US Joint Advisory warns of ongoing threats to water & waste water systems. Missouri's Governor versus a newspaper's "hacking."

Summary

By the CyberWire staff

The US Cybersecurity and Infrastructure Security Agency (CISA) yesterday published a joint advisory warning of "ongoing malicious activity—by both known and unknown actors" directed against water and wastewater treatment facilities. It emphasizes the threat of spearphishing as well as exploitation of outdated operating systems and vulnerable control system firmware.

CISA also released more than twenty industrial control system advisories yesterday.

Missouri Governor Mike Parson has denounced the Saint Louis Post-Dispatch for what he characterized as the newspaper's "hacking" of the Department of Elementary and Secondary Education (DESE). He said at a press conference yesterday that he's referring the newspaper and its reporter for prosecution. The Post-Dispatch had found some teachers' Social Security Numbers coded into the html of a publicly accessible DESE website where citizens could check teachers' credentials. The paper informed DESE, waited until DESE had taken the information down, and then published its story.

Governor Parson has since doubled down via Twitter, claiming that the Post-Dispatch's story places them on the wrong side of "Tampering with computer data" (a Class A misdemeanor, or, if the action involves theft of $750 or more, a Class E felony). His Tweet also points out that "Tampering with computer data, computer equipment, or computer users" is a civil tort. Most of those covering or reacting to the governor's press conference aren't buying it. See Ars Technica for a representative discussion of Governor Parson's excursus on that hackin' world. (Ars Technica's story is more measured than most of the others we've seen.)

Attacks, Threats, and Vulnerabilities

Ongoing Cyber Threats to U.S. Water and Wastewater Systems (CISA) This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Agency (CISA), the Environmental Protection Agency (EPA), and the National Security Agency (NSA) to highlight ongoing malicious cyber activity—by both known and unknown actors—targeting the information technology (IT) and operational technology (OT) networks, systems, and devices of U.S. Water and Wastewater Systems (WWS) Sector facilities. This activity—which includes attempts to compromise system integrity via unauthorized access—threatens the ability of WWS facilities to provide clean, potable water to, and effectively manage the wastewater of, their communities. Note: although cyber threats across critical infrastructure sectors are increasing, this advisory does not intend to indicate greater targeting of the WWS Sector versus others.

US government discloses more ransomware attacks on water plants (BleepingComputer) U.S. Water and Wastewater Systems (WWS) Sector facilities have been breached multiple times in ransomware attacks during the last two years according to joint advisory published by US government agencies on Thursday.

CISA outlines cyberthreats targeting US water and wastewater systems (ZDNet) CISA listed multiple ransomware attacks on water facilities this year, including ones in California, Maine and Nevada.

U.S. authorities disclose ransomware attacks against water facilities (Reuters) U.S. authorities said on Thursday that four ransomware attacks had penetrated water and wastewater facilities in the past year, and they warned similar plants to check for signs of intrusions and take other precautions.

Three more ransomware attacks hit Water and Wastewater systems in 2021 (Security Affairs) A joint cybersecurity advisory published by US agencies revealed that three ransomware attacks on wastewater systems this year. A joint cybersecurity advisory published today by the FBI, NSA, CISA, and the EPA revealed three more attacks launched by Ransomware gangs against US water and wastewater treatment facilities (WWS) this year. This is the first time that these attacks […]

US govt reveals three more ransomware attacks on water treatment plants this year (The Record by Recorded Future) Ransomware gangs have silently hit three US water and wastewater treatment facilities this year, in 2021, the US government said in a joint cybersecurity advisory published today by the FBI, NSA, CISA, and the EPA.

New Yanluowang ransomware used in targeted attacks (Symantec) New arrival to the targeted ransomware scene appears to be still in development.

A Telegram Bot Told Iranian Hackers When They Got a Hit (Wired) APT35 may not be the most dangerous group out there, but they've got a new phishing trick.

Countering threats from Iran (Google) Google’s Threat Analysis Group tracks actors involved in disinformation campaigns, government backed hacking, and financially motivated abuse. We have a long-standing policy to send you a warning if we detect that your account is a target of government-backed phishing or malware attempts. So far in 2021, we’ve sent over 50,000 warnings, a nearly 33% increase from this time in 2020.

BlackByte Ransomware – Pt. 1 In-depth Analysis (Trustwave) During a recent malware incident response case, we encountered an interesting piece of ransomware that goes by the name of BlackByte.

