Attacks, Threats, and Vulnerabilities
Seeing Red (Domain Tools) The DomainTools Research team came across a batch of malicious-looking PDFs that stretched back to July 30, 2021. While containing no malicious content, they did link to dozens of short-lived Glitch apps hosting a SharePoint phishing page containing obfuscated JavaScript designed to harvest credentials.
Chinese Cyberespionage Bootcamps Training Recruits in the Art of Supply Chain Attacks for Over a Decade (Yahoo Finance) New report from Venafi shows Chinese threat actors targeting code signing certificates for use in software supply chain attacks
APT41 Perfects Code Signing Abuse to Escalate Supply Chain Attacks | Venafi
(Venafi) Learn about the infamous APT41 group and why they are abusing code signing keys and certificates as powerful weapons to steal and exploit data. Find out which industries are they targeting, the anatomy of their attack and who’s really behind them.
Group-IB report: "RedCurl. The pentest you didn’t know about" (Group-IB) Research of the new espionage APT-group RedCurl and its elaborate attacks on enterprise companies in North America, Europe and CIS
RedCurl hacking group returns with new attacks (The Record by Recorded Future) Even after its operations were publicly exposed in August 2020, the RedCurl hacking group has continued to carry out new intrusions and has breached at least four companies this year, according to a new report from security firm Group-IB.
Hackers Targeting Myanmar Use Domain Fronting to Hide Malicious Activities (The Hacker News) Hackers Targeting Myanmar Use Domain Fronting to Hide Malicious Activities
Previously unreported North Korean espionage part of busy 2021 for country's hackers (CyberScoop) A North Korean cyber espionage group known primarily for targeting think tanks, advocacy groups, journalists and others related to Pyongyang’s adversaries around the world has been quite prolific in 2021, according to email security firm Proofpoint.
State-sponsored North Korean hackers responsible for blitz of attacks in 2021 (The Record by Recorded Future) Suspected government-backed hackers from North Korea launched almost weekly cyberattacks on a wide array of targets throughout the first half of 2021, according to research released on Thursday.
Triple Threat: North Korea-Aligned TA406 Scams, Spies, and Steals (Proofpoint) Throughout 2021, the North Korea-aligned threat actor TA406 conducted frequent credential theft campaigns targeting research, education, government, media and other organizations.
Emotet malware: “The report of my death was an exaggeration” (Naked Security) “Old malware rarely dies.” The best way to predict the future is to look at the past… if it worked before, it will probably work again.
U.S. says Iran-backed hackers launching disruptive cyberattacks on U.S. firms (Reuters) A hacking group "sponsored" by Iran's government is launching disruptive cyberattacks against a wide range of U.S. companies, including healthcare providers and transportation firms, according to a cybersecurity alert published by the U.S. Homeland Security Department (DHS) on Wednesday.
US warns that Iranian government-sponsored hackers are targeting key US infrastructure (CNN) Iranian government-sponsored hackers are actively targeting a "broad range of victims" across multiple US sectors, including transportation and health care, and in some cases have deployed ransomware against those victims, US federal agencies and their counterparts from the United Kingdom and Australia warned on Wednesday.
U.S., U.K. and Australia Warn of Iranian APTs Targeting Fortinet, Microsoft Exchange Flaws (SecurityWeek) Iranian state-sponsored threat actors are exploiting Fortinet and Microsoft Exchange vulnerabilities in attacks targeting critical infrastructure in the United States, as well as Australian organizations
Israel's Candiru hacking tools used against Middle East and U.K. sites, report says (Haaretz) According to cybersecurity firm ESET, hackers targeted websites from Iran Syria, Yeman and the U.K. using tools made by Candiru
Candiru: UK government won't say whether it will complain to Israel over spyware attacks (Middle East Eye) Alleged UK-based targets include members of House of Lords, academics, lawyers, dissidents - and Middle East Eye
Belarus Linked to Big European Disinformation Campaign (Dark Reading) EU officials and others previously had blamed Russia's intelligence operations for the so-called Ghostwriter campaign.
New TikTok Phishing Campaign Targets Influencers (Abnormal) Scammers targeting social media accounts expand their efforts to TikTok, showcasing increased attacker awareness of the platform.
No Time to REST: Check Your Jira Permissions for Leaks (Inside Out Security) Varonis researchers enumerated a list of 812 subdomains and found 689 accessible Jira instances. We found 3,774 public dashboards, 244 projects, and 75,629 issues containing email addresses, URLs, and IP...
