Attacks, Threats, and Vulnerabilities
SideCopy APT: Connecting lures to victims, payloads to infrastructure (Malwarebytes Labs) Last week, Facebook announced it had taken action against a Pakistani APT group known as SideCopy. In this blog post we provide additional details about SideCopy that have not been published before.
Malicious Chrome Extension, Backdoor Uncovered in Malware Campaign (Decipher) A threat actor has been deploying web browser credential stealers, an undocumented backdoor and new Google Chrome malicious extension in an ongoing campaign.
Suspected Chinese hackers breach more US defense and tech firms (CNN) A suspected Chinese hacking campaign has breached four more US defense and technology companies in the last month, and hundreds more US organizations are running the type of vulnerable software that the attackers have exploited, according to research shared with CNN.
Critical Flaw in NSS Cryptographic Library Affects Several Popular Applications (SecurityWeek) Mozilla on Wednesday announced the rollout of patches for a critical vulnerability in the NSS (Network Security Services) cross-platform cryptographic library.
Hackers steal $120 million from Badger DeFi platform (The Record by Recorded Future) Hackers have stolen an estimated $120 million worth of Bitcoin and Ether assets from Badger, a decentralized finance (DeFi) platform that allows users to borrow, loan, and speculate on cryptocurrency price variations.
The rising cybersecurity concerns of cryptocurrencies (TechRadar) Cyber risks involved with cryptocurrencies
Hackers Are Spamming Businesses’ Receipt Printers With ‘Antiwork’ Manifestos (Vice) Dozens of printers across the internet are printing out a manifesto that encourages workers to discuss their pay with coworkers, and pressure their employers.
Cybercriminals are active on weekends and holidays: Check Point (ITP Net) Cybercriminals are active on weekends and holidays, according to Check Point, and companies are particularly vulnerable during these times.
Darktrace Reports 30% More Ransomware Attacks Targeting Organizations During The Holiday Period (PR Newswire) Darktrace, a global leader in cyber security AI, today reported that its security researchers discovered a 30% increase in the average number...
Ransomware groups increasingly using data leak threats to pile pressure on victims (The Daily Swig) Nearly one in three victims succumb to extortion, estimates Group-IB
Anonymous ERP Platform Leaked Hundreds of Thousands of Records (SafetyDetectives) Intro
The Safety Detectives cybersecurity team discovered a substantial data leak affecting an anonymous Chinese ERP software provider and exposing European cus
Colorado energy company loses 25 years of data after cyberattack while still rebuilding network (ZDNet) DMEA did not use the term "ransomware" but said much of their data had been corrupted while phone and email services were down for weeks.
Update on the cyber attack (GlobeNewswire News Room) Neuilly-sur-Seine, France – December 2, 2021 Update on the cyber attack Bureau...
Lewis & Clark to Have Limited Reopening Monday Following Cyber Attack (WLDS) Progress is being made on the Lewis & Clark Community College after a cybersecurity incident closed all of its campuses on November 23rd. College President Ken Trzaska told Riverbender today th…
Cyber-Attack on Planned Parenthood (Infosecurity Magazine) Los Angeles patients’ information exposed in suspected ransomware attack
NHS trust apologises for Covid trial data breach (BBC News) "Human error" blamed for sharing email addresses of people taking part in a trial.
Security Patches, Mitigations, and Software Updates
CISA Adds Zoho, Qualcomm, Mikrotik Flaws to 'Must-Patch' List (SecurityWeek) Citing evidence of active exploitation against five specific vulnerabilities, the U.S. cybersecurity agency warned that further delays in applying fixes “pose significant risk to the federal enterprise.
Schneider Electric SESU (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 3.8
ATTENTION: Low attack complexity
Vendor: Schneider Electric
Equipment: Schneider Electric Software Update (SESU)
Vulnerability: Insufficient Entropy
2. RISK EVALUATION
Successful exploitation of this vulnerability could cause unintended connection from an internal network to an external network.
Johnson Controls Entrapass (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.3
ATTENTION: Low attack complexity
Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls, Inc.
Equipment: Entrapass
Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an unauthorized user to access sensitive data.
Distributed Data Systems WebHMI (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 10.0
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Distributed Data Systems
Equipment: WebHMI
Vulnerabilities: Authentication Bypass by Primary Weakness, Unrestricted Upload of File with Dangerous Type
2.
Hitachi Energy RTU500 series BCI (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Hitachi Energy
Equipment: RTU500 series Bidirectional Communication Interface (BCI)
Vulnerability: Improper Input Validation
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow a remote attacker to reboot the device.
