Attacks, Threats, and Vulnerabilities
Troll farms reached 140 million Americans a month on Facebook before 2020 election, internal report shows (MIT Technology Review) “This is not normal. This is not healthy.”
CISA: Patch Zoho Bug Actively Exploited by APT Groups (Infosecurity Magazine) Critical vulnerability affects ManageEngine ADSelfService Plus
APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus (CISA) This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 8. See the ATT&CK for Enterprise for referenced threat actor tactics and for techniques.
AMD CPU driver bug can break KASLR, expose passwords (The Record by Recorded Future) AMD has advised Windows users this week to update their operating systems in order to receive a patch for a dangerous vulnerability in one of its CPU chipset drivers that can be exploited to dump system memory and steal sensitive information from AMD-powered computers.
OMIGOD, an exploitable hole in Microsoft open source code! (Naked Security) Got Linux? Here’s a bug you weren’t expecting, in software you might not even know you have.
Threat Thursday: NetWire RAT is Coming Down the Line (BlackBerry) NetWire is a publicly available, multi-platform Remote Access Trojan (RAT) that is designed to perform surveillance or take control of the infected system.
Microsoft Azure Customers Warned About Critical Security Flaw That Exposed Data To Hackers (Medianama) The cloud platform’s users were advised to take urgent steps against a security flaw that had existed for months.
Is Grief's Threat to Wipe Decryption Key Believable? (GovInfoSecurity) Regarding the recent tactical innovation by the Grief ransomware gang that is threatening to wipe a victim's data and decryption key if the victim engages a ransom
Customer Care Giant TTEC Hit By Ransomware (KrebsOnSecurity) TTEC, [NASDAQ: TTEC], a company used by some of the world's largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident that appears to be the result…
Internet Crime Complaint Center (IC3) | Scammers Defraud Victims of Millions of Dollars in New Trend in Romance Scams (Federal Bureau of Investigation) The FBI warns of a rising trend in which scammers are defrauding victims via online romance scams, persuading individuals to send money to allegedly invest or trade cryptocurrency.
U.S. government intercepts reams of fake vaccination cards from China (NBC News) Fake Covid-19 vaccination cards are now going for hundreds of dollars.
Mass Personal Data Theft From Paris Covid Tests: Hospitals (SecurityWeek) Hackers stole the personal data of around 1.4 million people who took Covid-19 tests in the Paris region in the middle of 2020, hospital officials in the French capital disclosed on Wednesday.
Hackers steal Covid test data of 1.4 million people from Paris hospital system (RFI) Hackers stole the personal data of around 1.4 million people who took Covid-19 tests in the Paris region in the middle of 2020. The hack of a service of the Paris public hospital system, AP-HP, is th…
Republican Governors Association was hacked earlier this year (CNN) Hackers breached the Republican Governors Association in February, potentially exposing the personal data of nearly 500 people affiliated with the organization, the RGA said in a September 15 public filing.
BBB Warns of Hackers Targeting iPhones for Identity Theft (NBC Chicago) The Better Business Bureau is warning consumers of cyber hackers targeting iPhones in an effort to commit identity theft.
HSE chief says cost of cyber attack could reach €100m (RTE.ie) The total cost of a ransomware attack on the Health Service Executive could reach €100 million, the chief executive of the HSE has told an Oireachtas committee.
Africa's Maritime Cyber Security Progress After the Transnet Attack (The Maritime Executive) On Thursday, the Institute for Security Studies (ISS)broughtcybersecurity professionals together in...
Security Patches, Mitigations, and Software Updates
Several Access Bypass, CSRF Vulnerabilities Patched in Drupal (SecurityWeek) Drupal developers inform users about patches for five moderately critical CSRF and access bypass vulnerabilities.
Siemens RUGGEDCOM ROX (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.8
ATTENTION: Exploitable remotely/low attack complexity
Equipment: RUGGEDCOM ROX
Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Execution with Unnecessary Privileges, Improper Handling of Insufficient Permissions or Privileges
Schneider Electric EcoStruxure and SCADAPack (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Schneider Electric
Equipment: EcoStruxure Control Expert, EcoStruxure Process Expert, SCADAPack RemoteConnect for x70
Vulnerability: Path Traversal
2. RISK EVALUATION
Successful exploitation of this vulnerability could result in code execution on the engineering workstation.
The Spying That Changed Big Tech (New York Times) The backlash against the industry traces back partly to the Snowden revelations.
