Cyber Attacks, Threats, and Vulnerabilities
Hacking group has hit Taiwan's prized semiconductor industry, Taiwanese firm says (CyberScoop) Taiwan’s semiconductor industry, a centerpiece of the global supply chain for smartphones and computing equipment, was the focus of a hacking campaign targeting corporate data over the last two years,
Chinese Hackers Have Pillaged Taiwan's Semiconductor Industry (Wired) A campaign called Operation Skeleton Key has stolen source code, software development kits, chip designs, and more.
Black Hat: Hackers are using skeleton keys to target chip vendors (ZDNet) Operation Chimera focuses on the theft of valuable intellectual property and semiconductor designs.
Iranians, Russians receive text messages seeking U.S. election hacking info (Reuters) When Mohamad first got the text message offering him up to $10 million for information about attempts to interfere with the U.S. election, he thought it was "some kind of cyber attack."
Facebook disables Romanian network masquerading as pro-Trump Americans (Washington Post) The people behind the deceptive content used fake accounts and other methods to post about U.S. political news, the social media company said.
KrØØk attack variants impact Qualcomm, MediaTek Wi-Fi chips (BleepingComputer) Qualcomm and MediaTek Wi-Fi chips were found to have been impacted by new variants of the KrØØk information disclosure vulnerability discovered by ESET researchers Robert Lipovský and Štefan Svorenčík.
Intel, ARM, IBM, AMD Processors Vulnerable to New Side-Channel Attacks (The Hacker News) Modern CPUs from various hardware vendors like Intel, AMD, ARM, and IBM are susceptible to a new form of Foreshadow speculative execution attack.
Malicious accounts in business email compromise (Journey Notes) Since the beginning of 2020, researchers at Barracuda have identified 6,170 malicious accounts that use Gmail, AOL, and other email services.
Researchers flag two zero-days in Windows Print Spooler (Help Net Security) Researchers have discovered two zero-days in the Windows Print Spooler service, one of which (CVE-2020-1337) will be patched on August 2020 Patch Tuesday.
Inter skimming kit used in homoglyph attacks (Malwarebytes Labs) Threat actors load credit card skimmers using a known phishing technique called homoglyph attacks.
Evasive Credit Card Skimmers Using Homograph Domains and Infected Favicon (The Hacker News) New Evasive Phishing Attacks Leveraging Homoglyph Domains and Infected Copycat Favicon to Skim Payment Data
Magecart group uses homoglyph attacks to fool you into visiting malicious websites (ZDNet) A new campaign is utilizing the Inter kit and favicons to hide skimming activities.
Cyber Security Today – How to avoid going to fake web sites (IT World Canada) Today's podcast looks at ways to make sure you go where you want, not to sites created by crooks
Why Satellite Communication Eavesdropping Will Remain A Problem (Dark Reading) Oxford PhD candidate James Pavur shows that SATCOM security has still made no progress since previous Black Hat disclosures, and discusses the physical and economic limitations that slow make it unlikely to improve anytime soon.
Intel Investigating Data Leak of Technical Documents, Tools (SecurityWeek) Intel is investigating reports that a claimed hacker has leaked 20GB of data coming from the chip giant, which appear to be related to source code and developer documents and tools.
Hackers Dump 20GB of Intel's Confidential Data Online (Threatpost) Chipmaker investigates a leak of intellectual property from its partner and customer resource center.
Intel leak: 20GB of source code, internal docs from alleged breach (BleepingComputer) Classified and confidential documents from U.S. chipmaker Intel, allegedly resulting from a breach, have been uploaded earlier today to a public file sharing service.
Gigabytes of 'sensitive' internal Intel documents dumped online (CyberScoop) Chip giant Intel is investigating the leak of what appears to be a 20 GB cache of internal documents, some of which are marked “confidential,” after it appeared on various messaging platforms and data hosting sites. An Intel spokesperson told CyberScoop that the data looks to be from the company’s Resource and Design Center, which hosts information for customers, partners and other external parties that have access.
Intel investigating breach after 20GB of internal documents leak online (ZDNet) Leak confirmed to be authentic. Many files are marked "confidential" or "restricted secret."
Expert Commentary: Canon ransomware attack (Information Security Buzz) Please find below expert commentary on th news that Canon experienced a ransomware attack, similar to LG and Xerox.
Canon confirms ransomware attack in internal memo (BleepingComputer) Canon has suffered a ransomware attack that impacts numerous services, including Canon's email, Microsoft Teams, USA website, and other internal applications. In an internal alert sent to employees, Canon has disclosed the ransomware attack and working to address the issue.