Robinhood Says Thousands of Phone Numbers Also Stolen in Breach (SecurityWeek) Robinhood is still investigating the recent data breach and it has confirmed that phone numbers and other data has also been stolen.
Cybercriminals discuss 'Exploit-as-a-Service' model to lower the barrier for accessing dangerous zero-day exploits (Computing) Ransomware gangs have amassed big fortunes to compete with traditional buyers of zero-days, researchers find
New criminal tactics: exploit-as-a-service and buying zero-day flaws (2-spyware) Ransomware gangs raised funds to buy zero-day flaws and move to advanced exploit-as-a-service operations. Malicious actors started to consider buying
Cybercriminals Contemplate 'Exploit-as-a-Service' Model (Dark Reading) Researchers share their findings on the current zero-day market and how criminals' strategies may shift in the future.
Avanan Attack Brief: USPS Spoof (Avanan) The holidays are approaching, and there appears to be a shipping crunch. Due to supply chain concerns, many are worried that they won’t get their holiday gifts in time.
‘Bad guys’ who hacked HSE most likely based in Moscow, says Russia’s top cybersecurity tycoon (The Irish Times) Kaspersky denies firm has security service links ahead of Dublin cybercrime conference
CISA Adds Four Known Exploited Vulnerabilities to Catalog (CISA) CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, which require remediation from federal civilian executive branch (FCEB) agencies by December 1, 2021. CISA has evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.
The self-driving smart suitcase… that the person behind you can hijack! (Naked Security) Apparently, we need a self-driving IoT Bluetooth robot suitcase. Who knew?
Ohio health system forced to cancel appointments following 'targeted cyber attack' (Healthcare IT News) The Southern Ohio Medical Center was continuing to face complications nearly a week after an unauthorized third party gained access to its servers.
‘Criminals love buy now, pay later’: How fraudsters exploit popular interest-free payment plans (CNBC) Fraudulent activity is on the rise at some of the largest buy now, pay later (BNPL) platforms, according to experts.
Security Patches, Mitigations, and Software Updates
Google Chrome update addresses 25 security bugs (Computing) Seven of the flaws are rated as 'high'-level threats
Chrome 96 Plugs High-Risk Browser Flaws (SecurityWeek) Google paid roughly $60,000 in bug bounty rewards to the external security researchers reporting high-severity vulnerabilities in Chrome.
Netgear Patches Code Execution Vulnerability Affecting Many Products (SecurityWeek) A vulnerability in Netgear SOHO devices can be exploited by an attacker on the LAN to execute code remotely with root privileges
Trends
ProtonVPN’s Digital Freedom Index (ProtonVPN Blog) The ability to access the internet varies greatly from country to country. We look at where people have the most and least digital freedom.
Cybereason Research Finds Organizations Unprepared for Ransomware Attacks on Weekends and Holidays (Cybereason) The research findings highlight a disconnect between the risk ransomware poses to organizations during these off-hour periods and their preparedness to respond during weekends and into the holiday season...
Report: Critical IT Assets Need Protection Beyond Standard Network Security (GlobeNewswire News Room) Independent research reveals 86% of individuals involved in securing their enterprise network are kept up at night by concerns about protecting their...
Evolution of Critical IT Asset Protection - 2021 Report (Telos Corporation) The cyber threat landscape is growing and increasing in complexity. The sophistication and frequency of attacks continues to increase, heightening the pressure on IT staff and IT security professionals. Yet, for those assets deemed critical, the concern is even higher. In sectors such as banking, healthcare, energy, and education, certain IT assets pose a particular... Read more
ESG Analyst Report: Security Hygiene and Posture Management Survey (JupiterOne) This Analyst Report from the Enterprise Security Group, details cybersecurity coverage gaps and how organizations plan to improve their security posture.
The future of work has changed forever - how should security leaders handle it? (Computng) Okta's Craig Hinchliffe looks at the challenges and opportunities facing security teams when it comes to protecting today's dynamic workforce
Out of the shadows: The rise of ethical hackers in 2021 (ComputerWeekly.com) Ethical hackers working on the Bugcrowd platform have saved organisations almost $30bn in risk during the Covid-19 pandemic, as the community sheds old stereotypes.
