Attacks, Threats, and Vulnerabilities
The Taliban Have Seized U.S. Military Biometrics Devices (The Intercept) Biometric collection and identification devices were seized last week during the Taliban’s offensive.
Facebook ‘Proactively’ Removing Taliban Content, Executive Says (Bloomberg) A Facebook Inc. executive said the company is “proactively” removing content from its platforms that promotes the Taliban as the group seizes power in Afghanistan.
WhatsApp shuts down Taliban helpline in Kabul (Financial Times) Complaints number meant to act as emergency hotline for civilians to report violence and looting
WhatsApp Can’t Ban the Taliban Because It Can’t Read Their Texts (Vice) The Taliban are using the Facebook-owned chat app to spread messages to Afghan citizens as they take over the country.
Afghans are being evacuated via WhatsApp, Google Forms, or by any means possible (MIT Technology Review) The only hope for many caught by the Taliban takeover is a chaotic and sometimes risky online volunteer response.
Watering hole attack found on popular North Korean-themed news site (The Record by Recorded Future) A North Korean cyber-espionage group has breached one of the most popular North Korean-themed news sites on the internet in order to carry out a watering hole attack and infect some of the site's visitors with malware.
North Korean hackers use browser exploits to drop malware (iTnews) Malicious code disguised in legitimate code.
North Korean APT InkySquid Infects Victims Using Browser Exploits (Volexity) Volexity recently investigated a strategic web compromise (SWC) of the website of the Daily NK (www.dailynk[.]com), a South Korean online newspaper that focuses on issues relating to North Korea. Malicious code on the Daily NK website was observed from at least late March 2021 until early June 2021.
Chinese espionage tool exploits vulnerabilities in 58 widely used websites (The Record by Recorded Future) A security researcher has discovered a web attack framework developed by a suspected Chinese government hacking group and used to exploit vulnerabilities in 58 popular websites to collect data on possible Chinese dissidents.
Govt hackers impersonate HR employees to hit Israeli targets (BleepingComputer) Hackers associated with the Iranian government have focused attack efforts on IT and communication companies in Israel, likely in an attempt to pivot to their real targets.
Suspected Russian operatives tried to stir far-right outrage about COVID-19 on 4chan (CyberScoop) Operators of an apparent Russian propaganda campaign shared coronavirus disinformation in an effort to influence the American far-right, according to a report out Tuesday by cybersecurity firm Recorded Future.
Operation Secondary Infektion Continues Targeting Democratic Institutions and Regional Geopolitics (Recorded Future) Operation Secondary Infektion is a longstanding information operation of likely Russian state-sponsored origin.
Brazilian National Treasury hit with ransomware attack (ZDNet) Assessments so far did not find damage to key systems, according to the government.
Ransomware attack didn't "structurally damage" Treasury Department (The Brazilian Report) A ransomware attack on the Treasury Department's systems did not affect the platform running Brazil's treasury bonds, authorities say.
T-Mobile Says Hackers Stole Information on More Than 40 Million People (Wall Street Journal) The cellphone carrier said the stolen data included first and last names, birth dates, social-security numbers and driver’s license information from a subset of current and potential customers.
T-Mobile Offers Free Identity Theft Protection After Hackers Steal Data on Millions of Customers (Gizmodo) Data on at least 49 million T-Mobile customers was compromised.
T‑Mobile Shares Additional Information Regarding Ongoing Cyberattack Investigation (T-Mobile Newsroom) As we shared yesterday, we have been urgently investigating the highly sophisticated cyberattack against T‑Mobile systems, and in an effort to keep our customers and other stakeholders informed we are providing the latest information we have on this event and some additional details.
T‑Mobile Cybersecurity Incident Update (T-Mobile Newsroom) We have been working around the clock to investigate claims being made that T‑Mobile data may have been illegally accessed. We take the protection of our customers very seriously and we are conducting an extensive analysis alongside digital forensic experts to understand the validity of these claims, and we are coordinating with law enforcement.