Wake-up calls and eye-opening statistics reveal the full extent of cyber risk (Insurance Business Magazine) Rating agency reveals key trends for 2021
The weak points where hackers could hijack the supply chain (The Grocer) With more of the food system run online - and, increasingly, from the homes of its workers - the industry faces a rising risk of cyberattacks
Pharma cyber attacks: five breaches that the industry must learn from (Pharmaceutical Technology) Pharma cyber attacks have shut down supply chains, impacted manufacturing and targeted intellectual property. We highlight five key examples.
Brute force attacks, unpatched software and malicious emails behind most incidents investigated by Kaspersky last year (IT World Canada) Almost 90 per cent of the cyber attacks Kaspersky's incident response team was called in on last year were caused by three factors: brute force attacks, exploits of vulnerabilities in public-facing applications and employees falling for malicious emails. That is one of the main findings in Kaspersky's annual Incident Response Analyst Report, which was released […]
Nigeria: Report - Increase in Phishing Attacks On Nigerian Organisations Hits 66% (allAfrica.com) Sophos, a global leader in next-generation cybersecurity, has released the findings of its global survey report, titled: "Phishing Insights 2021," which reveals that phishing attacks targeting organisations, ramped up considerably during the pandemic, as millions of employees working from home became prime targets for cybercriminals.
ExpressVPN Acquired by Kape Technologies: How Does It Affect You? (MUO) ExpressVPN, one of the most popular VPN services, has been acquired by Kape Technologies, so how does this affect users?
CynergisTek Announces 3-Year Cybersecurity Services Contract with Leading Sales Enablement Firm (BusinessWire) Redspin, a division of CynergisTek, announces a $300,000 multi-year Resilience Partner Program agreement with a leading technology firm.
Instagram chief faces backlash after awkward comparison between cars and social media safety (CNBC) "Cars create way more value in the world than they destroy," Instagram chief Adam Mosseri said. "And I think social media is similar."
Arcules Focuses on Ensuring Customer Success with the Addition of VP of CX (Benzinga) Seasoned customer engagement and technology executive plans to transform customer success within the fast-growing organization
GrammaTech Named a SINET16 Cybersecurity Innovator (GrammaTech) GrammaTech was selected from a pool of 190 applications from 18 countries, following two rounds of evaluation by the SINET Judging Committee and was named a SINET16 Innovator Award winner for 2021.
Products, Services, and Solutions
Socure Announces Industry-First Predictive Document and Identity Verification Solution with Unparalleled Precision and Multi-Dimensional Risk Insights (BusinessWire) Socure, the leading provider of digital identity verification and fraud solutions, announced the industry’s first predictive document and identity ver
Nozomi Networks and Tripwire Announce Strategic Partnership (Tripwire) Industry leaders join forces to deliver fully integrated cybersecurity and compliance solutions for IT, OT and IoT environments
Bot Management That’s Worth the Hype (PerimeterX) For online retailers selling limited-edition items, there’s no bigger target for inventory hoarding and scalping than a launch. Learn how to protect your sales.
Platform9’s Kubernetes-as-a-Service Powers AI Startup Norna’s Retail Fashion Technology (Platform9) Retailers can now rapidly roll out and centrally manage cloud-native and legacy applications in 1000s of stores to transform consumer digital experiences.
Independent Study: Group-IB Threat Intelligence & Attribution Can Deliver an ROI of 339% (PR Newswire) Group-IB, one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigation...
New infosec products of the week: September 17, 2021 (Help Net Security) The featured infosec products this week are from: Alation, IDrive, Hornetsecurity, Palo Alto Networks, Qualys, ThreatConnect and Titania.
Technologies, Techniques, and Standards
Looking for Cyber Insurance? Legal Terms, Issues to Know (Bloomberg Law) The impacts of cyber and ransomware attacks on companies can be devastating, and companies seeking to mitigate these risks are shopping for standalone cyber insurance policies. Hogan Lovells privacy and security litigators examine what companies should know and understand when looking for a policy.
Free REvil ransomware master decrypter released for past victims (BleepingComputer) A free master decryptor for the REvil ransomware operation has been released, allowing all victims encrypted before the gang disappeared to recover their files for free.
Missing Critical Vulnerabilities Through Narrow Scoping (Trustwave) The typical process when scoping a penetration test is to get a list of targets from the client, which are typically a list of IP addresses and/or hostnames. But where does this information come from, and how accurate is it?
