Attacks, Threats, and Vulnerabilities
Iran Responds to Israeli Cyber Attack (Asharq AL-awsat) Iranian President Ebrahim Raisi said Wednesday that the cyber-attack that disrupted the sale of heavily subsidized gasoline in the country aimed to stir chaos and anger citizens.
“We have to be seriously prepared in the field of cyber warfare,” stres
Hacker group leaks data, photos from Defense Ministry, Benny Gantz (The Jerusalem Post) A hacker group leaked data from the Defense Ministry, warning "we've kept an eye on you for many years."
Hackers leak private details of thousands in Israeli army, threaten Gantz (haaretz.com) 'Moses Staff', the group of hackers who are believed to be composed of Iranian nationals, claimed they have acquired 'troop deployment information' of the Israeli army
On the brink of full exposure (Tehran Times) On Wednesday morning, a group of hackers named Moses Staff hacked into the Israelis Ministry of Defense (read Ministry of War), gaining access to some groundbreaking information.
Israeli Cyber Experts: What’s Behind the Cyberattack on Iran? (iHLS) This post is also available in: עברית (Hebrew)A cyberattack on Iran has disrupted the sale of subsidized fuel in Iran on October
Meet Balikbayan Foxes: a threat group impersonating the Philippine gov't (ZDNet) The gang is also taking advantage of COVID-19 to propagate Trojan malware.
Ransomware Hackers Freeze Millions in Papua New Guinea (Bloomberg) The government’s payment system has been locked by hackers. Attackers demand payment from nation hard hit by Covid-19.
DECAF Ransomware: A New Golang Threat Makes Its Appearance (Morphisec) Morphisec Labs has identified a new strain of ransomware, implemented in Go 1.17 and named DECAF. This attack had its debug variant at the end of September, and its pre-release variant was released in October. We intercepted the ransomware on one of our customers' systems live and in deployment.
TA575 Uses ‘Squid Game’ Lures to Distribute Dridex malware (Proofpoint) Proofpoint identified the large cybercrime actor TA575 distributing Dridex malware using Squid Game lures. The threat actor is purporting to be entities associated with the Netflix global phenomenon using emails enticing targets to get early access to a new season of Squid Game or to become a part of the TV show casting.
1,000,000 Sites Affected by OptinMonster Vulnerabilities (Wordfence) On September 28, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for several vulnerabilities we discovered in OptinMonster, a WordPress plugin installed on over 1,000,000 sites. These flaws made it ...Read More
All Windows versions impacted by new LPE zero-day vulnerability (BleepingComputer) A security researcher has disclosed technical details for a Windows zero-day privilege elevation vulnerability and a public proof-of-concept (PoC) exploit that gives SYSTEM privileges under certain conditions.
SolarWinds Hackers Target Another Weak Point in Tech Supply Chain (Wall Street Jornalu) Firms that resell or manage cloud services are springboards for bigger attacks.
Threat Thursday: Jennlog Malicious Loader (BlackBerry) A malicious loader named Jennlog has recently been used by an Iranian threat actor called Agrius in a ransomware attack against a university in Israel. The malware was written in .NET assembly language and designed to target Windows® machines.
Green Bay-based Schreiber Foods resumes production after 'cyber event' halted deliveries, production (Green Bay Press-Gazette) Wisconsin milk handlers and haulers reported getting calls from Schreiber on Saturday, saying that the company’s computer systems were down.
Instagram Hacker Forces Victim to Make Hostage-Style Video (Vice) The video was part of a fairly elaborate scam to trick people into sending the hacker Bitcoin.
Workers Quickly Get State Income Benefits After Cyberattack on German Manufacturer (Wall Street Journal) Hack of auto-parts maker Eberspächer disrupted its IT systems, preventing employees from working. Benefit negotiations that often take weeks were completed in days, union representative says.
Experian data of 25 million South Africans re-leaked on Telegram (My Boradband) The Information Regulator says that data from the Experian breach in August last year that was leaked on the dark web was made publicly available on Telegram over the weekend.
Experian struggles to quell breach as data leaked again (ITWeb) The Information Regulator is shocked the credit bureau’s customer data was leaked on Telegram, in a third incident where Experian’s data was compromised.