FBI warns of credential stuffing attacks against grocery and food delivery services (The Record by Recorded Future) The FBI says that hackers are using credential stuffing attacks to hijack online accounts at grocery stores, restaurants, and food delivery services in order to drain user funds through fraudulent orders and to steal personal or financial data.
BlackBerry resisted announcing major flaw in software powering cars, hospital equipment (POLITICO) The former smartphone maker turned software firm resisted announcing a major vulnerability until after federal officials stepped in.
Millions of Web Camera and Baby Monitor Feeds Are Exposed (Wired) A vulnerability in the Kalay platform leaves countless IoT devices susceptible to hackers.
Video surveillance network hacked by researchers to hijack footage (Naked Security) Home automation. Internet of Things. Cloud management. And a security bug that could let other people watch you online…
Mandiant, CISA urge ThroughTrek customers to fix software bug in millions of baby monitors, cameras (CyberScoop) A flaw in software used by millions of smart home devices could allow hackers to intercept audio and video data on equipment such as baby monitors and web cameras, security researchers said Tuesday. The vulnerability is in a software protocol made by Taiwanese internet of things (IoT) vendor ThroughTek, which has customers including the Chinese electronics giant Xiaomi.
FireEye, CISA Warn of Critical IoT Device Vulnerability (BankInfoSecurity) FireEye researchers and CISA are warning about a critical vulnerability that could allow an attacker to gain remote access to compromised IoT devices, such as
Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices (FireEye) We disclose a critical vulnerability affecting millions of Internet of Things devices that use the ThroughTek “Kalay” network.
Defending Your Network from RockYou2021 (Specops Software) In June 2021, a large data dump was posted to a popular internet hacking forum. This dataset was termed “rockyou2021,” named after the popular password...
Houdini Malware Returns and Amazon's Sidewalk Enter Corporate Networks (SecurityWeek) An analysis of more than 250 billion network flows during Q2 2021 shows increasing threats, a new use of an old malware, and the growing incidence of consumer devices in the workplace
High-Severity Command Injection Vulnerability Found in Fortinet Firewall (SecurityWeek) Researchers have discovered an OS command injection vulnerability in a Fortinet firewall, and while it has been classified as high severity, the actual risk of exploitation in the wild is low.
Rural Sewage Plants Hit by Ransomware Attacks in Maine (SecurityWeek) A pair of ransomware attacks on sewage treatment plants in rural Maine communities demonstrates that small towns need to be just as vigilant as larger communities in protecting against hackers, local officials said.
Video surveillance network hacked by researchers to hijack footage (Naked Security) Home automation. Internet of Things. Cloud management. And a security bug that could let other people watch you online…
Chase bank accidentally leaked customer info to other customers (BleepingComputer) Chase Bank has admitted to the presence of a technical bug on its online banking website and app that allowed accidental leakage of customer banking information to other customers.
Indiana notifying 750K after COVID-19 tracing data accessed (AP NEWS) Indiana health officials said Tuesday they are notifying nearly 750,000 state residents that a cybersecurity company “improperly accessed" their personal data from the state's online COVID-19 contact tracing survey — a description the company disputed as a “falsehood."
Cyber company obtains data from 750,000 Hoosiers in attack on Indiana COVID tracing survey (Indianapolis Star) State health officials say no medical or Social Security information was obtained from people who have responded to contact tracing survey.
Counterfeit COVID Vaccine Card Market Takes Hold in the U.S. and Europe (Flashpoint) As authorities struggle to balance the commercial reopenings with public health concerns, business owners, local administrators, and public health officials are turning to proof of COVID-19 vaccination as a method for filtering access to goods and services. In some major cities around the U.S., access to indoor spaces is now contingent on a person’s ability […]
A bug in a medical startup’s website put thousands of COVID-19 test results at risk (TechCrunch) A customer who had a COVID-19 test found the website vulnerability that allowed access to other people's personal information.