A Handshake with MySQL Bots (Trustwave) It’s well known that we just don’t put services or devices on the edge of the Internet without strong purpose justification. Services, whether maintained by end-users or administrators, have a ton of security challenges. Databases belong to a group that often needs direct access to the Internet - no doubt that security requirements are a priority here.

BlackByte Ransomware – Pt 2. Code Obfuscation (Trustwave) In Part 1 of our BlackByte ransomware analysis, we covered the execution flow of the first stage JScript launcher, how we extracted BlackByte binary from the second stage DLL, the inner workings of the ransomware, and our decryptor code. In this blog, we will detail how we analyzed and de-obfuscated the JScript launcher, BlackByte’s code, and strings.

Explosive New MirrorBlast Campaign Targets Financial Companies (Morphisec) Morphisec Labs has tracked a new MirrorBlast campaign targeting financial companies.

The REBOL Yell: A New Novel REBOL Exploit (FRSecure) We recently discovered a novel REBOL exploit technique used for command-and-control. We've coined this the REBOL Yell. Read about the exploit and preventing it.

Acer confirms second cyberattack in 2021 after ransomware incident in March (ZDNet) Hackers breached the Taiwanese company's servers in India this week.

VirusTotal Shares Analysis of 80 Million Ransomware Samples (SecurityWeek) With 6,000 out of 30,000 observed clusters of activity, Google VirusTotal reports that GandCrab emerged as the most active ransomware family wreaking havoc on the Windows ecosystem.

Israeli Hospital Targeted in Ransomware Attack (SecurityWeek) An Israeli hospital was targeted Wednesday by a ransomware attack, officials said, with the state's cyber directorate calling it the first such attack on a hospital in the country.

A malware botnet has made more than $24.7 million since 2019 (The Record by Recorded Future) The operators of a malware botnet known as MyKings are believed to have made more than $24.7 million through what security researchers call a "clipboard hijacker."

Hackers Claim to Have Stolen 60 GB of Data From Acer (SecurityWeek) Hackers claim to have stolen 60 GB of data, including information on millions of customers, after breaching Acer India servers.

Britney Spears Was Spied On Through iCloud. Other Women Recount Similar Horrors. (Vice) “I felt like I had no control over my life. My phone became a weapon.”

Security Patches, Mitigations, and Software Updates

NFT Marketplace OpenSea Patches Flaw Potentially Leading to Cryptocurrency Theft (SecurityWeek) OpenSea, the world’s largest NFT marketplace, has addressed a security vulnerability that could have allowed hackers to hijack user accounts and empty their crypto wallets with the help of maliciously crafted NFTs

Siemens PROFINET DCP (Update U) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol (DCP) Vulnerabilities: Uncontrolled Resource Consumption 2.

Schneider Electric CNM (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: ConneXium Network Manager (CNM) Software Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands.

Uffizio GPS Tracker (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Uffizio Equipment: GPS Tracker Vulnerabilities: Improper Access Control, Unrestricted Upload of File with Dangerous Type, Open Redirect, Cross-site Scripting, Cross-site Request Forgery 2.

Mitsubishi Electric MELSEC iQ-R Series (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC iQ-R Series CPU Module Vulnerability: Authorization Bypass Through User-controlled Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to be able to log in to the CPU module by obtaining credentials.

Siemens SINUMERIK (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINUMERIK Controllers Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker, with network access to the affected devices, to cause system failure with total loss of availability.

Siemens SINEC NMS (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC NMS network management software Vulnerabilities: Improper Limitation of a Pathname to a Restricted Directory, Improper Authorization, Exposure of Sensitive Information to an Unauthorized Actor, Deserialization of Untrusted Data, Improper Neutralization of Special Elements used in an SQL Command 2.

Siemens Solid Edge (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Solid Edge, 3D CAD and solid modeling software Vulnerabilities: Use After Free, Out-of-bounds Read, Access of Uninitialized Pointer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead the application to crash or allow arbitrary code execution on the target host system.

Siemens SCALANCE (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE Vulnerabilities: Cross-site Request Forgery, OS Command Injection, Classic Buffer Overflow, Command Injection, Path Traversal, Missing Encryption of Sensitive Data 2.

Siemens RUGGEDCOM ROX Devices (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM ROX Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to cause a permanent denial-of-service condition.

