BlueKeep is exploited in the wild. Ransomware hits Nunavut. Pegasus in India. New Magecart attack trend. GandCrab as a (black) market-maker.
BlueKeep (CVE-2019-0708), the wormable vulnerability in Microsoft's Remote Desktop Protocol that Redmond disclosed in May of this year, has finally been exploited in the wild. That's not good, but it's not nearly as bad as months of warnings had led observers to expect. As WIRED summarizes the attacks, the exploitation so far hasn't gone farther than the installation of some cryptojackers. Thus there's no reason to panic, but also no grounds for complacency: about three-quarters-of-a-million machines are thought to be still vulnerable to BlueKeep.
Ransomware hit the Canadian province of Nunavut's government Saturday morning, taking agencies offline and rendering services unavailable, Nunatsiaq News reports.
The controversy between WhatsApp and NSO Group has grown into an Indian domestic scandal. WhatsApp has accused NSO Group of installing Pegasus spyware in WhatsApp users' devices, targeting journalists, activists, and politicians. Reuters reports that one of the politicians so targeted is the Congress Party's general secretary Priyanka Gandhi Vadra. The Times of India says it's received information from the Internet Freedom Foundation NGO that suggests the Ministry of Electronics and Information Technology's CERT-IN knew about the buffer overflow vulnerability in WhatsApp that is believed to have allowed Pegasus in. WhatsApp has filed suit against NSO Group in a US Federal court.
PerimeterX says it's found a new trend in Magecart attacks: different groups hitting the same victims at the same time.
Advanced Intelligence explains how GandCrab changed ransomware, moving it from a craft practiced in isolation by small gangs to a full-fledged black market commodity.
Today's issue includes events affecting Canada, China, Estonia, Ghana, India, Israel, Malaysia, Montenegro, Russia, and United States.
Bring your own context.
Do developers forget that they're developing for users, as opposed to themselves? Maybe...sometimes.
"I think that often developers assume that users know too much. You know, the developers are very familiar with the technology and they just sort of assume that the users will understand it, too. It's kind of like, you know, once you know something, it's hard to imagine what it was like before you knew it. And so I think that's common. I think also they forget that often security tasks are not the main task. You know, it's something that users only do because they have to, not because they want to. You know, I'm trying to send this email. I'm not trying to encrypt the email – that's just a side thing."
—Lorrie Cranor, director of the CyLab Usable Privacy and Security Laboratory at Carnegie Mellon University, on the CyberWire's Research Saturday, 11.2.19.
Artists and writers sometimes forget that their work is being done for some audience. And developers need to remember that they're ultimately working for users.
If cybersecurity is important to your business (and of course it is), work with the team whose entire mission is to make the world a safer place for everyone. Based on years of law enforcement and military experience, our team pulls and analyzes the best data and delivers it in the most actionable format. Get human-curated, in-depth analysis, layered on top of the most comprehensive, exclusive sets of data from the Deep and Dark Web.
In today Daily Podcast, out later this afternoon, we speak with our partners at the Johns Hopkins University's Information Security Institute, as Joe Carrigan shares some thoughts on the Coalfire pentesters' criminal case.
Cyber Attacks, Threats, and Vulnerabilities
NCR Barred Mint, QuickBooks from Banking Platform During Account Takeover Storm (KrebsOnSecurity) Banking industry giant NCR Corp. [NYSE: NCR] late last month took the unusual step of temporarily blocking third-party financial data aggregators Mint and QuickBooks Online from accessing Digital Insight, an online banking platform used by hundreds of financial institutions.
Chinese Hackers Just Gave Us All A Reason To Stop Sending SMS Messages (Forbes) If you still send SMS messages, now is the right time to make a change.
FireEye Denies Breaking Into Laptops of Chinese Military Hackers (Valliant News) Global cybersecurity firm FireEye has refuted claims that its US-based subsidiary Mandiant broke into the laptops of Chinese military hackers.
Cyber attack on India’s largest nuclear power plant confirmed (Engineering & Technology) The publicly owned Nuclear Power Corporation of India Ltd (NPCIL) has confirmed that malware associated with state actors has been found on the network of the Kudankulam Nuclear Power Plant.
