Attacks, Threats, and Vulnerabilities
Holy SEO Poisoning (Menlo Security) The Menlo Labs team has seen a rise in attacks designed to target users, as opposed to organizations, bypassing traditional security measures. One example is Menlo Labs we are tracking is an active campaign called SolarMarker. We’ve seen an increase in attackers using SEO poisoning, with high success rates, to serve malicious payloads to customers....
Iran Struggles to Relaunch Petrol Stations After Cyberattack (SecurityWeek) Iran struggled Wednesday to restart its petrol distribution system after it was hit by an unprecedented cyber-attack which security officials said was launched from abroad.
Iran's president says cyberattack meant to create 'disorder' (AP NEWS) Iran's president said Wednesday that a cyberattack which paralyzed every gas station in the Islamic Republic was designed to get “people angry by creating disorder and disruption,” as long lines still snaked around the pumps a day after the incident began.
Iran blames foreign country for cyberattack on petrol stations (BBC News) Tuesday's attack crippled a system that lets motorists buy subsidised petrol, causing long queues.
Cyberattack Cripples Iranian Fuel Distribution Network (Threatpost) The incident triggered shutdowns at pumps across the country as attackers flashed the phone number of Supreme Leader Ali Khamenei across video screens.
Secondary Infektion, a Russian disinformation outfit, impersonated Swedish lawmaker (CyberScoop) A suspected Russian disinformation campaign used manipulated images and fabricated internet personas to promote false narratives online in an effort to sow mistrust in Sweden and Europe, according to new findings.
Operation Secondary Infektion Impersonates Swedish Riksdag, Targets European Audiences (Recorded Future) The following report is an update to Insikt Group’s August 2021 publication “Operation Secondary Infektion Continues Targeting Democratic Institutions and Regional Geopolitics”, an investigation into the likely Russian state-sponsored information operation “Secondary Infektion.” This report examines a second newly discovered campaign of Operation Secondary Infektion, aimed at impersonating the Swedish Parliament (Riksdag) to promote a claim that Sweden is set to join NATO along with Ukraine. This report contains information gathered using the Future® Platform as well as several OSINT enrichment tools.
Lazarus APT Uses Updated Malware in Potential Supply Chain Attacks (Decipher) The Lazarus group has been recently observed “building supply-chain attack capabilities” by targeting a legitimate South Korean security software and an IT asset monitoring solution vendor.
Cybercriminals claim to have hacked the NRA (NBC News) A notorious Russian cybercriminal group has posted what appear to be National Rifle Association files to the dark web.
Russian Ransomware Gang Claims to Have Hacked the NRA (The Daily Beast) The Russian ransomware gang, known as Grief Gang, emerged in May and has been actively going after targets since. The NRA might be its latest.
Many Ransomware Attacks on OT Organizations Involved Ryuk: IBM (SecurityWeek) One-third of the attacks launched in 2021 against OT organizations involved ransomware, and of all the threat actors that use ransomware, Ryuk operators in particular appear to gravitate towards ICS networks.
Conti ransomware explained: What you need to know about this aggressive criminal group (CSO Online) The Conti ransomware group is less likely to help victims restore encrypted files and more likely to leak exfiltrated data.
Agent 007: Pre-Auth Takeover of Build Pipelines in GoCD (SonarSource) We recently discovered critical security issues in the popular CI/CD solution GoCD that can be exploited by unauthenticated attackers
Franken-phish: TodayZoo built from other phishing kits (Microsoft Security Blog) A phishing kit built using pieces of code copied from other kits, some available for sale through publicly accessible scam sellers or are reused and repackaged by other kit resellers, provides rich insight into the state of the economy that drives phishing and email threats today.
Sensitive data of 400,000 German students exposed by API flaw (BleepingComputer) Approximately 400,000 users of Scoolio, a student community app widely used in Germany, had sensitive information exposed due to an API flaw in the platform.
'Cyber event' knocks dairy giant Schreiber Foods offline amid industry ransomware outbreak (CyberScoop) A “cyber event” knocked plants and distribution centers offline at Schreiber Foods, a multibillion-dollar dairy company, a spokesperson told CyberScoop Wednesday. The incident began affecting operations Friday evening, according Schreiber Foods’ Andrew Tobisch.
