Attacks, Threats, and Vulnerabilities
Google notifies 14,000 Gmail users of targeted APT28 attacks (The Record by Recorded Future) Google has sent email notifications to more than 14,000 Gmail users that they've been the target of a spear-phishing attack orchestrated by a state-sponsored hacking group.
Google warns 14,000 Gmail users targeted by Russian hackers (BleepingComputer) Google has warned about 14,000 of its users about being targeted in a state-sponsored phishing campaign from APT28, a threat group that has been linked to Russia.
Google warns of APT28 attack attempts against 14,000 Gmail users (Security Affairs) Google warned more than 14,000 Gmail users that they have been the target of nation-state spear-phishing campaigns. On Wednesday, Google announced to have warned approximately 14,000 Gmail users that they had been targeted by nation-state hackers. Shane Huntley, the head of the Threat Analysis Group (TAG), wrote on Twitter that his group had sent an above-average batch […]
FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets (Mandiant) Today, Mandiant Intelligence is releasing a comprehensive report detailing FIN12, an aggressive, financially motivated threat actor behind prolific ransomware attacks since at least October 2018. FIN12 is unique among many tracked ransomware-focused actors today because they do not typically engage in multi-faceted extortion and have disproportionately impacted the healthcare sector.
Aggressive Ransomware Group FIN12 Moves Fast, Targets Big Companies (SecurityWeek) Mandiant has detailed the operations of FIN12, a highly aggressive ransomware group that moves fast — it only encrypts files and does not steal data — and targets big companies.
Rapid RYUK Ransomware Attack Group Christened as FIN12 (Dark Reading) Prolific ransomware cybercrime group's approach underscores a complicated, layered model of cybercrime.
FIN12 hits healthcare with quick and focused ransomware attacks (BleepingComputer) While most ransomware actors spend time on the victim network looking for important data to steal, one group favors quick malware deployment against sensitive, high-value targets.
No honor among thieves: One in five targets of FIN12 hacking group is in healthcare (ZDNet) The group strikes big game targets with annual revenues of over $6 billion.
REvil Continues Its Reemergence, Joins Groove-led RAMP Forum (Flashpoint) On October 7, cybersecurity analysts at Flashpoint discovered a post on the REvil leaks site, the Happy Blog, inviting users to join the ransomware group on RAMP.
Actors Target Huawei Cloud Using Upgraded Linux Malware (Trend Micro) We have recently noticed another Linux threat evolution that targets relatively new cloud service providers (CSPs) with cryptocurrency-mining malware and cryptojacking attacks. In this article, we discuss a new Linux malware trend in which malicious actors deploy code that removes applications and services present mainly in Huawei Cloud.
FontOnLake: Previously unknown malware family targeting Linux (WeLiveSecurity) ESET researchers uncover FontOnLake, a malware family that uses custom and well-designed modules to target operating systems running Linux.
Hackers of SolarWinds stole data on U.S. sanctions policy, intelligence probes (Reuters) The suspected Russian hackers who used SolarWinds and Microsoft software to burrow into U.S. federal agencies emerged with information about counter-intelligence investigations, policy on sanctioning Russian individuals and the country’s response to COVID-19, people involved in the investigation told Reuters.
Ransomware hackers find vulnerable target in U.S. grain supply (NBC News) At least three U.S. grain distributors’ systems have been infected with ransomware in recent weeks, raising concerns that hackers have found an easy target in
Iran-linked MalKamak Hackers Targeting Aerospace, Telcos With ShellClient RAT (SecurityWeek) Researchers have discovered a previously unknown advanced threat actor, likely of Iranian origin, using a previously undocumented RAT targeting largely aerospace and telecommunications organizations.
Microsoft: Russia Behind 58% of Detected State-Backed Hacks (SecurityWeek) Russia accounted for most state-sponsored hacking over the past year, with a 58% share, according to Microsoft's Digital Defense Report, which covers July 2020 through June 2021.
Report links Indian company to spyware that targeted Togolese activist (The Record by Recorded Future) A new report from Amnesty International links an Indian cybersecurity firm called Innefu Labs to spyware used to target an unidentified “prominent human rights defender” in Togo.
