Attacks, Threats, and Vulnerabilities
MysterySnail attacks with Windows zero-day (SecureList) We detected attacks with the use of an elevation of privilege exploit on multiple Microsoft Windows servers. Variants of the malware payload used along with the zero-day exploit were detected in widespread espionage campaigns. We are calling this cluster of activity MysterySnail.
Threat Spotlight: Remote code execution vulnerabilities (Barracuda Networks) Two recently uncovered vulnerabilities are the latest evolutions of Remote code execution (RCE) vulnerabilities.
2021 Attack Surface Report (Randori) Mined from Randori’s insights the 2021 Attack Surface Report reveals new data on the internet’s most tempting targets.
Randori Report Finds that One in 15 Organizations Still Run a Vulnerable or "Tempting" Version of SolarWinds (PR Newswire) Randori, the company who attacks to protect, today released its first-ever 2021 Attack Surface Management Report: the Internet's Most Tempting...
CyRC Vulnerability Advisory: Nagios XI | Synopsys (Software Integrity Blog) CVE-2021-33177, CVE-2021-33178, and CVE-2021-33179 are SQL injection, path traversal, and XSS vulnerabilities in the popular application, service, and network monitoring software Nagios XI.
Protecting Prometheus: Insecure configuration exposes secrets (JFrog) How to deploy & configure Prometheus securely, including authentication and encryption capabilities. Real-world exposures discovered by the JFrog Security Research team
Olympus confirms US cyberattack, weeks after BlackMatter ransomware hit EMEA systems (TechCrunch) It's the second cybersecurity incident in as many months.
Medical Technology Company Olympus Discloses Cyberattack (SecurityWeek) Japanese medical technology company Olympus this week revealed that its operations in the Americas were affected by a cyberattack.
Olympus probes apparent cyberattack, its second in less than a month (CyberScoop) Japanese technology manufacturer Olympus announced Tuesday that it was investigating “a potential cybersecurity incident” affecting IT systems in the U.S., Canada and Latin America. The Oct. 12 statement was light on detail but said the “incident” was detected Sunday, Oct. 10.
Investigating potential cybersecurity incident affecting our IT system in the Americas (Olympus Global Homepage) This page describes Olympus : News : 2021 : Investigating potential cybersecurity incident affecting our IT system in the Americas.
Brazilian Integrator Platform Leaked Over 1.75 Billion Sensitive Files (SafetyDetectives) Intro
The Safety Detectives cybersecurity team, led by Anurag Sen, uncovered a critical data leak affecting the Brazilian Marketplace Integrator platform Hariex
Customers On Alert as E-commerce Player Leaks 1.7+ Billion Records (Infosecurity Magazine) Marketplace integrator spills customer and seller details
Verizon-owned Visible network suffers suspected data breach (xda-developers) Visible, a carrier owned by Verizon using Verizon's network, appears to have suffered a data breach, according to reports on social media.
Cyberattack hits Meliá, one of the largest hotel chains in the world (The Record by Recorded Future) A cybersecurity incident has crippled activities at Meliá Hotels International, one of the largest hotel chains in the world.
University of Sunderland hit by suspected major cyber attack, with IT systems out-of-action (Sunderland Echo) Online criminals are suspected to be behind what appears to be a major cyber attack on the University of Sunderland.
Most damaging cybercrime services cost less than $500 on the dark web (Atlas VPN) According to data presented by the Atlas VPN research team, most damaging attacks, like ransomware kits and sophisticated targeted attacks, cost anywhere between $66 and $500.
Security Patches, Mitigations, and Software Updates
Zero Day Initiative — The October 2021 Security Update Review (Zero Day Initiative) The second Tuesday of the month is here, and that means the latest security updates from Adobe and Microsoft have arrived. Take a break from your regularly scheduled activities and join us as we review the details for their latest security offerings. Adobe Patches for October 2021 For October,
Microsoft Releases October 2021 Security Updates (CISA) Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s October 2021 Security Update Summary and Deployment Information and apply the necessary updates.
October 2021 Security Updates (Microsoft Security Response Center) This release consists of security updates for the following products, features and roles.
Security Update Guide (Microsoft Security Response Center) The Microsoft Security Response Center (MSRC) investigates all reports of security vulnerabilities affecting Microsoft products and services, and provides the information here as part of the ongoing effort to help you manage security risks and help keep your systems protected.