Hitachi Energy Relion 670/650/SAM600-IO (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.1
Vendor: Hitachi Energy
Equipment: Relion 670/650/SAM600-IO
Vulnerability: Insecure Default Initialization of Resource
2. RISK EVALUATION
Successful exploitation of this vulnerability could hijack existing TCP sessions to inject packets of their choosing or cause denial-of-service conditions.
Hitachi Energy APM Edge (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.2
ATTENTION: Low attack complexity
Vendor: Hitachi Energy
Equipment: Transformer Asset Performance Management (APM) Edge
Vulnerability: Using Components with Known Vulnerabilities
2. RISK EVALUATION
Successful exploitation of this vulnerability could cause the product to become inaccessible.
Hitachi Energy PCM600 Update Manager (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.7
Vendor: Hitachi Energy
Equipment: PCM600 Update Manager
Vulnerability: Improper Certificate Validation
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to bypass the certificate validation and install an untrusted software package.
Hitachi Energy RTU500 series (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.6
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Hitachi Energy
Equipment: RTU500 series
Vulnerabilities: Observable Discrepancy, Buffer Over-read, Out-of-bounds Read
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to eavesdrop on traffic, retrieve information from memory, or cause a denial-of-service condition.
Trends
Big Tech Privacy Moves Spur Companies to Amass Customer Data (Wall Street Journal) Marketers are staging sweepstakes, quizzes and events to gather people’s personal information and build detailed profiles—a response to Apple’s “opt in” policy for apps and Google’s plan to restrict user tracking in its browser.
“Trusted Partner” in Cybersecurity: Cliché or Necessity? (Security Intelligence) When it comes to cyberattacks, even the most well-staffed security team needs a trusted partner.
Do passwords impact productivity? (Axiad) Do passwords impact productivity? They do. 60% of US workers we surveyed said they stop them from doing their jobs! Today we released results of our new Axiad Fall 2021 Passwords & Productivity Survey...
Marketplace
2021 State of Cybersecurity Marketing Report (Cybersecurity Marketing Society) A new report by The Cybersecurity Marketing Society and Ten Eleven Ventures to help cybersecurity marketers rise above the noise in a crowded industry. Data is from 200+ marketers across the globe.
Blockchain Security Provider CertiK Raises $80 Million (SecurityWeek) Blockchain security provider CertiK on Wednesday announced that it has closed an $80 million Series B2 funding round, the third within four months.
ATS acquires cyber tech solutions provider (Washington Technology) Acclaim Technical Services closes its third acquisition in two years and the latest transaction sees it buy a provider cyber technology solutions to the national security community.
Deloitte acquires Oracle Cloud Infrastructure firm BIAS (ZDNet) Deloitte scoops up BIAS' US and Indian operations to expand into new aspects of the OCI market for enterprise customers.
These 4 security firms could emerge as big winners or even hot acquisition targets next year, thanks to Biden's new federal cybersecurity standards (Business Insider) The market for encrypted keys is surprisingly narrow, according to Ho, with the Palo-Alto based startup Yubico as the only significant vendor.
Israeli companies attend int’l cyber security conference in Saudi Arabia (Israel Defense) Hundreds of speakers gathered in Riyadh earlier this week for a first of its kind conference, as the kingdom charges on with its ambitious 2030 innovation vision
ISRAEL : After setbacks, Candiru makes timid public entrance (Intelligence Online) Blacklisted by the US and exposed by the cybersecurity firm Eset, Israel's Candiru will break with its usual discretion to present its technology at interceptions trade fair ISS World.
Israeli spyware maker NSO's new secret op (Haaretz) Israeli NSO has secretly teamed up with a cyber firm exploiting big-tech vulnerabilities. 'Realmode Labs' has recently demonstrated a major breach capability into Amazon servers
Here’s Why 2021 Could Be Another Big Year for Cybersecurity Insurance! (Market Herald) Introduction: Cybersecurity is one of the fastest-growing job markets, and is an industry that encompasses many different skills. Cybersecurity Insurance protects companies against data breach risks. As cybercriminals change their methods of attack, cybersecurity professionals are needed to help keep businesses safe. It can also refer to a number of related topics, including preventing and […]
Peraton to relocate its headquarters after blockbuster acquisitions (Washington Business Journal) Federal IT contractor Peraton is headed to a new home, but it's not going too far.
Products, Services, and Solutions
Attivo Networks Joins SentinelOne’s Singularity XDR Marketplace (Businesswire) Attivo Networks Joins SentinelOne’s Singularity XDR Marketplace
Dell EMC data security solution now on AWS (CRN Australia) With the Dell EMC PowerProtect Cyber Recovery for AWS offering.
