Attacks, Threats, and Vulnerabilities
Senate website hit by cyber attack amid ongoing probe (INQUIRER) The Senate on Wednesday was forced to temporarily restrict access to its official website due to an ongoing distributed denial-of-service (DDoS) attack.
Russian state-backed hackers having greater success at breaching foreign government targets, Microsoft says (CNN) Russian state-backed hackers are having greater success at breaching targets in the United States and elsewhere as they make government organizations the primary focus of their attacks, according to data that Microsoft released Thursday.
Russian hackers behind SolarWinds hack are trying to infiltrate US and European government networks (CNN) The Russian hackers behind a successful 2020 breach of US federal agencies have in recent months tried to infiltrate US and European government networks, cybersecurity analysts tracking the group told CNN.
Security experts aghast at the scale of Twitch hack: 'This is as bad as it could possibly be' (pcgamer) How bad is it? According to IT security pros, really bad.
Twitch.tv just got leaked in its entirety, here’s what you should do (AndroidPolice) Source code, payouts, upcoming features, and potentially even passwords can be found in the 125GB dump
The entirety of Twitch has reportedly been leaked (VGC) Source codes and user payouts among the data released in a 128GB torrent…
Twitch hacked: Streaming site suffers massive data breach (Computing) Hacker said they were protesting Twitch lack of action on toxic behaviour
Twitch leak: Company confirms hack and says it’s ‘working to understand (VGC) We can confirm a breach has taken place"
Twitch source code and creator payouts part of massive leak (The Verge) Twitch is reportedly aware of the breach.
Over 125 Gigabytes of Sensitive Information Was Just Leaked From Twitch's Servers (Distractify) Streaming platform Twitch recently fell victim to a massive data leak that made information regarding streamer's incomes available to the public.
A Devastating Twitch Hack Sends Streamers Reeling (Wired) The data breach apparently includes source code, gamer payouts, and more.
Twitch says no user passwords or cards numbers were exposed in major hack (The Record by Recorded Future) In the aftermath of a major security breach that came to light yesterday, Twitch has now issued a formal statement to assure users that no passwords or payment card numbers were stolen or leaked online.
Amazon’s Twitch Hack Shows Top Gamers Rake In Six-Figure Payouts (Bloomberg) Hacker says motive was to foster competition in game streaming. Data leak allegedly details payments to streaming channels.
Over 100,000 Apache HTTP Servers Affected by Actively Exploited Zero-Day Flaw (SecurityWeek) Users are urged to immediately patch CVE-2021-41773, an Apache HTTP Server zero-day vulnerability that has been exploited in the wild.
Apache web server zero-day bug is easy to exploit – patch now! (Naked Security) Some of us have Apache as our primary web server. But lots of us may have Apache without knowing it, as part of another product.
Apple AirTag zero-day poses web-based attack risks (SC Media) Attackers could leverage the XSS code to redirect victims to a spoofed iCloud page, where their credentials could be exfiltrated by an installed keylogger.
A text message routing company suffered a five-year-long breach (The Verge) The breach could have exposed customer information.
Hackers Could Disrupt Industrial Processes via Flaws in Widely Used Honeywell DCS (SecurityWeek) Vulnerabilities affecting a widely used distributed control system (DCS) from Honeywell can allow malicious actors to disrupt industrial processes.
Hackers purchase passwords to access apps like Venmo, CashApp & drain accounts (NBC2 News) The pandemic has changed the ways we do things even small tasks like paying for gas.
Iowa grain cooperative says it's working to restore automated operations, but remains silent on cyberattack ransom (Des Moines Register) A s Fort Dodge-based New Cooperative recovers, hackers reportedly claim to have targeted a second Iowa coop.
The Security Risks of Dining Out (TechRobot) TechRobot has analysed the privacy policies of the most popular food apps to reveal which are the most invasive.
Crystal Valley changes billing cycles after cyber attack (KEYC) A Crystal Valley Co-op will be changing its September and October 2021 billing cycles after a cyber attack, last month.
