Cyber Attacks, Threats, and Vulnerabilities
China’s Software Stalked Uighurs Earlier and More Widely, Researchers Learn (New York Times) A new report revealed a broad campaign that targeted Muslims in China and their diaspora in other countries, beginning as early as 2013.
Hong Kongers erase digital footprints ahead of security laws (Nikkei Asian Review) Social media users delete posts or alter identities to avoid detection
New 'EvilQuest' Mac ransomware found in pirated apps encrypts users files (9to5Mac) Mac users are now exposed to a new “EvilQuest” ransomware that encrypts files and causes multiple issues with the operating system. Malwarebytes has analyzed the ransomware today, which is being distributed through macOS pirate apps. The malicious code was first found in a pirate copy of the Little Snitch app available on a Russian forum […]
New EvilQuest macOS ransomware is a smokescreen for other threats (Help Net Security) A new piece of ransomware dubbed EvilQuest is being delivered bundled up with pirated versions of popular macOS software, researchers warned.
StrongPity APT Back with Kurdish-Aimed Watering Hole Attacks (Threatpost) The spy malware is being delivered via a complex infrastructure with multiple layers, in an effort to avoid analysis.
Seller floods hacker forum with data stolen from 14 companies (BleepingComputer) A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020.
Screwed Drivers Open ATMs to Attack (Eclypsium) New research from Eclypsium shows that Windows drivers used in ATM, POS and other devices allow arbitrary access to I/O ports, allow attackers to target data to and from PCI-connected devices
Hackers Actively Targeting Remote Code Execution Vulnerability on Zyxel Devices (Security News) SonicWall Capture Labs Threat Research team observed attackers actively targeting Zyxel NAS (Network Attached Storage) and firewall products affected by a remote code execution vulnerability.
Vectra research identifies new exploitable attack surface within cloud services and remote healthcare (PR Newswire) Vectra® AI, a leader in network threat detection and response (NDR), today released its 2020 Spotlight Report on Healthcare, which shows an...
Treck TCP/IP Stack (Update B) | (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 10.0
ATTENTION: Exploitable remotely
Vendor: Treck Inc.
Equipment: TCP/IP
Vulnerabilities: Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or Wraparound, Improper Null Termination, Improper Access Control
Inductive Automation Ignition (Update B) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Inductive Automation
Equipment: Ignition
Vulnerabilities: Missing Authentication for Critical Function, Deserialization of Untrusted Data
2.
Delta Industrial Automation DOPSoft (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low skill level to exploit
Vendor: Delta Electronics
Equipment: Delta Industrial Automation DOPSoft
Vulnerabilities: Out-of-bounds Read, Heap-based Buffer Overflow
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
Mitsubishi Electric Factory Automation Engineering Software Products (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Mitsubishi Electric
Equipment: Factory Automation Engineering Software Products
Vulnerabilities: Improper Restriction of XML External Entity Reference and Uncontrolled Resource Consumption
2.
EINSTEIN Data Trends – 30-day Lookback (CISA) Cybersecurity and Infrastructure Security Agency (CISA) analysts have compiled the top detection signatures that have been the most active over the month of May in our national Intrusion Detection System (IDS), known as EINSTEIN. This information is meant to give the reader a closer look into what analysts are seeing at the national level and provide technical details on some of the most active threats.
During a pandemic, stalkerware becomes even more sinister (CyberScoop) As domestic violence survivors quarantine with abusers, stalkerware detections have increased since the pandemic began, some security researchers say.
COVID-19‘s Impact on Business: Travel Bouncing Back, and so are the Malicious Attacks (PerimeterX) Protect your web apps against account takeover, carding, denial of inventory, scalping, skewed analytics, digital skimming, Magecart, PII harvesting, scraping.
COVID-19 pandemic causing the most significant increase in DDoS attacks ever (Nexusguard) In this new post-covid19 world, we have realized that the availability of connectivity and services have never been more paramount. To a certain extent, we might even be willing to sacrifice a little speed. The threat of DDoS attacks, designed to destroy that availability, has never been greater.
DDoS Threat Report 2020 Q1 (Nexusguard) DDoS Attacks Increase 542% Year-over-Year, according to Nexusguard’s Q1 2020 Threat Report. DDoS traffic capitalizes on work-from-home connectivity reliance to disrupt service provider targets.
