Attacks, Threats, and Vulnerabilities
Suspected Pakistani actor modifies its custom remote access trojan with nefarious new capabilities (PR Newswire) Black Lotus Labs, the threat intelligence arm of Lumen Technologies (NYSE: LUMN), today announced that ReverseRat – the remote access trojan it...
ReverseRat Reemerges with a (Night)Fury New Campaign and New Developments, Same Familiar Side-Actor - Lumen (Lumen) We have continued to track this actor and recently uncovered an updated version of the ReverseRat agent, which we are calling ReverseRat 2.0.
Pakistan’s cyber-attack malware mutates, adopts nefarious new capabilities (India Today) A Pakistan-originated malware that previously targeted the power sector and government organisations in India and Afghanistan, has developed the ability to adopt new cyber-attack capabilities.
Threat Thursday: Ficker Infostealer Malware (BlackBerry) Ficker is a Malware-as-a-Service (MaaS) information stealer that targets victims’ web browsers, credit card information, crypto-wallets and FTP clients. The malware can also download additional malware once a system is successfully compromised.
Crypto-mining botnet modifies CPU configurations to increase its mining power (The Record by Recorded Future) A crypto-mining botnet is modifying CPU configurations on hacked Linux servers in order to increase the performance and output of its cryptocurrency mining code.
Trend Micro Confirms In-the-Wild Zero-Day Attacks (SecurityWeek) Security vendor Trend Micro has issued a warning for in-the-wild zero-day attacks hitting customers using its Apex One and Apex One as a Service products.
Hackers tried to exploit two zero-days in Trend Micro's Apex One EDR platform (The Record by Recorded Future) Cyber-security firm Trend Micro said hackers tried to exploit two zero-day vulnerabilities in its Apex One EDR platform in an attempt to go after its customers in attacks that took place earlier this year.
Ransomware group demanding US$50M in Accenture security breach: cyber firm (CRN Australia) According to dark web and cybercrime monitoring firm.
Ransomware Gang Leaks Files Allegedly Stolen From Accenture (SecurityWeek) Accenture has confirmed being targeted by hackers, just as LockBit ransomware operators started leaking thousands of files allegedly stolen from the company.
Google Bans Location Data Firm Funded by Former Saudi Intelligence Head (Vice) SafeGraph sells smartphone location data to essentially anyone. Google banned the company in June.
Microsoft Confirms (Yet Another) PrintNightmare Flaw as Ransomware Actors Pounce (SecurityWeek) Microsoft released a pre-patch advisory to confirm a severe new PrintNightmare vulnerability (CVE-2021-36958) and CrowdStrike warns that ransomware actors are already launching exploits.
Microsoft discloses another Windows print vulnerability (CRN Australia) A day after company released more updates.
Microsoft says update now as PrintNightmare security threat return once again (TechRadar) New bug also doesn’t have a fix yet
DoubleVerify Neutralizes ‘SmokeScreen,’ a New Global CTV Fraud Scheme Using Screensavers to Hijack Streaming Devices (Yahoo) DoubleVerify ("DV"), (NYSE: DV), a leading software platform for digital media measurement, data and analytics, has identified a new Connected TV (CTV) advertising fraud scheme, dubbed "SmokeScreen," which caused screensavers to hijack CTV devices to generate impressions — even when the screen is off. DV’s Fraud Lab, consisting of a dedicated team of data scientists, mathematicians and researchers focused on protecting clients and partners from all manner of fraudulent
SynAck ransomware gang releases decryption keys for old victims (The Record by Recorded Future) The El_Cometa ransomware gang, formerly known as SynAck, has released today master decryption keys for the victims they infected between July 2017 and early 2021.
Hackers netting average of nearly $10,000 for stolen network access (ZDNet) The single most expensive offering seen by Intsights researchers was being offered for about $95,000.
Network Access For Sale: How much are the keys to your castle? (IntSights) Cybercriminals are getting the keys to company networks for just a few thousand dollars.
