Conventional sabotage in Natanz (probably). A UAE-linked catphish network is exposed. Cosmic Lynx is busy; Purple Fox improved.

Cyber Attacks, Threats, and Vulnerabilities

Signs increasingly point to sabotage in fiery explosion at Iranian nuclear complex (Washington Post) Experts say they believe a bomb caused last week’s mysterious explosion at Iran’s main uranium facility, but it is unclear how badly the country’s nuclear program has been set back.

What is behind mysterious fires at Iran sites? (BBC News) Fires and blasts have hit sensitive sites in Iran, but is it accidental or sabotage?

Iran admits significant damage from fire at Natanz nuclear centre (The National) Tehran refuses to reveal cause of incident amid claims it could have been cyber attack

Right-Wing Media Outlets Duped by a Middle East Propaganda Campaign (The Daily Beast) Conservative sites like Newsmax and Washington Examiner have published Middle East hot takes from “experts” who are actually fake personas pushing propaganda.

HP Cyber unit cautions internet users of potential cyber attack by China (UNI) Cyber Crime Sleuths on Monday issued an advisory cautioning the internet and mobile users in the state of potential cyber attacks by Chinese hackers.

Hackers Are Exploiting a 5-Alarm Networking Equipment Bug (Wired) For companies that haven't patched their BIG-IP products, it may already be too late.

Looks Like Russian Hackers Are on an Email Scam Spree (Wired) A group dubbed Cosmic Lynx uses surprisingly sophisticated methods—and targets big game.

Agari ties email fraud campaign aimed at Fortune 500 firms to Russian scammers (CyberScoop) An emerging group of scammers masquerading as legitimate business executives is behind more than 200 email-based attacks that aim to swindle hundreds of thousands of dollars from companies, according to new findings.

Cosmic Lynx: A Russian Threat Hits the BEC Scene (Agari) More than 200 BEC campaigns linked to Cosmic Lynx since July 2019, targeting individuals in 46 countries on six continents.

US Secret Service reports an increase in hacked managed service providers (MSPs) (ZDNet) US Secret Service says hackers are breaching MSPs to orchestrate ransomware attacks, point-of-sale intrusions, and business email compromise (BEC) scams.

Purple Fox Exploit Kit Adds Two Microsoft Vulnerabilities (Infosecurity Magazine) Exploit kits may be on the decline, but that hasn’t stopped Purple Fox from keeping its game sharp

Purple Fox EK Adds Exploits for CVE-2020-0674 and CVE-2019-1458 to its Arsenal (Proofpoint) Purple Fox is an exploit kit (EK) that appears to have been built to replace the RIG exploit kit (EK) in the distribution chain of Purple Fox malware (a Trojan/Rootkit). By building their own EK for distribution, the authors of the Purple Fox malware are able to save money by no longer paying for the Rig EK.

Thanos Ransomware Adds New Features (Silicon UK) Rapid evolution of Thanos ransomware-as-a-service and targeted attacks indicate evolving threat as criminals seek to monetise organisations' data

Cerberus banking Trojan infiltrates Google Play (ZDNet) The malware was found buried within a seemingly-innocent currency converter.

Credit card skimmer targets ASP.NET sites (Malwarebytes Labs) This unusual web skimmer campaign goes after sites running Microsoft's IIS servers with an outdated version of the ASP.NET framework.

Mobile Users Increasingly Targeted by Undeletable Malicious Files (Infosecurity Magazine) Adware is often being pre-installed on mobile devices

Home router warning: They're riddled with known flaws and run ancient, unpatched Linux (ZDNet) And there are no routers in the study from the Fraunhofer Institute without known security flaws.

Cybercriminals send ransomware to users of out-of-date web browser in APAC (Manila Standard) Outdated or illegitimate software is like open doors for malicious users. The recent discovery by Kaspersky proves this once again. The global cybersecurity company today unveils a sustained campaign targeting users of Internet Explorer in the Asia Pacific region.

EDP energy giant confirms Ragnar Locker ransomware attack (BleepingComputer) EDP Renewables North America (EDPR NA) confirmed a Ragnar Locker ransomware attack that affected its parent corporation's systems, the Portuguese multinational energy giant Energias de Portugal (EDP).