More Details on County Cyber Attack Released - WIBW News Now (WIBW News Now) Pottawatomie County administrator Chad Kinsley said the attackers had demanded more than $1 million.
Security Patches, Mitigations, and Software Updates
AMD warns CPUs may run slower on Windows 11, promises patch (CRN Australia) Chipmaker said patches are on the way to address the issues.
Trends
Through the Years: A Broad Look at Two Decades in Cybersecurity (Techwire) Techwire’s sister publication Government Technology does a deep dive into how the cyber landscape has evolved to an almost unrecognizable degree in the past 20 years. Here’s a look at recent history, an analysis of policy changes aimed at battling today’s threats, and a consideration of what the…
Redgate Software | Use of database monitoring tools rises to record high, monitoring survey reveals (RealWire) Over three quarters (79%) of database professionals are now using either a paid-for or in-house monitoring tool, a survey from Redgate Software has shown. This is an increase of 10 percentage points f
Through the Years: A Broad Look at Two Decades in Cybersecurity (Techwire) Techwire’s sister publication Government Technology does a deep dive into how the cyber landscape has evolved to an almost unrecognizable degree in the past 20 years. Here’s a look at recent history, an analysis of policy changes aimed at battling today’s threats, and a consideration of what the…
The US Has The Largest Cybersecurity Workforce In The World (Information Security Buzz) Every 39 seconds, there is a new attack somewhere on the web.
Survey: 80% of SMBs Feel More Secure, Despite Influx of Cyberattacks (PR Newswire) Untangle® Inc., a leader in comprehensive network security for small-to-medium businesses (SMBs) and distributed enterprises, today released...
Marketplace
Tenacity Raises $3MM to Make Public Cloud Security Accessible to Every Company (BusinessWire) Tenacity, a cloud infrastructure management company, announced that it has raised $3 million in seed funding.
Canberra MSP Sliced Tech to be acquired by Deloitte Australia (CRN Australia) For its secure cloud services expertise.
Optiv Establishes New Market ‘Category of One’ as the Cyber Advisory and Solutions Leader (Optiv) Optiv is evolving – as THE cyber advisory and solutions leader, we focus on speed, agility and an adaptive, holistic approach to cybersecurity.
G2 Names Zerto a Leader in Multiple Categories (Zerto) Platform recognized for Disaster Recovery as a Service (DRaaS), Data Replication and Disaster Recovery in G2 Fall 2021 Grid® report
Cybrary 'Champions' National Cybersecurity Awareness Month With Pool of New Resources (PR Newswire) Cybrary, the world's largest online cybersecurity workforce development platform, today announced its commitment to National Cybersecurity...
Veriff Continues Global Expansion with New Barcelona Tech Hub (EIN) New European tech hub will expand product and engineering teams, global customer reach
Datto ANZ boss James Bergl departs after more than six years (CRN Australia) Helped launch backup and recovery vendor in Australia in 2015.
Cowbell Cyber Accelerates Momentum with Rapid Growth in Customers, Distribution Network and Loss Prevention (Cowbell) Cyber Insurance Leader Enters into Strategic Multi-Year Partnership with Palomar; Expands Reinsurance Panel with Support from Prominent Global Reinsurers
Mandiant Is Back: What to Expect From ‘Part Deux’ (SDxCentral) Mandiant kicked off its Cyber Summit with two new SaaS products: Active Breach and Intel Monitoring, and Ransomware Defense Validation.
Socure Names Digital Identity Leader Matt Thompson as General Manager of Public Sector Solutions (BusinessWire) Socure, the leading provider of digital identity verification and fraud solutions, today announced that Matt Thompson has joined Socure as General Man
Immuta Named a Leader in GigaOm Radar Report for Data Governance Solutions | Immuta (Immuta) Company highlighted for its unified platform, easy-to-use interface, no-code policy builder, and dynamic ABAC model BOSTON – October 5, 2021 – Immuta, the leader in universal cloud data access control, today announced it was named a Leader in the GigaOm Radar Report for Data Governance Solutions. The company is positioned in the Leader category as...