Phishing Attacks: How a COVID-19 Attack is Interconnected to Other Attacks (GreatHorn) Times of change are also times of opportunity. This is true for most businesses, and it is also true for cyber criminals.We’ve written previously about how the good habits built up by people in your organization–opening urgent-seeming attachments, responding quickly with information requested by a supervisor–can turn into liabilities when an attacker puts them to […]
Security Patches, Mitigations, and Software Updates
Microsoft releases emergency security update to fix two bugs in Windows codecs (ZDNet) Security updates have been silently deployed to customers on Tuesday through the Windows Store app.
Mozilla rolls out emergency Firefox update to fix search issues (BleepingComputer) After releasing Firefox 78 yesterday, Mozilla quickly halted its rollout via automatic updates due to problems discovered with the built-in search functionality. Today, Mozilla has released a new version 78.0.1 to fix these issues and has resumed auto-updates.
Cyber Trends
Adoption of Cloud-based Security Tools Accelerates as Organizations Support Remote Workforces during COVID-19, According to Survey from Exabeam - Exabeam (Exabeam) Marked increase in protection of corporate financial information using cloud-based security tools FOSTER CITY, Calif., July 1, 2020[...]
Are You Concerned about TLS Certificate Security Risks? [More than Your CIO?] (Venafi) TLS certificates act as machine identities, safeguarding the flow of sensitive data to trusted machines. With the acceleration of digital transformation, the number of machine identities that organizations need to trust is skyrocketing. At the same time, cybercriminals are targeting machine identities to use in attacks.
IBM Study: Security Response Planning on the Rise, But Containing Attacks Remains an Issue (PR Newswire) IBM (NYSE: IBM) Security today announced the results of a global report examining businesses' effectiveness in preparing for and responding to...
Financial Organizations Face Increase in CCPA Compliance Workload and Expense (PR Newswire) Netwrix, a cybersecurity vendor that makes data security easy, today announced findings from its 2020 Data Risk & Security Report specifically...
Marketplace
SecurityHQ, Formerly Known as Si Consult, Reveals New Brand Identity (PR Newswire) SecurityHQ, formerly known as Si Consult, the leading provider in managed security services, announced today the launch of their new brand...
Druva Sets Industry Benchmark as the Largest and Fastest Growing SaaS Data Protection Company (Yahoo) Druva, Inc., the leader in Cloud Data Protection and Management, today announced the close of its most successful year to date, with continued rapid growth and momentum for its SaaS-based data protection solutions. The company has experienced a 70 percent year-over-year increase in recurring revenue
BlackBerry's Cylance: Anatomy Of A Bad Acquisition (NYSE:BB) (Seeking Alpha) BlackBerry acquired Cylance at the end of 2018, using a big chunk of its cash on hand. Now, after almost two years, it’s fair to say that the purchase has not p
Google removes ads served to users seeking voting info for 'misrepresentation' (Reuters) Google said on Monday it had removed ads for companies that charge people large fees to register to vote or harvest their data, which appeared when users searched for voter information.
Facebook to remove anti-government 'Boogaloo' groups (NBC News) The social media giant said it removed 220 Boogaloo Facebook groups and 95 Instagram accounts that violated its policies against organized violence.
TikTok moves privacy oversight of European users to Dublin (The Irish Times) Social media company to provide details of its data handling
IEIC Welcomes Netskope as a Founding Member (PR Newswire) The Internet Ecosystem Innovation Committee (IEIC), an independent committee that promotes internet diversity and resilience through the...
ThetaRay appoints JVP’s Erel Margalit to its Board of Directors (CTECH) Margalit founded Jerusalem Venture Partners (JVP) and is currently its Chairman
Awake Security Introduces Powerhouse Advisory Board (BusinessWire) Awake Security announced a cohort of enterprise and public sector leaders that have joined its advisory board.
Products, Services, and Solutions
Coalfire Introduces Technology Solution to Enable Compliance Transformation (PR Newswire) Coalfire, a provider of cybersecurity advisory and assessment services, today introduced the CoalfireOne Compliance Management solution, one of...
Ripple20: Armis Helps You Identify Devices At Risk (Armis) Read this blog to learn more about the vulnerabilities and how Armis can help you identify impacted devices today.
ThreatConnect and Tanium: Improved Incident Response with Intel Packages (ThreatConnect) ThreatConnect released 3 Apps for Tanium Threat Response as well as developed a brand new Playbook App for Tanium Platform.
Tripwire Configuration Manager SaaS Solution Delivers Enhanced Cloud Security (Tripwire) Service presents integrated view of cloud assets, offers automated remediation and monitors misconfigurations in the cloud.