Siemens SIMATIC Process Historian (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC Process Historian Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could enable the execution of admin operations on the database.

Siemens RUGGEDCOM ROX (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM ROX --------- Begin Update A Part 1 of 2 ---------

Siemens SIPROTEC 5 relays (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIPROTEC 5 relays Vulnerabilities: Classic Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-257-10 Siemens SIPROTEC 5 relays that was published September 14, 2021, to the ICS webpage on us-cert.cisa.gov.

Siemens SIPROTEC 5 (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIPROTEC 5 Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-257-16 Siemens SIPROTEC 5 that was published September 14, 2021, to the ICS webpage on us-cert.cisa.gov.

Siemens PROFINET Devices (Update C) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: PROFINET Devices Vulnerability: Allocation of Resources Without Limits or Throttling 2.

Siemens Linux-based Products (Update E) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Linux based products Vulnerability: Use of Insufficiently Random Values 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-21-131-03 Siemens Linux-based Products (Update D) that was published September 14, 2021, to the ICS webpage on us-cert.cisa.gov.

Siemens SIMATIC SmartVNC HMI WinCC Products (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC HMIs/WinCC Products Vulnerabilities: Access of Memory Location After End of Buffer, Improper Handling of Exceptional Conditions, Improper Restriction of Operations within the Bounds of a Memory Buffer, Uncontrolled Resource Consumption 2.

Siemens SCALANCE W1750D (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE W1750D Vulnerabilities: Improper Authentication, Classic Buffer Overflow, Command Injection, Improper Input Validation, Race Condition, Cross-site Scripting, Basic XSS, Uncontrolled Resource Consumption 2.

Siemens PROFINET-IO Stack (Update F) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Siemens PROFINET-IO Stack Vulnerability: Uncontrolled Resource Consumption

Siemens Industrial Real-Time (IRT) Devices (Update F) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Industrial Real-Time (IRT) Devices Vulnerability: Improper Input Validation 2.

Siemens PROFINET Devices (Update K) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: PROFINET Devices Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-19-283-02 Siemens PROFINET Devices (Update J) published on June 8, 2021, to the ICS webpage on us-cert.cisa.gov.

Siemens SCALANCE X (Update C) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SCALANCE X Vulnerability: Expected Behavior Violation 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-19-085-01 Siemens SCALANCE X (Update B) that was published January 14, 2020, to the ICS webpage on us-cert.gov.

Siemens Industrial Products (Update S) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Remotely exploitable/low attack complexity Vendor: Siemens Equipment: Industrial Products Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-17-339-01 Siemens Industrial Products (Update R) published June 8, 2021, to the ICS webpage on us-cert.cisa.gov.

Siemens PROFINET DCP (Update U) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol (DCP) Vulnerabilities: Uncontrolled Resource Consumption 2.

Trends

Top Attack Vectors: September 2021 (Expel) This report dives into the top attack vectors and trends among the incidents our SOC investigated in September 2021. Learn our key recommendations to protect your org from these types of attacks.

2021 State of Privacy and Security Awareness Report (KnowBe4) Knowledge may be power, but knowledge without action is useless. Today’s digital world is constantly pushing information to people; organizations are no different, subjecting employees to multiple policies, regulations, laws, and standards.

Hospitals Respond to Influx of Ransomware Attacks by Increasing Budgets (KnowBe4) The ransomware onslaught on hospitals and healthcare organizations is being seen as the catalyst for boards to shift operational priorities and put more focus on cybersecurity initiatives.

Securing the new workplace reality (Menlo Security) A report from Menlo Security highlights growing concerns about relying on traditional methods of protecting outside access to network applications and resources.

Human hacking increased as apps and browsers moved completely to the cloud (Help Net Security) Human hacking – phishing attacks across all digital channels – has dramatically increased in 2021, SlashNext has revealed.

Blue Hexagon - 451 Research Report - Blue Hexagon (Blue Hexagon) Cloud delivery work spans multiple teams – new cloud centers of excellence, cloud engineering teams within business units, and increased use of third-party services across the organization.

Marketplace

Air Force releases cyber and intel RFI (Intelligence Community News) On October 14, the U.S. Air Force posted a request for information (RFI) for A2 Cyber and Intel A&AS. Responses are due by 4:00 p.m. Eastern on October 29.

Cyber Insurance Firm At-Bay Announces $20 Million Series D Extension (SecurityWeek) At-Bay, the cyber insurance company that aims to reduce ransomware risk, this week announced a $20 million extension to its Series D funding round.

