Attacks, Threats, and Vulnerabilities
Retailers Using WooCommerce are at Risk of Magecart Attacks (RiskIQ) Magecart is a cyberattack involving digital credit card theft by injecting malicious code into e-commerce sites that skims online payment forms. This style of attack came to prominence against its titular e-commerce platform Magento. However, the many skimming groups worldwide target nearly every web environment and payment platform, including dozens of other online shopping platforms, especially widely used free and inexpensive options. One of these plugins is WooCommerce.
Inside the Hive (Group-IB) Deep dive into Hive RaaS, analysis of latest samples
Microsoft and GitHub OAuth Implementation Vulnerabilities Lead to Redirection Attacks (Proofpoint) Vulnerabilities in Microsoft and others’ popular OAuth2.0 implementations lead to redirection attacks that bypass most phishing detection solutions and email security solutions.
Confluence and GitLab servers targeted by new ransomware strain (The Record by Recorded Future) Over the past few days, a ransomware group has leveraged exploits for recently disclosed vulnerabilities to gain access to unpatched Confluence and GitLab servers, encrypt their files, and then ask server owners for a ransom payment to recover their data.
Australian Electricity Provider 'CS Energy' Hit by Ransomware (SecurityWeek) Australian electricity provider CS Energy says there is no indication that the recently disclosed ransomware attack is the work of state-sponsored threat actors.
Ransomware attack on Australian utility claimed by Russian-speaking criminals (Reuters) One of the most prolific Russian-speaking ransomware gangs has claimed credit for a weekend attack on an Australian electric utility serving millions of people.
Nordic Choice Hotels hit by Conti ransomware (Intelligent CIO Europe) Nordic Choice Hotels, one of the Nordic region’s largest hotel chains, has confirmed it was the target of a cyberattack on its systems from the Conti ransomware group. The incident primarily impacts the hotel’s guest reservation and room key card systems. Although there is no indication of passwords or payment information being affected, information pertaining to […]
A Year After the SolarWinds Hack, Supply Chain Threats Still Loom (Wired) The Russia-led campaign was a wake-up call to the industry, but there's no one solution to the threat.
Malicious packages in npm enable theft of Discord tokens, other data (JFrog) Software supply chain security threat: automated scanning of open-source packages in the npm registry uncovered malware that puts sensitive data and devices at risk.
Collector-stealer: a Russian origin credential and information extractor (Virus Bulletin) In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.
National Insurance website briefly downed in cyberattack; no data accessed (Times of Israel) Attack meant to shut down site, not breach databases; agency's computer personnel respond by blocking all access from abroad
Deepfakes widen fraud opportunities for financial hackers (SC Media) Fraudsters are able to create deepfakes so realistic and seamless that it has become a challenge for even the most skilled cybersecurity professional to spot the deception.
SEO Poisoning: The New Normal Brings New Threats (Infosecurity Magazine) SEO poisoning demonstrates the acknowledgment of attackers that remote and hybrid business models have resulted in increased use of the browser
Not with a Bang but a Whisper: The Shift to Stealthy C2 (Threatpost) DoH! Nate Warfield, CTO of Prevailion, discusses new stealth tactics threat actors are using for C2, including Malleable C2 from Cobalt Strike's arsenal.
Google says Pixel repair privacy breach wasn't from employees, new security instructions coming (9to5Google) Google has confirmed that the privacy breach that affected some users following Pixel repairs was not at the hands of employees.
COVID hospitalizations spike as some Maryland health department services remain unusable days after cyberattack (Baltimore Sun) Days after a cyberattack disrupted services provided by the Maryland Department of Health, including its COVID-19 dashboard, reporting resumed for hospitalizations related to the pandemic, showing an 18% spike in just five days. Yet surveillance data related to new cases and deaths caused by the coronavirus — or the state’s positivity rate — has not updated since the weekend.
Notification of personal data breach: News release from Vestas Wind Systems A/S (MarketScreener) Vestas Wind Systems A/S discovered a cyber security incident on 19 November 2021 which involved external attackers compromising and... | December 8, 2021
Two Data Breaches at WA Senior Care Nonprofit Impact 103K (HealthITSecurity) Washington-based senior care nonprofit Sound Generations experienced two data breaches that impacted over 103K individuals and potentially exposed PII.