Object Management Group RAAML Beta Version 1.0 Specification Defines Extensions to SysML (Object Management Group) Needed to support safety and reliability analysis.
Object Management Group Announces Application Programming Interfaces for Knowledge-based Systems and Platforms Beta V1.0 (Object Management Group) The specification enables interoperability for knowledge-based systems/platforms
BPM+ Health Publishes Maturity Model for Clinical Guidelines (BPM+ Health) Readiness Assessment and Maturity Model helps improve the quality of Healthcare.
Communicating in the midst of a cyber attack (ITProPortal) There are surprisingly few collaboration and messaging tools that are secure and resilient enough to keep cybersecurity teams communicating when dealing with an attack
No Target Too Small: How Small Organizations Can Improve Their Security Programs (MarketScreener) No Target Too Small: How Small Organizations Can Improve Their Security Programs
Any organization can be compromised by ransomware and other security incidents, regardless of size. It... | September 17, 2021
Design and Innovation
Researchers Create Toolkit for Hardware Security Tests on Apple's Mobile Processors (SecurityWeek) A group of researchers from North Carolina State University has built a software toolkit to explore vulnerabilities in Apple’s mobile processors and used the findings to devise a cache timing attack.
Exclusive: Facebook targets harmful real networks, using playbook against fakes (Reuters) Facebook is taking a more aggressive approach to shut down coordinated groups of real-user accounts engaging in certain harmful activities on its platform, using the same strategy its security teams take against campaigns using fake accounts, the company told Reuters.
Meet the students representing Ireland in ‘the Eurovision of cybersecurity’ (Silicon Republic) This year, Team Ireland will be travelling to Prague to compete in the annual European Cyber Security Challenge.
Legislation, Policy, and Regulation
UK armed forces confirm cyber as fifth dimension of warfare (The Daily Swig | Cybersecurity news and views) Armed forces needs to adapt to recruit more digital quartermasters rather than conventional soldiers, conference attendees told
British military intel chief has ‘ambitious plans’ for automation (Defense News) British defense analysts have access to more data and information sources than ever before, but are desperate for mature automation tools to properly sift through them all, said the nation’s top intelligence officer.
China's chilling warning on military cyberspace ambitions: 'Enhance capabilities' (Express.co.uk) CHINA set out its intention to ramp up its cyberspace effort in a white paper which appeared to suggest it would militarise the internet.
Ahead of September elections, Russia tightens grip on remaining online freedoms (Global Voices Advox) Ahead of Russia's parliamentary elections on September 17-19, the state's crackdown on opposition groups, circumvention tools and internet infrastructure has escalated to a fever pitch.
UN Urges Moratorium on AI Tech That Threatens Rights (SecurityWeek) The UN called Wednesday for a moratorium on artificial intelligence systems like facial recognition technology that threaten human rights until "guardrails" are in place against violations.
Watchdog: CISA Needs to Update Plans to Protect Critical Infrastructure (Nextgov.com) The Department of Homeland Security Inspector General report on dam security found a lack of coordination among agency teams.
Is White House Crackdown on Ransomware Having Any Effect? (BankInfoSecurity) The latest edition of the ISMG Security Report features an analysis of the state of the Biden administration's efforts to disrupt ransomware attackers, as well as
Cyber security experts lack confidence in Nadine Dorries' 'unexpected' appointment (inews.co.uk) Ms Dorries, who will both set policy for the tech industry and oversee data protection, once tweeted about sharing her password with her staff and interns
Litigation, Investigation, and Law Enforcement
EU commissioner calls for urgent action against Pegasus spyware (the Guardian) Didier Reynders condemns hacking of political opponents and journalists and says bloc closely watching Hungary investigation
EU commissioner urges action against abusers of NSO Group’s spyware (Times of Israel) Didier Reynders calls on member states to probe alleged use of the Israeli firm's Pegasus software to illegally spy on rights activists, political rivals and journalists
Discontent Simmers Over How to Police EU Privacy Rules (Wall Street Journal) A delay in the EU’s WhatsApp fine illustrates some regulators’ dissatisfaction with how the bloc enforces the GDPR.
China Intensifies Hunt for Cryptocurrency Miners in Hiding (Bloomberg) Governments are checking for illegal mining in labs, colleges. Power-shortage concerns among reasons behind inspections.
