Attacks, Threats, and Vulnerabilities
Researchers, cybersecurity agency urge action by Microsoft cloud database users (CRN Australia) Researchers discovered a flaw in the main databases stored in Azure.
Researchers, cybersecurity agency urge action by Microsoft cloud database users (Reuters) Researchers who discovered a massive flaw in the main databases stored in Microsoft Corp's Azure cloud platform on Saturday urged all users to change their digital access keys, not just the 3,300 it notified this week.
Android users affected by Joker virus. Delete these 8 apps that steal money (mint) A lot of the applications in the list have very generic names which make them harder to spot
3 SSL VPN vulnerabilities disclosed in 2019 are still routinely exploited (VentureBeat) Because SSL VPNs provide a virtual doorway into organizations, hackers will target unpatched flaws until they reinforce these entry points.
Phorpiex botnet shuts down, source code goes up for sale (The Record by Recorded Future) The operators of the Phorpiex malware have shut down their botnet and put its source code for sale on a dark web cybercrime forum, The Record has learned.
Ransomware Gangs and the Name Game Distraction (KrebsOnSecurity) It's nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. We hang on to these occasional victories because history tells us that most ransomware moneymaking collectives don't go away so much…
Study finds 'shortfalls' in protecting offshore rigs from cyber-attacks (Houston Chronicle) Deep-water drilling rigs face “shortfalls and real challenges” against cyber-attacks...
Susan Tompor: Why you can't ignore the hackers and data breaches, like one at T-Mobile (Spokesman.com) Given all the stressors of late – flooded basements, job insecurity, the ongoing pandemic, fears that the delta variant will cause more havoc ahead – I’d daresay many people aren’t worrying a lot about data breaches and ID theft.
Bangkok Airways apologizes for passport info breach as LockBit ransomware group threatens data leak (ZDNet) The company said that it discovered a "cybersecurity attack which resulted in unauthorized and unlawful access to its information system" on August 23.
Bangkok Airways clarifies the incident of a cybersecurity attack (Bangkok Airways) On 23 August 2021, Bangkok Airways Public Company Limited discovered that the company had been a victim of cybersecurity attack which resulted in unauthorized and unlawful access to its information system.
PG suffers cyber attack (TTR Weekly) Bangkok Airways confirms it fell victim to a cybersecurity attack, 23 August, resulting in authorised and unlawful access to its information system that could comprise passenger data privacy.
BPL hit by cyber attack, shutting down most of its computer network (Boston Globe) The computer network was attacked on Wednesday and the system used to conduct electronic check-out of books, among other tasks, and most of its capability remains off-line, the BPL said Friday. Libraries themselves remain open and some online services continue to function.
Ransomware attack at Singapore eye clinic potentially breaches 73,000 patients’ data (The Daily Swig) Healthcare provider hit by cyber-attack earlier this month
Indiana AG issues warning for Hoosiers after hospital data breach (WTHR) The time shortly after a breach is when hackers and scammers are most likely to use information that's been stolen.
Hoosiers start receiving data breach letters from state (KPCNews) Letters from the Indiana Department of Health have gone out to notify nearly 750,000 Hoosiers that data from the state’s COVID-19 online contact tracing survey was improperly accessed
200 Kingman residents affected by city's cyber attack; cause still not determined (12news.com) City officials said the Social Security and driver license numbers of approximately 200 residents were breached by a cyberattack in February.
‘A prime target’: New Hampshire’s cybersecurity problem (Concord Monitor) To catch a glimpse of an impersonator is a strange experience – particularly if the person being impersonated is you.When it happened to Ken Merrifield, who was serving as mayor of Franklin at the time, he said it was terrifying. The city’s finance...
Chico State students are conflicted about university's vaccination exemption data breach (KRCR) Despite Chico's high COVID vaccination rates compared to the rest of Butte County, some students at Chico State University have asked to not get a vaccine to comply with the CSU system's vaccination requirement. For around 130 of these students, that request was not as confidential as they might like. Their names, phone numbers and reasons for exemption were posted on an online message board earlier this week as part of an apparent data breach, according to a Sacramento Bee report.
