Cyber Attacks, Threats, and Vulnerabilities
North Korea Harasses Defectors With Calls, Texts: ‘Are You Having Fun These Days?’ (Wall Street Journal) Pyongyang is using its growing hacking prowess to track down and contact citizens who have escaped and gained prominence in the South.
Pak Army Tracks Major Security Breach By Indian Hackers (Technology Times) Pak army intelligence agencies have tracked a major security breach by Indian hackers whereby phones and other gadgets of government officials.
()
Phishing Emails Used to Deploy KONNI Malware (CISA) This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques.
This New Malware Added An Email Attachment Stealer (neoRhino IT Solutions) Emotet's massive botnet was dormant for several months, but on July 17th, 2020, it suddenly rumbled back to life. It started spewing out massive numbers of phishing emails aimed at installing Trickbot payloads on anyone unfortunate enough to open one...
A financially-motivated attack group is getting better at using this banking trojan (CyberScoop) Threat actors using IcedID, a banking trojan, are getting moderately more sophisticated, according to Juniper Threat Labs.
This New Malware Added An Email Attachment Stealer (neoRhino IT Solutions) Emotet's massive botnet was dormant for several months, but on July 17th, 2020, it suddenly rumbled back to life. It started spewing out massive numbers of phishing emails aimed at installing Trickbot payloads on anyone unfortunate enough to open one...
ATM Hackers Have Picked Up Some Clever New Tricks (Wired) So-called jackpotting attacks have gotten increasingly sophisticated—while cash machines have stayed pretty much the same.
Attack of the Instagram clones (WeLiveSecurity) Could your social media account be spoofed, why would anybody do it, and what can you do to avoid having a doppelgänger?
Israeli cyber startup discovers Blockchain weakness that could potentially leak millions (Geektime) As the rise of digital asset security takes center stage with banks adopting the technology, Israeli blockchain cyber startup GK8 finds a massive network vulnerability in the process...
Hackers combine two unpatched Microsoft zero-days in attack on South Korean firm (IT PRO) The Windows 10 and Internet Explorer 11 flaws were exploited by those behind the DarkHotel spearphishing campaign
Targeted BEC attacks steal business data in six countries, posing as HR (SC Media) Orchestrated by the Russian-speaking RedCurl group, the attack stole information on a variety of businesses – mostly in construction, finance, consulting, retail, insurance, law and travel.
Free VPN Apps Found to Contain Malware (The Hack Post) The prospect of using a free VPN appeals to everyone. But did you know, nearly 38% of free Android VPNs contain malware, this is according to research by CSIRO. This means that while most free VPNs grant you access to some geo-restricted sites, they do so at the expense of your privacy. Which is scary. With both […]
Canada suffers cyberattack used to steal COVID-19 relief payments (BleepingComputer) Canadian government sites used to provide access to crucial services for immigration, taxes, pension, and benefits have been breached in a coordinated attack to steal COVID-19 relief payments.
Business Email Compromise Attacks Involving MFA Bypass Increase (Dark Reading) Adversaries are using legacy email clients to access and take over accounts protected with strong authentication, Abnormal Security says.
How Dharma Ransomware-as-a-Service Model Works (BankInfo Security) A new study from Sophos describes how the Dharma ransomware-as-a-service model offers low-skilled hackers the ability to profit from attacks on unprotected small
This surprise Linux malware warning shows that hackers are changing their targets (ZDNet) The old assumptions about security are wrong and will need updating, fast.
U.S. spirits and wine giant hit by cyberattack, 1TB of data stolen (BleepingComputer) Brown-Forman, one of the largest U.S. companies in the spirits and wine business, suffered a cyber attack. The intruders allegedly copied 1TB of confidential data; they plan on selling to the highest bidder the most important info and leak the rest.
Jack Daniel’s Manufacturer Was Target of Apparent Ransomware Attack (BloombergQuint) Jack Daniel’s Manufacturer Was Target of Apparent Ransomware Attack
Cyber hackers steal donations data from charity after hack (Eastern Daily Press) Personal data about donations made to East Anglia’s Children’s Hospice has been stolen by hackers who targeted its security provider.
Reply-All storm sparked by student smut sees school system shut down Google Classroom for up to a week (Register) Astoundingly naughty students are your new case study on how not to manage personal device access to SaaS
European Contact-Tracing Apps Stumble on Privacy Concerns, Glitches (Wall Street Journal) Regulators demand better protection of sensitive data, as officials address malfunctions in apps meant to stem the spread of coronavirus.
Ritz London suspects data breach, fraudsters pose as staff in credit card data scam | ZDNet (ZDNet) Scammers phoned guests to “confirm” their credit card details for reservations.
