Attacks, Threats, and Vulnerabilities
NSA, FBI, CISA Issue Advisory on 'BlackMatter' Ransomware (Dark Reading) Ransomware has become a "national security issue," NSA director said.
CISA, FBI, and NSA Release BlackMatter Ransomware Advisory to Help Organizations Reduce Risk of Attack (Hstoday) Cyber intrusions have targeted multiple U.S. critical infrastructure entities, including two U.S. food and agriculture sector organizations.
NSA, DHS shine light on BlackMatter ransomware threat to food industry, demands of up to $15 million (CyberScoop) A government advisory published Monday warned that BlackMatter ransomware attackers are going after U.S. critical infrastructure, including food and agriculture organizations, and demanding exorbitant payouts.
Whatta TA: TA505 Ramps Up Activity, Delivers New FlawedGrace Variant (Proofpoint) The prominent TA505 has returned to distributing large volumes of malicious emails affecting most industries.
CISA, FBI, and NSA warn of BlackMatter attacks on agriculture and other critical infrastructure (The Record by Recorded Future) Agencies warn BlackMatter ransomware used to target U.S. critical infrastructure entities, including two within the food and ag sector.
BlackMatter Ransomware (CISA) Actions You Can Take Now to Protect Against BlackMatter Ransomware
• Implement and enforce backup and restoration policies and procedures.
• Use strong, unique passwords.
• Use multi-factor authentication.• Implement network segmentation and traversal monitoring.
REvil Domains Hijacked, Forum Representative Announces Group’s Intention to Go Offline (Digital Shadows) An unknown individual accessed parts of the backend of REvil website’s landing page and blog, leading the new forum representative to conclude that a third party has access to website backups and Onion service keys.
REvil ransomware operators claim group is ending activity again, victim leak blog now offline (ZDNet) The group resurfaced a few weeks ago after closing shop in July, leaving researchers skeptical of this latest shut down.
REvil shuts down - again (Computing) The hacking group has ironically been hacked
Hacker steals government ID database for Argentina's entire population (The Record by Recorded Future) A hacker has breached the Argentinian government's IT network and stolen ID card details for the country's entire population, data that is now being sold in private circles.
Cyberattack Disrupts Services at Ecuador's Largest Bank (SecurityWeek) Customers of Ecuador’s largest bank continued to experience service disruptions on Oct. 15th following a cyberattack on the institution several days earlier.
Hunt Valley-based Sinclair Broadcast Group identifies data breach (Baltimore Sun) Sinclair Broadcast Group said Monday that it’s suffered a data breach and is still working to determine what information the data contained.
Ransomware attack knocks some Sinclair television stations off the air (Washington Post) The company says hackers targeted several of its servers and workstations and took unspecified data
Sinclair Broadcast Group Says It Was Hit by a Ransomware Attack (Wall Street Journal) One of the largest owners of broadcast stations in the U.S. said some of its servers are encrypted with ransomware.
Sinclair Broadcast Group says it suffered a ransomware attack and has had data stolen (NPR.org) The broadcast giant, which is known for pushing a conservative viewpoint, did not immediately say how many of its TV stations were directly affected.
Sinclair Broadcast Cyberattack Timeline: Ransomware Investigation and Recovery Updates (MSSP Alert) Sinclair Broadcast Group hires cybersecurity forensic firm to investigate and recover from cyberattack & ransomware that encrypted servers.
Owner of Maine TV stations probes weekend data breach, finds ransomware (Press Herald) The Sinclair Broadcast Group, which operates WGME and WPFO in Maine, said Monday that it is working to determine what information the data contained.
Sinclair Broadcast Group identifies data breach (WTGS) Sinclair Broadcast Group, Inc. (Nasdaq: SBGI) today provided information on a recent cybersecurity incident. On October 16, 2021, the Company identified and began to investigate and take steps to contain a potential security incident. On October 17, 2021, the Company identified that certain servers and workstations in its environment were encrypted with ransomware, and that certain office and operational networks were disrupted. Data also was taken from the Company’s network.
Accenture confirms ransomware incident also involved data breach (Insurance Business Magazine) Gang claiming responsibility says it stole six terabytes of data from the company
A Million People’s Personal Information Leaked by Chinese VPN Application (WizCase) WizCase’s security team recently discovered a major leak affecting Quickfox, a free VPN service primarily used to access Chinese sites from outside of mainland China. The leak exposed a variety of personally identifiable information (PII) from users, including names, phone numbers, other software installed on their device, and more. There was no need for ...
