Cyber Attacks, Threats, and Vulnerabilities
New LNK attack tied to Higaisa APT discovered (Malwarebytes Labs) We identified an attack we believe is part of a new campaign by Advanced Persistent Threat actor Higaisa, which is reportedly tied to the Korean peninsula.
Threat Spotlight: Tycoon Ransomware Targets Education and Software Sectors (Blackberry) The BlackBerry Research and Intelligence Team in partnership with KPMG’s UK Cyber Response Services recently unearthed a new ransomware strain written in Java. Tycoon is a multi-platform Java ransomware targeting Windows® and Linux® that uses highly targeted delivery mechanisms to infiltrate small to medium sized companies and institutions in the education and software industries.
Top DHS official says to expect 'every intelligence service' to target COVID-19 research (TheHill) Christopher Krebs, the director of the Department of Homeland Security’s cybersecurity agency, said in an interview released this week that he expects to see "every intelligence service” attempt to target and steal
K-Pop Fans Take Over #WhiteLivesMatter Hashtag to Drown Out Racist Posts (Variety) In an anti-racist move that demonstrates their formidable social-media power, K-Pop fans took over the hashtag #whitelivesmatter, drowning out white-supremacist messages with nonsensical or anti-ra…
Stealthworker: Golang-based brute force malware still an active threat (Akamai) Malware that can target Windows and Linux systems was recently installed on my honeypot. After some investigation, I determined it to be similar to the malware discovered in February of 2019 by Malwarebytes, and later examined by...
Kaspersky says unwanted ads in apps may lead to data leakage (Business World) INTERNET security firm Kaspersky has warned app users that unwanted advertisements could result in data leakages.
YouTube channel credentials in high demand on hacker forums (BleepingComputer) An increasing number of offers for stolen YouTube credentials has been noted recently on hacker and cybercrime forums, where access to accounts is sold in bulk.
Kaspersky IDs Sophisticated New Malware Targeted at Air-Gapped Systems (Dark Reading) 'USBCulprit' is one of several tools that suggest previously known Cycldek group is more dangerous than previous assumed, security vendor says.
()
Cycldek: Bridging the (air) gap (Securelist) Key findings While investigating attacks related to a group named Cycldek post 2018, we were able to uncover various pieces of information on its activities that were not known thus far. In this blog post we aim to bridge the
Office 365 phishing baits remote workers with fake VPN configs (BleepingComputer) Microsoft Office 365 customers are targeted by a phishing campaign using bait messages camouflaged as notifications sent by their organization to update the VPN configuration they use to access company assets while working from home.
Cyber-Attack Hits US Nuclear Missile Sub-Contractor (Infosecurity Magazine) Confidential documents stolen in cyber-attack on US nuclear missile sub-contractor Westech
Large Scale Attack Campaign Targets Database Credentials (Wordfence) Between May 29 and May 31, 2020, the Wordfence Firewall blocked over 130 million attacks intended to harvest database credentials from 1.3 million sites by downloading their configuration files. The peak of this attack campaign occurred on May 30, 2020. At this point, attacks from this campaign accounted for 75% of all attempted exploits of ...Read More
Crypto Exchange Coincheck Hacked; Customers’ Emails Exposed (CISO MAG) Coincheck admitted that it has become a victim of a security incident in which unknown hackers accessed emails sent to the firm by its customers.
Coincheck exchange pauses remittances following data breach (CoinGeek) Coincheck confirmed that a third party was able to fraudulently obtain user’s email addresses and personal data.
San Francisco retirement program SFERS suffers data breach (BleepingComputer) The San Francisco Employees' Retirement System (SFERS) has suffered a data breach after an unauthorized person gained access to a database hosted in a test environment.
SF pension data breach may have exposed city retirees' bank, tax information (San Francisco Chronicle) A database with information about 74,000 workers was exposed on a test server. It was not clear if the data had been viewed or copied.
Experts On San Francisco Retirement Program Suffers Data Breach | Information Security Buzz (Information Security Buzz) It has been reported that the San Francisco Employees’ Retirement System (SFERS) said it suffered a data breach after an unauthorised person gained access to a database hosted in a test environment. In a data breach notification filed yesterday, SFERS stated that one of their vendors had set up a test environment that included a database containing the information for approximately 74,000 SFERS members. While SFERS …
'I thought I was going nuts': What to do if you think stalkerware's on your phone (CNET) These apps put people in danger.
