Attacks, Threats, and Vulnerabilities
New cyber-criminal group discovered targeting government servers, fuel, energy and aviation companies (Security Brief) Researchers have identified a new, previously unknown group that has systematically attacked Russia's fuel and energy complex and its aviation industry.
Positive Technologies Uncovers New APT Group Attacking Russia's Fuel and Energy Complex and Aviation Production Industry (Positive Technologies) Positive Technologies Uncovers New APT Group Attacking Russia's Fuel and Energy Complex and Aviation Production Industry
Masters of Mimicry: new APT group ChamelGang and its arsenal (Positive Technologies) Masters of Mimicry: new APT group ChamelGang and its arsenal
Chinese espionage group deploys new rootkit compatible with Windows 10 systems (The Record by Recorded Future) At the SAS 2021 security conference today, analysts from security firm Kaspersky Lab have published details about a new Chinese cyber-espionage group that has been targeting high-profile entities across South East Asia since at least July 2020.
RansomEXX, Fixing Corrupted Ransom (Medium) Since the sudden disappearance of the REvil ransomware operation, there has been a rise in other “ransomware as a service” (RaaS) operators…
Hackers Can Exploit Apple AirTag Vulnerability to Lure Users to Malicious Sites (SecurityWeek) Hackers can exploit a stored XSS vulnerability in Apple AirTag to lure unsuspecting users to phishing and other malicious websites.
Threat Thursday: xLoader Infostealer (BlackBerry) xLoader is an information-stealing malware targeting both macOS® and Windows®. Previously distributed on underground forums under the name Formbook, xLoader is sold under a Malware-as-a-Service (MaaS) agreement.
Undetected Azure Active Directory Brute-Force Attacks (SecureWorks) In late June 2021, Secureworks® Counter Threat Unit™ (CTU) researchers discovered a flaw in the protocol used by the Azure Active Directory Seamless Single Sign-On feature.
Research Finds Attackers Targeting Active Directory: 50% of Businesses Experienced an Attack with >40% Success (BusinessWire) Attivo Networks®, the experts in preventing identity privilege escalation and detecting lateral movement attacks, today announced the availability of
PoC exploit released for Azure AD brute-force bug—here’s what to do (Ars Technica) Microsoft maintains it's not a security risk but is working toward a solution.
This malware pretends to be Amnesty International protection from Pegasus (TechRadar) Amnesty Anti Pegasus antivirus software is actually the Sarwent malware
Hackers posed as Amnesty International, promising anti-spyware tool that actually collects passwords (CyberScoop) Fraudsters are posing as human rights group Amnesty International to trick individuals into downloading malicious software, researchers at Cisco’s threat intelligence unit Talos report.
Pegasus — The Humanitarian Costs of Insecure Code (Medium) A look at the nature and effect of advanced spyware on application security
Former OnlyFans Employees Could Access Users’ and Models' Personal Information (Vice) Addresses, passports, bank statements and other sensitive personal data were viewable, long after leaving the company.
RansomEXX ransomware Linux encryptor may damage victims' files (BleepingComputer) Cybersecurity firm Profero has discovered that the RansomExx gang does not correctly lock Linux files during encryption, leading to potentially corrupted files.
Researchers find Apple Pay, Visa contactless hack (BBC News) An attacker could bypass the iPhone lock screen and make large payments above the contactless limit.
Contactless Payment Card Hack Affects Apple Pay, Visa (SecurityWeek) Researchers have demonstrated how fraudsters could steal money from iPhone owners who use Apple Pay and Visa via a contactless hack.
VTB announced a record-breaking cyberattack (Gadget Tendency) VTB in September recorded over 80 DDOS attacks, the peak power of which reached 350 Gbps. VTB in September recorded a sharp increase in cyberattacks: in a month the bank repelled over 80 threats, which is more than in all 8 months of 2021, the credit institution said. “VTB specialists note a sharp increase in […]
JVCKenwood hit by Conti ransomware claiming theft of 1.5TB data (BleepingComputer) JVCKenwood has suffered a Conti ransomware attack where the threat actors claim to have stolen 1.7 TB of data and are demanding a $7 million ransom.
