Cyber Attacks, Threats, and Vulnerabilities
Cyber Attack Most Likely Space Threat: Maj. Gen. Whiting (Breaking Defense) "We know that cyber attack is where we are most likely to face the enemy in space," said Space Force deputy commander Maj. Gen. Stephen Whiting.
Russia Election Interference: What's New in 2020, and What's Old (Bloomberg) Hi, this is Alyza on Bloomberg’s cybersecurity team. Tech companies have been uncovering clues that the same Russian hackers and trolls who meddled in the 2016 U.S. presidential election have plans to attack the upcoming one.
BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy (Purdue University) The Bluetooth Low Energy (BLE) protocol ubiquitously enables energy-efficient wireless communication among resource-constrained devices. To ease its adoption, BLE requires limited or no user interaction to establish a connection between two devices. Unfortunately, this simplicity is the root cause of several security issues.
Exclusive: False fire rumors keep spreading on Facebook despite ban (Axios) Researchers find that days after Facebook said it would bar false claims, they're still circulating.
Likely Links Emerge Between Lazarus Group and Russian-Speaking Cybercriminals (Dark Reading) Researchers examine security incidents over the past several years that seemingly connect North Korea's Lazarus Group with Russian-speaking attackers.
With the Empire falling, who will take over the throne? (Digital Shadows) Empire Market's exit scam has dealt a significant blow to the cybercriminal community, begging the question of where the marketplace's former users--so-called "Empire refugees"--might move to next. In
Cerberus banking Trojan source code released for free to cyberattackers (ZDNet) An auction designed to net the developer of the Android malware $100,000 failed.
This security awareness training email is actually a phishing scam (BleepingComputer) A creative phishing campaign uses an email template that pretends to be a reminder to complete security awareness training from a well-known security company.
Fake emails on Netflix billing information are circulating in the Philippines, cyber security group warns (Interaksyon) A computer emergency response team warned Filipino subscribers of Netflix and other video streaming services of phishing or fake e-mails inquiring about their billing plans as such platforms become popular amid quarantine period. Cyber Security Philippines-CERT on Thursday informed the public about criminal elements targeting subscribers of streaming services with the intention to steal their …
Emotet strikes Quebec’s Department of Justice: An ESET Analysis (WeLiveSecurity) The cyber attack, affecting 14 inboxes belonging to the Department of Justice of Quebec, was confirmed by ESET researchers.
How Veteran's affairs came to be hit by data breach (Includes interview) (Digital Journal) A security breach breach related to the Department of Veteran's Affairs has taken place. How did this type of attack reach the heart of government and what are the implications. Two experts weigh in.
Diesel cheat scandal affects almost 12 million vehicles – an industrial strength cyber event (Control Global) The Stuxnet attack against Iran’s nuclear program is universally viewed as a nation-state cyberattack. The Stuxnet malware changed the target system’s control logic to damage the target, in this case uranium centrifuges, and then changed the logic back so the operator would be unaware the damage to the target was caused by the control logic. Despite the substantial differences in applications, there are direct similarities between Stuxnet and the emission cheating scandals in the automotive industry involving Volkswagen, Fiat-Chrysler, and Daimler-Mercedes.
Cyberattacks against schools are on the rise (TechRepublic) With the back-to-school season, schools and academic organizations are seeing an increase in cyberattacks, says Check Point Research.
Online learning's toll on kids' privacy (Axios) Rules that protect children's data are being neglected or ignored in the rush to remote schooling.
University Hospital New Jersey hit by SunCrypt ransomware, data leaked (BleepingComputer) University Hospital New Jersey (UHNJ) has suffered a massive 48,000 document data breach after a ransomware operation leaked their stolen data.
Thousands of MN hospital patients' information possibly exposed in data breach (Bring Me The News) One of Children's Minnesota's vendors experienced a ransomware attack in July.
Northern Light Health reports data breach (WGME) A Maine hospital says some patient information may have been stolen by hackers. Northern Light Health says information from its fundraising arm was also exposed. That's after a South Carolina company that provides cloud data storage was hit by a ransomware attack. Maine utilities allowed to resume some disconnections on Nov. 1. That attack impacted other Maine organizations as well, include Life Flight of Maine, the Opportunity Alliance and Maine Cancer Foundation.