Waste from one bitcoin transaction ‘like binning two iPhones’ (the Guardian) Study highlights vast churn in computer hardware that the cryptocurrency incentivises
Durham grand jury indicts lawyer whose firm represented Hillary Clinton’s campaign (Washington Post) Special counsel John Durham, tasked by the Trump administration with investigating the FBI’s role in the 2016 presidential campaign, announced Thursday the indictment of a lawyer charged with lying when he gave the bureau purportedly damaging information about then-candidate Donald Trump without disclosing his ties to Hillary Clinton’s campaign.
Lawyer Michael Sussmann Indicted on Charges of Lying to FBI (Wall Street Journal) A grand jury indicted lawyer Michael Sussmann in connection with John Durham’s investigation into the origins of the Russia probe on charges that he lied to the FBI during the 2016 presidential campaign.
Durham is said to be seeking indictment of lawyer whose firm represented Hillary Clinton’s campaign (Washington Post) Special counsel John Durham, appointed during the Trump administration to investigate possible wrongdoing at the FBI and other agencies dating to the 2016 election, is preparing to seek the indictment of an attorney whose firm has close ties to Democrats, according to two people familiar with the matter.
Perkins Coie Attorney Charged With Lying To FBI (Law360) Perkins Coie partner and cybersecurity expert Michael A. Sussmann was hit Thursday with a federal charge of lying to the FBI in the final stretch of the 2016 presidential campaign.
United States of America v. Michael A, Sussmann, Defendant (US District Court for the District of Columbia) The Grand Jury charges that...In or about late October 2016--approximately one week before the 2016 US Presidential election--multiple media outlets...
Durham not expected to bring charges tied to intel assessment on Russian election interference: Report (Yahoo) Special counsel John Durham is not expected to bring charges in connection with the 2017 U.S. intelligence community assessment on Russian interference during the 2016 presidential election.
Freedom Hosting admin gets 27 years in prison for hosting child pornography (The Record by Recorded Future) An Irish man who ran a cheap dark web hosting service has been sentenced today to 27 years in prison for turning a blind eye to customers hosting child sex abuse material.
Man who bribed AT&T employees to install malware on the company's network gets 12 years in prison (The Record by Recorded Future) A Pakistani man who bribed AT&T employees to install malware on the company's internal network has been sentenced today to 12 years in prison after he illegally unlocked more than 1.9 million phones, causing the US telco losses in excess of $201 million.
App Annie Settlement Signals Closer Scrutiny of Data Brokers (Wall Street Journal) The Securities and Exchange Commission’s $10 million settlement this week with an analytics firm suggests regulators are taking a harder line on the data-broker industry that investors increasingly rely on to make trades, legal experts and former SEC officials say.
Reserve Bank hit with compliance notice after 2020 cyber attack (Reseller News) The Reserve Bank has now instigated a programme of work to improve policies and processes for protecting personal information.
Fourth Circuit Rejects Wikimedia’s Suit Against the NSA on Secrecy Grounds (Lawfare) The Wikimedia Foundation, which runs Wikipedia, claimed that the NSA’s “Upstream” surveillance program captures its international communications and is a violation of its First Amendment free-speech rights and its Fourth Amendment rights against unreasonable search and seizure.
Ex-NSA Operative Scandal Shows the Spyware Industry Is Out of Control (Gizmodo) The fact that former NSA operatives acted as cyber-mercenaries for the UAE is less a canary in a coal mine than a blaring air-raid siren.
Blasdell man accused of wire fraud, impersonating Department of Homeland Security Officer (WKBW) A Blasdell man is accused of wire fraud and impersonating a Department of Homeland Security Officer.
Illinois Man Convicted of Federal Criminal Charges for Operating Subscription-Based Computer Attack Platforms (US Attorney's Office for the Central District of California) An Illinois man was found guilty today by a federal jury for running websites that allowed paying users to launch powerful distributed denial of service, or DDoS, attacks that flood targeted computers with information and prevent them from being able to access the internet.
California Attorney General Issues Bulletin On Health Data Breach Reporting Requirements (Mondaq) The California Attorney General ("AG") has issued guidance reminding health care providers of their duty to report health care data breaches and to comply with other state and federal data privacy laws.
Motion to Dismiss Filed in COVID Contact Tracing Data Breach Lawsuit (Lexology) In June, we discussed a putative class action filed in the Eastern District of Pennsylvania concerning a data breach involving COVID-contact tracing…