Grinchbots strike again this holiday shopping season as bot traffic spikes 73% (Imperva) The days are getting chilly, holiday drinks are back on the menu at your favorite café and family gatherings are planned. In an almost pavlovian response, Grinchbots have also returned in record levels to ruin your online holiday shopping experience. In the State of Security Within eCommerce in 2021, Imperva Research Labs predicted that bad […]
Security Patches, Mitigations, and Software Updates
Critical flaw in ManageEngine Desktop Central MSP tool exploited in the wild (CSO Online) Each of two flaws allow attackers to bypass authentication, leaving customers of MSPs that use ManageEngine at risk. Patches are available.
Trends
Ransomware in the C-Suite: An (ISC)² Study ((ISC)²) Ransomware in the C-Suite is an (ISC)² research study that provides insights for cybersecurity professionals into the minds of C-suite executives and how they perceive their organizations’ readiness for ransomware attacks.
Hi-Tech Crime Trends Reports 2021/2022 (Group-IB) Global cyber threat landscape and forecasts for its development.
Organizations facing greater risk of Ransomware, Cyberattacks this holiday season as more workers shop on company-owned devices (Menlo Security) New research from Menlo Security reveals that 80% of workers in the U.S. and U.K. are concerned about personal data being stolen while online shopping for holidays Mountain View, California—December 8, 2021 – Research launched today by Menlo Security, a leader in cloud security, reveals increased cybersecurity risks posed to employees and organizations during the 2021...
Fifth Record Year in a Row for Vulnerabilities (K2io) On December 8, 2021 we just hit another milestone with the number of vulnerabilities recorded in the US CERT Vulnerability Database (so far in 2021) exceeding the total count in 2020, marking a fifth record year of vulnerabilities discovered in production code.
Everyone is burned out. That's becoming a security nightmare (ZDNet) Two years into the pandemic and the challenges around remote working are taking their toll. We're making bad tech security decisions as a result.
Monthly Threat Report Global Threat Intelligence Center December 2021 (NTT Global Threat Intelligence Center) It seems, year after year, attacks increase in impact and visibility and 2021 did not deviate from past patterns. Instead of looking at the increase in numbers of incidents, breaches, and vulnerabilities, I’d like to take a look at some of the trends that have caught the attention of the security and business worlds.
Number of cyberattacks against organizations (Orange Business Services) Number of cyberattacks against organizations increases by 13%, with noticeable rise in attacks targeting mobile devices
Ransomware damages expected to exceed £15 billion by end of year, report (Computing) Cybercriminals now try to use MSPs' own internal tools against them
Designer smartphone hacks will trickle down in 2022 (Computerworld) State-sponsored attacks similar to NSO Group's Pegasus will begin to leak into the criminal hacker community in 2022, Watchguard warns.
Telemedicine: Doctors and patients are both worried about privacy and data security (TechRepublic) Kaspersky survey finds 34% of telehealth providers admit to a wrong diagnosis due to poor video or photo quality.
Marketplace
Claroty Wants To Stop Cyberattacks Killing People—Announces $400 Million Investment, An Acquisition, And Is Near A $2 Billion Valuation (Forbes) Worried that cyberattacks are “a threat to humanity,” the New York startup claims it’s the best-funded company in its field thanks to a Softbank-led round, as it looks towards a public listing.
Permira to buy email security company Mimecast in $5.8B deal (PitchBook) Permira has agreed to take email security business Mimecast private in an all-cash deal that values the company at approximately $5.8 billion. Founded in 2003, London-based Mimecast has been public...
Avast to Acquire Evernym (Yahoo Finance) Avast (LSE:AVST), a global leader in digital security and privacy, today announced the acquisition of Evernym. The US company was instrumental to the invention of self-sovereign identity, with leading contributions from their Chief Trust Officer, Drummond Reed, and others in the company working within the industry standards community. This work has enabled the development of innovative products and services based on decentralized digital credentials, leading to a more trustworthy online experien
Software Firm HashiCorp Tops IPO Goal to Raise $1.2 Billion (BloombergQuint) Software Firm HashiCorp Tops IPO Goal to Raise $1.2 Billion
LogDNA raises $50M for observability data (SearchDataManagement) Tucker Callaway, CEO of LogDNA, provides insight into the challenges and opportunities for observability data as his company raises new funding.
