Attacks, Threats, and Vulnerabilities
BlackMatter Announces Its End, Ransomware Cycle Continues (Flashpoint) The BlackMatter ransomware collective announced its closure. Here's what that means for the cyber threat actor associated with the group.
Threat Alert: Threat Actors Using release_agent Container Escape (Aqua) Team Nautilus detected a crypto mining campaign that uses a container escape technique to break out from the container and compromise the host
[New research] SSL certificates could be leaking company secrets (Detectify Blog) Detectify Labs research team analyzed over 900 million public SSL/TLS certificates and found they could be leaking company secrets.
Malware found in coa and rc, two npm packages with 23M weekly downloads (The Record by Recorded Future) The security team of the npm JavaScript package manager has warned users that two of its most popular packages had been hijacked by a threat actor who released new versions laced with what appeared to be password-stealing malware.
The Vagabon Kit Highlights ‘Frankenstein’ Trend in Phishing (RiskIQ) In early 2021, RiskIQ first detected a new phishing campaign targeting PayPal. The campaign, authored by an actor calling themself "Vagabon," looks to collect PayPal login credentials and complete credit card information from the victim.
Kaspersky Confirms Phishing Attacks Microsoft Office 365 (WinBuzzer) The researcher says threat actors are targeting Microsoft Office 365 credentials by using legitimate email messages, including from Kaspersky.
Fake Steam phishing baits victims with free Discord Nitro (IT PRO) Victims end up on a fake page where their credentials are stolen
Caught Beneath the Landline: A 411 on Telephone Oriented Attack Delivery (Proofpoint) Proofpoint researchers observe tens of thousands of telephone oriented cyberattacks daily. There are two types of these threats regularly observed by Proofpoint. One features traditional call center fraud, such as fake tech support, to steal money. The second leverages call centers to distribute malware that could be used for secondary compromises. Proofpoint is aware of individual victims losing nearly $50,000 per attack. It is likely that number is greater. Malware distributed in some of the observed campaigns could lead to ransomware and pose a greater risk to business operations.
CrypKey License Service Allows Privilege Escalation (Trustwave) CrypKey (https://www.crypkey.com/) is a third-party licensing service for Windows that integrates with existing software packages to prevent piracy and illegal duplication of software and data. I discovered that this service was installed on my system and decided to investigate it a little deeper. What I found was a trivial Privilege Escalation vulnerability and despite multiple attempts to get the vendor to patch the issue, a patch is still unavailable at the time of publication.
Call center scammers using Justin Bieber tickets and The Weeknd concerts to spread malware: Proofpoint (ZDNet) Researchers with Proofpoint said they observed threat actors stealing almost $50,000 per attack.
Cybercriminals To Impersonate Delivery Firms in Black Friday Phishing Scams (Tessian) US and UK consumers have received a phishing scam from a hacker posing as a delivery service in 2021. Black Friday phishing scams set to surge.
DDoS botnet exploiting known GitLab vulnerability (SearchSecurity) GitLab instances are apparently being used for large-scale DDoS botnet attacks thanks to a months-old vulnerability, according to a Google engineer.
Report: Australian Marketing Company Exposes 100,000s of People to Fraud (vpnMentor) Led by Noam Rotem and Ran Locar, vpnMentor’s research team recently discovered an enormous data breach by Australian marketing software firm Acquirely.
Human error blamed for Eastern Ontario school board data breach (Ottawa Citizen) "The employee feels bad for the situation. But, in fairness to the employee, we are asking them to do work on a Saturday evening."
Data breach could have affected more than 4,000 Monterey County residents (Monterey Herald) Monterey County is notifying residents that San Jose-based Seneca Family of Agencies, a contractor providing behavioral health services to various Monterey County clients, experienced a network dat…
N.L. health-care cyberattack is worst in Canadian history, says cybersecurity expert (CBC) One cybersecurity expert says the ongoing disruptions to the Newfoundland and Labrador health-care system may constitute the worst cyberattack in Canadian history, and has implications for national security.
‘Sideloading is a cyber criminal’s best friend,’ according to Apple’s software chief (The Verge) Apple argues sideloading is too big a risk.
Security Patches, Mitigations, and Software Updates
CISA urges vendors to patch BrakTooth bugs after exploits release (BleepingComputer) Researchers have released public exploit code and a proof of concept tool to test Bluetooth devices against System-on-a-Chip (SoC) security bugs impacting multiple vendors, including Intel, Qualcomm, Texas Instruments, and Cypress.
