Cyber Attacks, Threats, and Vulnerabilities
Oracle PAYDAY Attacks Put Thousands of Global Organizations at Risk of Financial Fraud and Theft (Onapsis) The Onapsis Research Labs has been working closely with Oracle Corporation's Security Response Team to fix several critical vulnerabilities in the Oracle E-Business Suite (EBS). The vulnerabilities, named PAYDAY, were initially patched in Oracle’s April 2018 Critical Patch Update (CPU) and subsequent vulnerabilities have been patched as late as the April 2019 CPU.
Report: Mobile Payments Provider Leaks Data of US Restaurant Diners Nationwide (vpnMentor) vpnMentor’s research team, led by Noam Rotem and Ran Locar, were recently informed of a huge lapse in security by PayMyTab that exposed the data of consumers
How WhatsApp found itself in the middle of an international spying row (The Telegraph) Did WhatsApp unwittingly expose a mass government spying operation around the world?
Password data for ~2.2 million users of currency and gaming sites dumped online (Ars Technica) Researcher confirms data belongs to users of Gatehub and EpicBot services.
PayMyTab data leak exposes personal information belonging to mobile diners (ZDNet) Data exposure was caused by an open AWS database.
Exposed database left terabyte of travelers' data open to the public (CNET) Exclusive: The database has information on hundreds of thousands of travelers, including credit card numbers, names and addresses.
Android Camera App Bug Lets Apps Record Video Without Permission (BleepingComputer) A new vulnerability has been found in the Camera apps for millions, if not hundreds of millions, of Android devices that could allow other apps to record video, take pictures, and extract GPS data from media without having the required permissions.
Fake Windows Update Spam Leads to Cyborg Ransomware and Its Builder (Trustwave) Recently, fake Microsoft Windows Update emails were spammed. The email, claiming to be from Microsoft, contains just one sentence in its email body which starts with two capital letters. It directs the recipient’s attention to the attachment as the “latest critical update”.
New Phoenix Keylogger tries to stop over 80 security products to avoid detection (ZDNet) Phoenix linked to more than 10,000 infections since the malware's launch on a hacking forum in July.
McDonalds-Themed Facebook Ads Serve Up Banking Trojans (Threatpost) The malware has backdoor functionality and the ability to steal payment cards and credentials.
Monero Project site compromised, served malware-infected binaries (Help Net Security) The official website of the Monero Project has been compromised to serve a malware-infected version of the CLI (command-line interface) wallet.
State OMV offices to stay closed Tuesday after ransomware attack (BRProud.com) BATON ROUGE, La. (NBC Local 33)(Fox44) – All Louisiana Office of Motor Vehicle offices will remain closed Tuesday, despite an earlier report they would reopen. On Facebook, Louisiana State Po…
Out of Season IRS Phishing Campaigns (Akamai) Over the past two months, Akamai’s threat research team has been closely monitoring a phishing campaign that impersonates the official Internal Revenue Service (IRS) website, and is requesting sensitive information, email addresses, and passwords.
Retailers brace for Black Friday cybersecurity onslaught (TechHQ) With Alibaba to haul US$38.4 billion in sales on Singles' Day this year, Black Friday is the next highly-anticipated shopping holiday of the year.
Unauthorized download contained virus that crippled La. government internet services, sources say (KPLC TV) An apparent “ransom” attack crippled much of Louisiana state government Monday, Nov. 18.
Ransomware attack that crippled state computer systems lingers into second day (Fox 8 Live) The problem could take several days to resolve
College Station says online utility payment system affected in data breach (KBTX) The city of College Station is warning utility customers about a potential data breach.
Flexera FlexNet Publisher (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Equipment: FlexNet Publisher
Vulnerabilities: Improper Input Validation, Memory Corruption
2. RISK EVALUATION
These vulnerabilities could allow an attacker to deny the acquisition of a valid license for legal use of the product. The memory corruption vulnerability could allow remote code execution.
Hackers Targeted At Least Two Portland-Area Middle Eastern Restaurants (Eater Portland) Over the weekend, hackers replaced the voicemails for both John Gorham’s Shalom Y’all and a Beaverton gyro restaurant, using hate speech and vitriolic language
Twitter accuses Conservatives of 'misleading' voters by posing as fact-checking account during election debate (The Telegraph) Twitter has accused the Conservative Party of "misleading" British voters and vowed to punish it in future after its social media team changed its Twitter branding to resemble independent fact-checkers during ITV's election debate.