Chinese Hackers Believed Responsible for Cyber Attack on Hillel Yaffe Medical Center (Algemeiner.com) The Hillel Yaffe Medical Center in Hadera, Sept. 1, 2010. Photo: Hillel Yaffe Medical Center spokesperson via Wikimedia Commons. JNS.org …
Security Patches, Mitigations, and Software Updates
Google fixes 15th and 16th Chrome zero-day this year (The Record by Recorded Future) Google has released security updates today for its Chrome web browser, including a patch to address two zero-day vulnerabilities that were exploited in the wild.
Sensormatic Electronics victor (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls, Inc.
Vulnerability: Use of Hard-coded Credentials
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an unauthorized elevation of privileges.
Mitsubishi Electric MELSEC iQ-R Series C Controller Module (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.8
ATTENTION: Exploitable remotely
Vendor: Mitsubishi Electric
Equipment: MELSEC iQ-R Series C Controller Module R12CCPU-V
Vulnerability: Uncontrolled Resource Consumption
2. RISK EVALUATION
Successful exploitation of this vulnerability could prevent the module from starting up.
Delta Electronics DOPSoft (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Delta Electronics
Vulnerability: Stack-based Buffer Overflow
2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-21-238-04 Delta Electronics DOPSoft that was published August 26, 2021, to the ICS webpage on us-cert.cisa.gov.
Survey Reports 83% of Companies Suffer Crippling Business Damage During the First 24 Hours of an IT Outage (Netenrich) Survey of global IT and security professionals reveal surprising realities when it comes to security operations, budgets and risk. It's time to align security to business risk.
Bitdefender Threat Debrief | September 2021 (Bitdefender) This month, BDTD examines homograph phishing attacks and spoofed domains.
CyCognito and ESG Find 73% of Cybersecurity and IT Pros Use Spreadsheets to Manage Security Hygiene and Posture (CyCognito) New research shows that organizations must reassess how they do security hygiene and posture management as attack surfaces rapidly expand.
All Sectors Are Now Prey as Cyber Threats Expand Targeting (Threatpost) Aamir Lakhani, security researcher at Fortinet, says no sector is off limits these days: It's time for everyone to strengthen the kill chain.
Cyber wars: the silent battles being waged on your business and how to beat them (Lexology) By Alison Baker and John Gray The ever-evolving nature of cyber threats has made it difficult for even the most sophisticated cybersecurity systems…
63% of Australian Organizations Expect to Face a Cyberattack Within a Year (GlobeNewswire News Room) New Australian Cybersecurity Risk Report Finds Overconfidence Despite Potential Threats...
Aussies working from home push back against monitoring technologies (Skynews) Australians working from home due to COVID-19 restrictions are pushing back against employers using monitoring technology to keep up with their workers throughout the day.
New Zealand employees uncomfortable with monitoring technology (IT Brief) New Zealand employees are pushing back on monitoring technology when working from home, according to research from Unisys.
Dragos Raises $200 Million in Series D Funding to Safeguard the World’s Critical Infrastructure as Valuation Soars to $1.7B (Dragos | Industrial (ICS/OT) Cyber Security) Dragos, Inc., the global leader in cybersecurity for industrial controls systems (ICS)/operational technology (OT) environments, announced it raised a record-breaking $200 million in Series D funding.
Viakoo Raises $10 Million in Series A Funding to Scale Automated IoT Vulnerability Remediation (PR Newswire) Viakoo, the leader in IoT device remediation, today announced it has secured $10 million in Series A funding led by Shasta Ventures, joining...
BlueVoyant Acquires 202 Group (BlueVoyant) The acquisition will combine the capabilities of BlueVoyant’s powerful cloud-native, third-party cyber risk management solution with 202 Group’s supply chain risk management solution.
Clavister Completes Acquisition of Cybersecurity AI Specialist Omen Technologies (Clavister) Clavister completes acquisition of cybersecurity AI specialist Omen Technologies to immediately strengthen their defence offering.
Kaspersky acquires Brain4Net to boost its XDR platform with orchestrated SASE (GlobeNewswire News Room) Kaspersky, a global cybersecurity company and leader in endpoint protection, has acquired emerging company,...