Hostile neighbours and a ticking bomb: the untold story behind the Kudankulam cyberattack (ET Prime) The recent incident of cyber intrusion through a “malware” on one of the administrative computers at KKNPP has an ominous warning: India’s supervisory control systems and critical information infrastructure are on the verge of getting compromised. The government must act fast to prevent a repeat of Ukraine’s Operation BlackEnergy or Iran’s Stuxnet.
N-plant cyber attack, a warning (Deccan Chronicle) Presence of malware in system of Kudankulam plant led to the breach.
DHS Warns of New North Korean Government Malware Hoplight (Decipher) The DHS and FBI say North Korean-backed attackers are using a powerful new piece of malware known as Hoplight to infiltrate target machines.
FCC’s Starks Raises Flags On China Threat In 2020 Elections (Law360) Federal Communications Commission member Geoffrey Starks has sounded the alarm over potential interference by Chinese-supported telecommunication equipment manufacturers who he says could follow in the footsteps of Russia-affiliated cyber actors that worked to interfere in U.S. election in 2016.
Developer of delisted apps blames it on tools (Ahmedabad Mirror) Ahmedabad-based developer App Aspect, whose 17 applications had been removed by Apple for promoting clickware, blames it on analytics tool
BlueKeep (CVE 2019-0708) exploitation spotted in the wild (Krypto Logic) Overview It has been almost six months since an eye opening vulnerability in Microsoft Windows RDP CVE 2019-0708, dubbed BlueKeep, was patched. Today, Security Researcher Kevin Beaumont posted a Twitter thread reporting BSODs (Blue Screen of Death) across his network of BlueKeep Honeypots.
Windows ‘BlueKeep’ Attack That U.S. Government Warned About Is Happening Right Now (Forbes) Microsoft warned people to upgrade, the NSA and U.S. Government threw their combined weight behind that message: now a BlueKeep attack is targeting those Windows users who didn't pay attention.
First Cyber Attack 'Mass Exploiting' BlueKeep RDP Flaw Spotted in the Wild | National Cyber Security | Hacker News (National Cyber Security) World Largest Source Of Security News.
First Windows 'BlueKeep' Attacks Spotted Installing Cryptocurrency Miners (Fossbytes) Back in May 2019, Microsoft revealed details about a severe hackable flaw that exists in the Remote Desktop Protocol (RDP) in Windows OS. The BlueKeep bug can enable an automated worm to spread malware and an estimated 1 million devices were vulnerable to this flaw.
First BlueKeep hacking campaign discovered after months of caution (SC Magazine) Researchers discover a BlueKeep campaign, months after Microsoft disclosed that millions of Windows devices harboured the hackable flaw
BlueKeep Attacks Have Arrived, Are Initially Underwhelming (Threatpost) The first attacks that exploit the zero-day Windows vulnerability install cryptominers and scan for targets rather than a worm with WannaCry potential.
The First BlueKeep Mass Hacking Is Finally Here—but Don't Panic (Wired) After months of warnings, the first successful attack using Microsoft's BlueKeep vulnerability has arrived—but isn't nearly as bad as it could have been.
NordVPN users’ passwords exposed in mass credential-stuffing attacks (Ars Technica) Many of the dumps have been pulled off public webpages, but at least one remains.
India's Congress party says Priyanka Gandhi Vadra hit by WhatsApp privacy breach (Reuters) India's main opposition Congress party said on Sunday that its general secr...
Israeli firm NSO accused of hacking India opposition politician’s phone (Times of Israel) WhatsApp informs Priyanka Gandhi Vadra of breach during election campaign, days after report that hack targeted officials from countries allied with US
Govt knew of Pegasus, say experts, post ministry webpages as proof (Times of India) A day after the Centre denied having any information of the spyware Pegasus, several cyber experts have put out online evidence that a comp.
Pegasus is Not Just a 'WhatsApp Hack', and Its Implications are Far More Serious (Terrorism Watch) The lack of cyber security laws to safeguard citizens, as well as the trend of such tools falling into criminal hands, are what makes Pegas...