Twitter says Conservatives misled public, minister says voters 'don't give a toss' (Reuters) Twitter accused Britain's ruling Conservative Party on Wednesday of mislead...
Report: Genuine HR emails trigger suspicions after accidentally using common phishing tricks (SC Magazine) What happens when people receive an actual, legitimate email that accidentally looks like a phishing scam?
Hackers hit Aberdeen City Council computer system 15 million times in last year (Press and Journal) Hackers have tried to gain illegal access to Aberdeen City Council’s computer system more than 15 million times in the last year, according to new figures.
Why you shouldn’t print your boarding pass (NewsComAu) At a time when it seems like nothing online is safe – especially when it comes to travelling – an old-school, paper boarding pass might seem like the safest option.
Security Patches, Mitigations, and Software Updates
Microsoft Fixes Office 2016 Access Query Error, More Fixes Coming (BleepingComputer) Microsoft fixed a known issue occurring for Update queries in Click-2-Run and Windows Installer (MSI) editions of Access 2016, triggering errors when accessing databases and breaking functionality for various apps using Access databases.
D-Link Adds More Buggy Router Models to ‘Won’t Fix’ List (Threatpost) The list of routers that have critical RCE bugs, that have reached end of life and that won’t get fixed has grown.
Intel is Removing End of Life Drivers and BIOS Downloads (BleepingComputer) If you are user of old Intel hardware, be sure to create a backup of your drivers or BIOS updates as Intel will no longer make them available for download once they reach end of life.
Third-Party Access 2019 Global Survey Results (One Identity) Read results from a full report to learn organizations’ effectiveness in managing third-party access
Mimecast Threat Intelligence Report: Risk & Resilience Insights (Mimecast) In its latest report, the Mimecast Threat Center identifies trends that emerge from attacks, and assesses the likely future trends based on billions of emails processed this period.
Survey shows cyber attacks on public sector on the rise (UKAuthority) A majority of senior IT people in the public sector have seen an increase in the number of cyber security incidents over the past two years, according to a new survey.
82% of SMB execs expect employees to put business devices at risk with holiday shopping (TechRepublic) Nearly half of executives surveyed don't believe their employees would be able to spot a bad actor posing as an online retailer, Zix-AppRiver found.
Huawei back in New Zealand's 5G plans despite security concerns (Nikkei Asian Review) Country's No. 2 carrier addresses unease with smaller role for Chinese supplier
Abnormal Security Launches with $24M Series A Funding from Greylock to Protect Enterprises from Targeted Email Attacks (BusinessWire) Abnormal Security today announced the launch of the company with $24M in Series A funding led by Greylock Partners and the general availability of its
CyberCube Secures $35mn in Series B Raise to Accelerate Market-leading Cyber Risk Analytics for the Insurance Industry (BusinessWire) CyberCube Analytics, the market-leading cyber risk analytics company for the insurance sector, today announced that it has secured Series B funding.
Clumio raises $135 million for cloud data backup and recovery tools (VentureBeat) Data backup and recovery software-as-a-service (SaaS) provider Clumio raised $135 million in a series C fundraising round.
Jacobs records $216M DOD cyber training support win (Washington Technology) Jacobs Engineering Group books a $216 million contract to help roll out new training initiatives for a Defense Department cybersecurity academy.
Menlo Security Launches New BOOST! Channel Program and Expands Channel Team in North America (Menlo Security) Menlo Security, a leader in cloud security, today announced the launch of its BOOST! Channel Program.
Graphcore and Microsoft announce new AI partnership (Business Leader) Bristol-based unicorn business Graphcore has announced a new partnership with global tech brand Microsoft, which will see the two companies work together on new artificial intelligence (AI) technologies.
Kaspersky to store data of US and Canada customers in Switzerland (SecurityBrief) The company will also open its first Transparency Center in Latin America in Sao Paulo in January 2020.
Antivirus vendors and non-profits join to form 'Coalition Against Stalkerware' (ZDNet) New cross-industry initiative forms to bring an end to commodity stalkerware apps and victim abuse.
Products, Services, and Solutions
Arctic Wolf Introduces Account Takeover Risk Detection (Arctic Wolf) SOC-as-a-Service Leader Augments Portfolio with Corporate Credential Exposure Detection.
IBM Launches Open Technology to Speed Response to Cyber Threats Across Clouds (IBM News Room) Industry-first capability to hunt threats across security tools and clouds without moving data.
