Attacks, Threats, and Vulnerabilities
Indonesia says no evidence of alleged Chinese intel hack (AP NEWS) Indonesian authorities have found no evidence that the country's main intelligence service's computers were compromised, after a U.S.-based private cybersecurity company alerted them of a suspected breach of its internal networks by a Chinese hacking group, an official said.
Iowa farm services firm: systems offline due to cybersecurity incident (Reuters) Iowa-based farm services provider NEW Cooperative Inc said on Monday its systems were offline to contain a "cybersecurity" incident just as the U.S. farm belt gears up for harvest.
US farmer cooperative hit by $5.9M BlackMatter ransomware attack (BleepingComputer) U.S. farmers cooperative NEW Cooperative has suffered a BlackMatter ransomware attack demanding $5.9 million not to leak stolen data and provide a decryptor.
Iowa Grain Cooperative Hit by Cyberattack Linked to Ransomware Group (Wall Street Journal) New Cooperative said it was hit with a cyberattack that security researchers are linking to BlackMatter, which the researchers said demanded $5.9 million to unlock the organization’s data.
Ransomware Reportedly Hits Iowa Farm Services Cooperative (GovInfoSecurity) NEW Cooperative, an Iowa-based farm services cooperative, has reportedly been targeted by the BlackMatter ransomware gang, demanding a $5.9 million payment from the
After Biden Warning, Hackers Define ‘Critical’ as They See Fit (Bloomberg) BlackMatter says recent victim too small to violate U.S. edict. President had told Putin that 16 sectors were off limits.
Could The Marketron Cyberattack Have Been Avoided? (Radio Ink) Greg Scasny is the CTO of Cigent Technology, a company that specializes in preventing cyberattacks. He is also the luncheon speaker at Radio Ink's Forecast 2022. We reached out to Scasny about the Marketron attack to get his thoughts on what radio stations should expect as Marketron deals with the situation.
Vermont radio stations victims of cyber attack (https://www.wcax.com) At lease one Vermont radio station is dealing with the impacts of a Russian cyber attack Monday.
1:41Group dedicated to exposing Chinese government secrets begins count for reveal this week (The Daily Dot) The mysterious group Intrusion Truth, known for outing alleged Chinese government hackers, has more in store.
Hello Lionel Richie (Intrusion Truth) An interesting turn of events occurred whilst releasing our article series on Lonely Lantern (the Chinese APT previously with no name, working to the Guangdong SSD). As most of our readers will hav…
Apache OpenOffice can be hijacked by malicious documents, fix still in beta (Register) If you need another reason to try an alternative software suite
Attackers Use Linux Binaries as Loaders for Windows Malware (SecurityWeek) Limited in scope, the incidents abuse the Windows Subsystem for Linux (WSL) feature to cross the boundaries between operating systems and avoid detection.
“Back to basics” as courier scammers skip fake fees and missed deliveries (Naked Security) “Stop. Think. Connect.” Say those words aloud – and please pronounce the pauses prescribed by the periods!
The Apple hack: everything you need to know (TechRadar) Latest update and advice on the Pegasus hack
Researcher discloses iPhone lock screen bypass on iOS 15 launch day (The Record by Recorded Future) On the day Apple released iOS 15, a Spanish security researcher disclosed an iPhone lock screen bypass that can be exploited to grant attackers access to a user's notes.
Glitch Reveals Ballot Choices of N.Y.C. Voters, Including Mayor’s Son (New York Times) The Board of Elections inadvertently allowed the mayoral primary votes of 378 New Yorkers, including Dante de Blasio, to become public, a report found.
15 million users' details exposed in Epik breach (Computing) Hacktivist group Anonymous claims to have stolen a 'decade's worth' of data
EventBuilder misconfiguration exposes personal details of 100,000 event registrants (The Daily Swig) Vulnerability has now been addressed in the Microsoft Teams add-on
EventBuilder Exposed Information of Over 100,000 Event Registrants (SecurityWeek) EventBuilder exposed files containing the personal information of at least 100,000 users who registered for events using the platform.
Payment API Bungling Exposes Millions of Users’ Payment Data (Threatpost) Misconfigured APIs make any app risky, but when you’re talking about financial apps, you’re talking about handing ne’er-do-wells the power to turn your pockets inside-out.
