Attacks, Threats, and Vulnerabilities
China says a foreign spy agency hacked its airlines, stole passenger records (The Record by Recorded Future) Chinese officials said last week that a foreign intelligence agency hacked several of its airlines in 2020 and stole passenger travel records.
Hackers Apologize to Arab Royal Families for Leaking Their Data (Vice) “Bluntly, UAE sends assassination teams to deal with people they don’t like. [...] Even ransomware groups are subject to political pressure."
Russian cyber hackers who carried out ‘virtual heist’ on jewellers Graff make grovelling apology (In Entertainment) The cyber hackers that stole confidential information from the famous and wealthy clients of Graff jewellers have apologized to the Middle East’s royals whose details were leaked.
Babuk Ransomware Seen Exploiting ProxyShell Vulnerabilities (SecurityWeek) Security researchers spot signs that the Babuk ransomware gang is targeting ProxyShell vulnerabilities in Microsoft Exchange Server.
Industry Reactions to New 'Trojan Source' Attack: Feedback Friday (SecurityWeek) Industry professionals comment on the recently disclosed Trojan Source attack method, which abuses Unicode to stealthily inject vulnerabilities into code.
Latest Russia-Linked Attacks Put Cloud Security In Spotlight (Dice Insights) The Russia-linked group believed responsible for the SolarWinds attack in 2020 is back, putting the cloud again in the security spotlight.
Alleged Russian Hacks of Microsoft Service Providers Highlight Cybersecurity Deficiencies (VOA) Microsoft disclosed last month that alleged Russian state-backed hackers ‘Nobelium’ successfully compromised up to 14 IT service providers this year
Amnesty says NSO's Pegasus used to hack phones of Palestinian rights workers (Reuters) The mobile phones of six Palestinian rights workers in the Israeli-occupied West Bank were hacked using Israeli technology firm NSO Group's Pegasus spyware, Amnesty International and internet security watchdog Citizen Lab said on Monday.
FBI: Scams Involving Cryptocurrency ATMs and QR Codes on the Rise (SecurityWeek) The Federal Bureau of Investigation (FBI) this week issued an alert on fraud schemes that direct victims to use cryptocurrency ATMs and Quick Response (QR) codes to make payment transactions.
Researchers Release PoC Tool Targeting BrakTooth Bluetooth Vulnerabilities (SecurityWeek) CISA this week warned on proof-of-concept (PoC) code for the BrakTooth Bluetooth vulnerabilities now being publicly available.
Hackers are stealing 2FA codes with terrifyingly effective voice bots (BGR) Hacker use sophisticated voice bots that can trick users into giving out the 2FA/OTP codes that protect their online accounts to attackers.
“Customer complaint” email scam preys on your fear of getting into trouble at work (Naked Security) Stop. Think. Connect. Don’t let the crooks trick you into acting in haste.
'Bad Bot' attacks threaten holiday shopping season, gaming console sales (Fox Business) Online threats to consumers will rise this month as shopping picks up, a new report says.
A Drone Tried to Disrupt the Power Grid. It Won't Be the Last (Wired) An attack attempt in 2020 proves the UAS threat is real—and not enough is being done to stop it.
Hackers have breached organizations in defense and other sensitive sectors, security firm says (CNN) Suspected foreign hackers have breached nine organizations in the defense, energy, health care, technology and education sectors -- and at least one of those organizations is in the US, according to findings that security firm Palo Alto Networks shared exclusively with CNN.
KdcSponge, NGLite, Godzilla Webshell Used in Targeted Attack Campaign (Unit42) A malicious campaign against ManageEngine ADSelfService Plus used Godzilla webshells, the NGLite backdoor and KdcSponge, a credential stealer.
U.S. cybersecurity firm uncovers hack attacks linked to group with Chinese government ties (Axios) Education industries in the U.S. and other countries were also targeted, cybersecurity firm Palo Alto Networks said tonight.
Hacker steals $55 million from bZx DeFi platform (The Record by Recorded Future) A hacker has stolen an estimated $55 million worth of cryptocurrency assets from bZx, a decentralized finance (DeFi) platform that allows users to borrow, loan, and speculate on cryptocurrency price variations.
US defense contractor Electronic Warfare hit by data breach (BleepingComputer) US defense contractor Electronic Warfare Associates (EWA) has disclosed a data breach after threat actors hacked their email system and stole files containing personal information.
Region 3 Behavioral Health tightens security efforts after cyber attack (The Grand Island Independent) Among the changes made in the wake of the attack, Region 3 moved its emails from an exchange server to a secure cloud-based system.