More Than 5,000 CRA Accounts Compromised By Cyberattacks (Baystreet) The Canada Revenue Agency (CRA) has been hacked.
The federal agency was forced to temporarily suspended its online services after two cyberattacks in which hackers stole thousands of usernames and passwords and used them to fraudulently obtain government ...
Controversial Baltimore DPW tweet criticizing President Trump deleted (WBAL) A controversial tweet from the official Baltimore Department of Public Works account has been deleted.
Security Patches, Mitigations, and Software Updates
()
Cyber Trends
New research: Data Breach Reports Down in 2020, Yet Over 27 billion Records Exposed (RBS) Our new 2020 Mid Year Data Breach QuickView Report exclusively reveals that, although the number of publicly reported data breaches stands at its lowest point in five years, the number of records exposed is more than four times higher than any previously reported equivalent time period.
"The
Cyberattacks on US companies skyrocketed by 93% in the last 12 months (Atlas VPN) Cybersecurity remains a hot topic for organizations today as cyberattacks directed at business organizations are on the rise. According to the Atlas VPN investigation, companies across North America reported a 93% increase in cyberattacks in the past 12 months.
Not only Garmin. Ransomware attacks on businesses are rising (Reason cyberSecurity) Ransomware, one of the biggest security problems on the Internet today, is a type of...
Brits feel more at risk of cyberattack since lockdown (ITProPortal) UK consumers concerned about online fraud.
Marketplace
Top Cybersecurity Companies in 2020 (FinSMEs) The global cybersecurity market has been growing exponentially over the past years and is expected to continue to expand for the coming years
()
Nostra hopes for boost from acquisition of cyber-risk firm (Business Post) The Dublin-based firm snapped up Brandon Global for its third acquisition in five years
Cloud Security Alliance, ISACA Announce Strategic Partnership to Reinvent Cloud Auditing and Assurance (BusinessWire) CSA and ISACA combine forces to bring to market the Certificate of Cloud Auditing Knowledge (CCAK) as a joint venture.
LookingGlass Cyber Solutions Announces Engagement with Defense Innovation Unit (BusinessWire) LookingGlass Cyber Solutions announced that it has signed a prototype agreement to support threat data analytics for the Defense Innovation Unit.
DivvyCloud Ranks No. 471 on Inc. 5000 List of Fastest Growing Companies in America (DivvyCloud) Company saw 970% growth from 2016 to 2019 DivvyCloud by Rapid7, the leading cloud security platform, yesterday announced that it has been named to the prestigious 2020 Inc. 5000 list of America’s fastest growing companies. In its final year of … Read more
Nuspire Recognized As A Contender By Leading Industry Analyst Firm (PR Newswire) Nuspire, a leading managed security services provider (MSSP), today announced it has been recognized as a Contender in The Forrester WaveTM:...
Trend Micro's Zero Day Initiative Again Named Market Leader in Public Vulnerability Disclosures (AP NEWS) Trend Micro Incorporated ( TYO: 4704; TSE: 4704 ), a global leader in cybersecurity solutions, today released results from a new report by Omdia that found its Zero Day Initiative (ZDI) disclosed the most vulnerabilities in 2019.
Cyber, defense and water projects: Israeli companies have made billions working in the UAE (CTECH) Companies like Logic, IAI, Elbit, and Tahal didn’t wait for official ties and have been doing business with the Gulf state for years
Confirmed—Huawei Smartphone Users Have Serious New Update Problem (Forbes) The U.S. has confirmed more bad news for millions of Huawei smartphone users...
()
Why F5 and Tempered Networks founder Jeff Hussey left retirement and ‘bought’ himself a job (GeekWire) Jeff Hussey, co-founder and CEO of Seattle’s Tempered Networks, is not a believer in long-term work-from-home practices. “We have all the technology to do it, but I don’t think human nature is wired…
Products, Services, and Solutions
InteliSecure Launches Aperture, Streamlining Data and Cloud Security Services for Microsoft 365 (PR Newswire) InteliSecure®, a leading provider of data protection services, announces the launch of its Managed Data Protection Service for Microsoft 365®,...
MEF wraps its arms around defining frameworks and policies for SASE (FierceTelecom) There's no doubt that SASE has picked up steam this year after Gartner coined the phrase last year, and now MEF has joined the SASE fray. SASE blends SD-WAN, security functions, such as zero trust, and subscriber policies to, among other things, enable users to access their connectivity services safely from anywhere
KnowBe4 launches browser password inspector tool (Intelligent CIO Europe) KnowBe4, a provider of one of the world’s largest security awareness training and simulated phishing platforms, recently announced it has launched a new, complimentary tool called the Browser Password Inspector to help better protect organisations from ransomware attacks, credential theft and account takeovers. The issue with saving passwords in browsers is that many users are […]
()
Smarttech247 launches cybersecurity course for women (RTE.ie) Securty service provider, Smarttech247, is offering a course for women looking to develop skills for a future in cybertech and security.