USA: University Hospital Newark notifies OCR of data breach (DataGuidance) The University Hospital Newark ('UH') notified, on 8 October 2021, the U.S. Department of Health and Human Services ('HHS') Office for Civil Rights ('OCR') of a data security incident affecting 9,329 individuals. In particular, the UH stated that between 1 January 2016 and 31 December 2017 some personal health information of individuals had been accessed by one of UH's employees who had also provided patient information to unauthorised individuals.
Data breach prompts review at Missouri teacher pension fund (KY3) Officials with the pension fund serving teachers and other public school employees in Missouri say they’re reviewing safety protocols after a data breach.
Top cyber official: Hospital attack ‘purely financial,’ likely by Chinese group (Times of Israel) Warning of 'ongoing battle' with hackers, Health Ministry cybersecurity chief Reuven Eliyahu says Israeli health sector is targeted 'tens of thousands of times a month'
Hacker Appears To Deface Part Of Trump’s Website (Forbes) A page on Trump’s website was replaced by a video of Turkish President Recep Tayyip Erdogan.
Is There Really Such a Thing as a Low-Paid Ransomware Operator? (McAfee Blogs) Introduction Going by recent headlines you could be forgiven for thinking all ransomware operators are raking in millions of ill-gotten dollars each year
What is spyware, exactly? Cybersecurity experts explain (Yahoo) Spyware is a term that's thrown around a lot with cybersecurity, but what is it, exactly? Here's what you need to know — and how to protect yourself.
Security and EDI, the Trojan Horses of Cyber Attackers (Global Trade Magazine) Cyber threats and protection systems are constantly evolving, and even systems that may appear to be the most mature, such as EDI, are not always...
Vulnerability Summary for the Week of October 11, 2021 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Third-Party Attacks Are Increasing, But Third-Party Risk Management Is Failing (SecurityWeek) A new report shows that boardroom awareness and security budgets for third-party risk management have increased; but this is not necessarily translating into effective action
The Future of Work Report (Absolute Software) NetMotion by Absolute presents The Future of Work
Paying the Ransom: New Research Finds That Seventy Percent of CISOs Expect to be Impacted by Ransomware in Next 12 Months; 80 Percent Will Consider Paying the Ransom (BusinessWire) Ransomware in Focus report, based on survey of over 250 CISOs uncovers the financial impact, buying decisions and business processes driven by attacks
New Axio Research Report Illustrates Glaring Deficiencies in Cybersecurity Hygiene Leaving Organizations Exposed to Ransomware (BusinessWire) New Axio Research Report illustrates glaring deficiencies in cybersecurity hygiene leaving organizations exposed to ransomware.
Quantifying the Impact of Bad Bots on E-commerce Merchant Profitability (PerimeterX) The Aberdeen Report reveals how bad bots negatively affect the operational profitability of e-commerce merchants.
Social Now Among Top Three Sectors to be Imitated in Phishing Attempts in Q3 2021 (Check Point Software) Check Point Research issues Q3 Brand Phishing Report, highlighting the leading brands that hackers imitated in attempts to lure people into giving up
Keysight Technologies Acquires SCALABLE Network Technologies (BusinessWire) Keysight Technologies Acquires SCALABLE Network Technologies
Russian IT Firm Softline Seeks $1.9 Billion Valuation in IPO (Bloomberg) Firm plans London primary listing, secondary listing in Moscow. IPO proceeds to go toward acquisitions, business development.
Private Data Sharing Firm TripleBlind Raises $24 Million in Series A Funding (SecurityWeek) Private data sharing solutions provider TripleBlind has raised $24 million in a Series A funding round.
Valence Emerges From Stealth With $7M in Funding to Secure the Business Application Mesh (BusinessWire) Valence, a cybersecurity startup delivering the first security platform to bring zero trust principles to the Business Application Mesh, today announc
Query.AI Closes Oversubscribed $15 Million Series A Round to Enable Greater Security Operations Efficacy and Efficiency Across Decentralized Cloud, Third-Party SaaS and On-Prem Environments (PR Newswire) Query.AI, the provider of the market's only security investigations control plane for modern enterprises, today announced the successful close...
Cato Networks Valued at $2.5 Billion, Raises Additional $200 Million to Accelerate SASE Adoption Among Large Enterprises (Cato Networks) Cato more than doubles its valuation in one year with largest funding round to date. Total financing reaches $532 million.
ICNZ reminds businesses of importance of cyber insurance (Insurance Business Magazine) Many attacks against families, individuals and small businesses go unnoticed
Interactive hires Accenture veteran Michael Dowling as security chief (CRN Australia) As the MSP invests in “next generation” security offerings.