Palantir-Linked Elementus Raises $12M for Crypto Intelligence Platform (Coindesk) The funds will help advance an institutional-grade data intelligence platform.
VMware Has ‘Potential’ To Create New Cisco, HPE Offerings Post-Dell: Partners (CRN) VMware’s spin-off from Dell creates the potential for new technology innovation with Cisco, HPE and AWS, say channel partners.
Founder's Letter, 2021 (Meta) Letter from CEO Mark Zuckerberg: To reflect who we are and the future we hope to build, I'm proud to share that our company is now Meta.
Facebook Changes Company Name to Meta in Focus on Metaverse (Wall Street Journal) The social-media service will retain the Facebook name even as the umbrella company readies billions of dollars in investments in its new mixed-reality platform.
Mark Zuckerberg on why Facebook is rebranding to Meta (The Verge) "I think we’re basically moving from being Facebook first as a company to being metaverse first."
Facebook Changes Name to Meta in Embrace of Virtual Reality (Bloomberg) CEO Zuckerberg calls the metaverse the ‘next frontier’. Stock to begin trading under new ticker MVRS on Dec. 1.
Facebook’s Name Change Goes Meta (Wired) Mark Zuckerberg would like you to call his troubled company something else now.
Look Over Here, Kids, It’s the Metaverse (Wired) Facebook’s vision for the future of computing comes with some shiny new branding.
Real-time industry reactions to Meta, Facebook’s big rebrand (The Drum) World, say welcome to Meta. Mark Zuckerberg today announced that Facebook will be splitting into two branches: one arm focused on Facebook, Instagram, WhatsApp and the company’s other existing apps and one arm focused on the development of the metaverse. All will live under the new Meta umbrella brand. The Drum surveyed an array of marketing and ad industry players to get their instant feedback once the news hits. Here’s what they had to say.
Facebook Is Now Meta. That Could Get Confusing (Bloomberg) The tech company’s rebranded name has multiple meanings, which could potentially puzzle traders and consumers around the world.
U.S. Sanctions Cut Huawei’s Revenue for Fourth Straight Quarter (Wall Street Journal) Huawei said its revenue fell 38% in the most recent quarter, as U.S. restrictions on its access to global chip supplies continued to take a toll on the Chinese company.
Global MSSPs Enable OT Cybersecurity Firm Radiflow to Double Year Over Year Revenue (Financial IT) Growing cybersecurity attacks on supply chains and OT facilities have led MSSPs, such as UST’s Cyberproof and IBM, to offer their clients Radiflow’s CIARA software that can manage the security of multiple OT facilities through an industry-first virtual environment. Recent headlines and growing awareness are driving rapid growth in the global Operational Technology (OT) cybersecurity sector.
CrowdStrike CEO Showed He's Serious In Just 100 Days (Investor's Business Daily) CrowdStrike CEO George Kurtz is famous for putting customers first. And he proved it immediately after taking the cybersecurity firm public.
Sophos opens new data center in Canada (IT World Canada) One of the key features of cloud is how it enables the rapid movement of data and resources between regions. But when it comes to sensitive information such as government or health or financial data, movement is risk. Canadian data residing in the U.S., for example, might be accessed by the U.S. government through its […]
Tracepoint Named Cyber Startup of the Year; Booz Allen company honored for innovation, impact by Northern Virginia Technology Council (MarketScreener) McLean, VA - Tracepoint, a Booz Allen Hamilton company, was selected as Cyber Startup of the Year by the Northern Virginia Technology Council at the sixth annual Capital Cybersecurity Summit &... | October 29, 2021
Products, Services, and Solutions
Wivity Unveils New Service to Secure NFTs (MarTech Series) Wivity, , launched its new Root of Provenance service at the Chinese Culture Center of San Francisco's (CCC) first NFT art auction.
Rakuten Symphony, Intel and Juniper Networks Introduce Next Generation Distributed RAN and Transport Solution to Further Simplify Open RAN Deployments at Scale (AiThority) Intel Corporation, Juniper Networks, and Rakuten Symphony announced a collaborative effort to develop Symware
Technologies, Techniques, and Standards
Security Guidance for 5G Cloud Infrastructures: Part I: Prevent and Detect Lateral Movement (NSA | CISA) NSA and CISA developed this document in furtherance of their respective cybersecurity missions, including their responsibilities to develop and issue cybersecurity specifications and mitigations. This information may be shared broadly to reach all appropriate stakeholders.
