Cyber Attacks, Threats, and Vulnerabilities
As Venezuela’s economy struggles, some of its citizens turn to a lucrative gig: Cybercrime (NBC News) Hacking efforts are particularly lucrative for Venezuelans as they are sold for cryptocurrency, a welcome alternative to the country’s own currency, which has endured rapid inflation.
Extensive hacking operation discovered in Kazakhstan (ZDNet) Researchers say an advanced hacking group has been using custom-developed hacking tools, expensive surveillance kits, mobile malware, and radio communications interception hardware to spy on Kazakhstan targets.
Iran’s APT33 sharpens focus on industrial control systems (Naked Security) Iran’s elite hacking group is upping its game, according to new evidence delivered at a cybersecurity conference this week.
A notorious Iranian hacking crew is targeting industrial control systems (Ars Technica) Iran’s APT33 may be exploring cyberattacks on critical infrastructure.
Russia’s Sandworm Attacks Thousands of Android Phones (KoDDoS Blog) Google has discovered that Sandworm, Russia’s state-sponsored hackers, are launching some of the most dangerous cyberattacks in history.
A new era of cyber warfare: Russia’s Sandworm shows “we are all Ukraine” on the internet (CSO Online) In-depth research on Russia's Sandworm hacking group shows broad capabilities and scope to disrupt anything from critical infrastructure to political campaigns in any part of the world.
RDP loves company: Kaspersky finds 37 security holes in VNC remote desktop software (Register) BlueKeep isn't the only bug in town, plenty to go round
Lights That Warn Planes of Obstacles Were Exposed to Open Internet (Vice) The panel "provides controls to change the intensity of the light fixtures, turn them on, and turn them off."
iPhone users warned to be on alert for phishing attacks (Stuff) Netsafe says phishing scam that appears to target iPhone users is taking 'scatter-gun' approach.
Forensic Acquisition of Apple TV with checkra1n Jailbreak (ElcomSoft blog) Are you excited about the new checkm8 exploit? If you haven't heard of this major development in the world of iOS jailbreaks, I would recommend to read the Technical analysis of the checkm8 exploit aricle, as well as Developer of Checkm8 explains why iDevice jailbreak exploit is a game changer. The
1.2 Billion Records Found Exposed Online in a Single Server (Wired) Here's the next jumbo data leak, complete with Facebook, Twitter, and LinkedIn profiles.
1.2B Records Exposed in Massive Server Leak (Dark Reading) A single server leaked 4 terabytes of personal data, including social media profiles, work histories, and home and mobile phone numbers.
1.2 billion people exposed in data leak includes personal info, LinkedIN, Facebook (Data Viper) Data discovered on an open elasticsearch database containes personal information on 1.2 billion people including Facebook, Twitter, LinkedIN profiles.
BlueKeep Threat Situation Overview: Low Levels of Attacks, Maintain Watchfulness (Proofpoint US) In May 2019, Microsoft released security updates for CVE-2019–0708, an unauthenticated, SYSTEM-level, network-based remote code execution (RCE) vulnerability. This vulnerability has been widely dubbed “BlueKeep”. This blog provides background on the vulnerability and an update on the threat landscape based on analysis by the Proofpoint Threat Insight Team.
Password grabber: Updated Trickbot malware steals OpenSSH and OpenVPN keys (SC Magazine) Security researchers have discovered an updated form of the Trickbot malware that has been changed to steal OpenSSH private keys and OpenVPN passwords and config data.
Apache Solr RCEs with public PoCs could soon be exploited (Help Net Security) Two remote code execution (RCE) vulnerabilities in Apache Solr could be exploited by attackers to compromise the underlying server.
Nominet Suspends 29,000 .UK Domains (Infosecurity Magazine) Nominet Suspends 29,000 .UK Domains. Clean-up continues with close collaboration with police
Allied Universal Breached by Maze Ransomware, Stolen Data Leaked (BleepingComputer) After a deadline was missed for receiving a ransom payment, the group behind Maze Ransomware has published almost 700 MB worth of data and files stolen from security staffing firm Allied Universal. We are told this is only 10% of the total files stolen and the rest will be released if a payment is not made.