Togo: Prominent activist targeted with Indian-made spyware linked to notorious hacker group (Amnesty International) New research reveals activists in Togo risk being targeted by shadowy cyber-mercenaries who use covert digital attacks to steal victims’ private information
NSO ended Pegasus contract with UAE over Dubai leader's hacking (Reuters) The Israeli-based NSO Group ended its contract with the United Arab Emirates to use its powerful "Pegasus" state spyware tool because Dubai's ruler was using it to hack the phones of his ex-wife and some close to her, her lawyers told England's High Court.
Twitch Blog | Updates on the Twitch Security Incident (Twitch Blog) 10/7/2021 @ 1:00AM PT]
Updates regarding Stream Keys
Out of an abundance of caution, we have reset all stream keys. You can get your new stream key here: https://dashboard.twitch.tv/settings/stream.
Twitch blames data breach on server configuration error (CNET) The massive data leak allegedly included the streaming platform's source code and data on creator payouts.
Twitch blames server misconfiguration for massive data breach, resets all stream keys (Computing) Steaming platform faces a difficult future as sensitive data posted online
Twitch Data Leak Shows Some Streamers Make Hundreds of Thousands Per Month (Wall Street Journal) Twitch broadcasters’ earnings and other company information were made public Wednesday on the leak announced on 4chan by a user who claimed to have posted it there to hurt the Amazon.com unit’s business.
Twitch streamers respond after huge leak of creator payout data (TechCrunch) Twitch confirmed yesterday that a massive cache of internal data, including creator payouts, was published online after a breach. The streaming platform said in a blog post that the leak was caused by an error in a Twitch server configuration change, which was then accessed by a malicious third par…
The Twitch Hack Is Worse for Streamers Than for Twitch (Vice) The leak of source code and some internal security files does not expose sensitive data, according to a former Twitch employee.
Twitch Streamers' Earnings Were Exposed. Now, It's a Meme (Wired) “I’d never want to hide how much I make, so I’m down to make a meme out of it,” one top streamer told WIRED.
Destiny banned by Twitch for sharing staffer's personal info (WIN.gg) Political streamer Steven "Destiny" Bonnel has been suspended from Twitch. On October 7, Destiny told his fans on Discord that he was suspended for - October 7, 2021 - WIN.gg
To get big Twitch payouts, you have to be among the top .01% of streamers (pcgamer) Leaked Twitch data shows who's been making the most money from subscribers and ad revenue.
Hackers are waging a guerrilla war on tech companies, revealing secrets and raising fears of collateral damage (Washington Post) A resurgence of ‘hacktivism’ has sought to portray cyberattacks as a moral crusade, but everyday users can also end up having their private information exposed
Botnet abuses TP-Link routers for years in SMS messaging-as-a-service scheme (The Record by Recorded Future) Since at least 2016, a threat actor has hijacked TP-Link routers as part of a botnet that abused a built-in SMS capability to run an underground Messaging-as-a-Service operation.
From match fixing to data exfiltration – a story of Messaging as a Service (MaaS) (VB2021 localhost) When someone first approached us with the question of whether we had heard of malware sending out unsolicited SMS messages, we almost immediately replied positively – there are plenty such malicious applications on Android. The next question caught us rather by surprise: have you seen such malware on a 4G/LTE capable broadband router?
Read that link carefully: Scammers scoop up misspelled cryptocurrency URLs to rob your wallet (Washington Post) These aren’t typos: wwwblockchain.com, conibase.com
Phishing Attacks Are Top Cyber Crime Threat, Easier Than Ever to Create and Deploy (Security Intelligence) Phishing attacks continue to increase in number. See why phishing kits make them easier and how to defend against the way attackers deploy them today.
Borrowed a School Laptop? Mind Your Open Tabs (Wired) Students—many from lower-income households—were likely to use school-issued devices for remote learning. But the devices often contained monitoring software.
QR codes are a privacy problem — but not for the reasons you’ve heard (Washington Post) The little black-and-white squares aren’t inherently bad
UK's Weir Group hit by attempted cyber attack at end of Q3 (Reuters) Engineering firm Weir Group said on Thursday it was the target of an attempted ransomware attack in the second half of September, which impacted third-quarter profit.
Cyber experts warn Virginians of fake job listings (WTVR) The VEC admitted that the agency gave out $930 million dollars last year in incorrect payments. 7 percent of the money was fraudulently obtained.
Security Patches, Mitigations, and Software Updates
Microsoft to disable Excel 4.0 macros, one of the most abused Office features (The Record by Recorded Future) Microsoft plans to disable a legacy feature known as Excel 4.0 macros, also XLM macros, for all Microsoft 365 users by the end of the year, according to an email the company has sent customers this week, also seen by The Record.