Hundreds of forgotten corners of mega-corp websites fall into the hands of spammers and malware slingers (Register) DNS entries left pointing to Azure-hosted server names snatched by miscreants for mischief

Popular Celebrity News Site’s Subdomain Vulnerable to Takeover (WizCase) WizCase has discovered a vulnerability on a widely popular website with up-to-date celebrity news, People.com. The site had an open and working subdomain available for potential takeover. If claimed by cybercriminals, such vulnerability would serve a perfect opportunity for phishing, scams, or even identity theft. Our team of experts has since secured the vulnerability, ...

Royal Military College weighs damage after cybersecurity attack (The Globe and Mail) Officials are not revealing the extent and nature of the breach at the Kingston-based college, which is run by the Department of National Defence

Ransomware infected systems at Xchanging, a DXC subsidiary (Security Affairs) Systems at Xchanging, a subsidiary of Global IT services and solutions provider DXC Technology was hit by ransomware over the weekend. Global IT services and solutions provider DXC Technology disclosed a ransomware attack that infected systems at its Xchanging subsidiary. Xchanging is a business process and technology services provider and integrator, which provides technology-enabled business services […]

DXC subsidiary hit with ransomware (CRN Australia) Multiple customers are down.

Brazil's Hapvida discloses cyber breach, potential client data leak (Reuters) Brazilian health insurer Hapvida said in a securities filing on Monday it has suffered a cyber attack potentially involving access to the personal information of its customers.

Energy company EDP confirms cyberattack, Ragnar Locker ransomware blamed (ZDNet) The energy firm denies the loss of customer data. Attackers claim to have stolen 10TB in business records.

Court website hacked, redirects to portal for porn and prostitution (ABC13 Houston) YIKES! The website of a county court in California is now a portal to pornography after hackers took control.

Privilege escalation explained: Why these flaws are valuable to hackers (CSO Online) Attackers use privilege escalation flaws to gain access to systems and applications. Patching and monitoring are the most important ways to stop them.

Chuck Brooks: Security by Design Needed to Safeguard Energy Infrastructure From Cyber Attacks (GovCon Wire) Chuck Brooks, a GovCon expert and president of Brooks Consulting International, virtually addressed

ICS cyber security is the second coming of the Maginot Line – and the Chinese have breached it (Control Global) Why would attackers hit defenses head-on when they could simply bypass them?

Vulnerability Summary for the Week of June 29, 2020 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Security Patches, Mitigations, and Software Updates

Admins Urged to Patch Critical F5 Flaw Under Active Attack (Threatpost) Security experts and the U.S. Cyber Command are urging admins to update a critical flaw in F5 Networks, which is under active attack.

Apple Reconfigures Macs To Block Adware (Silicon UK) Apple will no longer allow user profiles to be installed on Macs without user interaction, in move targeting 'plague of adware'

FBI, CISA Share Mitigation Guidance for Obfuscated Cyberattacks Via Tor (HealthITSecurity) A joint advisory from the FBI and DHS CISA alerts to Tor-based cyberattacks on enterprise organizations and recommended mitigation tactics to reduce the risk posed by advanced persistent threats, APTs

JioMeet unveils additional security features to prevent hacking (The Economic Times) JioMeet, which allows up to 24 hours of free video conferencing that are encrypted and password-protected, has added a safety feature that gives the conference host to disallow guests from joining a meeting without sign-in and disclosing their identity.

Cyber Trends

CyberWire Live - Q2 2020 Cybersecurity Analyst Call (The CyberWire) There is so much cyber news that, once in a while, all cybersecurity leaders and network defenders should stop, take a deep breath and consider exactly which developments were the most important. Join Rick Howard, the CyberWire’s Chief Analyst, and our team of experts for an insightful discussion about the events of the last 90 days that will materially impact your career, the organizations you’re responsible for, and the daily lives of people all over the world.