Security Patches, Mitigations, and Software Updates
Kaseya patches Unitrends server zero-days, issues client mitigations (BleepingComputer) American software company Kaseya has issued a security updates to patch server side Kaseya Unitrends vulnerabilities found by security researchers at the Dutch Institute for Vulnerability Disclosure (DIVD).
Cisco says it will not release software update for critical 0-day in EOL VPN routers (ZDNet) Cisco said there are no workarounds for the vulnerability.
Microsoft fixes cloud platform vulnerability after warning (WPDE) Microsoft says it has fixed a flaw in its cloud computing platform that cybersecurity researchers warned could have enabled hackers to take over a cloud-based database product used by many big companies. The company said Friday there's no evidence the potential opening was exploited by malicious actors or that any customer data was exposed.
Trends
Privacy, ads and confusion (Benedict Evans) Privacy is coming to the internet and cookies are going away. This is long overdue - but we don’t know what happens next, we don’t have much consensus on what online privacy actually means, and most of what’s on the table conflicts fundamentally with competition.
72% Of It Execs Fear Trickle-down Of Nation State Tools And Techniques Will Hurt Their Business (Albawaba) HP Wolf Security today released the findings of a global survey of 1,100 IT Decision Makers (ITDMs), examining their concerns around rising Nation State attacks.
Social engineering still SA’s number one cyber security risk (ITWeb) The Verizon report says 85% of breaches involved a human element, with stealing user credentials the most favoured technique of cyber criminals.
New Zealanders are exposing themselves to cybercrime, study shows (Security Brief) According to Avast, many New Zealanders are exposing themselves to unnecessary online risks and cyber threats through careless digital practices.
Art imitates life in the cyberspace suspense series 'Clickbait' (IOL) 'Clickbait' is a prime example of art imitating life. In this case, our technologically-dependent one.
Marketplace
McLean cybersecurity company hits the stock exchange following close of SPAC merger (Washington Business Journal) IronNet Inc., the cybersecurity firm founded by former National Security Agency director and retired Army Gen. Keith Alexander, made its way Friday to the New York Stock Exchange after closing its merger with special purpose acquisition company LGL Systems Acquisition Corp.
EU agency advises against using search & browsing history for credit scores (The Record by Recorded Future) The European Union's lead data protection supervisor has recommended on Thursday that personal data such as search queries & internet browsing history should not be used for the assessment of credit scores and creditworthiness.
T-Mobile CEO calls latest data breach ‘humbling,’ claims it’s committed to security (The Verge) Its fifth breach in four years includes over 50 million people
T-Mobile’s Broken Promises, Cyber Breach Are a Bad Look (Bloomberg) The wireless carrier failed to protect user data and has found itself back in regulators' crosshairs. That won't help it win customers.
T-Mobile attempts to assuage subscriber fears in wake of historic data breach (Android Police) It seems like we can't go a week without hearing about another massive security breach at a mega-corporation. This week's shocker comes courtesy of
Tech Companies Announce Billions in Cyber Workforce Development at White House Summit (ClearanceJobs) President Biden hosts a cybersecurity summit with U.S. industry.
The Record one year later: Announcing new additions to the team (The Record by Recorded Future) We launched The Record by Recorded Future last August with the goal of becoming the leader in cybersecurity news. One year later, hundreds of thousands of readers visit our site each month to catch up on breaking news, big stories, and behind-the-scenes exclusives about cybersecurity leaders, researchers, and the people in the shadows of the cyber underground.
Cyber Vet Chris Weggeman Takes Managing Director Role at Deloitte Government Practice (GovCon Wire) Looking for the latest GovCon News? Check out our story: Chris Weggeman Takes Managing Director Role at Deloitte GPS Practice. Click to read more!
Products, Services, and Solutions
Ping & Axiad: What the passwordless partnership means for your business (Axiad) By integrating Ping Identity and Axiad Cloud, customers can now implement an identity-first strategy. If they want to begin their Zero Trust journey, they can take advantage of user-friendly MFA for employees along with secure authentication of machines, devices, and more.
