Attacks, Threats, and Vulnerabilities
How Hackers Hammered Australia After China Ties Turned Sour (Bloomberg) Wave after wave of cyberattacks has shaken the country. Experts say even the wealthiest nations are at risk if they annoy China enough.
FBI, CISA: Ransomware attack risk increases on holidays, weekends (BleepingComputer) The FBI and CISA urged organizations not to let down their defenses against ransomware attacks during weekends or holidays to released a joint cybersecurity advisory issued earlier today.
The Never-ending Ransomware Story (Digital Shadows) This blog looks back at the ransomware landscape and the flurry of rebranding attempts made by ransomware groups during Summer 2021.
What Does LockBit Want? Decrypting an Interview With the Ransomware Collective | Flashpoint (Flashpoint) LockBit on LockBit On August 23, Russian OSINT, a Russian-language YouTube and Telegram channel focused on hacking, cybersecurity, and open-source intelligence released an interview with the operators of LockBit ransomware. Altogether, the interview provides an important window into the mentality of the ransomware operators, including their motivation, perceptions of money, law enforcement, and the U.S. […]
LockFile Ransomware Uses Unique Methods to Avoid Detection | eSecurityPlanet (eSecurityPlanet) Ransomware threats continue to evolve, but LockFile takes things even further by combining a few evasion techniques.
NCC Group reveals threefold increase in targeted ransomware attacks in 2021 (Mynewsdesk) Analysis from NCC Group’s Research Intelligence and Fusion Team (RIFT) has highlighted the growing threat of ransomware around the world.
Crashing SIP IoT Clients with a Single Malformed Header (Claroty) Claroty Team82 discloses details on a vulnerability that can be used to crash a SIP IoT Client with a single malformed header packet.
How BEC scammers use the cybercrime underground (Intel471.com) Intel 471 has observed a number of actors using popular cybercrime forums to recruit or outsource functions related to BEC scams.
'ProxyToken' Exchange Server Vulnerability Leads to Email Compromise (SecurityWeek) A vulnerability that Microsoft patched in Exchange Server earlier this year can allow attackers to set forwarding rules on target accounts and gain access to incoming emails.
Cyber attack on FBR’s database: Only system disrupted but no data stolen, says FBR chief (The News) After exceeding tax collection by Rs160 billion in the first two months against the envisaged target, the Chairman FBR Dr Muhammad Ashfaque said on Tuesday that the government would honour its obligations in case of those who had availed tax amnesty for possessing offshore assets abroad.
Skimming the CREAM – recursive withdrawals loot $13M in cryptocash (Naked Security) Recursion [noun]: see recursion.
Cream Finance DeFi Platform Rooked For $29M (Threatpost) Cream is latest DeFi platform to get fleeced in rash of attacks.
Most Used Blockchain Averts Crisis After Software Flaw Is Fixed (Bloomberg) Ethereum blockchain was divided by mistake in client software.
College students targeted by money mule phishing techniques (SearchSecurity) Mimecast researchers have found a scam that targets college and university students with phishing techniques to turn them into money mules.
A popular smart home security system can be remotely disarmed, researchers say (TechCrunch) Fortress has not said if it has fixed or plans to fix the vulnerabilities.
Usurpation de code QR vaccinaux: Québec se montre rassurant… et avertit la police (Le Devoir) Deux failles distinctes ont été détectées dans les systèmes d’obtention et de validation du code QR.
Vulnerabilities Can Allow Hackers to Disarm Fortress Home Security Systems (SecurityWeek) Researchers have found a couple of vulnerabilities that can be used to remotely disarm home security systems made by Fortress.
Vaccine passports: Expert says B.C. should be 'on standby to get hacked' (Times Colonist) A successful cyberattack targetting Quebec’s digital vaccine certificates may portend to challenges ahead for the upcoming B.C. vaccine card, an expert says.“The B.C. government needs to be on . . .
Fujitsu says stolen data being sold on dark web 'related to customers' (ZDNet) A group called "Marketo" has claimed it has 4 GB of stolen data and purports to have 70 bids on it already.
