Obtaining a decryption key? Third-party risk. Ensiko PHP webshell described. Update on alleged Cloudflare breach.

Cyber Attacks, Threats, and Vulnerabilities

North Korean hackers are stepping up their ransomware game, Kaspersky finds (CyberScoop) Government hackers from North Korea have been turning to ransomware heists in recent months, a mainstay for cybercriminals, according to Kaspersky.

Hackers ‘based in China’ targeted MP Tom Tugendhat with campaign of lies (Times) Chinese cyberagents are suspected of being behind a campaign against a senior Conservative MP involving hacking attempts and online impersonations.Tom Tugendhat, chairman of the Commons foreign

Cloudflare denies data leak after 3M customer IP addresses found on the dark web (SiliconANGLE) Cloudflare denies data leak after 3M customer IP addresses found on the dark web

Cloudflare suffered data leak; exposing 3 million IP addresses: Ukraine (HackRead) The National Security and Defense Council of Ukraine claims the data leak has exposed millions of top websites to cyber attacks.

WSJ News Exclusive | Election Officials Are Vulnerable to Email Attacks, Report Shows (Wall Street Journal) A report reveals weaknesses in the country’s diverse, locally administered election system, which attracted state-sponsored hackers four years ago.

62,000 QNAP NAS devices infected with persistent QSnatch malware (Help Net Security) There are approximately 62,000 malware-infested QNAP NAS devices located across the globe spilling all the secrets they contain to unknown cyber actors.

Group-IB research: Jolly Roger's Patrons (Group-ib) The report exposes financial crime network of online pirates in developing countries

Amid 'heightened tensions,' US government issues warning to critical infrastructure providers (Utility Dive) The National Security Agency and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency warned operators of critical infrastructure to "take immediate actions" to secure internet-connected operational technology.

Feature-rich Ensiko malware can encrypt, targets Windows, macOS, Linux (BleepingComputer) Threat researchers have found a new feature-rich malware that can encrypt files on any system running PHP, making it a high risk for Windows, macOS, and Linux web servers.

Ensiko: A Webshell With Ransomware Capabilities (TrendLabs Security Intelligence Blog) Ensiko is a PHP web shell with ransomware capabilities that targets various platforms such as Linux, Windows, macOS, or any other platform that has PHP installed. The malware has the capability to remotely control the system and accept commands to perform malicious activities on the infected machine.

Garmin confirms it was victim of 'cyber attack,' but says no indication customers' data was compromised (ABC News) Garmin confirms it was victim of 'cyber attack,' but says no indication customers' data was compromised; services are expected to be restored over the coming days.

Garmin acknowledges cyber attack (The Canberra Times) The GPS device maker Garmin has acknowledged being hit by a cyber attack last week that encrypted some of its systems, knocking its fitness tracking and pilot...

Garmin obtains decryption key after ransomware attack (Sky News) The company's services have started to recover following a ransomware attack by cyber criminals sanctioned in the US.

Garmin Says Systems Back Online After Cyber Attack (SecurityWeek) A ransomware attack disrupted Garmin's website; company communications, and customer-facing services, according to the Kansas-based company.

Garmin expects delays after WastedLocker ransomware attack (SC Media) Garmin expects its operations to be back up in the next few days, with some delays, after suffering a targeted WastedLocker ransomware attack that

A Cyberattack on Garmin Disrupted More Than Workouts (Wired) A ransomware hit and subsequent outage caused problems in the company's aviation services, including flight planning and mapping.

Smartwatch-Hersteller wird von Hackern erpresst (T-online) Seit fast einer Woche steht bei Garmin alles still. Jetzt ist es offiziell: Der Smartwatch-Anbieter ist Opfer einer Hackerattacke geworden. Die Täter verlangen Lösegeld für die Wiederherstellung von Daten.

ProLock ransomware – new report reveals the evolution of a threat (Naked Security) Ransomware crooks keep adjusting their approach to make their demands more compelling, even against companies that say they’d never pay up.

Before Hack, Twitter Contractors Caught Spying on Users Including Beyonce (Bloomberg) Twitter Inc. has struggled for years to police the growing number of employees and contractors who have the ability to reset users’ accounts and override their security settings, a problem that Chief Executive Officer Jack Dorsey and the board were warned about multiple times since 2015, according to former employees with knowledge of the company’s security operations.

Fund Administrator for Fortress, Pimco and Others Suffers Data Breach Through Vendor (Wall Street Journal) A ransomware attack against a vendor of SEI Investments compromised data from investors.

