Attacks, Threats, and Vulnerabilities
CISA: GPS software bug may cause unexpected behavior this Sunday (BleepingComputer) The Cybersecurity and Infrastructure Security Agency (CISA) warned that GPS deices might experience issues over the weekend because of a timing bug impacting Network Time Protocol (NTP) servers running the GPS Daemon (GPSD) software.
GPS Daemon (GPSD) Rollover Bug (CISA) Critical Infrastructure (CI) owners and operators, and other users who obtain Coordinated Universal Time (UTC) from Global Positioning System (GPS) devices, should be aware of a GPS Daemon (GPSD) bug in GPSD versions 3.20 (released December 31, 2019) through 3.22 (released January 8, 2021).
TA551 Shifts Tactics to Install Sliver Red-Teaming Tool (Threatpost) A new email campaign from the threat group uses the attack-simulation framework in a likely leadup to ransomware deployment.
New TA551 Email Campaign Installs Sliver Red-Team Tool (Decipher) A new email hijacking campaign by the TA551 attack group is installing the legitimate Sliver red-team tool as a payload, possibly for use in future ransomware operations.
FiveSys Rootkit Abuses Microsoft-Issued Digital Signature (SecurityWeek) A rootkit named FiveSys is able to evade detection and slip unnoticed onto Windows users’ systems courtesy of a Microsoft-issued digital signature.
'This Gave Us Chills': Maltese Voter Data Leak Accurately Predicted General Election Results (Lovin Malta) A data leak of over 300,000 voters and their preferences from a Maltese political party has been able to accurately predict election results
Here's how a hacker was able to blow up Trump's new free speech site (The Daily Dot) A hacker discovered that former President Donald Trump's social media platform "Truth Social" was publicly accessible online.
Palo Alto warns of BEC-as-a-service (ZDNet) According to Palo Alto Networks ' researchers, business email compromise continues to be one of the leading ways cybercriminals scam victims finding an average wire fraud attempt of $567,000 with a peak of $6 million.
Cybercrime gang sets up fake company to hire security experts to aid in ransomware attacks (The Record by Recorded Future) A cybercrime group known as FIN7 has created a fake security firm earlier this year, used it to hire security researchers, and then trick them into participating in ransomware attacks.
Cybercrime matures as hackers are forced to work smarter (BleepingComputer) An analysis of 500 hacking incidents across a wide range of industries has revealed trends that characterize a maturity in the way hacking groups operate today.
Google Disrupts Cookie Theft Malware Attacks (Decipher) Google researchers point to a resurgence in a decades-old session hijacking tactic, as seen in a recent phishing campaign.
MCH group targeted in latest Swiss cyber attack (SWI) Switzerland’s MCH Group is the latest heavyweight company to be hit by hackers as a rash of attacks spreads across the Alpine nation.
450 million cyberattacks attempted on Japan Olympics infrastructure: NTT (ZDNet) NTT said the number of attacks was 2.5x times the number of attacks seen during the 2012 London Summer Olympics.
The worst celebrity hacks (Avast) From Lady Gaga to Barack Obama and intimate photo leaks to Bitcoin scams, celebrities are big targets for hacking. Find out how famous people get hacked.
My Health Record imaging services security failed ADHA password standards (ZDNet) Australia submitted 7% fewer data breach notifications compared to last year, according to the agency responsible for dealing with these notifications.
Security Patches, Mitigations, and Software Updates
AWS patches bug that left its WAF customers exposed to SQL injection (SC Media) The researchers said the bug, which they trace back to a Black Hat presentation in 2013, was fixed by AWS on Oct. 1, with public disclosure coming on Wednesday.
AMD Releases Patch for Windows 11 Slowdown Bug With Ryzen Chips (PCMAG) UPDATE: Microsoft is starting to roll out the patch for the second bug.
ICONICS GENESIS64 and Mitsubishi Electric MC Works64 OPC UA (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendors: ICONICS, Mitsubishi Electric
Equipment: ICONICS GENESIS64, Mitsubishi Electric MC Works64
Vulnerability: Uncontrolled Recursion
2. RISK EVALUATION
Successful exploitation of this vulnerability could trigger a stack overflow.