Neiman Marcus says notified 4.6 mln customers about data breach (Reuters) Retailer Neiman Marcus Group said on Thursday it had notified about 4.6 million online customers that their personal information including names, contact information and credit card numbers may have been accessed in a data hack.
Neiman Marcus alerts millions of online customers about security breach (CNN) Neiman Marcus Group is alerting millions of customers that their online accounts may have been breached.
Neiman Marcus says 4.6 million customers affected by security breach (Chain Store Age) A leading luxury retailer has notified law enforcement that information from over 4 million customers’ online accounts was exposed in a cybersecurity incident.
Vaccine Passport App Exposes User Data In Security Blunder (Digital Trends) An unsecured website owned by Portpass exposed users' personal information.
Telemetry Report Shows Patch Status of High-Profile Vulnerabilities (SecurityWeek) Security researchers selected a range of high profile vulnerabilities, and used Shodan to detect instances of the vulnerabilities still extant on the internet. The results are not encouraging.
'Bigger than Ben Hur' - 56,000 Kiwis report parcel text scam - NZ Herald (New Zealand Herald) New Zealanders hit in record numbers. Who's at risk and the best precautionary steps.
RGP investigates data breach involving contact details of hundreds of officers (Gibraltar Chronicle) The Royal Gibraltar Police has tightened its data protection policies after a list containing personal details of hundreds of police officers was mistakenly “left behind” when a Neighbourhood Police office in Glacis Estate was closed in 2018, onl...
Cyber criminals exploit fan craze around new James Bond film ‘No Time to Die’ (The National) Hackers are running malicious ads, pop-ups and movie-related phishing websites that promise free access to the movie to lure unsuspecting fans
12 healthcare employee wrongdoing, ransomware and phishing incidents this month (Becker's Hospital Review) Here are the healthcare provider malware, ransomware and phishing incidents Becker's Hospital Review reported on during September.
Bandwidth says network 'back to normal' after cyber attack; stock hits 52-week low (WRAL TechWire) Communications provider Bandwidth says it's network is back to "normal" in the wake of a cyber attack, but the company is paying a price on the stock market where shares fell to a 52-we
NUIG IT systems offline after attempted cyber attack (RTE.ie) IT systems at NUI Galway remain offline, after an attempted cyberattack was detected earlier today.
Security Patches, Mitigations, and Software Updates
Google pushes emergency Chrome update to fix two zero-days (BleepingComputer) Google has released Chrome 94.0.4606.71 for Windows, Mac, and Linux, to fix two zero-day vulnerabilities that have been exploited by attackers.
Microsoft Will Mitigate Brute-Force Bug in Azure AD (GovInfoSecurity) Microsoft has indicated it will make changes to reduce the risk around what a security vendor says is a vulnerability that lets attackers run brute-force credential
Boston Scientific Zoom Latitude (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.9
ATTENTION: Low attack complexity
Vendor: Boston Scientific
Equipment: ZOOM LATITUDE Programmer/Recorder/Monitor Model 3120
Vulnerabilities: Use of Password Hash with Insufficient Computational Effort, Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques, Improper Access Control, Missing Support for Integrity Check, Reliance on Component That is Not Updateable
Trends
Q3 2021 Digital Trust & Safety Index: Battling the new breed of account takeover fraud (Sift Resources) Fraudsters are determined to overwhelm merchant security measures for profit, and are leveraging increasingly sophisticated tools—like automation—to execute large-scale account takeover attacks at a cyclone pace. New data from Sift’s global network reveals that ATO fraud exploded by 307% between 2019-2021.
ESET Threat Report T2 2021 (WeLiveSecurity) The T2 2021 issue of the ESET Threat Report looks at the most notable trends that shaped the threat landscape from May to August 2021.
ESET's latest Threat Report warns of RDP attack explosion (Register) Security firm points to a 'stalkerware' epidemic, new Nobelium group activity
ESET Threat Report highlights aggressive ransomware tactics and intensifying password-guessing attacks (Security Brief Asia) “Ransomware gangs may have overdone it this time.
Over half of business owners admit to concealing a data breach (Security Magazine) A new survey shows the cybersecurity priorities and worries of IT business executives. Top of mind issues include a lack of faith in governmental cyber intervention and reputational concerns due to data breaches.