NINJIO SMB Will Protect Today's Most Vulnerable Businesses From Cyberattacks (NINJIO) Cybersecurity company offers affordable security awareness training for small businesses, as hackers increasingly target organizations with less than 100 employees.
Sixgill Launches Integrity, The Blockchain Data Authenticity Solution (BusinessWire) Sixgill, a leader in data automation and authenticity, announced the commercial launch of Sixgill Integrity for blockchain-enforced data authenticity.
ForgeRock Simplifies Identity Management with Launch of ForgeRock Identity Cloud (West) Delivers the Most Comprehensive Approach for Hybrid Cloud Deployments, Empowering Safe and Simple Access to the Connected World
First Responder Service from Respond Software | MDR Service (Respond Software) Respond Software announces the launch of its First Responder Service to automate the speed and accuracy of MDR service at a fraction of cost. Learn more.
Corelight Expands Threat Hunting Capabilities with New Encrypted Traffic Insights (PR Newswire) Corelight, provider of the most powerful network traffic analysis (NTA) solutions for cybersecurity, today launched the Corelight Encrypted...
CyberSaint Releases New Governance Features that Empower CISOs to Communicate Real-Time, Global Cybersecurity Posture in the Boardroom (BusinessWire) CyberSaint Governance Dashboard empowers CISOs to communicate real-time, global cybersecurity risk and compliance in the boardroom
Qualys Brings its Market Leading Vulnerability Management Solution to the Next Level (Qualys) Introducing VMDR - Vulnerability Management, Detection and Response
VMDR delivers a continuous cycle of protection from a single pane of glass with built-in orchestration workflows and real-time vulnerability detection to prioritize, remediate and audit across hybrid IT environments
New SaltStack SecOps Products Automate Vulnerability Remediation and Continuous Security Compliance (SaltStack) New SaltStack SecOps products automate vulnerability remediation and continuous security compliance - New SaltStack Protect and SaltStack Comply for SecOps
Facebook gets into the meme-making biz with experimental Whale app (The Verge) Facebook experiments as TikTok grows
Tanium taps the ‘cranium strain’ in security & IT Ops (Computer Weekly) We know that the software application development (Dev) function has been struggling for some years to overcome its previous disconnects with the operations (Ops) function. The coming together of ...
Fingerprints - Fingerprint Cards unveils new slim side-mounted capacitive sensor for mobile devices (Fingerprints) Expands capacitive portfolio, enabling innovation of smartphone design while improving user experience
ImmuniWeb New Offering Attains Record Growth in the Global Application Security Market (West) Novel offering of Attack Surface Management and Dark Web Monitoring gained clients and partners from 32 countries in just 2 months, while Community offering surpassed 50,000 daily tests mark.
Technologies, Techniques, and Standards
Ransomware: This free tool decrypts 85 variants of the horror-tinged Jigsaw malware (ZDNet) Decryption tool tackles open-source versions of high-pressure malware.
Africa is lagging behind in digital security as cyber crimes rap continent (PML Daily) The Uganda Communications Commission (UCC) in partnership with the International Telecommunications Union (ITU) is hosting the Regional Cyber Drill for Africa in Kampala.
Microsoft joins Google and Mozilla in adopting DNS over HTTPS data security protocol (The Register) Some concerned it hands too much power to too few
Australian Government Releases First Version of IoT Code of Practice (Analytics Insight) The government of Australia has released the first version of its IoT Code of practice. This voluntary code is aimed at the IoT industry. It outlines 13 security principles that represent the standards for IoT devices that are needed to follow by device manufacturers, IoT service providers, and application developers.
Practical Tips Leaders Can Use to Build a Culture of Cybersecurity (Security Boulevard) Organizations must build a culture of cybersecurity to reduce the risk that human interaction can bring and cannot be mitigated through technical solutions.
What’s old is new: Why known threats still pose a significant threat (and how to thwart them) (ITProPortal) The cybersecurity industry is woefully unprepared for new and unknown threats, but still can't handle existing threats.
Draft Code of Practice: Securing the Internet of Things for Consumers (Australian Government) The draft Code of Practice: Securing the Internet of Things for Consumers (Code of Practice) represents the Australian Government’s best practice guidance to secure consumer Internet of Things (IoT) devices.
Managing Risk From Transport Layer Security Inspection (National Security Agency) To protect enterprise data and intellectual property, network security administrators enforce encryption policies to secure traffic to and from their networks...
