Attacks, Threats, and Vulnerabilities
German election authority confirms likely cyber attack (The Straits Times) It comes as German federal prosecutors probe alleged cyber attacks against lawmakers during the election campaign.. Read more at straitstimes.com.
IronNet Cybersecurity : Analysis of the Iranian cyber attack landscape (MarketScreener) Iran often adopts an asymmetric warfare strategy to accomplish its political and military goals, and its development of cyberwarfare capabilities adds to this asymmetric toolkit, allowing the country a low-cost means to conduct espionage and attack stronger adversaries.
Cybersecurity expert: Israeli spyware company NSO Group is ‘a serious threat to phone users’ (The World from PRX) John Scott-Railton, a senior researcher with The Citizen Lab in Canada who discovered the Apple iPhone breach with his colleagues, joined The World's host Carol Hills to talk about the international spyware marketplace that fosters these kinds of exploits.
Exclusive Data: An Inside Look at the Spy Tech That Followed Kids Home for Remote Learning — and Now Won’t Leave (The 74 Million) A week after the pandemic forced Minneapolis students to attend classes online, the city school district’s top security chief got an urgent email, its subject line in all caps, alerting him to potential trouble. Just 12 seconds later, he got a second ping. And two minutes after that, a third. In each instance, the emails […]
Ransomware encrypts South Africa's entire Dept of Justice network (BleepingComputer) The justice ministry of the South African government is working on restoring its operations after a recent ransomware attack encrypted all its systems, making all electronic services unavailable both internally and to the public.
Kinsing evolves, adds Windows to attack list (Akamai) A large, and persistent, cryptomining botnet is infecting systems at scale across the internet.
Ransomware gang threatens to wipe decryption key if negotiator hired (BleepingComputer) The Grief ransomware gang is threatening to delete victim's decryption keys if they hire a negotiation firm, making it impossible to recover encrypted files.
Ransomware crims saying 'We'll burn your data if you get a negotiator' can't be legally paid off anyway (Register) Grief Corp are already under US sanctions, says Emsisoft
Capoae Malware Ramps Up: Uses Multiple Vulnerabilities and Tactics to Spread (Akamai) Recently, there has been a plethora of UPX packed crypto-mining malware written in Golang targeting Linux systems and web applications popping up in the news.
Severe Vulnerabilities Could Expose Thousands of Azure Users to Attacks (SecurityWeek) Four of the fixes that Microsoft released as part of its September 2021 Patch Tuesday updates deal with vulnerabilities in the Open Management Infrastructure (OMI) software agent embedded in Azure services.
Almost Half of Databases Are Vulnerable to Attack (Redmondmag) According to a five-year study by California-based security firm Imperva Inc., 46 percent of all global on-premises databases have existing flaws that can be leveraged by outside attackers.
Anonymous hacks and leaks data from domain registrar Epik (The Record by Recorded Future) Hacktivist group Anonymous has successfully breached and leaked the database of Epik, a controversial web hosting provider and domain registrar that has given shelter to many right-wing websites over the past few years, such as Gab, Parler, and The Donald.
Anonymous Hackers Attack Epik Web Host (Tech Times) Affected clients include 8chan, Parler, and more.
Chinook School Division student information exposed during accidental data breach (Prairie Post) The private records for 2,841 Chinook School Division students were available publicly for over 36 hours during an accidental data breach last year.
Security Patches, Mitigations, and Software Updates
It’s a Good Day to Update All Your Devices. Trust Us (Wired) iOS, Windows, and Chrome all have zero-day vulnerabilities that hackers are going after. Now that the fixes are here, you need to install them ASAP.
SAP Patches Critical Vulnerabilities With September 2021 Security Updates (SecurityWeek) SAP this week announced the release of 17 new and two updated security notes on the September 2021 Security Patch Day. Seven of these deal with critical vulnerabilities in SAP products.
SAP Security Patch Day September 2021: SAP NetWeaver AS JAVA Affected by Several HotNews Vulnerabilities (Onapsis) SAP has published 21 new and updated Security Notes on its September Patch Day. Onapsis Research Labs contributed in fixing five vulnerabilities covered by three SAP Security Notes.
ICS Patch Tuesday: Siemens, Schneider Electric Address Over 40 Vulnerabilities (SecurityWeek) September 2021 ICS Patch Tuesday - Siemens and Schneider Electric release 25 advisories to address a total of more than 40 vulnerabilities.
