Iran's new cyber underworld. SourMint malware in iOS-focued SDK. Ex-US Army officer accused of spying for GRU. TikTok lawsuits.

Cyber Attacks, Threats, and Vulnerabilities

With a mix of covert disinformation and blatant propaganda, foreign adversaries bear down on final phase of presidential campaign (Washington Post) When the nation’s top intelligence officials last spoke publicly together, in January of last year, they said that foreign adversaries were eyeing the 2020 elections as an opportunity to launch “online influence operations” that seek to undermine public confidence in democratic institutions and influence public opinion in the United States.

Cybercriminal greeners from Iran attack companies worldwide for financial gain (Group-IB) Group-IB, a global threat hunting and intelligence company headquartered in Singapore, has detected financially motivated attacks carried out by Iranian newbie threat actors in June.

Iranian hackers attack exposed RDP to deploy Dharma ransomware (BleepingComputer) Low-skilled hackers likely from Iran have joined the ransomware business targeting companies in Russia, India, China, and Japan. They are going after easy hits, using publicly available tools in their activity.

WELL-KNOWN MALWARE COMMITTING CLICK AD FRAUD ON LOW-END DEVICES IN EMERGING MARKETS UNCOVERED BY SECURE-D - Upstream (Upstream) Triggered by other malware that was found on the phones, Secure-D researchers exposed how the Triada/xHelper duo facilitated mobile ad fraud.

SourMint: malicious code, ad fraud, and data leak in iOS | Snyk (Snyk) The Snyk research team has uncovered malicious code used for ad fraud in a popular Advertising SDK used by over 1,200 apps in the AppStore.

Lucifer botnet now infecting Linux-based systems (Computing) The Lucifer malware infects machines and forms a botnet to mine cryptocurrency

Lucifer’s Spawn (NETSCOUT) ASERT researchers have uncovered new information about Lucifer, which is a cryptojacking and distributed denial of service (DDoS) bot, originally found to exploit and run on Windows based systems.

Feds warn election officials of potentially malicious ‘typosquatting’ websites (CyberScoop) DHS last week told election officials to be wary of suspicious websites that impersonate federal and state election domains and could be used for phishing or influence operations.

NSA + FBI Warn Defense Contractors of Russian Hackers (JD Supra) When the National Security Agency (NSA) and the Federal Bureau of Investigations (FBI) get together to issue a joint warning, you may wish to listen...

Transparent Tribe APT hit 1000+ victims in 27 countries in the last 12 months (Security Affairs) The Transparent Tribe cyber-espionage group continues to improve its arsenal while targets Military and Government entities. The Transparent Tribe APT group is carrying out an ongoing cyberespionage campaign aimed at military and diplomatic targets worldwide. The group upgraded its Crimson RAT by adding a management console and implementing a USB worming capability that allows it […]

Beware This Sinister New ‘Dark Side’ $1 Million Cyber Threat, You Must (Forbes) Beware this brand new threat that targets those who "can afford to pay," and has already made more than $1 million in less than two weeks.

New ransomware hacker group targets billion-dollar Toronto company (Insurance Business) Threat actors claim to have stolen 200 GB of information from the firm

DarkSide: New targeted ransomware demands million dollar ransoms (BleepingComputer) A new ransomware operation named DarkSide began attacking organizations earlier this month with customized attacks that have already earned them million-dollar payouts.

Researchers Sound Alarm Over Malicious AWS Community AMIs (Threatpost) Malicious Community Amazon Machine Images are a ripe target for hackers, say researchers.

Warning from Link11 as Aggressive Fancy Bear DDoS Attackers Return (Totaltelecom) Link11, European leader in cyber-resilience, is warning of a rise in DDoS extortion and large-scale DDoS attacks carried out by blackmailers under the alias ‘Fancy Bear.’