Malwarebytes Lands Top Global Sales Leader, Amy Appleyard (Malwarebytes Press Center) Malwarebytes announces the addition of Amy Appleyard as the new senior vice president of Global Sales.
Products, Services, and Solutions
49ers welcome Visual Edge IT from Acronis as organization’s #CyberFit delivery partner (Acronis) For information about Acronis and Acronis' products or to schedule an interview, please send an email or get through to Acronis' representative, using media contacts.
SecurityGate.io Reports Rapid Success of Partner Program (Yahoo) SecurityGate.io Reports Rapid Success of Partner Program; adds more than 30 partners since June, meeting increased demand for digital transformation.
Tessian | Tessian Launches New Solution 'Tessian Architect': The Industry's Only Intelligent Data Loss Prevention Policy Engine (RealWire) Human Layer Security company Tessian has launched Tessian Architect, a new policy engine for real-time email data loss prevention (DLP). It provides automatic and custo
New CompTIA Advanced Security Practitioner Certification Emphasizes the Skills Needed to Effectively Build Organizational Cybersecurity Readiness (CompTIA) Updated exam for security architects and senior security engineers available worldwide
SecZetta and One Identity Announce Active Roles Integration (SecZetta) SecZetta, announced a new integration in partnership with One Identity, a Quest Software business and market leader in identity governance and administration and privileged access management.
Axiad Extends Windows Hello For Business Passwordless Experience To Every User, Machine, and Digital Interaction Across the Enterprise (GlobeNewswire News Room) Axiad Cloud Allows Enterprises to Strengthen Windows Hello for Business with Easy Authentication to 3rd Party Services, Additional Operating Systems,...
Box Announces New Malware Deep Scan Capability in Box Shield To Combat Ransomware (BusinessWire) Box, Inc. (NYSE: BOX), the leading Content Cloud, today announced new capabilities for Box Shield, the company’s flagship security control and intelli
VMware pushes partner collaboration, as a service with new incentives (CRN Australia) “There is no such thing as a renewal, there is a relationship with the customer.”
Talon launches first corporate secure browser for the hybrid work era, backed by renowned cyber security industry leaders - Talon Cyber Security (Talon Cyber Security) Microsoft's John Thompson, George Kurtz, CEO of CrowdStrike and Mark Anderson, CEO of Alteryx and previously president of PAN to invest...
France's Thales partners with Google on secure cloud services (Gadgets Now) Defence company Thales and Google are partnering to offer state-vetted cloud computing services for some of France's most sensitive data...
Thales and Google to create joint French sovereign cloud company (Cloud Computing News) French defence firm Thales is to be the majority shareholder in a company formed alongside Google to provide cloud services to the nation.
Mandiant Launches Mandiant Academy Providing Security Teams With Training From Frontline Cyber Experts (Yahoo Finance) WASHINGTON, October 06, 2021--Delivered by frontline industry experts, Mandiant Academy is designed to help close the cyber security skills gap by maturing on-the-job capabilities.
CNA announces security certification to boost trust in mobile ticketing News (Calypso Networks Association) CNA announces security certification to boost trust in mobile ticketing Calypso Networks Association (CNA) brings members of the transport, mobility and services community together to control and evolve the contactless ticketing ecosystem through open standards.
HID Global’s Crescendo High-Assurance Cards Add iCLASS Support for a Full Digital & Physical Contactless Experience (HID Global) HID Global, a worldwide leader in trusted identity solutions, today announced that its HID Crescendo® smart card family now supports HID® iCLASS® credential technology. The cards enable users to seamlessly unlock doors, data and their computers via a single high-assurance authenticator that supports an organization’s Zero Trust security strategy.