Delta Electronics DIALink (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Delta Electronics
Equipment: DIALink
Vulnerabilities: Cleartext Transmission of Sensitive Information, Cross-site Scripting, Improper Neutralization of Formula Elements in a CSV File, Cleartext Storage of Sensitive Information, Uncontrolled Search Path Element, Incorrect Default Permissions
2.
ICONICS GENESIS64 and Mitsubishi Electric MC Works64 (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: ICONICS, Mitsubishi Electric
Equipment: ICONICS GENESIS64, Mitsubishi Electric MC Works64
Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write
2. RISK EVALUATION
Successful exploitation of these vulnerabilities may result in remote code execution.
B. Braun Infusomat Space Large Volume Pump (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.0
ATTENTION: Exploitable remotely/low attack complexity
Vendor: B. Braun Melsungen AG
Equipment: Main equipment
Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Cleartext Transmission of Sensitive Information, Missing Authentication for Critical Function, Insufficient Verification of Data Authenticity, and Improper Input Validation
2.
Trends
NCC Group Monthly Threat Pulse – September 2021 (Mynewsdesk) NCC Group’s monthly Threat Pulse report, based on analysis from our Strategic Threat Intelligence team, reveals the scale of the increasing ransomware threat...
Why Have Industrial Companies Become So Vulnerable To Data Extortion? (Magoda) 2020 was a standout year for industrial data extortion. More companies have been affected by cyberattacks in recent months than in the last 15 years combined.
73% of UK Firms had Phishing Attacks in Last 12 Months (PYMNTS) In the United Kingdom, phishing schemes are gaining traction, with 73% of companies suffering data breaches that stemmed from phishing within the past year.
How common are data breaches in the UK? (Business Lancashire) A data breach is when confidential information is accessed, copied or stolen by an unauthorized individual. And they’re a widespread problem for UK businesses. 88 per cent of UK businesses had some form of data breach in the 12 months leading up to May 2020. High income charities have been targeted in particular. Below, we explore how common data breaches are in UK and the nature of these breaches.
Marketplace
From Zero to $9 Billion: Inside the Growth of U.S.-Listed Cyber ETFs (Traders Magazine) The growth aligns with a threat that is unlikely to fade away anytime soon.
KnowBe4 to Acquire SecurityAdvisor, Introduces a New Information Security Category “Human Detection and Response” (GlobeNewswire News Room) KnowBe4, Inc. (NASDAQ: KNBE), the provider of the world's largest security awareness training and...
Plurilock to Acquire Assets of CloudCodes Software (Dark Reading) Transaction marks Plurilock’s second acquisition in 2021.
Smart Security Camera Startup Rhombus Systems Raises $10 Million (SecurityWeek) Sacramento, CA-based Rhombus Systems – a provider of smart security cameras – has raised $10 million in a Series A funding round led by Cota Capital
JumpCloud Closes Out $225 Million Series F With Additional $66 Million Raised From Atlassian Ventures, CrowdStrike Falcon Fund, NTT Docomo Ventures, and Others (AiThority) JumpCloud announced it has raised a total of $225 million for its Series F round to accelerate small and midsize enterprise adoption of its modern directory platform.
Cyber security startup CipherStash raises $3.3 million in seed round (Startup Daily) Encryption technology startup CipherStash has raised $3.3 million in a seed round as it looks cracking the US market. The round was led by AirTree and US VC Nexus Venture Partners, supported by Linktree CTO Zak Islam,Threatmatric co-founder Alisdair Faulkner and Buildkite’s Keith Pitt. The startup is an end-to-end, searchable encrypted data storage platform. It... Read more »
Invicti Security Announces $625 Million Growth Investment Led by Summit Partners (Dark Reading) Web application security provider plans to leverage new investment to continue product expansion and support global growth.
Dunbar buys Integrity Systems, Inc. (Security Info Watch) Acquisition enables company to provide security integration services in Washington, D.C. metro region
Microsoft bought CloudKnox because hybrid multicloud identity is complicated (TechRepublic) Managing passwords and privileged access is bad enough for people—but that's going to be dwarfed by the problem of dealing with non-human identities.
