Attacks, Threats, and Vulnerabilities
Chinese Hackers Used Cyber-disguising Technology Against Israel, Report Finds (Voice of America) A major cybersecurity firm says it believes Beijing-backed hackers carried out cyberattacks on Israel while pretending to be operating from Israel's archrival, Iran.
Platforms struggle with Taliban policy amid chaotic US withdrawal (The Verge) Should Facebook treat the Taliban as a legitimate government?
Our Response to the Data Breach (Aug 2021) (T-Mobile) Learn more about our response to the recent cybersecurity incident and the steps we're taking to ensure our customers' data is safe.
T-Mobile Confirms Data Breach Impacts Millions of Customers (SecurityWeek) T-Mobile has confirmed that hackers have accessed the personal information of millions of current and former customers.
T-Mobile Says Hackers Stole Data on More Than 40 Million People (Wall Street Journal) The cellphone carrier said the stolen data included first and last names, birth dates, Social Security numbers and driver’s license information from a subset of current and potential customers.
The T-Mobile Data Breach Is Much Worse Than It Had to Be (Wired) The vast majority of victims weren’t even T-Mobile customers. Now their information is for sale on the dark web.
The Cybersecurity 202: There was another massive data breach. People will probably forget it in a week. (Washington Post) A data breach that affected more than 40 million current, former and prospective T-Mobile customers is a massive cybersecurity incident that is bound to spark a public backlash.
BadAlloc Flaw Impacts Many Systems Running BlackBerry's QNX Embedded OS (SecurityWeek) BlackBerry this week informed customers that the QNX operating system is affected by a BadAlloc vulnerability leading to arbitrary code execution or denial of service.
FDA warns of BlackBerry operating system cyber vulnerability in medical devices (MedTech Dive) The OS is often deployed in devices such as cardiac and patient monitors, drug infusion pumps, imaging and surgical robots, according to Nick Yuran, CEO of security consultancy Harbor Labs.
Blind In/On-Path Attacks and Applications to VPNs - (Breakpointing Bad) Abstract Protecting network protocols within an encrypted tunnel, using technologies such as Virtual Private Networks (VPNs), is increasingly important to m...
Blind In/On-Path Attacks and Applications to VPNs (USENIX SEC '21) Protecting network protocols within an encrypted tunnel,
using technologies such as Virtual Private Networks (VPNs),
is increasingly important to millions of users needing solutions to evade censorship or protect their traffic against in/onpath observers/attackers.
Cisco: Security devices are vulnerable to SNIcat data exfiltration technique (The Record by Recorded Future) Networking equipment vendor Cisco said today that some of its security products fail to detect and stop traffic to malicious servers that abuse a technique called SNIcat to covertly steal data from inside corporate networks.
Houdini malware returns, enterprise risk assessment compromised by Amazon Sidewalk (Help Net Security) Houdini malware returns to promote the spoofing of a device, and Amazon Sidewalk undermines effective risk assessment, Cato Networks reveals.
Serious Warning Issued For Millions Of Apple iPhone Users (Forbes) “My phone is no longer a phone," warn iPhone users as a serious new problem is found in the latest iOS update...
Deadly disruption: Cyberattacks on hospitals delay care, cause fiscal pain (Bond Buyer) Cyber criminals threaten the safety of patients and the financial health of hospitals. The life-and-death stakes underscore the importance of online security.
Community Information About Cyber Attack - Memorial Health System (Memorial Health System) Memorial Health System has worked with national cybersecurity experts to resolve the impact of a cyber attack in the early morning hours of August 15, 2021.
Carver Federal Savings suffers hack after receiving a flood of new cash (Crain's New York Business) The lender to underserved borrowers faces a $2M loss
Security Patches, Mitigations, and Software Updates
Patch released for Fortinet command injection vulnerability (ZDNet) A Rapid7 researcher discovered the issue, which was addressed in a recent Fortinet update.
Adobe Plugs Critical Photoshop Security Flaws (SecurityWeek) Adobe issues patches for critical flaws that expose both Windows and MacOS users to code execution attacks.
Trends
Kubernetes runtime security is a growing concern (Security Magazine) Kubernetes runtime security is a growing concern, according to NeuVector's 2021 EU Container Security Survey.