CVE + MITRE ATT&CK® to Understand Vulnerability Impact (MITRE-Engenuity) Historically, vulnerability management and threat management have been separate disciplines, but in a risk-focused world, they need to be brought together.
Twitter’s infosec chief makes the case for cybersecurity expertise in boardrooms (Yahoo Finance) Twitter’s CISO Rinki Sethi was recently named to the board of ForgeRock.
Almost 75% of Organizations Use Spreadsheets for Security Hygiene (CyCognito) Are your legacy vulnerability and asset management and penetration testing practices keeping your organization safe? Download the report to find out.
The Army wants to bolster its local cybersecurity defenders (C4ISRNet) The Army wants to beef up its local cybersecurity providers as a means of bolstering its cyber posture and freeing up higher end cyber defenders.
Design and Innovation
Cryptocurrency isn’t private—but with know-how, it could be (MIT Technology Review) Technologies like blockchain don’t ensure anonymity, but with the proper understanding they can provide privacy, security, and even freedom, argues cybersecurity expert Mashael Al Sabah.
Microsoft to work with community colleges to fill 250,000 cyber jobs (Reuters) Microsoft Corp on Thursday said it plans to work with community colleges across the United States to fill 250,000 cybersecurity jobs over the next four years.
Microsoft announces plan to cut cybersecurity workforce shortage in half by 2025 (CNBC) The company believes it can help train and recruit 250,000 people into the cybersecurity workforce by 2025.
Microsoft launches campaign to fill 250,000 cybersecurity jobs, warning of workforce crisis (Axios) Microsoft's president warned that the current workforce shortage is at crisis levels.
America faces a cybersecurity skills crisis: Microsoft launches national campaign to help community colleges expand the cybersecurity workforce (The Official Microsoft Blog) The last year has brought unrelenting headlines about cybersecurity attacks. Foreign governments have tampered with the software supply chain, targeted on-premise servers, and hacked into sensitive government files. Criminal ransomware groups have attacked schools, penetrated hospitals and shut down a critical national pipeline. As we documented in the recent Microsoft Digital Defense Report, these attacks...
Legislation, Policy, and Regulation
‘You Live With a Degree of Paranoia’ (Foreign Policy) Inside North Korea’s campaign to penetrate the U.N. sanctions experts’ wall of secrecy.
China pushes for security reviews of firms seeking to export user data (Reuters) China's top internet regulator on Friday published draft guidelines that will subject companies with more than 1 million users in the country to a security review before they can send user-related data abroad.
EU Parliament committee adopts new cybersecurity law for critical services (Euractiv) The leading committee of the European Parliament adopted on Thursday (28 October) a legislative proposal intended to secure Europe’s critical entities from cyberattacks.
Updated Cybercrime Pact Aims to Speed Cross-Border Investigations (Wall Street Journal) Proposed changes to the Budapest Convention are an attempt to inject some alacrity into sluggish cross-jurisdictional inquiries that give hackers time to disappear along with evidence.
Rethinking Surveillance on the 20th Anniversary of the Patriot Act (Just Security) 20 years ago, Congress enacted the PATRIOT Act. It's time to move on from that outmoded model of surveillance.
US Military 'Well Postured' For Any Chinese Cyber Onslaught, CIO Nominee Says - Breaking Defense (Breaking Defense) Elsewhere in the hearing John Sherman called attention to a growing concern at the Pentagon over the radio spectrum, saying "spectrum sharing" should be a DoD watchword.
[Letter to members of Congress] (Institute for Security and Technology) Dear Member of Congress: The undersigned organizations and representatives urge you to support forthcoming legislation that implements mandated reporting requirements for cyber incidents and in the event an organization makes a ransomware payment.
Election officials don't need to report cyber incidents to the feds. That could soon change. (CyberScoop) Security personnel charged with the challenging and high-stakes work of protecting election systems from digital threats might soon have another task on their to-do list: reporting any cyber incidents to the federal government.