Microsoft Patch Tuesday, September 2021 Edition (KrebsOnSecurity) Microsoft today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks. Also, Apple has issued an emergency update to fix a flaw that's reportedly…
Trends
2021 SaaS Risk Report Reveals 44% of Cloud Privileges are Misconfigured (Varonis) Cloud apps make collaboration a breeze, but unless you’re keeping a close watch on identities, behavior, and privileges across each and every SaaS and IaaS you rely on, you’re a sitting duck.
Execs Fear Ransomware While Most Unprepared To Fight It (eCommerce Times) High ranking business executives say ransomware is a major concern to them but their organizations are unprepared to do anything about it. Those were the findings of a poll released Monday by global consulting and advisory services firm Deloitte.
Global Snapshot: The CISO in 2021 (Marlin Hawk) As the world emerges into a post-pandemic reality, the importance of a robust cybersecurity function has never been more apparent.
Ransomware accounted for a quarter of all cyber insurance claims in Europe between 2016 and 2020 (The Record by Recorded Future) Almost a quarter of all cyber insurance claims filed between 2016 and 2020 across continental Europe have been related to ransomware attacks, according to insurance giant Marsh.
Top Attack Vectors: August 2021 (Expel) This report dives into the top attack vectors and trends among the incidents our SOC investigated in August 2021. Learn our key recommendations to protect your org from these types of attacks.
77% of Americans Believe Their Company Has Security Gaps (Lynx) Lynx Software Technologies survey reveals managers and execs are concerned about internal and external network threats...
Marketplace
Cloud Backup Company Rewind Raises $65 Million (SecurityWeek) Cloud backup company Rewind has raised $65 million in a Series B funding round, which brings the total raised to more than $80 million.
Orro buys eSecure to boost cyber security skills (ARN) Secure network and digital infrastructure provider Orro is building up its cyber security expertise through purchasing managed security services player eSecure.
Kolide Raises $17M Series B To Enable IT Teams To Secure Devices With The Help Of Employees (PR Newswire) Kolide, the user-focused endpoint security platform for teams that Slack, announced today that it raised $17M in Series B investment funding...
BitSight, Mastercard and Tenable Make Acquisitions (BankInfoSecurity) Merger and acquisition activity picked up in September with BitSight, Tenable and Mastercard, all making deals. Moody's became BitSight's largest shareholder after
Arista, Cisco, Huawei, Juniper Networks, and Nokia Launch New MANRS Equipment Vendor Program to Improve Routing Security Worldwide (Internet Society) Founding members of the MANRS Initiative will tackle the systemic vulnerabilities of global routing security through groundbreaking collaborative action.
Darktrace stock soars despite IPO cost backlash (BusinessWeekly) Darktrace, the Cambridge cyber security AI company, watched its UK share price soar 44.43p (seven per cent) as it unveiled full year results to June 30 that showed massive revenue growth but huge losses related to its April IPO. Stockholders were clearly backing future potential as they responded positively to a full-year revenue surge of 41.3 per cent to £281.34m. "Business
Secureworks CEO Wendy Thomas Plans XDR Domination (SDxCentral) Secureworks CEO Wendy Thomas has two goals for the cybersecurity vendor. One involves leading the $40-billion XDR market.
ConvergeOne Recognized by Palo Alto Networks as a NextWave Platinum Innovator (PR Newswire) ConvergeOne, a leading services-led technology solution provider of security, collaboration, cloud, and digital infrastructure solutions, today...
Theranos Founder Elizabeth Holmes Is on Trial. Silicon Valley Is Watching (Wired) “I’m glad the ‘Fake it till you make it’ mantra of Silicon Valley is coming into question,” one investor told WIRED.
Minerva Labs Continues Expansion Into Latin America Market (BusinessWire) Minerva Labs, a leading provider of pre-execution, active threat prevention platform, today announced its continued expansion into the Latin America m
Former AWS exec Charlie Bell to head new Microsoft Security, Compliance, Identity, and Management org (ZDNet) Microsoft announced former AWS bigwig Charlie Bell would lead a new engineering organization and report to CEO Nadella only after Microsoft comes to a resolution with Amazon.
Beazley announces new Global Head of Cyber Services (GlobeNewswire News Room) Specialist insurer Beazley has named Raf Sanchez as its new Global Head of Cyber Services...