Positive Technologies pentests find hackers are difficult to distinguish from legitimate users (Positive Technologies) Positive Technologies pentests find hackers are difficult to distinguish from legitimate users

Akamai Identifies Copycat DDoS Extortion Rings (Security Boulevard) A group of copycat cybercriminals that appear to be pretending to be affiliated with more notorious threat actors are sending extortion letters

Ransom Demands Return: New DDoS Extortion Threats From Old Actors Targeting Finance and Retail (Akamai) TL;DR: Akamai is aware of new threats being made by those claiming to be Fancy Bear and Armada Collective. They are currently targeting multiple sectors, including banking and finance, as well as retail. Akamai continues to monitor these malicious activities...

Freepik data breach: Hackers stole 8.3M records via SQL injection (BleepingComputer) Freepik says that hackers were able to steal emails and password hashes for 8.3M Freepik and Flaticon users in an SQL injection attack against the company's Flaticon website.

Massive data breach affects SD COVID-19 patients (KELOLAND.com) A division of the SD Department of Public Safety, the Fusion Center, is letting people who tested positive for COVID-19 know they may be the victims of a massive data breach.

Hackers posing as HR staff are sending lay off emails to attack firms (Business Styandard) Hackers disguised as HR are sending lay-off emails to employees amid the pandemic, pushing malware into devices, accessing data and entering networks of organisations once attachments are clicked open

Hackers Are Posing as HR & Sending Lay-Off Mails to Push Malware (TheQuint) Hackers disguised as the HR staff are sending lay-off emails to employees to infect their systems with malware.

Google Drive users beware, hackers can use this flaw to trick you into installing malware (The Financial Express) Spear phishing attacks are ones where users are inadvertently made to open files that have malware. It is usually used to collect confidential information of the targeted users.

Grandoreiro campaign impersonates Spanish Agencia Tributaria (Security Affairs) Operators of Grandoreiro Latin American banking trojan have launched a new campaign using emails posing as the Agencia Tributaria in order to infect new victims. Operators behind the Grandoreiro banking trojan, which is popular in Latin America, have been using emails posing as the Agencia Tributaria to trick victims into installing the malware. The campaign began […]

Primary Indian ticket vendor suffers crippling data breach (SafetyDetectives) One of India’s most popular travel booking hubs was left exposed without adequate security measures, and subsequently, suffered a significant data breach

Outlook “mail issues” phishing – don’t fall for this scam! (Naked Security) We deconstruct an email phishing scam in detail so you don’t have to!

Russian Software Firm Finds Data Of 200Mln Twitter, Weibo Users In Public Domain (UrduPoint) Private details of some 200 million Twitter and Weibo users have been found online by software created by the Russian IT security company DeviceLock, its founder told Sputnik on Friday

Top exploits used by ransomware gangs are VPN bugs, but RDP still reigns supreme (ZDNet) While some ransomware groups have heavily targeted Citrix and Pulse Secure VPNs to breach corporate networks in H1 2020, most ransomware attacks take place because of compromised RDP endpoints.

Lax security makes SA easy prey for hackers, warn experts in wake of Experian data breach (IOL) The security data breach at Experian highlighted the country’s lax information technology that has made SA the third-highest country in the world to be hit by cybercrime.

’Remain vigilant’ - Fear runs high after Experian data breach (IOL) Cybersecurity experts and banks have asked citizens to prepare for the worst following the theft of personal information in the country’s largest ever data breach.

BUSINESS MAVERICK: Experian offers mea culpa after massive data breach blunder (Daily Maverick) Credit bureau Experian has been left with egg on its face after it willingly handed over personal details of as many as 24-million consumers and nearly 800,000 businesses to a suspected fraudster. Experian insists that the data breach has been ‘contained’ as no consumer credit information or financial information was obtained by the fraudster.

Hackers eye students returning to virtual classes as easy targets (TheHill) As many students across the country are returning to school online this fall, they face a potential wave of cyberattacks from hackers seeking to take advantage of academic institutions conducting remote classes duri

Malware attack prompts suspension of online instruction at Rialto Unified School District (San Bernardino Sun) On social media, the district said: “We understand that this news is difficult in these already challenging times and we appreciate your patience while we work to address this issue.”