Food and Ag Sector Vulnerable to Ransomware Attacks (DTN Progressive Farmer) The USDA's Cybersecurity Expo brought together public and private entities to discuss ways to protect U.S. businesses from falling victim to the increasing number of ransomware attacks.
Hackers hit UK VoiP providers with ‘unprecedented’ spate of DDOS attacks (Digit) An industry body has said that a co-ordinated series of DDoS attacks is underway against multiple UK providers of VoIP services.
Millions of healthcare records exposed in mega data breach (TechRadar) 422m medical records were left exposed online in an unsecured database
Report: Medical AI Company Exposed Millions of Records Online (Website Planet) Security researcher Jeremiah Fowler together with the Website Planet research team discovered a non-password protected database that contained 886,521
Employment agency that suffered data breach says most stolen data is from fake profiles (The Straits Times) Protemps neither received nor paid any ransom demand, which is usually the reason for such data theft.. Read more at straitstimes.com.
Vendor Partner Responsible for Fullerton Health Data Breach (BankInfoSecurity) Singapore healthcare firm Fullerton Health confirms that a data breach in the server of its vendor partner Agape Connecting People was responsible for the leak of
Data breach: Hospital shares email addresses of vaccine trial participants (Eastern Daily Press)
A hospital has apologised and opened an investigation following a breach of patient data.
Hackers steal $130 million from Cream Finance; the company's 3rd hack this year (The Record by Recorded Future) Hackers have stolen an estimated $130 million worth of cryptocurrency assets from Cream Finance, a decentralized finance (DeFi) platform that allows users to loan and speculate on cryptocurrency price variations.
Security Patches, Mitigations, and Software Updates
Apple Patches 22 Security Flaws Haunting iPhones (SecurityWeek) Apple ships iOS 15.1 with patches for gaping security holes in a wide range of mobile software components.
Fuji Electric Patches Vulnerabilities in Factory Monitoring Software (SecurityWeek) Fuji Electric has patched half a dozen vulnerabilities in its Tellus factory monitoring and operating software.
Trends
IBM Study: C-Suite Executives Declare One Vendor Approach to Cloud is Dead (IBM Newsroom) According to the results of IBM's new global study on cloud transformation there has been a drastic shift in business needs as only three percent of respondents reported using a single private or public cloud in 2021, down from 29 percent in 2019.
KnowBe4 Finds Increasingly Dangerous Attacks in Phishing Emails With Business, IT and HR Focus (PR Newswire) KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced the results of its Q3...
Perfect storm of cybersecurity risks threatens the hybrid workplace (GlobeNewswire News Room) HP Wolf Security report shines light on rise of new ‘Shadow IT’ and increase in phishing-driven compromises...
Out of Sight & Out of Mind Report (HP Wolf Security) The workplace has evolved, ushering in the age of hybrid working. Digital and workplace transformation have both been accelerated, and work has forever changed. Workforces will become increasingly distributed and less visible to IT and security teams. The number of freelancers will also grow exponentially, reaching 50% of the US workforce by 2027. As a result, it has never been more challenging for IT teams to deploy, manage, and secure their IT ecosystem
Radware Releases Q3 DDoS and Application Attack Report (GlobeNewswire News Room) Blocked DDoS events up 75% in the first nine months of 2021 compared to 2020Blocked web application security events doubled every quarter in 2021Web...
Quarterly DDoS and Application Attack Report (Radware) Radware’s Quarterly DDoS and Application Attack Report provides an overview of attack activity witnessed during the third quarter of the 2021 calendar year. It analyzes network and application attack activity sourced from Radware’s Cloud and Managed Services and Radware’s Global Deception Network.
McAfee Enterprise & FireEye Release Their 2022 Threat Predictions (IT Voice) McAfee Enterprise and FireEye today released its 2022 Threat Predictions, examining the top cybersecurity threats they predict enterprises will face in 2022. Bad actors have taken note of successful tactics from 2021, including those making headlines tied to ransomware, nation states, social media,
API: The Attack Surface That Connects Us All (Akamai) Welcome to Akamai’s State of the Internet / Security (SOTI) report, Volume 7, Issue 4. Whether you’ve been reading this report from the beginning or are a new reader, we welcome you and hope our research provides you with intelligence you don’t see elsewhere.
