Attacks, Threats, and Vulnerabilities
Iranian cyber group targets Israel, Saudis, Africans - report ( The Jerusalem Post | JPost.com ) An Iranian hacker group called Lyceum has targeted Israel, Saudi Arabia, Morocco, Tunisia and others.
Exclusive: A Cyber Mercenary Is Hacking The Google And Telegram Accounts Of Presidential Candidates, Journalists And Doctors (Forbes) An unprecedented peek inside an underground hacker-for-hire operation reveals 3,500 targets, including Belarusian presidential candidates, Uzbek human rights activists and a cryptocurrency exchange.
Clop gang exploiting SolarWinds Serv-U flaw in ransomware attacks (BleepingComputer) The Clop ransomware gang, also tracked as TA505 and FIN11, is exploiting a SolarWinds Serv-U vulnerability to breach corporate networks and ultimately encrypt its devices.
TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access (NCC Group Research) NCC Group’s global Cyber Incident Response Team has observed an increase in Clop ransomware victims in the past weeks. The surge can be traced back to a vulnerability in SolarWinds Serv-U that is being abused by the TA505 threat actor. TA505 is a known cybercrime threat actor, who is known for extortion attacks using the Clop ransomware. We believe exploiting such vulnerabilities is a recent initial access technique for TA505, deviating from the actor’s usual phishing-based approach.
Russian Cybercrime Group Exploits SolarWinds Serv-U Vulnerability (SecurityWeek) The Russia-linked 'Evil Corp' cybercrime group has been exploiting a vulnerability in SolarWinds Serv-U for initial infection.
Vulnerable smart contracts and fake blockchains: What do investors need to know? (Digital Shadows) Well, here we are again. Another blog on a topic that’s often spoken about but little understood: cryptocurrency. Cryptocurrency-related decentralized finance (DeFi) is seeing unprecedented interest from retail and institutional investors alike.
FBI: Scams Involving Cryptocurrency ATMs and QR Codes on the Rise (SecurityWeek) The Federal Bureau of Investigation (FBI) this week issued an alert on fraud schemes that direct victims to use cryptocurrency ATMs and Quick Response (QR) codes to make payment transactions.
Critical Flaw in Sitecore Experience Platform Exploited in Attacks (SecurityWeek) Adversaries have started targeting a critical remote code execution vulnerability in Sitecore Experience Platform (Sitecore XP)
Cyberpion Reveals Research Showing How Magecart is Poised to Exploit Some of the World's Biggest Brands (PR Newswire) Cyberpion, a cybersecurity pioneer in external attack surface management (EASM), today presented research at Black Hat Europe 2021 revealing...
Robinhood data breach affects 7 million people (WeLiveSecurity) Robinhood, the supremely popular trading platform, has suffered a cybersecurity breach on November 3rd that affected some 7 million of its users.
NUCLEUS:13 vulnerabilities impact Siemens medical & industrial equipment (The Record by Recorded Future) Security researchers have disclosed today a set of 13 vulnerabilities that impact a crucial Siemens software library that is included with medical devices, automotive, and industrial systems.
Threat Spotlight: Bait attacks (Journey Notes) Based on Barracuda research, about 35% of 10,500 organizations analyzed were targeted by at least one bait attack in September 2021.
Ransomware Hits Major US Comic Book Distributor (PCMAG) The disruption is already starting to delay shipments for comic book orders.
Diamond Comics Switches To Emergency Website, Reports Delays (Bleeding Cool) Diamond Comic Distributors has set up an emergency back-up website to deal with current retailer concerns while they also deal with a ransomware attack that took down their main website, and those of their partner companies, over the weekend.