Security Patches, Mitigations, and Software Updates

Windows 10 users complain of performance loss and hardware errors after latest update (IT PRO) Dozens of complaints are flooding online forums, many of which are from Lenovo device owners

Cyber Trends

Experian SA data breach may set a worrying trend (IOL) Technology expert says that South Africans should expect more incidents such as these as companies were run by an “old guard” of people who did not prioritise cybersecurity

Companies Battle Another Pandemic: Skyrocketing Hacking Attempts (Wall Street Journal) With about half the U.S. workforce engaged in remote work, cybersecurity experts say threats are on the rise thanks to weak Wi-Fi passwords and shared devices.

The Cybersecurity 202: Coronavirus crisis spawned more scams than any other event in the last decade (Washington Post) For fraudsters, the coronavirus pandemic has been like Christmas, Valentine’s Day and the Super Bowl all rolled into one.

Data leaks surge almost 500% at 27 billion amid pandemic (Atlas VPN) Data breaches exposing millions of personal records are becoming the new normal. Data leaks reached an all-time high, rising by 492% to a record 27 billion in the first half of 2020.

Africa's people are under cyber attack and why we need more cyber security awareness and training on the continent (ITWeb) Africa has become the new hunting ground for cyber criminals and fraudsters looking to exploit user vulnerabilities, says Anna Collard, MD of KnowBe4 Africa.

Nuspire Reveals a Shift in Attack Methods with an Exponential Increase of Botnet and Exploit activity (Nuspire) Nuspire, a leading managed security services provider (MSSP), today announced the release of its Q2 2020 Quarterly Threat Landscape Report, outlining new cybercriminal activity and tactics, techniques and procedures (TTPs). “Partnering with a MSSP like Nuspire with access to the latest threat intelligence enables organizations to understand and identify…

Nuspire’s Quarterly Threat Landscape Report: Q2 2020 (Nuspire) Learn about the most prevalent cybersecurity headlines throughout Q2 of 2020 and recommendations on how to secure your organization. Get your free copy!

84% Of Organizations Report That the Impact of an Active Directory Outage Would Be Significant, Severe, or Catastrophic in the Latest Semperis Study (BusinessWire) Semperis, the pioneer of identity-driven cyber resilience for enterprises, today announced the availability of its 2020 study “Recovering Active Direc

Marketplace

Palantir, tech's next big IPO, lost $580 million in 2019 (ETtech.com) Palantir has recently been the subject of sustained protests over its government contracts, particularly its work with Immigration and Customs Enforce..

India's Huawei ban helps Samsung see market share gains in 5G network biz (Korea Times) India's Huawei ban helps Samsung see market share gains in 5G network biz

Huawei endgame? (Observer Research Foundation) Are we witnessing the death throes of Huawei?

Exclusive: ByteDance Investors Seek to Use Stakes to Finance TikTok Bid (New York Times) ByteDance investors are in talks to use their stakes in the Chinese technology firm to help finance their bid for its popular short-video app TikTok, according to people familiar with the matter.

Is CrowdStrike Stock a Buy? (The Motley Fool) The price tag is high, but the potential for big returns is there.

NSO Group Closes Cyprus Office of Spy Firm (Motherboard) NSO recently closed the Cyprus office of phone network exploitation company Circles and fired a number of staff, according to two former NSO employees.

Products, Services, and Solutions

Mergers, Acquisitions and Pre-Buyout Security Assessments (ChannelE2E) Your company wants to make a business acquisition. But how can you determine if the buyout target has proper security controls in place? Perhaps Bugcrowd can help.

McAfee MVISION for Endpoint Achieves FedRAMP Moderate Authorization (BusinessWire) McAfee, the device-to-cloud cybersecurity company, today announced that McAfee MVISION for Endpoint has achieved Federal Risk and Authorization Manage

Technologies, Techniques, and Standards

The hidden dangers of data in the M&A process (Information Age) Gareth Tranter, head of customer success at Exonar, discusses the hidden dangers that data can bring to the M&A process

Cyber security is part of seaworthiness (Riviera) Train crew and management in their roles before, during and after a cyber incident as part of a company’s safety management system

NCSC’s Constance Taube on Cyber Threat Data Sharing in Response to Vulnerabilities Posed by 5G (Executive Gov) The adoption of 5G could introduce supply chain vulnerabilities into critical infrastructure and Con

SEC Boosting Privacy for Big Market-Surveillance Database (Wall Street Journal) The regulator is moving to bolster the database’s privacy protections after critics attacked it as a potential target for hackers.