Marcus & Millichap Target Of Cyber Attack (The Real Deal New York) Marcus & Millichap was subject to a cyber attack, but so far there is no evidence of a data breach.
Slot machine chain exposes customer biometrics in data breach (Biometric Update |) Nevada Restaurant Services (NRS) has disclosed a privacy breach that exposed customers’ biometrics and other personally identifiable information.
Alaskan health department still struggling to recover after 'nation-state sponsored' cyberattack (CNN) Some computer networks at the Alaskan health department are still offline after foreign government-backed hackers breached the department in May, a spokesperson told CNN on Monday.
Cyberattack on Alaska Health Department Linked to State-Sponsored Hackers (SecurityWeek) The Alaska health department says the cyberattack discovered earlier this year was conducted by state-sponsored hackers.
Hackers want money, not want cellphone numbers (WSB-TV Channel 2 - Atlanta) Millions of T-Mobile customers were impacted when a hacker stole their information. A metro Atlanta couple talked to Channel 2 Consumer Advisor Clark Howard about how the hack almost cost them thousands of dollars.
Hacker Compromises Employee Data at Texas School District (GovTech) North East Independent School District has warned close to 5,000 current and former employees that their data could have been compromised by an intruder last month who accessed the email account of a payroll employee.
Bulletin (SB21-263) Vulnerability Summary for the Week of September 13, 2021 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
How APTs become long-term lurkers: Tools and techniques of a targeted attack (CSO Online) A new McAfee report details the tools and techniques an APT group used to go undetected on a client network for over a year.
Security Patches, Mitigations, and Software Updates
Apple Ships iOS 15 with MFA Code Generator (SecurityWeek) Apple ships iOS 15 makeover with patches for at least 22 documented security vulnerabilities, some serious enough to expose iPhone and iPad users to arbitrary code execution attacks.
Trends
VMware’s State of Cloud Security Report Zeroes in on Cloud Security Posture Management and Misconfiguration Risks (CloudHealth by VMware) In our latest research report, we partnered with the Cloud Security Alliance to survey nearly 1,090 IT and Security professionals around the complex topic of cloud security risk, compliance, and misconfigurations.
Critical infrastructure vulnerabilities surge as cybersecurity not up to scratch (Security Brief) Despite the criticality, the cybersecurity measures in place are still weak or nonexistent.
Incognia Mobile App Friction Study Measures the Friction of Device Change for Financial Services Mobile Apps (Yahoo Finance) Changing your smartphone isn’t a crime, yet users are penalized with high friction when switching devices
NETSCOUT Threat Intelligence Report (NETSCOUT) The unprecedented events of 2020 led to an enormous and extended upswing in innovation for threat actors. And it's not going away anytime soon. From adaptive DDoS attack strategies to an explosion of new DDoS attack vectors, threat actors thrive on rapid innovation. Here's the latest on our constantly changing threat landscape.
New Data Finds Employees in Retail Industry Most Targeted by Malicious Emails (RealWire) New Tessian report reveals how 2 million emails, flagged as malicious, bypassed traditional email defenses in 12 months and explains the top phishing techniques used by cybercriminals
Research Report | Spear Phishing Threat Landscape 2021 | Tessian (Tessian) Over 12 months, Tessian detected nearly 2,000,000 spear phishing emails that slipped past SEGs. Learn what tactics bad actors or leveraging and how to protect yourself.
New Research Compares Multi-Party Data Breaches to Single Party Events (RiskRecon) Read the latest blog from this RiskRecon that dives into new research on the ongoing impact of multi-party cybersecurity incidents.
SecurityCurve’s Diana Kelley: Viewing infosec through multiple lenses (SC Media) Said the chief technology officer and founding partner of advisory firm SecurityCurve: I always like to keep a balance. I think it's really easy to just start looking through one lens — forget what else is out there.”
Marketplace
archTIS Acquires Cipherpoint Technology Assets and Customers (archTIS) Accretive asset purchase adds to archTIS’ rapidly growing annual recurring revenue, global distribution and industry-leading intellectual property.
