Cyber Attacks, Threats, and Vulnerabilities
Exclusive: The true origins of the Seth Rich conspiracy theory. A Yahoo News investigation. (Yahoo News) In the summer of 2016, Russian intelligence agents secretly planted a fake report claiming that Democratic National Committee staffer Seth Rich was gunned down by a squad of assassins working for Hillary Clinton, giving rise to a notorious conspiracy theory that captivated conservative activists and
U.S. Coast Guard Issues Alert After Ship Heading Into Port Of New York Hit By Cyberattack (Forbes) The U.S. Coast Guard has warned that cybersecurity at sea needs to be taken a lot more seriously after a ship heading into the Port of New York fell victim to a cyberattack.
Maritime Safety Alert: Cyber Incident Exposes Potential Vulnerabilities Onboard Commercial Vessels (US Coast Guard) In February 2019, a deep draft vessel on an international voyage bound for the Port of New York and New Jersey reported that they were experiencing a significant cyber incident impacting their shipboard network.
Report: Russian intel started the Seth Rich rumor to cover for DNC hack (Ars Technica) Yahoo News' Michael Isikoff claims SVR was the source of story in "ConspiracyLand" podcast.
Tenable Research Discovers Vulnerability in Siemens Critical Infrastructure Design Software (Tenable®) Tenable®, Inc., the Cyber Exposure company, today announced its research team discovered a critical vulnerability in Siemens STEP 7 TIA Portal, design and automation software for industrial control systems (ICS). The vulnerability, which impacts the same family of devices compromised in the STUXNET attack, could be used as a stepping stone in a tailored attack against critical infrastructure, with the potential for catastrophic damage.
Nuclear Meltdown with Critical ICS Vulnerabilities (Medium) In 2019, almost a decade after the famed Stuxnet worm silently wreaked havoc on an Iranian uranium enrichment plant, SCADA vendors still…
Report: Detailed personal records of 188 million people found exposed on the web (Comparitech) A database containing nearly 188 million records of personal data was found exposed on the web and accessible to anyone with an internet connection. Some of the records appear to be from Pipl.com and LexisNexus, people search and legal search websites, respectively.
Over 90 Million Records Leaked by Chinese Public Security Department (BleepingComputer) A publicly accessible and unsecured ElasticSearch server owned by the Jiangsu Provincial Public Security Department of the Chinese province Jiangsu leaked two databases containing over 90 million people and business records.
Magecart activity and campaign enhancements (Zscaler) Magecart is a hacker group known for skimming credit or debit card details by injecting malicious JavaScript code into e-commerce sites. The Zscaler ThreatLabZ team had observed different methods for injecting skimming code and stealing payment card details. Read more.
Powload Loads Up on Evasion Techniques (TrendLabs Security Intelligence Blog) By sifting through six months’ worth of data (Jan-Jun 2019) covering over 50,000 samples from the Trend Micro™ Smart Protection Network™ infrastructure, we managed to gain insight into how Powload has incorporated new techniques to increase its effectiveness, especially in its ability to hide from detection.
A Deep Dive Into IcedID Malware: Part I - Unpacking, Hooking and Process Injection (Fortinet Blog) Learn more about IcedID, a banking trojan which performs web injection on browsers and acts as proxy to inspect and manipulate traffic. This is part one of a three part series.…
Anubis Android Malware Returns with Over 17,000 Samples (TrendLabs Security Intelligence Blog) While tracking the activities of the information-stealing Anubis, we saw two related servers and uncovered 17,491 samples of this Android malware.
BianLian banking trojan adds screen recorder to face off against Android users (SC Magazine) BianLian, which first appeared as a dropper in October 2018, has turned spyware by adding screen recording module
Backdoor discovered in Ruby strong_password library (Naked Security) An eagle-eyed developer has discovered a backdoor recently sneaked into a library (or ‘gem’) used by Ruby on Rails (RoR) web apps to check password strength.
