Cyber Attacks, Threats, and Vulnerabilities
Dark Basin: Uncovering a Massive Hack-For-Hire Operation (The Citizen Lab) Over the course of our multi-year investigation, we found that Dark Basin likely conducted commercial espionage on behalf of their clients against opponents involved in high profile public events, criminal cases, financial transactions, news stories, and advocacy. This report highlights several clusters of targets. In future reports, we will provide more details about specific clusters of targets and Dark Basin’s activities.
Environmentalists Targeted Exxon Mobil. Then Hackers Targeted Them. (New York Times) Federal prosecutors in Manhattan are investigating a global hacker-for-hire operation that sent phishing emails to environmental groups, journalists and others.
Behind China’s Twitter Campaign, a Murky Supporting Chorus (New YorkTimes) Swarms of accounts are amplifying Beijing’s brash new messaging as the country tries to shape the global narrative about the coronavirus and much else.
Nefilim Hackers Publish Oil Firm Data Online and Continue Campaign (Computer Business Review) A cyber criminal group known for its Nefilim (Netfilim) ransomware is continuing to target energy companies. Nefilim Hackers Publish Oil Firm data.
Greek hackers continue revenge attack by accessing sensitive Turkish data (Greek City Times) Turkish hackers initiated a “cyberwar” with Greece, and it is likely they are regretting it now, as Greek hackers have completely compromised the security of important Turkish government websites and recovered personal data.
Honda could be victim of ransomware cyber attack (The Telegraph) Japanese car giant confirms IT issue but evidence indicates cyber criminals have targeted the company
Honda puts some manufacturing on hold over computer 'disruption' (NBC News) Some cybersecurity researchers believe the company was at least targeted by cybercriminals after they found evidence Monday of customized ransomware.
Japanese car giant Honda probes suspected cyber attack (Sky News) The Japanese carmaker is investigating a suspected cyber attack in Europe and Japan, Sky News understands.
Honda investigates possible ransomware attack, networks impacted (BleepingComputer) Computer networks in Europe and Japan from car manufacturer giant Honda have been affected by issues that are reportedly related to a SNAKE Ransomware cyber-attack.
Computer network ‘disruption’ forces Honda to cancel some production (CyberScoop) A “disruption” to Honda’s computer network forced the company to cancel some production operations on Monday, according to a company spokesperson.
Reports: Honda operations disrupted after suspected cyber attack (Dayton Business Journal) Automotive manufacturer Honda is experiencing a company-wide network outage that is suspected to have been caused by a ransomware attack, according to international media reports.
Possible malware attack grinds production to a halt at Honda plants in Alliston (Simcoe) Company spokesperson won't confirm reports of cyber attack, says IT department still assessing situation.
Maze Ransomware adds Ragnar Locker to its extortion cartel (BleepingComputer) A second ransomware gang has partnered with Maze Ransomware to use their data leak platform to extort victims whose unencrypted files were stolen.
New DDoS protection tool advertised on the dark web (Digital Shadows) This blog examines a newly launched DDoS protection filter mechanism dubbed EndGame advertised last week on the dark web community forum Dread, which required a combined effort from many parts of the dark web to create a solution for an ongoing problem that has been slowly killing off the cybercriminal scene one platform at a time.
Law Enforcement Is Starting to Make Criminals Doubt the Dark Web (Cointelegraph) Trend Micro reveals dwindling confidence among darknet users in marketplaces due to security concerns
Shifts in Underground Markets: Past, Present, and Future (Trend Micro) This research paper presents a wide-ranging view of dark web marketplaces and underground cybercriminal forums.
Double-crossing ransomware decryptor scrambles your files again! (Naked Security) Just when you thought a bad thing could get no worse…
CallStranger vulnerability lets attacks bypass security systems and scan LANs (ZDNet) The CallStranger vulnerability can also be used to launch major DDoS attacks.
Singapore’s Contact Tracing Wearable Causes Privacy Backlash (Threatpost) Thousands have signed a petition that underscores data privacy issues with Singapore's newly announced contact-tracing wearable, in development.