DH2i Extends Free Access to DxOdyssey Work From Home (WFH) Software to December 31st (DH2i) As the spread of COVID-19 continues, many employees are still working from home. The DH2i team as decided to extend the WFH offer announced in March until December 31st, 2020.
NeuVector adds compliance reporting for Kubernetes-based apps (SiliconANGLE) NeuVector adds compliance reporting for Kubernetes-based apps - SiliconANGLE
Snyk Brings Developer-first Security to Infrastructure as Code (PR Newswire) Snyk, the leader in developer-first security, is announcing the expansion of its growing product line to include Snyk Infrastructure as Code...
Kumbaya App Partners with AU10TIX to Bolster App Safety for Parents an (PRWeb) The Kumbaya App, a marketplace for parents to hire trusted teens for paid gigs, today announced its partnership with AU10TIX, a global ID verification an
Technologies, Techniques, and Standards
Penetration testing of corporate information systems (Positive Technologies) In a penetration test, ethical hackers imitate what real attackers would do.
US agency takes part in simulated cyberattack on critical systems (TheHill) The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) announced Friday the successful completion of a biannual simulated cyberattack aimed at preparing the U.S.
A Cyberattack Doesn’t Have to Sink Your Stock Price (Harvard Business Review) Here’s how to restore consumer and investor confidence.
Preparing for what’s next: Innovation also brings cyber security risk (ITWeb) Privileged access management solutions deliver automated, centralised and proactive controls that can provide peace of mind, says David Higgins, technical director, CyberArk.
()
The U.S. Election System Is Not Ready for Blockchain Technology … Yet (Nextgov.com) Blockchain does not exist in a vacuum. It requires extensive support from human personnel and other technology.
5 ways to bolster cybersecurity maturity (GCN) While tight budgets and an inability to keep up with evolving threats hinder cybersecurity maturity, agencies can bolster their defenses.
Zero trust is critical, but very underused (TechRepublic) Organizations must quickly adopt the zero trust mindset of "never trust, always verify" to mitigate the spread of breaches, limit access, and prevent lateral movement, according to an Illumio report.
In reality, how important is zero trust? (Help Net Security) Although IT and security pros think of zero trust as an important part of their cybersecurity approach, many still have a long way to go.
Army gets prototype for cyber visualization tool (C4ISRNET) Following critical user tests, a prototype for Cyber Situational Understanding has been delivered to the program office.
Fake News Is Wreaking Havoc on the Battlefield. Here's What the Military's Doing About It (Military.com) Each of the services has created new positions or units to deal with renewed information warfare threats.
Researchers exploited a bug in Emotet malware to create a killswitch, containing its spread for six months (Computing) But Emotet's operators have now patched the flaw
EmoCrash: Exploiting a Vulnerability in Emotet Malware for Defense (Binary Defense) By: James Quinn Most of the vulnerabilities and exploits that you read about are good news for attackers and bad news for the rest of us. However, it’s important to keep in mind that malware is software that can also have flaws. Just as attackers can exploit flaws in legitimate software to cause harm, defenders […]
The four steps to protecting your Android phone from hackers (WalesOnline) From downloading an antivirus app to setting a strong passcode, here's what to do
Army Reserve Cyber Soldiers Leverage Civilian Skills During COVID-19 (DVIDS) COVID-19 has transformed how Army Reserve units train throughout the country. For the U.S. Army Reserve's Cyber Protection Team 185, the pandemic has allowed them to employ their civilian experience to enhance their training during virtual battle assemblies.
Design and Innovation
ISPs Should Offer Network Parental Controls and Customers Should Demand It (Bitdefender) Parental Control is something that parents will eventually come to consider when their children start to interact with technology and the online world. Not only can ISPs help with that, but ISPs should consider offering extra features to its customers to stay ahead of the competition.
Microsoft Outlook Will Store Contacts’ Blood Group And Star Sign (Forbes) An update to the Mac version of Microsoft Outlook will let users store a terrifyingly detailed amount of personal information about their contacts, including their blood group and star sign.
()
Adobe Will Help Identifying And Tagging 'Photoshopped' Images Using Cryptographic Signatures In Metadata (Appuals.com) Adobe will soon deploy a test version of a powerful system that will help to identify images that have been morphed or altered with the intention of
Research and Development
Army researchers awarded patent for secure comms (Help Net Security) Army researchers awarded a patent for inventing a practical method for Army wireless devices to covertly authenticate and communicate.