Facebook is making two-factor mandatory for high-risk accounts (TechCrunch) The company says it's working to secure high risk accounts, like those of human rights defenders, journalists, and government officials.
1.5 million users joined Facebook Protect since September (The Record by Recorded Future) Meta (formerly Facebook) said today that they enrolled more than 1.5 million users in Facebook Protect, a security program designed for human rights activists, journalists, and government officials.
Lindenwood University - Check Point Software (Check Point Software) Learn how Lindenwood University Secured In-Person and Remote Learning with Check Point's Solutions, by protecting the student’s data while being able to continue to learn remotely through today’s global pandemic.
New infosec products of the week: December 3, 2021 (Help Net Security) The featured infosec products this week are from: Castellan Solutions, Cossack Labs, Immuta, IriusRisk, Tenable, ThreatConnect, Verimatrix and Zerto.
Technologies, Techniques, and Standards
Security Guidance for 5G Cloud Infrastructures Part III: Data Protection (CISA) The Enduring Security Framework (ESF) hosted a 5G study group comprised of government and industry experts over the course of eight weeks during the summer of 2020 to explore potential threat vectors and vulnerabilities inherent to 5G infrastructures. At the conclusion of the study, the group recommended a three-pronged approach to explore this threat space...
Consumer Cybersecurity Labeling for IoT Products: Discussion Draft on the Path Forward (NIST) This document provides an update on work by the National Institute of Standards and Technology (NIST) to initiate a “pilot” program on cybersecurity labeling for IoT products as required under Executive Order (EO) 14028, “Improving the Nation’s Cybersecurity.”
I/ITSEC NEWS: U.S. Cyber Command Eyes Upgrades to Training System (National Defense) U.S. Cyber Command is upgrading and improving its training apparatus as it continues to develop its Joint Cyber Warfighting Architecture, officials said Dec. 2.
4 advanced IoT security best practices to boost your defense (IoT Agenda) IoT leaders must dig in to more nuanced IoT security best practices, including segmentation and machine learning, to protect IoT deployments.
Do you need a CISO? The answer may surprise you. (IGI) Moving forward the IGI program name will reflect what we offer, a full team of cybersecurity professionals who have a diverse set of skills and expertise.
Design and Innovation
ASD says quantum no immediate threat to encrypted government data (iTnews) Algorithms unlikely to be cracked if approved.
Setting the scene for a quantum marketplace: where quantum business is up to and how it might unfold (Physics World) Philip Ball investigates the successes and pitfalls of commercializing quantum information technology
Meta builds tool to stop the spread of ‘revenge porn’ (NBC News) Facebook beefs up revenge porn protections
Why is Kaspersky introducing cyber policy for bionic devices? (Digit) The cyber firm has become one of the first companies in the world to introduce a cybyersecurity policy around the use of bionic devices.
What Microsoft’s shift to passwordless means for cybersecurity (Security Magazine) Passwordless security solutions are here — but are all enterprise organizations ready to implement them?
Crime Prediction Software Promised to Be Free of Biases. New Data Shows It Perpetuates Them (The Markup) Millions of crime predictions left on an unsecured server show PredPol mostly avoided Whiter neighborhoods, targeted Black and Latino neighborhoods
Academia
Aerospace and defence firm Lockheed Martin UK goes back to the classroom to inspire students into STEM (Portsmouth News) A TEAM of engineers from Lockheed Martin UK went back to the classroom as they helped students from UTC Portsmouth participate in a cyber-themed challenge.
Legislation, Policy, and Regulation
Ukraine in the Crosshairs (Foreign Affairs) Washington is concerned about the latest movements of Russian forces, wondering whether Vladimir Putin plans to invade Ukraine.
Russians Believe Ukrainians Want to Be ‘Liberated’ (Foreign Policy) Delusions about Moscow’s “little brother” are common and dangerous.
Ukraine Is Part of the West (Foreign Affairs) The United States and Europe should set out a clear road map for Ukraine to finally join NATO and the European Union.
NATO thwarted a Russian invasion in 1980. Could its playbook work today? (Atlantic Council) As NATO foreign ministers meet this week in Riga, Latvia, they should consider how President Jimmy Carter blocked the Soviets from crushing Poland’s Solidarity movement.