New Survey Highlights Concerns About Cybercriminals Adopting Nation State Tools and Techniques Against Businesses (HP Wolf Security) Don’t let cyber threats get the best of you. Read our post, New Survey Highlights Concerns About Cybercriminals Adopting Nation State Tools and Techniques Against Businesses, to learn more about cyber threats and cyber security.
New Area 1 Security Research Analyzes 31 Million Phish, Finding $354 Million in Potential Direct Losses (Yahoo Finance) Area 1 Security, the first and only preemptive cloud email security provider, published the results of "It Started Out With A Phish," a new study analyzing over 31 million threats across multiple organizations and industries, with new findings and warnings issued by technical experts that every organization should be aware of.
Malice in the message: Phishing in messenger apps (The Financial Express) Messenger apps are the most popular among phishing scammers, with India among the top three countries experiencing the attacks
Malware attacks in Africa are increasing, reaching 85 million in only 6 months (Africanews) Kaspersky (https://africa.Kaspersky.com) research highlights that malware is rife across Africa with various countries exhibiting strong growth in all malware types in the first half of 2021,
Ransomware attacks on UK organisations have doubled in the first half of 2021 (Computing) And education is the hardest hit sector
Marketplace
Tesserent acquires Loop Secure for $13.5 million (ARN) Publicly listed cyber security services provider Tesserent plans to acquire cyber security firm Loop Secure as a "strategic addition" to the company for a combined price of $13.5 million.
Threat Detection and Response Firm Blumira Raises $10.3 Million (SecurityWeek) Blumira, a company that offers cloud-based threat detection and response solutions, announced raising $10.3 million in a Series A funding round.
Blockchain Security Company CertiK Raises $24 Million (SecurityWeek) Blockchain security company CertiK this week announced raising $24 million in Series B+ funding, which adds to the $37 million Series B announced last month
Simpson Associates acquire Bleam Cyber Security Limited (RealWire) Simpson Associates, leading data analytics consultancy, is delighted to announce it has acquired Bleam Cyber Security Limited, a trusted Cyber Security and Information Security provider.
Simpson Asso
Palantir Buys Gold Bars as Hedge Against ‘Black Swan Event’ (Bloomberg) Company spent $50.7 million on 100-ounce gold bars in August. Customers can now pay for software in Bitcoin, though none has.
Thycotic Named to Inc. 5000 for Ninth Consecutive Year (PR Newswire) ThycoticCentrify, a leading provider of cloud identity security solutions formed by the merger of the privileged access management (PAM)...
NortonLifeLock goes ex-dividend tomorrow (NASDAQ:NLOK) (SeekingAlpha) NortonLifeLock (NASDAQ:NLOK) had declared $0.125/share quarterly dividend, in line with previous.Payable Sept. 15; for shareholders of record Aug. 23; ex-div Aug.
PKWARE Appoints Sandy Landrigan as Vice President of Integrations and Customer Solutions (PKWARE) PKWARE has named Sandy Landrigan VP of integrations and customer solutions responsible for enterprise customer integrations and expansions.
Armis Appoints Oscar Miranda as Chief Technology Officer for Healthcare (GlobeNewswire News Room) Armis continues rapid expansion in healthcare markets, making strategic hires and accelerating development in all regions...
BlueVoyant Hires Two High-Powered Industry Executives to Accelerate Hypergrowth (Yahoo Finance) BlueVoyant, a cybersecurity company, today announced two high-impact appointments to its executive team, who will lead the company's drive for aggressive growth. Paul 'PK' Kleinschnitz, most recently Chief Sales Officer at Coalfire, and Jason Thompson, previously CMO and COO at threat intelligence firm, IntSights, join the company as Chief Commercial Officer and Chief Marketing Officer, respectively.
Dashlane Names Dhiraj Kumar Chief Marketing Officer, Increasing Focus on Providing Secure Access for Businesses of All Sizes (Yahoo Finance) Dashlane today announced the appointment of Dhiraj Kumar as Chief Marketing Officer. Kumar brings 20+ years of marketing experience at iconic high growth technology brands, having previously served in leadership roles at PayPal, Facebook, and BlueVine. In this role, Kumar will lead Dashlane's end-to-end marketing efforts including Brand, Communication, and Growth & Partnership, to support the company's rapid growth as it transforms the security environment for consumers and businesses to match t
Forcepoint appoints new product chief (Washington Technology) Forcepoint brings in a two-decade cybersecurity industry veteran and former Symantec executive to the role of chief product officer.
