InvisiMole and Gamaredon cooperation. Spyware in Chrome extensions. Phishing and redirection. Brisk criminal forum business.

Cyber Attacks, Threats, and Vulnerabilities

Cisco WebEx Memory for the Taking: CVE-2020-3347 (Trustwave) Due to the global pandemic of COVID-19, there’s been an explosion of video conferencing and messaging software usage to help people transition their work-life to a work from home environment. Vulnerabilities in this type of software now present an even greater risk to its users.

Vulnerable platform used in power plants enables attackers to run malicious code on user browsers (Help Net Security) Otorio identified a high-score vulnerability in OSISoft’s PI System. OSIsoft Software filed with ICS-CERT (ICSA-20-163-01).

Amid border tensions, China targets Indian government websites and banking systems; attack foiled successfully (Times Now News) Amid border tensions with India, China launched cyber-attack on the country by targeting government websites and banking systems.

Digging up InvisiMole’s hidden arsenal (WeLiveSecurity) ESET researchers describe their findings gleaned during an investigation of attacks that the InvisiMole group conducted against high-profile organizations in Eastern Europe in 2019.

InvisiMole Group Resurfaces Touting Fresh Toolset, Gamaredon Partnership (Threatpost) InvisiMole is back, targeting Eastern Europe organizations in the military sector and diplomatic missions with an updated toolset and new APT partnership.

InvisiMole Hackers Target High-Profile Military and Diplomatic Entities (The Hacker News) InvisiMole hackers have been found targeting high-profile military and diplomatic entities in Eastern Europe for espionage.

InvisiMole malware delivered by Gamaredon hacker group (BleepingComputer) Security researchers have demystified the attack chain of the elusive InvisiMole cyberespionage group, revealing a complicated multi-stage format that relies on vulnerable legitimate tools, target-specific encryption of payloads, and stealthy communication.

Office 365 Phishing Campaign Exploits Samsung, Adobe and Oxford Servers (Check Point Research) Introduction Over the last few years, the adoption of Office 365 in the corporate sector has significantly increased. Its popularity has attracted the attention of cybercriminals who launch phishing campaigns specifically to attack the platform. As 90% of cyber-attacks start with a phishing campaign, Office 365 is an attractive target for threat actors who work... Click to Read More

These Genius Hackers ‘Hijacked’ Oxford University Systems To Attack Microsoft Office 365 Users (Forbes) It is becoming ever harder to defend against today's sophisticated cyberattacks—here's a good example of why.

Check Point uncovers targeted Microsoft Office 365 phishing campaign (ComputerWeekly) Organised criminal campaign exploited Adobe, Oxford University and Samsung web domains to trick users into giving up their passwords

Analysis | How a T-Mobile Outage Got Mistaken for a Cyber Attack (Washington Post) A mishap in T-Mobile’s network shows how lack of industry oversight and transparency can lead to harmful misinformation.

“Full-on supply chain disaster”: Hundreds of millions of IoT devices hit by Ripple20 flaws (SC Magazine) Nearly 20 zero day vulnerabilities in TCP/IP library, including critical vulnerabilities in the DNS protocol, could result in remote control of devices - impact, magnified by supply chain dissemination

Ensuring order in the underground: Recruiting moderators on cybercriminal forums (Digital Shadows) While there have been many predictable consequences of the ongoing global COVID-19 (aka coronavirus) pandemic, few would have foreseen significant growth for multiple cybercriminal forums.

Exclusive: Massive spying on users of Google's Chrome shows new security weakness (Reuters) A newly discovered spyware effort attacked users through 32 million downloads of extensions to Google's market-leading Chrome web browser, researchers at Awake Security told Reuters, highlighting the tech industry's failure to protect browsers as they are used more for email, payroll and other sensitive functions.

Massive Spying on users of Google's Chrome shows New Security Weakness (Patently Apple) A new report published late last night states that a newly discovered spyware effort attacked users through 32 million downloads of extensions to Google’s market-leading Chrome web browser. This highlights the tech industry’s failure to protect browsers as they are used more for email, payroll and other sensitive functions.