WatchGuard unveils new Endpoint Security product family within WatchGuard Cloud, just one year after Panda acquisition (ITWeb) Partners and customers can now deploy and manage endpoint security, network security and MFA services via WatchGuard Cloud.
FireEye Launches New Platform to Strengthen Threat Detection and Bolster Response (Homeland Security Today) FireEye Inc has introduced FireEye XDR, a unified platform designed to help security operations teams strengthen threat detection, accelerate response capabilities, and simplify investigations.
CounterCraft Awarded Production Contract by U.S. Department of Defense (PR Newswire) CounterCraft, the global leader in active defense technology and the next generation of threat intelligence, has been awarded a production...
KnowBe4 offers no-cost cybersecurity resource kits to bolster defense vs attacks (Back End News) KnowBe4’s Cybersecurity Awareness Month Resource Kit contains a guide for the kit and campaign ideas to help IT administrators get started. It is composed of a weekly training planner, two free tra…
Technologies, Techniques, and Standards
What IT security teams can learn from the Colonial Pipeline ransomware attack (ITProPortal) Key learnings from the Colonial Pipeline ransomware attack
6 Things You Need to Do to Prevent Getting Hacked (Wired) You are your own biggest weakness, but changing just a few of your behaviors can reduce the chances that your online accounts get breached.
Lessons learned on building cyber resilience (VentureBeat) To improve our national approach to cybersecurity, it is helpful to look at what's worked in New York City.
What 'Digital Force' Really Means—and How to Build One (Air Force Magazine) The Space Force says it wants to be the first truly "digital service." Members of the military and defense industry officials defined what that means.
Washington Air Guard cyber unit has deep roots in combat communications (DVIDS) The Washington Air National Guard’s 143rd Cyberspace Operations Squadron dates back to 1948, though its mission has changed considerably from when it was formed as the 143rd Air Control and Warning Squadron.
Design and Innovation
How quantum security generates randomness to shield IoT systems (TechHQ) Now, the cybersecurity sector is one of myriad industrries being reenvisioned with quantum security, an offshoot of quantum computing innovation.
Research and Development
Investment in Research & Development Required for A Safer Cybersecurity Future (CyberTheory) Physical and Digital Combined Our technology era, Industry 4.0, is characterized as the mesh between physical and digital infrastructures. Its fabric is a morphing ecosystem where innovation, agility, and investments are essential to keep pace with new technologies and influences such as artificial intelligence, the internet of things, smart cities, big data, quantum technologies, and...
Legislation, Policy, and Regulation
Afghanistan: with the US gone, how soon will the Taliban show their true colours? (the Guardian) Switching from waging an insurgency to administering an entire country again is a daunting challenge the group must urgently address
Opinion | Threatened by ISIS, the Afghan Taliban May Crack Up (Wall Street Journal) Without ideological purity, the group won’t be able to hold together. With it, they won’t be able to govern.
What Does ISIS Want Now? (Defense One) A bombing at Kabul airport portends grave consequences as the Islamic State’s affiliate takes on the Taliban.
Opinion | Beefed-Up Sanctions Could Limit the Damage in Afghanistan (Wall Street Journal) The Taliban’s control of the government will significantly increase their wealth and influence.
China issues draft guidelines for internet recommendation algorithms (CNBC) China has issued draft guidelines on regulating the algorithms used by internet service providers to make recommendations to users to protect user privacy.
China Plans Control of Tech Algorithms U.S. Can Only Dream Of (Bloomberg) Cyberspace administration makes 30-point proposal for changes. Companies affected could include ByteDance, Apple, Alibaba. Summers Says China Risks Are on the Rise.
Japan has no time to waste in boosting its cyberdefenses (The Japan Times) The country should look to the U.S. for an example of how to deal with cyberattacks and threats in an effective way.
What Laws Will Govern Battles in Cyberspace? (University of Virginia School of Law) University of Virginia School of Law professor Paul B. Stephan ’77 is looking at questions over how laws of armed conflict can address cyberattacks as the rise of big data makes clashes more likely.