Fermín Serna Joins Databricks as Chief Security Officer (PR Newswire) /PRNewswire/ -- Databricks, the Data and AI company, today announced the appointment of longtime software executive and seasoned security chief, Fermín Serna,...
James Wilde Appointed as SPHERE's Global Head of Security Strategy (PR Newswire) SPHERE, a woman-owned cybersecurity business focused on providing best-of-breed software and services for access governance across data,...
OK, so you stole $600m-plus from us, how about you be our Chief Security Advisor, Poly Network asks thief (Register) Could it be a trap?
Products, Services, and Solutions
Open Options Invests in Recertification Training Course to Ensure Long-Term Success with its Solutions - Open Options (Open Options) Open Options Access Control Now Offers Self-Paced Recertification Course to Customers Addison, TX 8/18/2021– Open Options, a leading provider of innovative access control solutions, continues to place customers at the core of their operations with the release of the DNA Fusion recertification course. The self-paced class, which is part of Open Options ongoing commitment to […]
KnowBe4 Adds Six Languages to Its Platform and Launches Automated Security Awareness Program (ASAP) 2.0 (KnowBe4) KnowBe4 Adds Six Languages to Its Platform and Launches Automated Security Awareness Program (ASAP) 2.0
SUSE Linux Enterprise Earns Common Criteria EAL 4+, Proving Top Security for Mission-Critical Environments (SUSE)
SUSE Linux Enterprise Server 15 SP2 is now EAL 4+ level certified for IBM Z, Arm and x86-64
SUSE is currently the only provider of a recent general-purpose Linux operating system with a secure software supply chain that is certified Common Criteria EAL 4+ for all these platform
Digital Guardian Expands Enterprise Data Protection Platform to Better Secure New Hybrid Workforce (Digital Guardian) Market shift to Work-From-Anywhere drives double-digit revenue growth and record new customer acquisition for Digital Guardian
Hyatt's Bug Bounty Program Update: Q&A with Senior Analyst Robert Lowery (HackerOne) Hyatt’s three-year-old bug bounty program has reached a significant milestone: $500,000 in bounties paid to hackers. As the first organization in the hospitality industry to embrace hacker-powered security, Hyatt’s milestone today demonstrates its long-term commitment to setting the highest standard for cybersecurity.
Keeper Security Named Best Overall Password Manager of 2021 By U.S. News & World Report's 360 Reviews (PR Newswire) Keeper Security, developers of the world's top-rated zero-knowledge password management and encryption platform, has been recognized as the...
ACA Pacific nabs Comodo distie deal (CRN Australia) Becoming endpoint vendor’s first local distributor.
Druva Leads Industry with Best-in-Class Customer Support for its Cloud Platform (BusinessWire) Druva Inc., the leader in Cloud Data Protection and Management, today announced that it has been recognized as one of the highest-rated SaaS companies
Veracode Ranked as a Strong Performer in Forrester Wave™ Software Composition Analysis Report | Veracode (Veracode) Veracode has been recognized in a report Forrester Research recently released, The Forrester Wave™: Software Composition Analysis, Q3 2021. The report helps security professionals select a software composition analysis (SCA) vendor that best fits their needs.
2021 Forrester Wave: Software Composition Analysis (Synopsys) Synopsys has been named a leader in The Forrester WaveTM: Software Composition Analysis, Q3 2021, based on an evaluation of Black Duck, our software composition analysis (SCA) solution.
Technologies, Techniques, and Standards
When it come to defending against Chinese cyber espionage, agencies are a step behind (Federal News Network) A Senate report on federal cybersecurity found seven departments hadn’t fixed serious deficiencies.
A good incident response to a cyber attack can make or break your company (Produce Blue Book) A few weeks ago, I joined the Produce Marketing Association for a virtual town hall that discussed cybersecurity and the fresh produce industry.
Design and Innovation
Verizon explores how Quantum Safe VPNs could protect today’s data from tomorrow’s hackers (Verizon) Verizon is testing how a Quantum Safe VPN can future-proof data from the threat of hackers.