The Nation Municipality victim of randsomware cyber attack (Ottawa Matters) Although the municipality can confirm that information was encrypted by the malware, it hasn't found any evidence that information was inappropriately accessed or removed from its systems.
Security Patches, Mitigations, and Software Updates
Adobe tackles vulnerabilities in Dreamweaver, Experience Manager, Bridge (ZDNet) July’s patch update has landed and Flash is nowhere to be seen.
Two Zero-Days Fixed in This Month’s Patch Tuesday (Infosecurity Magazine) Two Zero-Days Fixed in This Month’s Patch Tuesday. Microsoft addresses 77 flaws including six publicly disclosed
July’s Patch Tuesday Fixes Critical Flaws in Microsoft Edge and Internet Explorer, Including 2 Exploited Vulnerabilities (TrendLabs Security Intelligence Blog) Critical patches covered in the release include fixes for Windows DHCP Server, Azure DevOps Server and Team Foundation Server, and .NET Framework, namely assigned as CVE-2019-0785, CVE-2019-1072, and CVE-2019-1113. Elevation of privilege vulnerabilities in Microsoft splwow64 (CVE-2019-0880) and Win32k (CVE-2019-1132), which were previously seen being exploited, have also been patched.
Patch Tuesday Lowdown, July 2019 Edition (KrebsOnSecurity) Microsoft today released software updates to plug almost 80 security holes in its Windows operating systems and related software.
July Patch Tuesday updates are now available for Windows 10 version 1903 and older, here’s what’s new (OnMSFT.com) Microsoft has just released the monthly “Patch Tuesday” updates for all supported versions of Windows 10.
Siemens SIPROTEC 5 and DIGSI 5 (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: SIPROTEC 5 and DIGISI 5
Vulnerabilities: Improper Input Validation
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow a denial-of-service condition and limited control of file upload, download, and delete functions.
Siemens CP, SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM (Update C) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: CP, SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM
Vulnerability: Out-of-bounds Read
2.
Siemens SIMATIC PCS 7, WinCC, TIA Portal (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.1
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: SIMATIC PCS 7, WinCC Runtime Professional, WinCC (TIA Portal)
Vulnerabilities: SQL Injection, Uncaught Exception, Exposed Dangerous Method
2.
Siemens Industrial Products with OPC UA (Update C) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: SIMATIC, SINEC-NMS, SINEMA, SINEMURIK Industrial Control Products with OPC UA
Vulnerability: Uncaught Exception
2.
Siemens CP1604 and CP1616 (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.1
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: CP1604 and CP1616
Vulnerabilities: Cleartext Transmission of Sensitive Information, Cross-site Scripting, Cross-site Request Forgery
2.
Siemens Spectrum Power (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 4.7
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: Spectrum Power
Vulnerability: Cross-site Scripting
3. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to inject arbitrary code in a specially crafted HTTP request and monitor information.
Schneider Electric Zelio Soft 2 (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Schneider Electric
Equipment: Zelio Soft 2
Vulnerability: Use After Free
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow remote code execution through the opening of a specially crafted project file.
Rockwell Automation PanelView 5510 (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely
Vendor: Rockwell Automation
Equipment: PanelView 5510
Vulnerability: Improper Access Control
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow a remote unauthenticated user to gain root privileges on the device.
Emerson DeltaV Distributed Control System (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.1
ATTENTION: Low skill level to exploit
Vendor: Emerson
Equipment: DeltaV Distributed Control System (DCS)
Vulnerability: Use of Hard-coded Credentials
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to gain administrative access to DeltaV Smart Switches.
GE Aestiva and Aespire Anesthesia (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 5.3
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: GE
Equipment: Aestiva and Aespire Anesthesia
Vulnerability: Improper Authentication
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker the ability to remotely modify GE Healthcare anesthesia device parameters.