Ransomware Attackers Leak Stolen Data (BankInfo Security) Ransomware attacks have taken an unwelcome turn: The Maze gang reportedly has begun leaking a victim's files to create pressure to pay a ransom. Security experts
Clop Ransomware Tries to Disable Windows Defender, Malwarebytes (BleepingComputer) In order to successfully encrypt a victim's data, the Clop CryptoMix Ransomware is now attempting to disable Windows Defender as well as remove the Microsoft Security Essentials and Malwarebytes' standalone Anti-Ransomware programs.
Advisory: Squid Multiple High-risk Vulnerability (NSFOCUS, Inc.) Vulnerability Description On November 5, local time, Squid officially released a security bulletin to fix multiple vulnerabilities, including a high-risk buffer overflow vulnerability that could lead to code execution (CVE-2019-12526), an information disclosure vulnerability (CVE-2019-18679) And HTTP request splitting problem (CVE-2019-18678). Squid is a popular open source Internet proxy and web caching application. It can …
Raccoon Stealer Malware Scurries Past Microsoft Messaging Gateways (Threatpost) Financial institutions are in the crosshairs of hackers leveraging the malware to steal sensitive data.
#cybersecurity | Pegasus like spyware could be snooping on you right now! (National Cyber Security) World Largest Source Of Security News.
Anatomy of a BEC Scam (Dark Reading) A look at the characteristics of real-world business email compromise attacks - and what makes them tick.
Why cryptocoin scams work, and how to avoid them (Naked Security) What are ICOs, why are they so popular and why do crooks love them so much?
Hackers hold Milwaukee-based tech company's data for ransom; nursing homes affected (Milwaukee Journal Sentinel) Virtual Care Provider Inc. is scrambling to restore its systems after it was unable to pay the $14 million in Bitcoin demanded in a ransomware attack.
How the NYPD’s fingerprint database got shut down by a computer virus (New York Post) The NYPD’s high-tech fingerprint database was temporarily brought down by a bumbling contractor with a virus-infected mini computer, The Post has learned. A contractor was setting up a digital disp…
Gov. Edwards declares State of Emergency following cyber attack (KATC) Gov. John Bel Edwards on Friday declared a State of Emergency following a cybersecurity incident that affected state servers this week, allowing several agencies to take actions, including waiving fees and fines, to assist members of the public.
Louisiana OMV won't reopen until Monday after cyberattack (WWL) The governor announced Thursday that the Office of Motor Vehicles would remain closed until Nov. 25, one week after an attempted ransomware attack.
Child welfare agency says it’s victim of sophisticated cyber attack (CTV News Winnipeg) A child welfare agency called the Southern First Nations Network of Care said it has been the victim of a cyber attack.
Cyberattack against Manitoba child welfare agency under investigation (CBC) A major breach of the Southern First Nations Network of Care's information and technology system in Manitoba that forced a complete system shutdown is being treated as a criminal investigation, a spokesperson for the agency said.
Thwarting hackers (Uvalde Leader-News) Commissioners hear of cybersecurity efforts Julye Keeble Staff writer “Eighty percent of hacking-related breaches are from stolen passwords. If you think about it, how many passwords do you have that are probably pretty similar to each other,” said sales engineer Lydia McCloskey with HTS Voice and Data Systems. “And 85 percent of businesses with less …
More than 1 million T-Mobile customers exposed by breach (TechCrunch) T-Mobile has confirmed a data breach affecting more than a million of its customers, whose personal data (but no financial or password data) was exposed to a malicious actor. The company alerted the affected customers but did not provide many details in its official account of the hack. The company…
Data breach compromises T-Mobile prepaid accounts (SC Magazine) T-Mobile discloses a data breach incident that impacts certain customers with prepaid service accounts.
OnePlus Exposed Customer Order Information in Data Breach (BleepingComputer) Chinese smartphone maker OnePlus announced a data breach leading to some of its customers' order information including names, contact numbers, emails, and shipping addresses being accessed by a third-party without authorization.
Several high profile Android apps still have vulnerabilities discovered years ago (TechSpot) Messenger, Instagram and WeChat are among hundreds of unpatched apps
Apple says its App Store is ‘a safe and trusted place.’ We found 1,500 reports of unwanted sexual behavior on six apps, some targeting minors. (Washington Post) The complaints about popular social media platforms that connect strangers in video conversations, known as “random chat apps,” serve as digital cries for help.
Scammers try a new way to steal online shoppers’ payment-card data (Ars Technica) Skimmers host fraudulent third-party processor that looks just like the real thing.
