent cyberattack on Transnet is a serious wakeup call and a reminder that, in the technology age, no company is safe from cyber criminals, according to the Southern African Fraud Prevention Service.
Data Breach at Georgia Health System (Infosecurity Magazine) Hacker accessed patient data for six months before staging ransomware attack
Hacker had access to Georgia health system's IT network 6 months before ransomware strike (Becker's Hospital Review) Savannah, Ga.-based St. Joseph's/Candler began notifying patients and employees Aug. 10 that their personal information was exposed by an unauthorized third party between December 2020 and June 2021.
Singaporean telco leaked personal data of over 57,000 customers (Register) StarHub's breach announcement came a month after discovery of customer file on dump site
May cyberattack cost Scripps nearly $113M in lost revenue, more costs (FierceHealthcare) A major cyberattack that disrupted care cost Scripps Health nearly $113 million in lost revenue and additional costs, the San Diego-based system reported.
Security Patches, Mitigations, and Software Updates
Microsoft August 2021 Patch Tuesday fixes 3 zero-days, 44 flaws (BleepingComputer) Today is Microsoft's August 2021 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities and a total of 44 flaws, so please be nice to your Windows admins as they scramble to installed patches.
Intel Patches High-Severity Flaws in NUC 9 Extreme Laptops, Ethernet Linux Drivers (SecurityWeek) Intel patches high-severity privilege escalation vulnerabilities in NUC 9 Extreme laptop kits and Ethernet controller Linux drivers.
Nine Critical and High-Severity Vulnerabilities Patched in SAP Products (SecurityWeek) SAP has patched nine critical and high-severity vulnerabilities affecting Business One, NetWeaver, S/4HANA and other products.
Trends
Ten Things We (Re)Learned at DEF CON 29 (Medium) DEF CON is always a bit weird, but this year was weirder than, er, normal — owing mainly to the fact that there were only one-third the…
Survey Reveals Gap in Threat Hunting Leaving Organizations Repeatedly Exposed to Cyber Attacks (Team Cymru) New Ponemon survey, commissioned by Team Cymru, finds half of attacks on organizations that caused severe business disruption were by repeat offenders - and 61% of these were never resolved
Cybercrime victims lose an estimated $318 billion annually (Comparitech) When it comes to cybercrime costs, astronomical figures are often involved. So, you’d be forgiven for thinking each country has in-depth reports on the subject and knows the cost of these crimes within their country. However, as our report demonstrates, cybercrime is still severely underreported by police and government entities and the true monetary value remains […]
Is hybrid working hiding insider threats? (Business IT) Insider threats are nothing new.
The False Pundits of Cyber Will Lead Us Astray If We Let Them (OODA Loop) They’re not cybersecurity experts, but they did stay at a Holiday Inn Express last night. Because we have no common body of knowledge from which to explore and learn from prior art, you can predict like
Palo Alto Networks: Ransomware Demands Rocket 518% (SDxCentral) The average ransomware payment demanded now tops $5.3 million amid a rise in quadruple extortion, according to Palo Alto Networks.
Australia ranks third as most cyber attacked nation globally: Accenture (ARN) Australia was the third most targeted country in the world by cyber attackers in the first six months of 2021, according to Accenture.
Marketplace
Mandiant Snaps Up Attack Surface Management Startup Intrigue (SecurityWeek) FireEye’s Mandiant has acquired Intrigue, a provider of attack surface management technology for enterprises.
Mandiant Adds Attack Surface Management to its SaaS Portfolio with the Acquisition of Intrigue (BusinessWire) Mandiant announces the acquisition of Intrigue. Intrigue’s attack surface management technology will be integrated into Mandiant Advantage.
NSA quietly awards $10 billion cloud contract to Amazon, drawing protest from Microsoft (Washington Post) The National Security Agency has quietly awarded a contract worth up to $10 billion to Amazon Web Services, setting off another high-stakes fight among rival tech giants over national security contract dollars.