KnowBe4 Finds as Cyber Attacks Soar U.S. State and Local Government Entities Struggle to Keep Up (GlobeNewswire) KnowBe4 launches new report: The Economic Impact of Cyber Attacks on Municipalities

The Rising Significance Of Cybersecurity For Logistics (Entrepreneur) The direct costs from cyber security breaches are growing exponentially, and companies—even small ones—are feeling the need to invest in new systems

IBM cybersecurity survey: Cybersec needs more cash and more people (TechHQ) The 2020 Ponemon cyber security roundup survey shows that the same issues are dogging the sector. But repeating the message is good, right?

Automotive cyber incidents doubled in 2019, reaching 188 vulnerabilities (Atlas VPN) According to Atlas VPN investigation, automotive hacking incidents more than doubled in 2019 compared to the data of 2018. Data also reveals that from 2016 to 2019, the number of automotive hacking incidents jumped more than 7 times.

Business efficiency metrics are more important than detection metrics (Help Net Security) Focusing on detection metrics alone is not enough to fully optimize organizational productivity and security over time. Read this article to learn why.

Marketplace

Palantir, One of Silicon Valley’s Oldest Startups, Files to Go Public (Wall Street Journal) Palantir Technologies said it has confidentially filed paperwork with the Securities and Exchange Commission to go public, ending an extended wait that made the data analytics company one of Silicon Valley’s oldest private startups.

Secretive data startup Palantir has confidentially filed for an IPO (TechCrunch) As the coronavirus pandemic spread throughout the world, Palantir pitched its technology to bring big data to tracking efforts.

VMware to acquire Blue Medora’s True Visibility line (CRN Australia) To boost its hybrid cloud management capabilities.

Eurofins Digital Testing Expands Cyber Security Portfolio With Acquisition of Commissum (Yahoo) Eurofins Digital Testing, a global leader in end-to-end quality assurance and testing services, announced today that it has acquired Commissum Associates Ltd ("Commissum") to add to its portfolio of information and cyber security services for companies around the world. Terms were not disclosed

Will VMware (or Someone Else) Scoop Up Bitglass? (SDxCentral) The perhaps not-so-surprising winners during the pandemic turned out to be security vendors with cloud access security broker (CASB), secure web gateway, and zero-trust networking technologies — all key secure access service edge (SASE) components.

How US restrictions drove Deutsche Telekom and Huawei closer together (POLITICO) Internal documents illustrate leading European operator’s special relationship with Huawei.

Social media giants move to defy Hong Kong's new national security law (Register) Plus: US govt says it's 'looking at' banning Chinese social media apps, including TikTok

TikTok to Withdraw From Hong Kong as Tech Giants Halt Data Requests (New York Times) Google, Facebook and Twitter said they were reviewing China’s punitive new national security law for the city, a rare public questioning of Chinese policy by major American tech companies.

TikTok to Exit Hong Kong After China Imposed National-Security Law (Wall Street Journal) TikTok, the buzzy short-video platform owned by Chinese technology giant Bytedance, said it would pull out of Hong Kong within a week in light of “recent developments” in the city.

The rise of TikTok in politics (Stuff) OPINION: What looks like playful, funny interactions on a social media app may have just as much potential for harm as it does for good.

DuckDuckGo back to help users search internet in India (ETCIO.com) Privacy focused search engine DuckDuckGo said that the search engine is accessible to users to search the internet in India days after the department ..

LORCA announces fifth cohort of cybersecurity innovators (BusinessCloud.co.uk) 17 scaleups will join London Office for Rapid Cybersecurity Advancement

Allgress Selected by Judges as Gold Winner for IT Governance, Risk & Compliance in the 16th Annual Info Security PG's 2020 Global Excellence Awards (PR Newswire) Allgress announced today that Info Security Products Guide, the industry's leading information security research and advisory guide, has named...

Cato Networks nabs former Cisco Viptela exec as global channel chief (CRN Australia) Anthony D'Angelo hired from Cisco.

SentinelOne Hires Patty Trexler for Government Cybersecurity Push (MSSP Alert) Endpoint security company SentinelOne hires Patty Trexler to serve as its VP of government, healthcare & education & drive the company's public sector growth.