Global Cybersecurity Influencer and Presidential Advisor Chuck Brooks Joins Sepio Systems' Advisory Board (PR Newswire) Sepio Systems, the leader in Zero Trust Hardware Access (ZTHA), announced today that cybersecurity influencer and Georgetown University adjunct...
Products, Services, and Solutions
Coalfire announces HITRUST Accelerator with AWS (Coalfire.com) For the first time, organizations requiring HITRUST can accelerate their time to validation by up to 50%.
Alcatel-Lucent Enterprise enriches its portfolio with Versa Networks SASE and SD-WAN (Technology Reseller) Leading provider of digital age communications, cloud and network solutions, Alcatel-Lucent Enterprise chooses transformative technology from Versa Networks to enhance software-defined network solutions.
Resecurity® Demonstrated AI-powered Cybersecurity Platform at GSX 2021 (KPVI) Resecurity®, a Los Angeles-based cybersecurity company, today announced the unveiling of their new cyber risk management solutions at the Global Security Exchange (GSX)
ThreatConnect Releases Risk Quantifier™ 6.0 — Driving Continued Innovation in Cyber Risk Quantification (SURPERFORMANCE) Latest release introduces full support for FAIR scenarios and innovative semi-automated FAIR scenarios designed to remove subjectivity, increase the speed of adoption and provide actionable results...
Checkmarx Unveils the Integrated Cloud Platform for Application Security (BusinessWire) Checkmarx, the global leader in developer-centric application security testing (AST), today announced the launch of the Checkmarx Application Security
SentinelOne Remote Script Orchestration Revolutionizes Incident Response and Endpoint Management At Enterprise Scale (SentinelOne) Merging IT and Security Operations Workflows for Advanced Investigations and Response Across Every Enterprise Device
SEON Expands Advanced Digital Device Fingerprinting to Counter New Internet and Mobile Fraud Tactics (BusinessWire) SEON, the fraud fighters, today unveiled modern digital device fingerprinting capabilities designed to identify and counter the latest internet and mo
ZeroFox Announces Physical Security Intelligence to Provide Enterprise Organizations with Real-time Situational Awareness (BusinessWire) ZeroFox, the leader in External Cybersecurity, announces a new Physical Security Intelligence solution, delivering visibility and intelligence on supp
Quest Announces QoreStor 7.1 to Protect Against Ransomware Scourge and Enhance Cloud Support (GlobeNewswire News Room) QoreStor 7.1 enables organizations to better protect against ransomware attacks to reduce risk to customers and business operationsThis enhancement allows...
Object Management Group to Join Forces with Augmented Reality Enterprise Alliance - AREA (AREA) Today, the international technology standards organization Object Management Group® (OMG®) announced it had joined forces with the Augmented Reality for Enterprise Alliance (AREA). Under the OMG umbrella, AREA will continue to drive the widespread adoption of interoperable AR-enabled enterprise systems.
Technologies, Techniques, and Standards
Free Decryptor Released for BlackByte Ransomware (SecurityWeek) Trustwave has released a free decryptor that victims of the BlackByte ransomware can use to restore their files.
Password Auditing Tool L0phtCrack Released as Open Source (SecurityWeek) Password auditing and recovery tool L0phtCrack has been released as open source and the project is looking for both maintainers and contributors.
Four Things You Can Do to Avoid Cyberattacks on Your Farm (DTN Progressive Farmer) Many farms think their businesses are too small to become a victim of a crippling cyberattack, but experts warn that attitude can make you more vulnerable.
How using the purple team approach helps in addressing cybercrime (HackRead) Follow us on Twitter @HackRead
Cyber Experts Stress Need for Breach Prevention Efforts (MeriTalk) Research from MeriTalk shows that 83 percent of government cybersecurity leaders say their organization operates on an “assume breach” model – assuming their networks have already been breached, or will be. However, cybersecurity experts stress that it’s equally important to put efforts into breach prevention, which involves crucial steps such as identifying all network assets.
TREs and the IoT: Enabling a Trusted Connected Future (Trusted Connectivity Alliance) Trusted Connectivity Alliance (TCA) and IoT Security Foundation share a common vision: to secure the IoT and drive sustained growth through trusted connectivity. In this article, Claus Dietze, Chair of the TCA Board, explains how Tamper Resistant Elements (TRE) can help the IoT achieve its potential.
Multilayered Measures to Fight Phishing (PYMNTS) The October edition of the Digital Fraud Tracker® explores the latest phishing tactics and how merchants are protecting themselves and consumers from attacks.
Kiwis urged to smarten up online to combat threat of cyber attacks (Newshub) Twenty-thousand incidents since 2017 have cost more than $60 million.