A former cyber diplomat says the government needs to refresh its thinking about response to foreign attacks (Federal News Network) Federal Drive with Tom Temin spoke with Chris Painter, former State Department cyber diplomat and now president of the Global Forum on Cyber Expertise.
The Right Way to Structure Cyber Diplomacy (War on the Rocks) The modern State Department was forged in an era of global transformation. In the 1930s, the department had fewer than 2,000 personnel and, as one
Police get online account takeover, data disruption powers (iTnews) After "extraordinary" bill passes federal parliament.
White House rallies private industry in cyber battle (TheHill) A meeting between President Biden and more than two dozen key leaders from a variety of industries this week has increased momentum for plans to quickly address rising cyber threats.
Biden’s Alliance with Big Tech Shows a Power Shift (Bloomberg) The combative post-Snowden relationship with government appears to have mellowed at a meeting last week. Should we be worried about what they might all do together?
‘Our country is in a cyberwar’: Inside the White House summit with Hadi Partovi of Code.org (GeekWire) President Joe Biden brought together top executives from the nation's biggest technology, financial services and energy companies this week to address the growing challenge of cybersecurity…
The first national cyber director has big plans to toughen U.S. digital defenses (POLITICO) In a wide-ranging interview, Chris Inglis explained how he’s using his new White House office to better synchronize the government’s fight against hackers.
A Better Approach to Organizing Combatant Commands (War on the Rocks) In 1805, James Gillray published a satirical cartoon that showed Napoleon of France and the British prime minister, William Pitt, carving up a globe
Mansfield selected as U.S. Air Force's preferred site for new cyber warfare wing (Ohio Capital Journal) The U.S. Air Force announced Wednesday the Mansfield Air National Guard Base, home of the 179th Airlift Wing, has been selected as the preferred site for the Air National Guard's first Cyber Warfare Wing.
Facing Foreign Election Foes, States Hire ‘Cyber Navigators’ (Governing) States are launching cyber navigator programs to help election officials protect their systems from cyber threats, by helping break down the highly technical skills of cybersecurity into practical next steps.
Litigation, Investigation, and Law Enforcement
DOJ launches program to train prosecutors in cybersecurity topics (The Record by Recorded Future) The US Department of Justice announced a new fellowship program today designed to train "a new generation of prosecutors and attorneys" on cybersecurity issues, in order to better tackle national security threats and cybercrime.
Justice Department adds fellowship program to boost legal efforts against cybercrime (CyberScoop) The Justice Department is launching a fellowship program designed to develop legal talent to deal with the increasing cyber threats to national security. “As we have witnessed this past year, cyber threats pose a significant and increasing risk to our national security, our economic security, and our personal security,” Deputy Attorney General Lisa Monaco said in a statement.
Congressional panel investigating Jan. 6 insurrection demands records from Facebook, Twitter, other tech firms (CNBC) The House select committee investigating the invasion of the Capitol on Jan. 6 said that it is demanding a trove of records from 15 social media companies.
An Explosion in Geofence Warrants Threatens Privacy Across the US (Wired) New figures from Google show a tenfold increase in the requests from law enforcement, which target anyone who happened to be in a given location at a specified time.
Scammers who stole millions from elders indicted — how to protect yourself (Avast) For one of the first times ever, phone scammers who stole millions from elderly Americans were indicted. Here's what happened and how you can protect yourself.
Judge Denies 'Fishing' Request For Morgan Lewis, EBay Docs (Law360) A Massachusetts federal judge on Friday rejected a former eBay Inc. executive's bid for pretrial subpoenas in an alleged cyberstalking case as a "fishing expedition" for files from the company and its counsel at Morgan Lewis & Bockius LLP.
Clearview Can't Use 1st Amendment To Beat Ill. Privacy Suit (Law360) Clearview AI does not have a First Amendment right to escape liability under the nation's strictest biometric privacy law for scraping Illinois residents' online photos to build a searchable database, a state judge ruled Friday.