Major hedge fund sees customers' personal data stolen by hackers (Computing) Data published online after service provider refused to pay ransom

Breach at huge donor database firm hits home for Vermont nonprofits (VTDigger) The ransomware attack affected a South Carolina-based software provider used by Middlebury College, the Vermont Foodbank and Vermont Public Radio.

Front Rush, LLC - Notice of Data Breach (PR Newswire) Front Rush, LLC ("Front Rush") is providing notice of a recent incident involving personal information. To date, Front Rush has not received...

RGU and Aberdeen University alumni data hit by breach (Evening Express) Personal details of alumni at two Aberdeen universities have been compromised following a data hack.

Breaking trust: Shades of crisis across an insecure software supply chain (Atlantic Council) Software supply chain security remains an under-appreciated domain of national security policymaking. Working to improve the security of software supporting private sector enterprise as well as sensitive Defense and Intelligence organizations requires more coherent policy response together industry and open source communities. This report profiles 115 attacks and disclosures against the software supply chain from the past decade to highlight the need for action and presents recommendations to both raise the cost of these attacks and limit their harm.

Kaspersky discovers malware disguised as TikTok app alternative (Digit) Kaspersky researchers have recently found that cybercriminals are sending users links to download malicious application to their phones.

The Hacker Battle for Home Routers (GovInfo Security) Trend Micro says it has seen increasing attempts to infect home routers for use as proxies and for DDoS attacks. The battle is primarily being fought by three bot

CISA Says Hackers Exploited BIG-IP Vulnerability in Attacks on U.S. Government (SecurityWeek) CISA says threat actors have exploited a recently patched BIG-IP vulnerability (CVE-2020-5902) in attacks aimed at government organizations and private businesses in the US

Potential Legacy Risk from Malware Targeting QNAP NAS Devices (CISA) This is a joint alert from the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). CISA and NCSC are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network Attached Storage (NAS) devices manufactured by the firm QNAP.

Vulnerability Summary for the Week of July 20, 2020 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Blox Tales #11: Netflix Credential Phishing (Armorblox) In this blog, we’ll focus on a credential phishing attempt where attackers sent an email resembling a Netflix billing failure. Clicking the email link took targets to a functioning CAPTCHA page followed by a fully fledged Netflix lookalike site with a phishing flow that aimed to steal login credentials, billing address information, and credit card details.

Hackers Transfer $28 Million Worth of Bitcoin from 2016 Bitfinex Breach (Bitcoin News) Around 2,500 stolen bitcoins were transferred from the 2016 Bitfinex hack on Monday worth roughly $28 million.

Three Idaho State Websites Are Vandalized by Hackers (Government Technology) The Idaho State Parks and Recreation, STEM Action Center and personal protective equipment supply site homepages were hacked on Sunday evening, displaying the same message in blue text: “Free Julian Assange!”

DJI Drone Cybersecurity - Under Suspicion (iHLS) This post is also available in: עברית (Hebrew)Cybersecurity vulnerabilities in an Android app that powers the Chinese DJI drone could help the

Council now facing further audit bill over crippling cyber attack (Teesside Live) Work overseeing the authority's financial accounts has been 'significantly extended'

PayPal scam: Major warning issued after fraudsters pose as payment website (Milford Mercury) A major warning has been issued of a scam involving fraudsters posing as payment website PayPal.

Cybersecurity vulnerability at major cosmetics brand leads to 7 gigabytes+ data leak (SafetyDetectives) One of the world’s well-known cosmetic brands has been informed that a significant data breach was discovered on its web server, which was found to be pub

Security Patches, Mitigations, and Software Updates

DSA-2020-128: iDRAC Local File Inclusion Vulnerability (Dell) Dell EMC iDRAC has been updated to address a vulnerability that may be exploited to compromise the affected systems.

Attackers Exploiting High-Severity Network Security Flaw, Cisco Warns (Threatpost) Attackers are exploiting a high-severity vulnerability in Cisco's network security software products, which is used by Fortune 500 companies.

Cyber Trends

Business ID Theft Soars Amid COVID Closures (KrebsOnSecurity) Identity thieves who specialize in running up unauthorized lines of credit in the names of small businesses are having a field day with all of the closures and economic uncertainty wrought by the COVID-19 pandemic, KrebsOnSecurity has learned. This story is about the victims of a particularly aggressive business ID theft ring that's spent years…

Hackers create specialised economy around hijacked email data (Express Computer) Hackers have created a specialised economy around email account takeover via methods like brand impersonation, social engineering and spear-phishing, retaining the data for long period of time to make more money by reselling it to another set of cybercriminals on the Dark Web, a new report revealed

CISO concern grows as ransomware plague hits close to home (ZDNet) The hitting of Fortune 500 companies with malware is starting to ring alarm bells.