What The Pentagon Can Teach Business Leaders About Crisis Communication (Forbes) Corporate executives can learn a thing or two about crisis communication in a disciplined, organized and trained manner from the U.S. military which is known, after all, for the emphasis it places on discipline, organization and training.
Design and Innovation
CISA Seeking Answers for Implementation of Endpoint Detection and Response Tools (Nextgov.com) The agency has an idea of what it wants from the capability but is soliciting industry input on key aspects of an enduring investment plan.
Organizers of Security Serious Week set new Guinness World Records® Title for an Online Cybersecurity Lesson (KnowBe4) A total of 2136 watched lesson aimed to spread and improve security awareness during Cybersecurity Awareness Month in October
Dems Intro Bills to Secure Cyber Grants for HBCUs (MeriTalk) Democrats in both the House and Senate have introduced bills to fund a cybersecurity grant education program at Historically Black Colleges and Universities (HBCUs) and Minority Serving Institutions (MSIs).
Legislation, Policy, and Regulation
Google CEO Sundar Pichai Calls for Government Action on Cybersecurity, Innovation (Wall Street Journal) Sundar Pichai said the U.S. government should take a more active role in policing cyberattacks and encouraging innovation with policies and investments.
Russia Suspends Military NATO Office After Espionage Accusations (Breaking Defense) The Russian foreign ministry alleged NATO's "policy towards Russia is becoming increasingly more aggressive," and called the expulsion of its officers, as well as the downsizing of the liaison mission "unfriendly gestures."
Cybersecurity legislation is waiting in the wings (Washington Post) The ground is fertile for cybersecurity legislation
Biden Administration to Constrain Use of Sanctions in Foreign-Policy Shift (Wall Street Journal) The change comes after successive administrations increasingly used the tool, alienating allies and raising questions of efficacy.
Treasury says it needs to modernize its economic sanctions (AP NEWS) The Treasury Department says that the economic and financial sanctions the United States has employed over the past two decades to battle global terrorism, nuclear proliferation, drug cartels and other threats need to adapt to a rapidly changing financial world.
Missouri Governor Urged to Appoint Cybersecurity Panel (SecurityWeek) A St. Louis Post-Dispatch journalist uncovered a security flaw on a Department of Elementary and Secondary Education’s web application that allowed the public to search teacher certifications and credentials
National Guard to help with cybersecurity defense efforts during Colorado election (Durango Herald) State seeks to prevent personally identifiable information from being released.
Gov. Polis calls in National Guard to support Colorado election cybersecurity (Colorado Newsline) Gov. Jared Polis signed an executive order on Friday to help with cybersecurity defense efforts in Colorado’s election on Nov. 2.
California Broadens Security and Breach Laws, Includes Genetic Data (JD Supra) California recently updated both its data security and breach notice laws to include genetic data. With the passage of AB 825, the data security law...
Litigation, Investigation, and Law Enforcement
New York appears to target Nexo, Celsius in crackdown on crypto lending (The Block) The New York Attorney General fumbled its attempts to redact the names of the lending platforms that it is targeting for failure to register.
Banking ombudsman won't say if she's asked Kiwibank for explanation for outages (Stuff) 32 customers have contacted banking ombudsman about Kiwibank's online outages but she won't say if she's asked for an explanation.
Fictitious report of kidnapping likely a phishing scheme, say police (Timmins Press) Online article suggested the victim was a 5-year-old from Timmins
Kemper Proposes $17.6M Settlement of Data Breach Claims (Insurance Journal) Kemper Insurance has proposed to settle a class action stemming from two data breaches in a deal valued at about $17.6 million. The dual breaches could
T-Mobile Says Arbitration Applies to Consumer Data Breach Claims (Bloomberg Law) T-Mobile US Inc. is seeking to resolve out of a court a consumer lawsuit over a hack that exposed millions of customer records, arguing in a Georgia federal court filing that an arbitration agreement applies.
T-Mobile Seeks Arbitration Of Consumer's Data Breach Suit (Law360) T-Mobile wants to end a proposed class action over its massive consumer data breach, arguing in Georgia federal court that all customers agreed to arbitrate claims against T-Mobile upon signing the terms and conditions when opening a line.
Amazon Appeals Record $865M Fine for Violation of EU Data Protection Rules (Insurance Journal) Amazon.com Inc. appealed a record 746 million-euro ($865 million) penalty for allegedly violating the European Union's tough data-protection rules. The
Man Pleads Guilty to Stealing Nude Photos From Hundreds of iCloud Accounts (Vice) Hao Kuo Chi advertised his iCloud hacking service as "icloudripper4you" but also kept images for his personal collection.