Attacks, Threats, and Vulnerabilities
A China-aligned espionage group is targeting global telecoms, sweeping up call data dating back years (CyberScoop) An advanced network of digital spies with a nexus to Chinese interests has successfully compromised parts of the global telecommunications network, in some cases allowing access to subscriber information, call metadata, text messages and other data, according to research released Tuesday by CrowdStrike.
Crims target poorly-secured Unix servers at telcos (Register) CrowdStrike says 'LightBasin' gang avoids Windows, and knows that telco networks run on badly-secured *nix
A Roaming Threat to Telecommunications Companies (CrowdStrike) Learn about recent LightBasin intrusion activities and why CrowdStrike Intelligence assesses that LightBasin will continue to target the telecommunications sector.
Email phishing threat actor TA505 re-emerges after hiatus (Register) And they're packing a new dirty RAT as well
Twitter accounts linked to cyberattacks against security researchers suspended (ZDNet) North Korean hackers are luring professionals with "zero-day vulnerability hype."
New Excel Attachment May Be a Phishing Scam (Tech.co) A new Excel document has been circulating various finance companies as an attachment containing phishing malware.
Explosive New Mirrorblast Campaign Targets Financial Companies (Hstoday) The attack chain of the infection bears a similarity to the tactics, techniques, and procedures commonly used by Russia-based group TA505.
Squirrel Sandbox Escape allows Code Execution in Games and Cloud Services (SonarSource) We discovered and reported a vulnerability in the Squirrel VM, written in C, that allows an attacker to escape the sandbox.
Exploit kit adds rare Chrome browser attack chain (The Record by Recorded Future) The operators of the Magnitude exploit kit have added support for an attack chain targeting the Chrome web browser, a rare sighting since the very few exploit kits that are still active today have only targeted Internet Explorer over the past few years.
Acer hacked twice in a week by the same threat actor (BleepingComputer) Acer has suffered a second cyberattack in just a week by the same hacking group that says other regions are vulnerable.
Using dating apps like Bumble, Tinder on iPhone? Cryptocurrency hackers are coming after you: Report (The Financial Express) In gaining access to users' iPhones, spammers leverage Enterprise Signature -- a system for software developers that helps businesses pre-test new iOS applications with selected iPhone users before they submit them to the official Apple App Store for review and approval, according to Sophos.
Candy Corn Maker Hit With Ransomware (Dark Reading) Ferrara Candy Co. said a ransomware attack earlier this month won't affect Halloween supplies of its sweets, which include Brachs, Keebler, Sweet Tarts, and other popular brands.
Customer services firm Atento hit by cyberattack (ZDNet) The company's Brazilian operation has seen the greatest impact
Sec expert warns against believing chatter around REvil disappearance (iTWire) A seasoned ransomware threat researcher has warned against taking any of the chatter around the disappearance of the Windows REvil ransomware group for a second time seriously, given that the forums on which these posts are heavily monitored. Brett Callow, who works with the New Zealand-headquartere...
Sinclair Broadcast ransomware attack demonstrates how ‘business is suffering’ (SC Media) With the media giant only the latest in a long string of entities targeted by ransomware gangs, cybersecurity experts emphasized the need for public and private sectors alike to recognize the impact such incidents have on the ability for businesses across the all industries to remain standing.
University of Sunderland’s IT system still disabled a week after cyberattack (Times) The University of Sunderland says it continues to be badly affected by a “major cyberattack” a week after being hit by hackers
When Ransomware Hits Rural America (The Record by Recorded Future) Ransomware hit Pottawatomie County, Kansas hard. But it's just one of many rural communities targeted by cybercriminals in recent years.
Halloween comes early for Syniverse, Facebook, and Twitch: What we can learn from their spooky outages plus breaches (ZDNet) We're less than a full week into October, and Cybersecurity Awareness Month isn't what we expected. Let's take a trip through what's happened so far and the lessons we've learned.
Security Patches, Mitigations, and Software Updates
Trane HVAC Systems Controls (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Trane
Equipment: Building Automation Controllers (Tracer SC)
Vulnerability: Cross-site Scripting
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to redirect a user to a malicious webpage and steal the user’s cookie.