CISA recommends vendors to fix BrakTooth issues after the release of PoC tool (Security Affairs) CISA urges vendors to address BrakTooth flaws after researchers have released public exploit code and a proof of concept tool for them. US CISA is urging vendors to address BrakTooth flaws after security researchers have released public exploit code and a proof of concept tool to test Bluetooth devices against potential Bluetooth exploits. “On November […]
Cisco Plugs Critical Holes in Catalyst PON Enterprise Switches (SecurityWeek) Cisco patches vulnerabilities that could be exploited to login remotely using default debugging credential, or execute arbitrary commands without authentication.
Linux Foundation Fixes 'Dangerous' Code Execution Kernel Bug (SecurityWeek) A heap overflow in the TIPC (Transparent Inter-Process Communication) module that ships with the Linux kernel can be exploited to launch remote code execution attacks.
Mozilla Rolling Out 'Site Isolation' With Release of Firefox 94 (SecurityWeek) Mozilla this week announced that Firefox 94 is bringing Site Isolation to all users, along with patches for over a dozen vulnerabilities, including seven that feature a high severity rating.
Philips Tasy EMR (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.8
ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
Vendor: Philips
Equipment: Tasy EMR
Vulnerabilities: SQL Injection
2.
VISAM VBASE Editor (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.4
ATTENTION: Exploitable remotely/low attack complexity
Vendor: VISAM
Equipment: VBASE
Vulnerabilities: Improper Access Control, Cross-site Scripting, Improper Restriction of XML External Entity Reference, Using Components with Known Vulnerabilities
2.
AzeoTech DAQFactory (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: AzeoTech
Equipment: DAQFactory
Vulnerabilities: Use of Inherently Dangerous Function, Deserialization of Untrusted Data, Cleartext Transmission of Sensitive Information, Modification of Assumed-Immutable Data (MAID)
2.
Kaspersky fixes a vulnerability that might result in an unbootable system (TheDigitalHacker) On Monday, Kaspersky sent two advisory to consumers, warning them of a vulnerability that can result in unbootable devices and a phishing effort involving
Trends
Continuous API Sprawl: Challenges and Opportunities in an API-Driven Economy. (F5) The Application Programming Interface (API) economy is the totality of all public and private APIs that exist globally at any given moment. It is continuously expanding and will soon reach a point where it will become a driving force in the global economy. Just as the oil industry has dominated every aspect of our lives for over a century, APIs will become the core driver of the economy.
How to guard against cybersecurity hopelessness (SC Media) There are proactive steps security teams can take to keep their companies secure.
New Zealanders unaware of common cyber scams, not taking basic precautions (IT Brief) Despite best intentions, most New Zealanders overlook key steps to protect sensitive data.
Argentina and Mexico are Latin American countries with highest number of child cyberbullying cases (Rio Times) Argentina is among the two countries with the highest child cyberbullying crimes in Latin America. This emerges from a comprehensive UNESCO report on bullying, grooming, and school mistreatment via cyber over the last year.
Ghana places 3rd in cybersecurity in Africa (BusinessGhana) Ghana placed third on the Global Cybersecurity Index (GCI) in Africa, behind Mauritius and Tanzania, with a score of 86.69 per cent, covering the...
Marketplace
Cybersecurity Companies Are Raking in Millions. Many Don’t Turn Profits. (Wall Street Journal) Share prices of most publicly traded cybersecurity companies have risen during the pandemic, but profits haven’t necessarily materialized.
Compliance-as-a-Service Platform Laika Raises $35 Million (SecurityWeek) Compliance-as-a-Service platform Laika this week announced that it has raised $35 million in Series B funding, which brings the total raised by the company to $48 million.
Kaspersky boosts XDR platform through Brain4Net acquisition (ITWeb) This acquisition will enable Kaspersky to evolve its existing solutions into full-scale XDR.
CrowdStrike: The Salesforce Of Security (Seeking Alpha) CrowdStrike believes they are a category defining SaaS company in Security, similar to how Salesforce is a category defining SaaS company in CRM.
Kevin Mandia: ‘Efficiency Of Sales Starts With Maniacal Focus’ (CRN) Mandiant customers will benefit from more strategic technology partnerships and a more focused sales force following the $1.2 billion sale of the FireEye products business.