Yellowbrick Makes Cloud Disaster Recovery Service, New Features Generally Available (Yellowbrick Data) Yellowbrick Enhances World’s Fastest Data Warehouse for Hybrid/Multi-cloud with Simple, Powerful, Business Continuity Solutions for Large, Business-Critical Datasets
Attivo Networks Advanced Protection Disrupts Ransomware 2.0 (BusinessWire) Attivo Networks®, an award-winning leader in cyber deception and attacker lateral movement threat detection, today announced new capabilities to its E
Proofpoint Introduces New Cloud-based ObserveIT Insider Threat Management Platform with Broader People-Centric Visibility and Insider Threat Detection (Proofpoint) Cybersecurity leader accelerates incident response, integrates workflow, and provides cloud deployment option
IDology's ExpectID Identity Verification and Anti-Fraud Solution Now Available to Microsoft Azure Active Directory Customers (PR Newswire) IDology, a GBG company, today announced a partnership with Microsoft to integrate its innovative ExpectID identity verification and anti-fraud...
WhiteHat Security Announces Web and Mobile AppSec Bundle to Help Organizations Secure the Digital Future (WhiteHat Security) Special offer to make application security more affordable and accessible as COVID-19 accelerates the world economy’s reliance on applications
Alibaba Cloud partners with Aryaka to deliver a SD-WAN solution (Information Age) The partnership between Aryaka’s cloud-first SD-WAN and Alibaba Cloud will create high-performance global connectivity
Axio Launches Partnership Program, Announces Strategic Partnership with Net Friends to Accelerate Cyber Risk Quantification (BusinessWire) Axio, a leading cyber risk management Software-as-a-Service company, today announced the launch of the Axio360 Partnership Program, an innovative prog
ThreatQuotient Integrates with Intel 471 Cybercrime Intelligence (BusinessWire) ThreatQuotient, a leading security operations platform innovator, today announced an integration with Intel 471.
Securing the exploitation and valorisation of industrial data (UMI) Digital platform allowing the transfer, exploitation and valorization of industrial data in the cloud, with a very high level of security. PLCs and the industrial network remain isolated and protected, thanks to a tamper-proof interface.
BehavioSec’s Zero Trust Protection Strengthens Mobile and Pandemic Recovery Programs (BusinessWire) BehavioSec is positioned for strong growth as post-pandemic mobile shifts and evolving cyber threats highlight greater demand for deep authentication.
SyncDog Partners with Ingram Micro to Expand Access To Secure.Systems (PR Newswire) SyncDog, Inc., the leading Independent Software Vendor (ISV) for next generation mobile security and data loss prevention, today announced...
Zettaset XCrypt Encryption Solutions Available on VMware Cloud Marketplace (BusinessWire) Zettaset, a leading provider of software-defined encryption solutions, today announced the availability of its encryption solutions on VMware Cloud Ma
Vulcan Cyber Adds Customizable Risk Modeling to its Vulnerability Remediation Platform (PR Newswire) Vulcan Cyber®, developers of the industry's only end-to-end vulnerability remediation platform, today announced customers can now add custom...
NordVPN No Logs Policy - We Checked and the Rumors Are True (vpnMentor) Can you really trust NordVPN's no-logs policy? We know your privacy matters to you, so we did some digging to see if the company really keeps no data logs and
Coalfire Introduces Technology Solution to Enable Compliance Transformation (PR Newswire) Coalfire, a provider of cybersecurity advisory and assessment services, today introduced the CoalfireOne Compliance Management solution, one of...
ReversingLabs Unveils 100+ Open Source YARA Rules for Threat Hunters at Inaugural REVERSING 2020 Summit (ReversingLabs) More Than One Thousand Researchers and Threat Hunters First to Preview Newly Published YARA Rules for Detecting Top Windows and Linux Malware Families
Technologies, Techniques, and Standards
Companies Rush to Implement Identity Systems for Remote Working (Wall Street Journal) Amid the myriad security challenges that stem from the coronavirus pandemic, one area has emerged as a critical investment for companies—ensuring the people who connect to a corporate network are who they say they are.
Cybersecurity and data protection essentials for the return to the workplace (BSI) As organizations begin to transition from employees working from home back to the office environment, preparation will be paramount as they reoccupy their facilities. According to BSI’s Cybersecurity Information and Resilience team, maintaining a company’s information resilience must be a key component of these plans to ensure that cybersecurity risks are managed, and data privacy regulations are not violated.