Native Tribal Casinos Taking Millions in Ransomware Losses (Threatpost) An FBI notification is warning of an uptick in attacks against tribal casinos.
FBI Cyber Crime Division Warns Tribal Casinos About Ongoing Threats (Casino.org) The FBI Cyber Crime Division says casinos owned by Native Americans should remain on high alert for ransomware attacks.
FBI: Ransomware gangs hit several tribal-owned casinos in the last year (BleepingComputer) The Federal Bureau of Investigation (FBI) says that multiple ransomware gangs have hit tribal entities over the last year, taking down their systems and impacting businesses and public services.
Buying fake Justin Bieber tickets could see your phone infected with malware (TechRadar) Scammers use fake call centers to steal money and infect victims with malware
How BlackBerry found an initial access broker supporting threat groups (IT World Canada) Researchers at BlackBerry believe they have identified a new threat actor that acts as an initial access broker for a number of hacking groups, including two ransomware gangs and an attacker who does espionage. In a report released Friday, BlackBerry said a threat actor it dubs Zebra2104 is the connection between the MountLocker and Phobos […]
Premier “Fully Engaged” on Cyber Attack While Abroad for COP26 (VOCM) The Premier says the first he heard about a potential cyber attack on the province's healthcare IT systems was...
Cooperative societies too not secure, get in crosshairs of cyber criminals (The Pioneer) As digitisation has become the buzzword amid the Covid-19 pandemic, cooperative societies, particularly banks — whether big or small — are finding themselves in the crosshairs of cyber criminals. This has prompted stakeholders like the National Cooperative Development Corporation (NCDC) to step
Bitcoin Cash Briefly Spikes on Fraudulent Press Release (CoinDesk) The cryptocurrency rose over 4.6% from $602.63 at around 11:30 UTC to $630.70 in less than 15 minutes after the publication of a fraudulent announcement.
Salina physician clinic was victim of cyber attack (Hays Post) Mowery Clinic has been the victim of a cyber attack.In a posting on its website, Mowery Clinic, 737 E. Crawford, wrote tha
Canadian real estate company slammed by ransomware attack (Insurance Business Magazine) Gang claiming responsibility says it stole 755GB of data from the company
Security Patches, Mitigations, and Software Updates
Apple rolls out fix for macOS Monterey bug that bricked some Macs with the T2 chip (9to5Mac) macOS Monterey was released to the public last month with new features such as Focus modes, Shortcuts, and more. For users of select older Macs, however, the update bricked their machines and prevented them from turning on. Now, Apple says it has identified an issue affecting the T2 security chip that caused this problem and […]
November 2021 Patch Tuesday forecast: More mandates in the United States (Help Net Security) Todd Schell offers a November 2021 Patch Tuesday forecast and presents what we'll probably have to patch this month.
Trends
Surveillance Technology at the Fair: Proliferation of Cyber Capabilities in International Arms Markets (Atlantic Council) Nation-state cyber capabilities are increasingly abiding by the “pay-to-play” model—both US/NATO allies and adversaries can purchase interception and intrusion technologies from private firms for intelligence and surveillance purposes. This paper analyzes active providers of interception/intrusion capabilities, as well as the primary arms fairs at which these players operate. The answers to these questions will allow policymakers to better understand the proliferation of cyber capabilities in the hands of irresponsible corporate actors that presents an urgent challenge to national and global security.
“A grim outlook”: How cyber surveillance is booming on a global scale (MIT Technology Review) New data paints a detailed picture of the ways Western companies are selling cyber weapons and surveillance technology to NATO’s enemies.
Is Facebook Bad for You? It Is for About 360 Million Users, Company Surveys Suggest (Wall Street Journal) The app hurts sleep, work, relationships or parenting for about 12.5% of users, who reported they felt Facebook was more of a problem than other social media. Facebook said it has built tools and controls to help people manage when and how they use its services.
Younger generations care little about cybersecurity (Help Net Security) According to SailPoint, 59% of workers use corporate email for personal use, but younger generations are the biggest cybersecurity offender.
Marketplace
SCYTHE Announces $10 Million Series A Investment to Support Expansion of Enterprise-Level Cybersecurity (BusinessWire) SCYTHE Announces $10 million Series A Investment to Support Expansion of Enterprise-Level Cybersecurity
Advent, Permira Near Deal to Buy McAfee for More Than $10 Billion (Wall Street Journal) The security-software company is nearing a deal to sell itself to a group including private-equity firms Advent International and Permira for more than $10 billion, according to people familiar with the matter.