After Early Investors Flee SPAC Deals, Day Traders Rush In (Wall Street Journal) Day traders are targeting some companies that recently closed SPAC mergers, reinvigorating some of the meme-stock excitement that helped make such deals popular early in the year.

LinkedIn shuts up shop in China (Computing) Company cites 'significantly more challenging operating environment and greater compliance requirements' as reason for pulling out

Microsoft Folds LinkedIn Social-Media Service in China (Wall Street Journal) LinkedIn’s plans to shut down the version of its professional-networking site used in the country mark the end of the last major American social-media service operating openly there.

Optiv Accelerates Client Success with Innovation and Operational Excellence; Adds Two Industry Veterans to Executive Leadership (Optiv) Optiv names Cheryl VanVoorhees as Executive Vice President of Operations and Rocky DeStefano as Chief Technology Officer.

Products, Services, and Solutions

OPSWAT Launches Academy 3.0 to Enhance Critical Infrastructure Protection Expertise Among Cybersecurity Professionals (PR Newswire) OPSWAT, the global leader in Critical Infrastructure Protection (CIP), with cybersecurity solutions protection for both the IT and Operational...

RiskLens Announces New Managed Service to Help CISOs Measure Top Cyber Risks (GlobeNewswire News Room) RiskLens Pro simplifies critical risk analysis, reporting to quantify cyber risk and convey cybersecurity outcomes to businesses...

Okta Unveils Updated Availability for Okta Workflows as New Standalone Offering with Expanded Capabilities (Okta) Okta, Inc. (NASDAQ:OKTA), the leading independent identity provider, today announced the availability of Okta Workflow...

Okta Advances Customer Identity with Auth0 and New Okta Features (Okta) Okta, Inc. (NASDAQ: OKTA), the leading independent identity provider, today will announce continued growth and advance...

Auth0 Identity Platform Now Available on Microsoft Azure (Auth0 - Blog) New private cloud deployment option offers customers greater choice, scalability, and reliability

Elisity Strengthens TD SYNNEX Cybersecurity Offerings (BusinessWire) Elisity, Inc. today announced that TD SYNNEX will add Elisity’s Zero Trust Access platform to its cybersecurity portfolio.

Keysight’s IoT Security Assessment software offers automated cybersecurity validation of IoT devices (Help Net Security) Keysight Technologies has delivered a new IoT Security Assessment software solution that enables IoT chip and device manufacturers.

Darktrace Self-Learning AI Defends Organizations Across All 16 CISA Critical Infrastructure Sectors (Guru Focus) GuruFocus Article or News written by PRNewswire and the topic is about:

Technologies, Techniques, and Standards

NIST seeks feedback on potential ‘moonshot’ of supply chain security project (Federal News Network) The agency says it doesn’t want to reinvent the wheel in developing an approach to securing the broad information and communications technology ecosystem.

Appointing a Data Protection Officer: 10 Common Mistakes (cyber/data/privacy insights) On the third anniversary of the General Data Protection Regulation, Cooley launched a series of webinars focused on the GDPR. As set out in the GDPR, the data protection officer (DPO) plays a crucial role in the data privacy landscape, so our second webinar covers what we consider to be the 10 mo

Hacks and data breaches are all too common. Here’s what to do if you’re affected. (Washington Post) Avoiding hacks isn’t always possible, but there are ways to mitigate the damage

Tips for Crafting a Cyber Incident Response Plan (Legal Reader) With cyber attacks on the rise, many small business owners should be prepared to respond to cyber threats that may damage their business operations.

How a cyber-attack simulation could save your school's data (Education Technology) Schools really can't afford to be unaware of the convincing, elaborate and complicated cyber-attacks that may put their data at risk.

Defending Against CONTI Ransomware: Why CISA Urgently Recommends Segmentation (Techwire) Yesterday, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a joint cybersecurity advisory surrounding the ongoing wave of Conti ransomware attacks — a ransomware-as-a-service (RaaS) model variant known to have been behind more than…

How to adjust Instagram privacy settings for better cybersecurity (AZ Big Media) Instagram is a great app, but needs some fine tuning from your side in order to be optimally cyber secure. What does being cyber secure mean, though? Well, for the average person this is probably associated with some form of security -which is true. What the average person -someone that doesn’t dabble in advanced cybersecurity- needs to know is that you are not safe online if you don’t properly set up your device, system,!