Dark Web Vendors Are Reportedly Offering Black Friday Deals (CryptoGlobe) Vendors on dark web marketplaces are reportedly offering their clients large discounts over Black Friday on their goods, which include drugs, stolen credit cards, hacking tools, and more.
Drug dealers are offering Black Friday deals on the dark web (The Independent) 'Online discounts for criminals are an excellent opportunity for site operators to increase sales and attract new buyers,' researcher says
Risky behavior exposes consumers to seasonal security scares (Help Net Security) A study shows that millions of Americans continue to over-indulge in risky behaviors, leaving themselves open to seasonal security scares.
BA flights disrupted due to yet-another IT meltdown (Computing) British Airways IT meltdown causes flight delays of up to 12 hours.
Rats trip up Estonia's e-economy (BBC News) Rats and high winds cut the cables that connect Estonia's electronic public services.
Security Patches, Mitigations, and Software Updates
Twitter Just Confirmed A Better Way To Secure Your Account (Forbes) Twitter has made a crucial change to its security settings that helps improve your security and privacy. Where’s what you need to know.
Cyber Trends
WhiteHat Security Research Reveals that 75% of Developers Worry about the Security of their Applications, Yet Half Their Teams Lack a Dedicated Security Expert (BusinessWire) WhiteHat Security today released the results of its
Vulnerability QuickView 2019 Q3 Trends (Risk Based Security) Our QuickView Report is sourced from our product VulnDB® and has garnered media attention from publications such as TechRepublic and Help Net Security.
2019 Trust Report in Practice: Trust at Scale - Synack (Synack) Crowd Security Intelligence
Your Health Data Isn’t as Safe as You Think (Wall Street Journal) Silicon Valley’s rush into the health-care business is challenging the antiquated protections of Americans’ medical histories.
Marketplace
Prevailion Receives Strategic Investment from Legion Capital (FinSMEs) Prevailion, a Columbia, MD.-based cybersecurity company, received an investment from Legion Capital Partners. The amount of the deal was not disclosed.
Older IT Workers Left Out Despite Tech Talent Shortage (Wall Street Journal) Older information-technology professionals are being passed over by employers, even as IT job openings soar to record highs and employers say recruiting tech talent is a challenge.
Google Workers Protest Company’s ‘Brute Force Intimidation’ (Bloomberg) Company denies wrongdoing with two employees placed on leave. Culture of openness battered by Google’s staff rebellion.
Darktrace Begins Preparations as Public Company, Nears CFO Hire (Yahoo) (Bloomberg) -- Darktrace Ltd. is close to naming a chief financial officer as the U.K. cybersecurity unicorn sets itself up to be run like a public company.The firm hasn’t made a decision about whether to hold an initial public offering, co-chief executive officer Poppy Gustafsson said in an interview
A10 Hires New CEO, No Word on Potential Sale (SDX Central) Almost four months after announcing that its CEO and President Lee Chen was on his way out, A10 Networks said it selected Dhrupad Trivedi to lead the company, effective Dec. 2.
Products, Services, and Solutions
New infosec products of the week: November 22, 2019 (Help Net Security) The featured infosec products include releases from the following vendors: Nubeva Technologies, Rancher Labs, Arctic Wolf Networks, IBM, Trend Micro,
Lastline to Deliver Unmatched Network Visibility to the Public Sector Through immixGroup (PR Newswire) Lastline®, the leader in AI-powered network detection and response, today announced an agreement with immixGroup, an Arrow ECS company that...
Mocana and Siemens collaborate on IIoT cybersecurity (Chemical Engineering) Mocana Corp. (Sunnyvale, Calif.; www.mocana[.]com) announced a new partnership with Siemens Digital Industries Software to bring end-to-end security for any...
Two cyber leaders launch higher ed grant program valued at $5.6M (University Business Magazine) Program will provide colleges and universities access to advanced cyber training and tools for establishing preeminent cyber centers.
Verizon Business throws a zero trust lasso around its private IP networks (FierceTelecom) Verizon Business is shielding its private IP networks by embedding a software-defined perimeter service to create a zero trust architecture. Verizon's zero trust technology blocks connectivity to servers and applications from unknown devices, which makes corporate data virtually invisible to anyone that doesn't have approved access.