Organisations report a decrease in data loss caused by cyber-attacks for the first time (Global Security Mag Online) New research from Databarracks has revealed that, for the first time, cyber-attacks have decreased as a cause of data loss (down from 17% in 2019 to 13% in 2020).

Summary of July 15, 2020 Purdue University Seminar on control system cyber security (Control Global) ...After 20 years, control system cyber security has made significant strides in monitoring and securing OT (control system) networks...

Marketplace

RangeForce Launches Cyber Skills Platform for Technical Training (RangeForce) Jump start cyber security skills training with easily deployed prescriptive learning paths for all levels of security, IT and DevOps roles.

MSSP Atos Seeks to Acquire French IoT Cybersecurity Company (MSSP Alert) Managed security services provider (MSSP) Atos negotiates to acquire French cybersecurity consulting firm digital.security to bolster IoT, European market presence.

Samsung Primed for 5G Foray as U.S., China Brawl Over Huawei (Wall Street Journal) The West’s fight with China about 5G network equipment has handed an opportunity to South Korea’s Samsung Electronics.

Firms shortlisted to bring £400m cyber park to Cheltenham (Gloucestershirelive) The successful firm will be announced next spring

Auckland experts changing the face of cyber security technology in New Zealand (OurAuckland) The International Conference on Privacy, Security and Trust conference, which was last held in Auckland in 2016, has been secured again for the region.

Interview: Acronis co-founder on going all-in for DLP (Security Brief) Data-loss prevention (DLP) strategies are a cornerstone of wider cybersecurity ecosystems, especially to counter the risks of remote working. Acronis co-founder Stas Protassov explains its significance and why it acquired a DLP powerhouse.

Amazon CEO Jeff Bezos Faces Rare Test in First Testimony Before Congress (Wall Street Journal) Amazon.com Chief Executive Jeff Bezos’s message that the company uses its scale for good is set to be tested as never before when he makes his first-ever appearance before Congress on Wednesday.

Zuckerberg to Tell Congress Facebook’s Success Is Patriotic (Bloomberg) Facebook Inc. Chief Executive Officer Mark Zuckerberg is prepared with what he sees as a compelling argument for lawmakers ready to grill him on antitrust issues: hindering American technological innovation only helps China.Zuckerberg plans to portray his company as an American success story in a competitive and unpredictable market, now threatened by the rise of Chinese social media apps around the world -- and increasingly, at home, with the popularity of TikTok, according to people familiar w

Fighting False News in Ukraine, Facebook Fact Checkers Tread a Blurry Line (New York Times) Facebook hired a Ukrainian group battling Russian disinformation to flag misleading posts. But critics say the fact checkers’ work veers into activism.

We can meet 5G security needs, says Ericsson India MD (Telangana Today) In India, Ericsson has been working with operator partners as well as the academia community to test and develop various 5G use cases which are relevant for the country.

In Memory of Donald Smith (SANS Internet Storm Center) Last week, we learned of the passing of our friend and fellow ISC Handler, Donald Smith. Don may not be a "household name" when it comes to Internet Security, but he was one of those people who steadfastly worked in the background and pushed us all to collaborate and do better.

Products, Services, and Solutions

Tanium Luanhes Zero-Infrastructure Endpoint Management and Security (Enterprise Security) Tanium releases a new security technology solution to manage and secure endpoints.

Forcepoint Launches Suite to Reduce Remote Access Security Costs (Security Boulevard) Forcepoint today unveiled a pair of cloud services to enable the secure delivery of application services by leveraging network services delivered via the

Linux malware could soon be a thing of the past (TechRadar) Malware analysis toolkit REMnux 7 is now available to download to protect Linux systems

Synack and Colorado: Securing the Election (Synack) Synack and the State of Colorado are proud to announce a new partnership to help protect Colorado’s election systems as part of Synack’s Secure the Election campaign before the 2020 presidential election. The protection of American elections is front and center for officials nationwide, especially as states have to alter plans for voting to respond […]

Cellebrite Adds Cryptocurrency & Blockchain Investigations Solution to Industry Leading Digital Intelligence Platform - Cellebrite (Cellebrite) Cellebrite’s Crypto Tracer Solution Gives Investigators Unparalleled Visibility into Cryptocurrency Movement

CyberSN to Partner with Mindlance to Create A One-Stop-Shop for Cybersecurity Talent Solutions (Morningstar) CyberSN and Mindlance are forming a strategic partner to provide a one-stop-shop for all cybersecurity staffing needs, including permanent, contract, contract-to-hire, consulting, and gig work positions.