Inova Health System latest hospital impacted by ransomware attack on software vendor (FierceHealthcare) Inova Health System is among a dozen health systems affected by a ransomware attack at a third-party software vendor. Blackbaud, a third-party service vendor used for fundraising and donor engagement efforts at nonprofits and universities, was hit with a cyberattack in May.
Düsseldorf University Hospital Emergency Care Postponed After... (HOTforSecurity) Düsseldorf University Hospital (UKD) has suffered a massive network failure that forced the healthcare facility to deregister from emergency care and postpone outpatient treatments, hospital officials disclosed last Thursday... #DüsseldorfUniversityHospital #ITsystemfailure #systemdisruptions
An Aussie Hacker Used Tony Abbott's Instagram Post to Reveal His Passport Details and Phone Number (Gizmodo Australia) Australian hacker Alex Hope claims he used Tony Abbott's Instagram post of a picture of a boarding pass to reveal his personal details.
Cyber Trends
Cybersecurity threatscape: Q2 2020 (Positive Technologies) In Q2, the number of attacks increased by 9 percent compared to Q1—and by 59 percent compared to Q2 2019. Significant world events consistently lead to increases in cybercrime, as they provide fertile ground for social engineering attacks. April and May 2020 were record-breaking in terms of successful cyberattacks. This sharp increase was spurred by epidemiological and economic crisis.
REPORT: Majority of Retail Apps Lack Basic Security Protections (Guardsquare) As COVID-19 drives demand in retail mobile applications, security shortfalls provide openings for malicious actors.
Security Alarm: 64% of All Accounts Are Abandoned (African Eye Report) New research by NordPass suggests that more than half of users create accounts only to forget them.
Survey Reveals Shocking Lack of Confidence by IT Professionals in Cybersecurity Capabilities (GlobeNewswire) A new survey conducted by Cybersecurity Insiders and commissioned by Hunters in August 2020 has revealed a shocking lack of confidence by IT professionals in their cybersecurity capabilities.
Study Finds More Than Half of Americans are Willing to Participate in Contact Tracing but Are Wary of Privacy (Virtru) A new U.S. study conducted online by The Harris Poll on behalf of Virtru reveals Americans’ attitudes toward contact tracing technology efficacy and privacy, and confidence in roles played by technology companies as well as government at all levels.
CrowdStrike Threat Hunting Report Reveals Dramatic Rise in eCrime Activity (AiThority) CrowdStrike, announced the release of the CrowdStrike Falcon OverWatch 2020 Threat Hunting Report: Insights from the CrowdStrike OverWatch Team.
Almost all businesses suffer email-related data breaches (ITProPortal) Spear phishing is the most significant email-related threat.
‘We’re not going back,’ Air Force leadership says telework is here to stay (Federal News Network) The Air Force is fully embracing telework, even after COVID goes away.
Deloitte and Kellogg School of Management Chief Strategy Officer Study: Most CSOs Lack Understanding of How to Capitalize on Disruptive Technologies (PR Newswire) Deloitte and the Kellogg School of Management today announced the results of their inaugural Chief Strategy Officer (CSO) Survey. The survey...
IT-Harvest Research: Cyber Threat Intelligence Space Grew 3% in 1H 2020 (PR Newswire) IT-Harvest, an independent research firm covering the cybersecurity industry, has published a "Cyber Threat Intelligence Market Research Report...
Marketplace
How Cybersecurity Startups Can Excel (Enterprise Security) The practical scenario of the market is certainly not a cakewalk for the cybersecurity startups to experience wider adoption. But, a strategic move can...
Belarus, Once a Startups Magnet, Faces a Tech Exodus (Wall Street Journal) A crackdown on protesters demanding an end to President Alexander Lukashenko’s 26 years in power is now threatening the future of Minsk’s vibrant tech sector.