Top CISOs discuss accelerating change and how to manage risk amid Covid-19 lockdowns (SC Magazine) CISOs from Microsoft, Aldermore Bank and EY joined the SC Magazine Virtual Conference in a session called CISO panel discussion: leadership lessons and best practice in unprecedented times.
Algorithmic Warfare: Army Bolstering Electronic Warfare Arsenal (National Defense) The Army is beefing up its electronic warfare and offensive cyber capabilities with a new family of technology.
()
Design and Innovation
DHS, NSA Conclude Pilot of Automated Mobile App Security Vetting Tool (Nextgov.com) While the program still has a ways to go, the team says it now has a way to automate mobile app security testing.
Academia
Georgia State Named National Center of Academic Excellence in Cyber Defense (News Hub) These designations place Georgia State among an elite group of universities that meet the federal government’s criteria for demonstrating a commitment to cybersecurity research and training.
Legislation, Policy, and Regulation
What does China's national security law for Hong Kong say? (Al Jazeera) The new law will ban subversion, secession, terrorism and collusion with foreign forces in Hong Kong.
China’s national security law for Hong Kong covers everyone on Earth (Quartz) Anyone deemed to endanger China's national security—whether or not their actions are committed on Chinese soil—risk getting swept up under Hong Kong's new law.
EU says it is mulling a coordinated response over Hong Kong (POLITICO) The announcement follows calls for action from the European Parliament.
EU prepares coordinated response to new Chinese 'Security law' (The Nation) The EU is preparing a coordinated response to China’s new security law on Hong Kong, the bloc’s top officials said on Tuesday. Speaking to
National security law: Britain set to confirm BN(O) passport offer to 3 million Hongkongers (Yahoo) Britain is expected to announce plans on Wednesday to allow nearly 3 million Hongkongers eligible for the British National (Overseas) passport to resettle there, after China imposed a sweeping national security law on the city. Update: Britain confirms it will give 3 million Hongkongers path to citizenshipForeign
FCC designates Huawei, ZTE as risks to national security (The Verge) Companies can’t use federal funds to buy Huawei equipment.
Analysis | The Cybersecurity 202: FCC strike against Huawei reflects broader split between China and the West (Washington Post) The UK and other nations are also backing off the Chinese telecom.
()
Senators seek to cut Army cyber program for greater joint investment (Defense News) The Senate Armed Services Committee wants to cut funds from the Army's Cyber Situational Understanding program.
Calif. Would Win EU Favor With Privacy Measure, Backer Says (Law360) The real estate developer-turned-activist behind an upcoming California ballot initiative that would expand the state's landmark privacy law defended the measure Tuesday, saying the revamp would likely make the European Union more open to lifting restrictions on transferring personal data to California.
Litigation, Investigation, and Law Enforcement
Suspicions of Russian Bounties Were Bolstered by Data on Financial Transfers (New York Times) Analysts have used other evidence to conclude that the transfers were most likely part of an effort to offer payments to Taliban-linked militants to kill American and coalition troops in Afghanistan.
NSA Differed From CIA, Others on Russia Bounty Intelligence (Wall Street Journal) The National Security Agency strongly dissented from other intelligence agencies’ assessment that Russia paid bounties for the killing of U.S. soldiers in Afghanistan, according to people familiar with the matter.
Wiretaps Of Encrypted Messages Reached New High In 2019 (Law360) State investigators conducting wiretaps encountered encryption at an uncharted rate in 2019, and nearly always could not decipher messages, while total arrests and convictions based on electronic surveillance increased, according to a U.S. courts report released Tuesday.
NASA Watchdog Reports on Why the Agency Still Struggles with Cybersecurity (Nextgov.com) Almost half of the controls in an overarching shared system were assessed as deficient.
OFFICIAL CORRECTION-Facebook unblocks NSO workers' accounts, court papers say (Yahoo) Facebook told an Israeli court it would open Facebook and Instagram accounts of NSO Group workers in the wake of a lawsuit against NSO, court documents showed on Tuesday. A group of NSO employees filed a suit against Facebook in November, saying the social media group had unfairly blocked their private
Qatar Hired Former CIA Agents to Hack Prominent GOP Official (Washington Free Beacon) Qatar hired a team of former CIA and U.S. military intelligence officials to conduct a hack attack on a prominent American political activist after he raised questions about the country’s support for terrorism.