Coalfire Appoints Michael J. Sullivan to Board (Coalfire.com) Finance, M&A Veteran Augments Director-Level Leadership
Products, Services, and Solutions
Cowbell Cyber Unites Cybersecurity Giants and Cyber Insurance Industry with Launch of Cowbell Rx (Cowbell) Cyber insurance industry’s first cyber risk marketplace helps policyholders meet basic requirements to gain coverage
Corvus Insurance & SiriusPoint Announce Strategic Investment and Multi-Year Underwriting Capacity Partnership (BusinessWire) Corvus Insurance, the leading provider of smart commercial insurance products powered by AI-driven risk data, and SiriusPoint Ltd. (“SiriusPoint”) (NY
Keeper Security Achieves New FIPS 140-2 Validation (PR Newswire) Keeper Security, the leading provider of zero-trust, zero-knowledge security and encryption software covering enterprise password management,...
AU10TIX Protects Businesses Against $700 Million In Fraud Since Start Of 2021 (PR Newswire) AU10TIX, a leading global provider of fully automated identity verification technology powered by cutting-edge machine learning and artificial...
AssurX and Rokster Partner to Help Utility Companies Realize Long-Term Cybersecurity Management and Compliance Goals (EIN) Expert consulting knowledge and intuitive software provide the ultimate solution to minimize risk of cyberattacks and regulatory fines
Veriff Joins Visa Fintech Partner Connect Program (Cision) Veriff’s participation brings an AI-powered identity verification platform to the Visa network.
Palo Alto Networks Unveils Okyo Garde Cybersecurity Solution (IT Business Edge) The enterprise-grade, mesh-enabled solution is aimed at work-from-home-employees and small businesses.
Qualys Introduces Zero-Touch Patching for Proactive Vulnerability Remediation (PR Newswire) Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of disruptive cloud-based IT, security and compliance solutions, today announced it...
Titania's module automates the audit process for mission critical CMMC security practices (Help Net Security) Titania launched new tool to automate the audit process for dozens of the most mission critical CMMC security practices for the core network.
Avast Steps Up to Protect Digital Freedom for All (PR Newswire) Avast (LSE:AVST), a global leader in digital security and privacy, today unveiled its new brand identity and expanded purpose to protect...
Johnson Controls Selects Tempered Networks To Provide Zero Trust Secure Communications, Further Advancing Cybersecurity Leadership For OpenBlue Services (Yahoo Finance) Johnson Controls (NYSE: JCI), the global leader for smart, healthy and sustainable buildings, selected Tempered Networks to provide best-in-class secure communications and network management for its OpenBlue services, further advancing cybersecurity leadership for the company's smart buildings technology ecosystem.
Cynalytica Delivers New Solution to Help Combat Cyber Threats to Maritime Navigation and Communication Systems (PR Newswire) Cynalytica Inc. announces its SerialGuard® AnalytICS Platform now offers monitoring, deep packet inspection (DPI) support, and intrusion...
Versa Networks Launches Industry’s First Native 5G WAN Edge Products Delivering Complete SASE Services to the Edge (Yahoo) Versa Networks, the leader in secure access service edge (SASE), today launched the industry’s first 5G-native products for the wide area network (WAN) edge delivering complete SASE integration and SASE services to the network edge. Natively supporting private 5G functions, Versa enables ease of deployment and equips organizations with industry-leading QoS, network segmentation, and SASE services to meet the highest levels of compliance and privacy requireme
CrowdStrike Speeds Response Time and Remediation of Critical Security Incidents for Government Agencies (BusinessWire) CrowdStrike Inc., a leader in cloud-delivered endpoint and workload protection, today announced the availability and FedRAMP authorization of CrowdStr
Qlik Cloud Government Platform Achieves FedRAMP In Process Designation Under Sponsorship of the Environmental Protection Agency (EPA) (GlobeNewswire News Room) Qlik® announced today that its new Qlik Cloud Government analytics platform has achieved the Federal Risk...
Fidelity Institutional® Announces Access to New Cybersecurity Solution for Wealth Management Firms (BusinessWire) Fidelity Institutional announces a new cybersecurity offering for its clients through Armorblox to protect against business email compromise (BEC).
deepwatch and SentinelOne Partner to Protect Customers Against Ransomware and Cyber Threats (deepwatch) deepwatch, the leader in advanced managed detection and response (MDR) security, today announced a strategic partnership with SentinelOne, Inc., a recognized leader in endpoint security technology, to provide EDR services as part of its award-winning MDR offering.