()
A Plan to Turn Military Bases Into ‘Sandboxes’ for 5G (Wired) A top Trump adviser outlines a blueprint for experimenting with wireless tech on bases and using software to counter China's lead in hardware.
Academia
Purdue University Global earns National Center of Academic Excellence in Cyber Defense Education designation (Purdue University) Purdue University Global has been designated as a National Center of Academic Excellence in Cyber Defense Education through academic year 2025 for its Bachelor of Science degree in cybersecurity.
International students spend virtual summer at RIT for cybersecurity research program (RIT) The Cybersecurity Visiting Student Research program brought together 12 graduate and undergraduate students throughout the summer to explore new cyber research and share their cultural experiences. Visiting students came from Italy, the Netherlands, India, Taiwan, Poland, United Kingdom, and the U.S.
Cybersecurity bootcamp launched for Saudis (Arab News) The Saudi Federation for Cybersecurity, Programming and Drones (SAFCSP) has launched a training program to boost the Kingdom’s cybersecurity capabilities. The Tuwaiq Cybersecurity Bootcamp will be held virtually for the next three months. SAFCSP CEO Muteb Alqany said: “There’s a need to train national talents and enhance their capabilities based on the best international practices.” The bootcamp will be delivered by American company Offensive Security, and is funded by the Saudi Human Resources Development Fund.
Legislation, Policy, and Regulation
Putin Chef's Kisses of Death: Russia's Shadow Army's State-Run Structure Exposed (bellingcat) Yevgeny Prigozhin can be described as the Renaissance man of deniable Russian black ops. An ex convict who served time for robbery, fraud and forcing minors into prostitution, he began his legitimate business career in the 90s as a St. Petersburg restaurant owner and later as caterer for the Kremlin. Today, his official business is …
A cyber-risk we’re not prepared for: What if the power grid collapsed and America went dark? (Washington Post) Every catastrophe comes as a shock, but many shouldn’t come as a surprise. Just as we knew a pandemic was a possibility yet failed to plan for it, power-grid collapse is a threat we should be prepared for — but aren’t.
Op-Ed: Espionage – The new spy plague in Australia reflects real tension (Digital Journal) Australia is hardly the world’s idea of a center of espionage, but there’s now a big problem. A host of cyberespionage issues have been officially reported as a serious threat related to Australian defence programs by the Department of Defence.
Why India needs a strong cybersecurity policy soon (Telangana Today) Prime Minister Narendra Modi on Saturday reiterated that the government will soon unveil a new cybersecurity policy.
India's 'digital revolution' needs cyber shield: A blueprint of the new cybersecurity strategy (India Today) Prime Minister Narendra Modi, in his Independence Day 2020 speech, announced that India will soon have a new cybersecurity policy. India Today has details of the skeletal framework of the new policy that is being planned. A key aspect of the policy is that security strategies are to be planned for short durations of not more than 5 years to ensure they are not outdated.
China’s Huawei, ZTE set to be shut out of India’s 5G trials (South China Morning Post) India will apply new investment rules that cite national security concerns to restrict bidders from nations it shares land borders with to block Huawei and ZTE from its 5G network
India set to shut doors on Huawei and ZTE (United News of India) In yet another strike on Chinese technologies after China’s border belligerence in Eastern Ladakh, India is set to shut its doors on Huawei and ZTE Corp. from participating in the roll out of the 5G network A formal decision is expected to be announced shortly, official sources said here on Saturday.
India expected to ban Huawei and ZTE from its 5G networks (FierceWireless) The country will join the U.S., the U.K. and Australia in keeping Huawei out of their 5G networks due to security concerns.
China’s Huawei, ZTE Set To Be Shut Out of India’s 5G Trials (BloombergQuint) China’s Huawei Technologies Co. and ZTE Corp. are set to be kept out of India’s plans to roll out its 5G networks.
Slovenia and the US sign a Joint Declaration on 5G Security (Portal GOV.SI) Today, Slovenian Foreign Minister Dr. Anže Logar and US Secretary of State Mike Pompeo signed a Joint Declaration on 5G Security.
[Ticker] Pompeo starts EU tour with anti-Chinese 5G deal (EUobserver) The US and Slovenia signed a declaration against using Chinese 5G data networks on security grounds, as US secretary of state began a five-day tour of central European countries Thursday. Pompeo will also visit Austria, the Czech Republic, Poland and Slo...
