Attacks, Threats, and Vulnerabilities
CERT-France: Lockean ransomware group behind attacks on French companies (The Record by Recorded Future) French cybersecurity officials have identified today for the first time a ransomware "affiliate group" that is responsible for a long list of attacks against French companies over the past two years.
Einstein’s Wormhole: Capturing Outlook & Google Calendars via Salesforce Guest User Bug (Inside Out Security) If your organization uses Salesforce Communities and Einstein Activity Capture, you might have unknowingly exposed your administrator’s Outlook or Google calendar events to the internet due to a bug called...
BlackMatter Ransomware Gang Announces Shutdown (SecurityWeek) The cybercriminals behind the BlackMatter ransomware operation this week announced plans to close shop.
BlackMatter Ransomware Reportedly Shutting Down; Latest Analysis Released (The Hacker News) BlackMatter ransomware appears to be shutting down and meanwhile, researchers have released the latest analysis of new samples.
BlackMatter claims to shut down ransomware operations (SearchSecurity) The BlackMatter ransomware gang announced it was shutting down operations this week in part because of 'pressure from authorities.'
BlackMatter ransomware to shut down, affiliates transferring victims to LockBit (ZDNet) The group posted a message on its private ransomware-as-a-service website on November 1st saying some members of the gang are "no longer available" after "the latest news."
The Rising Threat from LockBit Ransomware (Cybereason) The LockBit ransomware gang has been making headlines recently with a push to recruit inside help for its ransomware-as-a-service platform and a compromise of global consulting giant Accenture...
Ransomware gang REvil shuts down after CYBERCOM hijacks its site (Stars and Stripes) A major overseas ransomware group shut down last month after a pair of operations by U.S. Cyber Command and a foreign government targeting the criminals' servers left its leaders too frightened of identification and arrest to stay in business, according to several U.S. officials familiar with the matter.
A ransomware gang shut down after Cybercom hijacked its site and it discovered it had been hacked (Washington Post) A major overseas ransomware group shut down last month after a pair of operations by U.S. Cyber Command and a foreign government targeting the criminals’ servers left its leaders too frightened of identification and arrest to stay in business, according to several U.S. officials familiar with the matter.
Cyber Command head says US has carried out a 'surge' to address ransomware attacks (ABC17NEWS) By Katie Bo Lillis and Sean Lyngaas, CNN US Cyber Command head and director of the National Security Agency Gen. Paul Nakasone said Wednesday that the US had “conducted a surge” over the past three months to address the problem of ransomware attacks on US interests. Nakasone said the US government had taken aim at
A likely hoax highlights what’s still shadowy in cyberspace (Washington Post) Government and industry still have a lot to learn about hackers
A Pointed Spoof: Proofpoint Credential Phishing (Armorblox) This blog focuses on a credential phishing attack that spoofs a Proofpoint file-sharing notification and attempts to steal email login credentials.
Labour Party data breach: Supporters' details affected in cyberattack (Sky News) In a letter sent to the National Crime Agency informing them of the incident, the Labour Party said they were first informed of the attack on 29 October and engaged experts as soon as they were notified.
Labour Party discloses cyber attack, members' data stolen (Computing) Members' data stolen in attack on third-party supplier
Labour hit by ‘cyber incident’ affecting members’ data (the Guardian) Not initially clear if any data has been stolen or if the party was the intended target
Authorities investigate Labour cyberattack that impacted ‘significant quantity’ of supporters’ data (PublicTechnology.net) The National Crime Agency is investigating how a "significant quantity" of data possessed by the Labour Party, including the personal details of party members and supporters, has been breached in a "cyber incident". An unnamed IT firm which handles data on Labour's behalf informed the party that large volumes of data had been "rendered inaccessible on their systems," Labour said on Wednesday in a statement.
Notification of data incident (The Labour Party) Information in relation to data incident
Iran Says Fuel System Running Again After Cyber Attack (SecurityWeek) Iran's fuel distribution system resumed full operation on Tuesday, a week after it was paralysed by a cyber attack, the authorities said.
Underminer Exploit Kit -The More You Check, The More Evasive You Become (Information Security Buzz) The Underminer exploit kit has surfaced numerous times since 2019, but here it is back again delivering the Amadey malware, as the Malwarebytes Threat Intelligence team found last week.