Leaked Guntrader firearms data file shared. Worst case scenario? Criminals plot UK gun owners' home addresses in Google Earth (Register) Bang out of order
Public Health Records Exposed in Denton County, Texas, Breach (GovTech) Hundreds of thousands of public health records, including COVID-19 vaccination details, were exposed in a data breach that was linked to an app that is used at Denton County vaccine clinics, officials say.
Patients' personal information affected in DuPage Medical Group cyber attack (ABC 7 Chicago) DuPage Medical Group hacked: Personal information included names, addresses, dates of birth, treatment dates
Melbourne's Stonnington council hit by suspected cyber attack (iTnews) Forced to shut down systems after 'infiltration'.
After weeks of hate raids, Twitch streamers are taking a day off in protest (The Verge) Organizers are asking streamers and viewers to not log in to Twitch.
Security Patches, Mitigations, and Software Updates
Companies Release Security Advisories in Response to New OpenSSL Vulnerabilities (SecurityWeek) Companies that use OpenSSL in their products have started releasing security advisories for the recently patched vulnerabilities.
Philips Patient Monitoring Devices (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.8
ATTENTION: Low attack complexity
Vendor: Philips
Equipment: Patient Information Center iX (PICiX); PerformanceBridge Focal Point; IntelliVue Patient Monitors MX100, MX400-MX850, and MP2-MP90; and IntelliVue X2, and X3
Vulnerabilities: Improper Neutralization of Formula Elements in a CSV File, Cross-site Scripting, Improper Authentication, Improper Check for Certificate Revocation, Improper Handling of Length Parameter Inconsistency, Improper Validation of Syntactic Correctness of Input, Improper Input Validation, Exposure of Resource to Wrong Sphere
Sensormatic Electronics KT-1 (CISA) 1. EXECUTIVE SUMMARY
Vendor: Sensormatic Electronics, LLC., a subsidiary of Johnson Controls, Inc.
Equipment: KT-1
Vulnerability: Use of Unmaintained Third-party Components
2. RISK EVALUATION
The affected product uses an unsupported version of Microsoft Windows CE. This version may not receive support and updates for potential vulnerabilities, which could put the affected product at risk.
Trends
Report: Insights into growing number of automated attacks (Journey Notes) Over the first six months of 2021, Barracuda researchers analyzed traffic patterns measured by our application security solutions.
2021 DDoS Threat Landscape Report (Imperva Resource Library) DDoS attacks have been a significant feature of the cyber threat landscape over the past two decades. The Imperva DDoS Threat Landscape Report explains how
New Report from Aberdeen Group Reveals Serious Impact of Credential Stuffing and Account Takeover Attacks on the Financial Services Industry (PerimeterX) Costs of mobile and web-based fraud reported as high as 8.3% of revenue with 84% of organizations experiencing account takeovers in the past year
Ransomware attacks on US schools and colleges cost $6.62bn in 2020 (Comparitech) In 2020, 77 individual ransomware attacks affected over 1,740 schools and colleges, potentially impacting 1.36 million students. We estimate that these attacks cost education institutions $6.62 billion in downtime alone. Most schools will have also faced astronomical recovery costs as they tried to restore computers, recover data, and shore up their systems to prevent future […]
Lacework 2021 Cloud Threat Report, Volume 2 (Lacework) Get an analysis of the risks and threats to cloud services, containers, and container orchestration systems.
State of SIEM | Panther Labs (Panther Labs) Detection-as-code, automation, and big data infrastructure, and scalability must be an integral part to measure up to SIEM expectations.
Marketplace
Ransomware Has Been a 'Game Changer' for Cyber Insurance (Insurance Journal) Anyone who works in cyber insurance knows that the industry is never static. It's a constantly evolving business as the risks change all the time, and
Databricks Reaches $38 Billion Valuation After New $1.6 Billion Injection (Forbes) The AI software company started by seven UC Berkeley researchers has raised $3.5 billion to date and aims to jump-start its growth.