Ledger suffers data breach, personal data leaked (Includes interview) (Digital Journal) France-based major hardware wallet provider Ledger has admitted it suffered a data breach on June 17 that appears to have allowed a “third party” access to at least 1 million of its users’ contact details. What does this say about online security?
The Secret Life of an Initial Access Broker (Kela) Recently, ZDNet exclusively reported a leak posted on a cybercrime community containing details and credentials of over 900 enterprise Secure Pulse servers exploited by threat actors, Since this leak represents an ever-growing ransomware risk, KELA delved into both the leak’s content and the actors who were involved in its inception and circulation,
BlueRepli attack lets hackers bypass Bluetooth authentication on Android (HackRead) The findings were shared by researchers at the Black Hat USA 2020 virtual event.
Palo Alto Networks Discloses Kata Container Flaws (Container Journal) Unit 42 researchers demonstrated at Black Hat USA 2020 how they enabled malicious code to escape from a Kata Container runtime environment.
Ransomware Threatens Production of 300 Ventilators Per Day (Cointelegraph) The DoppelPaymer gang deployed a ransomware attack against ventilator manufacturer Boyce Technologies amid the COVID-19 pandemic
NY ventilator innovator hit by Windows DoppelPaymer ransomware (ITWire) A company that used its engineering expertise to develop a ventilator in a month because it was needed in New York has fallen victim to a ransomware attack, with cyber criminals using the Windows DoppelPaymer ransomware to attack the company's infrastructure. Boyce Technologies developed the ven...
Sophos shares five signs of ransomware attacks (Back End News) Hackers use "legitimate admin tools" to infiltrate a network and if they cannot, the most inconspicuous machines that are connected to the network would do.
Stricken electronics firms weigh reward, cost of paying ransom (SC Media) A Canon sign on a store in Hong Kong. Canon is the latest electronic firm to be hit by a ransomware attack and potentially have to ponder whether or not
Trailer Power Line Communications (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 4.3
Vendor: Multiple Trailer and Brake Manufacturers
Equipment: Power Line Communications Bus / PLC4TRUCKS / J2497
Vulnerability: Exposure of Sensitive Information Through Sent Data
2. RISK EVALUATION
The National Motor Freight Traffic Association (NMFTA) and Assured Information Security (AIS) have released research detailing a vulnerability within trailer Power Line Communications (PLC) signals.
Geutebrück G-Cam and G-Code (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.2
ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available
Vendor: Geutebrück
Equipment: G-Cam and G-Code
Vulnerability: OS Command Injection
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow remote code execution as root.
Advantech WebAccess HMI Designer (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Advantech
Equipment: WebAccess HMI Designer
Vulnerabilities: Heap-based Buffer Overflow, Out-of-bounds Read, Out-of-bounds Write, Type Confusion, Stack-based Buffer Overflow, Double Free
2.
Delta Industrial Automation TPEditor (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low skill level to exploit
Vendor: Delta Electronics
Equipment: TPEditor
Vulnerabilities: Out-of-bounds Read, Stack-based Buffer Overflow, Heap-based Buffer Overflow, Write-what-where Condition, Improper Input Validation
2.
FBI announcement on Windows 7 end of life prompts worry from security experts (TechRepublic) Despite the FBI announcement, hospitals, schools, and government offices across the world still use Windows 7.
Jewish Federation data breached in cyber attack (St. Louis Jewish Light) A company hired by Jewish Federation of St. Louis was recently attacked by a cybercriminal who may have stolen Federation supporters' personal information, according to a notice issued yesterday.
Scholarship America Provides Notice Of Data Security Incident (Southernminn.com) Scholarship America, a nonprofit organization that manages scholarship and tuition assistance programs for different organizations, is providing notice to individuals impacted by the exposure
Hancock County school district hit by cyber attack, internet connectivity affected (WRTV) Schools in the Community School Corporation of Southern Hancock County district were subject to a cyber attack over the last two days, primarily affecting internet connectivity for teachers and students.
Mail-in ballot applications in Virginia tap into worries about fraud with faulty instructions (Washington Post) A voter registration group with a history of error-prone mailers sent ballot applications with return envelopes addressed to the wrong elections offices.
DoS Series: Introduction (OpenRelay) At the height of the COVID-19 pandemic, a small midwestern startup company found themselves defending against a week-long barrage of cyberattacks executed by hackers operating from within a prestigious university in the north-eastern United States.