University Fights Off Cyber Attack from Another School (Campus Technology) A security company was able to work with a major unnamed university in the northeast to stop an attack that was initially thought to originate from students to disrupt online testing. It turned out to come from another university.
Cyber attack strikes county computer systems (Person County Life) The Person County government was hit by a ransomware cyber attack last weekend, limiting the City of Roxboro and Person County government’s access to phone lines, email and internet.County …
City of Austin websites go down, hackers take credit in protest (KXAN) The hackers known as Anonymous said they were the ones who took the city’s website, austintexas.gov, offline, but it just appears to be the user-facing web pages. Outages seemed to be intermi…
Creeps give away money to harass recipients with abusive transaction descriptions on bank statements (Register) 'Serious threats' and references to family violence as payment descriptors turned into virtual messaging service
()
Security Patches, Mitigations, and Software Updates
Firefox fixes cryptographic data leakage in latest security update (Naked Security) How time flies – the latest four-weekly Firefox update is out.
Zoom Not Offering End-to-End Encryption to Free Users to Help Law Enforcement (SecurityWeek) Zoom says it will not offer end-to-end encryption to free users so that the FBI or local law enforcement can conduct investigations
Apple takeover bug fixed as iOS VPN Apps revealed to be ‘fleeceware’ (SC Magazine) Researcher reports Apple paying a US$ 100,000 (£80,000) bug bounty for finding a vulnerability in its Sign in with Apple feature, as three apps in Apple’s App Store found to be 'fleeceware.'
Google updates anti-phishing tools by streamlining iOS capabilties (CyberScoop) Google is making it easier to use physical security keys on iOS devices.
Cisco plugs bucketful of security holes in industrial routers, switches (Help Net Security) Cisco has fixed over two dozen security vulnerabilities affecting OSes running on the company's carrier-grade and industrial routers and switches.
Cyber Trends
Crypsis Releases 2020 Incident Response and Data Breach Report (PR Newswire) The Crypsis Group, a leading incident response, risk management and digital forensics firm, today announced the release of their 2020 Incident...
Parents working from home are a higher security risk for critical business systems & data (SC Magazine) Half of UK remote workers use unmanaged personal devices to access corporate systems; many re-use passwords, & let family use corporate devices - putting critical business systems & data at risk.
How Cyber Habits at Home Threaten Corporate Network Security (CXOToday) 77% of Remote Employees Use Unmanaged Personal Devices to Access Corporate Systems A new survey from CyberArk (NASDAQ: CYBR) found that work-from-home habits– including password re-use and letting family members use corporate devices – are putting critical business systems and sensitive data at risk. The survey, which aimed to gauge the current state of security […]
ForgeRock Consumer Identity Breach Report: U.S. Breaches Cost Over $1.8 Trillion; More Than 7.8 Billion Records Exposed Over Last Two Years (ForegRock) Cost of data breaches in 2019 increases over 87% from 2018
Quarterly Threat Landscape Review for Q1 2020 (LookingGlass Cyber Solutions Inc.) In the first quarter of 2020, LookingGlass Cyber Solutions™ (LookingGlass) observed significant growth and development in the global cyber threat landscape, highlights of which included advancements in cyber crime tactics, a shift in threat actor attack vectors, and global events that underscored the importance of cybersecurity., May 22, 2020
Lack of cyber talent remains a national security threat (Americas Military Entertainment Brand) The massive shortage of cyber professionals is a national security threat, according to the Department of Homeland Security. Cyber personnel from the private and public sectors are America's frontline of defense because critical infrastructure sectors, including water, healthcare, and elections, rel...
Law Firms 'Performing Admirably' In The Face Of Constant Cyber Attacks (Today's Wills and Probate) Cyber security firm's assessment of over 2000 law firms globally ranks their risk rating for cyber attacks alongside those present in the financial sector
Marketplace
RiskIQ adds National Grid Partners as securing data becomes a strategic priority for utilities (TechCrunch) RiskIQ, a startup providing application security, risk assessment and vulnerability management services, has added National Grid Partners as a strategic investor. The funding from the investment arm of National Grid, a multinational energy provider, is part of a $15 million new round of financing …
The Official Cyber Security Summits are going Virtual for 2020 (EIN News) CyberSummitUSA has decided to move its entire calendar of events to a virtual trade show platform. With input from its strategic industry partners,
Trusted Connectivity Alliance Membership Expands, Strengthening Representation Across SIM Ecosystem (TCA) TCA welcomes Arm, NXP and Qualcomm to the organisation as its latest members. Linxens and Workz Group have also joined as members in 2020.