IronNet Goes Public by Merging With LGL Systems (GovInfoSecurity) The cybersecurity firm IronNet, founded and led by retired Army Gen. Keith Alexander, has gone public without an IPO by merging with LGL Systems Acquisitions Corp.,
Proofpoint shares stop trading after acquisition closes (NASDAQ:PFPT) (SeekingAlpha) Private equity firm Thoma Bravo has completed its acquisition of Proofpoint (PFPT) and shares of the cybersecurity company stopped trading on the Nasdaq, effective today.
LogPoint to acquire SecBI, adding native SOAR and XDR capabilities (LogPoint) The acquisition will enhance LogPoint’s core cybersecurity stack, delivering an integrated, foundational security operations platform
OwnBackup Acquires RevCult, Enhancing Their Cloud Data Protection Platform With Proactive Data Security (Valdosta Daily Times) OwnBackup, the leading cloud data protection platform, today announced the acquisition of RevCult, a California-based software company that provides Salesforce security and governance solutions, often known as SaaS Security Posture Management (SSPM). SSPM helps organizations more easily secure data that is growing in volume, velocity and variety by continuously scanning for and eliminating configuration mistakes and mismanaged permissions, which are the top causes of cloud security failures.
Hewlett Packard Enterprise completes acquisition of Zerto (HPE) Adds industry-leading ransomware and data protection to growing HPE GreenLake cloud services portfolio
Cognyte takes over Verint's cryptocurrency investigation business (Intelligence Online) Verint spin-off Cognyte is increasingly active in the cryptocurrency field, which is currently expanding fast as cryptocurrencies are seen as posing a growing number of key national security questions.
Datadobi’s Migration Performance and Expansion Plans for the Data Management Market Analyzed in New 451 Research Market Insight Report (BusinessWire) Datadobi released a new report from 451 Research which highlights its forthcoming data management product strategy.
CrowdStrike stock slips following earnings beat, raised outlook (MarketWatch) CrowdStrike Holdings Inc. declined in the extended session Tuesday after the cybersecurity company reported quarterly results that topped Wall Street...
Aryaka Named to Inc. Magazine’s List of America’s Fastest-Growing Private Companies for the Second Consecutive Year (BusinessWire) Aryaka Named to Inc. Magazine’s List of America’s Fastest-Growing Private Companies for the Second Consecutive Year
AwareGO Appoints Former NASA Ames Scientist and Stanford Alumni Dr. Ari K. Jónsson as CEO (BusinessWire) AwareGO today announced that former NASA Ames Center Research Scientist and Stanford Alumni Dr. Ari K. Jónsson has been appointed as its new CEO.
SAIC’s Roela Santos joins BAE Systems (PR Week) SAIC’s former CCO and CMO also served in executive communications roles at Raytheon.
BAE Systems appoints Gina Haspel, Air Force Gen. Stephen W. Wilson to board (Virginia Business) Former CIA director Gina Haspel and retired U.S. Air Force Gen. Stephen W. Wilson have been appointed to Arlington-based defense contractor BAE Systems Inc.’s board of directors, the company announced Friday. Their terms will run through April 2024. “We are extremely fortunate to have Stephen and Gina join our board,” Michael Chertoff, chairman of the…
Former NSA Chief GEN (Ret.) Keith Alexander Joins SolCyber’s Board of Directors (SolCyber) Founder and co-CEO of IronNet brings unique cybersecurity and government expertise to modern MSSP.
Products, Services, and Solutions
Data Theorem’s Award-Winning Analyzer Engine Delivers Unified AppSec Support Across Apple Desktop, Laptop and Mobile Devices (BusinessWire) Data Theorem, Inc., a leading provider of modern application security, today announced that new functionality in its award-winning Analyzer Engine del
ZeroFox Partners with Mandiant to Deliver Global Adversary Disruption (BusinessWire) ZeroFox Partners with Mandiant to Deliver Global Adversary Disruption
Red Canary Announces New Release of Security Operations Platform (GlobeNewswire News Room) SaaS-based combination of software and expert services protects organizations from ransomware, phishing and other common threats...
SlashNext Launches Email Spear Phishing Detection and Response for Microsoft 365 (PR Newswire) SlashNext, the leader in SaaS-based spear-phishing and human hacking defense across all digital channels and apps, today announced the...