Comic Industry's Oldest Distributor Being Held Hostage by Ransomware Attack (CBR) Diamond Comics Distributors' website has been down for some retailers after a ransomware attack on the company's order processes and communications
Ransomware attack hits key part of comics' supply chain (Games Radar) Diamond Comic Distributors' systems are partially down, and have been for days
Pulse Secure: When Your Defenses Are Turned Against You (Eclypsium) Vulnerabilities in enterprise network and security devices are being aggressively targeted by APT and ransomware threat actors as initial access vectors into enterprises. Pulse Secure VPN devices have proven to be the most popular targets, and their ongoing exploitation highlights how devices that were intended to defend the network are…
Stolen data in cyber attack found on dark web (WBOY.com) A cyber ransomware attack on the City of Bridgeport that happened back in May of 2021 has now led to that stolen data being found on the dark web.
Security Patches, Mitigations, and Software Updates
Microsoft patches six zero-days in November 2021 Patch Tuesday update (Computing) And two of them are under active exploit
Microsoft Patch Tuesday, November 2021 Edition (KrebsOnSecurity) Microsoft Corp. today released updates to quash at least 55 security bugs in its Windows operating systems and other software. Two of the patches address vulnerabilities that are already being used in active attacks online, and four of the flaws…
Zero-Days Under Attack: Microsoft Plugs Exchange Server, Excel Holes (SecurityWeek) Microsoft patches 55 security vulnerabilities in a wide range of products and called urgent attention to a pair of flaws that have already been exploited in the wild.
ICS Patch Tuesday: Siemens and Schneider Electric Address Over 50 Security Flaws (SecurityWeek) Siemens and Schneider Electric have released a total of 20 Patch Tuesday advisories to address more than 50 vulnerabilities affecting their products.
Philips MRI 1.5T and 3T (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.2
ATTENTION: Low attack complexity
Vendor: Philips
Equipment: MRI 1.5T and 3T
Vulnerabilities: Improper Access Control, Incorrect Ownership Assignment, Exposure of Sensitive Information to an Unauthorized Actor
2.
Schneider Electric NMC cards and Embedded Devices (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Schneider Electric
Equipment: Network Management Cards (NMC) and NMC Embedded Devices
Vulnerabilities: Cross-site Scripting, Exposure of Sensitive Information to an Unauthorized Actor
2. RISK EVALUATION
Successful exploitation of these vulnerabilities may allow data disclosure or cross-site scripting, which could result in an execution of malicious web code or a loss of device functionality.
Schneider Electric GUIcon (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Schneider Electric
Equipment: GUIcon
Vulnerabilities: Out-of-bounds Write, Use After Free, Out-of-bounds Read
2. RISK EVALUATION
Successful exploitation of these vulnerabilities may allow an attacker to execute arbitrary code on the host PC, leading to sensitive information disclosure or unintended user actions.
Siemens Nucleus RTOS TCP/IP Stack | CISA (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: Nucleus Net, Nucleus ReadyStart, Capital VSTAR
Vulnerabilities: Type Confusion, Improper Validation of Specified Quantity in Input, Out-of-bounds Read, Improper Restriction of Operations within the Bounds of a Memory Buffer, Improper Null Termination, Buffer Access with Incorrect Length Value, Integer Underflow, Improper Handling of Inconsistent Structural Elements
CISA is aware of a public report known as NUCLEUS:13 detailing vulnerabilities found in the TCP/IP stack and related services (FTP, TFTP) of the networking component (Nucleus NET) in the Nucleus Real-Time Operating System (RTOS). CISA is issuing this advisory to provide early notice of these reported vulnerabilities and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.
mySCADA myDESIGNER (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.3
ATTENTION: Low attack complexity
Vendor: mySCADA
Equipment: myDESIGNER
Vulnerability: Relative Path Traversal
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow for remote code execution.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of mySCADA myDESIGNER project creation software are affected:
OSIsoft PI Vision (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: OSIsoft
Equipment: PI Vision
Vulnerabilities: Cross-site Scripting, Incorrect Authorization
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could lead to information disclosure, modification, or deletion.