Study Finds Data Breaches Can Raise A Company’s Reputation (The Mississippi Link) New research reveals that some news is still good news. The post Study Finds Data Breaches Can Raise A Company’s Reputation appeared first on Zenger News. [...]
How to address data privacy risks created by remote and hybrid work (Security Magazine) The challenge companies now face is how they can maintain control over the security and privacy of their information, especially as they look to make remote and hybrid work permanent options after employees return to the workplace.
How cybercrime hurts some groups more than others (Help Net Security) Research shows how people experience cybercrime worldwide, demonstrating that cybercrime does not impact everyone equally.
Marketplace
Capita agrees sale of Secure Solutions and Services business for £62m (CRN) NEC Software Solutions to purchase division as Capita continues to sell its assets
FireEye Products & McAfee Enterprise Merge to Create $2B Entity (Dark Reading) The combined company will have 5,000 employees, more than 40,000 customers, and nearly $2 billion in revenue, officials report.
McAfee Enterprise-FireEye Products To Merge Into $2B Titan (CRN) STG plans to bring together McAfee Enterprise and FireEye Products into a nearly $2 billion cybersecurity behemoth with more than 40,000 customers and 5,000 employees.
Confidential Computing Startup Profian Secures $5 Million In Seed Round in Order to Make Cloud Computing More Secure (BusinessWire) Profian, a Confidential Computing platform focused on bespoke open source solutions, announced today that it has secured $5 million in seed funding. T
Alloy raises $100M at a $1.35B valuation to help banks and fintechs fight fraud with its API-based platform (TechCrunch) Alloy, which has built an identity operating system for banks and fintechs, announced Thursday that it has raised $100 million at a $1.35 billion valuation. Lightspeed Venture Partners led the Series C round, which comes just over one year after New York-based Alloy raised $40 million in a Series B…
Arctic Wolf acquires ‘Hollywood-style’ cybersecurity training startup Habitu8 (TechCrunch) Arctic Wolf, a managed cybersecurity company that offers a “security operations-as-a-concierge” service, has acquired Habitu8, a security training and awareness content platform. Terms of the deal — which comes just two months after Arctic Wolf secured $150 million in Series F funding —…
Arctic Wolf Acquires Habitu8 for Managed Security Awareness Training (MSSP Alert) Arctic Wolf, armed with Habitu8, expands managed security awareness training platform. Potential Arctic Wolf IPO & competition vs. KnowBe4 loom.
Xage Lands DOE Contract to Bring Zero Trust Principles to Emergency Responders (SecurityWeek) The Department of Energy has contracted with Xage, a zero-trust access provider, to expand its existing Xage Fabric application to provide secure and controlled access to emergency responders.
Bitdefender Expands Marketing Leadership with Key Appointments (PR Newswire) Bitdefender, a global cybersecurity leader, today announced two key additions to its marketing leadership. Dennis Goedegebuure joins the...
KnowBe4 Enhances Research Capabilities And Appoints Kai Roer Chief Research Officer (Yahoo Finance) KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced that it has enhanced its research capabilities and appointed Kai Roer as chief research officer.
IBM Elects Al Zollar to Its Board of Directors (Valdosta Daily Times) The IBM (NYSE: IBM) board of directors has elected Al Zollar to the board, effective October 25, 2021.
Siege Technologies Adds Board of Advisors (PR Newswire) Siege Technologies has expanded its advisory team to include a Board of Advisors with the first two members, James Brown and Dan Portillo. The...
Products, Services, and Solutions
AttackIQ Introduces New Vanguard Managed Security Validation Service To Proactively Discover and Remediate Security Gaps Before Adversaries Mount Cyberattacks (AttackIQ) New offering enables resource-constrained organizations to leverage a threat-informed defense
Constella Intelligence Launches Dome Platform Introducing Employee & Executive Digital Protection, Scalability to Monitor Thousands (PR Newswire) Constella Intelligence ("Constella"), a leading global Digital Risk Protection and Identity Threat Intelligence company, today announced the...
HacWare Launches AI-Powered Risk Management Solution for Business Emails (Medical Device Network) US-based software company HacWare has developed an AI-driven insider awareness and phishing simulation technology to help enterprises identify risky emails and prevent data breaches.