Healthcare provider expected to lose $106.8 million following ransomware attack (The Record by Recorded Future) Scripps Health, a California-based nonprofit healthcare provider that runs five hospitals and 19 outpatient facilities, said it expects to lose an estimated $106.8 million following a ransomware attack that hit the organization in May 2021.
Conti ransomware prioritizes revenue and cyberinsurance data theft (BleepingComputer) Training material used by Conti ransomware affiliates was leaked online this month, allowing an inside look at how attackers abuse legitimate software seek out cyber insurance policies.
Security Patches, Mitigations, and Software Updates
ThroughTek Kalay P2P SDK (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.6
ATTENTION: Exploitable remotely/low attack complexity
Vendor: ThroughTek
Equipment: Kalay P2P SDK
Vulnerability: Improper Access Control
2. RISK EVALUATION
Successful exploitation of this vulnerability could permit remote code execution and unauthorized access to sensitive information, such as to camera audio/video feeds.
Advantech WebAccess/NMS (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 5.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Advantech
Equipment: WebAccess/NMS
Vulnerability: Improper Authentication
2. RISK EVALUATION
Successful exploitation of this vulnerability could lead to the exposure of resources or functionality and could result in sensitive information disclosure.
xArrow SCADA (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.1
ATTENTION: Exploitable remotely/low attack complexity
Vendor: xArrow
Equipment: xArrow SCADA
Vulnerabilities: Cross-site Scripting, Improper Input Validation
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could result in remote code execution.
Multiple RTOS (Update C) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendors: Multiple
Equipment: Multiple
Vulnerabilities: Integer Overflow or Wraparound
CISA is aware of a public report, known as “BadAlloc” that details vulnerabilities found in multiple real-time operating systems (RTOS) and supporting libraries.
Trends
Ransomware attacks surge by over 150% in 2021 (Atlas VPN) Businesses and people around the world suffer ransomware attacks every day. Exceptionally since the pandemic started, we hear more and more about hackers abusing vulnerabilities.
Half of Cyberattacks are Launched by Repeat Offenders (Softpedia) A new Ponemon survey uncovers some alarming findings about the cybersecurity strategies of various companies
The retail sector became a top target for ransomware and data-theft extortion attacks during the pandemic in 2020, according to Sophos research (Manila Bulletin) Sophos published the “State of Ransomware in Retail,” which looks at the extent and impact of ransomware attacks on mid-sized retail organizations worldwide during 2020.
The State of Ransomware in Retail 2021 (Sophos) Based on an independent survey of 435 IT decision makers, this report shares new insights into the current state of ransomware in the retail sector. I
Marketplace
This Russian Cyber Mogul Planned To Take His Company Public. Then America Accused It Of Hacking For Putin’s Spies. (Forbes) The entrepreneur behind $1 billion company hit with U.S. sanctions insists he just wants to help protect all companies from hackers. U.S. security officials don’t buy it.
InfoSum Raises $65 Million as Companies Prioritize Data-Privacy (Wall Street Journal) InfoSum sees an opportunity to boost growth as companies rely on new techniques for collecting data amid tighter privacy regulations and a rise in digital media consumption and e-commerce, said InfoSum Chief Executive Officer and Chairman Brian Lesser.
HID Global Acquires Omni-ID to Extend Its RFID Leadership (BusinessWire) HID Global today announced that it has acquired Omni-ID, a leading manufacturer of RFID tags and industrial IoT hardware devices.
Carlyle-Backed Syniverse Set to Merge With M3-Brigade SPAC (Bloomberg) Deal values combined company at $2.85 billion including debt. Mobile communications firm counts AT&T, Verizon as customers.
EQT to exit cybersecurity company Utimaco Verwaltungs to SGT Capital (AltAssets Private Equity News) SGT Capital has agreed to acquire German cybersecurity business Utimaco Verwaltungs from fellow buyout house EQT.