SentinelOne Explores Security Acquisitions, Strategic Investments (MSSP Alert) Cisco veteran Rob Salvagno leads SentinelOne's acquisition & investment strategy. SentinelOne hunts cybersecurity market for M&A & venture capital targets.
SentinelOne slumps despite beating analysts (Globes) Israeli cybersecurity company was down sharply on Wall Street today despite reporting strong results for the third fiscal quarter, beating the analysts on earnings per share.
Cybersecurity can pose a risk in more than one way for financial advisors (CNBC) While keeping client data safe should be a priority for advisors, cyber attacks also could affect the investments they make on behalf of their clients.
Is It Time for Wealthy Tech Investors to Lie Flat? (Bloomberg) The bloodbath in tech stocks will have consequences for the startup world. After a decade of minting money, hyperactive VCs may decide it’s time to relax.
Pathlock Completes Record Year of Growth as Organizations Prioritize the Security of Business Critical Applications (PR Newswire) Pathlock, the leading provider of unified access orchestration, today announced significant corporate growth with key customer wins, including...
ThycoticCentrify Wins 2021 Computing Security Excellence Award for Identity and Access Management (Yahoo) ThycoticCentrify, a leading provider of cloud identity security solutions formed by the merger of privileged access management (PAM) leaders Thycotic and Centrify, is proud to announce that it has won the 2021 Computing Security Excellence Awards in the Identity & Access Management (IAM) category.
Cobalt Recognizes Tugboat Logic, Ectacom, and Drata in Inaugural Partner of the Year Awards | Cobalt Blog (Cobalt) Today, Cobalt is proud to announce the winners of the first annual Partner of the Year awards, including Tugboat Logic, Ectacom, and Drata.
National security business serving WVU & FBI opens Bridgeport storefront (WBOY) Xator Corporation, a company that provides biometrics and identity management solutions services in more than 120 countries, has opened an office in Bridgeport.
Cybersecurity Leader Jerich Beason Joins Ericom Software Industry Advi (PRWeb) Ericom Software, a leading provider of Zero Trust cloud cybersecurity solutions and developer of the ZTEdge™ SASE Platform, announced today that cybersecurity v
HackerOne Appoints Chris Evans as Chief Information Security Officer (Businesswire) HackerOne today announced the appointment of its Chief Information Security Officer (CISO)
BioCatch Appoints Gili Brudno as Chief People Officer (Businesswire) BioCatch, the global leader in behavioral biometrics, is pleased to announce the appointment of Gili Brudno as Chief People Officer, adding robust exp
Cisco Veteran Marc Inderhees Joins Appgate Channel Team (Appgate) Industry veteran named new Sr. Director, MSP Channel Sales to head strategy and execution of Appgate’s Managed Service Provider (MSP) Program. Learn more.
Zettaset Appoints Christopher Pakstys as Head of Channel to Drive Global Growth (Yahoo Finance) Zettaset, a leading provider of data protection solutions, today announced the appointment of Christopher Pakstys as its Director of Channel Sales. In this role, Pakstys is responsible for growing Zettaset’s rapidly expanding partner program globally and fostering channel enablement by working directly with partners.
Products, Services, and Solutions
Adaptive Shield and Okta Join Forces to Deliver Integrated Solution for Fortified SaaS Security and Identity and Access Management (PR Newswire) Adaptive Shield, the leading SaaS Security Posture Management (SSPM) company, today announced a tech integration with Okta, Inc. (NASDAQ:...
Industry-First Identity Data Fabric Unleashes the Power of Identity Data (RadiantLogic) New Radiant Logic platform conquers complexity, adds agility, creates actionable customer insights, and improves security
CyCognito Teams with Intel 471 to Bolster Cyber Threat Intelligence Capabilities (GlobeNewswire News Room) Enterprises benefit from improved access to data, along with richer and more relevant insights that will enable them to further strengthen their...