Academia

SES Expands Partnership with University of Luxembourg With Joint Lab (Via Satellite) SES is expanding its partnership with the University of Luxembourg to encompass more cybersecurity elements, the company announced Oct. 14. Together with the University of Luxembourg’s Interdisciplinary Centre for Security, Reliability and Trust (SnT), the two organizations will create a joint lab that will explore

IoT Hacking and Rickrolling My High School District (WhiteHoodHacker) This is the story of how I created a botnet of IPTVs to rickroll 10,000+ students for my senior prank.

Education sector suffers series of cyber attacks in 2021 (Open Access Government) David Cummins, Tenable, examines how universities are being targeted by a series of cyber attacks in 2021 and what they can do to protect themselves

Legislation, Policy, and Regulation

Biden administration holds meeting on ransomware threat with more than 30 nations and E.U. (Washington Post) Countries including India, Brazil and Ukraine agreed to work together to fight a form of cybercrime that has paralyzed computer systems from hospitals to pipelines.

White House Ransomware Summit Eyes Tighter Global Scrutiny for Crypto (Wall Street Journal) Officials from 31 countries and the EU say uneven enforcement allows hackers to cash in.

Ransomware rises as a national security threat as bigger targets fall (CNET) Governments around the world look for ways to fight back.

Enterprises ask Washington to step up cyber collaboration (SearchSecurity) Panelists at CISA's National Cybersecurity Summit discussed cyber collaboration efforts between the private sector and why it needs improvement.

Rising ransomware attacks have the Justice Department's attention (Washington Post) The Justice Department has partly centralized ransomware investigations, but experts want more consolidation

A former top US election official urges sweeping security improvements, warning 'democracy is in trouble' (CyberScoop) The Cybersecurity and Infrastructure Security Agency’s former lead election security official is recommending comprehensive changes to protect the ballot in future elections, from physical safety upgrades for election workers and federal agency revamps to mandated disclosure of cyber incidents.

Zero Trust: How to Secure American Elections When the Losers Won’t Accept They Lost (Stanford Internet Observatory) In this report, we outline three exigent threats to election processes following the events of the 2020 general election. Then, we provide 11 targeted recommendations to best address these threats ...

U.S. pursues a unique solution to fight hackers. It revolves around esports. (Washington Post) As the United States seeks to shore up its defenses against cyberattacks, the government is seeking to harness the skills of some of the country’s most promising young minds using a model that mirrors competitive video gaming, also known as esports.

China's Hackers to Showcase Zero-Day Exploits at Tianfu Cup (Flashpoint) At this weekend’s Tianfu Cup (天府杯) in Chengdu, some of China’s preeminent hackers will use original methods to break into the devices, software, platforms, and services of the world’s largest technology companies.

Federal Breach Notification Bills: Cybersecurity Pros Should Pay Attention (Dice Insights) Reporting of cybersecurity incidents is likely to speed up, either with the passage of federal law or steps by the Biden administration.

Litigation, Investigation, and Law Enforcement

Bugs in our Pockets: The Risks of Client-Side Scanning (Columbia University) Our increasing reliance on digital technology for personal, economic, and government affairs has made it essential to secure the communications and devices of private citizens, businesses, and governments. This has led to pervasive use of cryptography across society. Despite its evident advantages, law enforcement and national security agencies have argued that the spread of cryptography has hindered access to evidence and intelligence.

Missouri teachers’ Social Security numbers at risk on state agency’s website (Saint Louis Post-Dispatch) The Post-Dispatch discovered the vulnerability in a web application that allowed the public to search teacher certifications and credentials.

Missouri governor vows criminal prosecution of reporter who found flaw in state website (Missouri Independent) Missouri's governor promises to seek prosecution of a reporter and news outlet that discovered a privacy flaw in a state website.

Missouri Gov. Parson targets St. Louis newspaper for prosecution after report on state’s security vulnerability (Kansas City Star) Missouri Gov. Mike Parson on Thursday announced he had referred the St. Louis Post-Dispatch and its reporters for criminal prosecution after the newspaper revealed a security vulnerability it discovered on a state agency’s website.

Missouri gov. calls journalist who found security flaw a “hacker,” threatens to sue (Ars Technica) Governor also threatens to sue paper for finding flaw that exposed teachers' SSNs.

