Attacks, Threats, and Vulnerabilities
Prevailion Issues New Threat Intelligence Updates for Suspected Russian Disinformation Group UNC1151 (BusinessWire) Leading cyber intelligence company Prevailion discovers new online infrastructure for suspected Russian cyber threat actor, UNC1151.
Cyber-attack haunts Indonesia’s COVID-19 strategy (The Jakarta Post) A reported data breach of the now-defunct electronic Health Alert Card (eHAC) system has raised serious concerns about the security of the PeduliLindungi application, a key part of the government’s “living with COVID-19” strategy.
LockBit gang leaks Bangkok Airways data, hits Accenture customers (BleepingComputer) Bangkok Airways, a major airline company in Thailand, confirmed it was the victim of a cyberattack earlier this month that compromised personal data of passengers.
LockBit Jumps Its Own Countdown, Publishes Bangkok Air Files (Threatpost) The ransomware gang claims to have pulled off successful attacks against two airlines and one airport with help from its Accenture attack.
Billions of devices impacted by new BrakTooth Bluetooth vulnerabilities (The Record by Recorded Future) A team of security researchers has published details this week about a suite of 16 vulnerabilities collectively known as BrakTooth that impact the Bluetooth software stack that ships with System-on-Chip (SoC) boards from several popular vendors.
This Seemingly Normal Lightning Cable Will Leak Everything You Type (Vice) A new version of the OMG Cable is a USB-C to Lightning Cable that hackers can use to steal your passwords or other data.
Citrix Vulnerability Exploited for Cyber Attack on US Census in January 2020; Government Says Hackers Did Not Access Census Results (CPO Magazine) News has recently emerged that the United States Census Bureau was compromised by a cyber attack in January 2020, just as the decennial census efforts were ramping up. The attack was traced back to a Citrix vulnerability that had just been publicly disclosed about a month prior.
Sophos discovers Gootloader mothership controls malicious content (Back End News) Gootloader, a malware delivery platform, has been poisoning websites with malicious content, cybersecurity solutions firm Sophos discovered. The malware also messes up with the websites’ sear…
98K Patients, Employees Impacted by Oklahoma Provider Data Breach (Health IT Security) Oklahoma-based provider CareATC suffered a provider data breach that impacted over 98,000 individuals when an unauthorized third party gained access to employee email accounts.
Division 1 College Football Teams and Mascots Keep Showing Up on Breached Password Lists (Specops Software) The Rambling Wreck of Georgia Tech may not have earned a single vote in the AP’s preseason college football Top 25 rankings, but when it comes...
Security Patches, Mitigations, and Software Updates
Google pauses quantum security feature in Chrome because of buggy middleware (The Record by Recorded Future) Google said on Tuesday that it temporarily disabled its quantum computer-resistant security feature in Chrome after it received bug reports that faulty networking middleware devices have been causing unexpected website connection failures for the few users where this feature was enabled.
Mozilla Publishes Results of VPN Security Audit (SecurityWeek) Mozilla has made public the results of a VPN security audit conducted by Cure53, and only one issue has been assigned a “high severity” rating.
Now Patched Vulnerability in WhatsApp could have led to data exposure of users (Check Point Research) Research by Dikla Barda & Gal Elbaz As of 2021, WhatsApp is the most popular global mobile messenger app worldwide with approximately two billion monthly active users. It allows users to send text and voice messages, make voice and video calls, and share images, documents, user locations, and other content. Check Point Research (CPR) recently revealed... Click to Read More
Half of businesses can't spot these signs of insider cybersecurity threats (ZDNet) Research suggests that over half of organisations find it difficult to detect when a malicious insider is preparing to steal data or launch a cyberattack.
Atos completes the acquisition of German cryptography specialist cryptovision and strengthens its cybersecurity product line (GlobeNewswire News Room) Paris, France and Munich, Germany – September 1, 2021 – Atos today announced that it has completed the acquisition of cv cryptovision GmbH, a leader in...