Zoom patches Mac client after flaw allowed websites to turn on webcams without permission (TechCrunch) Video conferencing giant Zoom has published a patch for its Mac client removing a rogue web server from users’ computers that allowed any website to join a video call without permission. News of the vulnerability first emerged Monday after software engineer and security researcher Jonathan Le…
Zoom Will Fix the Flaw That Let Hackers Hijack Webcams (WIRED) While it at first dismissed the vulnerability, Zoom says it will release a patch Tuesday night.
Zoom for Mac made it too easy for hackers to access webcams. Here’s what to do [Updated] (Ars Technica) Read this before clicking on that Web link in your bathrobe.
Firefox to include tracker blocking report feature (Naked Security) Mozilla has introduced a lot of tracker blocking protections into Firefox lately. Now, it is planning a new feature that will let you see how many online snoopers you’ve successfully evaded. …
Cyber Trends
Mobile Security in the Financial Services Sector Report (Wandera) Mobile Security in the Financial Services An overview of mobile security challenges facing modern Financial Services companies, including changing technologies and compliance with government regulations, as well as an in-depth analysis of how mobile cyber …
Netwrix Survey: 32% of Healthcare Organizations Store All Their Sensitive Data in the Cloud, Yet Lack the Resources to Protect It (Yahoo) Netwrix, a vendor of information security and governance software, today released an infographic based on the findings of its global 2019 Netwrix Cloud Data Security Report for the healthcare industry. The infographic provides an industry perspective of the
Healthcare Needs Cybersecurity Pros that Anticipate What Threat Actors Will Do Next (Bricata) Seasoned security leader Rebecca Wynn says healthcare is behind on the security curve and fixing that begins with finding people that can anticipate threats.
Cybersecurity Training Study Reveals Phishing Identification and Data Protection Are the Top Problem Areas for End Users (Proofpoint) End users incorrectly answered one in four questions about phishing, underscoring the need for ongoing education to significantly reduce risk
State of Application Security at S&P Global World's 100 Largest Banks (Immuniweb) 97 out of 100 largest banks are vulnerable to web and mobile attacks enabling hackers to steal sensitive data.
New LastPass Study Finds 92 percent of Businesses Experience Identity Challenges (West) LastPass by LogMeIn today announced the results of a new study conducted by Vanson Bourne to offer small and medium businesses (SMBs) insights into the state of identity and access management (IAM) and actionable steps to improve their IAM program.
These three things make your business an easy target for a cyber attack (USA TODAY) A new study shows cloud applications are vulnerable entryways for hackers to gain access to company data. The good news is you can protect yourself.
Cyber-Attacks Cost Global Firms $45bn in 2018 (Infosecurity Magazine) Cyber-Attacks Cost Global Firms $45bn in 2018. Internet Society report shows black hats are getting better at making money
Cyber attacks cost $45 billion in 2018 with Ransomware at top (HackRead) An estimated 2 million cyberattacks took place in 2018 costing more than $45 billion in damages worldwide.
Are humans ready for AI to take control of digital security? (Help Net Security) A quarter of people in EMEA prefer their cybersecurity managed by AI in new online survey conducted by Palo Alto Networks and YouGov.
Computers may take the place of parliament (Times) If this column were a book it might be called: My Dad, the Theory of Measurement and the End of Representative Democracy. When my mum died and we cleared out their house, I took home some of my...
Marketplace
Good Governance: Do Boards Need Cyber Security Experts? (Forbes) As an executive or a board member, nothing can ruin a day faster than a cybersecurity breach.
IISP Gets Royal Charter Status to Professionalize Cyber Industry (Infosecurity Magazine) IISP Gets Royal Charter Status to Professionalize Cyber Industry. Greater prestige could help combat skills shortages
Mozilla blocks spy firm DarkMatter from Firefox citing ‘significant risk’ to users (TechCrunch) Firefox maker Mozilla said it will not trust certificates from surveillance maker DarkMatter, ending a months-long effort to be whitelisted by the popular browser. Months earlier, the United Arab Emirates-based DarkMatter had asked Mozilla to formally trust its root certificates in the Firefox cert…
Apple aims privacy billboard at Google’s controversial smart-city (Naked Security) It’s outside of Sidewalk Labs HQ in Toronto, where Google’s sister company is working on stuffing the city with data-collecting sensors.