OSIsoft PI Web API (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.9
ATTENTION: Exploitable remotely/low attack complexity
Vendor: OSIsoft
Equipment: PI Web API
Vulnerability: Cross-site Scripting
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow a remote authenticated attacker access to sensitive information or deliver false information.
Advantech WebAccess HMI Designer (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Advantech
Equipment: WebAccess HMI Designer
Vulnerabilities: Heap-based Buffer Overflow, Out-of-bounds Write, Improper Restriction of Operation Within the Bounds of a Memory Buffer
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could result in memory corruption and code execution.
Facebook to work with GitHub to replace leaked API access tokens (The Record by Recorded Future) The Meta security team announced today an official partnership with GitHub through which the two teams will work together to invalidate Facebook API access tokens that have accidentally been uploaded and leaked inside GitHub repositories.
Trends
Cultural Divide Between IT and OT Teams Blocks 65% of Organizations from Having a Unified Cybersecurity Strategy, According to Ponemon Survey Sponsored by Dragos (Dragos) State of Industrial Cybersecurity report reveals only 21% of organizations achieved full maturity for ICS/OT cybersecurity and regularly inform the C-suite and board about OT cyber status
Ransomware Index Spotlight Report Reveals Steady Increase in Sophistication and Volume of New Ransom (Ivanti) The Q3 2021 report revealed a 4.5% increase in CVEs associated with ransomware and a 3.4% increase in ransomware families compared to Q2 2021
Mimecast Research: 80% of organizations surveyed have been attacked by ransomware in the past two years (Mimecast) “State Of Ransomware Readiness: Facing The Reality Gap” Finds Surveyed Organizations Are Confident In Their Ransomware Preparedness Despite Consistently Being The Target Of Attacks
Ransomware tracker: the latest figures (The Record by Recorded Future) Colonial Pipeline, JBS Foods, Kaseya — we’re only halfway through 2021, but it can already be dubbed the year of ransomware.
What makes a digital connection human is changing, global study finds (Verizon) New Longitude survey of over 5,600 people across 16 countries highlights acceptance of automated machines is growing among consumers, but transparency is key
SecureAge | 85 Percent of US and UK businesses forced to adopt new cybersecurity protocols and tools as a result of COVID-19 (RealWire) Research from SecureAge details key trends in cybersecurity prevention and responses during the pandemic
10 November 2021 – Eighty five percent of US and UK employers were forced to adopt new cybersecurity measures because of the COVID-19 pandemic and the shift to remote working, according to SecureAge Technology’s 2021 COVID & Cybersecurity Study
Armis Data Highlights Increased Risk for Healthcare organizations as Attack Surface Expands (Armis) Armis released data showing the increased security risk faced by healthcare organizations and patients as an increase in connected devices creates an expanded attack surface, putting the patient journey at risk.
Top Attack Vectors: October 2021 - Expel (Expel) This report dives into the top attack vectors and trends among the incidents our SOC investigated in October 2021. Learn our key recommendations to protect your org from these types of attacks.
Digital Transformation and Workplace Evolution Driving Demand for PKI and Digital Certificates, finds 2021 Entrust Global PKI/IoT Trends Study (BusinessWire) Digital Transformation and Workplace Evolution Driving Demand for PKI and Digital Certificates, finds 2021 Entrust Global PKI/IoT Trends Study
Marketplace
Contrast Security Closes $150M Series E Funding Led by Liberty Strategic Capital to Expand Leadership in Code Security (PR Newswire) Contrast Security, the leader in next-gen code security tools, today announced that it has closed $150M in a Series E round of funding at a...
OpenText Acquires Email Security Firm Zix for $860 Million (SecurityWeek) Enterprise information management solutions provider OpenText acquires email security firm Zix for $860 million.
DomainTools Announces Acquisition of Farsight Security to Deliver Best-in-class Threat Intelligence (PR Newswire) DomainTools, the leader in domain name and DNS-based cyber threat intelligence, today announced the acquisition of Farsight Security, a leader...