Microsoft challenges NSA's decision to award $10bn contract to Amazon (Computing) Once again, Amazon and Microsoft are in dispute over a multi-billion dollar cloud contract - but this time, Microsoft is on the attack
U.S. Navy Awards NCI Prime Position on SeaPort NxG Multiple Award Contract (BusinessWire) The U.S. Navy has awarded NCI Information Systems a prime position on the SeaPort NxG multiple award contract.
Anita Grantham Appointed Chief People Officer of Abnormal Security (Abnormal Security) Abnormal Security, provider of the leading cloud-native email security platform that leverages behavioral data science to stop modern email attacks, today announced the appointment of Anita Grantham as Chief People Officer. Grantham leads all aspects of Abnormal’s talent and culture strategy, including employee experience, recruiting, rewards, retention, and career […]
Jan Mickos appointed Nixu Corporation’s Business Area Lead, Managed Services and member of Corporate Leadership Team (News Powered by Cision) Jan Mickos, who has an extensive career in cybersecurity, has been appointed as Business Area Lead, Managed Services and member of Nixu Corporate Leadership Team, reporting to the Nixu CEO Petri Kairinen. Jan will begin in his position on September 8, 2021.
Army Vet Peter Gallagher Takes SVP Role at CACI; Todd Probert Quoted (GovCon Wire) Looking for the latest GovCon News? Check out our story: Peter Gallagher appointed CACI national security tech sector lead. Click to read more!
Barracuda Networks Leader Named Palo Alto Networks President (Channel Futures) Barracuda Networks' president and CEO BJ Jenkins has left that company to become Palo Alto Networks' new president. Palo Alto also has a new CEO.
Delphix appoints Pritesh Parekh as Chief Trust & Security Officer (Security Magazine) Pritesh Parekh will be responsible for DevOps, trust, security, and QA in engineering.
Very Good Security (VGS) Hires Reena Choudhry as Chief Revenue Officer (BusinessWire) Very Good Security (VGS) today announced the hire of Reena Choudhry as Chief Revenue Officer (CRO).
KnowBe4 Celebrates 11th Anniversary With Donation to Maintain Honey Bee Hives (GlobeNewswire News Room) KnowBe4 celebrates another anniversary by helping to better the environment...
Products, Services, and Solutions
Cybrary and Degreed Join Forces to Deliver Integrated Cybersecurity Learning Experiences (PR Newswire) Cybrary, the leading cybersecurity workforce development platform, and Degreed, the upskilling platform that connects learning to...
Orca Security Announces Global Partner Program to Bring Instant-On Security and Compliance to More Customers’ AWS, Azure, and GCP Estates (BusinessWire) Orca Security today announced a robust global partner program to further extend the reach of its SaaS-based platform for workload and data protection,
DH2i Launches Free DxEnterprise & DxOdyssey Developer Editions (DH2i) The DH2i team is excited to announce the launch of our free DxEnterprise and DxOdyssey Developer Edition software, available for trials and non-production use.
CompoSecure and Nok Nok Partner to deliver advanced security and authenticationSubscribeLatest PostsTwitterLatest PostsNewsletterNavigation (NokNok) Category leaders create an innovative solution to protect consumers and enable merchants to fight online fraud with a breakthrough “internet ID and payment card”
KMPG's Second Audit Confirms PureVPN's Claims of Being A Zero-Logs VPN Is Valid (MarketWatch) Aug 05, 2021 (AB Digital via COMTEX) --
5th Aug, 2021 - PureVPN has cultivated a formidable image for itself as one of the securest options to maintain your...
DigiCert Launches New Signing Service to Verify ID, Prevent Modification (eWEEK) DigiCert Document Signing Manager simplifies and secures the process of signing documents electronically.
CompTIA ISAO Adds Sophos' Real-Time Cybersecurity Threat Analysis... (Enterprise Security) Members of the ISAO have access to SophosLabs IntelixTM, which provides a quick analysis of known and unknown cybersecurity risks.