Palo Alto Networks Adds Cloud Misconfiguration Tool (Security Boulevard) Palo Alto Networks today revealed that its Bridgecrew by Prisma Cloud offering has been extended using another tool that now makes it possible to also
ZeroFox announces partnership with Mandiant to disrupt malicious activity (SiliconANGLE) ZeroFox announces partnership with Mandiant to disrupt malicious activity - SiliconANGLE
SentinelOne Partners with Cloudflare, Zscaler for Zero Trust Integrations (MSSP Alert) SentinelOne has integrated Cloudflare & Zscaler offerings into its Singularity XDR Marketplace to provide access to zero trust security solutions.
CyberProof Announces Partnership with Radiflow, a Leading Provider of Cyber Security Solutions for OT Systems & Industrial Networks (PR Newswire) CyberProof Inc., a UST company, announced today that it will be adding Radiflow, a leading provider of cyber security solutions for industrial...
ThycoticCentrify, a Provider of Cloud Identity Security Services, Updates Privileged Access Management Solution (Crowdfund Insider) ThycoticCentrify, a provider of Cloud identity security services, updates privileged access management solution.
Arctic Wolf Selects AWS to Power Global Cybersecurity Offering at Scale (Amazon.com, Inc. - Press Room) Security operations leader leverages AWS’s global infrastructure and services to support worldwide expansion and process trillions of security observations to help customers protect their organizations from rapidly evolving cyber threats Arctic Wolf achieves AWS Level 1 Managed Security Service
Panorays Partners with Camwey Technology to Deliver Automated Third-Party Security Risk Management to the UK Market (GlobeNewswire News Room) Through this partnership, Camwey Technology and Panorays are working together to eliminate third-party cyber risk....
Microsoft will split Defender pricing plans to lower the entry bar for SMBs (The Record by Recorded Future) Microsoft announced plans today to split the pricing model for the commercial version of its antivirus product, known as Microsoft Defender for Endpoint, introducing a cheaper plan and making its product more easily and broadly available to companies that typically couldn't afford it.
Technologies, Techniques, and Standards
New Edition of Pipeline Cybersecurity Standard Covers All Control Systems (SecurityWeek) The American Petroleum Institute (API) has published the third edition of its pipeline cybersecurity standard.
Would a joint environment with the private sector improve federal cybersecurity? (Federal News Network) The U.S. Cyberspace Solarium Commission recommended a joint collaborative environment last year.
EU agency advises against using search & browsing history for credit scores (The Record by Recorded Future) The European Union's lead data protection supervisor has recommended on Thursday that personal data such as search queries & internet browsing history should not be used for the assessment of credit scores and creditworthiness.
Is a Data Breach Lurking in Your Software Supply Chain? (Delphix) How automating data compliance can support a Zero Trust strategy and protect sensitive data in DevOps environments
Lessons Learned from a REvil Ransomware Attack (Channel Futures) Sophos experts believe there are two important lessons that partners and defenders should take away from a recent ransomware attack: The first is about risk management, and the second is about preserving data.
Design and Innovation
DHS S&T looks to boost tech transfer by fostering new startup companies (Federal News Network) DHS to commercialize technologies developed in federal laboratories to expand its industrial base, especially in areas like artifiand cybersecurity
Academia
Cybercriminals are holding schools ransom for billions and some are paying up (TechRepublic) A new report highlights the financial costs of school ransomware, days lost to downtime and the number of students impacted, as these incidents become a steady source of criminal income.
Canyon Crest Academy wins Cyber Cup (Del Mar Times) This spring the Canyon Crest Academy cybersecurity team won the SoCal Cyber Cup Challenge, upsetting the reigning champions Del Norte High School.
Legislation, Policy, and Regulation
The next chapter of cyber diplomacy at the United Nations beckons (Microsoft On the Issues) Last week, the UN released its most substantial recommendations to date for how governments can secure cyberspace from escalating conflict. Now member states must turn them into meaningful and enforceable expectations.