Google's indexing of WhatsApp numbers raises privacy concerns (BleepingComputer) Google is indexing the phone numbers used on WhatsApp, and a researcher is concerned that it could cause privacy issues or be used for malicious purposes.
Cyber incidents at NASA surged by 366% (Atlas VPN) According to data extracted and analyzed by Atlas VPN, cyber incidents at NASA increased by 366% in 2019. Being one of the nation’s most important federal agencies, this is an alarming finding.
Poorly-secured AWS buckets used to launch Magecart attacks (ComputerWeekly) Cyber criminals are exploiting misconfigured AWS S3 buckets to run credit card fraud and malvertising campaigns, according to new data.
Magecart Targets Emergency Services-related Sites via Insecure S3 Buckets (The Hacker News) Magecart Hackers Used Misconfigured Amazon S3 Buckets to Steal Payment Card Data From Emergency Service-related Websites.
KingMiner botnet brute-forces MSSQL databases to install cryptocurrency miner (ZDNet) The KingMiner gang is brute-forcing the "sa" user, the highest-privileged account on a MSSQL database.
Malicious Android apps deactivated fraud code to bypass Google's security scans (ZDNet) Trick didn't work. Google banned them anyway.
Exploits Target Patched Server Message Block (ISSSource) Publicly available and functional proof-of-concept (PoC) code that exploits a vulnerability in the Microsoft Server Message Block 3.1.1 (SMBv3) protocol CVE-2020-0796 in unpatched systems, according to a report with CISA.
CISA Warns that Windows SMB 3 Exploit Code Now Published (Redmondmag) Functional proof-of-concept code for a Server Message Block 3.1.1 vulnerability in newer Windows systems has been published, the U.S. Cybersecurity and Infrastructure Security Agency warned on Friday.
Online Voting System Used in Florida and Elsewhere Has Severe Security Flaws, Researchers Find (One Zero) Significant problems with Democracy Live’s OmniBallot internet voting program could result in doctored ballots as voters gear up for election season in the era of Covid-19
Minuscule number of potentially fraudulent ballots in states with universal mail voting undercuts Trump claims about election risks (Washington Post) A Washington Post analysis found that state officials identified just 372 possible cases of fraud out of about 14.6 million votes in five elections in which ballots were all cast by mail.
Elexon files posted online following May’s ransomware attack (Current) Documents obtained during a cyberattack on Elexon last month have reportedly been leaked on the dark web.
Vulnerability Summary for the Week of June 1, 2020 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.
Dark Web Price Index 2020. Check all 2020 Dark Web Prices (Privacy Affairs) To see just how prevalent items of personal data are being listed on the dark web, and at what price, we sent our researchers on a data-gathering mission.
U.P. Cebu confirms data breach on its Student Evaluation on Teaching system (Rappler) The names and passwords to access a site used to let students rate the performance of their lecturers and professors are made public in the breach
South Africa's Life Healthcare hit by cyber attack (1450 99.7 WHTC) (Reuters) - South Africa's Life Healthcare said on Tuesday its southern African operation was hit by a cyber attack affecting its admissions systems, business processing systems and email servers, but is yet to determine the extent to which data has been compromised.
The hospital operator said its patient care was not impacted and an investigati...
Security Patches, Mitigations, and Software Updates
Get the Windows 10 June Patch Tuesday updates today (Windows Report) Microsoft will soon release the 6th round of major updates of 2020 called the Patch Tuesday Updates, and these also include improvements to Windows 10 2004.
Microsoft Patch Tuesday is nigh: Pause updates now. (Computerworld) Take a minute right now and make sure you have Windows Update paused. Every month we see problems with patches -- some rare and innocuous, others toxic to a specific subset of Windows users. Step out of the line of fire. It’s easy.
High-severity bugs patched in Chrome, Firefox browsers (SC Magazine) Google has introduced multiple security fixes for the desktop edition of its Chrome browser and Mozilla has also done the same for Firefox and Firefox Extended Support Release.
Ransomware attacks spike by 140%, 57% of organizations agree to pay (Atlas VPN) Data extracted and analyzed by Atlas VPN reveals, the amounts of demanded ransom payments increased by 140%, comparing the numbers of 2018 to 2019. More and more organizations succumb to blackmail: 57% of organizations settled and paid the ransom during the last 12 months.