NSA Publishes Advisory Addressing Encrypted Traffic Inspection Risks (BleepingComputer) The National Security Agency (NSA) published an advisory that addresses the risks behind Transport Layer Security Inspection (TLSI) and provides mitigation measures for weakened security in organizations that use TLSI products.
NSA warns enterprises over TLS traffic inspection risks: do it once, and do it well (CSO) US spy agency issues an alert to enterprise organizations that decrypt TLS-protected communications as part of the security strategy.
2020 cybersecurity – putting the house in order (TechRadar) After the year of the cyber mega-fines
Legislation, Policy, and Regulation
Hawley Introduces Security Bill Addressing Data, Privacy Concerns (The Epoch Times) A bill (pdf) to fight the flow of Americans' sensitive personal data to China and other countries that ...
Senate Democrats urge DHS to fund cyber threat information-sharing programs (TheHill) A group of three Senate Democrats is urging the Department of Homeland Security’s (DHS) cyber agency to help fund cybersecurity threat information-sharing centers involved in election security efforts.
State Department asked to probe top diplomats’ use of personal cell phones (NBC News) Sen. Robert Menendez says diplomats should be punished if they used unsecure devices to conduct "sensitive national security business.”
US military, Montenegro plot strategy against cyberattacks ahead of 2020 elections (Military Times) Deployed inside the sprawling communist-era army command headquarters in Montenegro’s capital, an elite team of U.S. military cyber experts are plotting strategy in a fight against potential Russian and other cyberattacks ahead of the 2020 American and Montenegrin elections.
Estonia Will Host One of the World's Largest Cyber Defense Exercises (Sofia News Agency) Estonia will host one of the world's largest cyber defense exercises in a month. This was announced by NATO Secretary General Jens Stoltenberg after meeting with Estonian President Kersti Kaljulaid.
Loose Lips Sink Democracies? (Foreign Policy) Russia has started using the West’s own reporting against it. Here’s how to respond.
New obligations under the Slovak Cyber Security Act | Lexology (Lexology) The Slovak Cyber Security Act (Act No. 69/2018 Coll., the "Act") defines the minimum requirements to ensure cyber security in Slovakia…
Commerce Gives Rural Telecoms More Time With Huawei (Yahoo News) The U.S. Commerce Department's Bureau of Industry and Security (BIS) on Nov. 18 extended a temporary general license 90 days to give mostly rural telecommunication services providers more time to continue their existing business deals with Huawei Technologies Co. Ltd.
Indiana Secretary of State Connie Lawson and FireEye Partner in Preparation for 2020 U.S. Election (Business Wire) FireEye and Indiana Secretary of State Connie Lawson partner to establish voter confidence in 2020 election and beyond.
Litigation, Investigation, and Law Enforcement
India says law permits agencies to snoop on citizen’s devices (TechCrunch) The Indian government said on Tuesday that it is “empowered” to intercept, monitor, or decrypt any digital communication “generated, transmitted, received, or stored” on a citizen’s device in the country in the interest of national security or to maintain friendly relations with foreign state…
Police can keep Ring camera video forever and share with whomever they’d like, Amazon tells senator (Washington Post) “The lack of privacy and civil rights protections for innocent residents is nothing short of chilling,” Sen. Edward J. Markey said.
Google, Facebook, Amazon and Apple offer defense in congressional antitrust probe (Reuters) Four top U.S. tech companies, Alphabet's Google, Facebook, Amazon.com and A...
Class Action Critic Ted Frank Objects to $1.4B Equifax Data Breach Settlement (Daily Report) Frank, director of the Center for Class Action Fairness at the Hamilton Lincoln Law Institute, wrote in a Tuesday filing that the deal unfairly compensates some customers over others and awards excessive fees to plaintiffs’ attorneys.
20-year-old Chicago man charged with writing code to spread ISIS propaganda (CyberScoop) U.S. authorities have arrested a 20-year-old Chicago man for allegedly writing computer code to help the Islamic State terrorist group spread propaganda.
US student was allegedly building a custom Gentoo Linux distro for ISIS (ZDNet) Chicago student now faces up to 20 years in prison if found guilty.
Uber safety policies were 'inadequate', says watchdog investigating self-driving car death (The Telegraph) Uber's "inadequate" safety policies was a factor leading to one of its cars killing a woman in Tempe, Arizona, last year, a US watchdog has said.
Brooklyn ICO Promoter Sentenced to 18 Months in Federal Prison (CoinDesk) The fraudster used diamonds and real estate to whisk away $300,000 in other people's money in 2017.