Selling Breaches: The Transfer of Enterprise Network Access on Criminal Forums (IntSights) Transactions of unauthorized access to compromised enterprise networks are available on criminal websites
Notice of Recent Cyber Threats to the Marine Transportation System (Homeland Security Today) The Marine Transportation System (MTS) should be on heightened alert as a result of two recent developments.
Brooklyn Tech students uncovered an NYC schools data breach (Bklyner) Teachers’ social security numbers, student academic records, and families’ home addresses are among the dozens of pieces of information a group of tech-savvy high school students stumbled across on Google Drive this year, reports Chalkbeat's Pooja Salhotra.
Months after the Accellion breach, more victims emerge (SearchSecurity) Guidehouse, a victim of the Accellion breach, was still notifying clients this summer that may have been impacted through the third-party service.
Japanese manufacturer Murata apologizes for data breach (ZDNet) A subcontractor downloaded a database with sensitive bank account information from employees and business partners of the company.
Important Notice Regarding Your Personal Information (Huntington National Bank) On behalf of the Huntington National Bank ("Huntington") I am writing to inform you about an incident that involved personal information about you that was maintained by TCF National Bank ("TCF") before Huntington acquired TCF.
Security Patches, Mitigations, and Software Updates
August 2021 ICS Patch Tuesday: Siemens, Schneider Address Over 50 Flaws (SecurityWeek) Siemens and Schneider Electric release 18 advisories addressing a total of more than 50 vulnerabilities affecting their products.
Cognex In-Sight OPC Server (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Cognex
Equipment: In-Sight OPC Server
Vulnerability: Deserialization of Untrusted Data
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow a remote attacker access to system level permissions and local privilege escalation.
Horner Automation Cscape (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Horner Automation
Equipment: Cscape
Vulnerabilities: Out-of-bounds Write, Access of Uninitialized Pointer, Out-of-bounds Read
2. RISK EVALUATION
Successful exploitation of these vulnerabilities may allow code execution in the context of the current process.
Sensormatic Electronics C-CURE 9000 (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls
Equipment: C-CURE 9000
Vulnerability: Improper Input Validation
2.
Trends
Data Exposure Increases as Employees Head for the Doors (Code42) Analysis of data-exposure telemetry from Code42 Incydr devices shows a clear trend: data is leaving organizations fast. Get the key findings.
Top Attack Vectors: July 2021 - Expel (Expel) This report dives into the top attack vectors and trends among the incidents our SOC investigated in July 2021. Learn our key recommendations to protect your org from these types of attacks.
Marketplace
A-LIGN to Accelerate Growth, Expand A-SCEND's Software Capabilities and Services Offerings for SOC 2, ISO 27001, HITRUST, FedRAMP, CMMC and More with Strategic Investment from Warburg Pincus (PR Newswire) Warburg Pincus, a leading global growth investor, announced a strategic investment in A-LIGN, a high-growth provider of cybersecurity and...
NortonLifeLock shares boom amid $8 billion acquisition plans (Fortune) NortonLifeLock shares are soaring a day after the security firm said it would acquire antivirus rival Avast.
NortonLifeLock shares boom amid $8 billion acquisition plans (Fortune) NortonLifeLock shares are soaring a day after the security firm said it would acquire antivirus rival Avast.
Norton and Avast are merging into an $8 billion antivirus empire (The Verge) The deal combines decades of cyber security experience.
Army Awards Contract For Major Crypto Update (Breaking Defense) “NGLD-M will be the biggest material change in cryptographic key delivery in 20 years,” Michael Badger, product lead of COMSEC, said.
GAO to decide WildandStormy bid protest outcome by Oct. 29 (FedScoop) The Government Accountability Office will decide the outcome of a bid protest filed by Microsoft over a billion-dollar cloud procurement involving the National Security Agency by Oct. 29. A GAO spokesperson confirmed to FedScoop that the agency had received a complaint from the tech giant, and outlined a timeline for the bid protest process. Under procurement […]
Group-IB Recognized as a Global Cyber Threat Intelligence Leader by Frost & Sullivan (PR Newswire) Group-IB, one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigation...