Continuous Intelligence Moves from Hype to Reality in the C-Suite According to New Report from Sumo Logic (Sumo Logic) Independent Survey Shows 88% of C-level Executives Believe their Company will Benefit from Continuous Intelligence, with 76% Planning to Employ it within the Next Year to Help Drive Speed and Agility
We're seeing more cyber attacks this year 'than ever before,' CrowdStrike CEO says (Yahoo) CrowdStrike CEO George Kurtz joins Yahoo Finance’s Zack Guzman to discuss the biggest risks and security threats Americans are facing as many continue to work from home amid the coronavirus.
European Organisations Have False Sense of (cyber) Security, Despite Over Half Suffering a Breach (BusinessWire) New insights from the 2020 Thales Data Threat Report – European Edition reveal that European organisations have a false sense of security when it come
E3/Sentinel's fifth acquisition to pave way for rebrand (Washington Technology) E3/Sentinel's fifth acquisition in the less than two years since E3 and Sentinel merged paves the way for a rebranding.
Rackspace changes name in preparation for public markets (San Antonio Business Journal) Rackspace is now Rackspace Technology, the company announced Monday morning.
A Guide To Digital Risk Protection For Security Teams (Momentum Cyber) We are pleased to provide you with Momentum’s Cybersecurity Snapshot for April 2020. Strategic activity in April included 43 transactions completed totaling $1.5B in deal value across M&A (14 transactions, $557M) and Financing (29 transactions, $922M).
Israel's NSO showcases drone tech, pushes to counter rights abuse allegations (Reuters) Israel's NSO Group showcased a new anti-drone defence on Monday, giving the public a rare look at its technology as it seeks to counter allegations that another of its products has aided privacy breaches and political surveillance.
IBM will no longer offer, develop, or research facial recognition technology (The Verge) IBM is also advocating for police reform.
Panacea Infosec to hike headcount by 40-45 per cent; sees rising demand for cybersecurity, audits (The Economic Times) At present, Panacea offers its services in verticals of cybersecurity consulting, auditing and compliance areas like certification and assessment services, CERT-In security auditing services, threat and vulnerability management, advisory services, managed security services, training and products.
Demand for Cybersecurity Operations Fueling Arctic Wolf’s Growth (BusinessWire) Arctic Wolf®, the leader in security operations, today announced that its fourth fiscal quarter of FY2020, ended April 30, set a record for most reven
Products, Services, and Solutions
HelpSystems Expands Native Virus Protection Software to Include LinuxONE and IBM Z (GlobeNewswire) HelpSystems announced today that its native virus protection software Powertech Antivirus has expanded to include coverage for IBM LinuxONE and Linux on IBM Z.
Huawei and Trustonic App Protection Partnership Grows with Huawei P40 Series Launch (Trustonic) Trustonic platform can now be used by developers to secure apps with both multiple hardware-backed TEEs and advanced software protection to enable the next generation of secure mobile user experiences.
Kaspersky launches free online talks to spread cybersecurity knowledge (BetaNews) Kaspersky has announced that it's launching a series of online talks, created to present knowledge and the latest cybersecurity findings, freely accessible to anyone with an internet connection.
BeyondTrust secures Mac and Windows endpoints with SaaS offering (TahawulTech.com) BeyondTrust has announced that its BeyondTrust Privilege Management for Windows and Mac solution is now available as SaaS (software-as-a-service).
Data61's seL4 security enforcement now available to the RISC-V ecosystem (ZDNet) CSIRO has announced the completion of the proof of implementation correctness of the open-source seL4 microkernel for the RISC-V ISA.
Thycotic Offers Free Digital Toolkit to Help Secure Remote Worker Access (PR Newswire) Thycotic, provider of Privileged Access Management (PAM) solutions for more than 10,000 organizations worldwide, including 25 of the Fortune...
Cryptographic Solutions Delivering Cloud, IoT, Blockchain and Digital Payment Security (nCipher Security) nCipher Security empowers world-leading organizations by delivering trust, integrity and control to their business critical information and applications.