Senate approves bill to protect telecommunications infrastructure from foreign threats (TheHill) The Senate on Thursday unanimously passed legislation to take steps to further crack down on the use of telecommunications products from companies deemed to be a national security threat, such as those based in Chin
Lawmakers examine TSA's growing role in cyber (FCW) Lawmakers on the Homeland Security Committee convened cybersecurity experts and key stakeholders from the transportation industry to discuss new rules in the works for the transportation sector.
A top cyber lawmaker is open to more regulations for vital industries (Washington Post) New cyber regulations could be coming for critical industries if they don’t raise protections on their own, Senate Homeland Security Chairman Gary Peters (D-Mich.) tells me.
U.S. lawmakers vote to tighten restrictions on Huawei, ZTE (Reuters) The U.S. Senate voted unanimously on Thursday to approve legislation to prevent companies such as Huawei Technologies Co Ltd (HWT.UL) or ZTE Corp that are deemed security threats from receiving new equipment licenses from U.S. regulators.
FTC wants to know when financial data is compromised, will require encryption (CyberScoop) The Federal Trade Commission is weighing updating its rules to require financial institutions to report within 30 days any security incidents in which misuse of customer data of at least 1,000 customers likely occurred.
DOJ Cyber Blitz Gets Boost With New National Security Chief (Law360) Matt Olsen's confirmation as chief of the U.S. Department of Justice's National Security Division on Thursday fills a key post in the government's escalating battle against cybercrime, a top priority as criminal outfits and hostile foreign powers carry out increasingly sophisticated attacks.
Opinion: The State Department gets serious about the global technology race (Washington Post) Creation of a new State Department office is usually a snooze, even for diplomats. But Secretary of State Antony Blinken’s announcement Wednesday that he’s creating a new Bureau of Cyberspace and Digital Policy is worth noting — because it’s part of a much broader effort by the Biden administration to get serious about the global technology race.
Secretary of State Blinken announces a new bureau for cyber policy (NPR) In a speech, Secretary of State Antony Blinken announced that he's working with Congress to set up a new bureau for cybersecurity and digital policy.
Litigation, Investigation, and Law Enforcement
Pegasus Is Only Sold to Governments, New Israeli Envoy to India Reiterates (The Wire) Naor Gilon, replying to questions over allegations of unauthorised surveillance using the Israeli company NSO Group's spyware, said the controversy is an 'internal matter'.
India's top court probes Modi gov't use of Israeli spyware against journalists, opponents (haaretz.com) The investigation comes after demands from India's opposition to examine the use of Israeli company NSO's spyware, known as Pegasus. Modi 'unequivocally' denies the allegations
Europol detains suspects behind LockerGoga, MegaCortex, and Dharma ransomware attacks (The Record by Recorded Future) Europol said it detained 12 suspects this week it believes were part of a professional criminal group that orchestrated a long string of ransomware attacks that targeted large companies and which hit more than 1,800 victims across 71 countries since 2019.
Europol Claims Big Ransomware Win As 12 Suspects ‘Targeted’ For Attacks On 1,800 Victims (Forbes) Europol says it has hit a cybercrime crew known for targeting critical infrastructure companies with ransomware since 2019.
Russian extradited to U.S. to face cyber crime charges (Reuters) A Russian national appeared in a U.S. federal court on Thursday after he was extradited from South Korea to Ohio to face charges for his alleged role in a cybercriminal organization, the U.S. Department of Justice said.
Russian National Extradited to United States to Face Charges for Alleged Role in Cybercriminal Organization (US Department of Justice) A Russian national, residing in the Yakutsk region of Russia and in Southeast Asia, had his initial appearance in federal court today after his extradition from the Republic of Korea to the Northern District of Ohio to face charges for his alleged role in a transnational, cybercriminal organization.
Accused Major League Baseball Hacker Charged With Extortion (Wall Street Journal) Federal prosecutors charged a Minnesota man with illegally streaming sports games from sites including Major League Baseball and then attempting to extort the league after he hacked its website.
Warner calls lack of Havana Syndrome intel ‘very, very problematic’ (POLITICO) But the Senate Intelligence Committee chair insisted lawmakers are “absolutely on top of this.”
Cops Receive Stalkerware Training (Infosecurity Magazine) Coalition Against Stalkerware helps law enforcement investigate digital stalking