Cisco Patches High-Severity Vulnerabilities in Security Appliances, Business Switches (SecurityWeek) Cisco this week released patches for multiple high-severity vulnerabilities affecting its Web Security Appliance (WSA), Intersight Virtual Appliance, Small Business 220 switches, and other products.
Apache Issues Another Emergency Patch for Exploited Flaws (GovInfoSecurity) Apache HTTP Server users are being warned to install yet another patch, as a fix released Wednesday was incomplete and introduced a new flaw. The U.S. Cybersecurity
Johnson Controls exacqVision Server Bundle (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Exacq Technologies, a subsidiary of Johnson Controls, Inc.
Equipment: exacqVision Server Bundle
Vulnerability: Improper Privilege Management=
2.
Mobile Industrial Robots Vehicles and MiR Fleet Software (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
Vendor: Mobile Industrial Robots (MiR)
Equipment: MiR100, MiR200, MiR250, MiR500, MiR1000, MiR Fleet
Vulnerabilities: Improper Access Control, Integer Overflow or Wraparound, Exposure of Resource to Wrong Sphere, Missing Authentication for Critical Function, Missing Encryption of Sensitive Data, Exposure of Sensitive Information to an Unauthorized Actor, Weak Encoding for Password, Incorrect Default Permissions, Failure to Handle Incomplete Element
Johnson Controls exacqVision (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Exacq Technologies, a subsidiary of Johnson Controls, Inc.
Equipment: exacqVision Server 32-bit
Vulnerability: Integer Overflow or Wraparound
2.
Mitsubishi Electric MELSEC iQ-R Series C Controller Module (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.8
ATTENTION: Exploitable remotely
Vendor: Mitsubishi Electric
Equipment: MELSEC iQ-R Series C Controller Module R12CCPU-V
Vulnerability: Uncontrolled Resource Consumption
2. RISK EVALUATION
Successful exploitation of this vulnerability could prevent the module from starting up.
InHand Networks IR615 Router (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: InHand Networks
Equipment: IR615 Router
Vulnerabilities: Improper Restriction of Rendered UI Layers or Frames, Improper Authorization, Cross-site Request Forgery, Inadequate Encryption Strength, Improper Restriction of Excessive Authentication Attempts, Unrestricted Upload of File with Dangerous Type, Cross-site Scripting, OS Command Injection, Observable Response Discrepancy, Weak Password Requirements
FATEK Automation WinProladder (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: FATEK Automation
Equipment: WinProladder
Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read, Unexpected Sign Extension, Stack-based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Use After Free
2.
FATEK Automation Communication Server (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: FATEK Automation
Equipment: Communication Server
Vulnerability: Stack-based Buffer Overflow
2. RISK EVALUATION
Successful exploitation of this vulnerability may allow remote code execution.
Trends
71% of IT Security Pros Find Patching to be Overly Complex and Time Consuming, Ivanti Study Confirms (Ivanti) Challenges with lack of time and vulnerability and patching prioritization are putting organizations at increased risk of cyberattacks
The FB Whistleblower & Insider Threat Kill Chain (Dtex Systems Inc) Facebook whistleblower Frances Haugen’s campaign will be felt for months to come. It’s also worth examining this exceptional story from an insider threat perspective.
Marketplace
Gretel.ai Closes $50 Million Series B Round for Privacy Engineering as a Service (BusinessWire) Today, Gretel.ai closed a $50 million Series B funding round, led by Anthos Capital, along with participation from Section 32, and existing investors
What You Need to Know About Akamai's $600 Million Acquisition (The Motley Fool) The legacy content delivery network specialist is beefing up its cybersecurity portfolio.
Is the industry ready for a global cyber attack? (Intelligent Insurer) The cyber insurance market is booming, with new coverages evolving constantly, but whether the insurance industry is prepared for a massive cyber catastrophe is uncertain.
Facebook Political Problems (Stratechery by Ben Thompson) Facebook’s political problems stem directly from its size and drive for growth; they are societal issues, not antitrust ones.
Facebook's own data is not as conclusive as you think about teens and mental health (NPR.org) It's grabbed a lot of headlines, but the evidence on social media and teen mental health — including that Facebook and Instagram research — is far from a smoking gun.