Hewlett Packard Enterprise Gets $2 Bln Contract From National Security Agency (Nasdaq) Hewlett Packard Enterprise (HPE) said the company has been awarded a $2 billion contract with the National Security Agency. Over a 10 year period, the company will deliver its high performance computing technology as a service through the HPE GreenLake platform. The service will begin in 2022.
Darktrace Becomes Member Of Microsoft Intelligent Security Association (MISA) (PR Newswire) Darktrace, a leading autonomous cyber security AI company, today announced that it has joined the Microsoft Intelligent Security Association...
Are These Vendors Future Cybersecurity Unicorns? (SDxCentral) Deep Instinct, BetterCloud, Guardicore, and Swimlane are among the 50 cybersecurity startups that could become unicorns, GlobalData says.
Huawei can prosper despite US sanctions, says board member (the Guardian) Catherine Chen says Chinese telecoms firm will use technical expertise to reach new markets less dependent on the US
The Evolving Geography of the U.S. Defense Industrial Base (War on the Rocks) Rosie the Riveter worked in California. One of more than 310,000 women who toiled in the U.S. aircraft industry in 1943, she became emblematic of a
NEW: Leidos expands at Reston Town Center with software facility, training center (Reston Now) Fresh off relocating to a new headquarters, technology business and defense contractor Leidos is adding to its footprint in Reston.
Orca Security Appoints Andy Ellis to Join Company as Advisory CISO (BusinessWire) Orca Security today announced that Andy Ellis, famed cybersecurity leader, has joined the company as an advisory CISO. Ellis will harness his broad se
Andy Ellis: Why I Joined Orca Security as Advisory CISO (Orca Security) Andy Ellis is serving in a role of Advisory CISO for Orca Security. Learn what the role is and how he will be helping Orca grow and improve our platform.
MOXFIVE Scales Technical Advisory Team to Meet Demand for Incident Management and Response Services (MOXFIVE | News) Hires Industry Veteran Jeff Palatt to Lead MOXFIVE Technical Advisory Services
Veritas Appoints Brian Hamel as New Leader of Worldwide Field Operations (BusinessWire) Veritas Technologies today announced that Brian Hamel has joined the company as executive vice president of Worldwide Field Operations.
SANS Technology Institute Selects Ed Skoudis As Its New President (PR Newswire) SANS Technology Institute has named Ed Skoudis the new president of the college. The Board of Directors announced the appointment on September...
Phylum Appoints Cybersecurity Industry Leader Dan Burns to Board of Di (PRWeb) Phylum, the company defining the future of software supply chain security, recently announced the appointment of Dan Burns to its board of directors. M
Booz Allen Hires Intelligence Agency Deputy Director (BusinessWire) Booz Allen Hamilton (NYSE: BAH) announced that Frank Calvelli, former Principal Deputy Director of the National Reconnaissance Office (NRO), will join
Cybersecurity Leader Andrew Barnett Joins Cymulate as Chief Strategy Officer (Yahoo Finance) Cymulate, the industry standard for SaaS-based Continuous Security Validation platform leveraging the MITRE ATT&CK® framework end-to-end, announced today the appointment of Andrew Barnett as its Chief Strategy Officer to lead the company's go-to-market partner and alliances strategy, its ecosystem and product strategy as it enters an unprecedented growth phase globally having incurred 2.5 times increase in new revenue year on year.
Very Good Security (VGS) Hires Chandar Venkataraman as Chief Product Officer (BusinessWire) Very Good Security (VGS) today announced the hire of Chandar Venkataraman as Chief Product Officer (CPO).
Products, Services, and Solutions
Ignite Security Partners with Blumira To Automate & Streamline Security Operations (Blumira) Ignite Security, a security services provider, has selected Blumira to help their customers simplify their security operations.
Acronis integrates with CloudBlue PSA to simplify MSPs management of client cyber protection (Acronis) For information about Acronis and Acronis' products or to schedule an interview, please send an email or get through to Acronis' representative, using media contacts.