McAfee Eyes Sale To Advent, Permira For More Than $10B: Reports (CRN) McAfee Is nearing a deal to be sold to private equity firms Advent International and Permira just a year after returning to the public markets.
Neuro-ID takes in fresh capital to combat fraud from all of our taps, types and swipes (TechCrunch) The company captures real-time customer behavior so companies can see who is genuine, and who is fraudulent, and identify the root cause of customer friction.
Auto-Sector Cybersecurity Group Expands to Europe Amid Rising Threats, New Regulation (Wall Street Journal) The European outpost aims to help companies and regulators exchange information to protect the car maker supply chain.
Zero Day Initiative — Pwn2Own Austin 2021 - Schedule and Live Results (Zero Day Initiative) Welcome to Pwn2Own Austin 2021! This year’s consumer-focused event is our largest ever with 58 total entries from 22 different contestants. As with all of our contests now, you can follow along live on YouTube and Twitch. With attempts going every 30 minutes, is should be an exciting few days. As a
Microsoft goes hard in enterprise security (Verdict) Microsoft is the technology company best positioned to take advantage of future enterprise security disruption in the industry, according to GlobalData analysts.
Microsoft is investigating its own partnership with Abnormal Security amid claims the hot email security startup 'misrepresented' how much it uses the Microsoft Azure cloud (Business Insider) Abnormal agreed to move onto Azure, and Microsoft agreed to cosell Abnormal's products. One year later, the deal doesn't seem to be going as planned.
Device Exploits Earn Hackers Over $1 Million at Pwn2Own Austin 2021 (SecurityWeek) Pwn2Own Austin 2021 has come to an end, with participants earning a total of more than $1 million for their router, printer, NAS device, smartphone and smart speaker exploits.
Positive Technologies says US sanctions had little or no effect on its business (The Record by Recorded Future) Russian cybersecurity firm Positive Technologies said on Thursday that it is not concerned about the recent sanctions announced by the US government earlier this week, as the previous US sanctions did not have any "significant impact" on its operations.
The strange saga of Huawei | Commentary (Seattle Times) You might only be vaguely familiar with Huawei, the large Chinese technology company that has been in the crosshairs of the United States.
Brazil: China’s Huawei Included in 5G Auction (Stratfor) On the first day of Brazil’s fifth generation auction, the government announced it would allow winners to use Chinese telecoms company Huawei Technologies’ existing 5G equipment, Reuters reported Nov. 4.
5 companies with horrible reputations that changed their names (Mashable) Facebook isn't the only company to change its name.
Products, Services, and Solutions
New infosec products of the week: November 5, 2021 (Help Net Security) The featured infosec products this week are from: Cynamics, Imperva, Linux Foundation, Netscout and Tenable.
Coalition – Cyber Risk, Solved. (Coalition) Coalition offers comprehensive cyber insurance coverage, cybersecurity tools, and 24/7 incident response.
Technologies, Techniques, and Standards
How Not To Get Phished: It Is the Message Not the Medium (KnowBe4) Back in the early 1990s, when I was first getting into the IT field as a full-time network administrator.
Inertia is the enemy of cybersecurity (TheHill) Hackers can and will exploit the U.S. government’s resistance to technological change and reliance on legacy systems.
Commercial and Military Applications of Quantum Technology (RAND) There are three main categories of quantum technology: quantum sensing, quantum communication, and quantum computing. How—and when—might these technologies affect national security? And which countries lead in developing them?
Feds likely to fall short of deadline for strengthening encryption, multifactor authentication (CyberScoop) A winning streak of hitting deadlines under President Joe Biden’s ambitious May cybersecurity executive order is widely expected to end Monday, affecting changes that administration officials have touted most: implementing multifactor authentication and encryption at all civilian federal agencies.
Balancing Cyber Security Budgets: Efficiently Combating Threats Without Compromising on Performance (Finextra Research) Revenue and profit growth is a welcome outcome for CEO’s — it’s an indicator that business is heal
Types of Penetration Testing (The Hacker News) Read about the different types of penetration testing to find out which type you can benefit from the most.
Academia
DHS Selects Northeastern University to Lead Center of Excellence for Engineering Secure Environments from Targeted Attacks (Security Today) The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) announced the selection of Northeastern University to lead a consortium of U.S. academic institutions and other partners for a new Center of Excellence for Engineering Secure Environments from Targeted Attacks (ESE).