Mandiant's first results as standalone company mixed compared with Street view; CFO retiring (MarketWatch) Mandiant Inc. reported its first results as a standalone cybersecurity software and services company in the extended session Thursday, and they were mixed...
Verizon Carries Out Layoff Round Following Strong Q3 Results (CRN) Telecom giant Verizon carried out a round of layoffs last week that impacted the Verizon Business Group, which houses the company's channel team, and the Verizon Global Technology Solutions Group.
Claroty Named a Leader in ICS Security with Highest Score in Current Offering Category by Independent Research Firm (Claroty) Analyst report on ICS security recognizes Claroty as one of three Leaders, ranked highest in current offering of all 12 vendors evaluated
“If you rely on Microsoft for cybersecurity, you're going to be in the news” (Verdict) The CEO of Cybereason has said that companies who rely on Microsoft cybersecurity products are likely to end up a victim of a cyberattack.
What’s it like to work as a malware researcher? 10 questions answered | WeLiveSecurity (WeLiveSecurity) Three ESET malware researchers describe what their job involves, what skills they need, and what it takes to embark on a successful career in this field.
Why cybersecurity is a great career for military veterans (Triangle Business Journal) America is fighting a war on an invisible front, and we need skilled and motivated professionals to protect us.
Medigate Accelerates Expansion to Meet Growing Demand in Asia-Pacific Region (PR Newswire) Medigate, Healthcare's Security and Clinical Asset Management leader, today announced its expansion into the Asia-Pacific (APAC) region....
Products, Services, and Solutions
Reblaze Launches New Partner Program to Meet Growing Demand for Cloud-Native Web Application Security (GlobeNewswire News Room) Formation follows increased interest from early partner program members including AllCloud, Doit, Storm, Aiqon, Cycura, ICE-Latam, Reign, and ePLDT...
The State of Oklahoma Transforms IT with Dell Technologies (Dell Technologies) State of Oklahoma updates and transforms its data center infrastructure with Dell Technologies to modernize disaster recovery and become a digital-first government
Center for Internet Security Names CrowdStrike as a Premier Partner (crowdstrike.com) CrowdStrike announced it has been selected by the Center for Internet Security (CIS) as its premier partner for endpoint security.
Black & Veatch Partners With Idaho National Laboratory to Accelerate Use of Cybersecurity Methodology (Yahoo) Consequence-Driven Cyber-Informed Engineering (CCE) service expands Black & Veatch’s cybersecurity service offerings to U.S. utilities facing growing digital threats
LogRhythm launches cybersecurity solutions in the Caucasus in partnership with HT Solutions (Intelligent CIO Europe) LogRhythm has launched a strategic partnership in the Caucasus to provide customers in the region with optimised cybersecurity capabilities. The launch is in partnership with HT (High-Tech) Solutions, a leading Georgian IT consulting company. The partnership enables public and private organisations to deploy LogRhythm’s full portfolio of solutions, including its NextGen Security Information and Event […]
Technologies, Techniques, and Standards
WSJ News Exclusive | AT&T, Verizon to Delay 5G Rollout Over FAA’s Airplane Safety Concerns (Wall Street Journal) The wireless carriers agreed to postpone their planned Dec. 5 deployment of a new 5G frequency band to address FAA concerns about potential interference with cockpit safety systems.
How to keep your intimate, embarrassing or damaging text messages as private as possible (Washington Post) Elizabeth Holmes is the latest figure to have private texts messages made public in court. Here’s how you can try to protect your own chats.
Five ways to combat increasingly costly cyberattacks (SC Media) The cybercriminals are growing more sophisticated – and that’s why companies need a strategy to fight back.
Simulation Game Teaches Non-Security Staff How to Handle a Cyber Crisis (Dark Reading) In this card-based game from Kaspersky, players work through a cyberattack scenario and learn how each decision they make has consequences.
How To Protect Your Home Office From Cyber Crime (Crime Crime Research Center) Working remotely has plenty of advantages, but when it comes to cybercrime you are more vulnerable. In an office, security pros and the IT department employ numerous tools to keep you safe.
Historic deployment of cyber forces with Bomber Task Force Europe (U.S. Cyber Command) In a historic deployment, a U.S. Cyber Command Cyber Protection Team defended critical data on B-1B Lancers assigned to Dyess Air Force Base’s 9th
Army reactivates theater artillery command amid Russian build-up near Ukraine - Breaking Defense (Breaking Defense) The European Theater Fires Command was deactivated in 1991 after the signing of the INF. Now the Army views is as critical to long-range fires in multi-domain operations.