DataDome Wins “e-Commerce Security Solution of the Year” Award in 2021 CyberSecurity Breakthrough Awards Program (EIN News) DataDome has been named the winner of the “e-Commerce Security Solution of the Year” award in the 5th annual CyberSecurity Breakthrough Awards.
Onfido Wins “Fraud Prevention Innovation of the Year” in the 2021 CyberSecurity Breakthrough Awards (BusinessWire) CyberSecurity Breakthrough
Semperis Enhances Hybrid Active Directory Security with New Offering for Azure AD (BusinessWire) Semperis announces the preview release of Directory Services Protector 3.6, which simplifies managing identity security in hybrid environments.
Relativity Recognized for Threat Intelligence Innovation in 2021 CyberSecurity Breakthrough Awards Program (PR Newswire) Relativity, a global legal and compliance technology company, today announced that its free-to-use Threat Intel Feed has been named the winner...
Anomali Technology Partner Program (TPP) Provides Integrated Security Capabilities to Anomali XDR Platform Customers (Valdosta Daily Times) Anomali, the leader in intelligence-driven extended detection and response (XDR) cybersecurity solutions, today announced the launch of the Anomali Technology Partner Program (TPP).
Tanium™ Launches New Risk Analysis Capability (StreetInsider.com)
Organizations of all sizes can take a proactive, data-driven and continuous approach to assessing and managing exposure in IT environments
KIRKLAND, WA.--(BUSINESS...
Technologies, Techniques, and Standards
Prioritizing Breach Prevention for a Secure Government (Nextgov.com) A more secure government happens when hackers are stopped before they can touch critical data and systems—when a breach is prevented, not mitigated.
Cybersecurity in Retail: Strategies to Protect Your Customers’ Information (Technology Solutions That Drive Business) Protecting consumer data requires a mix of compliance and security strategies for your retail business.
CISA Launches Insider Threat Self-Assessment Tool (BankInfoSecurity) A new self-assessment tool aims to help public and private sector organizations assess their level of vulnerability to insider threats, according to CISA. The
How Yahoo Built a Culture of Cybersecurity (Harvard Business Review) Three steps to meaningfully change employees’ behavior.
How healthcare practices can teach us cybersecurity wellness (SC Media) Look to healthcare and other industries for concepts that can help lock down cybersecurity.
Academia
Adult-Serving Seattle-Based University Receives National Security Agency Grant to Build Cybersecurity Education Pipeline (goSkagit) City University of Seattle (CityU), a nonprofit institution focused on serving adult learners in the Puget Sound region and a member of the National
Young talent the spotlight at National Cyber Summit (WHNT.com) HUNTSVILLE, Ala. — The current experts in fighting off virtual attacks like ransomware or viruses will each say that cyber defense is critical for the future. “The cyber battlefield is …
Legislation, Policy, and Regulation
China's Sweeping Cryptocurrency Ban Was Inevitable (Wired) The decentralized technology clashes with the government’s plans for a state-dominated economy—one that includes its own digital currency.
US legislation aimed at Huawei, ZTE in Europe gains momentum (South China Morning Post) The legislation is progressing in tandem with ‘rip and replace’ initiatives for rural US telecommunications carriers that use Huawei equipment, and efforts by Washington and EU member countries to align on their technology development policies.
FCC’s 'rip and replace' Chinese infrastructure compensation plan finally agreed and published (TelecomTV) Next month US rural telcos can claim recompense for ripping out Huawei and ZTE equipmentWindow of opportunity opens at the end of October and closes in mid-Jan…
OFAC Issues Updated Guidance on Paying Ransom – Buyer Beware of Sanction Risks (JD Supra) On Sept. 21, the Treasury’s Office of Foreign Assets Control (OFAC) issued an Advisory updating and superseding its previous advisory issued Oct. 1,...
CISA to Create Career Pathways for Young Women in Cybersecurity and Technology (MeriTalk) The Cybersecurity and Infrastructure Security Agency (CISA) has partnered with Girls Who Code (GWC) to develop pathways for young women to pursue careers in cybersecurity and technology, the agency announced Sept. 30.