So you've decided you want to write a Windows rootkit. Good thing this chap's just demystified it in a talk (Register) Demirkapi shows how drivers can be misused for deep pwnage
Security Patches, Mitigations, and Software Updates
Positive Technologies helps eliminate vulnerabilities in Yokogawa's CENTUM DCS (distributed control system) (Positive Technologies) Positive Technologies helps eliminate vulnerabilities in Yokogawa's CENTUM DCS (distributed control system)
YSAR-20-0001: Vulnerabilities in CAMS for HIS (Yokogawa Security Advisory Report) Vulnerabilities have been found in CAMS for HIS of CENTUM. Yokogawa has identified the range of affected products in this report.
August 2020 Patch Tuesday forecast: Planning for the end? (Help Net Security) In this August 2020 Patch Tuesday forecast, Todd Schell from Ivanti offers insight on what we can expect next week. Are you ready to deploy the patches?
Cyber Trends
A Better Than Remote Chance – More People (Cloud Security Alliance) New research underlines the fact that more people will likely prefer to work from home, even when the pandemic passes. Security models that better address cloud apps, mobility and BYOD will clearly need to evolve to address related data protection.
How COVID-19 Has Changed Business Cybersecurity Priorities Forever (The Hacker News) Businesses around the world have experienced numerous changes in their technology, operations and cybersecurity priorities.
Pirate Subscription Services Now a Billion-Dollar U.S. Industry, Joint Digital Citizens Alliance-NAGRA Report Finds (Digital Citizens Alliance) Digital Citizens Alliance and NAGRA jointly released today an investigative report showcasing how illegal piracy subscription services in the United States have grown into a billion-dollar industry that steals from creators, circumvents legitimate TV operators, and poses risks for consumers. “Money for Nothing” details how a sophisticated ecosystem of thousands of retailers and wholesalers –through content theft and enabled by legal businesses–provides illicit piracy services to at least nine million U.S. households.
Microsoft Office 365 is becoming the core of many businesses. And hackers have noticed (ZDNet) As cloud-based services become the key to many business operations, hackers are refocusing their aim.
Marketplace
HyperQube Announces Equity Raise Led by Leawood Venture Capital (The Central Virginian) ARLINGTON, Va., Aug. 6, 2020 /PRNewswire/ -- HyperQube Technologies, the Arlington, Virginia, company that brings the power of "copy and paste" to complex cloud networks, today announced Leawood Venture Capital
VulnHub Taken over by Offensive Security (CIO Applications) VulnHub is an open-source, continually updated catalog of IT assets that are legally hackable,...
Could TikTok's Irish data centre be enough to protect user privacy? (The Telegraph) British and European TikTok users will see their data transferred from the US to Ireland to boost security
Certis bulks up on tech capabilities as it expands beyond security (The Edge Singapore) For property owners, instead of parcelling out different contracts for security, command and control systems, facilities management and concierge, Certis has the technology, the manpower and the capabilities to handle them all.
NordVPN unveils advisory team to improve security and privacy (Android Central) NordVPN is doubling down on security and has announced an all-new advisory team that will help keep the company on the right path.
I'm Partnering with NordVPN as a Strategic Advisor (Troy Hunt) I love security. I love privacy. Consequently, it will come as no surprise that I love tools that help people achieve those objectives. Equally, I have no patience for false promises, and I've been very vocal about my feelings there: But one of them is literally called “Secure VPN”, how
Products, Services, and Solutions
Solutions Granted, Inc. Releases New MDR Solution to Serve MSP Cybersecurity Needs (PR Newswire) Solutions Granted, Inc. is thrilled to announce the launch of our Managed Detection & Response solution. This solution is unique in the...
Cybereason and deepwatch Announce a Strategic Partnership to Help Enterprises Stop Advanced Cyber Attacks (Cybereason) Cybereason, a leader in endpoint security, and deepwatch, a leading provider of intelligence driven managed security services, today announced a partnership to help security operations teams protect enterprises from advanced cyber threats through a new Managed Endpoint Detection & Response (MEDR) solution.
Terbium Labs and DarkOwl Join Forces to Enable Clients Secure Monitoring of Millions of Records Against the World's Largest Dark Web Database (WebWire) DarkOwl LLC and Terbium Labs are proud to announce a strategic partnership, the combination delivers a uniquely comprehensive and granular digital risk protection for Terbium clients....