F5 To Acquire Cloud Security Vendor Threat Stack For $68M (CRN) F5 has agreed to buy cloud security company Threat Stack to enhance visibility across application infrastructure and workloads and adopt consistent security in the cloud.
Criterion Systems, Inc. Acquires Protas Solutions Inc. (BusinessWire) Criterion Systems, Inc. acquires Protas Solutions Inc., a data science, software, and management consulting firm serving the Intelligence Community.
Saviynt Raises $130M to Further Accelerate Its Growth in Enterprise Identity Security Market Following Record First Half of 2021 (Yahoo) Saviynt today announced that it has closed $130 million in financing after driving record company growth in the first half of 2021.
Former CIA Executive, Cooper Wimmer Joins Strider Technologies as Executive Vice President to Drive Business Development and Strategic Partnerships (PR Newswire) Strider Technologies, Inc. ("Strider"), the world's first economic statecraft intelligence startup, announced today that Cooper Wimmer has...
Power Moves: Sourcefire founder Martin Roesch is the new CEO of Annapolis-based Netography (Technical.ly Baltimore) Plus, board moves at EAGB and ZeroFox, and executive hires at b.well.
Cofense Strengthens Focus on Business Email Compromise with Addition of Ronnie Tokazowski as Principal Threat Advisor (BusinessWire) Cofense has appointed Ronnie Tokazowski as Principal Threat Advisor.
Products, Services, and Solutions
WISeKey and GDGC Officially Launched Black Mamba Package Autographed by Kobe Bryant on the WISe.Art Trusted Marketplace for Luxury NFTs (GlobeNewswire News Room) WISeKey and GDGC Officially Launched Black Mamba Package Autographed by Kobe Bryant on the WISe.Art Trusted Marketplace for Luxury NFTs The auction will...
Johnson Controls Selects Tempered Networks To Provide Zero Trust... (Enterprise Security Magazine) Johnson Controls (NYSE: JCI), the global leader for smart, healthy and sustainable buildings, selected Tempered Networks to provide best-in-class secure...
ThycoticCentrify Enhances Multi-Factor Authentication Redirection to Increase Convenience and Security for Multiple Administrative Accounts (PR Wire) Also Improves Workflow Productivity with Enhancements to Service Account Governance Solution
You can get solid protection against cyber threats for free, Consumer Reports finds (KSAT) Consumer Reports tested 30 anti-virus software programs against a variety of threats and found you don't have to pay much, if anything, to get solid protection.
Enzoic Launches E-Commerce Channel (Yahoo Finance) Enzoic, a leading provider of compromised credential screening solutions, today announced the launch of an e-commerce channel. This provides organizations with a simple, friction-free way to deploy the innovative credential screening tools. With 61 percent of breaches stemming from the exploitation of credential data, shoring up password vulnerability is vital for every enterprise spanning small businesses through to large global organizations.
ShiftLeft CORE Now Available on AWS Marketplace (BusinessWire) ShiftLeft, Inc., today announced that its unified code security platform, ShiftLeft CORE, is now available on the AWS Marketplace.
Zix Delivers Secure Large File Share to Bolster Innovation for Email Encryption Services (Zix Corporation) The Investor Relations website contains information about Zix Corporation's business for stockholders, potential investors, and financial analysts.
JFrog Wins U.S. Department of Defense Security Certification (JFrog) JFrog Artifactory and JFrog Xray are now accredited in Iron Bank under the DoD’s #PlatformOne initiative. Developers can now access both tools from the Iron Bank repository of digitally-signed and hardened container images. Learn More https://bit.ly/3kkVMmZ
Let’s Take Back the High Ground - Stairwell (Stairwell) Why and how Stairwell helps you stay out of reach of attackers. By Mike Wiacek Nearly a year ago, we launched Stairwell with a vision to empower security teams to outsmart attackers. If we’ve learned anything since, it’s that the bad actors keep winning. After a year of active development, we’re announcing Inception. Inception is […]
Tenable expands its global alliance with Splunk (SeekingAlpha) Tenable (TENB) extends its global strategic partnership with Splunk (SPLK) to secure Active Directory and converged operational technology environments.With the new Tenable.ad and...
