Cyber Attacks, Threats, and Vulnerabilities
New Zealand Stock Exchange Shut Down by DDoS Cyber Attack (CPO Magazine) New Zealand’s Stock Exchange was crippled by a DDoS cyber attack, lasting four days and forcing the government to activate the National Security System requiring government agencies to work together.
European ISPs report mysterious wave of DDoS attacks (ZDNet) Over the past week, multiple ISPs in Belgium, France, and the Netherlands reported DDoS attacks that targeted their DNS infrastructure.
Ransomware Is a Lurking Threat to U.S. Elections. Here’s How (Government Technology) Of all the cyberattacks that affect state and local governments, ransomware is one of the most ubiquitous and costly. Now security researchers fear it could also become a political weapon in the upcoming election.
Russia is 'amplifying' claims of mail-in voter fraud, intel bulletin warns (ABC News) Russia sought to “amplify” worries over the integrity of U.S. elections by promoting concerns that mail-in voting will lead to widespread fraud, says DHS bulletin.
As Trump rails against mail-in voting, DHS warns Russia is doing the same (CyberScoop) The Russian government will continue to use its media mouthpieces to attack mail-in voting, DHS warned election officials on Thursday.
Why Election Interference Attempts Are Getting Harder to Detect (The Record by Recorded Future) The Russian threat actors who targeted previous votes have seemed to mostly remain on the sidelines, according to a new report.
Electoral Register Data Is Power, So Why Do Breaches Keep Happening? (CPO Magazine) In March, electoral data for 75% of the Maltese population was exposed in a data breach, including their polling booth, polling box numbers and voting preferences. Get insights on the power of voter data and the need for more care.
Salfram: Robbing the place without removing your name tag (Talos Intelligence) Cisco Talos recently uncovered a series of email campaigns utilizing links to malicious documents hosted on legitimate file-sharing platforms to spread malware.
Which Cybersecurity Incidents Involve Misuse of Legitimate Services (Security Intelligence) Cybersecurity attacks often involve malicious actors misusing legitimate services, new research from Kaspersky Lab revealed. Find out how to address them.
FBI: Thousands of orgs targeted by RDoS extortion campaign (BleepingComputer) The FBI warns US companies that thousands of organizations around the world, from various industry sectors, have been threatened with DDoS attacks within six days unless they pay a Bitcoin ransom.
WhatsApp reveals six previously undisclosed vulnerabilities on new security site (TechCrunch) Facebook said there was no evidence that the bugs, now fixed, were exploited.
Cryptomining activity could be a sign your servers are under attack (Help Net Security) Any servers found to contain cryptomining activity should be flagged for immediate remediation and investigation, say Trend Micro researchers.
Cybereason's Nocturnus Researchers Discover a New Cyber Threat Against UK and European Union Financial Technology Companies (Yahoo) Cybereason, a leader in endpoint security, today unveiled new research from its Nocturnus Research team, titled No Rest for the Wicked: EvilNum Unleashes PyVil RAT. The research details a new targeted and widespread threat against UK and European Union financial technology companies by the EvilNum APT
Phishing scam targets Lloyds Bank customers (ComputerWeekly) Bank customers warned of emails and SMS messages that direct them to a fraudulent site and then request account log-in details.
Cyber threat startup Cygilant hit by ransomware (TechCrunch) Cygilant, a threat detection cybersecurity company, has confirmed a ransomware attack. Christina Lattuca, Cygilant’s chief financial officer, said in a statement that the company was “aware of a ransomware attack impacting a portion of Cygilant’s technology environment.” “Ou…
Warner Music Group finds hackers compromised its online stores (BleepingComputer) Warner Music Group (WMG), the third-largest global music recording company, has disclosed a data breach affecting customers' personal and financial information after several of its US-based e-commerce stores were hacked in April 2020 in what looks like a Magecart attack.
Online marketing company exposes 38+ million US citizen records (CyberNews) The user record files contained full names, addresses, zip codes, emails, and phone numbers of people based in the US.
Experian finds stolen data on ‘third-party, data-sharing site’ (BusinessLIVE) The site was hosted in Switzerland, with the links now disabled and the data removed, the SA information regulator says
Massive data breach in SA: Did Experian do enough? (IOL) In mid-August 2020, 23.4 million South Africans' personal information was compromised.