ARCYBER seeks Endpoint Security Solution as a Service (Intelligence Community News) On August 16, the Army Cyber Command (ARCYBER) posted a sources sought notice for an endpoint security solution as a service.
Detectify Teams up with Hackers for Change to Benefit Security and Ethical Hacking Communities, Bolster Security for Non-profit Organizations (Detectify Blog) Detectify Teams up with Hackers for Change to Benefit Security and Ethical Hacking Communities, Bolster Security for Non-profit Organizations.
Israeli phone-hacking firm Cellebrite says 'has chosen' to halt sales to Bangladesh (Haaretz) Cellebrite also says it will form an ethics committee to review potential clients – a decision that is probably prompted by the firm's plans to go public this year
Huawei vows to return to the smartphone 'throne' despite U.S. sanctions crippling its business (CNBC) Under the Trump administration, Huawei was put on an export blacklist and cut off from key semiconductors required for its smartphones.
Google Awards $42,000 for Two Serious Chrome Vulnerabilities (SecurityWeek) Google on Monday announced that a security update released for the Chrome web browser patches several high-severity vulnerabilities.
Donovan named customer engagement lead of Raytheon Intelligence and Space (Inside Defense) Raytheon announced today it has named former under secretary of defense for personnel and readiness Matt Donovan as vice president of customer engagement and solutions within its intelligence and space business.
Optiv Security Strengthens its Cybersecurity Solutions Investment with the Addition of Three Senior Services Leaders (Optiv) Optiv announces the appointments of three vice presidents to support Managed XDR, innovation and development and security operations.
Financial Crime Risk Authority and Industry Pioneer Debra Geister Joins Socure as Vice President of Product Commercialization, Compliance, and Regulatory (BusinessWire) Socure, the leading provider of digital identity verification and fraud solutions, today announced the continued growth of its executive leadership te
Veteran Fraud Expert Mike Cook Joins Socure to Lead Commercialization and Increase Market Penetration of Its Industry-Leading Fraud Prediction Solutions (BusinessWire) Socure, the leading provider of digital identity verification and fraud solutions, today announced the expansion of its executive leadership team with
Mandiant Appoints Vikram Ramesh as Chief Marketing Officer (Yahoo Finance) MILPITAS, Calif., August 17, 2021--Vikram Ramesh to drive marketing strategy and amplification around the Mandiant brand.
Victim of $813 million cyber attack offers its hacker a job (The Straits Times) The hacker claimed the attack against the PolyNetwork platform was an act of "hacking for good" to "save the project".. Read more at straitstimes.com.
Products, Services, and Solutions
1898 & Co. Managed Threat Detection & Response, Powered by the Dragos Platform, Successfully Expands into Smart Manufacturing (PR Newswire) 1898 & Co., a leading industrial control system (ICS) cybersecurity consulting and solutions provider, and Dragos, Inc., a global leader in...
GitGuardian Now Available on the GitHub Marketplace (GitGuardian Blog - Automated Secrets Detection) Today, we're excited to launch GitGuardian on the GitHub Marketplace.
With this integration, more developers will find it easier to connect GitGuardian to their GitHub accounts and monitor their repositories for hardcoded credentials.
Check Point CloudGuard Integrates with AWS CloudFormation Public Registry at launch (Check Point Software) By Jonathan Maresky, Cloud Product Marketing Manager, published June 21, 2021 The three pillars of CloudGuard are “Security · Automated · AWS security is enhanced by CloudGuard. Read about AWS CloudFormation Public Registry which integrates with CloudGuard Network Security at launch.
Leveraging Digital Shadows’ Premium Services (Digital Shadows) Maximize your investment in SearchLight with Digital Shadows Premium Services: Advisory Services and Custom Intelligence Services.
Technologies, Techniques, and Standards
Brazilian IFF programme makes cyber progress (Shephard Media) Important data encryption elements are falling into place in the Brazilian Air Force IFF programme.