NPS Applied Mathematics Professor Receives International George Boole Prize (DVIDS) The basis of the digital world resides in Boolean functions, illustrated by random-seeming combinations of zeros and ones. It’s derived from pure math called Boolean logic developed in the mid-1800s by George Boole. He never would have imagined the originally theoretical principle would become so vital in mainstream society.
Legislation, Policy, and Regulation
Initiative Persistence and the Consequence for Cyber Norms (Lawfare) Documents like CYBERCOM's 2018 Command Vision are less provocative in the context of other directives, but who in the U.S. government takes precedence in constructing cyber norms?
India, France agree to expand defence ties, security partnership (The Week) Two months after AUKUS deal, France deepens relationship with India
Nigeria urged to invest in cybersecurity against spate of attacks (Punch) The value of the Internet cannot be overemphasised. In fact, its emergence made life easy and offered ample opportunities for many with just a push of buttons on laptops and phones. Many people with internet-enabled phones have wide-ranging things they do with them. Globally, people connect and engage in business. But technological advancement brings about diverse challenges including cyber attacks.
Ignore China’s New Data Privacy Law at Your Peril (Wired) The Personal Information Protection Law gives authorities the power to impose huge fines and blacklist companies. But the biggest impact may be felt outside the country.
China Wants to Own Shipping's Digital Operating System (The Maritime Executive) How the Digital Silk Road is Digitizing Shipping with China as the Sole Network Administrator.
At...
IT ministry to form CERT to counter cyber attacks (Daily Times) ISLAMABAD: Ministry of Information Technology and Telecommunication is in process of forming a Computer Emergency Response Team (CERT)
Israeli foreign minister distances government from blacklisted NSO Group (Reuters) Israel's Foreign Minister Yair Lapid on Saturday distanced the government from the NSO Group, a firm blacklisted this week by the United States over alleged misuse of its phone hacking spyware.
Israel says blacklisted NSO Group 'has nothing to do' with government policies (TheHill) Israel's Foreign Minister Yair Lapid on Saturday sought to distance the government from the NSO group, an Israeli company blacklisted by the U.S.
NSO blacklisting: Global reckoning begins for spyware and its tools of repression | Opinion (Haaretz) The U.S. has sent a clear warning to NSO and its global peers: Stop facilitating malicious attacks on human rights. But to curb an advanced, invasive, uncontrolled cyber surveillance industry, we need to do far more
The NSO affair is a national failure for Israel | Opinion (Haaretz) On Wednesday the U.S. Commerce Department added the two Israeli offensive-cyber firms NSO Group and Candiru to its Entity List of companies hostile to U.S. national interests, because of their activities in the service of dictatorial regimes and against democratic values worldwide.
House approves massive infrastructure plan that includes $1.9 billion for cybersecurity (The Record by Recorded Future) The U.S. House of Representatives on Friday approved $1.2 trillion infrastructure bill that will investment nearly $2 billion in cybersecurity efforts throughout the federal government.
House passes $1 trillion bipartisan infrastructure bill that includes transport, broadband and utility funding, sends it to Biden (CNBC) The House approved the infrastructure bill as Democrats made progress on their broader social safety net and climate plan.
House Sends Infrastructure Bill With Crypto Tax Provision to US President (CoinDesk) The vote passed with bipartisan support on Friday night.
What's next in Congress for cybersecurity after enactment of the infrastructure bill (CSO Online) Passage of the infrastructure bill includes $1.9 billion for cybersecurity, and more could be on the way with the Build Back Better and other bills working their way through congress.
How to Free Business From the Ransomware Dystopia (Barron's) Banning ransomware payments would force businesses to choose between breaking the law and going out of business. Cybersecurity experts Samantha F. Ravich and Georgianna Shea have a better way.
Klobuchar, Cotton bill could block Big Tech mergers (Axios) The bill aims to make it more difficult for big companies to buy their rivals.
President Biden Announces Additional Members of His Diplomatic and Homeland Security Teams | The White House (The White House) Today, President Joe Biden announced his intent to nominate the following individuals to serve in key roles: Laura Farnsworth Dogu, Nominee
Pentagon rolls out v2.0 of controversial CMMC program (Breaking Defense) DoD said it will be "increas[ing] oversight of professional and ethical standards of third-party assessors."
U.S. Looks to Coordinate Global Cybersecurity (EE Times Asia) A new State Department bureau would provide badly needed cybersecurity and technology training for diplomats.
Former Bush official who warned about Trump to be named Homeland Security intel chief (CNN) President Joe Biden plans to nominate attorney and former Bush administration appointee Kenneth Wainstein to lead the Department of Homeland Security's intelligence division, according to a department official, a step towards permanent leadership at an office plagued by Trump-era controversies.