Deloitte hires Dwayn Lythgo to lead managed security services arm (Consultancy) Deloitte has hired Dwayn Lythgo from NTT Security to lead its managed security services delivery across the Asia Pacific region.

AttackIQ Expands Leadership Bench with New Vice President of Product (BusinessWire) Mark Bagley Joins AttackIQ to Help Make the World Safe for Compute

Cybersecurity Luminaries from Microsoft, Intuit, Zscaler and Kraft Heinz join YL Ventures’ Growing Venture Advisory Board to Guide Israeli Cybersecurity Startups to Success (BusinessWire) YL Ventures, the prominent seed-stage global venture capital firm investing in Israeli cybersecurity startups, today announced significant expansion o

Products, Services, and Solutions

Red Piranha unveils new feature-packed desktop devices (Red Piranha) Red Piranha, developer of Australia’s leading cybersecurity products has unveiled their latest update in the form of an impressive range of Crystal Eye desktop devices.

Exabeam and Armis Partner to Extend SIEM Visibility to Unmanaged and IoT Devices, Helping Security Teams Identify Malicious Activity Across All Devices (Exabeam) Partnership enables security teams to identify unmanaged assets connecting to the corporate network, detect lateral movement and prioritize[...]

FIME qualified to support EMV®* 3DS adoption to meet SCA (FIME) FIME’s Test Platform has been qualified by EMVCo enabling it to test EMV 3DS Server (3DSS) modules. FIME continues to expand its testing and consulting services portfolio to support issuers, acquirers and solution providers to migrate to the latest EMV 3DS specifications as a way to meet Strong Customer Authentication (SCA) mandates from regulators and payment schemes, such as the European Union’s Payment Services Directive 2.

Huawei and Trustonic Expand Partnership with P40 Series Launch (Iot Evolution) Trustonic and Huawei have formed a partnership to bring simplicity and greater security to mobile applications.

Want to kill all the weak passwords? This may be the tool for you (Register) Specops tames password resets in Windows environments

This 10-course ethical hacking bundle is on sale for $40 (ZDNet) Join the lucrative fight against cybercrime with this white hat hacking training bundle.

Delve Labs Launches Public Vulnerability Threat Intelligence Feed (PR Newswire) Delve Labs, the vulnerability management solution leveraging machine learning to automate vulnerability management scanning and prioritization,...

Technologies, Techniques, and Standards

ETSI Releases New Standard for Consumer IoT Security (The Fast Mode) The ETSI Technical Committee on Cybersecurity (TC CYBER) last week unveiled a new standard, ETSI EN 303 645 (EN) for cybersecurity

Data Discovery to Rescue Historical Data (Cloud Security Alliance) As technology evolved and the world migrated to the cloud, the amount of data in the cloud increased at a rapid pace and most organizations in trying to keep pace overlooked security best practices. Organizations are sitting on tons of historical data in the cloud, with outdated security settings or policies. Negligence can lead to data leaks, compliance issues.

Cloud Security Alliance Publishes New Paper, The Six Pillars of DevSecOps: Automation (Cloud Security Alliance) Document provides practical advice for integrating automated security into software development lifecycle

Job Search Security Tips - Stay Safe Online (Stay Safe Online) Looking for a new job can be a daunting project, and frequently involves the exchange of personal information with complete strangers--which is why job seekers are an enticing target for cyber criminals. As you look for a new job, use this tip sheet to help you be extra vigilant so your application materials and personal information don’t end up in the wrong hands.

Elasticsearch security: Understand your options and apply best practices (Help Net Security) Whichever solution for achieving Elasticsearch security an enterprise selects, the following best practices should be top-of-mind.

Design and Innovation

A peek into Visa’s massive cyber security framework (ETCIO.com) Early investment in AI and risk detection technologies is helping the company stay secure even when cybercriminals start to use military-grade technol..

How can we ban facial recognition when it’s already everywhere? (Vox) A growing number of gadgets are scanning your face.

Research and Development

trusted computing artificial intelligence (AI) information warfare (Military & Aerospace Electronics) A deceptive information attack is an enemy attempt to alter information that an artificial intelligence system uses to learn, develop, and mature.