Council Post: The Role Of A CISO In Building A Modern Cybersecurity Culture (Forbes) The role of a CISO is changing as the cybersecurity landscape becomes more technical and complex with the ever-evolving intricacies of threats.
Design and Innovation
Apple’s Double Agent (Vice) He spent years inside the iPhone leaks and jailbreak community. He was also spying for Apple.
Twitter Will Let Users Report Misinformation for First Time (Bloomberg) Not all flagged tweets will be reviewed by fact checkers. Experiment will run in the U.S., Australia and South Korea.
Academia
PSU gets $2 million NSA grant to study cybersecurity (KATU) Portland State University now has $2 million to study cybersecurity within the power grid.
Endpoint Resilience Report | Education Edition 2020/21 (Absolute) Distance Learning’s Impact on Education IT is the landmark report on key trends and new threats in the 20/21 school year, providing a strategic blueprint for IT teams tasked with supporting modern learning environments. Know the risks. Adapt your approach. Download the report now.
Check Point Research: Education sector sees 29% increase in attacks against organizations globally (Check Point Software) Check Point Research (CPR) observes a steady increase in the average number of cyberattacks per organization weekly, with the education/research sector
Legislation, Policy, and Regulation
Taliban’s de facto leader arrives in Afghanistan as group declares ‘amnesty’ for government officials (Washington Post) Taliban co-founder and de facto leader Abdul Ghani Baradar arrived in Afghanistan on Tuesday for the first time in more than a decade, returning to the group’s birthplace in the southern city of Kandahar just days after his fighters swept to power across the country.
Taliban announces ‘amnesty,’ urges women to join government (Military Times) While there were no major reports of abuses or fighting in the capital of Kabul as the Taliban now patrol its streets, many residents have stayed home and remain fearful after the insurgents’ takeover saw prisons emptied and armories looted.
Taliban in power may find themselves fighting their own insurgents (the Guardian) Analysis: new regime may face enemy composed not of fighters loyal to former US-backed government but those who see new rulers as sellouts
What’s at stake for women in Afghanistan (Quartz) Afghan women have the most to lose under Taliban rule, including their life and safety.
Intelligence Warned of Afghan Military Collapse, Despite Biden’s Assurances (New York Times) Even as the president was telling the public that Kabul was unlikely to fall, intelligence assessments painted a grimmer picture.
‘Answer to Afghan people’ — Afghan journalist who survived the Taliban asks the Pentagon what happens now (Task & Purpose) Afghan journalist Nazira Karimi expressed her frustration at the Taliban’s swift return to power at a Pentagon press briefing on Monday.
‘There Is No Afghan Government’: NATO Stops Aid To Afghanistan As Taliban Take Over (Defense One) Stoltenberg says aid could resume to an “inclusive government." And at the White House: “We will have to take a hard look at how we proceed on any basis at all.”
EU says it will work with Taliban only if human rights respected (Reuters) The EU will only cooperate with the Taliban if they respect fundamental rights, including those of women, and prevent the use of Afghanistan's territory by terrorists, the bloc's foreign policy chief said on Tuesday.
Withdrawal from Afghanistan forces allies and adversaries to reconsider America’s global role (Washington Post) President Biden’s decision to withdraw from Afghanistan has triggered a globe-spanning rethink of America’s role in the world, as European allies discuss their need to play a bigger part in security matters and Russia and China consider how to promote their interests in a Taliban-led Afghanistan.
Biden Rattles U.K. With His Afghanistan Policy (New York Times) Britain was the second-largest supplier of troops to Afghanistan, and the United States’ rapid withdrawal from the country has left some embittered.
72 hours at Camp David: Inside Biden’s lagging response to the fall of Afghanistan (Washington Post) Marine One lifted off Friday at 1:36 p.m. for Camp David bearing a leader headed on a long-planned August vacation: President Biden, clad in a black baseball cap and a light-blue short-sleeved shirt, carried a lone piece of luggage and was accompanied by his wife and a small retinue of staff.