More ad fraud apps found hiding on Google Play Store (Naked Security) Fraudulent Android app developers have been discovered trying to manipulate Google’s Play Store security by removing suspicious code before adding it back in to see what trips detection systems.

Google Alerts catches fake data breach notes pushing malware (BleepingComputer) Fraudsters recently have been pushing fake data breach notifications using big company names to distribute malware and scams. They're mixing black SEO, Google Sites, and spam pages to direct users to dangerous locations.

Voicemail Phishing Attacks Threatens 100,000 Inboxes, Leaving Remote Workers Particularly Vulnerable (CPO Magazine) 100,000 inboxes of remote workers have recently fallen victim to voicemail phishing attacks that could successfully bypass secure email gateways and DMARC authentication protocol.

Shlayer Mac Malware Returns with Extra Sneakiness (Threatpost) Spreading via poisoned Google search results, this new version of Mac's No. 1 threat comes with added stealth.

Previously Exposed Credentials Recirculate Underground (CPO Magazine) New exposed credentials are growing steadily with an increase of 16.6% from last year while previously exposed information continues to recirculate within underground communities.

REPORT: The Proliferation of COVID-19 Contact Tracing Apps Exposes Significant Security Risks (Guardsquare) Guardsquare’s team set out to understand and analyze what, if any, protections COVID-19 contact tracing apps are employing. This report summarizes our findings. Learn more

Exfiltrating User’s Private Data Using Google Analytics to Bypass CSP (PerimeterX) How we use debriefs at PerimeterX to create a learning culture

Maze Ransomware Gang Strikes Chipmaker MaxLinear (BankInfo Security) Semiconductor manufacturer MaxLinear confirmed this week that it was hit by the Maze ransomware gang in April and some “proprietary information” was exfiltrated

Sharp Rise in Web Attacks on Gamers (Infosecurity Magazine) Gaming-related web attacks increased by more than 50% in April

Copied master key forces South African bank to replace 12 million cards (The State of Security) Fraudsters stole more than $3.2 million from the banking division of South Africa's post office after a catastrophic breach of security.

AWS said it mitigated a 2.3 Tbps DDoS attack, the largest ever (ZDNet) The previous record for the largest DDoS attack ever recorded was of 1.7 Tbps, recorded in March 2018.

Bug in ‘USB for Remote Desktop’ lets hackers add fake devices (BleepingComputer) An unpatched vulnerability in software that redirects local USB devices to a remote system could help attackers elevate privileges on a target machine by adding fake devices.

To evade detection, hackers are requiring targets to complete CAPTCHAs (Ars Technica) Requiring human interaction thwarts automated analysis used by good guys.

KPD: Records cannot be accessed or entered due to ransomware attack (WVLT) KPD records remain inaccessible after ransomware attack, mayor to address issue this afternoon

Cosmetics company Avon offline after cyber attack (ComputerWeekly) Representatives left unable to place orders after company’s back-end systems went offline over a week ago.

Computer attack targets Care New England hospital group (WPRI) Rhode Island’s second-largest hospital group owns Women & Infants, Kent and Butler.

How I Accidentally Hijacked Someone's WhatsApp (Vice) Because of phone number reuse, I ended up receiving a load of a stranger’s personal WhatsApp messages.

Expert Comments On Nine Out Of Ten 'Ethical' Hackers Abuse Cloud Service Providers (Information Security Buzz) Infosec pros and hackers regularly abuse cloud service providers to conduct reconnaissance and attacks, despite efforts by cloud providers to limit such activity. In a recent research paper titled “Cloud as an Attack Platform”, five boffins from Texas Tech University – Moitrayee Chatterjee, Prerit Datta, Faranak Abri, Akbar Siami-Namin, and Keith Jones – describe a series …

Security Patches, Mitigations, and Software Updates

In reversal, Zoom says all users will have access to end-to-end encryption (CyberScoop) Privacy and security experts had criticized the videoconferencing company's decision to limit which accounts had access to improved privacy and security.

Adobe drops slew of critical patches (Naked Security) Adobe released another set of patches for its products on Tuesday, a week after dropping its first set of fixes for the month.