Cyber-attack warning from Department for Education - breathe technology (breathe technology) Hampton College PE7 8BF Dear Mr John Gilligan (Secondary Phase) Mr Paul Jones (Primary Phase), Why we are contacting you? The Department for Education and the National Cyber Security Centre (NCSC) has been made aware of an increasing number of cyber-attacks involving ransomware infection affecting the education sector at this time. The purpose of this […]
Hackers attacking school districts could end up in your living room via remote learning (KNX 1070) A 16-year-old high school student was arrested in Miami this morning and charged with carrying out cyber attacks against Miami-Dade public schools, which just started their first week of remote learning. But the arrest of a teenager is just the tip of the iceberg, as the FBI has been tracking attempted attacks on school districts over the last several weeks coming from Russia, China, Ukraine and more. And now that millions of households are welcoming school district networks into their home internet networks every day thanks to virtual schooling, what's to stop those hackers from eventually getting into YOUR computers?
Law Firms Targeted By Cybercriminals, Legal Body Warns (Law360) The legal services regulator has called on lawyers to remain vigilant about cybercrime in a climate of home working, as a study shows that criminals stole more than £4 million ($5.3 million) from law firms in England and Wales in three years.
Staff the main risk as firms report millions stolen by cybercriminals (Legal Futures) Most incidents of cybercrime suffered by law firms are due to individual errors and misunderstanding rather than systems being hacked.
Kela blames paper quality for potential data breach (Yle Uutiset) The personal data of up to 80,000 customers could potentially have been revealed.
Security Patches, Mitigations, and Software Updates
Facebook to warn third-party developers of vulnerable code (TechCrunch) Facebook has announced a policy change that will see the company notify third-party developers if it finds a security vulnerability in their code. In a blog post announcing the change,Facebook said it “may occasionally find” critical bugs and vulnerabilities in third-party code and syst…
Cyber Trends
New Research Shows that 33 Percent of Companies Expose Unsafe Network Services to the Internet (RiskRecon) RiskRecon and Cyentia Institute announce the findings from their new research report on unsafe network services exposed to the internet. Learn more here.
Kenya Is Reportedly The Second Worst Hit in Africa By Cyber Attackers (Gadgets Africa) New data from Kaspersky are now showing that Kenya's cyberspace might not be as safe as many think. According to the report, Kenya accounted...
Data Breach Reports Fall 45% in UK (BankInfo Security) The number of cybersecurity incidents reported to the U.K.'s data privacy watchdog has continued to decline, recently plummeting by nearly 40%. But is the quantity of data breaches going down, or might organizations be failing to spot them or potentially even covering them up?
Marketplace
KKR-backed cybersecurity start-up KnowBe4 readies IPO (Reuters) Cybersecurity startup KnowBe4 Inc, which helps train employees to detect phishing emails, is preparing for a U.S. initial public offering (IPO), people familiar with the matter said.
In amended filing, Palantir admits it won’t have independent board governance for up to a year (TechCrunch) When we leaked Palantir’s S-1 IPO filing a week and a half ago, one of the more bizarre components that came out of that document was the company’s corporate governance. In a unique three-class voting structure, Palantir founders Alex Karp, Stephen Cohen and Peter Thiel will be given a special “Cla…
First Look At Sumo Logic's IPO (Seeking Alpha) Sumo Logic, a machine data platform that has branded itself as a tool for "continuous intelligence," has filed to go public.
CyberCX continues NZ expansion with Insomnia Security purchase | ZDNet (ZDNet) Australia and New Zealand cybersecurity megamix adds first Kiwi acquisition.
CrowdStrike CEO Talks Security Partnerships and Online Store (MSSP Alert) CrowdStrike CEO George Kurtz describes security partner strategy with Okta, Proofpoint, Netskope, Illumio & more. Plus: Why CrowdStrike's online store is more than a store.
Important things to keep in mind before buying a Cyber Insurance policy (The Financial Express) While there are several cyber insurance plans available in the market, experts say to opt for the ones that are designed specifically to cover individuals against potential cyber threats and risks.
Scotland announces five new hubs to nurture tech startups (Computing) The hubs will support at least 300 startups with infrastructure, mentoring and training by 2025
Ermetic Wins TiE50 2020 Award as Top Startup (Yahoo) Being selected as a TiE50 2020 winner from companies that span all technologies is further validation for Ermetic's innovations and market opportunity
KnowBe4 Adds New Independent Board Member Kevin Klausmeyer (PR Newswire) KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced it has added Kevin...