Thycotic Partners With Top Cyber Risk Advisory and MSSP Firms (PR Newswire) Thycotic, a provider of privileged access management (PAM) solutions for more than 10,000 organizations worldwide, including 25 of the Fortune...

CenturyLink Wins State of Arizona Network Contract (PR Newswire) CenturyLink, Inc. (NYSE: CTL) recently won a contract with the State of Arizona to provide network connectivity and managed IT services that...

Nok Nok Labs and ForgeRock Extend Relationship to Provide Passwordless Authentication to Access Management Platform (Nok Nok Labs) Causes of breaches are primarily attributed to weak access or authentication practices. A review of some of the biggest data breaches in the 21st century shows how weak access can expose the records of millions of consumers. Similarly, global regulations such as GDPR and PSD2 are driving the demand for frictionless, secure and easy-to-use authentication …

EnGenius Announces the New Rugged ECW260 Cloud Managed Wi-Fi 6 Outdoor Wireless Access Point (PR Newswire) EnGenius Technologies Inc., a high-profile multinational networking company for over two decades, today announced the release of its new...

Votiro Announces Strategic Partnership with Thales (BusinessWire) Votiro announced a partnership and distribution agreement with Thales to protect government agencies from all file-borne threats.

Centrify Empowers DevSecOps with a New Approach to Identity and Access Management for Applications and Services (Centrify) Centrify, a leading provider of Identity-Centric Privileged Access Management (PAM) solutions, today debuted Delegated Machine Credentials (DMC) as part of the Centrify Privileged Access Service to reduce risk and empower automation in increasingly complex,

Technologies, Techniques, and Standards

NIST selects algorithms to form a post-quantum cryptography standard (Help Net Security) NIST will decide on the small subset of algorithms that will form the core of the first post-quantum cryptography standard.

Cyber-Resilience in Shipping and Maritime Industry (Sea News Global Maritime News) Cyber resilience is the ability to prepare for, respond to and recover from cyber-attacks. It helps an organisation protect against cyber risks, defend against and limit the severity of attacks, and ensure its continued survival despite an attack. Shipping is a USD 4 trillion global industry responsible for transporting 80% of the world’s energy, commodities …

3 Templates for a Comprehensive Cybersecurity Risk Assessment (CyberSaint) Dive into the top three risk assessment templates from leading framework development bodies and learn which to choose for your organization.

For cyber security success, double-down on developing better detectors (ITWeb) The volume of alerts the average cyber security team has to deal with is often overwhelming, says Martin Potgieter, technical director at Nclose.

Using Good Cyber Practices to Frame Your Personal Cyber Narrative (The State of Security) Three ways to help you frame your personal cyber narrative and demonstrate your cyber street smarts as an accountable and protected user.

First US military base gets Verizon 5G (5Gradar) MCAS Miramar is the first US military base to test Verizon’s Ultra Wideband Service, as it trials defense-based use cases for 5G.

How one West Baltimore church is bridging the digital divide | COMMENTARY (Baltimore Sun) Union Baptist Church started its own cyber center several years ago to bridge the digital divide and its pastor thinks others can take on similar initiatives.

Design and Innovation

Kaspersky developing system to block phishing emails in real time (iTWire) Russian security vendor Kaspersky is testing out a system to use machine learning to detect phishing emails in real time, the company says in a statement, adding that in 2019 its existing anti-phishing system had picked up 467 million attempts to connect to phishing websites. While manual dictionari...

Research and Development

Quantum cryptography: the USA in search of an unassailable internet (Euro X live) During Thursday's presentation, the Departement of Energy presented its program to develop a national quantum internet, using the laws of quantum to transmit in

UK firm reaches final stages of the NIST quest for quantum-proof encryption algorithms (Computing) Post Quantum's Classic McEliece algorithm is the only remaining contender in the code-based category of algorithms designed to protect communications from attacks using quantum computers

Randomness theory could hold key to internet security (Cornell Chronicle) In a new paper, Cornell Tech researchers identified a problem that holds the key to whether all encryption can be broken – as well as a surprising connection to a mathematical concept that aims to define and measure randomness.

Researchers Receive DARPA Funding to Improve Chip Security (University of Arkansas News) A U of A researcher has received a $600,000 grant to make digital chips more resilient to security attacks.