Design and Innovation
Why maybe, just maybe, the era of the password is finally sunsetting (Federal News Network) Tech vendor Cisco reports a sharp rise in biometrics and multi-factor login, and greater interest by IT executives to move past passwords.
DataTribe Announces Fourth Annual Cybersecurity Start-Up Challenge Finalists (BusinessWire) DataTribe, a global cyber foundry that invests in and co-builds next-generation cybersecurity and data science companies, announced today the finalist
Legislation, Policy, and Regulation
Iran Marks Anniversary of 1979 Takeover of US Embassy (Military.com) The government-organized commemoration, long a venue for voicing anti-Western sentiment, draws angry crowds each year.
Nakasone: Cold War-style deterrence 'does not comport to cyberspace' (Breaking Defense) "Strategic competition is alive and well in cyberspace, and we're doing it every day with persistent engagement," the CYBERCOM and NSA leader said.
Cyber Official Warns ‘American Way of Life’ at Risk From Hackers (Bloomberg) CISA’s Easterly orders agencies to fix software bugs. Private sector core to national security, cyber chief says.
The AP Interview: Justice Dept. conducting cyber crackdown (AP NEWS) The Justice Department is stepping up actions to combat ransomware and cybercrime through arrests and other actions, its No. 2 official told The Associated Press, as the Biden administration escalates its response to what it regards as an urgent economic and national security threat.
Top cyber official reports 'decrease' in Russian cyberattacks against US groups (TheHill) White House National Cyber Director Chris Inglis testified on Capitol Hill Wednesday that there had been a “decrease” in the number of cyberattacks against U.S.
Biden administration teams up with Big Tech to fend off cyberattacks (The Washington Times) The Biden administration is working aggressively to enlist tech companies to help fight hackers and ransomware attackers, saying a cybersecurity public-private partnership is the best way to protect America’s critical infrastructure.
Federal Cybersecurity Directive Spotlights Aging Computer Systems (Wall Street Journal) Many of the cybersecurity gaps outlined in a new White House directive that calls on agencies to patch online vulnerabilities stem from the government’s aging systems, experts say
House Passes Two Bills to Improve Small Business Cybersecurity (SecurityWeek) The U.S. House of Representatives this week passed two bills whose goal is to improve the cybersecurity of small businesses.
Secretary Blinken Announces Next Steps for Creating a Bureau of Cyberspace and Digital Policy at the Department of State (JD Supra) On October 27, 2021, Secretary of State Antony Blinken formally announced plans to modernize and reorient American diplomacy to meet the evolving...
It's Time to Regulate Water and Wastewater Cybersecurity--Here's How (Belfer Center for Science and International Affairs) Amid a heightened threat environment in which U.S. water infrastructure is increasingly vulnerable to cyberattacks, the time to set cybersecurity regulations--and provide funding for state, local, and private organizations to meet them--is now.
Verizon Director of Security Joe Folk Speaks on Modernizing Federal Government Cybersecurity (Aviation Week Network) Cybersecurity threats against government agencies' are rapidly evolving, with spikes in ransomware, insider, and supply-chain attacks. In their ongoing modernization efforts, these agencies are seeking outside expertise to more securely harden their networks. Verizon says it's uniquely qualified for this role, by dint of its own network being part of the national critical infrastructure.
Pentagon issues revised cyber standards for contractors (The Record by Recorded Future) The Defense Department on Thursday released a revamped framework and digital security standards for contractors that is intended to “minimize barriers” for compliance.
Pentagon strips down CMMC program to streamline industry cyber assessments | Federal News Network (Federal News Network) The Pentagon is revising its Cybersecurity Maturity Model Certification program by massively reducing the amount of companies that would require third-party assessments and providing new waiver…
DoD unveils next iteration of sprawling cybersecurity initiative (C4ISRNet) After a review, the Pentagon announces CMMC 2.0.
Designating the U.S. Space Sector as Critical Infrastructure (INSA) It is in the national interest to designate space systems as a sector of the critical infrastructure of the United States. As commercial companies have driven significant technological innovation and growth in the space sector, space-related technologies and systems have become increasingly critical to U.S. national and economic security. Designation of space as a critical infrastructure sector would enable public-private collaboration and information-sharing regarding both the space sector’s vulnerabilities and the threats space assets face.