2 Canadian telecoms rule out Huawei gear (Arkansas Online) Two of Canada's three major telecommunication companies announced Tuesday that they have decided not to use Chinese tech giant Huawei for their next-generation 5G wireless network.
Layoff Watch ’20: Deloitte Has Begun Handing Out Thousands Of Pink Slips (Going Concern) According to chatter we’re seeing, Deloitte is celebrating its New Year’s Eve today by giving pink slips to a whole bunch of people.
Sophos puts 100 at risk of redundancy as future of Naked Security blog hangs in balance (Register) Firm denies shutdown of marketing organ but heads may well roll
Early Facebook Employees Disavow Zuckerberg’s Stance on Trump Posts (New York Times) In an open letter, nearly three dozen called on the chief executive to take action on President Trump’s messages.
Read the transcript of Mark Zuckerberg’s tense meeting with Facebook employees (Vox) This is how Facebook’s CEO is thinking about democracy, speech, and racial justice at a critical moment.
Facebook's Trump appeasement begs an obvious question (The Telegraph) The tech giant's inaction over Trump's controversial posts is at odds with its establishment of an Oversight Board
Snap will stop promoting Trump’s account after concluding his tweets incited violence (The Verge) Trump will retain his account but no longer appear in Discover. Snap made the decision over the weekend.
Protests Renew Scrutiny of Tech's Ties to Law Enforcement (Wired) Amazon executives tweeted support for protesters. But the company sells a surveillance tool to police that studies say misidentifies darker-skinned people.
Microsoft, Amazon and IBM express ‘solidarity.’ Should they end police contracts? (Protocol) Activists say powerful tech companies have a responsibility to break business ties with law enforcement or use those relationships as leverage to demand needed reforms.
This matters more: How cyber pros are confronting racism in their own ranks, and beyond (CyberScoop) The past week has forced the cybersecurity community to look inward and consider how their skills can secure more than computers.
Bitglass launches local edge data centres in Australia (Data Center News) The new data centres will be located in both Melbourne and Perth.
K2 Cyber Security Appoints Monty Venkersammy as Vice President of Channel Sales (BusinessWire) K2 Cyber Security appoints Monty Venkersammy VP of Channel Sales to build channel strategy, help companies secure critical web applications
Amber Rudd joins Darktrace advisory board (Business Weekly) Cambridge unicorn Darktrace, world leader in cyber security technology, has pulled off something of a coup by persuading former Home Secretary Amber Rudd to join its advisory board. She served as Home Secretary from 2016 to 2018. After a career in banking, venture capital and head hunting, Rudd became the MP for Hastings and Rye from 2010 to 2019. She held three Cabinet roles
Products, Services, and Solutions
Kudelski Security Launches Additional Services for the Microsoft Modern Workplace (Yahoo) Kudelski Security, the cybersecurity division within the Kudelski Group (SIX:KUD.S), announced today the launch of its dedicated Microsoft Security services, enabling clients to effectively consume and configure Microsoft security capabilities and add additional monitoring to their Microsoft 365 and
Lumu Introduces New ‘Compromise Context’ Capability to Supercharge Incident Threat Response (GlobeNewswire) By Providing Real-Time Context About Existing Network Compromises, Lumu Helps IT Security Teams Further Minimize Alert Fatigue, Prioritize Response, and Accelerate Remediation
AppOmni Announces Enterprise Essentials Solutions (PR Newswire) AppOmni, the world's leading provider of Cloud Security Posture Management (CSPM) for SaaS, today announced the release of Enterprise...
Dedrone and BlackBerry Partner to Counter Unauthorized Drone Activity (PR Newswire) BlackBerry Limited (NYSE: BB; TSX: BB) today announced it has partnered with Dedrone®, a market and technology leader in airspace security, to...
Druva and FireEye Join Forces to Strengthen Enterprise Cyber Resiliency (BusinessWire) Druva, Inc., the leader in Cloud Data Protection and Management, today announced the launch of an API integration with FireEye extending visibility an
RMIScout: New hacking tool brute-forces Java RMI servers for vulnerabilities (The Daily Swig) Scouting for bugs
New Nets Passport Reader service brings security and simplicity to remote identification (Front page) Nets introduces the Nets Passport Reader which bridges the gap between physical ID documents and digital identification, with the help of a simple smartphone app.