Microsoft now defends nonprofits against nation-state attacks (BleepingComputer) Microsoft announced today a new security program for nonprofits to provide them with protection against nation-state attacks that have increasingly targeting them in recent years.
Microsoft announces security programs for nonprofits as nation-state attacks increase (ZDNet) The Security Program for Nonprofits will offer nonprofits free security assessments, training and access to Microsoft security tools.
Strengthening cyber defenses for nonprofits - Microsoft On the Issues (Microsoft On the Issues) Nonprofits are increasingly at risk due to a worldwide rise in cybercrime. In response, Microsoft is launching the Security Program for Nonprofits – a set of security offerings, built to complement Microsoft’s security suite.
Why Facebook is rebranding (Platormer News) Fresh details from the search for a new name. PLUS: Five former employees weigh in
Facebook's Name Change Won’t Fix Anything (Wired) Can rebranding the company herald a fresh start? Experts, as you might guess, are skeptical.
Donald Trump launching new social media platform, TRUTH Social (ABC News) The former president has been banned from several platforms.
The driving force behind Nextgen's cyber push (ARN) Nextgen has made a concerted effort to ramp up its cyber security practice over the last three years, taking a methodical approach to locating the right partners.
AXA XL appoints Danielle Roth to lead North American cyber claims (ReinsuranceNe.ws) AXA XL has announced the appointment of Danielle Roth as Practice Leader and Head of Cyber Claims, North America. Roth will be responsible for developing
Former Deputy NSA/CSS Chief Rear Admiral Dan MacDonnell Joins Randori as Chief Strategy Officer (Yahoo Finance) Randori, the company that Attacks to Protect™, today announced that Rear Admiral Dan MacDonnell, U.S. Navy (Ret) has joined the company as its Chief Strategy Officer. In this role, MacDonnell will apply his past military and business cyber experience to shape Randori's product strategy, helping companies defend forward faster by applying an offensive mindset.
ESET Hires Ex-Ingram Micro Exec To Drive Channel Business (CRN) ESET has brought on longtime Ingram Micro leader Ryan Grant to push upmarket and enhance the company’s strategy for different solution provider segments.
Products, Services, and Solutions
New infosec products of the week: October 22, 2021 (Help Net Security) The featured infosec products this week are from the following vendors: SecLytics, SecurID, Splunk, ThreatConnect and ZeroFox.
Platform9 Announces SaaS GitOps Engine to Simplify Multicloud Operations and Governance With Latest Kubernetes Release (PR Newswire) Platform9, the leader in multicloud Kubernetes-as-a-Service, today announced a number of new enterprise features that greatly eliminate...
WISeKey’s Cybersecurity and Identity Management Technology to Secure NFTs (The Tokenizer) WISeKey International Holding Ltd. (“WISeKey”), leading global cybersecurity, AI, Blockchain, and IoT company, today announced that..
Radware Launches New Capabilities to Mitigate Encrypted DDoS Attacks Without Compromising Business Needs (GlobeNewswire News Room) New algorithms provide encrypted attack mitigation at scale and with greater accuracy...
Technologies, Techniques, and Standards
Thwarting Insider Threats, Ransomware and Protecting Converged Systems in Water and Wastewater Facilities (Infosecurity Magazine) WWS facilities deserve the most sophisticated defense the market offers
Cybersecurity Training: Why You Should Train Employees on Social Media Discretion (Security Intelligence) Cybersecurity training sometimes overlooks how important social media discretion is. Learn how to train employees to share wisely and protect company data.
Agencies get new guidance for securing mobile devices on international travel (Federal News Network) Officials are confronting a growing list of mobile-specific cybersecurity challenges with travel opening up and many employees working remotely.
Before and After a Pen Test: Steps to Get Through It (The Hacker News) What is a penetration testing? Steps to take before and after a penetration test.
Kill the CAC? Why some people really want the military's ID cards to go away (Task & Purpose) When Air Force Lt. Gen. Robert Skinner said he wanted to kill the CAC, one Army employee's heart skipped with joy.