Vaccine refusals in intelligence agencies raise GOP concerns (Star Tribune) Thousands of intelligence officers could soon face dismissal for failing to comply with the U.S. government's vaccine mandate, leading Republican lawmakers to raise concerns about removing employees from agencies critical to national security.
Thousands of intelligence officers who remain unvaccinated could face dismissal (My Sun Coast) While many people will likely still get vaccinated before the administration’s Nov. 22 deadline for civilian workers, resistance to the mandate could leave major agencies responsible for national security without some personnel.
SEC Names Nicole Creola Kelly as Whistleblower Program Chief (Wall Street Journal) Ms. Kelly, a senior special counsel at the regulator, takes over from Emily Pasquinelli, who has been the program’s acting chief since April.
Litigation, Investigation, and Law Enforcement
A spin doctor with ties to Russia allegedly fed the Steele dossier before fighting to discredit it (Washington Post) Charles Dolan Jr., a PR executive who cut his teeth in Democratic politics, provided anti-Trump information, according to the special counsel probing the Russia investigation
Dossier critic Fiona Hill introduced main source to Steele — and, Durham says, 'PR Exec-1' (Washington Examiner) Fiona Hill has criticized Christopher Steele and said his dossier likely contained Russian disinformation, but she introduced Igor Danchenko, the main source for the research who was indicted in special counsel John Durham's investigation, to both the former MI6 agent and allegedly a Democratic…
Jury Convicts Chinese Intelligence Officer of Espionage Crimes, Attempting to Steal Trade Secrets (US Department of Justice) A federal jury today convicted Yanjun Xu, a Chinese national and Deputy Division Director of the Sixth Bureau of the Jiangsu Province Ministry of State Security, of conspiring to and attempting to commit economic espionage and theft of trade secrets. The defendant is the first Chinese intelligence officer to be extradited to the United States to stand trial.
Sergey Pavlovich, wanted by US on hacking-related charges since 2008, was 'surprised' by Russian arrest (CyberScoop) The accused cybercriminal was in the restaurant of the hotel where he was staying in St. Petersburg when two Russian police officers arrived. Sergey Pavlovich, an admitted former scammer charged in the U.S. for his alleged role with a forum where thieves bought and sold stolen credit card numbers, was taken into custody on Nov. 1.
Iranian Intel. Ministry dismantles company for ripping off citizens (Iran Front Page) Iran’s Intelligence Ministry says more than 150 leaders of a pyramid company calling itself Unique Finance have been arrested in 19 provinces across the country for financial wrongdoings.
U.S. Blacklists Pegasus Spyware Producer (OCCPR) The U.S. blacklisted on Wednesday the Israeli producer of a spyware, which was this summer at the center of a global scandal that unfolded when reporters revealed that the Pegasus software was used for spying on journalists and activists.
Blacklisting NSO: For the cyber surveillance industry and its tools of repression, the reckoning has just begun | Opinion (Haaretz) The U.S. has sent a clear warning to NSO and its global peers: Stop facilitating malicious attacks on human rights. But to curb an advanced, invasive, uncontrolled global spyware industry, we need to do more
CHINA/SINGAPORE/UNITED STATES : Blacklisted by the US, zero day distributor COSEINC works on for China's Pwnzen (Intelligence Online) The US Department of Commerce has put zero day distributor COSEINC on its blacklist alongside leading Israeli companies NSO and Candiru and Russia's Positive Technologies. The firm's founder, Thomas
The U.S. Treasury Is Buying Private App Data to Target and Investigate People (The Intercept) The department will use controversial firm Babel Street to hunt for tax and sanctions dodgers, raising constitutional concerns.
1.8 TB of Police Helicopter Surveillance Footage Leaks Online (Wired) DDoSecrets published the trove Friday afternoon. Privacy advocates say it shows how pervasive law enforcement's eye has become, and how lax its data protection can be.
AMP Has Irreparably Damaged Publishers’ Trust in Google-led Initiatives (WP Tavern) The Chrome Dev Summit concluded earlier this week. Announcements and discussions on hot topics impacting the greater web community at the event included Google’s Privacy Sandbox initiative, i…
SolarWinds Investors Suit Alleges Board Knew About Cyber Risks (Insurance Journal) SolarWinds Corp. investors have sued the software company's directors, alleging they knew about and failed to monitor cybersecurity risks to the company
SolarWinds investors sue the company's board over failure to implement monitoring system for security risks (Computing) Directors knew about cybersecurity risks ahead of the massive breach, they allege