VMware Launches Vulnerability Management Module For Their Carbon Black Cloud Endpoint Sensor (Security Informed) Security and IT teams have recently been facing a tidal wave of highly publicized breaches stemming from unpatched vulnerabilities, such as the attacks originating from a zero-day Windows printer spooler vulnerability dubbed ‘PrintNightmare’ (CVE-2021-34527). These software vulnerabilities are a major threat vector that security teams need to address.
Google open-sources Allstar, a tool to protect GitHub repos (The Record by Recorded Future) Google has open-sourced today a project named Allstar that can be used to secure GitHub projects by constantly watching and enforcing a set of security policies with the hope of preventing basic security misconfigurations.
Top Value Added Distributor, Infinigate, Strengthens Cyber Solutions with Selection of CYREBRO's SOC Platform (PR Newswire) CYREBRO, the only interactive SOC platform solution for SMBs, today announced that Infinigate, Europe's largest purveyor of cyber security...
Concentric Ransomware Module Extends Data Governance Solution to Limit Exposure, Detect Attacks in Progress, and Improve Recovery (BusinessWire) Concentric Inc., a leading vendor of intelligent AI-based solutions for protecting business-critical data, announced today that it has extended its AI
Technologies, Techniques, and Standards
NIST Guidance Focuses on Creating 'Cyber Resiliency' (GovInfoSecurity) NIST is updating "cyber resiliency" guidance to focus on mitigating modern cyberthreats to IT networks, especially ransomware and nation-state attacks. A
NSA, DOD Watchdogs Partner to Complete Joint Evaluation of Certain Federal AI Use (Nextgov.com) It comes after a previous assessment was terminated.
More SolarWinds-style attacks are coming. Here’s how to stop them (Fast Company) Hacks that target the software-management supply chain are a scary new tool for cybercriminals. These steps could make them tougher to pull off.
Admin’s Nightmare: Combining HiveNightmare/SeriousSAM and AD CS Attack Path’s for Profit (Black Hills Information Security) Steve Borosh // The year of 2021 has presented some interesting challenges to securing Windows and Active Directory environments with new flaws that Microsoft has been slow to address. In June, @Harmj0y and @tifkin_ released some excellent research and a whitepaper discussing some potential attack paths with Active Directory Certificate Services (“AD CS”) (https://posts.specterops.io/certified-pre-owned-d95910965cd2). This was followed by a modified version of impacket (https://github.com/SecureAuthCorp/impacket/pull/1101) which provides […]
Design and Innovation
Apple’s Privacy Mythology Doesn’t Match Reality (Wired) The company’s claims cloak threats to millions of users’ iCloud, iMessage, and facial verification data.
Interview: Apple’s head of Privacy details child abuse detection and Messages safety features (TechCrunch) Last week, Apple announced a series of new features targeted at child safety on its devices. Though not live yet, the features will arrive later this year for users. Though the goals of these features are universally accepted to be good ones — the protection of minors and the limit of the spr…
Facebook is rebuilding its ads to know a lot less about you (The Verge) The stakes couldn’t be higher for Facebook to get this right.
Instagram's latest feature lets you limit comments and requests on popular posts (Engadget) Instagram has introduced new features called Limits and Hidden Words designed to limit hate and abuse on trending posts..
A Closer Look at Intel's Hardware-Enabled Threat Detection Push (SecurityWeek) SecurityWeek talked to Michael Nordquist (Intel’s business client planning director) to discover the chip giant’s role in securing the latest and future computers from the silicon level up
Legislation, Policy, and Regulation
2021 Annual Report on Implementation (Cyberspace Solarium Commission) In March 2020, the U.S. Cyberspace Solarium Commission made 82 recommendations to help the United States secure its interests in cyberspace. Since then, the Commission has produced five white papers, adding to this set of recommendations.
China eclipses Russia as the world's 'biggest bad' actor (TheHill) China’s antagonism appears to have ratcheted up recently, and it has gained influence on international bodies.
Opinion | How Do You Stop Beijing From Bullying? Take Away Its Prada Bags (Wall Street Journal) China punishes Ericsson for Sweden’s exclusion of Huawei. The West can strike back if it unites.