YL Ventures Closes Fourth Fund with $120M of Committed Capital (BusinessWire) YL Ventures, the Silicon Valley venture capital firm specializing in seed-stage investing in Israeli cybersecurity startups, today announced it has cl
Internet Isolation Leader Menlo Security Raises $75 Million in Series D Funding (BusinessWire) Menlo Security today announced $75 million in Series D funding, led by clients advised by JP Morgan Asset Management.
Welcoming NAB Ventures & Scaling SearchLight for Growth (Digital Shadows) Today is an exciting day for Digital Shadows. Earlier this morning, we announced a $10m focused investment to scale our industry-leading SearchLight service.
NTT Security Completes Acquisition of Application Security Provider, WhiteHat Security (BusinessWire) NTT Security has announced that it has completed the acquisition of WhiteHat Security
Braes Capital Acquires Cybersecurity Services Company Siege Technologies (Yahoo) Braes Capital, a Houston based merchant bank, today announced the acquisition of Siege Technologies, a leader in high end cyber research and development for the federal market. This acquisition marks the beginning of Braes Capital's investment into protecting
Check Point Scouts for New Headquarters (CTECH - www.calcalistech.com) Check Point is looking for new offices that will house all of the company’s Israel-based employees, which number approximately 2,200, currently split among different campuses
Cybersecurity Leader Alex Burkardt Joins VERA as Vice President of Field Engineering (PR Newswire) VERA, the leader in data-centric security, today announced that Alex Burkardt has joined the company as Vice...
Cyber Defense Group Appoints Conor Sherman As Managing Partner (Yahoo) Team Growth Includes New Senior Security Consultant, Jacob Horne
Products, Services, and Solutions
Optiv Security Announces Availability of Advanced Fusion Center to Empower Organizations to Reduce Risk and Operational Costs (Optiv) Enterprise digital transformation efforts combined with advanced and innovative attack intents have left many organizations’ security operations teams overwhelmed by an inordinately high volume, velocity and variety of cybersecurity data and threats.
How Cloud Security Guardian enhances public cloud security (Barracuda) Get a first look at Barracuda Cloud Security Guardian for Azure and how it helps organizations improve their security posture in the public cloud.
Brighterion and Elavon to Fight Fraud with Artificial Intelligence (Yahoo) While the global implementation of EMV chip technology has reduced fraud activity for card payments, the payments ecosystem is still battling the threat of new and emerging fraud payment schemes online. Brighterion, a Mastercard company, and Elavon, a global payments provider and subsidiary of U.S.
CyFIR Announces Partnership With HCL To Enhance The BigFix Platform (Yahoo) CyFIR, an enterprise software and managed services company that provides digital forensics and incident response solutions, today announced a new partnership ...
Cynash Announces Commercial Availability of New Cynalytic™ Analytics P (PRWeb) Cynash Inc., a leading developer of industrial control system (ICS) cybersecurity solutions for critical energy, water and transportation, announces the commerci
PwC Audits Expressvpn Servers to Confirm Essential Privacy Protections (Home of internet privacy) We take your privacy and security extremely seriously. That means no activity logs, no connection logs, no sensitive information.
F-Secure’s New Global Partner Program Unifies Technology, Training, and Benefits (Financial IT) Businesses can’t secure their IT estates without help. They need to create trustworthy relationships with cyber security providers that have the solutions and expertise needed to predict, prevent, detect, and respond to security incidents. And cyber security company F-Secure is launching a new program to help its business-to-business (B2B) IT reseller partners bring the benefits of a holistic cyber security approach to their customers.