Synopsys Partners with The Chertoff Group to Provide Policy-Driven Software Security Solutions (PR Newswire) Synopsys, Inc. (Nasdaq: SNPS) today announced a new partnership with The Chertoff Group, a global advisory services firm that applies security...
Owl Data Diodes Become a Critical Component of the Industry-Leading Cyber Recovery Data Vault Solution (GlobeNewswire News Room) Columbia, MD, Sept. 21, 2021 (GLOBE NEWSWIRE) -- Owl Cyber Defense Solutions (“Owl”), the global market leader in cross domain, data diode, and network...
Technologies, Techniques, and Standards
The new math of cybersecurity value (CSO Online) An increasing number of CISOs are devising a new set of metrics to show how they’re impacting risk at their organizations.
Does Your Organization Have a Security.txt File? (KrebsOnSecurity) It happens all the time: Organizations get hacked because there isn't an obvious way for security researchers to let them know about security vulnerabilities or data leaks. Or maybe it isn't entirely clear who should get the report when remote…
Seven key principles behind a robust cybersecurity practice (Security Brief) Here are seven critical questions that TSPs should ask of their cybersecurity practice to help protect customers.
CrowdStrike’s Falcon Forensics Platform Receives FedRAMP Authorization (ExecutiveBiz) CrowdStrike’s Falcon Forensics platform, intended for improved security visibility and automated analysis of attack incidents, is now available for government agencies after receiving authorization from the Federal Risk and Authorization Management Program.Falcon Forensics is hosted on GovCloud and is designed to help hasten the response time and remediation of security incidents and deliver in-depth data
Design and Innovation
New Irish animated series prepares pre-schoolers for life online (Irish Examiner) Creator of 'Alva's World' says fairytales of his childhood inspired the RTÉ series
Air Force testing how to do intelligence in disconnected environments (C4ISRNet) 16th Air Force is maturing its ability to converge intelligence, cyber and information warfare capabilities, but it needs to improve its speed.
Research and Development
Illumio Wins SBIR Phase II Award to Accelerate U.S. Department of the Air Force Adoption of Zero Trust Strategy (GlobeNewswire News Room) Illumio to Provide Visibility, Attack Containment, and Zero Trust Segmentation...
Academia
Emerging from uncertainty, DOD cyber war college looks to navigate the future (The Record by Recorded Future) In April last year a bipartisan group of lawmakers sent a letter to Defense Department leaders that pointedly urged them not to move ahead with a plan to shutter the National Defense University’s College of Information and Cyberspace.
Why aren’t schools required to report ransomware? (StateScoop) Better ransomware reporting could help improve defense against the cyberattacks — why aren’t schools required to report their attacks?
Legislation, Policy, and Regulation
China and Pakistan See Eye to Eye on the Taliban—Almost (Foreign Policy) They share economic and geopolitical interests in Afghanistan, but counterterrorism could be a wrench.
Cyber Espionage Likely Supporting China’s Arctic Aspirations (OODA Loop) There is little question that Beijing has seized the opportunity to capitalize on the United States’ internal division to implement its global agenda.
Banning Crypto For Ransomware Payments Misses The Real Point (Forbes) Crypto should not take the blame for weak cybersecurity
US agencies reportedly split over blacklisting Huawei hardware spinoff (The Verge) Honor could be put on the US entity list
CISA Must Update Critical Infrastructure Protection Plans (GovInfoSecurity) CISA must update its plans to improve the security - both physical and cyber - within the nation's critical infrastructure, according to a report that specifically
CISA’s Jen Easterly: Building trust to affect collaboration with industry (SC Media) My goal is to shift the paradigm from plain-old public-private partnership to true operational collaboration; from information-sharing to information-enabling, the CISA director to SC Media. This is in part the focus of the new Joint Cyber Defense Collaborative (JCDC) — bringing the power of the federal government with the power of industry to prevent incidents before they occur, and ensure a rapid and coordinated response when they do.
The Philippines to Accelerate National ID Program (OpenGov Asia) To enhance the government’s ability to deliver various services, the National Economic and Development Authority said it is accelerating the implementation of the Philippine Identification System.