Stop the Cyber-Attack Cycle with Privileged Access Management (Infosecurity Magazine) Securing privileged access helps shrink the attack surface

The Intelligence Community’s Role in Countering Malign Foreign Influence on Social Media (Lawfare) Social media presents potential pitfalls that the intelligence community should seek to avoid.

US Army to alter cyber drill in support of new multidomain forces (Defense News) The Army is making changes to one of its cyber experiments to help equip the Intelligence, Information, Cyber, Electronic Warfare and Space detachment of the Multi-Domain Task Force.

Webcast: What to Expect When You're Expecting a Penetration Test (Black Hills Information Security) CJ and Bryan will share the knowledge they’ve accumulated, by helping 1,000’s of organizations determine what they need and don’t need when it comes to penetration tests and security assessments, over the years. Topics Covered: Selecting the type of test Selecting the company to test When to test Issues around conducting a test This webcast […]

Experian Data Breach: What to Do to Protect Your Information? (Brinkwire) The credit reporting agency Experian has been on the headlines on Aug. 21 after a data breach has been reported in its South Africa branch.

Blockchain evolves, becomes vital for businesses, Deloitte survey says (Spend Matters) A Deloitte survey found that blockchain has moved through an evolution of experimental technology to a true strategic priority for organizations.

Design and Innovation

Using AI to fight hand-crafted Business Email Compromise (Naked Security) Using natural language models to identify Business Email Compromise (BEC)

Your guide to intelligent, nonviolent video games (America Magazine) Roger Ebert once said that “video games can never be art.” It is hard to make that case in 2020.

Don’t Just Copy and Paste: A Better Model For Managing Military Technologists - War on the Rocks (War on the Rocks) As software has eaten the world, there are no more “tech” and “non-tech” companies. Instead, there are organizations that leverage data and automation,

Facebook Braces Itself for Trump to Cast Doubt on Election Results (New York Times) The world’s biggest social network is working out what steps to take should President Trump use its platform to dispute the vote.

Research and Development

Research team looking to patch code in embedded systems, aid in cybersecurity (Purdue University) Three Purdue University researchers and their teammates at the University of California, Santa Barbara and Swiss Federal Institute of Technology Lausanne (EPFL) have received a DARPA (Defense Advanced Research Projects Agency) grant to fund research that will improve the process of patching code in vulnerable embedded systems.

AI Designed To Hunt Out Cryptocurrency Hackers (Informatics from Technology Networks) Los Alamos National Laboratory computer scientists have developed a new artificial intelligence (AI) system that may be able to identify malicious codes that hijack supercomputers to mine for cryptocurrency such as Bitcoin and Monero.

Academia

Check Point Software Partners with Harvard and MIT-founded edX to Deliver Free Online Courses, to Help Close Cyber-security Skills Gap (GlobeNewswire) Online learning courses on cyber-security available free on leading education and training platform, to help existing and future cyber-security professionals develop key skills

Legislation, Policy and Regulation

Russia ready to co-operate with Huawei on 5G: Ifax cites Lavrov (Reuters) Russia is ready to co-operate with China and its Huawei Technologies Co on 5G technology which Moscow is currently trying to develop, the Interfax news agency reported on Sunday, citing Russia's Foreign Minister Sergei Lavrov.

Global furor over TikTok security alarms users in Japan (The Japan Times) TikTok’s rise represents something of a divide in how people use the internet in Japan.

With Israel's encouragement, NSO sold spyware to UAE and other Gulf states (Haaretz) The Israeli spyware firm has signed contracts with Bahrain, Oman and Saudi Arabia. Despite its claims, NSO exercises little control over use of its software, which dictatorships can use to monitor dissidents.

Israeli cybersecurity firm reportedly sold hacking tech to UAE, Saudi Arabia (i24NEWS) The company's spyware allows agents to effectively take control of a phone via the WhatsApp application

Not so 007: Bolstering Britain's security laws (Legal Cheek) Warwick Uni undergrad George Maxwell casts a critical eye over the proposed changes to the Official Secrets Act

Do we all need a cyber fallout shelter? (TheHill) The story of 1960s fallout shelters is relevant to the story of cybersecurity today.