Technologies, Techniques, and Standards
Safeguarding SCADA Systems (Water & Wastes Digest) Supervisory control and data acquisition (SCADA) systems are an integral factor for operating any modern water collection, treatment or distribution operation. SCADA systems may consist of a few local controllers and operator interfaces or may be far more complex configurations that include networking, radio telemetry,
Your organisation will be hacked, how will you respond, asks IBM (Computing) Speaking at Computing's Cyber Security Live conference, Mike Spradbery, senior technical leader, IBM Security UK & Ireland, explains what organisations need to think of when building their incident response plans.
Managing the inevitable: what happens when security is breached (Computing) Threats are getting more serious, but defences are evolving too.
Security has a communication problem, and DevOps is the answer, says Chef (Computing) Jeff Mery, VP global solutions architects at Chef tells delegates at Computing's Cyber Security Live conference that treating everything as code helps traditional translation challenges between developers, infrastructure teams and security.
Tension-by-design is a healthy way to run cybersecurity, say panellists (Computing) Managing the friction between compliance and security is all about empathy.
When it comes to 5G, Army says ‘show us what you have’ (C4ISRNET) With 5G expected to become more widespread, the Army is exploring how the new hardware could improve global asset management, “smart depots
Bug Bounties Alone Won't Make You Secure (Forbes) With both Apple and Google each offering one million dollars for bugs, Katie Moussouris, CEO of Luta Security, thinks things may have gotten a little out of hand.
How the FCC’s new ban on Huawei benefits the military (Fifth Domain) 5G technology will introduce new cybersecurity risks to U.S. networks. Here's what FCC did to minimize that risk.
Design and Innovation
Arlo: An open source post-election auditing tool - Help Net Security (Help Net Security) CISA and VotingWorks are working on Arlo, an open source post-election auditing tool provided for free for state and local election officials.
The Debate Over How to Encrypt the Internet of Things (Wired) So-called lightweight encryption has its place. But some researchers argue that more manufacturers should stick with proven methods.
Facebook built a facial recognition app for employees (CNET) The discontinued app could identify employees and their friends who had enabled facial recognition, Facebook said.
Legislation, Policy, and Regulation
Tim Berners-Lee launches 'Contract for the Web' to govern internet giants and governments (Computing) Google, Facebook and others sign-up to Berners-Lee's 'global plan of action to make our online world safe and empowering for everyone'
Russia bans smartphones without local software (BBC News) Supporters say the law on new sales promotes Russian technology but there are concerns about surveillance.
Russia passes law forcing 'locally produced' software onto people's devices (Computing) This is a local internet for local people…
Putin’s New Gadget Ban: Another Warning Sign For Russia (Forbes) Russia has now passed a law banning mainstream consumer gadgets that do not come preinstalled with Russian software.
Data leak details China's 'brainwashing system' (BBC News) Leaked documents show new evidence of China's systematic brainwashing of Uighur and other detainees.
Exposed: China’s Operating Manuals for Mass Internment and Arrest by Algorithm (ICIJ) A new leak of highly classified Chinese government documents reveals the operations manual for running the mass detention camps in Xinjiang and exposed the mechanics of the region’s system of mass surveillance.
US regulators rule that China's Huawei and ZTE threaten national security (CNN) American regulators voted to impose new restrictions on subsidies for American telecom companies Friday. The ruling is designed to constrain Chinese companies, including Huawei and ZTE.
Huawei and ZTE barred from FCC Universal Service Fund (ZDNet) US telcos receiving USF money could be forced to replace existing Huawei and ZTE equipment.
FCC votes to bar China's Huawei, ZTE from government subsidy program (CNBC) The U.S. Federal Communications Commission (FCC) voted 5-0 Friday to designate China's Huawei and ZTE as national security risks
Analysis | The Cybersecurity 202: The U.S. is racking up tactical victories in Huawei fight (Washington Post) Moves in Brussels, Berlin and Brazil are likely to lessen the company's global reach,
Canada's use of Huawei 5G would hamper its access to U.S. intelligence: U.S. official (Reuters) The U.S. national security adviser urged Canada on Saturday not to use Huawei 5G...
Beware a Huawei 'Trojan horse,' U.S. security adviser warns Canada (CBC) The spectre of restricting Canada’s access to Five-Eyes intelligence, if the Liberal government does not ban Huawei from the upcoming 5G network, was raised Saturday as U.S. lawmakers delivered stern warnings about the Chinese telecom giant.
Ursula-Owusu asks int’l community to probe application of cyber-space laws (Ghana Web) The Minister for Communications, Mrs Ursula Owusu-Ekuful, has asked the...