‘Fantasy startup investing’ NFT platform Visionrare shuts down paid marketplace after a day in open beta (TechCrunch) Just over 24 hours into its open beta, Visionrare, which launched an NFT marketplace for “fantasy startup investing,” is temporarily shutting down and refunding users who purchased shares, saying it will relaunch soon as a free-to-play game. The platform allowed users to bid on auctions…
JLL names Joe Silva Chief Information Security Officer (PR Newswire) JLL (NYSE: JLL) today announced the hire of Chief Information Security Officer (CISO) Joe Silva to lead JLL's information security strategy,...
Products, Services, and Solutions
Tenable.io and Tenable.io WAS Achieve FedRAMP Authorization (Tenable®) Six reasons why FedRAMP authorization for Tenable.io and Tenable.io Web App Scanning (WAS) is important for our customers and partners.
WatchGuard’s New Mid-Range Firewalls Deliver the High Performance Organizations Need to Protect Against Encrypted Malware (GlobeNewswire News Room) New high-performance Firebox M Series appliances combine security, performance, flexibility and visibility for the WatchGuard Unified Security Platform™...
Cybersecurity Company Expel Wins Exabeam’s MSSP/MDR of the Year U.S. and Canada Award (Expel) Leader in nex-gen SIEM and XDR, Exabeam, announces 2021 Partner of the Year award winners during Spotlight21 Annual User Conference.
BlackBerry and Deloitte Join Forces to Secure IoT Software Supply Chains (BlackBerry) BlackBerry Limited and Deloitte today announced the two organizations are teaming up to help OEMs and those building mission-critical applications secure their software supply chains.
Sontiq® Announces Industry-First Digital Safety and Security Features for Families (Yahoo) Sontiq announces Digital Safety and Security features to be included in Sontiq's and IdentityForce's Identity Theft Protection plans for families.
Concentric Integrates AI-Powered Data-centric Monitoring and Protection with Box (BusinessWire) Concentric Inc., a leading vendor of intelligent AI-based solutions for protecting business-critical data, today announced its status as a Box Technol
Fletch releases two security offerings to help organizations stay ahead of cybercriminals (Help Net Security) Fletch launched two offerings that analyzes trending threats , free of charge, to help organizations stay ahead of cybercriminals.
New infosec products of the week: October 8, 2021 (Help Net Security) The featured infosec products this week are from: Abnormal Security, Pradeo, Qualys, Semperis and Swimlane.
Beachhead Solutions Launches RiskResponder® to Automate Proactive Responses to Specific Security Threats and to Empower Closer MSP-Client Collaboration (GlobeNewswire News Room) RiskResponder offers MSPs a client-collaborative, preventative approach to automatically addressing risk with predetermined and automatically-triggered...
Technologies, Techniques, and Standards
Council Post: Are Corporate Boards’ Cyber Risk Management Practices Really Protecting Their Companies? (Forbes) With more information than ever available and distributed digitally, ensure your corporate board and C-suite are protecting your organization from cybercriminals.
How to protect your source code from attackers (TechBeacon) Malicious actors are increasingly targeting private repositories. Here are some of the techniques attackers use—and what you can do to stop them.
It’s Time to Stop Paying for a VPN (New York Times) Many virtual private network services that were meant to protect your web browsing can no longer be trusted. Here are other ways.
Legislation, Policy, and Regulation
Government introduces guidelines for cybersecurity in power sector (The Hindu) The guideline lays down actions required to ramp up security measures across various utilities to raise preparedness in power sector.
India's new power sector infosec policy eschews air gaps (Register) Calls for anything connected to the Internet to live in a room controlled by the CISO
Netherlands can use intelligence or armed forces to respond to ransomware attacks (The Record by Recorded Future) The Dutch government said it would use its intelligence or military services to counter cyber-attacks, including ransomware attacks, that threaten its national security.
The Pandora Papers should reinvigorate Biden's anti-corruption push (Atlantic Council) An anti-corruption campaign appeals to disparate domestic groups but also is bound up in many of the core objectives Biden has staked out for the United States in the world.
Cybersecurity bills advance in U.S. Senate (Homeland Preparedness News) Two bipartisan bills from U.S. Sens. Gary Peters (D-MI) and Rob Portman (R-OH) on cybersecurity and infrastructure were approved by the U.S. Senate Homeland Security and Government Affairs Committee and now head to the full Senate for a vote.
