Cyber Attacks, Threats, and Vulnerabilities
Belarus Has Shut Down the Internet Amid a Controversial Election (Wired) Human rights organizations have blamed the Belarusian government for widespread outages.
Belarus Is Trying to Block Parts of the Internet Amid Historic Protests (Vice) Twitter, local journalists, and internet freedom organizations report that there are widespread internet blocks in Belarus.
Huawei Data Centre in Papua New Guinea exposes government's secret data to spying, report warns (Computing) Huawei used outdated software in the centre, it claims
Huawei data centre built to spy on PNG (Australian Financial Review) Major cyber security flaws were found in the Beijing-funded data centre in Port Moresby, where government files could be easily stolen without detection.
Iranian Hacking Group Attacking F5 Networks. The FBI Is Watching. (The National Interest) While the FBI warning didn’t indicate whether any companies had been breached in a recent cyberattack, sources told ZDNet that Fox Kitten has been successful in cyberattacks against BIG-IP devices in at least two companies this year.
A mysterious group has hijacked Tor exit nodes to perform SSL stripping attacks (ZDNet) At one point, the group ran almost a quarter of all Tor exit nodes. Group still controls 10% of all Tor exit nodes today.
NCC Group admits its training data was leaked online after folders full of Crest pentest certification exam notes posted to Github (Register) 'Inhouse crt rigs to solve... book before ur exam' as firm claims 'some' of the content wasn't theirs
Hacking Zoom: Uncovering Tales of Security Vulnerabilities in Zoom (Mazin Ahmed) This blog post discusses my experiments in testing and hacking Zoom.
Zero Day Vulnerability Discovered in Google Chrome CSP Enforcement (PerimeterX) PerimeterX researcher discovered a zero day vulnerability CVE-2020-6519 in the Chrome browser that could have allowed attackers to fully bypass CSP rules on Chrome 73-83.
Security researcher publishes details and exploit code for a vBulletin zero-day (ZDNet) Proof-of-concept exploit code available in Bash, Python, and Ruby.
Hacked government, college sites push malware via fake hacking tools (BleepingComputer) A large scale hacking campaign is targeting governments and university websites to host articles on hacking social network accounts that lead to malware and scams.
DoubleVerify says ad fraudsters are using public domain content to create fake TV apps (Yahoo) The team at DoubleVerify, a company that helps advertisers eliminate fraud and ensure brand safety, said that it's recently identified a new tactic used by ad fraudsters seeking to make money on internet-connected TVs. Senior Vice President of Product Management Roy Rosenfeld said that it's
'Find My Mobile' Vulnerabilities Exposed Samsung Galaxy Phones to Attacks (SecurityWeek) A series of vulnerabilities affecting Samsung’s Find My Mobile could have been chained to hack Galaxy smartphones
ESET publishes a guide for navigating the risks from vulnerabilities in the Thunderbolt interface (Zawya) Via Thunderspy, an attacker can change - possibly even remove - the security measures of the Thunderbolt interface on a computer
Ransomware Hackers Post Data From 2 Providers, Device Manufacturer (HealthITSecurity) This week's breach roundup is led by possible ransomware attackers on two providers and a device manufacturer. NetWalker and DoppelPaymer hackers posted data allegedly stolen from these entities.
Netflix and YouTube users warned about massive rise in data scams (The Independent) These scams will try and get personal information, such as payment logins or passwords
Third-party leak or server hack? Intel breach stings either way (SC Media) Pictured: the Intel Museum in Santa Clara, California. Intel believes an individual with access to its Intel Resource and Design Center web portal is
Twitter Hack Exposes Security Holes (Infosecurity Magazine) Lessons learned form the recent Twitter breach
Avaddon ransomware operators have launched their data leak site (Security Affairs) Avaddon ransomware operators, like other cybercrime groups, decided to launch a data leak site where publish data of victims who refuse to pay a ransom demand. Avaddon ransomware operators announced the launch of their data leak site where they will publish the data stolen from the victims who do not pay a ransom demand. The […]
Vulnerability Summary for the Week of August 3, 2020 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Retailer Monsoon allegedly exposing data via Pulse Connect server (ComputerWeekly) A researcher has found a critically insecure Pulse Connect Secure VPN version belonging to UK retailer Monsoon Accessorize but claims the firm is ignoring his disclosures
Notice of a Data Breach (Romanazzi & Associates, via the Office of the California Attorney General) We are writing you to inform you of a data security incident that may have affected your personal information.
Michigan State University discloses credit card theft incident (BleepingComputer) Michigan State University (MSU) today disclosed that attackers were able to steal credit card and personal information from roughly 2,600 users of its shop.msu.edu online store.