'It's a mess' - Calls made for cyber industry to do more in tackling security skills shortages (CRN) Business leaders tell CRN that companies must offer more training to close security skills gap
Socure is Named to the 2021 Forbes Cloud 100 List of the Best Private Cloud Companies in the World (BusinessWire) Socure, the leading provider of digital identity verification and fraud solutions, today announced it has been named to the Forbes 2021 Cloud 100, the
Products, Services, and Solutions
New 'Allstar' App Enforces Security Best Practices for GitHub Projects (SecurityWeek) New open source app Allstar, developed by Google, provides automated continuous enforcement of security best practices for GitHub projects.
Red Canary Partners with SentinelOne for Edge to Edge Next-Generation Security (AiThority) SentinelOne, cybersecurity platform, announced a new partnership with Red Canary, a leading provider of security operations solutions.
Cellebrite Introduces New Professional Services To Help Public Safety Agencies And Fortune 1000 Companies Transform Investigations With Digital Intelligence (Officer.com) Expanded Service Offerings Are Designed to Help Customers Unlock the Full Potential Of Digital Intelligence Solutions
Veriff Expands Services to 39 Languages (EIN News) Veriff adds four new languages to meet growing global customer demand.
Zignal Labs takes media intelligence real time (ZDNet) News travels fast these days. Zignal Labs is one of an emerging group of providers that are venturing beyond social media monitoring to provide a broader, real-time picture of what's hot and what's not.
Recorded Future Integrates with Microsoft Defender for Endpoint for Continuous Threat Protection (PR Newswire) Recorded Future, one of the world's largest providers of intelligence for enterprise security, today announced it has further strengthened its...
Technologies, Techniques, and Standards
If nothing is trustworthy in cyberspace, does AI even have a chance? (CTECH) “The challenge to embed trust into complex and automated AI-driven processes is a cross-industry phenomenon, as it ultimately stems from AI’s unique and inherent characteristics,” writes Eyal Balicer of Citi
Center for Internet Security (CIS) v8 – Why You Should Care (Black Hills Information Security) Dale Hobbs // The Center for Internet Security (CIS) Controls are a recommended set of highly effective defensive actions for cyber defense that provide specific and actionable methods to prevent the most dangerous and pervasive cyber-attacks. They were initially developed by the SANS Institute and were originally known as the SANS Critical Security Controls. They are the combined knowledge of a variety of industry experts from every market into what is effectively […]
You survived the SolarWinds hack. Now what? (Data Center Dynamics) Maybe your organization only suffered a minor intrusion - but you need to protect against future events
The Missing Links in Customer Data Protection (The Wise Marketer) As companies around the world become increasingly digitized, the relevance of data protection has become an important topic. In this context, data is information that’s typically provided through digital analysis programmes or other means of information documentation. Companies of all kinds gather customer data for the purpose of gaining deeper insights into consumer behavior. This […]
Design and Innovation
WSJ News Exclusive | Apple Executive Defends Tools to Fight Child Porn, Acknowledges Privacy Backlash (Wall Street Journal) A senior Apple executive defended the company’s new software to fight child pornography, revealing greater detail about safeguards in place to protect the tools from abuse. The plans had raised concerns about an erosion of privacy on the iPhone.
EXCLUSIVE Apple's child protection features spark concern within its own ranks -sources (Reuters) A backlash over Apple's move to scan U.S. customer phones and computers for child sex abuse images has grown to include employees speaking out internally, a notable turn in a company famed for its secretive culture, as well as provoking intensified protests from leading technology policy groups.
Marginalized streamers beg Twitch to ‘do better’ in wake of hate raids, poor pay (Washington Post) During an Aug. 6 broadcast, the Twitch streamer RekItRaven — who is Black and uses they/them pronouns — emotionally described a series of traumatic, real-life experiences that informed who they are today.
TikTok to add more privacy protections for teenaged users, limit push notifications (TechCrunch) TikTok today becomes the latest tech company to roll out increased protections for minors on its platform in the wake of increased regulatory scrutiny. The company says it will introduce a series of product changes for teen users aged 13 to 17, aimed at making their TikTok experience more private, …
Academia
Officials tell schools not to pay ransomware demands. Parents disagree, survey finds (EdScoop) A survey from the cybersecurity firm Kaspersky found that 72% of parents of school-aged kids would support schools paying to avoid the leaks of stolen data.