Nitro to Acquire European eSign Leader Connective (Nitro) Acquisition positions Nitro to become a top 3 global provider in enterprise eSigning
Contrast Security Raises $150M Led By Former Treasury Secretary Mnuchin’s Equity Fund (CRN) Contrast Security raises $150 million in Series E funds led by ex-treasury secretary Mnuchin’s equity fund.
Contrast Security Closes $150M Series E Funding Led by Liberty Strategic Capital to Expand Leadership in Code Security (PR Newswire) Contrast Security, the leader in next-gen code security tools, today announced that it has closed $150M in a Series E round of funding at a...
Cyxtera Supports NVIDIA Inception Program for Technology Startups (Cyxtera) Cyxtera Deepens Collaboration with NVIDIA by Providing Technology and Digital Infrastructure Assistance to Fuel Growth of Promising Young Companies Through Entire Life Cycle
Broadcom Inc. Highlights Broadcom Software's Strategy and Solutions at Investor Day (PR Newswire) Broadcom Inc. (Nasdaq: AVGO), a global technology leader that designs, develops and supplies semiconductor and infrastructure software...
CrowdStrike Stock Has Some Juice Left As It Battles Microsoft (InvestorPlace) CrowdStrike became the hot new name in cybersecurity recently. The problem is that everyone knows it and has already bought CRWD stock.
Rockwell sets up cybersecurity centre and adds partners (Drives and Controls Magazine) Rockwell Automation has set up a Cybersecurity Operations Center in Israel to deliver remote cybersecurity services to customers around the world. The...
Rockwell Automation taps Israel for global cybersecurity centre (eeNews Europe) Partnerships with Dragos and CrowdStrike and a new Cybersecurity Operations Centre for more proactive cybersecurity at Rockwell Automation
Amid a buzzy tech scene, Kendall Square stalwart Akamai has to reinvent itself (BostonGlobe.com) It’s a crucial time of reinvention for Akamai Technologies as the company makes major new moves into cybersecurity and other areas.
ThycoticCentrify Continues to Deliver Against Growth Opportunity (MarTech Series) ThycoticCentrify, a leading provider of cloud identity security solutions formed by the merger of the privileged access management (PAM) leaders.
Nokia launches new cybersecurity centre in Lannion (Light Reading) Nokia has probably not been the most popular name in certain French-speaking quarters in recent months. The Finnish equipment manufacturer has been trying to implement job cuts in a country that is known for its strong protection of employee rights.
Interview with Brian Kime, VP, Intelligence, Strategy & Advisory (ZeroFox) Brian Kime, former Forrester analyst responsible for the threat intelligence space joins ZeroFox as VP of Intelligence, Strategy and Advisory,
AttackIQ Expands Leadership Team with Appointment of Ken Schock as Chief Revenue Officer (BusinessWire) AttackIQ®, the leading independent vendor of Breach and Attack Simulation (BAS) systems, today announced the appointment of Ken Schock as Chief Revenu
Mandiant, Formerly FireEye, Elevates Deputy GC to Top Legal Role (Bloomberg Law) Mandiant Inc., the publicly traded successor to cybersecurity company FireEye Inc., has a new law department leader months after agreeing to split its business.
Avani Patel joins RealDefense as VP of Product Management (BusinessWire) RealDefense hires VP of Product Management to further develop its cybersecurity capabilities and privacy technologies
Products, Services, and Solutions
Kymeta and Intelsat Demonstrate Satellite-Enabled 5G in Mobility Test (Via Satellite) Kymeta and Intelsat have participated in early testing of 5G standards over satellite, and reported Tuesday that the companies demonstrated
Zscaler Extends Digital Experience Monitoring to UCaaS Apps (Zscaler) Zscaler Extends Fast, Seamless Digital Experience Monitoring to Unified Collaboration Applications
Absolute Software Launches Application Persistence-as-a-Service (Absolute Software) Absolute is the leading visibility and control platform that gives you tamper-proof protection for all of your devices, data and applications. With the Absolute Platform, you get the power of asset intelligence, continuous compliance and endpoint hygiene.