AUVESY Versiondog (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: AUVESY
Equipment: Versiondog
Vulnerabilities: Improper Access Control, Incorrect Permission Assignment for Critical Resource, Use of Hard-coded Cryptographic Key, Out-of-bounds Read, Use After Free, Out-of-bounds Write, Write-what-where Condition, Use of Potentially Dangerous Function, Unrestricted Upload of File with Dangerous Type, External Control of File Name or Path, External Control of System or Configuration Setting, Improper Input Validation, Uncontrolled Resource Consumption, Uncontrolled Search Path Element, Authentication Bypass by Capture-replay, SQL Injection, Uncontrolled Resource Consumption
Trends
Industry and Number of Records Can Lead to Costlier Breaches, Per New RiskLens Study (GlobeNewswire News Room) Healthcare, information, and financial industries are hardest hit, according to research to help organizations better control cyber event risk costs...
2021 State of Ransomware Report Reveals 83% of Victims Paid to Get Data Restored (PR Newswire) ThycoticCentrify, a leading provider of cloud identity security solutions formed by the merger of privileged access management (PAM) leaders...
Bad bots significantly threaten the profitability of retail e-commerce businesses (Security Info Watch) According to a new report from PerimeterX and Aberdeen, up to 80% of operational costs are negatively impacted by malicious bot activity
Small cyber attacks on the rise (IT-Online) Small bit-and-piece DDoS attacks (distributed denial of service) boomed by 233% in the first half of 2021, according to Nexusguard researchers in the Threat Report FHY 2021. As the pandemic carried on into 2021, hackers experimented with new attack patterns to avoid signature-based detection. In the first half of 2021, more than 99% of all […]
Cyber incident impact sits at over $500,000 for half of small to medium APAC businesses (ZDNet) According to a Cisco survey, one third of all breaches with a financial impact in Australia cost businesses over $1 million.
Marketplace
ISRAEL : Cellebrite buys Digital Clues to plug offensive OSINT gap (Intelligence Online) The Israeli-US cyber-intelligence specialist has taken control of a Swiss-based developer founded by Mati Kochavi to keep up the pace in the fiercely competitive field of forensics, where firms such
Identity protection provider Aura raises $200M at a $2.5B valuation (VentureBeat) Aura, a company offering a range of identity protection services, has raised $200 at a post-money valuation of $2.5 billion.
Customer Data Privacy Provider Skyflow Raises $45 Million (SecurityWeek) Customer data privacy company Skyflow today announced that it has raised $45 million in Series B funding. Over the past 18 months, the company has raised $70 million.
Query.ai Closes $15M Series A for Security Investigations Tool (Dark Reading) The funding will support product development for Query.AI's browser-based security investigations tool.
Google Cloud invests $50 million in cybersecurity startup Cybereason (VentureBeat) Cybereason, a cybersecurity firm that's raised hundreds of millions in venture capital, secured a coveted investment from Google Cloud.
Zix Hires Citigroup To Negotiate Sale Of Company: Report (CRN) Zix has hired financial services giant Citigroup to negotiate a sale of the email security vendor to other companies or private equity firms, Reuters reported.
Zix Shares Pop As News Sparks Over Potential Sale (Benzinga) Email security solutions provider Zix Corp (NASDAQ: ZIXI) is exploring strategic alternatives that include a sale of the company, Reuters reports.
Zix has hired...
Cato Networks Valued at $2.5B, Raises Additional $200M to Accelerate SASE Adoption Among Large Enterprises (Dark Reading) Cato more than doubles its valuation in one year with largest funding round to date. Total financing reaches $532 million.
Check Point CEO Gil Shwed warns on cybersecurity bubble (Globes) In explaining his reluctance to make more acquisitions, Shwed told "Bloomberg" that the pace of growth in cybersecurity meant new firms were expanding at breakneck pace.
Wall Street Sees a Record Deal Spree as a Reason for Optimism (New York Times) Fees from advising corporate clients on mergers and other deals raised bottom lines across Wall Street. Bankers say it’s a good sign for the recovery.
Seed-stage cybersecurity companies see investment slowdown, report finds (VentureBeat) According to a new report from DataTribe, seed-stage VC investments in cybersecurity companies are slowing as headwinds loom on the horizon.
Cato Networks looks for growth after it lands funding (MicroscopeUK) SASE specialist is looking for growth and the chance to get its product into the hands of more partners
Facebook is planning to rebrand the company with a new name (The Verge) The tech giant wants to be known for more than social media’s ills.
Facebook plans to change its name as part of company rebrand – report (the Guardian) Move could position social media app as one of many products under a parent company
Dell sets date for VMware spin-off (CRN Australia) The split is set to take place on November 1.
Zerodium seeking zero-days in ExpressVPN, NordVPN, and Surfshark VPN apps (The Record by Recorded Future) Exploit broker Zerodium announced its intention today to buy zero-day vulnerabilities in the Windows clients of three major VPN providers—ExpressVPN, NordVPN, and Surfshark.
