Attacks, Threats, and Vulnerabilities
SecurID Statement on Release of Software Token for macOS 4.2.2 to Address Certificate Issue (RSA Link) August 26, 2021 Earlier this week, SecurID Software Token for macOS was impacted by a change made by Apple to cease support for Symantec as a trusted Certificate Authority. Software Token 4.2.1 for macOS uses Symantec-signed certificates as part of the product’s internal software integrity check. ...
China's Microsoft Hack May Have Had A Bigger Purpose Than Just Spying (NPR) China broke into tens of thousands of email accounts in January. Now officials fear the breach wasn't just about spying. It was to build the next generation of artificial intelligence.
EXCLUSIVE Microsoft warns thousands of cloud customers of exposed databases (Reuters) Microsoft on Thursday warned thousands of its cloud computing customers, including some of the world's largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher.
Cloud security company claims Microsoft Azure flaw left thousands of customers exposed (CRN) Wiz said it was able to gain access to the primary keys of Cosmos DB customers
Microsoft warns thousands of cloud customers of exposed databases, email shows (CNBC) Microsoft on Thursday warned thousands of its cloud computing customers, including some of the world's largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher.
US Media, Retailers Targeted by New SparklingGoblin APT (Threatpost) The new APT uses an undocumented backdoor to infiltrate the education, retail and government sectors.
FBI shares technical details for Hive ransomware (BleepingComputer) The Federal Bureau of Investigation (FBI) has released some technical details and indicators of compromise associated with Hive ransomware attacks.
New Annke Vulnerability Shows Risks of IoT Security Camera Systems (Nozomi Networks) Nozomi Networks Labs has discovered a critical Remote Code Execution (RCE) vulnerability (CVE-2021-32941) related to the web service of the Annke N48PBB network video recorder (NVR). This information is being shared as part of a coordinated disclosure with ICS-CERT, which published advisory ICSA-21-238-02, and with the vendor, Annke, which has released firmware that fixes the issue.
Report: Popular Chinese Android Game Developer Exposes Over 1 Million Gamers to Hacking (vpnMentor) Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a data breach belonging to Chinese mobile gaming company EskyFun.
The company was using an unsecured server
Engineering Workstations Are Concerning Initial Access Vector in OT Attacks (SecurityWeek) A study conducted by SANS shows that while OT organizations believe cyber risk is high, many of them are unsure if they have suffered a breach.
7 Emerging Ransomware Groups Practicing Double Extortion (BankInfoSecurity) After a string of high-profile hits, many of the largest and most notorious ransomware operations recently disappeared. But the pace of ransomware attacks hasn't
WSJ News Exclusive | T-Mobile Hacker Who Stole Data on 50 Million Customers: ‘Their Security Is Awful’ (Wall Street Journal) John Binns said he managed to pierce T-Mobile’s defenses after discovering in July an unprotected router exposed on the internet. The 21-year-old said he did it to gain attention: “Generating noise was one goal.”
Microsoft Issues Guidance on ProxyShell Vulnerabilities (SecurityWeek) Microsoft warns Exchange customers that their deployments are exposed to attacks exploiting the ProxyShell vulnerabilities, unless the adequate patches have been installed.
CISA Details Additional Malware Targeting Pulse Secure Appliances (SecurityWeek) CISA has released five new analysis reports detailing malware discovered on compromised Pulse Secure devices.
Ragnarok ransomware operation shuts down and releases free decrypter (The Record by Recorded Future) The Ragnarok (or Asnarök) ransomware gang shut down their operation today and released a free decryption utility to help victims recover their files.
Facebook’s Taliban Ban Will Prove Costly for Afghans (Foreign Policy) Why the tech giant is on the wrong side of history yet again.
Hack Exposes Personal Data of Entire Swiss Town: Report (SecurityWeek) The small Swiss town of Rolle acknowledged that it had underestimated the severity of a cyberattack, following reports the personal data of the entire population was exposed online
“Sophisticated” Cyber-Attack Compromises Patient Data at Private Health Clinic (Infosecurity Magazine) Personal and clinical data of more than 73,000 patients have been affected by the attack
Envision Credit Union 'taking all appropriate steps' after possible cyber attack (Tallahassee Democrat) Envision Credit Union may have been the latest victim of an apparent ransomware attack, a malicious software that disrupts computer systems until demands are met.
A Bad Solar Storm Could Cause an 'Internet Apocalypse' (Wired) The undersea cables that connect much of the world would be hit especially hard by a coronal mass ejection.