WSJ News Exclusive | Facebook CEO Mark Zuckerberg Stoked Washington’s Fears About TikTok (Wall Street Journal) Mark Zuckerberg emphasized that Chinese internet companies posed a threat as he worked to fend off U.S. regulation of Facebook.

A look at US law on extraterritorial mass surveillance post Schrems II (MediaNama) Schrems II comes as a victory for the critical mass of civil society organisations trying to restrict extraterritorial surveillance and bring it within the boundaries of International Human Rights Law.

John Felker, former head of DHS’s cyberthreat center, to retire from the department in September (CyberScoop) John Felker, who helped expand the Department of Homeland Security’s cyberthreat-sharing efforts with the private sector, announced Monday that he would retire on Sept. 25 after spending five years at DHS and more than three decades in the federal government.

Litigation, Investigation, and Enforcement

TikTok will challenge Trump order banning U.S. transactions, company confirms (CNBC) The challenge to the Aug. 6 executive order doesn't affect sale discussions with Microsoft and Oracle.

Lawsuit Claims U.S. WeChat Ban Is Unconstitutional (Wall Street Journal) A users group that says it isn’t affiliated with Tencent, the popular app’s Chinese owner, filed a lawsuit against the Trump administration seeking to block an executive order that would bar transactions with WeChat.

Ex-Green Beret Charged With Spying for Russia in Elaborate Scheme (New York Times) Prosecutors said he provided classified information to Russian intelligence operatives for years, betraying the United States.

Ex-Green Beret Accused Of Spying For Russia Maintained Access To US Secrets For Years (Daily Caller) After a 15-year career in the military, Peter Rafael Dzibinski Debbins began working as a consultant for several defense contractors.

United States of America versus Peter Rafael Dzibinski Debbins a/k/a Ikar Leznikov (United States District Court for the Eastern District of Virginia) The grand jury charges that: At all times material to this indictment, except as otherwise indicated...

Attorney General William Barr ‘vehemently opposed’ to pardoning Edward Snowden (Honolulu Star-Advertiser) Attorney General William Barr said he would be “vehemently opposed” to any attempt to pardon former National Security Agency contractor Edward Snowden, after the president suggested he might consider it.

FBI investigating COVID-19 data breach in South Dakota (Siouxland News) The FBI is investigating a data breach that may have compromised the identity of people with the COVID-19 virus in South Dakota.

FBI investigating South Dakota COVID-19 patient data breach (Rapid City Journal Media Group) South Dakotans whose COVID-19 status and other personal information was collected by state agencies may be subject to a data breach that is under federal investigation.

Military reviewing what its intelligence branch knew about Rideau Hall attacker (CBC) The Canadian military's counterintelligence branch is supposed to provide early warning about threats within the ranks. Whether it could have spotted the Canadian Ranger who allegedly carried out last month's truck attack at Rideau Hall is part of an internal review of the case, Defence Minister Harjit Sajjan says.

IBM settles lawsuit over data privacy of Weather Channel app (Security Magazine) IBM, the owner of the Weather Channel mobile app, has reached a settlement with the Los Angeles city attorney’s office after a 2019 lawsuit alleged that the app was deceiving its users in how it was using their geolocation data.

Cyber attack on journos: NWC seeks police report (The New Indian Express) Following this, the Kerala Union of Working Journalists (KUWJ) had urged the Chief Minister and Police Chief to take action against the culprits.

Kolkata: Medical student moves cyber cell against fake Facebook profile (Medical Dialogues) Kolkata: In a case of cyber offence, a third-year student attached to a private medical college in southeast Kolkata has recently filed a complaint with the cyber cell against an unknown offender...

Iran official says sabotage caused fire at Natanz nuclear site - TV (Reuters) A fire at Iran's Natanz nuclear facility last month was the result of sabotage, the spokesman for Iran's Atomic Energy Organisation told state TV channel al-Alam on Sunday.