Design and Innovation
Big Tech is pushing a 'national cloud.' Critics say Big Tech would profit from it. (NBC News) Big tech has big designs on a big cloud.
Academia
USC Aiken and SANS Tech Start Cybersecurity Degree Program (GovTech) A new partnership between USC Aiken and SANS Technology Institute will allow students to get hands-on training and four industry-recognized certifications while completing a bachelor's degree in cybersecurity.
Hetherington Group & Dakota State University Announce New OSINT Academy (StreetInsider.com) Dakota State University and Hetherington Group are proud to announce the commencement of...
High School Students Take Part In Michigan Cyber Summit (Radioresultsnetwork.com) The 10th Michigan Cyber Summit (formerly the North American International Cyber Summit), hosted by Gov. Gretch...
Legislation, Policy, and Regulation
Europe’s parliament is trying to ban microtargeting (TechCrunch) European Union lawmakers are mobilizing support for a ban on tracking-based advertising to be added to a new set of Internet rules for the bloc — which were proposed at the back end of last year but are now entering the last stretch of negotiations ahead of becoming pan-EU law. If they succee…
Morocco’s Intelligence Apparatus Fuels a Crackdown on Dissent (The Intercept) Dozens of Moroccan journalists were listed as potential targets of NSO Group’s Pegasus spyware — just one instrument in the kingdom’s expanding surveillance toolbox.
INSA Urges Media Institutions to Enhance Capacity to Prevent Cyber-attacks (Walta) Information Network Security Agency (INSA) has urged all media institutions in Ethiopia to enhance their capability to prevent the increasing cyber-attacks. INSA Deputy Director General Antenhe Tesfaye made
U.S. Ban on Sales of Cyberattack Tools Is Anemic, Experts Warn (Threatpost) Meanwhile, Zerodium’s quest to buy VPN exploits is problematic, researchers said.
U.S. Export Controls Crack Down on Surveillance Tools (Decipher) A newly proposed interim final rule is the result of 2017 negotiations as part of the Wassenaar Arrangement after initial export rules were met with criticism.
NSA is surging its collaboration with the private sector (Washington Post) Dozens of firms are huddling with the National Security Agency on cybersecurity
FTC Chair: Agency’s new ISP privacy report shows the FCC should have jurisdiction (The Record by Recorded Future) Oversight of ISP privacy practices was kicked over the FTC after Congress blocked the FCC's planned rules during the Trump administration.
There’s just one Department of Homeland Security. So why does it have so many bosses in Congress? (Washington Post) More than 90 congressional committees and subcommittees currently claim jurisdiction over some part of DHS
Federal CISO says there’s much feds ‘can learn from the states’ (StateScoop) The White House’s Chris DeRusha told officials in his former state of Michigan that they’ve “done a lot of big creative things.”
How government and industry are failing in battle against ransomware attacks (TheHill) Right now, paying the ransom may be the only reasonable option, and I say this as a former FBI official tasked with combatting cybercrime.
Why is Cybersecurity Failing Against Ransomware? (Threatpost) Hardly a week goes by without another major company falling victim to a ransomware attack. Nate Warfield, CTO at Prevailion, discusses the immense challenges in changing that status quo.
New Regulation Won’t Plug the Nation’s Cybersecurity Leaks (Barron's) Bills on the table do more to alienate cybersecurity professionals than help solve problems, writes Malwarebytes CEO Marcin Kleczynski.
CISA seeks 24-hour cyber incident reporting timeline (Defense Systems) Two separate Senate bills set different deadlines for federal contractors, critical infrastructure providers and other covered companies to report cyber incidents to the federal government.
Republican Senate leaders slam new TSA cybersecurity regulations for rail and aviation industry (ZDNet) Despite recent attacks, the Senators questioned whether the emergency passage of the rules was "appropriate absent an immediate threat."