Contrast Security Provides Application Security Leadership and Direction for Software Supply Chain Risk in Support of White House Executive Order (PR Newswire) Contrast Security, a leader in modernizing application security, today announced it enables organizations to make the software bill of...
Leidos, Intel Partner on Enhancing CDC’s Contact Tracing Platform for Secure Data Sharing (ExecutiveBiz) Leidos and Intel are collaborating on a platform that supports secure data sharing for contact tracing efforts as part of the latter’s Pandemic Response Technology Initiative.Intel said Tuesday Leidos’ blockchain-based data security has been integrated with its silicon technology to improve contact tracing on the Centers for Disease Control and Prevention’s MicrobeTrace Next platform.MicrobeTrace Next
Technologies, Techniques, and Standards
IoT Device Criteria (NIST) As part of its assignment under the Presidential Executive Order on Improving the
Is the Cloud More Secure Than On Prem? (My TechDecisions) Recent attacks against on-premises systems are showing us that the cloud is turning out to be a safer place to store data.
Business Leaders Need to Quantify Their Cyber Risk (Infosecurity Magazine) Consistent CRQ practice is key to quantifying cyber risk, enabling better business decisions to be made
Go Fuzz Yourself – How to Find More Vulnerabilities in APIs Through Fuzzing (Detectify Labs) What's best way to test API security? You need to go fuzz yourself! Leading API hacker Alissa Knight show how to test APIs through fuzzing.
Research and Development
NSA: We 'don't know when or even if' a quantum computer will ever be able to break today's public-key encryption (Register) Then again, it would say that
Leidos Donates $1M Toward Huntsville Cyber School (Huntsville Business Journal) It is the only public magnet high school in the nation to integrate cyber technology and engineering into all its academic disciplines.
Legislation, Policy, and Regulation
The Fight to Define When AI Is ‘High Risk’ (Wired) Everyone from tech companies to churches wants a say in how the EU regulates AI that could harm people.
U.S. Security Dilemma from Russian Federation Government (KAKE) Water, power, healthcare, banking, food, and transportation systems are all becoming more software-dependent, dispersed, and interconnected. However, during times of political upheaval, civil unrest, and other traumatic events, the dire impacts of this growing dependency have been more apparent.
China's New Data Security Law Will Provide It Early Notice Of Exploitable Zero Days (Breaking Defense) The law's vulnerability disclosure provisions will give the Chinese government a head start on remediating -- and potentially exploiting -- zero-day vulnerabilities, possibly to include those discovered in tech used by the Defense Department, Intelligence Community, and across the US public and private sectors more broadly.
Here's what Beijing's sweeping new data rules will mean for companies (Fortune) Firms in China risk stiff penalties if they mishandle data deemed relevant to national security.
Special operators are already dealing with a shady piece of Chinese technology the US has been warning about. (Yahoo) Compromised telecommunications networks could give adversaries an opportunity to monitor and attack US personnel.
Swiss plan cyber defence command centre (SWI swissinfo.ch) The government is beefing up its defences against cyberattacks, focusing on a command centre comprising 575 members of the armed forces.
Taliban prepare to reveal new Afghan government amid economic turmoil (Reuters) Afghanistan's Taliban rulers were preparing on Thursday to unveil their new government as the economy teetered on the edge of collapse more than two weeks after the Islamist militia captured Kabul and brought a chaotic end to 20 years of war.
Opinion | U.S. Spies Didn’t Cause Kabul to Fall (Wall Street Journal) The Biden administration apparently wants to make a scapegoat out of the intelligence community.
'Everybody screwed up': Blame game begins over turbulent U.S. exit from Afghanistan (Reuters) A week into the evacuation from Kabul, the U.S. military was forced to take a drastic step: stop all flights from Hamid Karzai International Airport for seven hours because there was nowhere for the evacuees to go.
Opinion: In Afghanistan, Biden now has new promises to keep (Washington Post) Seldom has an American commander in chief spoken with greater conviction than President Biden did when he addressed the nation Tuesday after U.S. troops completed their withdrawal from Afghanistan.