McLaren Formula 1 Team Selects Immersive Labs as Official Partner Supporting Cyber Workforce Optimization (Businesswire) Immersive Labs, the company empowering organizations to continuously measure and optimize human cyber capabilities, today announced a multi-year partn
Lumen Lands U.S. Army Reserve Network Contract (PR Newswire) The U.S. Army Reserve Command (USARC) recently selected Lumen Technologies (NYSE: LUMN) to provide Virtual Private Network (VPN) services,...
cStor Launches ManageWise for Mimecast to Help Protect Clients From Advanced Email Security Threats (Digital Journal) ManageWise provides expert cybersecurity services to help clients optimize their Mimecast investment cStor ManageWise for Mimecast SCOTTSDALE, Ariz. -
Schnäppchen: Neues Schutzpaket Avast One mit Mega-Rabatt
(computerbild.de) Avast One kombiniert den Virenschutz-Testsieger mit einer VPN- und Tuning-Software. Bei COMPUTER BILD gibt es das Schutzpaket mit 70 Prozent Rabatt!
Neosec and Kong form strategic partnership to strengthen API security (Security Brief) The intention of the collaboration is to provide a complete enterprise-class solution for managing and securing APIs and microservices, the company states.
Rubrik delivers new data security and ransomware recovery solutions built on Microsoft Azure (Security Brief) The new SaaS offering, built-on Microsoft Azure, reduces the risk that data is modified, deleted, or encrypted.
LastPass Announces New Integration with Google Workspace (GlobeNewswire News Room) The latest integration furthers the company’s mission to provide an unmatched security model for businesses, without adding complexity for users...
Technologies, Techniques, and Standards
How to Opt Out of Verizon’s Custom Experience Tracking (Wired) Unless you manually opt out of the program, Verizon will store personal information and create user interest profiles.
Can Your Cybersecurity Culture Stand Up to the Latest Spear Phishing Techniques? (CPO Magazine) Gone are the days of bulk spear phishing attacks, where hackers send scam emails and malicious attachments to as many people as possible and hope for a bite. Spear phishing techniques are growing more targeted and sophisticated, according to new data from Tessian that sheds light on the latest attack methods.
2021 President’s Cup Cybersecurity Competition Preview! (CISA LIVE | CISA) Join us LIVE on December 9th for the final competition. Learn more about the President’s Cup Cybersecurity Competition.
Design and Innovation
Your Face Is, or Will Be, Your Boarding Pass (New York Times) Tech-driven changes are coming fast and furiously to airports, including advancements in biometrics that verify identity and shorten security procedures for those passengers who opt into the programs.
Research and Development
DeepMind says its new language model can beat others 25 times its size (MIT Technology Review) RETRO uses an external memory to look up passages of text on the fly, avoiding some of the costs of training a vast neural network
Legislation, Policy, and Regulation
Russia blocks privacy service Tor, ratcheting up internet control (Reuters) Russia stepped up state oversight of internet activity on Wednesday by blocking the website of global privacy service Tor and part of its wider network, with the communications regulator accusing it of enabling access to illegal content.
Responding to Tor censorship in Russia (Tor Project) Since December 1st, some Internet providers in Russia have started to block access to Tor. We need your help NOW to keep Russians connected to Tor!
Russians have 120,000 troops on its border, increased intel gathering, Ukraine ministry says (Military Times) There are about 98,000 Russian ground troops and about 22,000 air and naval forces arrayed around the former Soviet satellite, according to a Ukrainian military assessment obtained by Military Times.
Biden Plans NATO Talks With Russia to Ease Ukraine Tensions (Bloomberg) Putin has demanded guarantee NATO won’t expand eastward. U.S. president says he threatened consequences from invasion.
Defending Ukraine: US must offer military support not just economic threats (TheHill) Russia’s actions and the prospect for conflict have received widespread condemnation from the United States and its allies.
U.S. defense official says boosting Taiwan's defenses an 'urgent task' (Reuters) Bolstering Taiwan's defenses is an urgent task and essential to deterring the threat of invasion by China, the Pentagon's top official for Asia said on Wednesday, adding that U.S. partners were stepping up their military presence in the region.
Exclusive: U.S., Israel to discuss military drills for Iran scenario (Reuters) U.S. and Israeli defense chiefs are expected on Thursday to discuss possible military exercises that would prepare for a worst-case scenario to destroy Iran's nuclear facilities should diplomacy fail and if their nations' leaders request it, a senior U.S. official told Reuters.