Federal Union Opposed to Civilian Cyber Reserve NDAA Amendments (MeriTalk) The American Federation of Government Employees (AFGE) wrote the leaders of the House Rules Committee Sept. 15 to express their opposition to amendments to the fiscal year (FY) 2022 National Defense Authorization Act (NDAA) that would create a civilian cyber reserve program.
[Letter to the US House Committee on Rules] (American Federation of Government Employees, AFL-CIO) On behalf of the American Federation of Government Employees, AFL-CIO (AFGE), which represents more than 700,000 federal and District of Columbia government employees in more
than 70 federal agencies, I write to share our position on the following amendment H.R. 4350, the “National Defense Authorization Act for Fiscal Year 2022” as you decide which amendments to make in order related to the hardworking federal employees who provide vital services to the American public.
Litigation, Investigation, and Law Enforcement
FBI held back ransomware decryption key from businesses to run operation targeting hackers (Washington Post) The FBI refrained for almost three weeks from helping to unlock the computers of hundreds of businesses and institutions hobbled by a major ransomware attack this summer, even though the bureau had secretly obtained the digital key needed to do so, according to several current and former U.S. officials.
Treasury Takes Robust Actions to Counter Ransomware (U.S. Department of the Treasury) Targets First Virtual Currency Exchange for Laundering Cyber Ransoms. OFAC Updates Ransomware Advisory to Encourage Reporting and Cyber Resilience.
Police Announce Huge Bust of Mafia’s Cyber Crime Operations (Vice) European police accused several people of SIM swapping, phishing, and hacking in support of Italian organized crime.
Cybercriminals Linked to Italian Mafia Arrested by European Police (SecurityWeek) Operating out of Spain and Italy, the organized crime group defrauded hundreds of individuals, making roughly €10 million (approximately $11.7 million) in profits last year alone.
Europol links Italian Mafia to million-dollar phishing scheme (BleepingComputer) In collaboration with Europol and Eurojust, European law enforcement dismantled an extensive network of cybercriminals linked to the Italian Mafia that was able to defraud their victims of roughly €10 million ($11.7 million) last year alone.
Mafia works remotely, too, it seems: 100+ people suspected of phishing, SIM swapping, email fraud cuffed (Register) Dare we say, these Euro cops ran mobprobe
106 Italian mafia members arrested for SIM swapping, BEC scams, phishing (The Record by Recorded Future) A joint law enforcement operation between Europol, Italian, and Spanish police has resulted in the arrests of 106 members of the Italian mafia on crimes related to cybercrime and money laundering.
MOD Investigation Underway After Afghan Interpreters' 'Data Breach' (Forces Network) The Ministry of Defence has apologised following the breach, which reportedly exposed email addresses of hundreds of Afghan interpreters.
MoD data breach ‘put lives at risk’ for more than 250 Afghan interpreters (the Guardian) Email to people who worked for British forces and seek relocation to UK mistakenly made addresses visible to all recipients
Kaspersky releases its first Transparency Report (IT-Online) Kaspersky has publicly shared information on requests received from government and law enforcement agencies, and users for data and technical expertise in 2020 and H1 2021. The Law enforcement and government requests report helps Kaspersky’s users understand how the company responds to such requests and its approach to users’ data security and privacy. As the […]
American Malware Purveyor That Did Nothing To Limit Misuse Now Horrified To Find Gov't Of India Misused Its Products (Techdirt.) Another malware purveyor is shocked, SHOCKED to discover its products have been used to do Very Bad Things. Thomas Brewster has more details for Forbes. Here's the setup:
Earlier this year, researchers at Russian cybersecurity firm...
Former NSA Hacker Describes Being Recruited for UAE Spy Program
(Zero Day) David Evenden was hired in 2014 to work in Abu Dhabi on a defensive cybersecurity project, only to discover it was actually an offensive spy operation for a United Arab Emirates intelligence service.
Town offers fraud protection to residents, citing 2019 data breach (WCVB) A Massachusetts town is offering identity fraud monitoring services to many homeowners in light of a security "incident" that may have revealed residents' personal information.
Europe Rights Court Rules Russia Responsible For Litvinenko Death (RadioFreeEurope/RadioLiberty) The European Court of Human Rights has issued a ruling saying Russia was responsible for the 2006 assassination of former Russian security officer Aleksandr Litvinenko in London.