Commerce Department Further Restricts Huawei Access to U.S. Technology and Adds Another 38 Affiliates to the Entity List (U.S. Department of Commerce) The Bureau of Industry and Security (BIS) in the Department of Commerce (Commerce) today further restricted access by Huawei Technologies (Huawei) and its non-U.S. affiliates on the Entity List to items produced domestically and abroad from U.S. technology and software.
Commerce Department Tightens Restrictions on Huawei’s Access to Chips (Wall Street Journal) The Commerce Department issued new rules restricting Huawei Technologies Co.’s access to foreign-made chips, further tightening U.S. curbs on the Chinese telecom giant’s ability to obtain crucial components.
Trump orders ByteDance to divest interest in U.S. TikTok operations within 90 days (Reuters) President Donald Trump ordered ByteDance on Friday to divest the U.S. operations of its video-sharing app TikTok within 90 days, the latest effort to ramp up pressure on the Chinese company over concerns about the safety of the personal data it handles.
()
Trump: TikTok Must Be Sold In 90 Days, Cites 'Credible Evidence' Of Security Threat (NPR) The move follows a previous executive order from the president that would make "transactions" between U.S. citizens and the Chinese-owned app illegal.
Trump takes another swing at ByteDance with executive order on acquisition of Musical.ly (ETTelecom.com) US President Donald Trump on Friday (local time) took another swing at China-based ByteDance by issuing an executive order on latter's recent acquisit..
Pentagon Wants Contractor Feedback on Rule Change that Bans Certain Chinese Firms (Nextgov.com) A provision of the 2019 National Defense Authorization Act banning agencies from contracting with companies doing business with Chinese firms like Huawei and ZTE now takes effect.
()
Huawei finds warm welcome in Africa despite Western nations’ closed doors (South China Morning Post) Huawei’s status as a major relay for China’s Belt and Road Initiative could further solidify its presence in the continent.
New bills to offer $28 billion for state and local IT, cybersecurity (StateScoop) A pair of bills to be introduced by the Cyberspace Solarium Commission would provide funding to modernize and secure the state and local IT systems in most dire need of upgrades.
Litigation, Investigation, and Law Enforcement
Trump says he will look 'very strongly' at granting pardon to whistleblower Edward Snowden (Yahoo News) Whistleblower Edward Snowden, considered a traitor by some and a hero by others, has been living in exile in Moscow since leaking spy secrets.
Trump Says He’ll Look Into a Pardon for Edward Snowden (New York Times) The remarks seemed to be a shift for President Trump, who repeatedly called Mr. Snowden a “traitor” and “spy who should be executed” in the years before his election.
Trump says he will 'take a look' at pardon for Edward Snowden (the Guardian) President said at press conference he did not know much about whistleblower’s case
Ex-F.B.I. Lawyer Expected to Plead Guilty in Review of Russia Inquiry (New York Times) Prosecutors did not reveal any evidence of the kind of broad anti-Trump conspiracy among law enforcement officials that the president has long alleged.
TikTok and its employees prepare to fight Trump over app ban (AP NEWS) TikTok and its U.S. employees are planning to take President Donald Trump's administration to court over his sweeping order to ban the popular video app, according to a lawyer preparing one of the...
China's ‘princess of Huawei’ Meng Wanzhou faces her biggest battle yet (The Telegraph) The daughter of Huawei's founder is preparing to fight her corner in Canada as US authorities circie in with an extradition request
DHS Shuts Down ISIS Plot to Turn PPE Shortage Into Terror Funding (Prescott News) Terrorists from Al Qaeda, ISIS, and Hasam using social media and cryptocurrency to raise money for their terrorist operations.
Colombia's police plan to spy on citizens' social media (Colombia News | Colombia Reports) Colombia’s Inspector General’s Office has raised concerns about police plans to buy cyber surveillance equipment that would provide access to social media accounts and messaging services like Whatsapp, newspaper El…
Controversial facial recognition tech firm Clearview AI inks deal with ICE (ZDNet) $224,000 has been spent on Clearview licenses by the US immigration and customs department.
ViSalus Can't Get $925M Robocall Damages Award Cut Down (Law360) An Oregon federal judge on Friday refused to reduce a $925 million statutory damages award that health supplement marketer ViSalus is facing after a jury found it blasted consumers with nearly 2 million unsolicited robocalls, rejecting the company's argument that the penalty was unconstitutionally excessive.
CenturyLink Settles Allegations Related to Level 3 Acquisition (Wall Street Journal) CenturyLink agreed to extend a ban on its soliciting customers in the Boise, Idaho, area and to appoint an independent monitor after it allegedly violated the terms of its acquisition of Level 3 Communications, the U.S. Justice Department said Friday.