Styra and Kong Partner to Secure Modern Applications Through Dynamic Traffic Authorization (BusinessWire) Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, today announced a new partnership with Kong Inc., the
Technologies, Techniques, and Standards
America Urged to Prepare for Shift to Post-Quantum Cryptography (Infosecurity Magazine) DHS and NIST release roadmap on reducing risks related to advancement of quantum computing technology
What's in a Threat Group Name? An Inside Look at the Intricacies of Nation-State Attribution (SecurityWeek) Different threat group names names are a blessing, a necessity, and a curse -‒ and understanding how and why researchers name the different threat groups can help us better understand the overall threat landscape
Space ISAC and NY Metro InfraGard Members Alliance Announce Collaboration to Advance the Mission of Cybersecurity in Space (Dark Reading) The collaboration is designed to promote broad-based participation by members of both organizations through enhanced educational initiatives, user-and operator-training, and intelligence-sharing activities in the space domain.
Wi-Fi Hotspot Security: Solutions for Users (Wi-FiPlanet.com) Take steps to protect your personal documents, privacy and identity when using public wireless Internet access.
Research and Development
Purdue researchers create algorithm to ward off hacking attempts (Newsbug.info) It sounds like a scene from a spy thriller.
Legislation, Policy, and Regulation
EU Parliament votes for ban on biometric mass surveillance (Computing) People should only be monitored when suspected of a crime
U.S. to tell critical rail, air companies to report hacks, name cyber chiefs (Reuters) The Transportation Security Administration will introduce regulations that compel the most important U.S. railroad and airport operators to improve their cybersecurity procedures, Homeland Security Secretary Alejandro Mayorkas said on Wednesday.
TSA to impose cybersecurity mandates on major rail and subway systems (Washington Post) The federal government will impose cybersecurity mandates on “higher-risk’’ railroad and rail transit systems this year, expanding its regulatory push beyond pipelines, the nation’s top homeland security official announced Wednesday.
TSA to issue regulations to secure rail, aviation groups against cyber threats (TheHill) The Transportation Security Administration (TSA) will soon issue regulations to further secure rail transit and airline companies against cyber threats, Homeland Security Secretary Alejandro Mayorkas announced Wednesday.
TSA to issue new cyber regulations for rail, aviation sectors (The Record by Recorded Future) The TSA will issue cybersecurity regulations later this year for “higher-risk’’ railroad and rail transit systems and the aviation sector, Homeland Security Secretary Alejandro Mayorkas announced on Wednesday.
New TSA regulations to address cyberattack threat to rail systems (CNET) DHS secretary says airlines also need to guard against ransomware and other threats.
TSA to impose cybersecurity mandates on railroad and aviation industries (CNN) The Transportation Security Administration will impose new cybersecurity mandates on the railroad and airline industries, including reporting requirements as part of a department effort to force compliance in the wake of high-profile cyberattacks on critical industries, Homeland Security Secretary Alejandro Mayorkas announced Wednesday.
Biden Administration to Impose Cyber Requirements on ‘High-Risk’ Rail-Transit Systems (Wall Street Journal) The mandates are deemed necessary because of surface-transportation systems’ role in the economy and potential importance to national security.
Justice Department to Fine Contractors for Not Reporting Cyber Incidents (Wall Street Journal) The Justice Department will impose large fines on federal contractors that fail to meet what its second in command said are “required cybersecurity standards,” including the disclosure of cybersecurity breaches.
NSA Cyber Chief Spells Out Near-Term Priorities (Nextgov.com) Ransomware is a top concern, but the agency is also looking ahead to defending networked weapons and post-quantum encryption.
CISA Creates JCDC Agency for U.S. Cyber Defense Operations Plans (Security Intelligence) The new agency, JCDC, will lead and execute U. S. cyber defense operations. See how the agency, created in August, will partner with industry going forward.
NSA Leader Promotes Industry Collaboration on Cyber Issues (Via Satellite) The National Security Agency (NSA) is seeking collaboration with the private sector on cybersecurity issues, David Luber, deputy of the Cybersecurity Directorate, said Wednesday at CyberSatGov in Reston, Virginia. Luber highlighted the agency’s Cybersecurity Collaboration Center, an engagement hub with the private
CIA Makes Changes to Adapt to Future Challenges (Central Intelligence Agency) Central Intelligence Agency (CIA) Director William J. Burns announced today adjustments to CIA’s organizational structure and approach to best position it to address current and future national security challenges. These changes resulted from the strategic reviews Director Burns launched this past spring that focused on areas including China, technology, people, and partnerships.