Scammers used Google Ads to Steal ~ $500k Worth of Cryptocurrency (Check Point Software) Check Point Research (CPR) warns of scammers using Google Ads to steal crypto wallets, after seeing hundreds of thousands of dollars’ worth of
Credit card skimmer evades Virtual Machines (Malwarebytes Labs) After code obfuscation, anti-debugger tricks we now see virtual machine detection used by credit card skimmers.
Many GitLab Servers Affected by Actively Exploited Flaw Patched Six Months Ago (SecurityWeek) An actively exploited remote code execution vulnerability in GitLab continues to affect roughly 30,000 Internet-facing installations six months after patches were released.
GitLab servers are being exploited in DDoS attacks in excess of 1 Tbps (The Record by Recorded Future) Threat actors are exploiting a security flaw in GitLab self-hosted servers to assemble botnets and launch gigantic distributed denial of service (DDoS) attacks, with some in excess of 1 terabit per second (Tbps).
Printers Hacked for First Time at Pwn2Own (SecurityWeek) Hackers have earned over $360,000 on the first day of Pwn2Own for hacking smart speakers, NAS devices, routers, and printers.
Avanan Report: Amazon Phone Scam (Avanan) As holiday shopping begins earlier this year due to supply chain issues, many are beginning to stock up, especially from Amazon. For hackers, it’s an opportunity to spoof purchase notifications in order to obtain financial information. This attack works by using legitimate Amazon links, forcing the end-user to call instead to cancel any order.
Facebook outage a prime example of insider threat by machine (CSO Online) A buggy automated audit tool and human error took Facebook offline for six hours. Key lesson for CISOs: Look for single points of failure and hedge your bets.
CNA cyberattack in March exposed personal information of more than 75,000 people, filings reveal (Chicago Tribune) A March cyberattack on CNA exposed the personal information of more than 75,000 people, according to filings by the Chicago-based insurance giant.
Greek shipowners cyber tricked over Halloween weekend (Splash247) Several Greek shipping companies fell victim to a cyber attack on Halloween over the weekend, resulting in the loss of important files. The companies affected used the communication systems of Danaos Management Consultants and came in direct contact with the company. Reportedly, the cyber attack blocked their communication with ships, suppliers, agents, charterers and supplies, …
‘Don’t mess with our health care’: N.L. cyberattack stressing taxed health system (Global News) The Newfoundland and Labrador government is confirming that a "cyberattack" has crippled its health network's data centre.
Trends
A Glimpse into the Future: Trend Micro's Project 2030 (MultiVu) Connectivity, data, and AI will change the way we live, work and operate in society in 2030
Hackers are stealing data today so quantum computers can crack it in a decade (MIT Technology Review) The US government is starting a generation-long battle against the threat next-generation computers pose to encryption.
Global Ransomware Report - October 2021 (BlackFog) In October we recorded 24 reported ransomware incidents, down from 40 in October 2020. This month saw new entries from criminal gangs Everest and Desorden and some notable attacks including Graff Diamonds in the UK. An attack on the Ferrara Candy Co. threatened supplies of Halloween staples such as candy corn, while multi-billion dollar dairy foods company Schreiber also had their production knocked offline following an attack.
Ransomware trends, statistics and facts in 2021 (SearchSecurity) Ransomware threats aren't new, but these attacks had wide-reaching effects in 2021. Read about the latest ransomware trends and statistics here.
2021 Unisys Security Index™ | Global and Country Insights (Unisys) The Unisys Security Index measures global consumer concerns related to national, personal, financial and Internet security.
Marketplace
Outpost24 acquires Specops for enhanced user security and secures further funding to continue growth (Yahoo Finance) Outpost24, an innovator in identifying and managing cybersecurity exposure, today announced the acquisition of Specops Software, a leading provider of password management and user authentication solution, as well as securing another SEK 50 million funding from Swedbank Robur and Alcur Fonder.
Appsian Security Announces Acquisition of Q Software, A Leader in JD Edwards Security and Compliance (PR Newswire) Appsian Security, the global leader of ERP data security & compliance, today announced the acquisition of Q Software, a leading compliance...