INSA Calls for Designating Space Systems as New U.S. Critical Infrastructure Sector (Hstoday) Paper says it would enhance the resiliency of space-related assets and thereby make these other critical infrastructure sectors more secure.
INSA Argues for Space Systems Classification as Critical Infrastructure (MeriTalk) The Intelligence and National Security Alliance – a trade group for the intel and national security communities – is arguing in a new white paper that United States space systems should be classified by the Federal government as critical infrastructure.
Thousands of intel officers refusing vaccine risk dismissal (Washington Post) Thousands of intelligence officers could soon face dismissal for failing to comply with the U.S. government’s vaccine mandate, leading some Republican lawmakers to raise concerns about removing employees from agencies critical to national security.
Litigation, Investigation, and Law Enforcement
Hungarian official: Government bought, used Pegasus spyware (AP NEWS) A senior official in Hungary's governing party acknowledged for the first time on Thursday that the government purchased a powerful spyware tool, which was allegedly used to target journalists, businesspeople and an opposition politician.
Igor Danchenko arrested, charged with lying to FBI about information in Steele dossier (Washington Post) An analyst who was a primary source for a 2016 dossier of allegations against Donald Trump has been arrested on charges that he repeatedly lied to the FBI about where and how he got his information, officials said Thursday.
Indictment of Igor Danchenko Casts New Doubts on Sourcing of Steele Dossier (Wall Street Journal) Special counsel John Durham alleges a key source lied to the FBI about how he collected information about former President Donald Trump and Russia, getting some of it from a Democratic operative.
US Offers $10 Million Bounty in Hunt for DarkSide Ransomware Operators (SecurityWeek) The U.S. Department of State is offering $10 million for information leading to the identification or location of senior members of the DarkSide ransomware gang
US offers $10 million reward for info on Darkside ransomware group (The Record by Recorded Future) The US government has offered today a $10 million reward for any information that may lead to the identification and/or arrest of members part of the Darkside ransomware group.
Reward Offers for Information to Bring DarkSide Ransomware Variant Co-Conspirators to Justice (United States Department of State) The U.S. Department of State announces a reward offer of up to $10,000,000 for information leading to the identification or location of any individual(s) who hold(s) a key leadership position in the DarkSide ransomware variant transnational organized crime group. In addition, the Department is also offering a reward offer of up to $5,000,000 for information […]
Ukraine Names Russian FSB Officers Involved in Gamaredon Cyberattacks (SecurityWeek) Ukraine has revealed the identity of 5 Russian FSB officers who were allegedly involved in cyberattacks attributed to a threat group tracked as Gamaredon and Primitive Bear.
Ukraine links members of Gamaredon hacker group to Russian FSB (BleepingComputer) SSU and the Ukrainian secret service say they have identified five members of the Gamaredon hacking group, a Russian state-sponsored operation known for targeting Ukraine since 2014.
SSU identifies FSB hackers responsible for over 5,000 cyber attacks against Ukraine (video) (SSU) The SSU Cyber Security Department identified hackers of the notorious ARMAGEDON group, which carried out over 5,000 cyber attacks against public authorities and critical infrastructure of Ukraine. They are officers of the ‘Crimean’ FSB and traitors who defected to the enemy during the occupation of the peninsula in 2014.
Gamaredon/Armageddon Group: FSB RF cyber attacks against Ukraine (SSU) Within conducting hybrid aggression against Ukraine, since 2014 Russian Federation special services launched an open intelligence and sabotage activities.
Greater Security Enforcement is Leading to New SEC Fines - What You Need to Know Now... (onShore Security) Notable Ransomware Attacks are Prompting Increased Accountability
Singapore cyber-security firm blacklisted by the US along with those linked to Pegasus spyware (The Straits Times) It allegedly sold hacking tools that were used against individuals and organisations worldwide.. Read more at straitstimes.com.
Twitter Hacker Charged Over Theft of $784,000 in Cryptocurrency (SecurityWeek) A British national has been charged in the United States over his role in a scheme that involved the use of SIM swapping to steal roughly $784,000 worth of cryptocurrency.
Scammer steals more than $100,000 from Erie County by posing as a construction company owed money (WGRZ) Erie County Attorney Michael Siragusa has asked local prosecutors to investigate the clear "criminal activity."
Win one for privacy – Swiss providers don’t have to talk (WeLiveSecurity) The battle for email privacy has been a long one – but security and privacy now get a leg up in Proton’s legal challenge against data retention obligations.