Proofpoint Launches New Enterprise Archiving Innovations Across eDiscovery and Compliance Supervision (Proofpoint) Advancements reduce enterprise compliance risks while streamlining regulatory audits and investigations for cost effectiveness
Centrify Debuts Reliance Partner Program for Identity-Centric Privileged Access Management (Centrify) Centrify, a leading provider of Identity-Centric Privileged Access Management (PAM) solutions, today unveiled the Centrify Reliance Partner Program to empower the Centrify channel ecosystem to quickly and easily meet the demand for Identity-Centric PAM.
Aon’s partnership with GK8 provides insurable digital-asset storage tech (Hedgeweek) The product provided by GK8, a high-security custody solution for safeguarding and managing digital assets, is now insurable via Aon UK Ltd utilising insurance provided by a panel of insurers led by Arch Underwriting at Lloyd’s Syndicate 2012, which is part of the Lloyd’s insurance market.
Securden Unveils Enhancements to its Remote Access Solution with Turnkey Provisions Eliminating VPN Hassles (PR Newswire) Securden, Inc., a leading provider of Privileged Access Governance solutions today announced that it has implemented significant enhancements...
Osmio Tackles Deep Fake Videos & Fake News (PR Newswire) Videos, images, and news stories can now be digitally signed by their creator, letting anyone know exactly what individual is responsible for...
Unisys Announces Support for Cyber4Healthcare a Global Cybersecurity Initiative in Healthcare with the CyberPeace Institute (Unisys) Unisys Corporation (NYSE: UIS) today announced its support of the CyberPeace Institute’s Cyber4Healthcare initiative, a program designed to offer free cybersecurity services to healthcare providers fighting the COVID-19 pandemic. This follows a public call last month asking governments around the globe to join forces with the private sector and academia to ensure that medical facilities are protected from cyber threats.
Looking at Big Threats Using Code Similarity – part 1 (Secure List) Today, we are announcing the release of KTAE, the Kaspersky Threat Attribution Engine. This code attribution technology, developed initially for internal use by the Kaspersky Global Research and Analysis Team,
Futurex and Venafi Partner to Expand Machine Identity Protection (PR Newswire) Futurex, a leading provider of hardened enterprise-class data security solutions, and Venafi, the leading provider of machine identity...
Technologies, Techniques, and Standards
The eight reasons building a contact-tracing app is so difficult (The Telegraph) From convincing people to download the technology to Bluetooth issues, we take a look at why the NHSX app is delayed
UK Provides Software Co Access To Personal Data (PYMNTS) United Kingdom officials gave a California software company access to the personal data of millions of British residents to answer questions around COVID-19.
Bishop Fox, Illumio Share Microsegmentation Research Findings (Dark Reading) Project finds a 300% increase in attacker difficulty with even simple microsegmentation.
Mitigating Kubernetes Vulnerabilities with the Least Privilege Principle | Tufin (Tufin) A few days ago, the Kubernetes community announced a new vulnerability: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements This is a normal event with any software package. Vulnerabilities are found, fixed and announced, but not necessarily in this order.
Deconstructing the Adversary Exploit Process (Recorded Future) In this report, Recorded Future's Insikt Group examines current attacker methodologies to reveal how exploitation testing may play out in the wild.
Design and Innovation
How to improve cybersecurity for artificial intelligence (Brookings) Key defenses against cyberattacks.
Twitter to launch a revamped verification system with publicly documented guidelines (TechCrunch) Twitter is developing a new in-app system for requesting verification, according to a recent finding from reverse engineer Jane Manchun Wong, which Twitter has since confirmed. The discovery involves an added “Request Verification” option that appears in a redesigned account settings sc…
Facebook to Review Content Policies Related to Civil Unrest, Violence (Wall Street Journal) Facebook CEO Mark Zuckerberg said that the company will review existing policies on how it handles content related to civil unrest or violence, as the company faces criticism over its decision to not moderate or take down certain posts.
NYU study: Facebook’s content moderation efforts are ‘grossly inadequate’ (VentureBeat) In a scathing indictment of Facebook's content moderation practices, a new study says outsourcing is a key reason the company's efforts are failing.