Why Restraint in the Real World Encourages Digital Espionage (War on the Rocks) President Joe Biden has committed to ending America’s forever wars and restoring diplomacy, longtime goals for advocates of a more restrained U.S. foreign
China’s Regulatory Crackdown Begins to Sweep Up Foreign Firms (World Politics Review) China’s domestic tech industry is reeling from a relentless crackdown<strong> </strong>that has since broadened to include other sectors of the economy. Yet even as Chinese companies brace for mounting challenges under the current environment, their adaptation strategies seem insufficient to cushion against the effects of the upheaval.
New German government coalition promises not to buy exploits (The Record by Recorded Future) The three political parties set to form the new German government have agreed to stop buying zero-day vulnerabilities and limit the government's future use of monitoring software (spyware).
National Cyber Security Centre to become independent agency (Times) The government is to transform the National Cyber Security Centre (NCSC) into an independent agency with its own budget, staff and research capabilities as part
Cyber Security Baseline Standards (Gov.ie) Cyber Security Baseline Standards
Cyber in the 2022 defense bill (FCW) As has been the case for the past few years, cyber governance provisions were featured in this year's must-pass defense policy bill moving through Congress, but a bipartisan breach notification measure was dropped from the bill -- to the chagrin of its supporters.
US Cyber Command head confirms direct actions against ransomware gangs (ZDNet) General Paul M. Nakasone provided a peek behind the curtain into how his agency is trying to combat the growing threat organized ransomware gangs pose to US cybersecurity and vital global infrastructure.
White House to fund tech to evade censorship and increase privacy (Reuters) The White House will launch an initiative on Wednesday to award grants to innovators working on technology to bolster democracy by developing tools that enhance privacy or circumvent censorship, a White House official told Reuters.
Crypto Executives Defend Industry as Congress Considers Oversight (Wall Street Journal) Company officials say at hearing that digital assets wouldn’t easily be regulated under existing financial regulations.
ACLU Calls for Halt of Homeland Security’s Use Of Facial Recognition Technology (Nextgov.com) The civil rights organization said that the biometrics technology can lead to discriminatory arrests based on race.
Democrats accuse GOP of scuttling incident reporting in massive defense bill (The Record by Recorded Future) Congressional Democrats on Tuesday blamed Republicans for axing language in the annual defense policy bill that would have mandated reporting of cyberattacks and ransomware payments.
Echoing Hyten, Grady says Pentagon should stop over-classifying info (Breaking Defense) Adm. Christopher Grady appears poised to become the military's second highest ranking officer.
Senate Armed Services advances DoD CIO nominee (The Record by Recorded Future) The Senate Armed Services Committee on Wednesday advanced President Joe Biden’s nominee for Defense Department chief information officer.
Litigation, Investigation, and Law Enforcement
Philippines' Supreme Court rules parts of terrorism law unconstitutional (Reuters) The Philippines' Supreme Court declared two parts of a controversial anti-terrorism law unconstitutional on Thursday, dismaying activists and rights groups who sought the scrapping of the legislation over fears it threatened civil liberties.
'A free pass to seize and sift': Federal court upholds terrorism conviction in controversial mass surveillance case (USA TODAY) Jamshid Muhtorov — whose email communications were searched by the U.S. government under Section 702 of FISA\u00a0— has spent years in federal custody.
Utility giants agree to no longer allow sensitive records to be shared with ICE (Washington Post) The records had been used to hunt immigration violations. Advocates cheer the closing of a ‘dangerous’ loophole.
Cybersecurity: NIH Needs to Take Further Actions to Resolve Control Deficiencies and Improve Its Program (GAO) The National Institutes of Health's duties include researching infectious diseases and administering over $30 billion a year in research grants. NIH...
Canadian police arrest Ottawa resident for ransomware attacks (The Record by Recorded Future) Canadian police have detained an Ottawa resident for his alleged role in orchestrating ransomware attacks against private companies and government agencies in Canada and the US since 2018.
Alleged ransomware affiliate arrested for healthcare attacks (BleepingComputer) A 31-year old Canadian national has been charged in connection to ransomware attacks against organizations in the United States and Canada, a federal indictment unsealed today shows.
Amazon Fined $1.3 Billion in Italian Antitrust Case (Wall Street Journal) Italy’s antitrust regulator said Amazon harmed competitors by favoring third-party sellers that use its logistics services. The company faces a similar probe by the EU.
Couple accused in Navy submarine spy case wanted to leave US because of Trump, lawyer says (Military Times) Prosecutors have until later this month to respond to the defense motion.