First Windows 11 Patch Tuesday update lowers AMD chip performance (Computing) The first Windows 11 update reduced Ryzen processor performance by as much as 15 per cent
Apple Confirms iOS 15 Zero-Day Exploitation (SecurityWeek) Apple has rushed out iOS 15.0.2 to address a remote code execution vulnerability (CVE-2021-30883) that is being actively exploited
ICS Patch Tuesday: Siemens and Schneider Electric Address Over 50 Vulnerabilities (SecurityWeek) Industrial giants Siemens and Schneider Electric on Tuesday released a total of 11 new advisories covering roughly 50 vulnerabilities affecting their products.
Adobe Patches Critical Code Execution Vulnerabilities in Several Products (SecurityWeek) Adobe patches 10 vulnerabilities across its Acrobat and Reader, Connect, Commerce, and Campaign Standard products.
SAP Security Patch Day October 2021: Critical Patches for SAP Environmental Compliance and SAP Software Logistics Released (Onapsis) SAP has released 17 new and updated SAP Security Notes on its October 2021 patch release. Read on for Onapsis's analysis.
Advantech WebAccess SCADA (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 4.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Advantech
Equipment: WebAccess SCADA
Vulnerability: Missing Authorization
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to access project names and paths.
Advantech WebAccess (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Advantech
Equipment: WebAccess
Vulnerabilities: Heap-based Buffer Overflow, Stack-based Buffer Overflow
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to gain remote code execution.
Schneider Electric IGSS (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Schneider Electric
Equipment: IGSS (Interactive Graphical SCADA System)
Vulnerabilities: Classic Buffer Overflow, Unrestricted Upload of File with Dangerous Type, Path Traversal, Missing Authentication for Critical Function
2.
CVE-2021-25635 | LibreOffice - Free Office Suite - Based on OpenOffice - Compatible with Microsoft (LibreOffice) LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid.
Trends
2021 Bitdefender Global Report: Cybersecurity and Online Behaviors (Bitdefender) Report objectives....
Despite being vital to an organization’s security strategy, only 16% of organizations have a fully realized and mature Identity and Access Management program. (Hitachi-ID) Mature Identity and Privileged Access Management programs that promote Zero Trust principals are a good way to prevent hackers from gaining control of data and infrastructure.
Brand Trust: One cyberattack is enough to lose consumer trust and custom (Mimecast) It takes years to build a brand. A cyberattack that exposes customer data or even simply paints the company in a negative light can cause catastrophic loss of trust in an instant.
Brand impersonation: One cyberattack is enough to lose consumer trust and custom | Mimecast Blog (Mimecast) Businesses face increased cyber threats from threat actors looking to impersonate their brands to access customers’ personal or financial information. Consumers find the brands at fault.
Nearly 60% of Organizations Say Connected Product Security Concerns Have Cost Them Sales, Finite State Research Finds (BusinessWire) More than half (59%) of executives with cybersecurity decision-making responsibility at large and mid-sized companies say that their organizations hav
Securing Connected and Embedded Devices | Ponemon Institute (Finite State) To understand the impact of supply chain security, the Ponemon Institute conducted a survey of 632 embedded product security decision makers.
CIO and CISO Priorities for IAM and Machine Identity Management (Keyfactor) Get survey results from 100+ CIOs and CISOs to understand priorities around Identity and Access Management (IAM) and Machine Identity Management (MIM).
Voice of SecOps 2021 (Deep Instinct) Download the first annual, global Voice of SecOps Report to gain insight into current and emerging threats and learn about how these threats are impacting the day-to-day lives of SecOps professionals.
Marketplace
Black Kite Raises $22M to Meet Aggressive Demand for Vendor Risk Management (PR Newswire) Black Kite, the standard in third-party cyber risk ratings, announced today a $22 million Series B investment led by Volition Capital, with...
Cloud Security Company Wiz Raises $250 Million at $6 Billion Valuation (SecurityWeek) Cloud security company Wiz has raised $250 million in a Series C funding round. Wiz has raised a total of $600 million and it’s now valued at $6 billion.
Companies Leading the Way in Cyber Security (Veriff) This article by the Veriff team looks at countries with the biggest cybersecurity workforces, and highlights the most exciting businesses in the space.
Nearly 60% of Organizations Say Connected Product Security Concerns Have Cost Them Sales, Finite State Research Finds (BusinessWire) More than half (59%) of executives with cybersecurity decision-making responsibility at large and mid-sized companies say that their organizations hav
Ordr Appoints René Bonvanie as Executive Chairman of the Board (Ordr) Ordr today announced the appointment of René Bonvanie as Executive Chairman to the company's board of directors.