Exclusive: Policy groups ask Apple to drop plans to inspect iMessages, scan for abuse images (Reuters) More than 90 policy and rights groups around the world published an open letter on Thursday urging Apple to abandon plans for scanning children’s messages for nudity and the phones of adults for images of child sex abuse.
International Coalition Calls on Apple to Abandon Plan to Build Surveillance Capabilities into iPhones, iPads, and other Products (Center for Democracy and Technology) An international coalition of 90+ civil society organizations joined today in an open letter to Apple, calling on the company to abandon its recently announced plans to build surveillance capabilities into iPhones, iPads and other Apple products. On August 5, 2021, Apple announced that it will be installing surveillance software that will conduct on-device scanning […]
Apple Defends Its Anti-Child Abuse Imagery Tech After Claims of ‘Hash Collisions’ (Vice) Apple said the version of NeuralHash analyzed by researchers is not the final version that will be used for iCloud Photos CSAM detection.
Research and Development
Now That Machines Can Learn, Can They Unlearn? (Wired) Privacy concerns about AI systems are growing. So researchers are testing whether they can remove sensitive data without retraining the system from scratch.
Legislation, Policy, and Regulation
Pegasus spyware threatens to chip away our freedoms (Nikkei Asia) Tech companies are already playing a larger and more destabilizing role
Pakistan’s Pyrrhic Victory in Afghanistan (Foreign Affairs) Islamabad will come to regret aiding the Taliban’s resurgence.
The Taliban’s Swift Victory Was Years in the Making (Wall Street Journal) The end came fast, but the militants laid the foundation with years of shadow government, steady recruitment and patience. In many parts of the country, the group was already the de facto ruling force.
Opinion: The mujahideen resistance to the Taliban begins now. But we need help. (Washington Post) In 1998, when I was 9 years old, my father, the mujahideen commander Ahmad Shah Massoud, gathered his soldiers in a cave in the Panjshir Valley of northern Afghanistan. They sat and listened as my father’s friend, French philosopher Bernard-Henri Lévy, addressed them. “When you fight for your freedom,” Lévy said, “you fight also for our freedom.”
Colorado Springs defense contractor completes second acquisition in a week (Colorado Springs Gazette) Vectrus has acquired HHB Systems, a Virginia-based defense contractor specializing in systems engineering and technical assistance that employs more than 50 people.
What Biden knew: Intel community pushes back on claims of Taliban stunner (Yahoo) You saw this one coming: The more talk of an intelligence failure, the more likely that intel world would strike back. Sure enough, we now have a spate of leaks asserting that the intelligence agencies provided prescient reads on Afghanistan.Driving the news: "Classified assessments by American spy agencies over the summer painted an increasingly grim picture of the prospect of a Taliban takeover of Afghanistan and warned of the rapid collapse of the Afghan military," The New York Times reports
White House dismisses Democrats criticism (International News) White House press secretary Jen Psaki pushed back against criticism from members of President Biden’s own party on the rapid deterioration of security in Afghanistan, telling CNN’s Kaitlan Collins Tuesday that she would “note and reiterate to anyone who’s a critic that any President has to make difficult choices as commander in chief.”
Biden: Troops will stay in Afghanistan to evacuate Americans (Military Times) Up to 15,000 Americans remain in Afghanistan after the Taliban took full control of the nation last weekend.
Trump’s Pledge to Exit Afghanistan Was a Ruse, His Final SecDef Says (Defense One) Chris Miller now says talk of a full withdrawal was a “play” to convince a Taliban-led government to keep U.S. counterterrorism forces.
No time for coulda, woulda, shoulda on Afghanistan, top military officials say (Military Times) The evacuation mission remains constrained to the Kabul airport.
Indecision, ignorance, and incompetence: How top US leaders lost Afghanistan (Task & Purpose) How exactly did 20 years, billions of dollars, and thousands of lives come to this? The U.S. has nobody to blame but itself.
President Biden chose the worst options in Afghanistan (The Washington Times) You don’t need to be a brilliant geopolitical strategist to understand that the United States should be the best friend - and the worst enemy - any nation could have.