Incognia releases location behavioral biometrics to fight mobile fraud (Biometric Update) Incognia has introduced location-based behavioral biometrics identity technology to fight mobile fraud attempts and secure onboarding, the company announced. Banks, fintech and retailers struggling…
Australian Department of Home Affairs' New Biometric System Goes Live Using Unisys Stealth(identity)(TM) and IDEMIA Biometrics (The Delaware County Daily Times) Unisys Corporation (NYSE: UIS) and IDEMIA today announced that the Australian Department of Home Affairs' new Enterprise Biometric Identification
By Light Adds Threat Intell Feature to Cyber Training Platform (ExecutiveBiz) By Light Professional IT Services has integrated a FireEye threat intelligence offering into the former's technology platform that offers an integrated live, virtual and constructive training environment for cyberspace missions.
Aston Martin Designates SentinelOne as Its Official Cybersecurity Partner (BusinessWire) SentinelOne, the autonomous cybersecurity platform company, has been announced as the official cybersecurity provider to British luxury car manufactur
Atakama Announces It Will Be Offering Its Encryption Software To Businesses In Need For Free (PR Newswire) ATAKAMA Inc., a data security company based in NYC, announced today that for the duration of the COVID-19 pandemic, it will be offering its...
Pondurance to Provide Cybersecurity to Arrow McLaren SP (Arrow McLaren) Indianapolis-based Pondurance to be official cybersecurity partner of AMSP.
SecureAge | SecureAge introduces 'Recommended Actions' for Endpoint Protection to relieve user anxiety for remote or office-based workers (RealWire) SecureAge Technology, a leading global data and endpoint protection company, has announced a key update to its flagship SecureAPlus Endpoint Protection Platform (EPP), to reduce user anxiety for remote or office-based workers
HID Global Introduces Its WorkforceID Cloud Platform That Digitally Transforms Physical and Cyber Identity Management (BusinessWire) HID's new WorkforceID™ platform enables a seamless, effortless experience when using identity credentials to access physical and digital workplaces.
Technologies, Techniques, and Standards
CISA Central (CISA) CISA Central is the Cybersecurity and Infrastructure Security Agency’s hub for staying on top of threats and emerging risks to our nation’s critical infrastructure, whether they’re of cyber, communications or physical origin.
Analysis | The Cybersecurity 202: D.C.’s use of email voting shows what could go wrong in November (Washington Post) Email is a fundamentally insecure way to cast votes, but the District tried it out of desperation.
Organizational Accountability (Centre for Information Policy Leadership) CIPL has a long history of exploring accountability-based information management and privacy governance. As part of our work on enabling innovation while also protecting privacy, we are currently...
Are your customers who they say they are? (Computing) Identity is at the heart of digital transformation
()
()
Design and Innovation
Experts Note Benefits of Security Tokens But Full Adoption Will Take Time (Cointelegraph) Security tokenization experts told Cointelegraph how they view the future of this new asset class and the technology behind it
Twitter Temporarily Restricts Popular Satire Account Titania McGrath (Newsbusters) In the time of the COVID-19 virus, Twitter apparently sees conservative satire as the true plague.
Google deletes Indian app that deleted Chinese apps (Naked Security) Google has deleted an app from the Play Store that offered to delete Android software associated with China.
Research and Development
DOD Announces New Locations for Additional 5G Testing, Experimentation (US Department of Defense) The Defense Department already is heavily involved in investigating how 5G technology will best serve the warfighter.
US defence chiefs ask East of England trio to help improve chip security (Business Weekly) Three businesses with East of England operations are helping US defence chiefs eradicate weaknesses in digital integrated circuit chips. Cambridge duo Arm and UltraSoc and Northrop Grumman in Market Deeping are in two teams hand-picked by The Defense Advanced Research Projects Agency in the US to protect the ICs from exploitation which threatens economic and national security.
Legislation, Policy, and Regulation
Statement by the North Atlantic Council concerning malicious cyber activities (NATO/OTAN) We stand united as we face this unprecedented coronavirus pandemic. We condemn destabilising and malicious cyber activities directed against those whose work is critical to the response against the pandemic, including healthcare services, hospitals and research institutes. These deplorable activities and attacks endanger the lives of our citizens at a time when these critical sectors are needed most, and jeopardise our ability to overcome the pandemic as quickly as possible.