Radiance Technologies Promotes Ms. Rita Hill to Executive Vice President for the National Security Sector (PR Newswire) Radiance Technologies, Inc. (Radiance) is pleased to announce the promotion of Ms. Rita Hill as the company's Executive Vice President for the...
Radiance Technologies Promotes Tim Tinsley as EVP of Defense (Executive Gov) Radiance Technologies has promoted Tim Tinsley as executive vice president for the company’s Defense
QinetiQ appoints Richard Ackerman as President of QinetiQ Canada (Advance) QinetiQ has appointed an experienced senior executive, Richard Ackerman, to lead realignment and renewed focus as the new President of its Canadian business.
()
Products, Services, and Solutions
Netskope Unveils Cloud Threat Exchange, Enabling Peer-to-Peer Sharing of Threat Intelligence in the Cloud (Netskope) A first of its kind, with Cloud Threat Exchange, technology vendors and customers can share cloud threat intelligence with each other to improve their overall threat prevention posture.
Netskope's Cloud Threat Exchange Features Carbon Black, CrowdStrike (Channel Futures) Netskope's new Cloud Threat Exchange allows security vendors and customers to share cloud threat intelligence to improve response time to security threats.
Coder Unveils New Platform Capabilities as Enterprise Demand Grows (Coder) New Coder Enterprise offering -- free for 12-months and up to 10 users. New functionality for Secrets, Metrics and Multi-IDE support increase developer velocity and enrich the user experience
Breathe Technology responds to the security update from the DfE (Cambridge Network) As you may be aware, there is currently an increase in attacks affecting the education sector.
()
Fingerprints - Fingerprint Cards launches next-gen T-Shape® (T2) for contactless biometric payment cards – fastest, smallest, most secure and cost-efficient solution on the market (Fingerprints) Building on the success of market pilots and rollouts, and the knowledge from shipping over 1 billion sensors, the new combined sensor and software solution will reach a price below USD 3, and will enable global volume deployment of contactless biometric payment cards
Technologies, Techniques, and Standards
Top tips to ensure a successful threat hunting (Bricata) All successful threat hunting begins with having the right data to answer the right question at the right time. Without the right data, there is no hunt.
Creepy ‘Geofence’ Finds Anyone Who Went Near a Crime Scene (Wired) Police increasingly ask Google and other tech firms for data about who was where, when. Two judges ruled the investigative tool invalid in a Chicago case.
These students figured out their tests were graded by AI — and the easy way to cheat (The Verge) Edgenuity involves short answers graded by an algorithm, and students have already cracked it
National Guard plans all-virtual cyber exercise (FCW) The National Guard is taking its annual Cyber Shield training exercise virtual due to COVID-19 with a spotlight on information operations.
Design and Innovation
Pentagon, Defense Contractors Are Out Of Step On Tech Innovation, GAO Finds (Defense One) The Pentagon wanted to fund ambitious research into future tech breakthroughs but contractors spend most of their money on safer bets, GAO has found.
AI’s Data Hunger Will Drive Intelligence Collection (Breaking Defense) The Pentagon’s new Chief Data Officer says real-world surveillance missions must be redesigned to capture high-quality data to train machine-learning algorithms.
Facebook Moves to Limit Election Chaos in November (New York Times) The social network said it would block new political ads in late October, among other measures, to reduce misinformation and interference.
Facebook's Zuckerberg Says He's Got Election Stuff Under Control (Wired) Facebook rolls out its plan to protect the US from November mayhem.
()
Research and Development
Researchers create 'unhackable' quantum network (Computing) The quantum breakthrough paves way for secure online communication
Electromagnetic Pulse (EMP) Program Status Report (CISA) In accordance with Executive Order 13865, the Department of Homeland Security (DHS)—through CISA and in coordination with the interagency—is taking key actions to address known EMP-related vulnerabilities to critical infrastructure.
Academia
Buckinghamshire New University supports launch of The Security Consortium (Fire & Security Matters) Buckinghamshire New University, Frontier Risks Group, the Silverback Security Academy and the SGW Consulting Group have joined forces to launch The Security Consortium with a stated mission of inspiring and developing excellence in security, risk and resilience through innovative, current and collaborative learning opportunities, accredited qualifications and general support for the global interconnected security profession.
Cybersecurity degree offers a variety of opportunities for graduates (Penn State University) Demand for experts in cybersecurity is growing 12 times faster than than the current U.S. job market according to the Bureau of Labor Statistics The new cybersecurity analytics and operations degree at Penn State York can prepare students to meet these needs.