Opinion: The inevitable horror in Afghanistan (Washington Post) Maybe the horror was always inevitable. Maybe the U.S. invasion of Afghanistan could end only one way: with U.S. military planes lofting away as the hands of desperate Afghans were ripped free and bodies plummeted toward the people we’d left behind on the tarmac. Maybe this became inexorable the moment we decided to invade the graveyard of empires.
Chinas GDPR is coming: Are you ready? – Exploring the upcoming China’s draft Personal Information Protection Law: Topic fifteen – Damage claims (JD Supra) On April 29, 2021, China released the second draft of Personal Information Protection Law (hereinafter the “PIPL” or “Draft”) for public comments,...
TSA Issues Second Security Directive for "Critical" Pipelines and LNG Facilities and Plans to Revise Pipeline Cybersecurity Guidelines (JD Supra) The Department of Homeland Security (DHS) announced the issuance of the Transportation Security Administration's (TSA) second Security Directive...
The Critical Infrastructure Bill: 12 hours to report an attack (CRN Australia) Will you really have to report in just 12 hours?
Bipartisan K-12 Cybersecurity Bill Passes the Senate (MeriTalk) As the school year gets underway, the K-12 Cybersecurity Act passed in the Senate.
What Is Cyber Command’s Role in Combating Ransomware? (Lawfare) Recent ransomware attacks against the United States are raising questions about whether and how the military, specifically U.S. Cyber Command, might counter this type of malicious cyber activity. Here, we provide a road map for policymakers to help guide their decision-making on this critical policy challenge.
Connecticut enacts cybersecurity laws aimed at data breaches (JD Supra) Connecticut Governor Ned Lamont approved two privacy and cybersecurity laws which take effect on October 1, 2021. Connecticut now offers protection to...
Litigation, Investigation, and Law Enforcement
No compromise with national security but authority must respond to charges of phones hacking: SC (Deccan Herald) The Supreme Court on Tuesday told the Centre that it would not like to compromise with the security of the nation but wanted the competent authority to apprise it on charges related to illegal hacking of phones through Israel's Pegasus spyware. The top court sought a response from the Centre on a batch of PILs for court-monitored independent probe into Pegasus snooping case, even though the Centre maintained it can't make public which software was used for interception of phones for security purposes.
Kazak Journalists Mull Pegasus Attack (IWPR) When Kazak journalist Serikzhan Mauletbay discovered he was on the list of those targeted by Pegasus spyware, he was astonished.
“I thought I might be bugged, but I could not even imagine being on the Pegasus list,” said Mauletbay, whose work has including covering protests and reporting on the most recent parliamentary elections.
Report: Census Hit by Cyberattack, US Count Unaffected (SecurityWeek) U.S. Census Bureau computer servers uninvolved with the 2020 census were exploited last year during a cybersecurity attack
Census Bureau computer servers target of January 2020 cyberattack (TheHill) U.S. Census Bureau computer servers were targeted during a cyberattack last year, but the hackers' attempts to retain access to the system were unsuccessful, according to a watchdog report released Wednesday.
Hackers breached US Census Bureau in January 2020 via Citrix vulnerability (The Record by Recorded Future) Unidentified hackers breached US Census Bureau servers in January 2020 by abusing a public exploit for a major vulnerability in the agency's remote-access servers, a US government watchdog said on Monday.
Ohio man pleads guilty to running illegal bitcoin-laundering service (Washington Post) Funds came from drug trafficking and other illegal activity, prosecutors said.
Operator of the Helix bitcoin mixer pleads guilty to money laundering (The Record by Recorded Future) An Ohio man who was fined $60 million last year for violating anti-money laundering laws pleaded guilty Wednesday to moving hundreds of millions of dollars in cryptocurrency on behalf of dark web marketplaces.
FBI joins criminal probe in Colorado voting equipment breach (Washington Post) The FBI said Wednesday its agents are joining a criminal investigation into an alleged security breach of a rural Colorado county’s voting equipment.
Arizona county seeks reimbursement for new voting machines (Washington Post) Arizona’s largest county is demanding the state Senate pay $2.8 million to cover the costs of replacing vote-counting machines that the state’s top election official says cannot be used again because of their handling during the Senate Republicans’ 2020 election review.