2021 State of the API Report (Postman) The 2021 State of the API report covers the largest and most comprehensive survey on APIs, ever. More than 28,000 developers and API professionals shared their thoughts.
Cybersecurity Awareness Month: Cybersecurity First (NIST) This week’s blog post highlighting Cybersecurity Awareness Month is from NIST’s Marian Merritt, Deputy Director and Lead for Industry Engagement for the National Initiative for Cybersecurity Education (NICE). In this post, Marian discusses ways to minimize cybersecurity risks for small businesses.
Nearly all US execs have experienced a cybersecurity threat, but some say there's still no plan (ZDNet) A new survey suggests the disruption, share price drops, and theft are common consequences of attacks.
Adult Viewpoints 2021 Survey: The Cybersecurity Skills Gap & Barriers to Entry (Champlain College) National Survey Finds Americans Demonstrate an Interest in Working in the Field of Cybersecurity if Cyber Organizations Address Workforce Trends around High Expectations of Prior Training, Lack o
The Most Common Cybercrimes in the US May Surprise You (Tech.co) Social engineering was a huge threat in 2020 and likely remains one today. Here's what that means for you.
Marketplace
TransUnion Acquires Identity Security Company Sontiq for $638 Million (SecurityWeek) Credit reporting agency TransUnion is acquiring identity security solutions provider Sontiq for $638 million.
WSJ News Exclusive | Mimecast Explores Options Including a Possible Sale (Wall Street Journal) The cybersecurity-software company has a market value of about $4.5 billion.
AI Phishing Defense Leader SlashNext Closes $26 Million Series B Funding (PR Newswire) SlashNext, the leader in SaaS-based spear-phishing and human hacking defense across digital channels and apps, today announced it raised $26...
Gluware raises $43M for ‘RPA’ tech that automatically detects and fixes anomalies in network configurations (TechCrunch) Facebook’s network meltdown earlier this month — an outage that initially stemmed from a configuration error — was a huge pain for many users (and a big cost to Facebook). For enterprises, it also served as a poignant reminder about a salient fact of networks: The complexity and i…
The Briefing: Informatica Raises $841M In Return To Public Markets, ClickUp Secures $400M, And More (Crunchbase News) Crunchbase News' top picks of the news to stay current in the VC and startup world.
Despite a quiet IPO, Informatica has a bright future ahead, its CEO said (Silicon Valley Business Journal) Amit Walia joined Informatica Inc. when it was a public company, then he saw it get taken private.
VC Funding For Cybersecurity Companies In Israel On Pace To Nearly Double This Year (Crunchbase News) While it is true U.S.-based security firms have received unprecedented levels of funding, Israel—the second-largest cyber startup market in the world—likely also will nearly double total venture dollars raised this year
Peraton Labs wins DoD spectrum management contract (Intelligence Community News) On October 26, Chantilly, VA-based Peraton Labs announced that it has been awarded a contract to design, develop, demonstrate, test, and evaluate the Operational Spectrum Comprehension, Analytics, and Response (OSCAR) solution for the Department of Defense (DOD) Office of the Undersecretary of Defense for Research and Engineering (USD R&E).
Introducing Cobalt’s Chief Marketing Officer, Russ Cobb (Cobalt) Russ arrived with a deep knowledge of creating and shaping markets in the cybersecurity, data analytics, and application software industries.
Products, Services, and Solutions
Absolute Enables Customers’ Shift to Work-from-Anywhere With the Industry’s First Self-Healing Zero Trust Platform (BusinessWire) Absolute Software™ (NASDAQ: ABST) (TSX: ABST), a leader in next generation Endpoint Resilience™ solutions, today announced it has completed the first
Radware and Netsync Join Forces to Deliver Cloud Application Security Solutions for AWS (GlobeNewswire News Room) Radware® (NASDAQ: RDWR) a leading provider of cyber security and application delivery...
Medigate Launches Clinical Device Efficiency to Improve Operational Efficiency for HDOs (PR Newswire) Medigate, creator of the industry's first and leading healthcare-specific platform to orchestrate and integrate connected device data to...