Security Patches, Mitigations, and Software Updates
Adobe fixes critical code execution bugs in Acrobat and Reader (BleepingComputer) Adobe has released security updates for Adobe Acrobat, Reader, and Lightroom that fix a total of twenty-six vulnerabilities in the three programs.
Citrix fixes critical bugs allowing takeover of XenMobile Servers (BleepingComputer) Citrix today fixed 5 vulnerabilities impacting multiple versions of Citrix Endpoint Management (CEM) on-premise instances, also known as XenMobile Server.
Samsung Quietly Fixed Critical Galaxy Flaws Allowing Spying, Data Wiping (Threatpost) Four critical-severity flaws were recently disclosed in the Find My Mobile feature of Samsung Galaxy smartphones, which if exploited could allow attackers to force a factory reset on the phones or spy on users.
Cyber Trends
Evolution of CASB Survey Report | Cloud Security Alliance (Cloud Security Alliance) The study on CASB, which queried more than 200 IT and security professionals from a variety of organization sizes and locations, examined the expectations, technical implementations, and challenges of using cloud security access brokers (CASB). The study examined unrealized gaps between the rate of
Black Hat Wrap-Up: IoT and Hardware Vulnerabilities Take the Spotlight (SecurityWeek) The first entirely virtual edition of the Black Hat cybersecurity conference took place last week and researchers from tens of organizations presented the results of their work from the past year
More attackers trying to sabotage incident response tactics (SC Media) The security industry needs to become more clandestine in its approach to incident response, making it harder for attackers to know that they are being
COVID-19 Continues to Create a Larger Surface Area for Cyberattacks (VMware Carbon Black) Globally businesses are battling a sustained threat environment where attacks continue to grow in sophistication and complexity, making breaches an all but inevitable consequence.
How prepared is shipping for a cyber attack, really? (Splash 247) Daniel Ng and Professor Siraj Shaikh from CyberOwl question whether shipping executives really know if they are prepared to handle a cyber attack and suggest a cyber drill to find out. So it has happened. The screens on the business PCs in the engine control room and bridge have all locked down. The computers are …
Domestic disinformation thrives amid declining trust in US institutions (CyberScoop) Millions of Americans who already struggle to keep pace with the daily barrage of news are now becoming accustomed to another challenge that’s only becoming more complicated: weaponized misinformation.
How to Help Spoil the Cybercrime Economy (Dark Reading) Cybercrime increasingly is turning into a commodity. Stolen PII data and hijacked cloud accounts especially propel the spread, research shows.
More ransomware victims are paying up, even when data recovery is possible (TechRadar) Study ties ransomware payments to increasingly popular data exfiltration hacks.
COVID Confessions of a CISO (HackerOne) The COVID-19 crisis has shifted life online. As companies rush to meet remote work requirements and customer demands for digital services, attack surfaces have dramatically expanded, leaving security teams stretched thin and not staffed to cope. HackerOne dug into this concept to identify COVID-19 impacts on security and business. Read on for our findings.
This Is Where You’re Most Likely to Be Catfished in the USA in 2020 (HighSpeedInternet.com) Which states have the biggest problems with catfishing? We looked at FBI and Census data to determine your likelihood of being scammed.
Indians concerned about security of data shared with banks, retailers, survey finds (Moneycontrol) The study revealed that 73 percent respondents were willing to share health record data with insurance companies for recommendations on addressing potential medical issues, while 72 percent were willing to share data with government agencies to expedite access to services such as driver’s licence and government benefits.
Marketplace
Oomnitza Closes $12.5M Series B To Manage Company Digital Estates (Crunchbase News) Companies use Oomnitza’s platform to manage their IT infrastructures while also addressing requirements for security, compliance, procurement and employee experience.
Symmetry Systems Emerges from Stealth with $3 Million in Seed Funding from ForgePoint Capital and Prefix Capital to Transform Data Security (PR Newswire) Symmetry Systems, provider of cutting-edge Data Store and Object Security (DSOS), today emerged from stealth a year after raising $3 million in...
Cerberus Sentinel announces acquisition of Technologyville (GlobeNewswire) U.S. cybersecurity services firm expands service offerings
WISeKey Completes $5 Million Private Placement with Crede Capital Group - GuruFocus.comWISeKey Completes $5 Million Private Placement with Crede Capital Group (GuruFocus) WISeKey Completes $5 Million Private Placement with Crede Capital Group, Stocks: WKEY, release date:Aug 10, 2020
Email Security Firm Ironscales Wins $8 Million In New Funding (Mediapost) Ironscales has named Matthew McNulty, formerly of KnowBe4, as SVP of worldwide sales.