Tessian | Survey Finds CISOs are Missing Holidays like Thanksgiving and Not Taking Vacation Due to Work Demands (RealWire) New research from Tessian details the extent of CISO burnout and reveals how automation can help teams reclaim hours lost due to cybersecurity incidents caused by human error
November 18, 2021 - A new report from Human Layer Security company Tessian reveals that two in five Chief Information Security Officers (CISOs) have missed holidays like Thanksgiving due to work demands
Survey Shows Companies Recovering Quicker from Ransomware Attacks Despite Rise in Frequency (PR Newswire) Cymulate, the Extended Security Posture Management market leader, announced today the results of a survey, revealing that despite the increase...
Survey Finds 94% of Consumers Understand Risks of Online Shopping, Yet Most Would Not Change Behavior Following a Breach (PR Newswire) The Application Security Division of NTT Ltd., a world leader in application security, today released The State of Secure Online Holiday...
‘Champions of Trust’ research reveals emergence of new generation of l (PRWeb) Trulioo report identifies qualities needed for compliance, risk and IT security professionals to build online trust and create a sustainable
Ransomware now the most significant cyber threat facing the UK (ProLion) National Cyber Security Centre says that ransomware is now potentially as harmful as statesponsored espionage
Op-Ed: What a house cat can teach us about cybersecurity (Los Angeles Times) I am presumably smarter than the cat, I have greater manual dexterity, and I know how to use tools. So why did I lose this battle so decisively?
Marketplace
Public cloud security startup Laminar emerges from stealth with $37M (TechCrunch) The cloud may be the direction that much of enterprise IT is moving today, but it still remains a major source of security issues, with some 98% of all enterprises in a recent survey reporting that they have contended with a cloud-related security breach in the last 18 months. Today, a startup call…
Sift Acquires Passwordless Authentication Pioneer Keyless to Provide Regulated Businesses and Online Merchants with Secure, Frictionless Authentication (GlobeNewswire News Room) Biometric authentication innovator eliminates password-based account takeover and enables PSD2 Strong Customer Authentication while preserving user...
Open XDR Company Stellar Cyber Raises $38 Million (SecurityWeek) Detection and response solutions provider Stellar Cyber on Tuesday announced that it has raised $38 million in Series B funding. To date, the company has raised over $68 million.
Lacework Raises $1.3 Billion at $8.3 Billion Valuation - Lacework (Lacework) Record Growth and Customer Momentum Draws Largest-Ever Funding Round In Security Industry, Validates Lacework as Most Trusted, Innovative Data-Driven Security Platform for the Cloud
Threat intelligence platform DomainTools acquires Farsight Security (VentureBeat) To combat online threats, security teams need comprehensive threat intelligence and investigative capabilities to identify early patterns.
Managed detection and response provider Expel raises $140.3M (VentureBeat) Expel, a managed detection and response (MDR) provider, has raised $140.3 million at a $1 billion post-money.
3 Years After the Maven Uproar, Google Cozies to the Pentagon (Wired) The company has contracts to detect corrosion on Navy ships and help maintain Air Force jets. Now it wants to bid for a lucrative cloud contract.
Contrast Security Ranked One of the Fastest-Growing Companies in North America on the 2021 Deloitte Technology Fast 500™ (PR Newswire) Contrast Security, the leader in next-gen code security tools, today announced it ranked 238th in North America and 59th in the Bay Area on the...
SentinelOne Ranked as Most Valuable Public Cybersecurity Company Within Deloitte’s Technology Fast 500 (Businesswire) SentinelOne (NYSE: S), an autonomous cybersecurity platform company, today announced it has been named one of the fastest growing companies in North A
Corero Network Security secures orders worth over USD4 million (MorningstarUK) Corero Network Security PLC on Wednesday said it has secured a number of ...
Viakoo Named Cool Vendor in Cyber-Physical Systems Security (Viakoo) Viakoo's inclusion as a 2021 Cool Vendor by Gartner is a testament to how effectively we meet our customers’ goals to secure, remediate, and repatriate IoT devices.
Should You Worry about Splunk’s C-Suite Changes? (Nasdaq) Software solutions provider Splunk (SPLK) is known for its powerful technology that can process a diverse range of data in large quantities and generate valuable insights from them.
Cybersecurity Leader Dan Lohrmann Joins Presidio as New Field Chief Information Security Officer (Businesswire) Cybersecurity leader Dan Lohrmann joins Presidio as Field Chief Information Security Officer
Bugcrowd Names Tech Industry Leader Ravi Chopra as Chief Financial Officer (PR Newswire) Bugcrowd, the industry-leading crowdsourced cybersecurity platform, today announced the appointment of Ravi Chopra as the company's Chief...