Bill Co-Sponsored by Vargas Aims to Limit Impact of Online ‘Click-to-Agree’ Policies (WHAV) Those who click through those popup agreements online and worry about future repercussions may find relief in a bill sponsored by a trio of legislators, including Rep. Andy X. Vargas, and before a committee headed by local legislators. Dubbed the Massachusetts Information Privacy Act, it targets a common feature of internet life—“click-to-agree” privacy policies and […]
Tillis Co-Sponsors Bipartisan Legislation Requiring Critical Infrastructure Entities To Report Cyberattacks (Thom Tillis, U.S. Senator for North Carolina) U.S. Senator Thom Tillis (R-NC), Co-Chair of the Senate Cybersecurity Caucus, co-sponsored bipartisan legislation this week to require critical infrastructure owners and operators to report to the Cybersecurity and Infrastructure Security Agency (CISA) if they experience a cyber incident, including a cyberattack, and most entities to report if they make a ransomware payment.
What Next For Australia's Anti-corruption Agencies? | Scoop News
(Scoop) Corruption battles heat up Public meeting on future of public integrity agencies As the SA Government guts its anti-corruption commission, and a NSW Premier falls, what are the lessons for integrity bodies in Australia? This question will be explored ...
Training in cyber security for govt. employees (The Hindu) Andhra Pradesh first State to initiate it on massive scale, says Rajat Bhargava
Litigation, Investigation, and Law Enforcement
EXCLUSIVE Governments turn tables on ransomware gang REvil by pushing it offline (Reuters) The ransomware group REvil was itself hacked and forced offline this week by a multi-country operation, according to three private sector cyber experts working with the United States and one former official.
REvil ransomware gang taken down in multi-country operation (Computing) A member of the gang said last weekend that someone had compromised the group's servers
DarkSide ransomware gang moves some of its Bitcoin after REvil got hit by law enforcement (The Record by Recorded Future) The operators of the Darkside and BlackMatter ransomware strains have moved a large chunk of their Bitcoin reserves after news broke that fellow ransomware gang REvil had its servers taken over by a coalition of law enforcement agencies.
Former Execs of Cybersecurity Firm GigaTrust Charged With Financial Fraud (SecurityWeek) Three former executives of now defunct email security firm GigaTrust have been charged for defrauding investors and lenders in a $50 million scheme.
New Civil Cyber-Fraud Initiative Signals Increased Litigation Risk Arising from Cybersecurity Practices (JD Supra) Our Privacy, Cyber & Data Strategy and White Collar, Government & Internal Investigations teams answer the questions government contractors will have...
DOJ Unveils New Initiative to Pursue Cybersecurity-Related Fraud by Government Contractors and Grant Recipients (JD Supra) Earlier this month, the Department of Justice (DOJ) announced the launch of its Civil Cyber-Fraud Initiative, aimed to...
Pentagon IG finds ‘no improper influence’ in hiring of Michael Ellis as NSA general counsel (Washington Post) The Pentagon inspector general’s office has concluded there was “no improper influence” in the decision to select a former Republican operative as the National Security Agency’s top lawyer last fall.
Woman charged in submarine spy case to remain locked up (Navy Times) A Maryland woman charged along with her husband in a plot to sell submarine secrets to a foreign country must remain behind bars after a judge on Thursday determined she was a flight risk and a danger to national security.
Millburn’s Diamond Institute for Fertility To Pay $495,000 for Data Security Improvement (TAPinto) Millburn’s Diamond Institute for Fertility and Menopause, LLC To Pay $495,000 for Data Security Improvement
DOJ Sues To Collect FCC's $9.9M Fine From Racist Robocaller (Law360) The U.S. Department of Justice said Thursday it has sued a Montana-based white supremacist who has failed to pay a $9.9 million Federal Communications Commission fine for peppering communities with thousands of racist and antisemitic robocalls.
Man Sentenced for Cyberstalking Legislative Candidate's Wife (News Channel Nebraska) A Bellevue man has been sentenced to federal prison for threatening to release a nude photo of a legislative candidate’s wife unless the candidate dropped out of the race.
Blackbaud Can't Shake Negligence Claims In Data Breach Row (Law360) A South Carolina federal judge has preserved a pair of negligence claims while cutting two other allegations from a consolidated putative class action over a 2020 ransomware attack on Blackbaud, after rejecting the software company's argument that it didn't have a duty to protect plaintiffs from the hack.