Rights groups urge EU to ban NSO over clients’ use of Pegasus spyware (the Guardian) Letter signed by 86 organisations asks for sanctions against Israeli firm, alleging governments used its software to abuse rights
Joint Letter Urging EU Targeted Sanctions Against NSO Group (Human Rights Watch) Dear EU High Representative Borrell and Foreign Ministers of the EU member states,
U.S. to Lead Global Effort to Curb Authoritarians’ Access to Surveillance Tools (Wall Street Journal) The Biden administration said it would launch an initiative with friendly nations to coordinate export policies for technology that can be used to suppress human rights.
Inside Israel's cybersecurity efforts (CNN) Criminal hackers make up the majority of the cyberattacks on Israeli civilian life. "We know everyone, who's behind it, and we remember, and we can get even," Director General of the Israel National Cyber Directorate, Yigal Unna, tells CNN's Hadas Gold.
IoT devices must “protect consumers from cyberharm”, says UK government (Naked Security) “Must be at least THIS tall to go on ride” seems to be the starting point. Too little, too late? Or better than nothing?
Australia passes bill allowing it to impose sanctions for cyber-attacks (The Record by Recorded Future) The Australian Senate has passed a bill today providing a legal framework for its government to impose economic sanctions on foreign hackers that engage in cyberattacks against Australian targets.
Biden Administration Issues Cybersecurity Directives for Freight and Passenger Rail (Wall Street Journal) Nearly all U.S. freight and passenger rail systems will be required to report certain cybersecurity incidents to the Department of Homeland Security within 24 hours of discovery under new directives published Thursday.
Congress Takes Aim at the Algorithms (Wired) A new crop of Section 230 reform proposals focuses on amplification, not content moderation. But the devil is in the details.
Cyber advisors start to see ‘momentum’ within military services (Federal News Network) The advisor positions were created two years ago, but they’re just now starting to make their mark on cyberspace budgets and force designs.
Info watchdog members reappointed as data breaches mount (ITWeb) The president largely retains members of the Information Regulator, although SA has been at the mercy of data breaches and leaks under their watch.
Litigation, Investigation, and Law Enforcement
Federal watchdog warns security of US infrastructure 'in jeopardy' without action (TheHill) A federal watchdog agency on Thursday released findings highlighting serious concerns around cybersecurity vulnerabilities in U.S.
Cybersecurity: Federal Actions Urgently Needed to Better Protect the Nation’s Critical Infrastructure (Government Accountability Office) Federal agencies and the nation’s critical infrastructure—such as transportation systems, energy, communications, and financial services—are dependent on information technology systems to carry out operations. The security of these systems and the data they use is vital to public confidence and national security, prosperity, and wellbeing.
The Fall of a Russian Cyberexecutive Who Went Against the Kremlin (Bloomberg) Ilya Sachkov, who’s been charged with treason in Russia, is alleged to have given the U.S. information about the “Fancy Bear” operation that sought to influence the U.S. election.
Free speech goes for companies, too: Federal judge blocks Texas social media law (Yahoo Sports) The law, which was to take effect Thursday, allows social media users to sue large platforms if they are blocked or their viewpoints are removed.
Missouri officials planned to thank Post-Dispatch before threatening newspaper, emails show (Saint Louis Post-Dispatch) Records also show the FBI told the state the incident was ‘not an actual network intrusion.’
FTC Challenges Nvidia’s Deal for Arm Holdings (Wall Street Journal) The Federal Trade Commission sues to block the U.S. chip supplier’s proposed takeover of the chip-design specialist, arguing the deal is anticompetitive.
A Peek Inside Anom, the Phone Company Secretly Used in an FBI Honeypot (Vice) Videos, documents, and other files obtained by Motherboard show how the company functioned as an entity in its own right.
Cabinet Office fined £500,000 by ICO over New Year Honours data breach (Computing) Sir Elton John and cricketer Ben Stokes are among individuals affected by the breach
Two Georgia election workers targeted by Trump sue far-right conspiracy site Gateway Pundit for defamation (Washington Post) Two women who were Georgia election workers in 2020 are suing the far-right conspiracy website Gateway Pundit for defamation, alleging that the site and its owners knowingly published false stories about them that instigated a relentless campaign of harassment and threats.
Finance Committee Republicans Continue to Press IRS on ProPublica Leak (Senator Rob Portman) Nearly six months after ProPublica began disclosing confidential, private and legally-protected taxpayer information, the Internal Revenue Service (IRS) and the Biden administration continue to show little regard about the haphazard handling of private taxpayer data. ProPublica unabatedly continues to publish articles naming individual taxpayers while the IRS, the Department of the Treasury, the FBI, and the Department of Justice have all failed to identify the source or sources of the leaked information.