Vaultree's Executive Team and Advisors Drive Innovation in the Cybersecurity Industry (PR Newswire) Vaultree, provider of Encryption-as-a-Service, announced today that it has assembled a highly qualified roster of executives and advisors...
Rapidly growing Ann Arbor cybersecurity company Blumira hires four industry veterans (WDIV) Blumira continues to hire in the Ann Arbor area.
Netskope Names John Giacomini to Lead North America Sales (PR Newswire) Netskope, the SASE leader, today announced the appointment of John Giacomini as Senior Vice President of Sales, North America. Giacomini will...
Products, Services, and Solutions
IDX Adds Password Manager with Military-Grade Security to Privacy Platform (PR Newswire) Today, IDX, the leading privacy platform and data breach services provider, announced the addition of a password manager with military-grade...
Axis Launches New Program Aimed at Helping IT Leaders Finally Retire Their VPN (PR Newswire) Axis Security, the leader in zero trust access, today announced their VPN Buyback Program which provides IT leaders with a simple,...
CyberGRX Applies Machine Learning to Transform Third Party Cyber Risk Management (Businesswire) CyberGRX today announced the availability of the first in a series of predictive risk intelligence capabilities, the Predictive Risk Profile.
Pradeo makes world-first Mobile Threat Defense service purchasable on Microsoft Azure Marketplace (Pradeo) After working closely with Microsoft for years, we are thrilled to be the first Mobile Threat Defense for Intune vendor to have reached the transactable stage globally on the Azure Marketplace.
BlastWave Launches Passwordless Software-Defined Perimeter Solution to Address Three Most Common Attack Vectors (BlastWave) True zero-trust protection for critical IoT infrastructure.
NetSfere and Deutsche Telekom Partner to Deliver a Compliant Mobile Messaging Platform Enabling Instantaneous, Secure Staff Communication for Germany’s St. Augustinus Group (GlobeNewswire News Room) The companies deployed the HIPAA/GDPR compliant encrypted messaging platform to stop the use of consumer-grade messaging apps and streamline internal and...
WatchGuard expands its unified security platform (iTWire) Security vendor WatchGuard Technologies has announced four new endpoint security modules for WatchGuard Cloud. The new modules are WatchGuard Patch Management, WatchGuard Full Encryption, WatchGuard Advanced Reporting Tool (ART), and WatchGuard Data Control. WatchGuard Patch Management helps keep Wi...
Lumen, Radware combat DDoS attackers flying under the radar (Light Reading) Lumen's Q3 DDoS Report revealed that bad actors are launching DDoS attacks with more frequency, at larger volumes and with increased complexity.
Norway orders Sectra Tiger solution to protect their most sensitive communication (Help Net Security) The Norwegian Defence Materiel Agency has ordered additional units of the approved mobile encryption system Sectra Tiger/S.
Guardicore Expands Coverage, Simplifies Segmentation Policy Creation and Enforcement to Secure Complex Environments Against Ransomware (Yahoo Finance) New Features Introduce DNS Security, Automated Labeling and Policy Suggestions, and Expanded Coverage Where Agents Cannot be Installed
XDR Alliance Welcomes New Members to Advance an Open XDR Framework (Businesswire) CyberArk and Recorded Future join XDR Alliance
BlastWave Partners with ATxTel To Offer Complete Network Security in Lab Environments (ATxTel) BlastWave, a developer of software-defined perimeter (SDP) solutions that protect networks from inadvertent and intentional threats, today announced its partnership with ATxTel, a leading lab infrastructure, instrumentation, systems integration company and trusted advisor to industry-leading companies within the telecommunications industry.
Armorblox Integrates Its Email Security Platform With Microsoft Sentinel and Joins the Microsoft Intelligent Security Association (Businesswire) Armorblox, an email security innovator, has joined the Microsoft Intelligent Security Association (MISA).
Technologies, Techniques, and Standards
Research: Zero Trust is Expected to Double the Efficacy of Cybersecurity Protections (PR Newswire) Symmetry Systems, the leading provider of cloud data security, today released a new report, "Why Zero Trust is Important." Conducted by...
How to prevent a data breach (The Telegraph) What can companies do to keep their networks secure and avoid losing millions? Rob Waugh has the answers.
Council Post: How To Build A Balanced Cybersecurity Program (Forbes) In the end, trying to find the balance between offensive and defensive security is not easy, but the benefits can pay dividends.
Traveling for the holidays? Here's how to protect yourself from a cyber attack (CBS8) Hackers are criminals of opportunity and travelers have a target on their back. We can protect ourselves with basic elements of cybersecurity.