Trusona Extends Enterprise Offering with Passwordless Authentication for Windows 10 (The Apache Junction & Gold Canyon News) Trusona, the pioneering leader in passwordless multi-factor authentication solutions, today announced support for Windows 10 end-points, enabling enterprises to provide enhanced security and
BKD launches new cybersecurity assessment tool to grade progress (Kansas City Business Journal) The new BKD Cybersecurity Framework Assessment Tool helps businesses assess their cybersecurity measures and measure improvement in an affordable way.
Thales High Tech to Offer Thai Citizens One of the World’s Most Secure E-Passports (BusinessWire) The next generation of high-tech e-passports to the Ministry of Foreign Affairs (MOFA) of Thailand has been successfully delivered thanks to Thales.
Snapchat adds in-app voter registration targeted at young people (Axios) Snapchat successfully registered 450,000 people through its app during the 2018 midterms.
Securonix Introduces SearchMore for Proactive Threat Detection and Response (Yahoo) Next-Gen SIEM Allows SOC Teams to Search Live and Long-Term Data; Delivers Industry-First Community-Powered Threat Hunting Capability
wolfSSL Compiles Most Comprehensive Set of Cryptographic Benchmarks (PRWeb) The wolfSSL embedded SSL/TLS library was written from the ground-up with portability, performance, and memory usage in mind. Our benchmarks outshine our com
Open source tool Infection Monkey allows security pros to test their network like never before (Help Net Security) Guardicore unveiled new capabilities for Infection Monkey, its free, open source tool that maps to the MITRE ATT&CK knowledge base.
Fortinet Introduces the World’s First Hyperscale Firewall (GlobeNewswire) FortiGate 4400F is the Only Firewall Capable of Securing Hyperscale Data Centers and 5G Networks, Delivering the Industry’s Highest Performance with Security Compute Ratings of up to 13x
New infosec products of the week: August 7, 2020 (Help Net Security) The featured products this week come from the following vendors: BluBracket, Farsight Security, Radiflow, StrongBox IT, and Fortinet.
Technologies, Techniques, and Standards
()
Drizly's customer data was stolen, here's some cyber security advice for the beverage industry (Craft Brewing Business) Drizly, the biggest name in online alcohol delivery services (that also provides sales data we usually hype) had a data breach recently. Multiple outlets have confirmed that the hacker stole customer email addresses, dates of birth, passwords and even some delivery addresses. This is around 2.5 million accounts we’re talking. Drizly says no credit cardRead More
Air Force cyber security experts expect reorganizations to help improve information warfare and cyber ops (Military & Aerospace Electronics) Combat mission teams conduct cyber operations on behalf of combatant commands and cyber support teams, and support the combat mission team.
Top secret telework 'is not a thing' (FCW) The National Security Agency is expanding its use of Microsoft Office 365 to support unclassified telework
Loving the Algorithm: User Risk Management and Good Security Hygiene (Security Intelligence) User risk management customizes security so your team can stay on top of today's best practices. Find out how a user risk management can help the business.
7 important things to look for when buying antivirus software (Windows Central) If you are looking to invest in a antivirus for your computer, there are a few things you should look for when making the purchase. Here are some helpful tips and tricks.
Cyber insurance: Seven questions you need to consider before buying (ZDNet) Insuring against hackers and ransomware could help you recover more quickly. But here are some things to think about before you buy.
Design and Innovation
()
Tool that turns Domain Name System into a security layer unveiled at Black Hat 2020 (The Daily Swig) Introducing ioc2rpz – where threat intelligence meets DNS
DEF CON’s aerospace village looks to satellite hacking to improve security in space (CyberScoop) Next time your GPS app functions without interruption, or a credit card transaction is approved on the first try, consider thanking a hacker. Both of those everyday activities, along with many others, are made possible in part because of satellites, those orbiting chunks of metal that only a fraction of the population thinks about on a regular basis.
Hackers and Defense Officials Unite Online at DEF CON 28 - ClearanceJobs (ClearanceJobs) Military and law-enforcement officials join with hackers at DEF CON, an annual hacking-themed tech expo. Sometimes, we need hackers to keep us safe.
Research and Development
Researchers Create New Framework to Evaluate User Security Awareness (Dark Reading) Approaches based on questionnaires and self-evaluation are not always a good indicator of how well a user can mitigate social engineering threats.
Legislation, Policy, and Regulation
How the US Can Prevent the Next 'Cyber 9/11' (Wired) In an interview with WIRED, former national intelligence official Sue Gordon discusses Russian election interference and other digital threats to democracy.