Apiiro Unveils Open Source Software Toolkit to Combat Dependency Confusion Attacks (Apiiro) We are reinventing the Secure Software Development Lifecycle with complete risk visibility for every change from design to code to cloud.
Stellar Cyber’s Open XDR strengthens security operations for Barracuda users (Barracuda Networks) Tight integration with Barracuda solutions extends value to customers with single platform to collect, detect, correlate, and respond
Cowbell Cyber Introduces Insurance Industry’s First Risk Ratings for Supply Chain Risks (Cowbell Cyber) Company Improves Precision in Underwriting Cyber Insurance with Newly Added Cowbell Factor for Software Supply Chain
Tanium Partners with Deep Instinct to Unify Endpoint Security for End-to-End Visibility (Tanium) Tanium, the platform that organizations trust to gain visibility and control across all endpoints, today announced a partnership with Deep Instinct, the first company to apply end-to-end deep learning to cybersecurity.
SyncDog Announces Partnership with Deltek Marketplace to Empower Compliance (PR Newswire) SyncDog, Inc., the leading Independent Software Vendor (ISV) for next generation mobile security and data loss prevention, today announced that...
AvePoint Awarded $37 Million SGD to Deploy SaaS Training Management (MarTech Series) AvePoint, Inc., the largest data management solutions provider for Microsoft 365, announced it has been awarded a $37 million SGD contract from lead agency Temasek Polytechnic to deploy an integrated SaaS training management platform for career professionals.
CellTrust Nominated by Microsoft to Become a Member of the Microsoft Intelligent Security Association (MISA) (BusinessWire) CellTrust joined the Microsoft Intelligent Security Association ISV and MSSP ecosystem that have integrated their security products with Microsoft’s.
Finite State Releases Industry’s First Automated Risk Scoring Capability for IoT Devices (BusinessWire) Finite State, the product security leader for connected devices, has released an automated risk scoring capability for IoT, the first to objectively a
Hunters XDR SOC Platform Now Available in AWS Marketplace (GlobeNewswire News Room) Leading Open Extended Detection and Response (XDR) platform automates threat hunting in AWSScales to ingest, index and correlate all AWS security logs and...
Dynatrace introduces security gates, bringing automation and intelligence to DevSecOps (Dynatrace news) The Dynatrace platform now includes security gates, enabling DevSecOps teams to automatically assess new software release to ensure only secure code moves through the delivery pipeline.
AT&T Cybersecurity Delivers New Managed SASE Solution to Connect and Protect the Multi-Cloud, Hybrid Enterprise (PR Newswire) What's the news? AT&T* is expanding its global, managed Secure Access Service Edge (SASE) portfolio to include a new offering. AT&T SASE with...
Secure Any Sensitive Data Element (TokenEx) TokenEx is a data protection platform that provides cloud tokenization and encryption. Discover why TokenEx is your #1 tokenization vendor.
Technologies, Techniques, and Standards
Motivated by WannaCry attack, group unveils medical device incident response playbook (SC Media) New Cloud Security Alliance guidance takes aim at some of the biggest challenges facing providers when it comes to defending and responding to incidents impacting medical devices.
What service providers should expect from SASE — Raynovich (FierceTelecom) Futuriom says service providers should know that a large part of the world will want SASE in the managed service portfolio.
A diverse cybersecurity ecosystem is critical for network security (C4ISRNet) Don't put all your eggs in one basket.
Legislation, Policy, and Regulation
Australia Shows the World What Decoupling From China Looks Like (Foreign Policy) The bottom line: Beijing’s attempt to bully Canberra has been a spectacular failure.
A New Cybersecurity Executive Order Puts the Heat on Critical Infrastructure Suppliers (Security Intelligence) U.S. supply chains have been hit hard by the rise in ransomware attacks. See how the latest executive order on cybersecurity is impacting infrastructure suppliers across the nation.