Bill seeks to address critical infrastructure cyber attacks (Homeland Preparedness News) A pair of lawmakers have introduced a measure they said is designed to protect systemically important critical infrastructure (SICI) from cyber attacks. Reps. John Katko (R-NY) and Abigail Spanberger (D-VA) recently detailed the the Securing Systemically Important Critical Infrastructure Act, … Read More »
Lawmakers Call for Definitive Cyber Deterrence Policy (Meritalk) With an increased focus on cybersecurity after a spate of high-profile cyberattacks on U.S. government and business organizations since late last year, members of Congress are continuing to call for a clearly defined national cyber deterrent policy. Three prime movers on cybersecurity legislation Congress – Sen. Angus King, I-Maine, and Reps. John Katko, R-N.Y., and Yvette Clarke, D-N.Y. – explained the need to codify a cyber deterrence policy at the Aspen Cyber Summit Oct. 6.
Mayorkas outlines whole-of-DHS response behind latest cyber sprint (Federal News Network) DHS is putting the collective force of its component agencies behind its latest 60-day cyber sprint focused on transportation security.
Railroads say they don't need cybersecurity mandates (Washington Post) The Biden administration plans to impose new cybersecurity mandates on railroad and rail transit systems.
NSA Renews Focus On Securing Military Weapons Systems Against 'Capable' Rivals (Breaking Defense) "In terms of weapons systems, we have computers on wings, at sea, and on land. We don't think of [weapons systems] that way, but none of them work without computers," NSA's Joyce said.
Rob Joyce: Weapons Systems Security, Post-Quantum Encryption Among NSA’s Near-Term Priorities (Executive Gov) Rob Joyce, cybersecurity director at the National Security Agency (NSA) and a previous Wash100 Award
Facebook and Big Tech Are Facing Their ‘Big Tobacco’ Moment (World Politics Review) This week, Frances Haugen, a former Facebook data scientist, openly accused the social media company of misleading the public about what it knows about the harm its products cause. Her impact on the regulation of Big Tech will likely be as significant as that of the whistleblowers who ended Big Tobacco’s era of impunity.
U.S. Set Out to Hobble China’s Huawei, and So It Has (Wall Street Journal) The big maker of telecom gear and phones is short of advanced chips, and it faces customers who heed U.S. sanctions or doubt the company’s technical reliability. It is diving into new ventures, aiming “to seek survival.”
Chinese tech investment poses ‘real danger’ to US industry: Michael Dell (Yahoo Finance) In a new interview, Dell Technologies CEO Michael Dell described the US-China economic relationship as "frosty," and said he welcomes US support for the tech sector as a way to counteract such subsidies in China.
Litigation, Investigation, and Law Enforcement
Russia charges cybersecurity executive with treason - reports (Reuters) Russia has charged the chief executive of a leading Russian cybersecurity company with treason, local news agencies cited sources as saying on Thursday.
Cybersecurity executive Ilya Sachkov formally charged with treason (Meduza) Investigators have indicted Group-IB founder Ilya Sachkov for treason, sources in law enforcement told RIA Novosti and TASS on Thursday, October 7. This was also reported by Interfax, citing familiar sources.
GDPR fines of over $1.1bn in Q3 2021 highlights the need for companies to take regulation seriously (Bdaily Business News) According to the latest data compiled by Finbold, there has been a stark increase in the number and severity of…
HSE cyberattack: Hackers’ servers, websites seized by Gardaí (Silicon Republic) Detective chief superintendent Paul Cleary said that Garda signs were posted on the hackers’ websites to warn potential cyberattack victims.
Hacker arrested after selling data of 600,000 customers (Thaiger) A former employee of a well-known company in Thailand was arrested for a data breach where the hacker allegedly sold the data of 600,000 customers.
Cloudflare doesn’t have to cut off copyright-infringing websites, judge rules (Ars Technica) Judge rules content-delivery service doesn't "contribute" to copyright infringement.
Nigerian Man Living in U.S. Charged Over Role in BEC Scheme (SecurityWeek) A Nigerian national residing in Buffalo, New York, was indicted this week for facilitating a business email compromise (BEC) scam that resulted in hundreds of thousands of dollars being stolen from various companies.
NatWest Pleads Guilty to Anti-Money-Laundering Charges (Wall Street Journal) NatWest Group pleaded guilty in the U.K. to charges that it violated regulations requiring financial institutions to maintain adequate anti-money-laundering systems and controls.