Cyber strategy a missed local opportunity (InnovationAus) If anyone were waiting on the Australian Government Cyber Security Strategy 2020 to include a set of industry policies that would help grow the local cyber security sector, they will have been massively disappointed.
Trump Executive Orders Target TikTok, WeChat Apps (Wall Street Journal) President Trump issued a pair of executive orders imposing new limits on Chinese social-media apps TikTok and WeChat, escalating tensions with Beijing and effectively setting a 45-day deadline for an American company to purchase TikTok’s U.S. operations.
Trump issues executive orders banning U.S. transactions with WeChat and TikTok in 45 days (CNBC) The ban will take effect in 45 days and may attract retaliation from Beijing.
Executive Order on Addressing the Threat Posed by TikTok (The White House) By the authority vested in me as President by the Constitution and the laws of the United States of America, including the International Emergency Economic
Executive Order on Addressing the Threat Posed by WeChat (The White House) By the authority vested in me as President by the Constitution and the laws of the United States of America, including the International Emergency Economic
Statement on the US Administration's Executive Order (Newsroom | TikTok) TikTok is a community full of creativity and passion, a home that brings joy to families and meaningful careers to creators. And we are building this platform for the long term. TikTok will be here fo
Fortnite and League of Legends players could be collateral damage from Trump’s WeChat ban (Quartz) Trump's executive orders are worded vaguely, leaving lots of unanswered questions about potential ripple effects.
China focus might distract the U.S. from the possibility of a Putin surprise in Belarus and beyond (Atlantic Council) COVID-19 has shown both the nature and relentlessness of the Chinese Communist Party’s to place itself at the center of global power and influence.
Trump advisers urge delisting of U.S.-listed Chinese firms that fail to meet audit standards (Reuters) Trump administration officials have urged the president to delist Chinese companies that trade on U.S. exchanges and fail to meet U.S. auditing requirements by January 2022, Securities and Exchange Commission and Treasury officials said on Thursday.
It looks like Trump is beating Huawei (Light Reading) Infinera's outgoing CEO described the situation as a 'once-in-a-lifetime opportunity' for companies that compete against the Chinese vendor.
CISA Finalized Directive on Vulnerability Disclosure Policies, Congressman Says (Nextgov.com) The binding operational directive would create a legal path for ethical hackers to report website vulnerabilities to government agencies.
State Department Official Who Lobbied Against Huawei to Resign (Bloomberg) Rob Strayer also part of effort to out hackers or indict them. He becomes latest in string of Trump cyber officials to leave.
US Air Force links cyber, intel with new contract office (C4ISRNET) The 16th Air Force has realigned the mission for one of its contracting offices to better integrate cyber and intelligence capabilities.
Litigation, Investigation, and Law Enforcement
Android user chucks potential $10bn+ sueball at Google over 'spying', 'harvesting data'... this time to build supposed rival to TikTok called 'Shorts' (Register) These are the class-action-suit-joining 'droids lawyers are looking for. (We'll get our coats)
Banking Regulator Fines Capital One $80 Million Over 2019 Hack (Wall Street Journal) A top banking regulator has fined Capital One Financial $80 million over a 2019 hack that compromised the personal information of about 106 million card customers and applicants.
Capital One fined $80M by regulators over 2019 data breach, agrees to improvements (Washington Business Journal) Capital One Financial Corp (NYSE: COF) will pay an $80 million fine and enter into a consent order with its regulator, the Office of the Comptroller of the Currency, over issues related to a data breach in 2019 that exposed more than 106 million records of customers and credit card applicants.
Chinese court sentences another Canadian to death for drugs (Reuters) A Chinese court said on Friday it had sentenced a Canadian to death for transporting and manufacturing drugs, the second Canadian in two days to receive a death penalty for drugs and fourth since Canada detained a top Huawei executive in 2018.
How Security Research Can Get You Arrested (PCMag UK) When they were hired by the government to test the physical security of public buildings, Justin Wynn and Gary Demercurio didn't expect another branch of government to put them in jail.
Pittsburgh’s new FBI head eyeing foreign interference in U.S. election, fraud, cyber crimes (TribLIVE.com) FBI agents based in Western Pennsylvania are among those working to identify and block international attempts to interfere in the U.S. presidential election. Michael A. Christman, a Youngstown native who took the helm as Special Agent in Charge of the FBI’s Pittsburgh field office in mid-May, discussed his elections task