Statecraft and Strategy Under the Eroding Monopoly of Cyber Intelligence (Council on Foreign Relations) The question of who “owns” cyber intelligence has profound implications for the geopolitical landscape. Grappling with this reality and its consequences is crucial.
Taliban declare victory from Kabul airport, promise security (Military Times) In a show of control, turbaned Taliban leaders were flanked by the insurgents’ elite Badri unit as they walked across the tarmac.
In Kabul, celebration and dread the day after U.S. troops withdraw (Washington Post) An eerie quiet settled over Afghanistan’s capital Tuesday following the complete withdrawal of U.S. forces. Few cars or pedestrians were on the roads, and crowds of thousands of Afghans around the airport desperate to flee vanished overnight, leaving behind piles of garbage and discarded luggage.
The Taliban Can’t Control Afghanistan. That Should Worry the West. (Foreign Policy) The risk of a terrorist resurgence comes primarily from the Taliban’s Islamic State rivals.
In Leaving Afghanistan, U.S. Reshuffles Global Power Relations (Wall Street Journal) The stunning meltdown in Afghanistan frustrated and angered many American allies, inflicting considerable reputational damage. Yet the U.S. remains a dominant military and economic force—and its withdrawal from the country creates new complications for China and Russia.
US intel is now flying blind in Afghanistan (Atlantic Council) Good intelligence is all about people—which is why the president's 'over-the-horizon' approach may fail.
Opinion | No, Trump Didn’t Force Biden’s Withdrawal (Wall Street Journal) The Taliban violated the Doha agreement, so the U.S. could have stayed.
Opinion | A Dishonest Afghanistan Accounting (Wall Street Journal) Biden spins a tragedy for U.S. interests into an antiwar victory.
America’s 20-year war in Afghanistan ends as last U.S. military cargo plane lumbers into the sky over Kabul (Washington Post) The United States ended its longest war in history, and its 20-year presence in Afghanistan, as the last U.S. aircraft took off at one minute before midnight from Kabul airport Monday carrying all remaining American troops and diplomats.
Israel, US Look To Tighten Intel Sharing Post-Afghanistan (Breaking Defense) Intel sharing was a major discussion during PM Bennett's visit to Washington last week, as was increasing funding for F-15s and Iron Dome interceptors.
Google, Apple Hit by First Law Threatening Dominance Over App-Store Payments (Wall Street Journal) The companies will have to open their app stores to alternative payment systems in South Korea under newly passed legislation there, threatening their lucrative commissions on digital sales.
Nine cyber attacks on UK's transport sector missed by mandatory reporting laws (Sky News) The thresholds set for the mandatory reporting of cyber incidents across the energy, transport, health, water, and digital infrastructure sectors are so high that few if any incidents are actually being reported to government.
Proposed “Cyber Incident Reporting for Critical Infrastructure Act of 2021” (Data Protection Report) On August 27, 2021, the U.S. House Homeland Security Committee released a draft bill that would, among other things, establish a Cyber Incident Review
Can we handle the truth about cybersecurity? (Fortune) We might be hearing a lot more about hacking.
White House launches US Digital Corps (FedScoop) The White House launched a two-year fellowship Monday designed to place early-career software engineers, data scientists and other technologists at federal agencies. Dubbed the U.S. Digital Corps, participants will improve IT service delivery in relation to the federal coronavirus response, economic recovery, cybersecurity and agencies’ individual missions. The Day One Project proposed the fellowship back […]
Biden's cyber EO moves past the 'castle and moat' strategy (Washington Technology) President Biden's May 2021 executive order on cybersecurity is pushing agencies to move past a castle and moat security posture. Here's what you need to know to drive that conversation.
Litigation, Investigation, and Law Enforcement
Brooklyn Woman Pleads Guilty to Unauthorized Intrusion into Credit Union’s Computer System (Department of Justice, U.S. Attorney’s Office, Eastern District of New York) Earlier today, in federal court in Brooklyn, Juliana Barile pleaded guilty to one count of computer intrusion arising from the defendant’s unauthorized intrusion into, and destruction of data on, the computer system of a New York credit union (the “Credit Union”) following her termination as an employee of the Credit Union.