Justice Department to Redouble Efforts in Combating White-Collar Crime, Official Says (Wall Street Journal) A senior Justice Department official gave a first glimpse into the Biden administration’s approach to white-collar crime, saying the agency would commit new resources and tools to weeding out wrongdoing by companies and their executives that harm U.S. national security.
U.S. Justice Dept launches new initiatives on cryptocurrencies, contractor hacks (Reuters) U.S. Deputy Attorney General Lisa Monaco on Wednesday unveiled two new Justice Department enforcement initiatives aimed at targeting cryptocurrencies and government contractors who fail to report cyber breaches.
SEC Chair Gensler: A Ban on Crypto Would Be ‘Up to Congress’ (CoinDesk) In a Tuesday hearing, Gensler told the House Committee on Financial Services that the SEC has no plans to ban crypto.
Cyber Advisor to President Biden Details Cybersecurity Points for Space (Via Satellite) Invoking a famous quote about the United States and Great Britain, the U.S. cybersecurity advisor to President Joe Biden said that cyber and space communities are separated by a common challenge, one these communities don’t always realize. Chris Inglis, national cyber director and advisor to the president, said
President Biden's Cybersecurity Executive Order (BoozAllen) President Biden’s cybersecurity executive order shows how critical the need for data-driven cybersecurity is. Learn what your company should do next.
San Diego to develop Regional Cyber Innovation Center to prevent attacks (KGTV) San Diego officials Wednesday announced that the city has received federal funding to develop a San Diego Regional Cyber Innovation Center to help local agencies protect against cyberattacks.
Litigation, Investigation, and Law Enforcement
NATO expels 8 'undeclared' intel officers from Russian delegation (TheHill) NATO on Wednesday expelled eight "undeclared" Russian intelligence officers from the country’s mission to the military alliance.
NATO expels eight ‘intelligence officers’ from Russian mission (Al Jazeera) Expulsion follows report that Russian spies linked to Czech Republic blasts are also implicated in Skripal poisoning.
Brazilian data protection authority investigates first PIX data leak (ZDNet) Over 395,000 electronic payment keys have been exposed after a systems failure at state-owned bank Banese.
Feedzai Financial Crime Report: 23% Increase in Online Fraud as Cashless Payments Take Center Stage (Yahoo Finance) 146% increase in peer-to-peer (P2P) PaymentsNumber of Online Transactions is Nearly Double the Number of In-Person Transactions“Smishing” Joins the List of Top 5 Fraud Scams for the First Time SAN MATEO, Calif. and LISBON, Portugal , Oct. 07, 2021 (GLOBE NEWSWIRE) -- Feedzai, the world’s leading cloud-based financial crime management platform, has released its most recent Quarterly Financial Crime Report. The report analyzes financial crime and consumer spending trends from more than 1.5 billion
Calgary police investigate data breach involving vaccine verification app PORTpass (Calgary) Calgary police say its cybersecurity team is investigating after the Calgary-based vaccine verification app PORTpass left some users' data unsecured and available to be viewed by the public last week.
Investors Spent Millions on ‘Evolved Apes’ NFTs. Then They Got Scammed. (Vice) The developer behind the NFT project, ‘Evil Ape,’ suddenly disappeared along with its Twitter account, website, and $2.7 million.
Marriott Beats Stockholder Suit For Data Breach Damages (Law360) Stale claims and failure to show a complete lapse of board oversight have sunk a stockholder suit accusing Marriott Corp. directors of failing to protect the company from a massive data hack, uncovered after Marriott's acquisition of the Starwood Hotels chain, that exposed 500 million guests' personal information, Delaware's Chancery Court has ruled.