IHSE Acquires kvm-tec (rAVe) Acquisition of IT Security Specialist Expands IHSE Product Portfolio, Driving Growth With KVM-Over-IP Solutions, Addressing New Customer Groups, and Meeting Growing Demand for IP SolutionsIHSE today announced that the company has acquired IT security specialist kvm-tec. Founded in 2006, kvm-tec de
Telos Corporation Awarded Additional $3.1M Contract with National Geospatial-Intelligence Agency (GlobeNewswire News Room) Cybersecurity leader to build on longstanding NGA relationship with additional Xacta support...
Having Trouble Finding Cybersecurity Talent? You Might Be the Problem (Dark Reading) Hiring managers must rethink old-school practices to find the right candidates and be ready to engage in meaningful conversations about their company's values. Here are three ways to start.
Microsoft MISA Further Expands; MSSPs Gain Security Integrations (MSSP Alert) Access orchestration provider Pathlock is latest company to join Microsoft Intelligent Security Association (MISA) ecosystem of MSSPs & ISVs.
Google Wants to Work With the Pentagon Again, Despite Employee Concerns (New York Times) Three years ago, the company walked away from a Defense Department project after employees objected to it. Now the company is working on a new proposal for the Pentagon.
IBM Spinoff Kyndryl Starts Quest for Growth (Wall Street Journal) IBM completed the spinoff of its IT services business on Wednesday, betting that independence will make it easier to reverse a decline in revenue. The new company, Kyndryl, is scheduled to begin trading Thursday on the New York Stock Exchange.
The Slump Deepens at Cybersecurity Startup Darktrace (BloombergQuint) Darktrace Plc, the U.K. cybersecurity firm whose value has plunged in recent days on a sell recommendation and the end of a lockup period, extended its slide Wednesday after an investor sold a block of shares at a discount.
Was Darktrace’s surge a case of sentiment-driven investing on steroids? (the Guardian) The AI firm’s journey so far shows nobody has a real idea of what cyber-fighting tech is worth
Network Contagion Research Institute (NCRI) Awarded Open Source Non-Profit of the Year by Osmosis Institute (PRWeb) The Network Contagion Research Institute (NCRI), a non-profit organization dedicated to identifying and forecasting the threat and spread of misinformati
Contrast Security Recognized for the Third Consecutive Year as the 2021 Gartner Peer Insights Customers' Choice for Application Security Testing (PR Newswire) Contrast Security, the leader in next-gen software security, today announced that it was named a Customers' Choice in the 2021 Gartner Peer...
StrikeReady Recognized as a Technology Innovator for Advanced Virtual Assistants in 2021 Gartner® report (BusinessWire) StrikeReady, a cloud-based security operations and management company, announced today that it was named a Technology Innovator in Advance VAs by 2021
Platform9 Welcomes Bhaskar Gorti as CEO to Accelerate the Enterprise Journey to Cloud-Native (Platform9) Platform9 Welcomes Bhaskar Gorti as CEO to Accelerate the Enterprise Journey to Cloud-Native Global software executive joins to scale the open distributed cloud company at a time of impressive growth... Read More
Evolution Equity Partners Appoints Phil Quade as Chief Operating Officer (Yahoo Finance) Quade joins cybersecurity venture capital firm after serving as Chief Information Security Officer of Fortinet, 30 years as senior executive at the National Security Agency (NSA), and advising cybersecurity strategy at the White House.
Products, Services, and Solutions
Coalfire Expands Application Security with ThreadF (Coalfire) The two-year rebuild and today’s release of ThreadFix v3.1 represents Coalfire’s commitment to transforming vulnerability management capabilities that support the largest cloud service providers and enterprises with unprecedented scalability, processing power, and time to remediation.
1Kosmos Receives ISO/IEC 27001 Certification (BusinessWire) As a standards-based organization we recognize the importance of ISO/IEC 27001 to validate we have advanced controls to protect our data assets.
Microsoft Announces New Endpoint Security Solution for SMBs (SecurityWeek) Microsoft announces the upcoming availability of Microsoft Defender for Business, an enterprise-grade endpoint security solution catered for SMBs
Valtix Delivers Free Cloud Security for Departmental, Development, and Test Applications (Valtix) Valtix, the industry’s first multi-cloud network security platform as a service, today announced the availability of its Free Tier.
SentiLink Launches A New Kind Of KYC Product (BusinessWire) SentiLink launched a new KYC product that allows financial institutions the ability to assess the true identity of a customer at account opening.