Products, Services, and Solutions
Rubrik Launches Ransomware Recovery Warranty (GlobeNewswire News Room) Rubrik announces $5M ransomware recovery warranty for Rubrik Enterprise Edition, delivering customers the ultimate peace of mind...
Zix Announces Cloud Backup and Recovery Services Now Available Through Secure Cloud (Zix Corporation) The Investor Relations website contains information about Zix Corporation's business for stockholders, potential investors, and financial analysts.
CrowdStrike Announces New CrowdXDR Alliance (CrowdStrike) CrowdStrike Joins Forces with SaaS, Cloud and Security Leaders to Set the Standard for XDR through new CrowdXDR Alliance. Discover more here!
CrowdStrike Launched Free Humio Community Edition (CrowdStrike) CrowdStrike introduces the Humio Community Edition! A free offering designed to bring Humio’s streaming observability to everyone. Learn more!
ReliaQuest Launches New GreyMatter Capabilities To Measure and Manage Cyber Risk: Security Model Index™ and Verify (BusinessWire) ReliaQuest, the leader in Open XDR-as-a-Service, today announced two new capabilities within GreyMatter, its cloud-native open XDR platform: Security
Global coalition builds to protect cyber researchers (Cybersecurity Advisors Network (CyAN)) The Cybersecurity Advisors Network (CyAN) today announced the formation of a global coalition to work towards securing internationally consistent legal immunities for bona fide zero day resear…
Google launches Cybersecurity Action Team (Healthcare IT News) Google announced this week the launch of its Cybersecurity Action Team, aimed at assisting governments, critical infrastructure organizations, enterprises and small businesses. The team's goal will be to guide customers through the cycle of security transformation, including creating a road map, increasing cyber-resilience preparedness and engineering new solutions in response to changing circumstances. The effort will begin within Google Cloud, eventually expanding to more organizations.
Huntress launches endpoint protection capabilities to defend SMBs from cyberattacks (Help Net Security) Huntress launched a series of platform enhancements designed to protect small and midsize businesses (SMBs) from modern cyberthreats.
F-Secure, KAON, and Incognito make connected home security as easy as plugging in a router (Public) Cyber security provider F-Secure, KAON Broadband, a source of integrated solutions featuring home network devices and associated revenue-generating services, and Incognito, a leading global provider of broadband service orchestration software solutions, have announced a new combined offering that delivers a fully integrated end-to-end connected home security offering with endless expansion capabilities.
Check Point Software Prevents Theft of Crypto Wallets on OpenSea, the World’s Largest NFT Marketplace (Check Point Software) After seeing reports of stolen crypto wallets triggered by free airdropped NFTs, Check Point Research (CPR) investigated OpenSea, the world’s largest NFT
Infosec Institute Hosts World’s First Certified CMMC Professional (CCP (PRWeb) Infosec Institute, a market-leading cybersecurity education company, today announced it will host the world’s first Certified CMMC Professional (CCP) Boot C
Deepfence Announces Open Source Availability of ThreatMapper Cloud Native Security Observability Platform (BusinessWire) Deepfence, a pioneer in the emerging security observability and protection space, today announced open source availability of ThreatMapper, a signatur
U.S. Healthcare’s “Last Mile” is Open to Attack, New Study Finds; Approov Rolls Out FHIR Guard, Free End-Point Security for FHIR API Providers (BusinessWire) U.S. Healthcare’s “Last Mile” is Open to Attack, New Study Finds; Approov Rolls Out FHIR Guard, Free End-Point Security for FHIR API Providers
WSO2 Introduces Asgardeo Next-Generation IDaaS to Cut the Complexity Out of Managing User Access to Client-Facing Applications (Yahoo Finance) Early adopter release of Asgardeo lets developers build advanced customer identity and access management into their apps and create frictionless user experiences in minutes
SCADAfence Launches New Global Partner Program to Accelerate and Scale OT Security to Industrial Organizations (PR Newswire) SCADAfence, the global leader in cybersecurity for Operational Technology (OT) and Internet of Things (IoT) environments, announced today the...
Fugue Adds Kubernetes Security Checks to its SaaS Platform and Open Source Regula Project (Fugue) Fugue, a cloud security SaaS company, today announced support for Kubernetes security prior to deployment.
Intel, Decentriq and Swiss Re Improve Data Privacy (Intel) Swiss Re explores further protection of critical data using confidential computing, powered by Intel SGX technology and enabled by Decentriq.