Netgear moves to plug vulnerability in routers after researchers find zero-day (CyberScoop) A newly discovered software vulnerability could allow hackers to remotely exploit home internet routers, offering a foothold for breaking into the devices running on those networks.

Cyber Trends

Vulnerabilities and threats in mobile banking (Positive Technologies) In 2019, we chose 14 fully featured mobile banking applications (client + server) for our research.

COVID-19 Online Traffic and Attack Data Report (home.neustar) Learn about changes in DNS traffic patterns and the growth of Distributed Denial of Service (DDoS) attacks during the COVID-19 pandemic. Download the report today.

DoubleVerify detects a 161% increase year-over-year in fraudulent CTV traffic (PPC Land) DoubleVerify this month released stats for Ad Fraud in Connected TV (CTV) for the first quarter. Between January and April of 2020,

The Challenge of OT Security in a Converged World (automation.com) Absent an effective OT security plan, OT enterprise and their integrated ICS/SCADA systems are left vulnerable to cyberattacks that could result in financial loss, reputational damage, diminished consumer confidence, and even threaten the safety of citizens—and in the case of critical infrastructures, also threaten national security.

The Cyber Revolution – akin to the Industrial Revolution (The Jerusalem Post) Attacks on Israeli websites, cellphone tracking of coronacirus victim contacts, online medical services and even crime comprise the cyberworld pervading our lives.

Marketplace

Army delays final RFP of encryption device (C4ISRNET) The Army might modify the request for proposals to increase competition.

McAfee Awarded Defense Innovation Unit Contract to Deliver Secure Cloud Management (BusinessWire) McAfee, the device-to-cloud cybersecurity company, today announced it has received an Other Transaction Authority (OTA) award from the Defense Innovat

Former Google CEO Eric Schmidt says there's 'no question' Huawei endangered US national security (Business Insider) Eric Schmidt, now an advisor on the US government's Defense Innovation Board, said some of Huawei's practices have damaged national security.

Six months after cyberattack, LifeLabs says it has appointed a CISO and rolled out new security policies (IT World Canada) Half a year after suffering arguably the worst data breach in Canadian history, LifeLabs provided its customers with an update on what it’s doing to make sure history isn’t repeated.

Facebook To Ban Foreign State-Backed Political Ads In US (Law360) As the U.S. presidential election in November approaches, Facebook says it will be blocking political ads from foreign state-run media organizations as a way to curb election interference and allowing users to switch off all political ads.

No, Google Didn't Demonetize The Federalist & It's Not An Example Of Anti-Conservative Bias (Techdirt.) So, earlier today, NBC reported that Google had "banned" two well known websites from its ad platform, namely The Federalist and Zero Hedge. The story was a bit confusing. To be clear, both of those sites are awful and frequently post...

Dragos Awarded as Technology Pioneer by World Economic Forum (BusinessWire) Dragos, Inc., provider of the Dragos Platform, the industry’s most trusted industrial asset identification, threat detection and response technology,

Endace Wins 2020 Fortress Cyber Security Award (BusinessWire) EndaceProbe Analytics Platform receives 2020 Fortress Cyber Security Awards in the Network Security category for innovation in cybersecurity

Druva Recognized as Leading Solution for Customer Experience with 88 NPS Score (BusinessWire) Druva, Inc., the leader in Cloud Data Protection and Management, today announced the company has been recognized for its outstanding customer experien

Hugo Teufel Joins CenturyLink As Chief Privacy Officer (MediaRoom) CenturyLink, Inc. (NYSE: CTL) announced today that Hugo Teufel has joined the technology company as its new chief privacy officer. As a noted expert in the field, he will...