Europe nears tipping point on Russian hacking (POLITICO) Berlin leads the charge against a notorious hacker linked to Moscow’s intelligence service.
Indonesia’s New Data Protection Rules Move Toward Passage (Lexology) After a number of data breaches underlined the urgency of comprehensive data protection rules, Indonesia expects to pass a data protection law in 2020…
UK in talks with 5G suppliers from Japan, South Korea as government rethinks ties with China (Computing) British ministers have become critical of China in recent months over its handling of COVID-19 pandemic
UK Armed Forces Cyber Regiment launched to protect frontline operations (SC Magazine) A new Cyber Regiment - The 13th Signal Regiment - has been launched to protect frontline operations from digital attack Defence Secretary Ben Wallace today announced today.
Proposed Bill Would Direct The Security Agency To Track Israelis To Combat Coronavirus, Privacy Regulator Objects Due To Disproportionality (Mondaq) The government published a proposed draft bill directing the Israeli National Security Agency (colloquially named "Shabak" or "Shin Bet") to engage in ubiquitous cellular...
What does cyber arms control look like? Four principles for managing cyber risk (ELN) The question of how we manage the challenges and threats posed by “cyber” is perhaps one of the most talked-about security problems of our
time. Dr Andrew Futter sets out the key criteria that we need to consider in future “cyber arms control”.
Litigation, Investigation, and Law Enforcement
U.S. assessment finds opportunists drive protest violence, not extremists (Reuters) President Donald Trump has blamed leftwing extremist groups for instigating nights of looting and violence in cities across the United States, but an intelligence assessment offers limited evidence that organized extremists are behind the turmoil.
()
FCC to Court: Deny Huawei (Multichannel) Says its petition challenging FCC decision is premature and meritless
Rosenstein says he wouldn’t approve Russia warrant amid new information (Federal Times) “I do not consider the investigation to be corrupt, but I understand the president’s frustration given the outcome that there was no evidence” of a conspiracy between the campaign and Russia, he said.
Romanian Skimmer Gang in Mexico Outed by KrebsOnSecurity Stole $1.2 Billion (KrebsOnSecurity) An exhaustive inquiry published today by a consortium of investigative journalists says a three-part series KrebsOnSecurity published in 2015 on a Romanian ATM skimming gang operating in Mexico’s top tourist destinations disrupted their highly profitable business, which raked in an estimated $1.2 billion and enjoyed the protection of top Mexican authorities.
Reuters alleges Huawei covered up ownership of Iranian affiliate (ZDNet) The Chinese tech giant reportedly moved one of its employees into the affiliate 'to urgently avoid the risks of media hype'.
It's Getting Harder To Hide Consultants' Data Breach Reports (Law360) Capital One is the latest company ordered by a U.S. court to disclose a consultant's analysis of a massive data breach, in a potential boon for consumers but a troubling development for businesses aiming to talk frankly about breaches without fear of legal repercussions.
Incognito mode detection still works in Chrome despite promise to fix (ZDNet) Google said last year that it would fix a bug that allowed sites to detect incognito mode, but no fix ever came.
Google Faces Privacy Lawsuit Over Tracking Users in Incognito Mode (Threatpost) A $5 billion class-action lawsuit filed in a California federal court alleges that Google's Chrome incognito mode collects browser data without people’s knowledge or consent.
9th Circ. Ruling Doesn't Help Google Users In Tracking Row (Law360) A California federal judge on Wednesday refused to rethink his decision to ax a proposed class action accusing Google of unlawfully tracking and storing users' private location information, finding that the Ninth Circuit's recent revival of wiretapping claims in similar litigation against Facebook didn't change anything.
Credit One Liable For Robocalls To Kid's Cell, 9th Circ. Says (Law360) The nearly 200 automated calls Credit One Bank's vendors made to an 11-year-old boy over debt owed by the cell number's previous owner violated the Telephone Consumer Protection Act, a Ninth Circuit panel ruled Wednesday.
Email scammer pleads guilty to defrauding Texas firms out of more than $500,000 (CyberScoop) A 64-year-old man has admitted his role in an email-based fraud scheme that relied on spoofed email addresses to con companies out of more than $500,000.