Security Patches, Mitigations, and Software Updates
Over 30 vulnerabilities fixed in multiple F5 products (IT PRO) One flaw scored 9.9 on CVSS scale, CISA issues warning
Atlassian Patches Critical Code Execution Vulnerability in Confluence (SecurityWeek) Atlassian has patched a critical code execution vulnerability affecting Confluence Server and Data Center.
Cisco Patches Serious Vulnerabilities in Data Center Products (SecurityWeek) Cisco this week announced the release of patches for a critical vulnerability affecting its Application Policy Infrastructure Controller (APIC) and Cloud APIC products.
Trends
Veriff’s H1 2021 Fraud Report is Now Live (Veriff) The Veriff H1 2021 Fraud report is an expansive look at fraud in the first half of the year, and the changes in fraud rates across mobility, crypto, and fintech sectors.
Marketplace
CrowdStrike Stock Soared Because It's Getting Added to the Nasdaq-100 Index (Barron's) The security software company’s shares will be added to the Nasdaq-100 stock index, effective Thursday.
SingTel-owned NCS launches cloud "centre of excellence" in Melbourne (CRN Australia) Housing cloud specialists, project managers to assist customer cloud projects.
Sam King joins ZeroFox Board of Directors (Help Net Security) ZeroFox announced the appointment of Sam King to the ZeroFox Board of Directors to guide global growth acceleration strategy.
Products, Services, and Solutions
Leading Banking-as-a Service (BaaS) Provider Finaptic Chooses Acuant to Power Trusted Onboarding (GlobeNewswire News Room) Acuant will provide KYC and Identity Verification tech for seamless, compliant financial solutions...
SentinelOne Expands Partner Ecosystem with New Zero Trust Integrations from Cloudflare and Zscaler (GuruFocus) SentinelOne (NYSE: S), an autonomous cybersecurity platform company, today announced that new integrations with Cloudflare and Zscaler are now available through the SentinelOne+Singularity marketplace.
Technologies, Techniques, and Standards
Updates on our continued collaboration with NIST to secure the Software Supply Chain (Google Online Security Blog) Posted by Eric Brewer and Dan Lorenc Yesterday, we were honored to participate in President Biden’s White House Cyber Security Summit where ...
Connecting VERIS and MITRE ATT&CK® (Medium) Written by Jon Baker and Richard Struse.
Military cyber operators will soon have a new tool to deliver virtual fires (C4ISRNet) The services plan to sunset their separate firing platforms to more tightly link their efforts in cyberspace under one, common tool.
Ryuk, REvil, and Clop – how to prevent ransomware in your organization (Clearswift) Cybersecurity trends ebb and flow according to a range of factors. Yet there has been one consistent (and persistent) threat over the past few years – ransomware, the practice of demanding payment to return stolen data. Ryuk, REvil, NHS, Clop, Cezar, Pubg, Webroot, and Cryptolocker are just some examples of ransomware that have been prevalent over the past 12 months or so – there are others, and there undoubtedly will be more to come. Whenever an organization thinks it has ransomware under control, it feels like another attack is just around the corner. The situation is getting worse.
Academia
K-12 schools face escalating cybersecurity challenges (The Record by Recorded Future) Cybersecurity risks facing school districts are escalating as primary and secondary educational institutions have become more dependent than ever on digital systems during the pandemic, an education cybersecurity non-profit warned on Thursday.
Communities to become more cyber secure thanks to $1.67 Million NSA Grant (ConchoValleyHomepage.com) The National Centers of Academic Excellence in Cybersecurity, as part of the National Security Agency (NSA), has awarded a grant in the amount of $1.67 million to the Cent…
ASU Begins New Cyber Program (KKSA) Angelo State University today announced a new partnership program between ASU and the University of Texas at San Antonio that's designed to help communities become more cyber secure nationwide.
NSA grant supports UTSA’s mission to make communities more cyber secure (UTSA) The National Centers of Academic Excellence in Cybersecurity, as part of the National Security Agency (NSA), has awarded a grant in the amount of $1.67 million to the Center for Infrastructure Assurance and Security (CIAS) at The University of Texas at San Antonio to help communities become more cyber secure nationwide.
Cybersecurity professor works to close the door on hackers (Purdue University) A computer system’s cybersecurity can be jeopardized by its own software as much as the questionable decisions made by computer users.
Legislation, Policy, and Regulation
U.S. officials provided Taliban with names of Americans, Afghan allies to evacuate (POLITICO) The White House contends that limited information sharing with the Taliban is saving lives; critics argue it's putting Afghan allies in harm's way.