Pegasus may have snooped through other apps: Report (Deccan Herald) Pegasus spyware is found to have infected mobiles of both the Apple and Android operating systems.
Pegasus can spy on multiple phones simultaneously (Deccan Herald) A few days ago, Facebook-owned WhatsApp formally filed a lawsuit against Israel-based spyware-maker NSO Group (aka Q Cyber Technologies) for unauthorized breaching of its server and snooping on 1400 (and counting) individuals.
No Israeli government involvement in alleged NSO-WhatsApp hack: minister (Rueters) The Israeli government on Friday denied any involvement in an alleged cyber- hac...
PerimeterX Research Team Uncovers new trend of Magecart attacks: Multiple Magecart groups attacking simultaneously (PerimeterX) The PerimeterX research team has investigated multiple Magecart attacks over the past few days and observed an alarming new trend: multiple Magecart attacks are skimming credit cards on sites at the same time
GandCrab RaaS Was a Training Ground for Malware Distributors (BleepingComputer) GandCrab operators changed the ransomware business from the ground up, establishing a model that is embraced and continued by other cybercriminals.
Undercover reporter tells all after working for a Polish troll farm (Naked Security) Together with her troll colleagues, she managed 200 fake social profiles, promoted clients’ products, and trolled their competitors.
Perspective | Think you’re anonymous online? A third of popular websites are ‘fingerprinting’ you. (Washington Post) Our latest privacy experiment tested sites for an invisible form of online tracking that you can’t easily avoid.
Hackers inflict major cyber attack on Government of Nunavut's network (Nunatsiaq News) (Updated, 4 p.m.) A ransomware cyber attack appears to have crippled essential electronic communications within the Government of Nunavut, and some public
Security Patches, Mitigations, and Software Updates
US MS-ISAC Releases the October List of End of Support Software (BleepingComputer) The Multi-State Information Sharing and Analysis Center (MS-ISAC) of the Center for Internet Security has a released the October 2019 list of of software that is currently in or nearing end of support.
Apple props up macOS Catalina with 10.15.1 update (Naked Security) A vocal minority of the committed Apple base has been quick to express dissatisfaction at the move to Catalina from macOS 10.14 Mojave.
For hackers, small businesses are a gateway to bigger companies (Moneyweb) They work with the same information, and their systems are more vulnerable.
Cybersecurity: people are not the problem (The Strategist) Those of us older than a certain age will recall an excellent British television series, Yes, Minister, and its successor, Yes, Prime Minister: they were required viewing for young and enthusiastic public servants in Canberra. ...
Proofpoint Enters into Definitive Agreement to Acquire ObserveIT for $225 Million in Cash; Extending Leadership in People-Centric Security and Compliance to Deliver Post-Perimeter Data Loss Prevention | Proofpoint US (Proofpoint) Proofpoint, Inc. has entered into a definitive agreement to acquire ObserveIT, the leading insider threat management platform.
US’s Proofpoint buys firm that flags insider cybersecurity leaks for $225m (Times of Israel) Acquisition of ObserveIT is the third for Proofpoint in Israel; the Israel-founded firm has raised $53 million from investors to date
Sir Tim Berners-Lee's Inrupt start-up secures £5m investment to help protect users' data online (Computing) The idea behind Berners-Lee's Inrupt is to flip the rules of who controls data on the web
Symantec becoming NortonLifeLock after deal closes (Seeking Alpha) Symantec (NASDAQ:SYMC) completes the sale of its enterprise security assets to Broadcom (NASDAQ:AVGO) for $10.7B. The company has transferred the Symantec brand to AVGO and changed its name to NortonLifeLock (NLOK), effective immediately.
Licenses for US companies to sell to Huawei expected 'shortly,' says Commerce Secretary Wilbur Ross (CNN) American companies who count Huawei as a customer may soon get a more permanent reprieve from US restrictions on selling to the Chinese tech giant.
Federal Huawei, ZTE ban may extend to private networks too (Federal News Network) Later this month, the FCC is set to vote on new rules that are likely to all-but-prohibit ZTE and Huawei equipment on U.S. commercial telecom networks.