Biden says Afghanistan war was a lost cause, vows to continue aid and diplomacy (CNBC) Biden's remarks came one day after Taliban insurgents pushed into Kabul after a rapid succession of victories over Afghan forces.
Biden Wanted to Leave Afghanistan. He Knew the Risks. (Wall Street Journal) Generals and diplomats warned about a pullout, but the president told his team the U.S. was simply providing life support for the Kabul government while neglecting more pressing issues
Opinion: Biden’s presidency — and U.S. foreign policy — now hinge on pulling off one of the greatest airlifts in history (Washington Post) As he forcefully told the nation on Monday, President Biden remains determined to get all U.S. forces out of Afghanistan. There is no undoing that decision, despite the collapse of the Afghan state, or the indelible scar on U.S. foreign policy left by scenes of chaos at Kabul’s international airport.
Analysis: Biden's botched Afghan exit is a disaster at home and abroad long in the making (CNN) The debacle of the US defeat and chaotic retreat in Afghanistan is a political disaster for Joe Biden, whose failure to orchestrate an urgent and orderly exit will further rock a presidency plagued by crises and stain his legacy.
Opinion: Biden’s grave miscalculation in Afghanistan: He didn’t think like an underdog (Washington Post) John Hay and John Nicolay served together as personal secretaries to President Abraham Lincoln during America’s bloodiest war. They learned a lot from this intimate tutelage in wartime leadership, and years later, they summed up those lessons in a multivolume history of the Lincoln administration.
China Steps Up Direct Involvement in Internet-Content Firms (Wall Street Journal) China is taking a more direct hand in managing internet content companies by acquiring stakes, filling board seats and sending dedicated regulators to police content at firms more frequently.
China Set to Pass One of the World’s Strictest Data-Privacy Laws (Wall Street Journal) The world’s leading practitioner of state surveillance is set to usher in a far-reaching new privacy regime with a law that resembles Europe’s robust framework for online privacy protections—up to a point.
Grid's 'town crier' separates cyber signal from noise (E&E News) An industry-run hub for warning U.S. power utilities about cyberthreats is coming under pressure as hackers ramp up attacks on electric utilities.
Hacks Rank Among Top Power Grid Risks, Watchdog Says (Wall Street Journal) Cybersecurity has become a core issue for the U.S. power system, as important as the supply of raw materials used to generate electricity, a senior official at the grid’s watchdog said, as government officials push to shore up critical infrastructure from hackers.
Is net neutrality legislation needed in South Africa? (TechCentral) The issue has reached prominence in Europe, the US and other markets, but where does South Africa stand on the subject of network neutrality? By Carmen Cupido.
Litigation, Investigation, and Law Enforcement
Israeli Cellebrite sold spy-tech to Bangladesh ‘death squad’ (Haaretz) The Rapid Action Battalion is accused of extrajudicial killings and torture of hundreds of civilians. Documents show they purchased Cellebrites phone-hacking tech and received training
Pegasus probe pleas: SC issues notice to Centre, says 'don't want national security info' (Republic World) In a key development on Tuesday, the Supreme Court issued notice before admission to the Centre on the pleas seeking a probe into the Pegasus snooping row.
Pegasus: Princess Latifa campaigners join possible legal action against NSO Group (Middle East Eye) David Haigh and Tiina Jauhiainen may sue Israeli company along with eight others allegedly targeted by the spyware
US government still pressing Apple for iPhone backdoor (Computing) A bill introduced last year proposed making it a legal requirement for large tech firms to build a backdoor into their devices
The Cybersecurity 202: Election officials are pushing back against partisan audits launched by Trump allies (Washington Post) The battle lines are hardening between the vast majority of election officials who’ve spent months validating and defending the results of the 2020 election and former president Donald Trump's supporters, who are still challenging those results without evidence and demanding new reviews.
Former intelligence employees lose legal battle over scope of prepublication reviews (Federal News Network) The former intelligence employees argued that their prepublication reviews took too long and redacted unclassified information.