How Will the Taliban Rule? (Foreign Affairs) Governing Afghanistan is far more difficult than conquering it
Inside the Hidden War Between the Taliban and ISIS (Wall Street Journal) While battling U.S. troops, the Taliban also took aim at Islamic State’s local offshoot, earning it some support from world capitals, including Washington. The Kabul airport bombings, credited to ISIS, raise the specter of a longer, bloodier battle.
Who Is ISIS-K? (Defense One) Two terrorism experts on the group behind the deadly Kabul airport attack and its rivalry with the Taliban.
Kabul airport atrocity offers a glimpse of the chaos to come in Afghanistan (the Guardian) Joe Biden left with no good options after deadliest day for US troops in Afghanistan in more than a decade
‘We will hunt you down and make you pay’: Biden vows retribution for deadly attack on U.S. forces in Kabul (POLITICO) The president called the dozen fallen service members “heroes” and recommitted to completing the U.S. mission in Afghanistan by Aug. 31.
Israel’s Spy Agency Snubbed the U.S. Can Trust Be Restored? (New York Times) Israel’s new prime minister, Naftali Bennett, heads to Washington promising better relations and seeking support for covert attacks on Iran’s nuclear program.
Ethiopia to build local rival to Facebook, other platforms (The Standard) Ethiopia, a country of about 115 million, has about 6 million Facebook users according to Statista.
U.K. Plans New Post-Brexit Privacy Rules to Ease Data Sharing (Wall Street Journal) The U.K. government plans to relax its privacy rules and strike new data transfer agreements with the U.S. and other countries in a move to reform data regulations since leaving the European Union last year.
UK to overhaul privacy rules in post-Brexit departure from GDPR (the Guardian) Culture secretary says move could lead to an end to irritating cookie popups and consent requests online
EU agency advises against using search & browsing history for credit scores (The Record by Recorded Future) The European Union's lead data protection supervisor has recommended on Thursday that personal data such as search queries & internet browsing history should not be used for the assessment of credit scores and creditworthiness.
WSJ News Exclusive | China Plans to Ban U.S. IPOs for Data-Heavy Tech Firms (Wall Street Journal) China plans to propose new rules that would ban companies with large amounts of sensitive consumer data from going public in the U.S., a move that is likely to thwart the ambitions of the country’s tech firms to list abroad.
Spies for Hire: China’s New Breed of Hackers Blends Espionage and Entrepreneurship (New York Times) The state security ministry is recruiting from a vast pool of private-sector hackers who often have their own agendas and sometimes use their access for commercial cybercrime, experts say.
UNITED STATES : US Cyber Command-NSA split back up for review in Congress (Intelligence Online) The resource-sharing arrangements between the NSA and the US Cyber Command regularly get called into question and this time Congress would like a thorough review of how the two agencies interact and
U.S. Senator Rubio demands answers on Huawei's auto chip approvals (Reuters) U.S. Senator Marco Rubio on Thursday released a statement "demanding answers" from the Biden Administration about a Reuters report the U.S. has approved license applications worth hundreds of millions of dollars for China's Huawei to buy chips for its growing auto business.
Statement by Duke Energy CEO Lynn Good following White House Cybersecurity Summit (Duke Energy | News Center) Duke Energy today issued a statement by Chair, President and CEO Lynn Good after she attended the Cybersecurity Summit at the White House alongside President Biden, several cabinet officials and approximately 30 CEOs from industry and academia.
DHS creates Cybersecurity Service similar to DOD's Cyber Excepted Service (FedScoop) The Department of Homeland Security has created the DHS Cybersecurity Service, a new way to hire and manage cybersecurity professionals outside of traditional civil service requirements. DHS announced the Cybersecurity Service as part of its long-awaited Cyber Talent Management System in an interim final rule published Thursday in the Federal Register. Personnel hired to the […]
DHS Launching First Federal Civilian Position Exempt from Longevity Requirements (Nextgov.com) The Cyber Talent Management System has been in the works since a 2014 law granted the department authorities to sidestep rigid classification formats such as the General Schedule.
Litigation, Investigation, and Law Enforcement
Chinese Police Kept Buying Cellebrite Phone Crackers After Cellebrite Said it Ended Sales (Intercept) The Israeli company purportedly left China last year. The subsequent sales of its products there could cloud its impending IPO.
Calling the cops for ransomware attacks doesn’t help, say cyber pros (ComputerWeekly) A new study for the #Ransomaware campaign reveals some insight into why so few victims report ransomware attacks.