U.S. Sanctions Push Huawei to Re-Invent Itself and Look Far into the Future (Modern Diplomacy) There is no doubt that the return of Huawei’s CFO Meng Wanzhou to Beijing marks a historic event for the entire country that made every Chinese person incredibly proud, especially bearing in mind its timing, as the National Day celebrations took place on October 1. “Where there is a five-star red flag, there is a […]
Infosec Institute and CJHNetwork Partner to Reskill Workers Impacted by COVID-19 (Yahoo Finance) Infosec Institute, a leading cybersecurity education company, today announced it has partnered with CJHNetwork to upskill and reskill workers impacted by COVID-19. CyberQuest is filling Ireland's growing cybersecurity skills gap. Founded by IT@Cork Skillnet, CyberQuest was established in November 2020 to help individuals impacted by the pandemic find a career path in cybersecurity.
SonarSource Reaches 15,000 Commercial Customers Milestone, Helping Businesses Across All Industries Deliver Better Software (BusinessWire) SonarSource, the leading provider of code quality and code security solutions, announced it has added over 5,000 customers in the last 12 months.
Former NSA Deputy Director William Crowell Joins [redacted] Board of Directors (Dark Reading) Cybersecurity industry veteran brings substantial public and private sector experience to help guide [redacted] growth and expansion.
LookingGlass CEO Gilman Louie to be honored with Theodore Roosevelt Government Leadership Award by Government Executive (GlobeNewswire News Room) The event will be hosted virtually on October 21, 2021, with dedicated Teddy TV episodes airing online through November 8....
Products, Services, and Solutions
SaaS Alerts Releases First-Ever Security Monitoring of User Behavior in the IT Glue MSP Documentation Platform (EIN) Integration to Enhance Managed Service Provider Security
Rewind Completes SOC 2 Type I Certification (PR Web) Cloud Backup and Recovery Platform Demonstrates Commitment to Information Security for Highly Regulated Industries
Contrast Security Announces Breakthrough Solution for Serverless Application Security (WCAX) Contrast extends its application security platform with Contrast Serverless Application Security that will initially support AWS Lambda as survey finds two-thirds of respondents say security is critical or very important to their serverless application strategy
Splunk enhances security solutions to help organizations embrace digital transformation (Help Net Security) Splunk announced a series of new product innovations designed to help organizations securely embrace digital transformation.
8 top multifactor authentication products and how to choose an MFA solution (CSO Online) Learn the key considerations when choosing an MFA solution and why these top picks are worth a look.
Top three things that prove Claris is the best low-code development platform. (Claris) Since not all low-code software is equal, discover why the Claris platform stands out in a cluttered low-code market.
Gabriel, TNS, and Rypplzz Join Forces to Enhance Crypto Security (Yahoo Finance) A form of cyber fraud called “SMiShing” short for “short message service” phishing has increased by 700 percent in six monthsSAN ANTONIO, Oct. 20, 2021 (GLOBE NEWSWIRE) -- According to a recent Coinbase Security Team article, financial fraud using SMiShing, a form of phishing that uses mobile phones as the attack platform, is now one of the most used cyber-attacks against cryptocurrency traders. Sky News also reported a 700% increase in SMiShing attacks in the first six months of 2021. To protec
DefenderShield Introduces the Faraday Line - The Only Signal-Proof Bags with Full Wireless Protection From 5G Cyberattacks (Yahoo Finance) DefenderShield debuts the only security Faraday bags that block all wireless signals including 5G, which is vulnerable to radiofrequency cyberattacks.
Alcatel-Lucent Enterprise partners with Versa Network to expand its SASE and SD-WAN capabilities (Help Net Security) Alcatel-Lucent Enterprise chooses transformative technology from Versa Networks to enhance software-defined network solutions.
Lockton Launches Silent Cyber Property Solution for Businesses (Insurance Journal) Lockton, the privately-owned independent insurance broker, has launched its Silent Cyber Property Solution, a standalone policy that covers businesses
Forcepoint updates Partner Program with new Platinum tier & growth pathways (Channel Life) “The most successful companies stand on the shoulders of partners, and partner-led growth is central to our strategy.
Google Cloud tools aim to ease machine-learning, cross-cloud analytics (InfoWorld) Google Cloud Platform (GCP) is offering new dedicated data and machine learning (ML) tools designed to clear up data inefficiencies and ease application development for enterprises.