FireEye Appoints Brad Maiorino As Chief Strategy Officer (Seeking Alpha) Veteran CISO brings decades of frontline experience to lead expansion of Mandiant services and solutions

Products, Services, and Solutions

Palo Alto Networks Unveils New Firewalls, IoT Security Solution (SecurityWeek) Palo Alto Networks has unveiled a new ML-powered firewall, a firewall for Kubernetes, and an IoT security solution

Palo Alto Networks launches World’s First machine learning powered next generation firewall (Express Computer) The firewall embeds machine learning (ML) in the core of the firewall to proactively assist in intelligently stopping threats, securing IoT devices, and recommending security policies

Belden Expands Forescout Partnership to Protect Industrial and Critical Infrastructure from Cyber Threats (Tripwire) Leaders in ICS security offer enhanced joint offerings with Tripwire and Hirschmann cybersecurity solutions

Bitglass Strengthens Security for the Modern Workforce by Deepening Integration with a Leading MFA Vendor (BusinessWire) Bitglass, the Next-Gen Cloud Security Company, today announced a deepened integration with Duo Security, now part of Cisco, a leading multi-factor aut

Cequence Security Announces API Sentinel for Continuous API Security Visibility and Monitoring (BusinessWire) API Sentinel is a runtime API security solution delivering continuous API visibility, shadow API discovery, risk analysis, and conformance assessment.

iProov to Provide Contactless Travel Entry for Eurostar as Part of Railway Innovation Initiative (BusinessWire) iProov, the world leader in spoof-resistant opt-in biometric authentication technology, today announced that its technology will be used to improve th

BlackBerry and Intel Partner to Stop Cryptojacking Malware (PR Newswire) BlackBerry Limited (NYSE: BB; TSX: BB) announced today the release of BlackBerry® Optics v2.5.1100 with cryptomining and cryptojacking...

Boxcryptor’s New Single Sign-on with Zero-Knowledge Guarantee (Boxcryptor) Read how Boxcryptor’s Single Sign-on (SSO) with zero knowledge guarantee works and also, how we implemented SCIM in our Enterprise cloud security solution.

Radiflow Industrial Detection Platform version 5.7 is launched (Global Security Mag Online) Radiflow announced a major version release for its iSID Detection and Analysis Platform that will enhance operational asset management and streamline analyst workflow to strengthen the security posture of its customers. Radiflow’s iSID Detection and Analysis Platform provides proactive cybersecurity for critical infrastructures through non-intrusive monitoring of distributed production networks.

BitDam provides SMEs with an additional layer of defense against email-based cyber-attacks (Help Net Security) BitDam is available to small to medium-sized enterprises (SMEs) to provide an additional layer of defense against email-based cyber-attacks.

Indo-Israeli Start-up SafeHouse Tech Launches World's Fastest VPN with BodyGuard 4.0 (The Week) SafeHouse Tech has launched their flagship mobile security product BodyGuard on major digital platforms today.

McAfee MVISION Cloud Becomes First Cloud Access Security Broker to Receive U.S. Government’s FedRAMP High JAB P-ATO Designation (BusinessWire) McAfee, the device-to-cloud cybersecurity company, today announced that McAfee MVISION Cloud is the first Cloud Access Security Broker (CASB) platform

Technologies, Techniques, and Standards

Revised DOJ compliance guidance offers risk-management lessons for cybersecurity leaders (CSO Online) Prosecutors use this guidance to assess criminal liability in a compliance breach, so it behooves business and security leaders to understand the expectations.

Ransom Demands: What Happens If Victims Pay or Don't Pay? (BankInfo Security) If your organization gets hit by ransomware, what should happen next? Ideally, organizations will get help to identify the best response, says Kroll's Alan Brill.

A brief look at AI-enhanced security solutions (Computing) IT leaders aren't ready to hand over security to a benevolent machine just yet, but their next purchase will probably have an AI label

How to Spot Phony Images and Online Propaganda (Wired) During times of crisis—and presidential elections—manipulated photos and videos flood social media. But there are a few tricks you can use to avoid getting duped.

23 IS achieves full operational capability for combat cyber mission forces (Dobbins Air Reserve Base) The 23rd Intelligence Squadron achieved full operational capability (FOC) after almost three years of hard work and three months ahead of when originally projected.

How do I select a security awareness solution for my business? (Help Net Security) In order to select the right security awareness solution for your business, you need to think about a number of factors. Industry experts offer insight.

AI: Beating Bad Actors at Their Own Game (Security Magazine) Like any technology, AI holds the potential to be weaponized, and more of this type of activity is certainly on the horizon.