Academia

Over Half of Universities Suffered Data Breach in Past Year (Infosecurity Magazine) Redscan data finds many are failing on security training and testing

Redscan Research: Over half of UK universities reported a data breach to the ICO in 2019/20 (PR Newswire) Redscan, the managed threat detection, incident response and penetration testing specialist, today released new research on the state of cyber...

Women in CyberSecurity (WiCyS) partners with Google to provide Security Training Scholarships for members (Yahoo) Women in CyberSecurity (WiCyS) has partnered with Google to create the Security Training Scholarship for women wanting to move forward in cybersecurity.

Legislation, Policy and Regulation

Europe lacks unified approach to Huawei despite yearlong assessments (S&P Global) Over a year since the European Commission instructed countries in the region to review and strengthen the security of their mobile networks, data compiled by S&P Global Market Intelligence shows a patchwork of approaches.

France looks set to follow UK’s Huawei ban after all (Telecoms.com) A report has claimed that the French cyber-security authority has told operators it won’t renew the licenses for any Huawei kit they buy once they expire.

Cyber-Security Threat And Italian Resilience (Modern Diplomacy) There is a war out there, old friend. A world war. And it is not about who has got the most bullets. It is about who controls the information. What we see and hear, how we work, what we think…it is all about the information. (From the movie Sneakers, 1992) Cyber security is today a […]

Australian cloud providers united in praise for new secure cloud guidelines (iTWire) Canberra-based secure cloud services provider Vault has welcomed the release of new guidelines for vendors to be assessed for their competence in delivering secure cloud services by either public or private sector entities. Chief executive Rupert Taylor-Price told iTWire that the way that industry h...

New govt cloud guidelines risk ‘inconsistent’ security (Information Age) Agencies on their own when choosing cloud services.

Commerce Department Files Petition to Clarify Liability Protections for Online Platforms and Protect Against Censorship (U.S. Department of Commerce) Today, the National Telecommunications and Information Administration (NTIA) filed a petition for rulemaking with the Federal Communications Commission (FCC) on behalf of U.S. Secretary of Commerce Wilbur Ross seeking to clarify regulations related to section 230 of the Communications Decency Act.

Trump Effort to Rein In Social Media Moves Forward (Wall Street Journal) The Trump administration moved forward with plans to regulate content on social-media platforms, formally asking federal regulators to start overseeing how these platforms treat user-generated content.

Biden campaign tells staff to delete TikTok (Computing) Chinese app seen as a potential security risk

Many Cyberspace Solarium Commission recommendations expected to become federal law (CSO Online) Dozens of cybersecurity measures designed to protect US businesses and infrastructure are part of the National Defense Authorization Act. Budget, political concerns might eliminate some.

FCC Notches Progress On Network Security Measures (Law360) The Federal Communications Commission announced "significant progress" in addressing security concerns surrounding the world's telecommunications traffic signaling protocol for 4G and LTE on Monday, stating that wireless providers have already implemented or are working on integrating security measures.

FCC Partners With USTelecom Group To Track Robocalls (Law360) The Federal Communications Commission's Enforcement Bureau on Monday designated the USTelecom industry traceback group as the agency's official consortium for coordinating efforts to trace illegal robocalls.

Litigation, Investigation, and Enforcement

Intel community returns final Russia report volume to Senate after declassification review (TheHill) The intelligence community (IC) recently returned the last volume of the Senate Intelligence Committee’s Russia interference report to the panel after conducting a declassification review, which means the highly-anticipated report could be publicl

Analysis | The Cybersecurity 202: Democrats push for more transparency about Russian election interference (Washington Post) Americans need more information to gird themselves against influence operations, lawmakers say.

Meng Wanzhou seeks Canadian spy-service documents, claiming ‘cover-up’ (South China Morning Post) Meng Wanzhou wants fuller access to the redacted documents about her arrest, as she seeks to have her extradition case thrown out as an abuse of process.

Five held over phishing email scams (The Standard) The police said in a joint operation with their Singapore counterpart, they have arrested five people – two Moroccan men and three local woman – who are in an alleged transnation...

Why you should never say 'that's a deal' on Zoom (Computing) Your webcam word could be your bond

Target Says Chubb Can't Weasel Out Of Data Hack Coverage (Law360) Target Corp. is fighting Chubb Ltd.'s bid to avoid covering losses from $138 million in bank settlements over a 2013 data breach, saying that units of the insurer failed to show that the credit card data hack had not caused "loss of use of tangible property."

Microsoft Seizes Control of Domains Used in Phishing Attacks (IT News Online) Microsoft has prevailed in its legal battle to help consumers and businesses in the fight against phishing, and has obtained a court order that allows the company to seize control of malicious domains.