Opinion | Biden’s Ugly Defense of His Afghan Failure (Wall Street Journal) His lie-loaded speech caps off a debacle that could sink his party in 2022 and 2024.
China theft of US agriculture sector trade secrets prompts government guidance (CSO Online) China and other countries have used insiders to steal intellectual property from agricultural research. The government has responded with guidance for identifying insider threats.
Crowdstrike CEO on Biden's Cybersecurity Views (Bloomberg) George Kurtz, Crowdstrike CEO and Co-Founder, discusses earnings, President Biden's views on cybersecurity, cyber threats. He speaks with Emily Chang on "Bloomberg Technology."
Industry Groups Urge Lawmakers to Streamline Breach Reporting Rules (Wall Street Journal) The growing body and scope of breach notification rules from regulators, state authorities and soon the federal government risks harming their effectiveness, industry groups warn.
Guidance Issued on Responding to Cybersecurity Incidents (FEDweek) OMB has issued guidance (memo M-21-31) on an executive order calling on agencies to improve their capabilities to investigate and remediate cybersecurity
Children's internet code: What is it and how will it work? (BBC News) The ICO's Children's Code will make technology companies reassess how they offer services to children.
DHS details how it’ll recruit, pay and promote new hires under cyber talent management system (Federal News Network) Under Homeland Security’s new cyber talent management system, employees will have different career paths, benefits and salaries.
9 notable government cybersecurity initiatives of 2021 (CSO Online) Governments are increasingly taking on cybersecurity threats, as these nine government-led initiatives from around the globe show.
National Security Agency on LinkedIn: Gilbert (Gil) Herrera was recently appointed as the Director of Research (LinkedIn) Gilbert (Gil) Herrera was recently appointed as the Director of Research at NSA. NSA’s Research Directorate conducts world-class scientific research to... 34 comments on LinkedIn
Litigation, Investigation, and Law Enforcement
FTC Bans SpyFone and CEO from Surveillance Business and Orders Company to Delete All Secretly Stolen Data (Federal Trade Commission) Today, the Federal Trade Commission banned SpyFone and its CEO Scott Zuckerman from the surveillance business over allegations that the stalkerware app company secretly harvested and shared data on people’s physical movements, phone use, and online activities through a hidden device hack.
FTC bars alleged 'stalkerware' company and its CEO from the surveillance business (CNBC) The FTC voted unanimously to ban what it called a "stalkerware app company" and its CEO from the surveillance business, the agency announced Wednesday.
Data Protection Commission announces decision in WhatsApp inquiry (Data Protection Commission) The Data Protection Commission (DPC) has today announced a conclusion to a GDPR investigation it conducted into WhatsApp Ireland Ltd.
Irish data privacy watchdog fines WhatsApp 225 mln euros (Reuters) Ireland hit Facebook's WhatsApp with a record 225 million euro ($266 million) fine on Thursday following an inquiry into the messaging app's transparency around sharing personal data with other Facebook companies.
Internet Security Non-Profit Quad9 Files Appeal Against Copyright Laws (PRWeb) The non-profit Swiss DNS provider Quad9, has filed an objection against an interim injunction (310 O 99/21) obtained by Sony Music Germany from the Hamburg Regio
Wawa paying $9-million in cash, gift cards in data breach settlement; Nov. deadline to file claim (6abc Philadelphia) Wawa is paying out up to $9-million in cash and gift cards related to a data breach, but affected customers have until the end of November to submit a claim form.
Fired credit union worker pleads guilty after accessing and deleting thousands of files (The Record by Recorded Future) A disgruntled former credit union employee pleaded guilty in Brooklyn Federal Court on Tuesday to one count of computer intrusion after she accessed the company's file server and deleted more than 21 gigabytes of data, including 20,433 files and 3,478 directories, according to the Department of Justice.
Claims under CCPA survive motion to dismiss (Lexology) On August 12, 2021, Judge Childs of the United States District Court for the District of South Carolina declined to dismiss claims against Blackbaud…