Missouri governor threatens reporter who discovered state site spilling private info (The Verge) A masterclass in how not to handle disclosures.

A newspaper informed Missouri about a website flaw. The governor accused it of ‘hacking.’ (Washington Post) You are reading these words right now because your computer or phone was sent a number of files telling the device what words to display and how they should be formatted. One of those files included HTML, HyperText Markup Language, that uses tags such as <strong> and <a> to tell your browser how to bold or link words and images. It isn’t code, really, just text surrounded by little triggers that your browser knows how to interpret. Since your computer was sent this file, you’re free to look at it. If you’re on your desktop or laptop, find the “View source” command in the menu at the top of your screen. That’s this page’s source code, written in HTML.

Missouri governor faces backlash and ridicule for threatening reporter who discovered exposed teacher SSNs (ZDNet) Governor Mike Parson called a St. Louis Post-Dispatch reporter a "hacker" and threatened criminal prosecution because he notified state officials about a database that exposed the sensitive information of 100,000 educators.

Confused governor says looking at webpage's HTML is criminal hacking (Mashable) Putting on my hacker hoodie and clicking view source.

Missouri Governor Is Extremely Confused About What Constitutes 'Hacking' (Rolling Stone) A journalist found teachers’ Social Security numbers in a publicly available website’s source code and reported the error. Now, Gov. Mike Parson wants to … prosecute him

Police investigating cyberattack against dating app for wealthy users (The Korea Herald) The South Korean police are probing into a suspected hacking attack against a matchmaking app that led to a personal data leak. The police on Friday said the investigation has been underway since late September, after the GoldSpoon app, which has 130,000 users, found evidence of unauthorized access to its internal network. The GoldSpoon, a dating app designed for wealthy and high-income individuals, on Tuesda...

WSJ News Exclusive | Chinese Telecom Giant ZTE in Dispute With U.S. Court-Appointed Monitor (Wall Street Journal) A Dallas lawyer appointed to monitor ZTE’s compliance with export laws has been pushing for a longer term in ways the Justice Department sees as inappropriate, people familiar with the matter say.

Former Boeing Pilot Indicted in Probe of 737 MAX Crashes (Wall Street Journal) A federal grand jury in Texas indicted Mark A. Forkner, alleging that he deceived air-safety regulators about a flight-control system later blamed for sending two 737 MAX jets into fatal nosedives.

Facebook Should Clarify Terms of Service, Irish Privacy Regulator Says (Wall Street Journal) A draft ruling from Ireland’s privacy regulator would require Facebook Inc. to change how it informs users about its data processing but disregards complaints that the social-media giant needs to obtain direct consent for its activities.

Amazon challenges record $865 million EU data protection fine (mint) The challenge comes after CNPD, Luxembourg’s data protection regulator, where Amazon has its EU base, slapped the U.S. tech giant with the fine in July

Industry Events

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

Symposium: Human Rights in the Digital Sphere (Virtual, Oct 18, 2021) Full enjoyment of our rights in cyberspace comes with an adequate protection against the risks in an online environment. Right to private life, human dignity, safety, integrity of the person, non-discrimination are at stake under threat from cybercrime. How can the governments fulfill their positive obligations to protect individuals against crime and safeguard the fundamental rights of cybercrime victims? This challenge requires careful balancing to provide efficient criminal justice response with appropriate rule of law safeguards. Speakers from different legal systems and jurisdictions, experts and governmental representatives will exchange views, while tackling the complexity of protecting human rights in the digital sphere in our daily lives activities in a one day seminar. The outcomes of the discussions build further on the current debate on a global scale, about the actions necessary to include in a comprehensive approach in order to address the radical changes digitalization is brining to the online and offline environments.

Enhancing Cyber Policy Research with FOIA (Virtual, Oct 19, 2021) Effective cyber policy analysis relies on accurate, unfiltered information, and US government documents uncovered and declassified through the Freedom of Information Act can supercharge your research. Attendees will learn tested strategies for filing FOIA requests and navigating the appeals process, receive tips for reading between the lines of declassified documents, and examine cases where FOIA-derived materials have shed new light on the often overclassified world of cyber policy.