Academia

Game On: CompTIA Teams with National Cyber League to Promote Hands-on Cybersecurity Skills Competitions (CompTIA) CompTIA, the leader in vendor-neutral technical education and certifications for the world’s technology workforce, announced today it is teaming up with the National Cyber League (NCL) to support NCL’s cyber competition and promote education, skills and careers in cybersecurity.

Outreach and International Affairs partners with Fullstack Academy to bring coding, cybersecurity job training (VT News) Targeting early career or experienced professionals, the new part-time, 26-week bootcamp will teach skills that qualify students for the greater Washington, D.C., metro area’s high-paying, high-demand coding and cybersecurity jobs.

Legislation, Policy and Regulation

Opinion: China’s threats on behalf of Huawei are becoming desperate (The Globe and Mail) Beijing is aggressively pressing governments around the world to incorporate Huawei equipment in their 5G networks – and Canadians don't even know the scope of the threats

Huawei targeted influential Britons to back its role in UK's 5G infrastructure, controversial dossier claims (Computing) The 86-page report is commissioned by a US film producer Andrew Duncan

UK decision on Huawei not set in stone, minister says (Reuters) Britain's decision to grant Huawei a limited role in building its 5G network is not "fixed in stone" and a government update on the Chinese company will be published before July 22, a government minister and official said on Monday.

Britain may further limit Huawei in 5G, a win for Washington and blow to China (Washington Post) The move would mark a significant shift.

U.S. is 'looking at' banning TikTok and Chinese social media apps, Pompeo says (CNBC) The comments from Secretary of State Mike Pompeo come amid rising tensions between the U.S. and China and as scrutiny on TikTok and Chinese technology firms continue to grow.

Put privacy protections in IPO agreements if Australia hands data to other nations: OAIC (ZDNet) Should an agreement between Australia and a nation without similar privacy protections be struck under the IPO Bill, the OAIC wants clauses added to bring the lagging nation forward.

You may be distracted by the pandemic but FYI: US Senate panel OK's backdoors-by-the-backdoor EARN IT Act (Register) Proposed Section 230 shake-up passes committee stage with amendments

Analysis | The Cybersecurity 202: Cybersecurity pros are uniting in a battle to save encryption (Washington Post) The protection is facing its harshest assault in decades.

House Approps Proposes FY2021 Funding Bumps for DHS, CISA (Meritalk) The House Appropriations Committee released draft Fiscal Year 2021 funding legislation for the Department of Homeland Security (DHS) today that proposes a modest 0.5 percent total funding increase for DHS, and a 10 percent budget boost for its Cybersecurity and Infrastructure Security Agency (CISA) component.

Florida becomes first state to enact DNA privacy law, blocking insurers from genetic data (Washington Examiner) Florida on Wednesday became the nation’s first state to enact a DNA privacy law, prohibiting life, disability and long-term care insurance companies from using genetic tests for coverage purposes.

Litigation, Investigation, and Enforcement

US tech giants halt Hong Kong police help (TechCrunch) Facebook and Twitter said they will pause processing requests for Hong Kong authorities.

Amnesty: Morocco is trying to discredit us (Middle East Monitor) Amnesty International on Saturday accused Morocco of launching a 'smear campaign and the false claims' against it in an effort to 'discredit solid human rights research', it said in a stateme...

Woman pleads guilty in scheme to offer information to Russia (Washington Post) Federal prosecutors say a West Virginia woman who had served in the Air Force planned to offer classified information to the Russian government

West Virginia woman convicted in plot to offer top-secret NSA info to Russia (Fox News) A West Virginia woman who worked on assignments with the National Security Agency while serving in the Air Force planned to give the Russian government top-secret information from the agency, prosecutors said on Monday.

CID considering ‘Cyber Police Station’ (Daily Star) The Criminal Investigation Department (CID) is considering setting up a police station which will only be dedicated to deal with cybercrimes across the country.

Conventional sabotage in Natanz (probably). A UAE-linked catphish network is exposed. Cosmic Lynx is busy; Purple Fox improved.

Trivia Tuesday