Ex-GCHQ cyber chief: Wars still can’t be lost by cyber alone ( The Jerusalem Post | JPost.com ) Former British GCHQ cyber chief Marcus Willett said on Tuesday that, “I do not think wars can be lost in cyberspace alone.”
Former NCSC chief: Biden trumps Trump in cyber response (Verdict) Former NCSC CEO Ciaran Martin gives Biden "top marks" for cyber policy while contrasting it with the "neglect" by his predecessor Donald Trump.
Opinion | An undeclared war is breaking out in cyberspace. The Biden administration is fighting back. (Washington Post) Some surprisingly public moves at the secretive NSA are one indication of the seriousness of the threat.
App Store Competition Targeted by Bipartisan Senate Bill (Wall Street Journal) The bipartisan measure would put new curbs on how app stores operate and do business with developers, the latest sign of lawmakers’ concerns over Apple’s and Google’s dominance in the mobile ecosystem.
US lawmakers introduce bill to break Apple and Google's app store monopolies (Computing) The bill aims to set 'fair, clear, and enforceable' rules to protect competition within the app market
Businesses Push to Shape Federal Rules for Disclosing Hacks (Wall Street Journal) Companies are pushing to narrow legislation that would require them to report cyberattacks to the U.S. government, as a series of hacks has added momentum to a nearly decadelong effort in Congress to approve such a law.
The Cybersecurity 202: The bipartisan infrastructure bill could bring a cyber bounty for state and local governments (Washington Post) The mammoth bipartisan infrastructure deal that passed the Senate this week includes a $1 billion pot of cybersecurity money to help state and local governments battered by ransomware and other digital attacks.
US Crypto Companies, Venture Investors Voice Concern Over Infrastructure Bill (Crunchbase News) Even as the U.S. House readies to debate the proposed $1 trillion infrastructure bill, crypto companies and investors are worried that unclear and hazy language concerning the industry could increase federal regulations and stifle innovation and investment in the country.
Japanese State Minister of Defense Nakayama visits U.S. Cyber Command (U.S. Cyber Command) Yasuhide Nakayama, State Minister of Defense for Japan, visited U.S. Cyber Command at Ft. Meade on August 9, 2021 to meet with senior leaders.
Litigation, Investigation, and Law Enforcement
Canada lawyer: Huawei CFO committed "commercial dishonesty" (AP NEWS) A senior executive for Chinese communications giant Huawei Technologies committed fraud because of what she said during a meeting with a bank official, and what she did not say, a Canadian government lawyer told an extradition hearing Wednesday.
US granted more grounds to appeal on Assange extradition (Washington Post) Britain’s High Court on Wednesday granted U.S. authorities permission to expand their grounds for appealing an earlier U.K. court decision to block the extradition of WikiLeaks founder Julian Assange, where he is wanted on espionage charges.
BREAKING: Mossad Sought to Recruit Israeli Employee to Spy on Kaspersky (Tikun Olam תיקון עולם) Israeli cyber-security researcher, Ido Naor, runs his own company, Security Joes, helping businesses protect their cyber-infrastructure from attack. He also lectures at Bar Ilan University. Between 2015-2019, he was Kaspersky Labs' Israel representative. He's written
Cyber experts: Criticism of NSO likely part of ‘orchestrated effort to harm Israel’ (Jewish News Service) “We are facing BDS attempts, and we have to confront them. This is all part of the same campaign, and we have to develop a strategy,” said Israel Defense Forces’ Col. (res.) Gabi Siboni, an expert in cyber security, military strategy and technology.
Dominion’s lawsuits against Trump allies can move forward after judge rejects arguments (Washington Post) A federal judge on Wednesday denied requests by former president Donald Trump’s former lawyers and allies to throw out more than $3 billion in defamation lawsuits over false claims that a voting machine company’s technology was used to rig the 2020 presidential election.
How GrayShift Keeps its iPhone Unlocking Tech Secret (Motherboard) Copies of non-disclosure and other agreements obtained by Motherboard show the kind of information that iPhone unlocker Grayshift tells police to keep secret.