Public Private Partnerships in Cybersecurity (Washington (and virtual), DC, USA, Oct 19, 2021) Join Auburn University's McCrary Institute as they discuss the next generation of Public Private Partnerships in cybersecurity. Public private partnerships are critical to fully operationalize our national cybersecurity posture. As the threat level increases, vulnerabilities persist. There is a growing opportunity to realize collaborative efforts to increase cyber resiliency. National Cyber Director Chris Inglis will deliver the keynote address. Panelists will include FBI Deputy Director Paul Abbate, Department of Homeland Security CISA Director Jen Easterly, NSA Director of Cybersecurity Rob Joyce, and Berkshire Hathaway Energy CEO William J. Fehrman.

3rd Annual Cybersecurity Awareness Conference (Virtual, Oct 23, 2021) On 23 Oct, UNCW’s Center for Cyber Defense Education (CCDE) will host the third annual Cybersecurity Awareness Conference. This one-day conference, held during National Cybersecurity Awareness Month, will feature speakers from business, academia, and government discussing a variety of cybersecurity-related topics.

The invisible line of defense (Virtual, Nov 17, 2021) American infrastructure is behind in adopting technological capabilities needed to protect itself against such mischief especially from hostile states. Therefore it is paramount to have a frontline research and operations team to coordinate and enhance our defense. The Cybersecurity and Infrastructure Security Agency (CISA) is that organization, and it is our privilege to have its Executive Assistant Director for Infrastructure Security Dr. David Mussington discuss how CISA is tackling the major cyber/infrastructure security issues the USA is currently facing, and how it plans to bridge the divide between private technology firms and the Federal government to develops tools. He will share his perspective on the future of our digital lives and work in a global and more hostile world, and how it can be made inclusive and safe. And for those interested in rolling up their sleeves and joining the technological forefront of our cyber defense, he will discuss careers at CISA.

Events

Virtual Cybersecurity Summit Series (Virtual, Jul 8 - Nov 14, 2021) As the first community organizer to bring the live, immersive experience to cybersecurity conferences in North America, Data Connectors has conducted more than 50 virtual events to it's members. We are happy to announce that the Virtual Cybersecurity Summit Series will continue in 2021. summits feature industry experts, government agencies and innovative solution providers all bringing real world experience & knowledge to the forefront on specific cybersecurity topics and concerns.

The DataTribe Challenge 2021 (Fulton and Virtual, Maryland, United States, Sep 1 - Nov 3, 2021) The DataTribe Challenge is a unique annual competition that brings together the best entrepreneurs in the world looking to disrupt cybersecurity and data science. DataTribe selects three finalists that split $20,000 in prize money and one winner that could receive up to $2 million in seed capital. Finalists are announced on 10/14/21. The Challenge concludes in a pitch event on 11/3/21 where three finalists present to and network with cyber industry luminaries in-person. DataTribe will announce the winner at the end of this event.

Fal.Con 2021 (Virtual, Oct 12 - 15, 2021) In the past year, the world has experienced a shocking series of watershed moments highlighting global cybersecurity challenges. Join us at Fal.Con 2021 October 13-15 to hear from our incredible keynote speakers as they reveal the latest innovations, intelligence and tools for organizations to stay one step ahead of the modern adversary as we come together in pursuit of our clear mission at CrowdStrike: to stop breaches. The first two days are designed for North and South America, the two final days for Europe, the Middle East, Africa, Asia, and the Pacific.

Symposium: Human Rights in the Digital Sphere (Virtual, Oct 18, 2021) Full enjoyment of our rights in cyberspace comes with an adequate protection against the risks in an online environment. Right to private life, human dignity, safety, integrity of the person, non-discrimination are at stake under threat from cybercrime. How can the governments fulfill their positive obligations to protect individuals against crime and safeguard the fundamental rights of cybercrime victims? This challenge requires careful balancing to provide efficient criminal justice response with appropriate rule of law safeguards. Speakers from different legal systems and jurisdictions, experts and governmental representatives will exchange views, while tackling the complexity of protecting human rights in the digital sphere in our daily lives activities in a one day seminar. The outcomes of the discussions build further on the current debate on a global scale, about the actions necessary to include in a comprehensive approach in order to address the radical changes digitalization is brining to the online and offline environments.

2021 (ISC)² Security Congress (Orlando, Florida, USA, Oct 18 - 20, 2021) Join thousands of cybersecurity professionals from around the globe at the first ever hybrid (ISC)² Security Congress. Taking place October 18 - 20, join us in sunny Orlando, Florida (U.S.) or virtually from the comfort of your home for three days of inspiring keynote speakers, breakout sessions, networking opportunities and more!

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.