Tessian Integrates With Okta to Protect Enterprises From Threats Posed by Employees’ Identities and Behaviors (RealWire) Tessian, the leading Human Layer Security company, today announces that it is integrating with Okta to help organizations protect against the biggest threats to enterprise security - people’s identities and behaviors
Invixium Launches Powerful Suite of Healthy Access Features With IXM Mobile (Invixium) Invixium Develops New Mobile Platform with Sub-Apps for Remote Face Enrollment, Mobile Credentials, Digital Attestation Questionnaire and Vital Signs Screening for Employees and Visitors
Cerberus Sentinel Launches Secured Managed Services Providing Senior Support to Mitigate Cyber Risks (Bakersfield.com) Cerberus Cyber Sentinel Corporation (OTC: CISO) (“Cerberus Sentinel”), a cybersecurity consulting and managed security services firm, today introduced its Cerberus Sentinel Secured Managed Services to help organizations step up their cybersecurity protections with security-focused, end-to-end network and device management solutions provided by a team of senior staff.
Liquid Intelligent Technologies and Orange partner to expand network reach across Africa and build a safer digital society (IT News Online) Liquid Intelligent Technologies and Orange partner to expand network reach across Africa and build a safer digital society
Is that a SOC in your pocket? (Enterprise Times) NTT Ltd has launched its pocket SOC or the Cyber Threat Sensor AI (CTS-AI) to give it its proper name. It is the latest product of the security tools landscape to become a mobile application. It is aimed at customers running client applications and workloads on AWS.
New CompTIA PenTest+ Exam Expands Coverage of Latest Cyber Attack Surfaces and Emphasis on Vulnerability Management Skills (CompTIA) Exam launch coupled with the release of a comprehensive selection of CompTIA Learning products for test preparation
Ordr Unveils Cybersecurity Innovations and Ransom-Aware Rapid Assessment Service to Expand Its Leadership In Connected Device Security (PR Newswire) Ordr, the leader in connected device security, announced new cybersecurity features along with a Ransom-Aware Rapid AssessmentTM service to...
Telarus and eSentire Expand Partnership (eSentire) Read this press release for more information on how eSentire’s Multi-Signal MDR Service and Incident Response Retainer has been made available to Telarus customers across the United Kingdom, Europe and APAC.
Technologies, Techniques, and Standards
Tech vendors create neutral 'security baseline' to simplify protection (Computing) The MSVP is a checklist of precautions and processes that should speed up procurement and outsourcing
EMV® Chip Specifications To Support Elliptic Curve Cryptography (EMVCo) Cryptography standard enables robust EMV<sup>®</sup> contact chip security long-term as payment technology […]
SolarWinds Outlines 'Triple Build' Software Development Model to Secure Supply Chain (SecurityWeek) SolarWinds describes a new triple build model designed to ensure that software builds can never again be compromised in the way that Nobelium injected the Sunburst malware into its Orion software.
Free decrypters released for AtomSilo, Babuk, and LockFile ransomware strains (The Record by Recorded Future) Antivirus maker and cyber-security firm Avast has released today free decryption utilities to recover files that have been encrypted by three ransomware strains—AtomSilo, Babuk, and LockFile.
Avast Releases FREE Ransomware Decryptors—How to Get (Tech Times) Avast just released free ransomware decryptors that work on multiple strains. Here's how to get one:
#BeCyberSmart: Building a 'Cybersecurity First' Culture (IGI) For an organization to put Cybersecurity First means the cybersecurity strategy needs to be driven from the CEO down to the newest hire.
Design and Innovation
This Program Can Give AI a Sense of Ethics—Sometimes (Wired) Researchers trained an algorithm to answer questions about human values. Some of the responses are troubling.
Research and Development
The 50-year-old problem that eludes theoretical computer science (MIT Technology Review) A solution to P vs NP could unlock countless computational problems—or keep them forever out of reach.
Academia
U.S. Cyber Command Goes Academic (SIGNAL) The warfighting command looks to harness partnerships with academia, in addition to government and private sector relationships, to better protect America in the cyber realm.
When a Scholar Is Accused of Being a Spy (Chronicle of Higher Education) How investigations play out at different universities reveals a lot about higher education.
Supporting the first #ShareTheMicInCyber Fellowship (Google: the Keyword) Keeping people safe online requires more than just advanced security technology, it requires people.
Legislation, Policy, and Regulation
China regulator says will step up efforts to build 'civilised internet' (Reuters) China will strengthen its efforts to build a "civilised" internet with an eye on reshaping online behaviour and use it as a platform to disseminate new party theories and promote socialist values, the country's cyberspace regulator said.