Building relationships: The key to becoming a true cybersecurity leader (Help Net Security) The best cybersecurity leaders are those that are building trusted relationships with business leaders, who in turn act as advocates for security.

Design and Innovation

No More Anti-Virus Software – Atense Inc., a Cyber Defense Company Claims To Have Developed The World’s First Computer Vaccine - Press Release - Digital Journal (Digital Journal) Atense Inc., a Cyber Defense company claims that people could soon be saying “Goodbye” to anti-malware and antivirus software thanks to the development of the first vaccine for computers.Atense Inc., a Cyber Defense company is launching a Kickstarter Campaign that will kick off on July 7th, to introduce its computer vaccine to the world. The now patented computer vaccine is the first of its kind, and while the company has been tightly lipped about how it works, they have been saying that it will do away with the need for anti-malware and antivirus software. 

Research and Development

Researcher builds solution to work-from-home cloud-computing “storms” (UTSA Today) The outbreak of COVID-19 pushed rapid deployment of the work-from-home movement. Azure Cloud Computing saw a 775% increase in cloud usage in social-distanced areas, while Amazon Web Services experienced 33% growth in the first quarter of this year alone.

Academia

Cyberattacks Increasingly Threaten Schools — Here’s What to Know (EdTech) With the shift to virtual classrooms, districts need to be extra vigilant about cybersecurity.

Crypsis and Duke University Announce the "Sanford-Crypsis Cyber Cup" Cybersecurity Policy Competition (PR Newswire) The Crypsis Group, a leading incident response, risk management and digital forensics firm, today announced they are partnering with Duke...

De Montfort University’s cyber security courses receive certification (Government Computing Network) De Montfort University Leicester said that its MSc in Cyber Security and MSc in Cyber Technology have been certified by the National Cyber Security Centre.

Legislation, Policy and Regulation

French watchdog warns against COVID-19 smart surveillance (Reuters) The use of a new range of surveillance cameras to check adherence to rules in the wake of the novel coronavirus outbreak risks undermining the fabric of democracy, France's data privacy watchdog CNIL said on Wednesday.

Labor asks for the whereabouts of Australia's overdue cybersecurity strategy (ZDNet) Shadow Assistant Minister for Cyber Security Tim Watts hopes the new strategy shows the 'substance and imagination that our national cyber-resilience deserves' and that it's accompanied by an accountable minister.

Kim Jong Un has quietly built a 7,000-man cyber army that gives North Korea an edge nuclear weapons don't (Business Insider) North Korea's cyber army is trained to find secrets, disrupt critical infrastructure, and steal money to help the isolated country avoid sanctions.

Iran Appears Poised to Go on the Cyber Offensive (Stratfor) The shift to trying to physically damage targets via cyberattacks threatens local and Western companies in the Mideast, and critical infrastructure worldwide.

US-China row moves underwater in cable tangle (BBC News) In another sign of growing tension, a high-speed internet cable looks set to be blocked by the US.

Federal agencies recommend blocking Hong Kong-US undersea cable over national security concerns (CyberScoop) Concerns about the cable have grown along with Beijing's influence over Hong Kong.

How the China vs US technology race is remapping the world (The Telegraph) Two hemispheres are emerging in the global technology race

U.S. or China: Who will end up winning the 5G Cold War? (CTECH) This Cold War is not about advanced weaponry or the pursuit of noble causes like social ideology or conquering outer space. This time it is about the long and tedious battle over advanced telecommunication technology

John Bolton: The Scandal of Trump’s China Policy (Wall Street Journal) The president pleaded with Chinese leader Xi Jinping for domestic political help, subordinated national-security issues to his own re-election prospects and ignored Beijing’s human-rights abuses.

Persistent Vulnerabilities: Strengthening Cybersecurity Requirements for the Department of Defense (Council on Foreign Relations) Cyber vulnerabilities in major weapons platforms pose a significant threat to U.S. national security. Developing a comprehensive evaluation process is essential to ensuring the security and resilience of the technologies that underpin U.S. deterrence and warfighting.