Technologies, Techniques, and Standards
Microsoft, Intel and Goldman Sachs Lead New Supply Chain Security Initiative (SecurityWeek) Microsoft, Intel and Goldman Sachs will lead a new supply chain security work group at the Trusted Computing Group (TCG).
Cyber crime: creating a 'no blame' culture (ICAEW) Your response to a breach matters – here’s how to ensure your conversations and investigations are productive.
New Research Reveals Automation and Unification Enable a More Cohesive Defense of the Enterprise Attack Surface (BusinessWire) Cyware, the industry’s only Virtual Cyber Fusion platform provider, today revealed new research detailing the challenges affecting modern security ope
Start 'Em Early: Talk to Your Kids About Online Security (PCMAG) In this week's SecurityWatch, we ask an expert how to help kids understand and focus on online security while they work and play.
Can understanding flaws in malware help defenders prevent attacks? (SC Media) Researchers performed a large-scale analysis of a data set of malicious samples that crashed in the Zscaler Cloud Sandbox, studying coding errors to determine if there are ways to leverage vulnerabilities to prevent malware from loading in the first place.
When it comes to biometrics, are our bodies the best tool to protect privacy? (Maddyness UK) Using biometrics as a means of identification and authentication has been rapidly evolving. Protecting consumer personal data is critical.
'Tattleware' not only intrusive but ineffective (Avast) Rather than imposing privacy-invading tattleware on their employees, employers should instead reevaluate how they measure success. Is it about “productivity?” Or is it about results?
Design and Innovation
Credo aims to build ethical AI from the ground up (Axios) The startup wants to keep AI products within regulatory and ethical bounds
Research and Development
Security precautions in cryptocurrency (WMAR) The first, and likely most well known, cryptocurrency, Bitcoin, was created back in 2008, just as the global economy plunged into a great recession.
Academia
From Tiktok to bear mascots — 7 ways education is recruiting cyber talent (EdScoop) There are hundreds of thousands of jobs in cybersecurity that need filling. Higher education and industry are getting creative to attract new talent.
Stanford Takes on the Techlash (The New Yorker) With more and more students becoming dorm-room C.E.O.s, three professors cooked up an ethics class for the coding set.
SA needs cyber defence to combat growing onslaught (IT-Online) Now in its 18th year, Cybersecurity Awareness Month (CSAM) in October is a global initiative first launched by the US Department of Homeland Security and National Cyber Security Alliance to raise awareness of the role everyone can play in improving cyber security. By Doros Hadjizenonos, regional sales manager at Fortinet This year’s theme: “Do Your […]
Legislation, Policy, and Regulation
Japan, France to hold 2-plus-2 security talks this year (Kyodo News+) Japan and France plan to hold security talks involving their foreign and defense ministers within the year, the French government says.
Ministers on preparations for the European Council, the rule of law and the Conference on the Future of Europe | GOV.SI (Portal GOV.SI) State Secretary Gašper Dovžan today attended the regular General Affairs Council meeting in Luxembourg as Chair. The debate focused on preparations for the October European Council, the state of the rule of law in the Union and the Conference on the Future of Europe. “Today, we discussed a number of issues that directly affect our citizens. As the country holding the Presidency, we are very pleased to have reached the conclusions on the Joint Cyber Unit. In doing so, we have taken an important step forward in ensuring greater cybersecurity and resilience for citizens," underlined State Secretary Dovžan.
U.S. cyber czar wants industry to collaborate with government (Washington Post) Chris Inglis touts voluntary industry cooperation even as the administration cracks dow
Republican and Democrat Lawmakers Step Up Efforts to Adopt Tougher Tech Laws (Wall Street Journal) Legislation to curb the influence of big technology companies, including putting new restrictions on online content, is starting to gain traction in Congress as lawmakers narrow their targets and seek to build on public attention.
Congress Is Losing Patience With Big-Tech Resistance, Klobuchar Says (Wall Street Journal) Democratic Sen. Amy Klobuchar says the push for regulation got a boost from the disclosure of some of Facebook’s internal research.
Treasury Seeks More Money for Illicit-Finance Oversight, Including Crypto and Cybercrime (Wall Street Journal) The Biden administration’s financial intelligence and sanctions units need significantly more funding and staff to combat national-security threats, including ones arising from ransomware and cryptocurrency markets, the Treasury Department’s second in command told lawmakers Tuesday.
US Cybersecurity Has a Metrics Problem. Here’s How to Fix It. (Just Security) Lawmakers have taken critical steps this year, but the lack of data makes it hard to know whether U.S. cybersecurity is actually improving.