To protect GPS satellites, Esper is against private 5G proposal (C4ISRNET) A plan to use L-Band spectrum for 5G could disrupt GPS satellites, the Secretary of Defense said.
DHS Leadership Turnover Extends Beyond Secretary’s Office (Nextgov) The rotating cast of officials in top tech and cyber jobs could hinder the department’s ability to develop and execute a consistent digital strategy.
Litigation, Investigation, and Law Enforcement
Utilities Targeted in Cyberattacks Identified (Wall Street Journal) More than a dozen U.S. utilities that were targets in a recent wave of cyberattacks have been identified by The Wall Street Journal. Some of the utilities are strategically located near dams, locks and other critical infrastructure.
China defector breaks great wall of silence to expose Beijing’s spies (Times) A self-proclaimed Chinese spy has made explosive claims that Beijing used an alleged “front” company in Hong Kong to infiltrate universities in the former British colony, interfere in elections in...
Defecting Chinese spy offers information trove to Australian government (The Age) Wang “William” Liqiang is the first Chinese operative to ever blow his cover and he has taken his story to ASIO.
Former CIA officer sentenced to 19 years for conspiring with Chinese spies (NBC News) Jerry Chun Shing Lee is the third former U.S. intelligence officer to be convicted in less than a year of conspiring with the Chinese to give them national defense information.
Russian cyber firm hounded in US helped NSA bust 50TB data breach – report (Stock Daily Dish) Russian cyber firm hounded in US helped NSA bust 50TB data breach – report Kaspersky Lab may be portrayed by the US media as an extension of the Russian government using its antivirus software to snoop on gullible Americans, but in 2016 it helped the NSA to bust a massive security breach.
'Almost certain that organised criminal group' behind wave of cyberattacks in SA (SowetanLIVE) SA experienced the single longest running cyber-attack campaign monitored around the world by e-mail and data security company Mimecast between July and September
Aleksei Burkov, Russian accused of operating 'elite' hacking forum, pleads not guilty (CyberScoop) The accused Russian scammer at center of a geopolitical standoff pleaded not guilty Friday to allegations that he operated two hacking forums where members bought and sold payment data worth roughly $20 million.
Federal Reserve Steps Up Scrutiny of Tech Firms That Serve Banks (Wall Street Journal) The Federal Reserve is looking at ways to step up supervision of technology firms that serve the banking industry, amid ongoing concerns about the threat of cybersecurity breaches, a senior official said.
Authorities Arrest Alleged Member of Group That Hacked Jack Dorsey (Vice) The alleged member was arrested around two weeks ago, another member of the hacking group told Motherboard.
Russian Hacker Gets 4 Years in U.S. Prison for Malware Attacks (Bloomberg) Stanislov Lisov pleaded guilty in February to conspiracy. Lisov was arrested in Spain in 2017 and extradited that year.
Russian Hacker Behind NeverQuest Banking Malware Gets 4 Years in U.S. Prison (The Hacker News) Stanislav Vitaliyevich Lisov, Russian Hacker Behind NeverQuest Banking Malware Gets 4 Years in U.S. Prison
Convicted Nigerian fraudster keeps a-fraudin’ from behind bars (Naked Security) He was supposed to be serving a 24-year sentence in the “maximum security” prison, not continuing the fraud… and going to parties.
Graham launches probe of Bidens, Burisma and Ukraine (Washington Post) The Judiciary Committee chairman has asked the State Department for certain communications between former vice president Joe Biden and Ukrainian officials.
Huawei Sues Critics in France Over Remarks on China State Ties (Bloomberg) Claim it’s controlled by the Chinese state is false, it says. The company is seeking to sell 5G equipment in Europe.
Suspect can’t be compelled to reveal “64-character” password, court rules (Ars Technica) Prosecutors say forced disclosure permitted by “foregone conclusion.” Justices disagree.
Botnet Creator Confesses to Hacking Over 800,000 Devices (KoDDoS Blog) A man has confessed and pleaded guilty to creating botnets that transformed more than 800,000 devices into cash-spinning denial-of-service units.
Ponzi Schemes, Private Yachts, and a Missing $250 Million in Crypto: The Strange Tale of Quadriga (Vanity Fair) When Canadian blockchain whiz Gerald Cotten died unexpectedly last year, hundreds of millions of dollars in investor funds vanished into the crypto ether. But when the banks, the law, and the forces of Reddit tried to track down the cash, it turned out the young mogul may not have been who he purported to be.