Centrify Again Named a Leader in 2020 Gartner Magic Quadrant for Privileged Access Management (Centrify) Centrify, a leading provider of Identity-Centric Privileged Access Management (PAM) solutions, today announced that it has been positioned by Gartner, Inc. in the Leaders quadrant of the 2020 Gartner Magic Quadrant for Privileged Access Management. The report evaluated 12 vendors based on completeness of vision and ability to execute.1
Tech, Financial Firms Eye Ways to Save TikTok’s U.S. Operations From Ban (Wall Street Journal) Several investment and technology firms are exploring a potential deal for the U.S. operations of TikTok, which is facing a Trump administration ban, but each would have to surmount hurdles at least as high as the Chinese platform’s main suitor, Microsoft.
TikTok runners and riders: who is in the race to buy the Chinese app? (The Telegraph) Microsoft is the frontrunner to buy TikTok but many others are hoping to get their hands on the social media sensation
Twitter makes play for TikTok (Computing) Twitter is said to be only looking at TikTok’s US operations - unlike Microsoft, which wants the whole package
BlackCloak Named Winner as Top 100 Cybersecurity Startup for 2020 (PR Newswire) /PRNewswire/ -- BlackCloak, Inc., the cybersecurity industry's leading provider of Concierge Cybersecurity™ for Executives, High-Profile, and High-Net-Worth...
CloudKnox Named Winner in 2020 Black Unicorn Awards for Cybersecurity Companies Who Have the Potential of Being Valued at $1B (BusinessWire) As a Top 100 Cyber Security Startup, CloudKnox’s cloud security solutions are particularly in demand in today’s ever-evolving cyber ecosystem.
XM Cyber Named a Top 100 Cybersecurity Startup for 2020 (PR Newswire) XM Cyber, the multi-award-winning leader in breach and attack simulation (BAS) advanced cyber risk analytics and cloud security posture...
KnowBe4 Celebrates 10 Years and 1,000 Employees by Planting 10,000 Trees Worldwide (PR Newswire) KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced it will be...
Leading the Way: Women In Cybersecurity (ISA Cybersecurity Inc.) Thanks to the leadership of trail-blazing women in cyber, progress is being made to break down the barriers to entering and thriving in this exciting field.
Cellebrite Announces New Additions to Its Executive Management Team (INSIDENOVA.COM) Cellebrite, the global leader in Digital Intelligence (DI) solutions for public and private sectors, today announced the appointment of three new executives
Products, Services, and Solutions
Fingerprint Cards launches new biometric solution for the PC market (Yahoo) Tailored software and a range of Fingerprints’ touch sensors support new design integrations and placements World-leading biometrics company, Fingerprint Cards AB (Fingerprints™) today launches a new solution for the PC market. Following several successful integrations in Chromebooks, biometric authentication
SonicWall’s Simplicity, Value Solve Escalating Costs, Security Needs for Newly Extended Distributed Enterprises, Governments & MSSPs (SonicWall) New high-performance NSsp firewalls, cloud-native management and on-prem threat analysis upend enterprise market to deliver cost-effective security in new business normal MILPITAS, Calif. — August 11, 2020 — Newly distributed enterprises, government agencies and MSSPs are continuously challenged to deliver vital and immediate threat protection to large-scale networks and remote workforces — all while adhering …
SonicWall Leads SMB Market to Resolve Stretched Security Budgets, Risks for Newly Extended Remote Workforces - SonicWall (SonicWall) New SonicWall TZ series is first desktop firewall to deliver multi-gigabit malware and ransomware protection, even for attacks hiding in the TLS 1.3 traffic MILPITAS, Calif. — August 11, 2020 — An essential component of modern network protection, firewall technology is increasingly relied upon as organizations secure distributed networks and rapidly expanding remote and mobile …
Generali Global Assistance Launches Email Health Check To Enhance Identity Monitoring For GEICO Customers (PR Newswire) Generali Global Assistance ("GGA"), the developer of a proprietary identity and cyber protection platform, today announced that it has launched...
Claroty and Check Point Software Technologies Partner to Secure Industrial Control Networks (PR Newswire) Claroty, the global leader in operational technology (OT) security, today announced its partnership with Check Point® Software Technologies Ltd....
Thycotic Releases Privileged Access Management Capabilities for the New Reality of Cloud and Remote Work (PR Newswire) Thycotic, a provider of privileged access management (PAM) solutions for more than 10,000 organizations worldwide, including 25 percent of the...