Huawei and ZTE could lose what little business they have in the United States (Herald Journalism) The US Federal Communications Commission wants to place more restrictions on Huawei and ZTE by barri
Huawei Soars In Russia As Putin Engages In New ‘Technological War’ (Forbes) As Washington battles Huawei, Putin and Russia's vast technology and consumer base have now become a key factor.
City of Grand Forks' cyber-security policy: $500,000 in coverage for $7,828 (Grand Forks Herald) Precaution taken as web security becomes an issue in cities across United States.
Jobs: Companies struggle to find skilled cybersecurity workers as attacks intensify (CNBC) As internet crimes and abuse stalk the globe, cybersecurity firms are having trouble attracting and keeping skilled workers to help protect networks.
Goldman Sachs says antitrust to heat up in 2020, pressure Facebook, Google shares for 'years' (CNBC) Republican and Democrat distrust of big tech poses a threat to companies like Google and Facebook, according to Goldman Sachs.
CynergisTek, Inc. Acquires Backbone Consultants to Bolster its Market Position as a Leader in Cybersecurity, Compliance, and Data Privacy (Yahoo) CynergisTek, Inc., (NYSE AMERICAN: CTEK), a leader in cybersecurity, privacy, and compliance, today announced that it has acquired Backbone Enterprises, Inc. DBA Backbone Consultants, an industry leader in IT risk advisory services. The acquisition expands CynergisTek’s cybersecurity, privacy, and IT
Boeing to provide information security and cryptography for arsenal of Minuteman III nuclear missiles (Military & Aerospace Electronics) This effort supports nuclear missile continuous signal lockout, remote code change, and irreversible transform capabilities in the launch facility.
Akamai Opens New HQ In Cambridge (WBUR) The tech company will move more than 7,500 employees into a 19-story tower in Kendall Square.
Stamford data-security firm names new CEO (StamfordAdvocate) Data-security firm Protegrity has recruited a technology-industry veteran to be its new CEO.
ThreatConnect hires Bryan Hauptman as Chief Revenue Officer (Help Net Security) ThreatConnect provider of intelligence-driven security operations platform, announces the hiring of Bryan Hauptman as Chief Revenue Officer.
Omada appoints Michael Garrett as new CEO (PR Newswire) Omada A/S ("Omada"), a global leader of Identity Governance and Administration ("IGA") software and cloud...
Products, Services, and Solutions
New infosec products of the week: November 1, 2019 (Help Net Security) The most important infosec products of the week come from the following vendors: HITRUST, Jetico, Baffle, Jumio and Moogsoft.
PAYCOQ Chooses DH2i to Ensure IT Infrastructure High Availability (HA) and Disaster Recoverability (DR), as well as to Lower Costs (PR Newswire) DH2i®, the world's leading provider of multi-platform Software Defined Perimeter (SDP) and Smart...
Booz Allen to debut new AI platform following solid 2Q (Washington Business Journal) Booz Allen CEO Horacio Rozanski said the company will debut the new platform in a limited release at the NVIDIA GPU Tech Conference in Washington, D.C.
CHEQ | How Dentsu's CCI deployed CHEQ to block 760M fraudulent, brand-unsafe ad requests in real-time (CHEQ) How Dentsu's CCI deployed CHEQ to block 760M fraudulent, brand-unsafe ad requests in real-time
Silicon designed to defend (BusinessPost) With cybersecurity arguably the single most important issue in business IT today, it’s no surprise that the Fast 50 recognises the area, writes Jason Walsh
Kenna Security provides a faster and more accurate way to gauge the risk of specific vulnerabilities (Help Net Security) Kenna Security, the enterprise leader in risk-based vulnerability management, announces the Exploit Prediction Scoring System (EPSS).
School apps track students from the classroom to bathroom, and parents are struggling to keep up (Washington Post) A digital hallpass app that tracks bathroom trips is the latest school software to raise privacy concerns.