Justice Department reveals proposals to curb platforms' protections (Axios) DOJ plan would create more restrictions around tech content moderation.

Justice Department Proposes Limiting Internet Companies’ Protections (Wall Street Journal) The Justice Department proposed a rollback of legal protections that online platforms have enjoyed for more than two decades, in an effort to make tech companies more responsible in how they police their content.

Justice Department recommends new legislation holding Facebook, Google and Twitter liable for some online content (Washington Post) The Justice Department urged Congress to adopt new legislation that would punish Facebook, Google and Twitter for harmful content posted online, threatening to erode a long-cherished legal immunity that Silicon Valley says is critical to the future of the Internet.

The Defining Law of the Internet Age (Wall Street Journal) The Justice Department’s proposal to give online platforms less legal protection from lawsuits is the latest effort to revamp the defining law of the internet age.

Hawley unveils bill targeting Big Tech's shield (Axios) GOP senator's bill would give consumers grounds to sue over accusations of online censorship.

Senator Hawley's New 'Section 230' Bill Isn't Going to Make Silicon Valley Sweat (Gizmodo) Sen. Josh Hawley, one of Facebook’s most vocal critics on Capitol Hill, introduced new legislation on Wednesday that would purportedly chip away at the limited liability shield that protects social media giants from being sued for content moderation decisions.

New Legislation Could Signal Critical Mass On Section 230 (Law360) The U.S. Department of Justice and GOP senators unveiled two separate legislative plans Wednesday to hold web platforms more accountable for their content moderation practices, signaling broader backing for the White House's recent efforts to target online censorship.

CIA Report Prompts Call for DHS Cyber Authority Over Intelligence Agencies (Nextgov) Senator asks the director of national intelligence why his office hasn’t implemented a basic anti-phishing tool like the rest of the government.

Theft of CIA hacking tools spotlights the spy agency’s “lax” security (MIT Technology Review) American intelligence agencies are still falling short on security, years after high-profile data leaks from Edward Snowden, Chelsea Manning, and Joshua Schulte, according to a member of the US Senate Intelligence Committee. In a letter to Director of National Intelligence John Ratcliffe, Senator Ron Wyden uses a 2017 internal report from the CIA to detail…

Senator Raises Concerns About Ability of U.S. Intelligence to Protect Secrets (SecurityWeek) Sen. Ron Wyden has raised concerns about the ability of intelligence agencies to protect secrets and has asked the director of national intelligence about steps taken to improve cybersecurity

Executive Order Restraints on Sourcing of Power System Equipment Raise Challenges for Developers (JD Supra) On May 1, 2020, the President issued Executive Order 13920, “Securing the United States Bulk-Power System” (“E.O. 13920”) to address what the Trump...

Commissioners Urge Hiring Changes to Fill Government Jobs in Cyber, AI (Wall Street Journal) Streamlining security clearance and subsidizing college costs might help land candidates as the private sector beckons.

Analysis | The Cybersecurity 202: D.C., Georgia reflect divergent Democratic and Republican approaches to mail ballots (Washington Post) The District is embracing mail voting after a troubled primary, while Georgia is backing off.

Pentagon Wants to Scale Up Its Device Security Program (Nextgov) The Comply-to-Connect program ensures devices connecting to military networks have baseline security without needing to install endpoint management apps.

Retiring DOD deputy CIO reflects on a long career in federal service (Federal News Network) Essye Miller, DoD’s first black female principal deputy CIO talks about leadership and how to develop the next generation of leaders in the federal government.

Litigation, Investigation, and Enforcement

Former eBay Execs Allegedly Made Life Hell for Critics (Wired) Surveillance. Harassment. A live cockroach delivery. US attorneys have charged six former eBay workers in association with an outrageous cyberstalking campaign.

Crypto founder admits $25 million ICO backed by celebrities was a scam (Naked Security) Endorsed by boxer Floyd Mayweather and DJ Khaled, the Centra Tech ICO debacle has led to the guilty plea of co-founder Robert Farkas.

InvisiMole and Gamaredon cooperation. Spyware in Chrome extensions. Phishing and redirection. Brisk criminal forum business.

Bring Your Own Context