Striking the right balance for cyber incident reporting (GCN) Information sharing is important when dealing with ransomware, but reporting requirements should not to overburden agencies or industry, CISA’s chief says.
FCC to work on rules to prevent SIM swapping attacks (The Record by Recorded Future) The Federal Communications Commission announced today plans to introduce new rules for US mobile carriers to address the rising wave of SIM swapping and port-out fraud attacks.
EXCLUSIVE U.S. lawmakers push for new controls on ex-spies working overseas (Reuters) The U.S. intelligence community's budget bill could place new controls and reporting requirements on former U.S. spies, according to the author of the legislation, making it harder for them to work as contractors for foreign governments following a 2019 Reuters investigation into American mercenary hackers.
New Director of HHS Office for Civil Rights Announced: What could Lisa J. Pino’s appointment mean for future HIPAA enforcement? (JD Supra) More than eight months into the Biden administration, the U.S. Department of Health & Human Services (HHS) announced the appointment of Lisa J. Pino...
Connecticut Data Breach Statute Expands Company Requirements (Bloomberg Law) Connecticut’s data breach notification statute has been broadened, imposing additional reporting parameters for companies that leave consumer data exposed to bad actors or accidental sharing.
Coast Guard is Commissioning Cyber Talent (Infosecurity Magazine) US Coast Guard opens officer ranks with launch of cyber direct commission program
Litigation, Investigation, and Law Enforcement
A Hospital Hit by Hackers, a Baby in Distress: The Case of the First Alleged Ransomware Death (Wall Street Journal) An Alabama medical center was in the midst of a hack when Teiranni Kidd arrived to have her baby. A lawsuit says the computer outages from the attack led staff to miss troubling signs, resulting in the baby’s death, allegations the hospital denies.
Baby died because of ransomware attack on hospital, suit says (NBC News) An Alabama baby was born with severe brain injury and eventually died due to botched care because her hospital was struggling with a ransomware attack, a
Turkish National Charged for DDoS Attack on U.S. Company (SecurityWeek) A Turkish national has been indicted in the Northern District of Illinois for launching a DDoS attack against a hospitality company headquartered in the United States.
United States of America v. Izzet Mert Ozek (US District Court for the Northern District of Illinois, Eastern Division) The SPECIAL MAY 2021 GRAND JURY charges:
1. At times material to this indictment:
a. Company A was headquartered in Chicago, Illinois.
b. Company A was an American multinational hospitality company
that managed and franchised luxury and business hotels, resorts, and vacation
properties.
c. Company A offered customers the ability to book hotel rooms at
its hotels through an online booking service at its website. The servers for Company
A’s website and online booking service were located in the Northern District of
Illinois.
d. In August 2017, the servers of Company A were the target of a
distributed denial-of-service (DDoS) attack.
Huawei ban timeline: Detained CFO makes deal with US Justice Department (CNET) Here's a breakdown of the Chinese phone maker and telecoms giant's struggles with the US and its allies.
Facebook grilled in Senate hearing over teen mental health (TechCrunch) Last night, Facebook published two annotated slide decks in an attempt to contextualize the documents that The Wall Street Journal published this month, which reported evidence that the company is aware of its negative impact on teen mental health. These documents were released in anticipation of t…
Twitter Asks 9th Circ. To Affirm Its Non-State Actor Status (Law360) Twitter has told the Ninth Circuit it's not a state actor and cannot be held liable for alleged constitutional violations, so the court must dismiss a Trump supporter's claim that it violated her First Amendment rights by preventing her and other users from commenting on the former president's tweets and for ultimately suspending his account.
Durham issues fresh round of subpoenas in his continuing probe of FBI investigation into Trump, Russia (CNN) Special Counsel John Durham has issued a new set of subpoenas, including to a law firm with close ties to Hillary Clinton's 2016 campaign, an indication that Durham could be trying to build a broader criminal case, according to people briefed on the matter. So far, Durham's two-year probe into the FBI's Russia investigation hasn't brought about the cases Republicans hoped it would.
Trump Server Mystery Produces Fresh Conflict (New York Times) A recent indictment suggested that researchers who found strange internet links between a Russian bank and the Trump Organization did not really believe their own work. They are pushing back.