United Platform Levels UP (Northrop Grumman Newsroom) Northrop Grumman is at the leading edge of a Lean-Agile and Development Security Operations (DevSecOps) revolution within the U.S. armed forces as the system coordinator for a U.S. Air Force program called Unified Platform (UP). As a cloud-based,...
AI Helps Home Users Detect and Prevent Unknown Cyber Threats (MarTech Series) SecureAge adds Automatic Mode to SecureAPlus SecureAge Technology, a leading global data and endpoint protection company, has announced the addition of a new feature to its SecureAPlus application control solution to simplify security protection for home users. Automatic Mode allows the SecureAPlus AI engine to build personalised 'allow lists' without user input, preventing malicious files from causing irreparable damage – a timely solution that helps secure the gap between company networks and home devices. According to the independent IT security institute AV-TEST[1], 350,000 new malicious malwares are released daily, and this number continues to rise as attackers look to exploit
GreatHorn Strengthens Email Security Offering With Fully Integrated Platform Capabilities (GreatHorn) Enhancements to leading platform allow for greater visibility to detect and respond to increasingly sophisticated threats WALTHAM, MA– August 11, 2020 – Today, cloud-native email security solution GreatHorn announced the launch of the company’s most substantial and comprehensive platform update yet. The fully refreshed solution now offers more expansive visibility across the entire email security […]
Kaspersky further enhances privacy protection for PC users with new features (CRN - India) Read Article Kaspersky has enhanced the protection of users’ personal information on PCs by introducing several new features to its consumer products and developing Kaspersky Security Cloud to adapt to its users’ needs. Its Account Check feature now automatically checks if email addresses that customers use when logging into their online accounts have been compromised. …
CyberSaint Releases Functionality Allowing CISOs and CIOs (AiThority) CyberSaint, the developer of the leading platform for automated, intelligent cybersecurity program management, announced new CyberStrong platform
KnowBe4 decreases risk of phishing attacks from 32% to 7% at SIG (Intelligent CIO Europe) Access to, and the use of data, is a strong contributor to a company’s business strategy and it was this that increased the need for SIG to ramp up its protection from potential cyberattacks. Carl Baron, Chief Information Security Officer, SIG, tells us how KnowBe4‘s solution helped it to improve its cybersecurity. SIG plc. is […]
Cellebrite Includes Cryptocurrency and Blockchain Investigations Solutionto its Digital Intelligence Platform (CIOReview) Cellebrite’s Crypto Tracer Solution Gives Investigators Unparalleled Visibility into Cryptocurrency Movement
Technologies, Techniques, and Standards
NCSC Offers Seven-Question Guidance on Cyber Insurance (Infosecurity Magazine) NCSC offers guidance on taking out cyber insurance
National Institute for Standards and Technology Releases Draft of NIST SP 800-172 (Lexology) The National Institute for Standards and Technology released the draft of NIST Special Publication 800-172 (“NIST SP 800-172”) on July 6, 2020. This…
Five steps to compliance with the California Consumer Privacy Act (GamesIndustry.biz) At GDC Summer, Will Bucher outlines how companies already complying with GDPR can ensure CCPA compliance too
How botnets are created and how they are shut down (My Broadband) Botnets comprise networks of hijacked computers and are commonly the cause behind cyberattacks that affect businesses and organisations of varying sizes.
Pentagon updates electronic warfare handbook with new cross-branch approach (C4ISRNET) The Joint Chiefs of Staff released a new joint publication for joint electromagnetic spectrum operations, which replaces a previous document focused on electronic warfare.
Identifying common Microsoft 365 security misconfigurations (SearchSecurity) A new Nemertes Research survey revealed Microsoft 365 (formerly Office 365) has security issues that can double the time it takes to contain a breach. Nemertes CEO Johna Till Johnson looks at the major Microsoft 365 security misconfigurations, then offers best practices and strategies to secure them.
Ransomware: 5 Signs That an Attack Is Imminent (MSSP Alert) British cybersecurity company Sophos offers insights into five indicators of ransomware that organizations can use to determine if a cyberattack is imminent.
Shoring up cybersecurity in industrial settings (BIC Magazine) Let's face it: Cybersecurity does not directly contribute to bottom-line cost savings and does not make the manufacturing process more efficient.
Securing human resources from cyber attack (Help Net Security) Today, securing HR is essential. If compromised, this data can damage both the company and the personal lives of its employees.
Research and Development
GCHQ seeks researchers to tackle deep fakes and misinformation (ComputerWeekly) A new GCHQ research fellowship based at its Manchester office will explore various national security priorities such as deep fakes, fake news and the impact of AI
Academia
College Named National Center of Academic Excellence in Cyber Defense Education (Wake Technical Community College) Cybersecurity students at Wake Tech are training at one of the nation’s most robust two-year degree programs that meets rigorous requirements for cyber defense education.