Dragos WorldView Industrial Threat Intelligence Now Available Through Anomali Threat Platform (BusinessWire) Dragos today announced that Dragos’ WorldView industrial threat intelligence will integrate with the Anomali Threat Platform.
$22bn Global Insurance Broker Selects Konfidas as a Partner in Cybersecurity Excellence for the Israeli Market (PR Newswire) Konfidas, a leading cybersecurity company in Israel, and Howden a Global Insurance Brokers have joined forces to ...
Technologies, Techniques, and Standards
NHS CIO discusses revamped security two years on from Wannacry (Computing) Will Smart discusses the refreshed NHS cyber strategy which will apply across the organisation, as ransomware refuses to disappear
VPNs Stress Server Security, Vendor Reputation When Choosing Server Locations (Global Security Mag Online) Server security, proximity to the user base, server vendor reputation, and reliable connection tops the list of deciding factors when VPN providers choose their server locations
DCIG Publishes Report on Detecting/Preventing Malware in Enterprise Backup Environments
(Asigra) Asigra Inc., a leading cloud backup, recovery and restore software provider since 1986, today announced that the Data Center Infrastructure Group (DCIG), has published a report titled “Creating a Secondary Perimeter to Detect Malware in Your Enterprise Backup Environment.”
Analyzing ARP to Discover & Exploit Stale Network Address Configurations (Black Hills Information Security) Justin Angel// Introduction In penetration testing, ARP is most commonly discussed in terms of poisoning attacks where an attacker achieves a man-in-the-middle (MITM) position between victim nodes by contaminating the ARP cache tables of neighboring hosts. While initially inspired by this technique and the desire to derive a means of passively obtaining a list of …
arch4ngel/eavesarp (GitHub) Analyze ARP requests to identify intercommunicating hosts and stale network address configurations (SNACs) - arch4ngel/eavesarp
U.S. Coast Guard shares cybersecurity best practices for commercial vessels (Help Net Security) Spurred by a recent cyber incident they were called in to help resolve, the U.S. Coast Guard has detailed basic measures to improve vessels 'cybersecurity.
Are Army Reserve soldiers prepared to defeat cyberthreats? (Fifth Domain) A recent exercise evaluated Reserve cyber soldier readiness to defend DoD critical assets from international hackers.
Design and Innovation
Twitter updates hate speech rules to include dehumanizing speech around religion (TechCrunch) Against a backdrop of rising violence against religious minorities around the world, Twitter today said that it would update its hateful conduct rules to include dehumanizing speech against religious groups. “After months of conversations and feedback from the public, external experts and our…
Research and Development
NanoLock Security Granted US Patent for its Cloud-to-Flash Electronic Security Solution (Nanonolock Security) First patent granted from intellectual property (IP) portfolio, which includes several additional patent applications for the company’s cyber defense solution for connected edge devices Nitzanei Oz, Israel – July 9, 2019 – NanoLock Security, the industry’s only cloud-to-flash, powerful security and management solution for Internet of Things (IoT) and connected edge devices, today announces that …
Tanushree Mitra among first to receive research grant providing access to Facebook data (Virginia Tech) The assistant professor of computer science and a faculty member at the Discovery Analytics Center is also one of only two women to receive the Social Media and Democracy Research Grant. Mitra and her team will study how misinformation and other problematic content spread on the platform.
News - Groups of employees influence a business’s information security, according to study (UAB News) Research results show that an organization’s ability to successfully manage information security incidents is determined by the actions of its employees, among other factors. Information security managers should look for...
Legislation, Policy, and Regulation
Controversial European Digital Copyright Directive comes into force (Computing) Emma Stevens, lawyer in the Technology sector at Coffin Mew, dissects the new EU directive on copyright in the digital single market
What the US needs to counter ‘unprecedented’ Chinese influence in South America (Defense News) China now has
Perspective | The Internet is already being weaponized. The U.S. cyberattack on Iran won’t help. (Washington Post) The troubling implications of a new form of warfare.