The Pentagon Scraps Its Current Cybersecurity CMMC Program in Favor of CMMC 2.0, Which Promises to Ease the Burden of Participating in Government Contracts (JD Supra) The Department of Defense has announced plans to suspend its current CMMC program and replace it with a streamlined process for achieving government...
A $1.9B FCC fund to replace banned 5G telco gear might be too little (Network World) The FCC is distributing money to help mostly rural wireless providers replace 5G network gear they bought from Huawei and ZTE, whose products are banned in the US over security concerns.
In Ransomware Fight, FBI Balances Unlocking Victims’ Data and Chasing Attackers (Wall Street Journal) Law-enforcement officials who get their hands on a key that can unlock ransomware victims’ computer systems walk a fine line between aiding the hacked companies and pursuing the criminals responsible.
Litigation, Investigation, and Law Enforcement
The Biggest Ransomware Bust Yet Might Actually Make an Impact (Wired) By arresting one alleged hacker associated with REVil and seizing millions from another, the US has made it clear that ransomware comes with a cost.
Mexico arrests businessman in Pegasus spyware case (AP NEWS) Mexican prosecutors said Monday they have arrested a businessman on charges he used the Pegasus spyware to spy on a journalist. The software marketed by the Israeli spyware firm NSO Group has been implicated in government surveillance of opponents and journalists around the world.
Mexico Arrests Suspect in Pegasus Spyware Case (SecurityWeek) Mexican prosecutors said Monday that they had detained a man accused of spying on a journalist using the Pegasus software at the center of a global spyware scandal.
Mexico makes first arrest in Pegasus spying scandal (Washington Post) Mexican authorities have made their first arrest in the global spy scandal surrounding the malware Pegasus, jailing a technician who worked for a private firm on allegations he was involved in illegally tapping the phone of a broadcast journalist.
NSO Group Loses Immunity Claim at the Ninth Circuit (Just Security) The Ninth Circuit confirms that Israeli company NSO Group is not immune from suit in a case brought by WhatsApp.
Ninth Circuit Rejects NSO Group’s Motion to Dismiss WhatsApp Suit (Lawfare) On Monday, Nov. 8, the U.S. Court of Appeals for the Ninth Circuit denied a motion to dismiss a lawsuit against NSO Group Technologies, an Israeli company. The suit, originally brought by WhatsApp and Facebook, alleges that NSO Group “sent malware through WhatsApp’s server system to mobile devices.” The Ninth Circuit denied NSO Group’s motion to dismiss the suit, rejecting its argument that the company “could claim foreign sovereign immunity under common-law immunity doctrines that apply to foreign officials.” The 3-0 decision will allow WhatsApp to continue its case against NSO Group.
Israeli Spyware Firm NSO Group Could Soon Be Spilling Its Secrets (The Daily Beast) A judge is letting the case against the Israeli spyware firm NSO Group move to discovery, which could reveal the inner workings of the secretive surveillance group.
Court shoots down Cyber Ninjas bid to keep Arizona election records secret (Arizona Daily Star) Cyber Ninjas to seek supreme court review after the court of appeals shot down its bid to keep Arizona election audit records secret.
Google Loses Appeal of $2.8 Billion EU Shopping-Ads Fine (Wall Street Journal) A European Union court largely upheld an antitrust decision against Google, adding new momentum to the bloc’s assault on big tech companies.
BREAKING: Google Beats Consumer Tracking Case At UK Top Court (Law360) The U.K. Supreme Court rejected a multibillion-pound data protection lawsuit brought by a consumer rights activist against Google on Wednesday in a landmark decision that could limit the ability of consumers to sue as a group over privacy breaches.
Investor sues over $1.2 bln FireEye cybersecurity unit sale (Reuters) A Mandiant Inc shareholder has sued the cybersecurity company's board for approving the $1.2 billion sale of the company's FireEye Inc business to a group of private equity firms without holding a shareholder vote.