Research and Development
DARPA Seeks to Embed Security Into Chip Designs (EE Times Asia) As semiconductors become the choke point in global tech wars, the U.S. looks to advance security to the IC design stage...
Peng Liu, co-authors earn Test-of-Time Award (Penn State University) A paper co-authored by Peng Liu, Raymond G. Tronzo, MD Professor of Cybersecurity in the College of Information Sciences and Technology, has been selected as one of the two winners of the prestigious 10-year Test-of-Time Award from the 2020 IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) — a top conference in fault tolerance and dependable computing.
Legislation, Policy, and Regulation
Analysis | The Cybersecurity 202: Senate panel says U.S. telecoms failed for decades to prevent Chinese spying (Washington Post) Chinese telecoms operated in the United States with minimal oversight.
Investigation finds interagency group lacked authority to oversee Chinese telecom companies (Federal News Network) A Senate subcommittee completed a year-long investigation into federal oversight of three Chinese telecommunications companies.
Huawei on the defensive as threat of UK 5G exclusion hovers (Engineering & Technology) As the UK government considers making a U-turn on its decision to permit Huawei a limited role as a supplier for the country’s 5G infrastructure, the Shenzhen-based telecommunications giant is launching a full-throttle media campaign to bolster its reputation.
KrattAI: Estonia's National Artificial Intelligence Strategy (Interesting Engineering) KrattAI will let people in Estonia use public information services by voice-based interaction with AI-based virtual assistants.
Canadians' Security and Privacy Must Be Protected in The Race To Trace (PR Newswire) Canadians seem ready to embrace digital contact tracing to help contain COVID-19 through an anonymous mobile app, with a majority prepared to make the...
Israeli security head calls for halt in virus phone tracking (AP NEWS) The head of Israel's Shin Bet security service reportedly said Monday that he opposes the continued use of his agency's phone-snooping technology to track coronavirus...
Government publishes artificial intelligence procurement guidance (ComputerWeekly) A document has been published outlining the challenges for public sector buyers as well as best practices.
Can the UK government’s efforts solve the cyber skills gap? (ComputerWeekly) There has been an active effort by the UK government to tackle the lack of skills in the cyber security space – but is it enough?
California Attorney General Submits Final CCPA Regulations for Review (Cooley) On June 1, the California Attorney General submitted its final proposed regulations implementing the CCPA to the California Office of Administrative Law (OAL) for its review and approval. The final…
Germany Govt Bans official Whatsapp use oped (CIOReview) Germany Govt Bans official Whatsapp use oped By Adam A. Such II, President and COO, Communication Security Group Inc. - Officials say no, nein and not for official use to WhatsApp
Litigation, Investigation, and Law Enforcement
House Intelligence Committee chairman wants to know whether Pentagon spy agency provided information on protesters (Washington Post) Rep. Adam B. Schiff (D-Calif.) is seeking assurance that no intelligence agency resources were used to track demonstrators.
Agencies Spending Millions on 'Crossbow' Spy Tech, an Upgraded Stingray (Vice) Motherboard found various military and federal law enforcement agencies have bought the Crossbow, which appears to target phones on 4G.
Most Bitcoin Trading Faked by Unregulated Exchanges, Study Finds (Wall Street Journal) Nearly 95% of all reported trading in bitcoin is artificially created by unregulated exchanges, a new study concludes, raising fresh doubts about the nascent market following a steep decline in prices over the past year.
UK Supreme Court To Hear Google Data Privacy Case (Law360) The Supreme Court has agreed to weigh in on whether a collective lawsuit brought against Google for allegedly tracking the personal data of 4 million iPhone users should be allowed to proceed through the U.K.'s courts.
Macy's To Pay Up To $192K To End Data Breach Suit (Law360) Macy's Inc. will pay up to $192,500 to settle claims that its "cavalier" approach to data security opened the door for hackers to access online customer accounts over a three-month span in 2018, according to terms approved by an Alabama federal court.
Amazon sues former AWS marketing VP Brian Hall after he takes Google Cloud job (GeekWire) A lawsuit filed by Amazon against Brian Hall, former Amazon Web Services vice president of product marketing, alleges that his new role at Google Cloud violates the terms of his non-compete agreement…