Why cyber may define Biden’s first year in office (SC Magazine) Digital security policy has rarely been considered sexy. That’s probably still the case today, but a series of damaging hacks to federal agencies and an onslaught of crippling ransomware attacks on industry over the past year have grabbed the attention of decisionmakers in the corporate boardroom and the halls of Congress alike.
A Strategic Intent Statement for the Office of the National Cyber Director (The White House) The Vision: Everyone deserves the full benefits of participation in our interconnected society, an equal share in the prosperity of our digital economy, and freedom from fear of online coercion or repression. This is not our reality today – but it can be.
Biden’s new cyber czar is pushing for collective defense inside government and out (Washington Post) The Office of the National Cyber Director wants to bring cohesion to efforts to strengthen computer defenses across a sprawling set of more than 100 civilian agencies even as it seeks to drive more robust cybersecurity in the private sector.
Gen. Nakasone: ‘Partnership is Where Our Power Is’ (Meritalk) With an evolving cyber threat landscape and adversaries that are growing more sophisticated by the day, National Security Agency (NSA) Director Gen. Paul Nakasone – who also heads United States Cyber Command (CYBERCOM) – today pointed to partnership and collaboration as the best way to protect the nation from cyber threats.
CFTC Chief Says Recent Crypto Cases Are ‘Tip of the Iceberg’ (Wall Street Journal) Acting Chairman Behnam urges Congress to consider expanding the agency’s ability to oversee cryptocurrency markets.
Lina Khan Isn’t Worried About Going Too Far (Intelligencer) The FTC’s very young new boss thinks corporations such as Facebook are abusing their power. To fight them, she’s consolidating some clout of her own.
Biden's FCC Picks Are a 'Dream Team' for Broadband Advocates (Wired) The president's long-awaited nominees are strong proponents of narrowing the digital divide and restoring net neutrality rules.
U.S. senators call for passing laws to protect online privacy for kids (Reuters) Two Democratic senators called Wednesday for two bills to be voted into law that will limit what children are shown online and how their data can be used for advertising by Big Tech companies like Google's YouTube and Facebook .
Litigation, Investigation, and Law Enforcement
Mutmaßlicher Ransomware-Millionär identifiziert (BR24) Deutsche Strafverfolger haben nach Informationen von BR und Zeit Online einen mutmaßlichen Drahtzieher hinter der Schadsoftware REvil ermittelt. Er lebt in Russland und zeigt im Netz einen luxuriösen Lebensstil. Eine Festnahme ist unwahrscheinlich.
Facebook tells employees to preserve all communications for legal reasons. (New York Times) The move follows intense scrutiny after a whistle-blower provided documents about the social network’s inner workings.
WSJ News Exclusive | Federal Trade Commission Scrutinizing Facebook Disclosures (Wall Street Journal) Federal Trade Commission staffers have begun looking into disclosures that Facebook’s internal company research had identified ill effects from its products, according to people familiar with the matter.
U.S. Argues Extradition of WikiLeaks Founder Julian Assange Should Go Ahead (Wall Street Journal) The U.S. presented arguments to a British court to overturn an earlier decision against extraditing the WikiLeaks founder.
U.S. says Assange could go to Australian prison if convicted (POLITICO) A judge had earlier ruled that the WikilLeaks founder was likely to kill himself if held under harsh U.S. prison conditions.
EU joins UK and US in investigating Nvidia's Arm acquisition (Computing) Arm's IP is an important input in products competing with those of NVIDIA, says EU competition chief
Privacy Advocates Challenging NSA Surveillance Lose Revival Bid (Bloomberg Law) Privacy advocates challenging National Security Agency surveillance of online communications and phone calls lost their bid for a rehearing from the Ninth Circuit.
More Tech Whistleblowers Are Expected, Experts Say (Wall Street Journal) Silicon Valley is seeing an increasing number of employees speaking out against practices at their companies, whistleblower attorneys say
Dark Web Drug Busts Lead to 150 Arrests (Wired) Operation Dark HunTor spanned eight countries—and put the focus on sellers more than marketplaces.
'Antivirus Heals Everything': Mumbai Police's Witty Tips on Cyber Safety (News18) Mumbai Police has, yet again, come up with a quirky post on cyber security to spread awareness in lieu of National Cyber Safety Month.