BlackBerry Secures Group Phone Calls and Messages from High Risk Eavesdropping (PR Newswire) BlackBerry Limited (NYSE: BB; TSX: BB) today announced its SecuSUITE® for Government offering now provides certified end-to-end encryption of...
Untangle Simplifies SD-WAN Setup with Command Center Release (Untangle) Network Administrators Can Now Automatically Build a Secure Network Across Multiple Locations. SAN JOSE, Calif. – September 14, 2021 – Untangle® Inc., a leader in comprehensive network security for sm
Technologies, Techniques, and Standards
The Marines Are Copying the Air Force's Efforts to Counter Online Disinformation (Defense One) Meanwhile, the Army is trying to get inside perpetrators' OODA loops.
Air Force software platform expansion stalled by cybersecurity concerns (FedScoop) DOD Officials say they are not comfortable with how the Air Force’s coding environment handles cyber risks.
Cyber hygiene: identifying and defusing risks in M&A (Financier Worldwide) Over the past 10 years or so, increasingly complex cyber security threats have emerged during the M&A lifecycle, the nature and severity of which is causing mounting concern among dealmakers.
Data security is broken: What’s next? (Imperva) One out of every two on-premises databases globally has at least one vulnerability, finds a new study from Imperva Research Labs spanning 27,000 on-prem databases, based on insights from a proprietary database scanning service introduced by Imperva Innovation five years ago. The question is: why is securing data so challenging? Key Findings This research proves […]
Design and Innovation
You Can Now Ditch the Password on Your Microsoft Account (Wired) You no longer need a long string of characters to access Windows and Office 365.
Microsoft to let users completely remove account passwords and go passwordless (The Record by Recorded Future) Microsoft has announced today that it intends to let users remove the passwords from their Microsoft accounts and go passwordless.
Regular Users Can Now Remove Password From Their Microsoft Account (SecurityWeek) Microsoft tells owners of consumer accounts that they can now go completely passwordless and delete their password from their account.
Can Governments Shut Down Bitcoin With Quantum Computers? (Nasdaq) Most governments like Bitcoin (CRYPTO: BTC) as much as we like walking with rocks in our shoes. Recent ransomware attacks, where hackers targeted vulnerable infrastructure such as gas pipelines and demanded ransom in the form of Bitcoin, add yet more scrutiny of the cryptocurrency.
Research and Development
A Stanford Proposal Over AI's 'Foundations' Ignites Debate (Wired) A research paper that dubs some artificial intelligence models "foundational" is sparking a dispute over the future of the field.
Legislation, Policy, and Regulation
Election Interference Attempts Come from More Countries Than Just Russia (SIGNAL Magazine) Other nations have joined the fray in trying to alter our democratic processes and our economic stability.
China responsible for two thirds of state-sponsored cyber attacks (The Sydney Morning Herald) Foreign governments like China and Russia are increasingly blending their cyber capabilities with criminal networks to hide their identity.
UN wants Nigeria, others to deepen Internet safety (The Guardian Nigeria News) The United Nations (UN), arm in charge of global telecommunications, the International Telecommunications Union (ITU) has called on governments in Nigeria and other parts of Africa to deepen Internet safety.
Citing human rights risks, UN calls for ban on certain AI tech until safeguards are set up (ABC News) "We cannot afford to continue playing catch-up regarding AI."
UN human rights chief demands moratorium on AI technology (Computing) Michelle Bachelet has called for a ban on AI systems that do not comply with human rights laws
The U.S, is the only nation with ethical standard for AI weapons. Should we be afraid? (Newsweek) Artificial Intelligence technology is on the verge of transforming the nature of war and conflict, capable of deciding when and even whom to kill from afar.
The Counterterror War That America Is Winning (The Atlantic) The United States has centered its efforts on invasions and insurgencies. But another campaign appears to be having greater success.
We Cannot Afford to Wait to Bolster Maritime Cybersecurity (Nextgov.com) Maritime ransomware attacks are on the rise.
House Committees Seek to Spend Millions on Cybersecurity (BankInfoSecurity) A pair of House committees this week said they want to spend additional millions on cybersecurity by injecting funds into CISA and the FTC, as part of the debate
FTC warns health apps to notify consumers impacted by data breaches (TheHill) The Federal Trade Commission (FTC) voted 3-2 Wednesday that a decade-old rule on health data breaches applies to apps that handle sensitive health information, warning these companies to comply.