Watchdogs Call For Standardized Cyber-Breach Reporting (Law360) A global forum of central bankers urged the financial sector on Tuesday to develop a common method for reporting cyber-incidents, after finding that differences between jurisdictions could be damaging the industry's stability.
Colonial Pipeline Hack Shows Peril Of Ignoring Military Cyber Vulnerabilities: Kendall (Breaking Defense) The ransomware attack on Colonial Pipeline in May underscores the urgency for the Pentagon to safeguard its logistics enterprise.
Biden's pick to lead DOD's weapons testing wants cyber assessments for commercial cloud systems (FCW) The Biden administration's pick to lead the Defense Department's operational testing, Nickolas Guertin, called the department's inability to conduct independent cyber assessments of commercial cloud systems 'a severe limitation.'
Litigation, Investigation, and Law Enforcement
The SEC Is Baffled By GameStop Too (Bloomberg) Also anti-green bonds, AMC and Harambe on Wall Street.
FBI Raids Homes Owned by Relatives of Russian Oligarch Oleg Deripaska (Wall Street Journal) Metals tycoon, who figured in post-2016 investigations, was under U.S. sanctions imposed in 2018
FBI Raids Russian Billionaire Oleg Deripaska’s Washington Mansion (Bloomberg) Tycoon’s spokeswoman says homes belong to his relatives. Russian billionaire has been sanctioned by U.S. since 2018.
Has Facebook Sidestepped GDPR's User Consent Requirements? (SecurityWeek) By making a contract between Facebook and its users, the usual understanding of consent is not required by users, allowing Facebook to effectively sidestep the need for GDPR-relevant user consent.
Carr Calls For FCC To Crack Down On 'Huawei On Wings' (Law360) FCC Commissioner Brendan Carr on Tuesday called for the agency to crack down on a Chinese drone company that is believed to have collected massive amounts of information on Americans, likening it to a "Huawei on wings" that must be restricted from doing business in the U.S.
UPDATE 1-U.S. FCC commissioner wants new restrictions review for Chinese dronemaker DJI (Yahoo Finance) A Republican member of the Federal Communications Commission (FCC) on Tuesday said he wants the U.S. telecommunications regulator to begin the process of imposing new restrictions on Chinese drone maker SZ DJI Technology Co. FCC Commissioner Brendan Carr said the agency should takes steps toward adding DJI, the world's largest dronemaker, to the so-called "Covered List" that would prohibit U.S. Universal Service Fund money from being used to purchase its equipment. DJI, which accounts for more than 50% of U.S. drone sales, said its "drones are safe and secure for critical and sensitive operations... Our customers know that DJI drones remain the most capable and most affordable products for a wide variety of uses, including sensitive industrial and government work."
US must put new limits on Chinese drone maker DJI, says telecoms agency member (South China Morning Post) Calling DJI ‘Huawei on wings’, a Republican commissioner says the FCC should start the process of adding the company to a blacklist.
US: Couple accused in submarine espionage case indicted (Navy Times) A Maryland couple arrested earlier this month on charges of trying to sell information about nuclear-powered warships to a foreign country have been indicted, the Justice Department said Tuesday.
Adam Schiff asks intelligence agencies for information about CIA's targeting of WikiLeaks (Yahoo) The House Intelligence Committee is seeking information about a Yahoo News report that CIA officials plotted to kidnap Julian Assange from the Ecuadorean Embassy in London in 2017 after WikiLeaks published documents describing the spy agency’s hacking tools.
EU Facilitates Surveillance: Access Now, PI, Demand An Investigation (Scoop News) Today, Access Now joins Privacy International, Sea-Watch, BVMN, Homo Digitalis, and International Federation for Human Rights (FIDH) in calling on the European Ombudsman, Emily O'Reilly, to open an inquiry into several EU institutions’ failure to promote ...
University of Pittsburgh Medical Center Hacker Sentenced to Prison (SecurityWeek) The individual who hacked the human resources databases of the University of Pittsburgh Medical Center was sentenced to seven years in prison.
Prison for UPMC Data Thief (Infosecurity Magazine) Former FEMA IT specialist given maximum sentence for stealing and selling UPMC employee data
Steele dismisses James Bond comparisons -- but dossier did leave him shaken, stirred (ABC11 Raleigh-Durham) Five years after he penned the so-called "Steele dossier," British ex-spy Christopher Steele tells ABC News that his life has taken more turns than a James Bond film.