Spearhead partners with Thycotic to provide cybersecurity in Ghana (Joy Online) Cybersecurity threats, fake news and impersonation by hackers have become a great worry for corporate bodies and individuals dealing in data processes across the globe.
PC Matic Announces Addition to Suite Of Security Products, Launching 'PC Matic for macOS' (PR Newswire) Today, PC Matic, the world's only 100% American-made antivirus software, announced the latest addition to its...
VMware Pulse IoT Center Helps Customers Accelerate Their Digital Transformation Journey at the Edge with More Secure Edge Infrastructure Management (AP NEWS) Press release content from Globe Newswire. The AP news staff was not involved in its creation.
Devolutions Safeguards Sensitive Data, Debuts Privileged Access Management Solution Tailor-Made for SMBs (West) New Devolutions Password Server Delivers Enterprise-Grade PAM Solution without the Overhead, Complexity and Cost
CounterFlow AI and CrowdStrike Partner to Help Companies Accelerate Threat Detection and Response (BusinessWire) CounterFlow AI today announced a new partnership with CrowdStrike® to accelerate threat detection and response for enterprise security teams.
Technologies, Techniques, and Standards
Thailand drafts ethics guidelines for AI (OpenGov Asia) Thailand’s Digital Economy and Society (DES) Ministry has drafted the country’s first artificial intelligence (AI) ethics guidelines. The ministry worked
Keeping up with the evolving ransomware security landscape (Help Net Security) Cybercrime is ever-evolving, and is consistently becoming more effective and damaging. While the range of attack vectors available to malicious actors are
IT teams are embracing intent-based networking, investing in AI technologies (Help Net Security) To maximize businesses value organizations are moving their networks towards intent-based networking and investing in AI technologies.
Organizations fail to maximize use of Microsoft 365 security features (Help Net Security) While the majority of IT decision makers say they have ‘fully deployed’ Microsoft 365 in their organization, most have yet to adopt its security features.
Paradise ransomware: Now victims can get their information again for free of charge with this decryption resource (Mash Viral) Advertisement Victims of Paradise ransomware can now retrieve their data files without the need of providing into the calls for of cyber criminals many thanks to a recently released decryption device. Researchers at cybersecurity enterprise Emsisoft have launched a free of charge decryption tool for Paradise – a ransomware offered ‘as-a-service’ on the darkish internet …
Estonian Team Wins International Cyber Exercise During Cyber Summit (MITechNews) The Michigan National Guard and the Michigan Cyber Range hosted an International Cyber Exercise on October 28 as part of the state’s North American International Cyber Summit. Ten teams from six countries and five states competed in an all-out, fast paced cyber exercise that resembles the physical game of paintball. And the team …
A strategy for electronic warfare may be more important than money (C4ISRNET) Without a coherent strategy, dollars for new electronic warfare systems won't be as effective, a congressman said.
Design and Innovation
Can data privacy and data intelligence coexist? (VentureBeat) if we're smarter about what data we collect and how we process and analyze it, we actually don't need anywhere near the amounts of data we think we do.
University's 'Cyber Range' teaching next gen of cybersecurity professionals (WCVB) UMass Lowell has been dedicated as a national security Department of Homeland Security center of excellence.
Stratford partnering with Ryerson University to begin conversation around cyber security (Stratford Beacon Herald) The City of Stratford has partnered with Ryerson University to host an event in Toronto Nov. 13 that will bring together municipal leadership and experts to begin a conversation around cyber securi…
Legislation, Policy, and Regulation
The Rising Threat of Digital Nationalism (Wall Street Journal) As the internet turns 50, the global vision that animated it is under attack. What can be done?
Russia enacts 'sovereign internet' law, free speech activists cry foul (Reuters) A law known as the "sovereign internet" bill came into force on Friday...
Is Britain already in a cyber war? (The Telegraph) We’ve all seen the movie.
Cyber warfare to be part of military 'future force' (Free Malaysia Today) A new command centre will conduct operations in cyberspace, which will be the fourth frontier after land, sea and air.