Former national security officials warn antitrust bills could help China in tech race (TheHill) A group of former top national security officials on Wednesday issued a call for Congress to conduct additional reviews on a series of antitrust bills targeting tech giants, which they argued would harm U.S.
Union Wants Civilian Cyber Reserve Proposal Dropped from Defense Bill (Nextgov.com) The American Federation of Government Employees says private-sector stake in the provision is based on companies seeking a competitive advantage.
Cabinet Office offers £60k for in-house ethical hacker (PublicTechnology.net) Credit: Adobe Stock The Cabinet Office is offering an annual salary of up to £60,000 in a bid to recruit an in-house ethical hacker. The position, which will be based in either Bristol or Manchester, comes with a remit to support the work of so-called “red teams” – the name given to an organisations internal cyber that are dedicated to testing platforms and services through attacks.
Litigation, Investigation, and Law Enforcement
This US company sold iPhone hacking tools to UAE spies (MIT Technology Review) An American cybersecurity company was behind a 2016 iPhone hack sold to a group of mercenaries and used by the United Arab Emirates.
3 former US intel officers turned cyber mercenaries plead guilty: An insider threat case study (CSO Online) Three U.S. nationals, working as cyber mercenaries on behalf of the United Arab Emirates, have pleaded guilty to exploiting U.S. entities using U.S.-controlled technologies.
There Are Too Many Underemployed Former Spies Running Around Selling Their Services to the Highest Bidder (Esquire) That includes, according to the New York Times, Americans helping the United Arab Emirates hack Americans.
Ex-US intelligence operatives admit to hacking for UAE (Al-Monitor: The Pulse of the Middle East) The Justice Department said Tuesday three former intelligence and military operatives had admitted to helping the UAE government surveil targets worldwide, including US citizens.
Former U.S. Intelligence Officers Admit to Hacking American Targets for UAE (Breitbart) The Justice Department announces a plea deal with three former U.S. intelligence and military officers accused of hacking for the UAE.
ExpressVPN exec among three facing $1.6 million fine for helping UAE spy (CNET) The former US intelligence operatives and military members have agreed to pay the Justice Department fine.
Law Enforcement’s Use of Commercial Phone Data Stirs Surveillance Fight (Wall Street Journal) Agencies’ growing use of purchased data without warrants raises new legal questions.
DHS restricted flow of intel related to 'election-related threats' before Jan. 6: report (TheHill) The Department of Homeland Security (DHS) restricted the flow of intelligence related to “election-related threats” before the Jan. 6 attack on the U.S.
Memo shows how Homeland Security restricted flow of 'election-related' intelligence ahead of 1/6 (CNN) A few months before rioters stormed the US Capitol, the Department of Homeland Security restricted the flow of open-source intelligence reports about "election-related threats" to law enforcement, citing First Amendment concerns, according to documents reviewed by CNN.
Man behind world’s biggest source of child abuse imagery is jailed for 27 years (the Guardian) Investigators found what appeared to be more 8.5 million images and videos on dark web servers created by Eric Eoin Marques
Hawks arrest suspect in Experian data breach that exposed data of 23 million South Africans (My Broadband) The Hawks arrested a suspect linked to last years breach of Experian, which led to the personal data records of 23.4 million South Africans being posted online.
DoorDash sues New York City over law that requires it to share customer data with restaurants (The Verge) The law is set to take effect in December.
Ex-Cryptocurrency Fund Manager Sentenced to 7½ Years in Prison (Wall Street Journal) Stefan Qin had pleaded guilty to one count of securities fraud after prosecutors said he ran his $90 million Virgil Sigma Fund like a Ponzi scheme.
T-Mobile, customers diverge on forum to transfer data breach suits (Reuters) T-Mobile US Inc is supporting a plaintiffs' bid to centralize in one federal district court almost 30 lawsuits filed by customers over a recent massive data breach, but suggested a different venue due to a "dire" judge shortage.
Lawsuit: Health System Failed to Heed Ransomware Warnings (GovInfoSecurity) A proposed class action lawsuit filed this week against St. Joseph's/Candler Health System in the wake of a recent ransomware breach affecting 1.4 million
Mark Cuban-backed OpenSea says it's found evidence of insider trading on its NFT platform (Business Insider) OpenSea, the non-fungible token platform backed by billionaire Mark Cuban, said it has uncovered evidence of insider trading.