Guard soldiers graduate from the Ivy Tech’s Cyber Academy (The Republic) A group of Indiana National Guard soldiers are among one of the first graduating classes at Ivy Tech’s Cyber Academy at Muscatatuck Urban Training Center in Jackson County.One of them has turned the training into a promising career.Two years into his bachelor’s degree, James Gill, felt like many students — discouraged and unsatisfied.Gill,
Cadets graduate inaugural Air Force Junior ROTC Cyber Academy (Maxwell Air Force Base) At the academy, which was held virtually, the 24 graduating cadets built skills in state-of-the-art computing and cybersecurity under the supervision of instructors from Mississippi State University
Under Half of Teachers Think Schools Have “Done Enough” to Tackle Cybersecurity Issues (Infosecurity Magazine) Cybersecurity is an increasing risk in schools due to use of online lessons in lockdown
Legislation, Policy, and Regulation
The Global Implications of China’s National and Cyber Security Laws (International Policy Digest) For years now, foreign companies operating in China have had to sacrifice a lot to operate there.
Joint Press Statement from U.S. Secretary of Commerce Wilbur Ross and European Commissioner for Justice Didier Reynders (U.S. Department of Commerce) The U.S. Department of Commerce and the European Commission have initiated discussions to evaluate the potential for an enhanced EU-U.S. Privacy Shield framework to comply with the July 16 judgment of the Court of Justice of the European Union in the Schrems II case.
Is TikTok Getting Banned in the U.S.? It’s Complicated. Here’s Everything You Need to Know (Wall Street Journal) The battle over the future of TikTok is continuing this week as ByteDance Ltd., Microsoft Corp., and the Trump administration discuss outlines of a deal that could hive off TikTok’s U.S. operations.
TikTok to Wait For UK Gov't to Back New HQ in London Before Confirming Move as US-China Tension Rise (Sputnik) News of the potential deal with the world's largest startup follows a major reversal of a government decision in January to allow Huawei Technologies to build UK 5G...
Tech Monopolies Are the Reason the US Now Has a TikTok Problem (Pro Market) Tech platforms like Facebook say we should protect, empower, and celebrate their concentrated power for the sake of America’s national security. But their history shows tech giants are structurally unable to defend American interests and should never be trusted with that task. Last night (Thursday), President Trump signed an executive order banning the Chinese …
Banning WeChat will destroy a lone bridge between the US and China (WIRED UK) WeChat is an instrument of censorship and surveillance. But, for Chinese Americans, it was also a way to connect
US Cyber Command is using unclassified networks to fight election interference (C4ISRNET) U.S. Cyber Command is using unclassified networks and publicly available communication platforms as it works to prevent foreign interference in the next presidential election, a CYBERCOM official has revealed.
Ohio becomes first state to release vulnerability policy for election-related websites (CyberScoop) Ohio has established guidelines for security experts to help fix software flaws in the state’s election-related websites, the first such move by a state.
U.S. will reallocate military 3.5GHz spectrum for consumer 5G in 2021 (VentureBeat) The Department of Defense is handing over a large block of mid band spectrum for consumer 5G, helping the U.S. reach parity with China and other nations.
Californians Will Vote on Whether to Expand the State’s Consumer Privacy Act (The National Law Review) In November, California residents will vote on a proposal to augment California’s Consumer Privacy Act (CCPA), which took effect in January 2020. The Secretary of State Alex Padilla confirmed th
Litigation, Investigation, and Law Enforcement
Hong Kong media tycoon Jimmy Lai arrested under national security law (Washington Post) Lai, detained on charges of colluding with foreign powers, is the most prominent person to be arrested under the new law.
National Cyber Security Centre and CID nab empress leak operator (GhanaWeb) The National Cyber Security Centre (NCSC) of the Ministry of Communications, in collaboration with the Criminal Investigation Department (CID) of the Ghana Police Service and the National Cyber Security Technical Working Group, have nabbed the...
CM claims ignorance over cyber attack on journalists by CPM supporters (The New Indian Express) The CM said he had never said that journalists were carrying out personal attack on him.
The Cybersecurity 202: Zoom sued by consumer group for misrepresenting its encryption protections (Washington Post) A consumer advocacy group is suing Zoom and seeking millions of dollars in damages, accusing the company of misleading its users about the strength of its encryption protections.
Leidos objects to elimination from defense intell contract (Washington Technology) Leidos has gone to the Government Accountability Office after the Defense Intelligence Agency eliminated it from the running for an analytical support services contract.