Khalifa University, Lockheed Martin to collaborate on research, academic programs (WAM) Khalifa University of Science and Technology (Khalifa University), and Lockheed Martin, a U.S.-based global aerospace, security and technology leader, today signed a Memorandum of Understanding, MoU, to collaborate on research and academic initiatives that will advance technology and human capital development in the United Arab Emirates.
Legislation, Policy, and Regulation
Why both Huawei and BTS share the cyber stage with powerful nations (ZDNet) Cyber conflict isn't about cyberwar, says The Grugq. It's about a global cyber power struggle that never ends, where even K-pop bands can influence nation states.
Cyberspace Breeding Ground For Radicalisation – PMB (Leadership Newspaper) PMB President Muhammadu Buhari has said the migration to cyber space was a breeding ground for radicalism in the world. According to the president, the
Iran Joins Discussions of Sovereignty and Non-Intervention in Cyberspace (Just Security) Przemysław Roguski explains the importance and substance of Iran's recent statement on international law in cyberspace
()
National Security Advisor says US must ‘confront the Chinese across all spectrums’ (Atlantic Council) Robert C. O’Brien said the United States must be prepared to push back against Chinese aggression militarily, diplomatically, and economically.
Op-ed: America and its allies must reject China's Huawei and lead on 5G development (CNBC) Less than six months ago, it appeared Chinese telecom giant Huawei was winning over America's European allies. Now, countries that decided to allow Huawei to build their 5G networks are waking up to the dangers posed by allowing Chinese state-directed companies into their infrastructure.
Chinese Tech Companies Shrouded in Veil of Mystery (Industry Global News24) In late June 2020, the US Federal Communication Commission (FCC) ascertained in the interests of the nation, two mobile players Huawei and ZTE as ‘national security threat’.
Democrats to investigate DHS decision to withhold election interference bulletin (ABC News) House Dem leaders criticized DHS for withholding a draft intelligence bulletin warning law enforcement agencies of a Russian effort to spread disinformation about Biden.
Hackers Acting in ‘Good Faith’ Gain Protections in Homeland Security Order (Wall Street Journal) Security researchers will have a way to report flaws in U.S. government websites without fear of prosecution, federal cyber officials say
US Cyber Command welcomes new deputy commander (U.S. Cyber Command) Air Force Maj. Gen. Charles “Tuna” Moore assumed responsibility as the deputy commander of U.S. Cyber Command, replacing Navy Vice Adm. Ross A. Myers, and was promoted to
Litigation, Investigation, and Law Enforcement
Online-voting company pushes to make it harder for researchers to find security flaws (CNET) Voatz, an e-voting company, tells the Supreme Court that security research should be done only with permission.
Justice Dept. Plans to File Antitrust Charges Against Google in Coming Weeks (New York Times) The attorney general is said to have set a deadline over the objections of career lawyers who say they need more time to build the case.
Sen. Rubio asks for DHS briefing after alleged cyber-attack on Florida school district (WPEC) Sen. Marco Rubio is asking the Department of Homeland Security for its intelligence briefing after an alleged cyberattack against the Miami-Dade County School District. Miami-Dade County Public Schools announced that its virtual learning platform was the target of 12 cyberattacks. According to the Superintendent, the fifth attack prevented more than 170,000 students and teachers from logging into the system and kicked off users who were already in the system.
Student Charged in Cyberattacks at Miami-Dade Schools (New York Times) Virtual classes in the fourth-largest school district in the United States were choked by glitches this week. A 16-year-old high school junior has admitted to the cyberattacks.
Teen arrested for alleged cyberattacks on Miami-Dade schools (TheHill) A 16-year-old high school student was arrested Thursday for allegedly orchestrating multiple cyberattacks that disrupted virtual classes for the Miami-Dade County school district this week.
Saint Xavier U. Says Fired Coach Hijacked Twitter Account (Law360) Saint Xavier University has sued its former baseball coach in Illinois federal court, claiming he hijacked the institution's Twitter account after being fired and posted disparaging tweets about the school before starting a rival account meant to trick users into believing it is the baseball program's official account.
Uber Criminal Complaint Raises the Stakes for Breach Response (Lexology) On August 20, 2020, a criminal complaint was filed charging Joseph Sullivan, Uber’s former chief security officer, with obstruction of justice and…