3Dtracking Expands Portfolio of Intelligent Asset Tracking Solutions for Container Security (EIN News) Recent integrations with smart locks from Cellocator, Jointech, HHD, Huabao and Spetrotec create new service opportunities for telematics service providers
Technologies, Techniques, and Standards
RBNZ seeks greater collaboration on cyber incidents (Central Banking) New response team was established following September cyber attack
CISA Lists 300 Exploited Vulnerabilities That Organizations Need to Patch (SecurityWeek) CISA has created a list of 300 exploited vulnerabilities and it has issued a BOD instructing government organizations to patch them.
Private Sector Urged to Review New Government Cyber Directive (Wall Street Journal) Senior U.S. government officials urged companies to patch cybersecurity vulnerabilities outlined in a sweeping order for federal agencies to fix known software flaws, some of which have been exploited by hackers for years.
Introducing ATT&CK Evaluations Trials: First Up, Deception (MITRE-Engenuity) Coming off our announcement last week that we will be conducting an ATT&CK Evaluations for Managed Services, we are announcing another…
Inside The Mind of a Hacker (Bugcrowd) A comprehensive overview of Bugcrowd’s security researcher community, the motivations for bug hunting and the economics of whitehat hacking.
Don't let hackers ruin your company's brands (CIOReview) Don't let hackers ruin your company's brands By Elisa Cooper, Head of Marketing, GoDaddy Corporate Domains - Type "Peta.com" into your web browser, and you'll arrive at the website of People for the Ethical Treatment of...
How to automatically send robocalls and spam calls to your voicemail (Business Insider) Spam calls and robocalls are becoming even more common — and profitable. Here's how to stop scam and telemarketing calls on iPhones and Androids.
Digital Crusade - Naval Computer and Telecommunications Station, Far East team’s contribution to Navy (DVIDS) The United States military is the leading force of projected power globally, covering domains ranging from land and air to sea and even space. One domain that remains overlooked in news media is the world of cyberspace, home to a collection of threats—both foreign and domestic-- combatted by a team of individuals dedicated to keeping our networks and internet safe.
Legislation, Policy, and Regulation
What is cyber-terrorism, and is it a threat to U.S. national security? (Small Wars Journal) The primary defense and security concerns of the 21st-century have been and will continue to be driven by the strategic phenomena of cyberspace and terrorism.[i] However, there are several competing definitions of both cyberspace and terrorism, and there is no universally accepted definition for many cyber-related activities (i.e. cyber-terrorism, cyber-warfare, and cyber-crime).
Throwing gas on the fire of Iranian internet suppression (Atlantic Council) The October 26 cyberattack against gas stations across Iran is already being used as an excuse to push forward the repeatedly stalled Cyberspace Users Rights Protection and Regulation of Key Online Services which conservative politicians have been railroading through parliament since July.
World Developments Signaling US’ Decline: Iran’s Armed Forces (Tasnim News Agency) The General Staff of the Iranian Armed Forces said the developments unfolding in the region and elsewhere in the world today foretell America’s decline.
The Wars Within Islam Are Not Over (Foreign Affairs) But the post-9/11 era is—and America must adapt.
CIA director brings up Russian hackers at talks in Moscow - sources (Reuters) U.S. Central Intelligence Agency director William Burns raised the issue of Russian cyberattacks during a rare visit to Moscow, where he met high-ranking security officials, three sources told Reuters.
White House preps order to clarify top cyber roles in federal government (CyberScoop) The Biden administration is working on an executive order that spells out the responsibilities of myriad top cybersecurity officials in the federal government, National Cyber Director Chris Inglis said Wednesday.
Biden’s Top Cybersecurity Officials, Explained (Wall Street Journal) President Biden’s senior cybersecurity cadre is set. How they will work together is an open question.
Israeli Cyber Firm NSO Group Blacklisted by U.S. Amid Phone Hacking Allegations (Wall Street Journal) The Commerce Department’s action will block trade with U.S. firms and could interrupt foreign contracts.
US blacklists four surveillance and hacking tools suppliers, including NSO (Computing) Israeli firm Candiru, Russian security vendor Positive Technologies and Computer Security Initiative Consultancy also sanctioned
Victory! U.S. blacklists NSO Group and Candiru (Access Now) Access Now applauds the U.S. government for blacklisting NSO Group, Candiru, and other companies complicit in human rights abuses around the world.