Cyber Strikes Do Not Equate to Cyber Warfare (TechNative) In response to Iran’s attacks on oil tankers and the downing of a surveillance drone, the United States Cyber Command launched cyber attacks against Islamic Revolutionary Guard Corp’s missile systems, according to news reporting Per sources, the attack crippled computers used to control some of Iran’s rocket and missile launchers. Iran immediately denied that the attack was successful, although officials confirmed that cyber attacks were transpiring. Details of how this attack was deployed remains vague, as such military equipment is generally considered a hard target not easily accessible by remote operations. Even the 2010 Stuxnet attack required a person direct
The Commerce Department will accept applications from companies that want to supply Huawei, but it remains blacklisted (TechCrunch) About two months after Huawei was placed on the Commerce Department’s Entity List, the Chinese telecom equipment and smartphone giant will be able to do business with American suppliers again–but only if they get a license from the U.S. government. Commerce Secretary Wilbur Ross made the anno…
()
Government's digital strategy has lost momentum, claims Science and Technology Committee report (Computing) MPs slam government's faltering digital strategy
U.S. mayors group adopts resolution proposed by Baltimore, vowing not to pay ransoms to hackers (Baltimore Sun) The U.S. Conference of Mayors unanimously adopted a resolution proposed by Baltimore calling on members to refuse to pay ransoms to hackers if their cities fall victim to cyberattacks.
Litigation, Investigation, and Law Enforcement
Marriott to face $123 million fine by UK authorities over data breach (TechCrunch) The U.K. data protection authority said it will serve hotel giant Marriott with a £99 million ($123 million) fine for a data breach that exposed up to 383 million guests. Marriott revealed last year that its acquired Starwood properties had its central reservation database hacked, including five mi…
Marriott Faces $124 Million Fine Over Starwood Data Breach (Wall Street Journal) Marriott International faces a potential £99.2 million ($123.6 million) fine over a consumer-data breach as the U.K.’s privacy watchdog raises pressure on businesses to comply with Europe’s data-protection rules.
Statement: Intention to fine Marriott International, Inc more than £99 million under GDPR for data breach (Information Commissioner's Office) Statement in response to Marriott International, Inc’s filing with the US Securities and Exchange Commission that the Information Commissioner's Office (ICO) intends to fine it for breaches of data protection law.
EX-99.1 (Marriott International Update on Starwood Reservation Database Security Incident) (US Securities and Exchange Commission) Marriott International announced that the UK Information Commissioner’s Office (ICO) has communicated its intent to issue a fine in the amount of £99,200,396 against the company in relation to the Starwood guest reservation database incident that Marriott announced on November 30, 2018. Marriott has the right to respond before any final determination is made and a fine can be issued by the ICO. The company intends to respond and vigorously defend its position.
Nearly £100m for Marriott, £138m for BA - what is the take home message from these sudden massive ICO fines? (Computing) Eerke Boiten, Professor of Cyber Security at De Montfort University, warns that the ICO's new habit of issuing big fines could backfire
T-Mobile says it can’t be sued by users because of forced-arbitration clause (Ars Technica) T-Mobile fights suit that says it broke law by selling users' phone-location data.
Facebook Faces Activist, EU Judges in ‘Schrems II’ Privacy Case (Bloomberg) EU top court hears arguments on safety of data-transfer tools. Facebook says commerce could stutter if data pacts scrapped.
Trump’s Twitter blocks violate First Amendment rights, appeals court affirms (Ars Technica) The best response to criticism is "more speech, not less," court rules.
First, they lost their children. Then the conspiracy theories started. Now, the parents of Newtown are fighting back. (Washington Post) Parents see gains in a fight many hesitated to wage.
Google suspends Trends emails after revealing murder suspect’s name (Naked Security) People subscribed to Google Trends in New Zealand were emailed the murder suspect’s name in violation of a New Zealand court’s order.