Legislation, Policy, and Regulation
China Signals More Regulation for Businesses in Coming Years (Bloomberg) Authorities release five-year plan to strengthen rule of law. Calls for greater law enforcement across a range of sectors.
Why the Quad Alarms China (Foreign Affairs) The Quad's success poses a major threat to Beijing’s ambitions.
How Israeli Diplomacy Paved the Way for NSO Deals (Foreign Policy) FP Playlist features the Haaretz Weekly podcast in an episode about the NSO Group and its surveillance software Pegasus.
Beware of Pegasus (Philstar.com) An Israeli company called NSO Group has created a spyware tool called Pegasus that gives its users an extraordinary ability to surveil and steal secrets from anyone who carries a smartphone.
NSO's Employees Sleep Soundly Even as Journalists, Rights Activists Targeted By Pegasus Do Not (The Wire) Had Hannah Arendt been alive, she would have been intrigued by the banality of the employees of Israeli surveillance companies and government officials whose spyware and export licenses help undermine democracy.
Lawmakers Want Federal Cybersecurity Leaders' Roles Clarified (BankInfoSecurity) In a letter sent to National Cyber Director Chris Inglis this week, a bipartisan group of lawmakers says clearer lines of demarcation are needed to better define
Cybersecurity legislation included in infrastructure plan sets aside $1 billion for local governments (American City and County) Last month, while senators were debating the recently passed $1.2 trillion Infrastructure Investment and Jobs Act, a ransomware attack targeting Miami-base
App Store Competition Targeted by Bipartisan Senate Bill (Wall Street Journal) The bipartisan measure would put new curbs on how app stores operate and do business with developers, the latest sign of lawmakers’ concerns over Apple’s and Google’s dominance in the mobile ecosystem.
Jen Easterly Sworn in as New CISA Director (Homeland Security Today) Jen Easterly was sworn in Monday to lead the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security.
Litigation, Investigation, and Law Enforcement
Audit: Some Navy sub cybersecurity inspections were neglected in recent years (Military Times) Submarines of Naval Submarine Force Pacific and their tenders did not receive the required internal and external cybersecurity inspections in recent years, raising the specter of cyber vulnerability among some of the sea service’s most potent platforms.
‘Proud of Being Able to Speak the Truth’: Journalist Nidhi Razdan on her Cyber Attack (Inter Press Service) Sania Farooqui is a journalist and filmmaker based out of New Delhi.
Mesa County, Colo., Looks into Elections Data Breach (GovTech) Both the district attorney's office in Mesa County, Colo., and the Colorado Secretary of State's Office are examining the details of an alleged data breach that exposed passwords for local elections equipment.
Apple drops controversial lawsuit against Corellium (The Daily Swig) Fears of chilling effect on security tool development lifted
Petco Reaches Deal to Settle Data Breach Negligence Allegations (Bloomberg Law) Petco Animal Supplies Inc. and one of its business units are moving for preliminary approval of a settlement with plaintiffs in a California federal court to resolve allegations it acted negligently and left customer data susceptible to a breach.
Tucker Carlson Says He Felt Like a ‘Lunatic’ for Sharing NSA Spying Theory (Yahoo) Tucker Carlson said Wednesday that he felt like “a lunatic” and “a nutcase” when he went public with his concerns the National Security Agency is spying on him. In a chat with Glenn Beck one day after the NSA’s inspector general announced an inquiry into his weeks-old claims, he said, “I felt like kind of a lunatic. You don’t want to go on TV — I mean, would you want to go on air and say, ‘They’re spying on me?’ No, you sound like a nutcase, but I didn’t feel like I had a choice.” In June, the s
Bolsonaro Sent His Son to the MyPillow Guy’s Cyber Conference for Some Reason (Vice) Brazil’s election is more than a year away, but the embattled president is already spreading conspiracy theories about rigged voting machines.