Senate Panel Advances Raft of Cyber/IT Bills, Holds Over FedRAMP Legislation (MeriTalk) The Senate Homeland Security and Governmental Affairs voted today to approve and send to the full Senate for consideration 11 pieces of legislation, including several related to artificial intelligence, the cybersecurity workforce, and the Cybersecurity and Infrastructure Security Agency (CISA).
Peters and Portman Bipartisan Bill to Protect Americans’ Privacy by Securing and Preventing Misuse of Data Collected By Artificial Intelligence Advances in Senate (US Senate Committee on Homeland Security & Governmental Affairs) Bipartisan legislation authored by U.S. Senators Gary Peters (D-MI) and Rob Portman (R-OH) to secure and protect information handled by federal contractors using artificial intelligence (AI) technology, such as biometric data from facial recognition scans, has advanced in the Senate.
Jen Easterly: CISA Begins Classifying Systemically Important Critical Infrastructure Entities (Executive Gov) The Cybersecurity and Infrastructure Security Agency (CISA) has started identifying parts of U.S. cr
Federal cybersecurity leaders are eager for new hiring powers (The Record by Recorded Future) DHS's Cybersecurity Talent Management System goes into effect on November 15th.
Office of the National Cyber Director needs federal funds to meet hiring goals (FedScoop) The Office of the National Cyber Director built a “robust” talent pipeline but cannot use it to hire critical personnel until it receives congressional appropriations, according to Director Chris Inglis. Speaking before the House Homeland Security Committee on Wednesday, Inglis said he expects to onboard 25 staff members by December and a “full complement” in […]
Fulton elections director Rick Barron to resign (Georgia Public Broadcasting) The beleaguered election official will resign at the end of 2021 after eight years.
Litigation, Investigation, and Law Enforcement
Ransomware HQ: Moscow’s Tallest Tower Is a Cybercriminal Cash Machine (Bloomberg) One of the city’s most prestigious addresses houses companies providing a vital service to hackers.
DOJ's New Civil Cyber-Fraud Initiative and How a Pending Case Could Test Its Efficacy (JD Supra) The Department of Justice recently announced a new initiative that aims to hold government contractors accountable when they fail to meet required...
U.K. man implicated in Twitter hacking charged in NY with cryptocurrency theft (Reuters) A U.K. man previously charged in the United States with involvement in the hacking of politicians' and celebrities' Twitter accounts was charged on Wednesday over a separate scheme resulting in the theft of $784,000 of cryptocurrency.
Suspect in scheme to breach major Twitter accounts is now charged with hacking crypto executives (CyberScoop) Hacker previosly charged for stealing celebrities' Twitter accounts in Bitcoin scam faces new charges related to cryptocurrency theft.
OAIC says US facial recognition firm Clearview breached privacy law (CRN Australia) Says the company breached Australian privacy laws.
Killware: The New Cyber Threat and What It May Mean for Data Breach and Cybersecurity Litigations (The National Law Review) Recent coverage of data breach and cybersecurity litigation has focused on developments concerning Article III standing and inventive Plaintiff’s counsel seeking to rely on a cybe
Governments must check Facebook really does scrap face recognition, whistleblower says (Reuters) Facebook whistleblower Frances Haugen welcomed Facebook's announcement that it would scrap facial recognition, but urged close government oversight of the move to ensure the social network lived up to its pledge.
Smartmatic Sues Newsmax and OANN for Defamation (Wall Street Journal) Smartmatic accused Newsmax and One America News Network of defaming the company by publishing false reports that claimed its technology was used to switch votes from former President Donald Trump to Joe Biden.
State probing LGBTQ Atraf website for faulty cyberdefenses (The Jerusalem Post) Last weekend, Black Shadow announced its hack of Cyberserve, which hosted Atraf, and the hackers have been exposing personal information of LGBTQ clients of the website.
Thousands of Geofence Warrants Appear to Be Missing from a California DOJ Transparency Database (Markup) California requires law enforcement to report the controversial warrants to a state database—but The Markup found massive discrepancies in how they’re reported
These Parents Built a School App. Then the City Called the Cops (Wired) Stockholm’s official app was a disaster. So annoyed parents built their own open source version—ignoring warnings that it might be illegal.