Design and Innovation
TikTok updates Safety Center resources following research on harmful challenges (TechCrunch) TikTok has developed a bad reputation for hosting dangerous viral “challenges” on its app, which at their worst, have led to serious injury or death — as in the case of the blackout challenge that prompted Italian regulators to take action against the social network this year to r…
Legislation, Policy, and Regulation
Russia Isn’t About to Attack Ukraine (Foreign Policy) Moscow occupying its neighbor would be expensive, dangerous, and pointless.
What Every Leader Needs Now in This Unprecedented Era of Global Competition (Cyber Defense Review) The global pandemic forced recognition of what many already knew: the world has changed in ways that significantly alter every organization’s strategic planning; few will adapt and thrive, but most will remain stagnant and perish. The world as we think we know it no longer exists.
Cyber spy boss says her agency needs to remain ‘poacher and gamekeeper’ (Sydney Morning Herald) The head of Australia’s cyber spy agency will declare that it is deeply engaged in offensive operations against adversaries, warning the future of warfare was likely to begin in cyberspace.
NSA Director: Evolving Cyber Threats Require Deeper Public-Private Partnerships (Nextgov.com) “This is not Cold War 2.0 and China is not the Soviet Union,” Gen. Paul Nakasone said.
Senators look to defense bill to move cybersecurity measures (TheHill) The Senate is eyeing the annual defense bill as a vehicle to attach critical provisions to improve the nation’s cybersecurity following a devastating year in which major attacks left the government flat-footed.
CISA Leader: 'We've Not Seen a Change' in Ransomware Attacks (BankInfoSecurity) Several key federal cybersecurity leaders in the U.S. on Wednesday outlined the Biden administration's approach to countering ransomware, which they called a
Cyber grants are a 'game changer,' CISA leader tells Congress (StateScoop) CISA Executive Director Brandon Wales told Congress a goal of the new program is to get state and local governments to a "common baseline."
Anti-Spoofing Enforcement Bill Sails Through Senate Panel (Law360) A Senate panel on Wednesday easily advanced a bipartisan bill that would hit robocallers using fake identities with double the current federal fine and raise the cap on total penalties for ongoing violations.
EPA’s Cybersecurity Oversight of Water Sector Falls Short, Report Says (Wall Street Journal) U.S. water facilities are struggling with glaring cybersecurity problems and receive insufficient support from federal regulators, according to cyber and water-industry experts.
Consumer protection in focus at FCC and FTC nomination hearings (The Record by Recorded Future) The Senate began hearings Wednesday on nominees to help lead federal agencies key to the future of privacy and cybersecurity in the United States.
It's been one year since Trump fired the CISA director (Washington Post) Sacking a top cyber official didn't give Trump what he wanted
Litigation, Investigation, and Law Enforcement
U.S. to sell cryptocurrency worth $56 million after record seizure in BitConnect fraud case (CNBC) The U.S. Justice Department will sell off $56 million worth of cryptocurrency it seized as part of a massive Ponzi scheme case against a man who promoted the crypto lending program BitConnect.
UK Orders National Security Review of NVIDIA Deal to Buy Arm (SecurityWeek) NVIDIA’s planned $40 billion takeover of British chip designer Arm Ltd. faces delays after the U.K. government asked competition regulators to investigate the national security implications of the deal
Singapore’s tech-utopia dream is turning into a surveillance state nightmare (Rest of World) In the “smart nation,” robot dogs enforce social distancing and an app can claim to neutralize racism. The reality is very different.
In Moscow’s Technological Advances, a ‘Double-Edged Sword’ (New York Times) The latest example is Face Pay, which replaces a Metro card with facial recognition. It may be advanced, but activists are sounding the alarm on privacy issues.
Executive Pleads Guilty in Internet Address Fraud Case (Wall Street Journal) Amir Golestan was accused of using his web-services company Micfo to win scarce IP addresses by fraudulent means.
Apple Can't Shake Deception Claim In IMessage Privacy Suit (Law360) A New York federal judge on Tuesday cut a pair of claims from a putative class action accusing Apple of breaching iPhone buyers' privacy through an undisclosed software flaw that linked strangers' Apple IDs, while allowing allegations that the tech giant misled users about the defect to move forward.
FBI raids home of Mesa County Clerk Tina Peters in election data breach investigation (Colorado Politics) Federal, state and local authorities searched the homes of Mesa County Clerk Tina Peters and three of her associates on Tuesday as part of an investigation into accusations the elected