Microsoft’s Brad Smith on why Trump hasn’t backed his global cyber security agreement (NS Tech) <p>Microsoft president Brad Smith has said that the Trump administration’s apathy for multilateralism explains why it is yet to sign up to a new global agreement on cyber security. In a wide-ran
Pentagon again deploying cyber personnel abroad to gather intel for 2020 elections (CyberScoop) The Pentagon once again is sending cyber personnel overseas to gather intelligence to help protect the 2020 presidential elections against foreign interference, the U.S. Embassy in Montenegro announced this week.
Trump to tap Chad Wolf to lead Department of Homeland Security (CBS News) He has played a role in crafting some of the most stringent and controversial immigration policies rolled out by the Trump administration
US Needs a Smarter 5G Spectrum Strategy Says FCC Commissioner (NTD News) FCC Commissioner Jessica Rosenworcel told members of the Senate, the 5G spectrum strategy in the United States needs ...
Category: Ask the CIO (Federal News Network) Executive Editor Jason Miller talks to federal chief information officers about the latest technology trends and issues facing their agencies on Ask the CIO.
5 Myths About the National Security Agency (ClearanceJobs) ClearanceJobs is your best resource for news and information on security-cleared jobs and professionals. Learn more with our article, "5 Myths About the National Security Agency ".
The intelligence community has a new executive (C4ISRNET) Career CIA officer Andrew Hallman will serve as the temporary replacement of Principal Deputy Director Sue Gordon, who resigned Aug. 15 and has yet to be replaced by a Senate-confirmed appointee.
Litigation, Investigation, and Law Enforcement
Exclusive: U.S. opens national security investigation into TikTok - sources (Reuters) The U.S. government has launched a national security review of TikTok owner Beij...
Lawyer demands SC probe into snooping (The Times of India) Coming down heavily on the government, Ravindranath explained that the government is targeting its own citizens who question its policies by misusing
Tethering Pegasus: WhatsApp takes NSO Group to Court (International Policy Digest) Facebook, the owner of WhatsApp, has filed a lawsuit against NSO Group that alleges thousands of phones and mobile devices were hacked.
Analysis | The Cybersecurity 202: GOP House campaign arm uses CrowdStrike despite Trump conspiracy theories (Washington Post) The president has baselessly said the company conspired against him in 2016
Internal Mueller documents show Trump campaign chief pushed unproven theory Ukraine hacked Democrats (Washington Post) Paul Manafort’s deputy told the FBI that Manafort believed that Ukraine, not Russia, was responsible for stealing Democrats’ emails, new documents show
For a complete running list of events, please visit the Event Tracker.
AdvaMed Cybersecurity Summit (Arlington, Virginia, USA, Nov 6, 2019) The AdvaMed Cybersecurity Summit brings together experts across the device security spectrum. Experts will provide in-depth and timely updates on the state of medical device cybersecurity, including issues related to FDA requirements and cybersecurity management practices.
Chicago Suburbs Cybersecurity Conference (Chicago, Illinois, USA, Nov 6, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel with three-to-five local CISOs discuss real-world problems and solutions.
SINET Showcase (Washington, DC, USA, Nov 6 - 7, 2019) SINET Showcase provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity. Each year, SINET evaluates the technologies and products of hundreds of emerging Cybersecurity companies from all over the world, and selects the 16 most innovative and compelling companies. These 16 companies, known as the SINET 16 Innovators, are invited to present their products and solutions on stage in Washington D.C. at our annual SINET Showcase.
Health Data Stewardship & Privacy Summit (Arlington, Virginia, USA, Nov 7, 2019) AdvaMed’s inaugural Health Data Stewardship & Privacy Summit will bring together leading experts and health care industry stakeholders to explore the current data privacy landscape and forecast what may lie ahead in 2020. Speakers will provide political, regulatory, and business perspectives on how shifting approaches to privacy protection in the U.S. and globally will affect health care in an increasingly data-driven ecosystem.
ACSC 2019: Collaborate (Boston, Massachusetts, USA, Nov 7, 2019) The 2019 Annual Conference is a chance for ACSC members and people from the New England cybersecurity community to come together and share information, network, and learn about the latest information in cybersecurity.