Technologies, Techniques, and Standards
China Isn't the AI Juggernaut the West Fears (Bloomberg) The nation excels in computer vision and facial recognition, but practical applications are limited to surveillance. The U.S. has much broader expertise.
Design and Innovation
Apple argues against allowing app sideloading by pointing out Android's malware figures (The Record by Recorded Future) Apple said today that one of the reasons it does not allow app sideloading or the use of third-party app stores on iOS is because of privacy and security reasons, pointing to the fact that Android sees between 15 to 47 times more malware compared to its app ecosystem.
BlackBerry, Google and Qualcomm Join Forces to Drive Advancements in Next-Generation Automotive Cockpits (PR Newswire) BlackBerry Limited (NYSE: BB; TSX: BB) today announced the availability of a QNX® Hypervisor and VIRTIO-based reference design to virtualize...
Legislation, Policy, and Regulation
U.S. Convenes International Summit on Ransomware (Wall Street Journal) The Russian government wasn’t invited to attend, a senior Biden official said.
Russia excluded from virtual White House meeting on ransomware (TheHill) The White House on Wednesday will convene a virtual meeting on countering ransomware with senior officials representing 30 countries and the European Union, Biden administration officials said, as part of President Biden’s effort to work with glob
Today's ransomware summit is about international cooperation (Washington Post) Today and tomorrow the White House is huddling with representatives from 30 countries and the European Union to discuss ways to tackle ransomware, as it tries to build an international coalition to combat the growing problem of hacks.
White House to host virtual ransomware summit with 30 countries — but not Russia (NBC News) The Biden administration is set to host a two-day virtual ransomware summit starting Wednesday with one notable absence: Russia was not invited.
U.S. convenes 30 countries on ransomware threat — without Russia or China (The Record by Recorded Future) The Biden administration did not invite Russia to participate in the first meeting of a global effort to combat cybercrime, but could welcome the country that has become synonymous with ransomware to future gatherings.
Big Tech to be forced to hand over data on political ads (POLITICO) Social media companies could face hefty fines if they don’t publish detailed information on political ad buyers, according to an EU internal document.
DOJ Announces New Civil Cyber-Fraud Initiative (The National Law Review) On October 6, 2021, Deputy Attorney General Lisa O. Monaco announced the launch of the US Department of Justice’s (DOJ) Civil Cyber-Fraud Initiative. The initiative will focus on using the
DOJ Sees Crypto Seizures as a Priority in Anti-Ransomware Push (Wall Street Journal) The Justice Department is increasingly trying to claw back ransomware payments made by hacked companies and is training cryptocurrency experts who can track funds across sometimes sprawling overseas criminal networks.
OMB Gives Agencies Three Months to Help CISA Monitor Networked Devices (Nextgov.com) The memo adds heft to the Cybersecurity and Infrastructure Security Agency’s longstanding push for more visibility into federal networks.
A new law will help schools battle cybersecurity risks (Federal News Network) A new law aims to shed light on the cybersecurity risks faced by American schools, and fewer postal workers recommend taking a job with the agency.
The government's response to cybersecurity threats is not enough (Help Net Security) There are significant cybersecurity threats not addressed by the Government’s response, protection must be comprehensive.
Clarke stresses cooperation as momentum builds on Capitol Hill behind breach disclosure legislation (FCW) Rep. Yvette Clarke (D-NY), chair of the Cybersecurity, Infrastructure Protection and Innovation subcommittee, said building trust with critical infrastructure entities was fundamental to expanding information sharing between the public and private sectors.
Litigation, Investigation, and Law Enforcement
Facebook Whistleblower’s Claims Test SEC’s Reach (Wall Street Journal) Allegations that the company misrepresented the impact of its services don’t resemble a typical securities-fraud case, but the pressure to investigate is strong.
Florida woman hacked flight system, cleared planes with maintenance issues to fly, police say (WFLA) Authorities first knew something was wrong on Jan 12, 2020, when the CEO of MFT, Derek Fallon, logged into the Flight Training computer and noticed multiple things were off. He said the make/model/…
Dutch police send warning letters to customers of DDoS booter service (The Record by Recorded Future) Dutch police have taken a rare step this week and sent letters to 29 individuals who used a now-defunct DDoS-for-hire service —also known as a DDoS booter— to launch DDoS attacks against various targets.
Trump-Era Pentagon Official Sues as Suspension Reaches 5 Months (Bloomberg) Katie Arrington says her due process rights were violated. Official was ‘left dangling’ without explanation, lawsuit says.