JupiterOne raises $19M Series A to automate cyber asset management (TechCrunch) Asset management might not be the most exciting talking topic, but it’s often an overlooked area of cyber-defenses. By knowing exactly what assets your company has makes it easier to know where the security weak spots are. That’s the problem JupiterOne is trying to fix. “We built …
Snowflake stock debut gives firm larger market cap than Dell, VMware (CRN Australia) The biggest software company IPO ever, analysts say.
Getting started in cyber threat intelligence (CTI): 4 pieces of advice (Red Canary) Katie Nickels shares advice on how to get started in cyber threat intelligence. No cybersecurity experience required.
'There is nothing routine about today's environment' - Dell confirms further job cuts (CRN) The tech giant is reportedly planning more layoffs on top of those previously announced
Google is tightening rules on internal message boards as 'new world creates urgency' (CNBC) Google is expanding its moderation system for internal message boards as it tries to appease employees' desire for transparency and open dialogue while still cracking down on divisive distractions, as staffers work from home through summer 2021.
‘Cyber’ means more than just military, Augusta-area officials say (Augusta Chronicle) Cyber. No other word has influenced metro Augusta’s economy more during the past decade, which is somewhat peculiar considering many area residents are still hard-pressed to describe what “cyber” actually means.
SecOps opens new Cyber Defence Operations Centre in Auckland (BizEdge) Privacy Commissioner John Edwards officially opened the centre this week, recognising SecOps’ efforts to provide managed security services to New Zealand businesses.
IGI Names Former Wegmans CIO Don Reeve Chairman of the Board; Current COO Andrew Hoyen Made President (AccessWire) The Rochester-based cybersecurity firm announces new leadership changes, positions itself for continued growth PITTSFORD, NY / ACCESSWIRE / September 16, 2020 / The Board of Directors for IGI (OTC PINK:IMCI) have named a new company Chair and a new President. Don Reeve Don Reeve has been appointed to the role of Chairman of the Board for the Rochester-based cybersecurity firm. Reeve, the former SVP and CIO for Wegmans Food
Illusive Networks Names Claire Trimble Chief Marketing Officer (PR Newswire) Illusive Networks®, the leader in active cyber defense and deception technology, today announced that Claire Trimble has joined the company as...
Duos Technologies' new CEO is a former Lockheed-Martin exec and Army veteran (Proactiveinvestors NA) Duos Technologies Group Inc (NASDAQ:DUOT) new CEO Charles Ferry speaks to Proactive about his defense contracting and longtime US Army service member...
Products, Services, and Solutions
US wireless providers and consumer brands go live with ZenKey (Verizon) ZenKey announced that its network-based identity solution has gone live on several major apps and websites
Blank Rome Launches Biometric Privacy Team (Blank Rome LLP) Blank Rome LLP is pleased to announce the formal launch of our Biometric Privacy Team. Composed of multidisciplinary attorneys from across our Firm’s offices, this dedicated team draws talent from our Cybersecurity & Data Privacy, Privacy Class Action Defense, Artificial Intelligence Technology, and Labor & Employment groups to help clients address and minimize the risks associated with biometric privacy regulatory compliance, enforcement, and litigation.
Jumio Launches KYX Platform, Empowering Fraud and Risk Teams to Streamline and Centralize Onboarding and KYC Processes (BusinessWire) Jumio, the leading provider of AI-powered end-to-end identity verification and eKYC solutions, today announced the launch of the Jumio KYX Platform, a
Trustwave Launches Advanced Threat Detection and Response for U.S. Government Agencies (Trustwave) Trustwave announced the Trustwave Fusion platform is now also hosted on Amazon Web Services (AWS) GovCloud, providing U.S. government agencies and suppliers threat detection and response services.
Terrascan extends Policy as Code to Kubernetes (Accurics) Terrascan is an open source tool that helps you detect policy violations across Infrastructure as Code and now supports Kubernetes.
MITRE Engenuity Center for Threat-Informed Defense Releases FIN6 Adversary Emulation Plan (BusinessWire) MITRE Engenuity’s Center for Threat-Informed Defense has launched a public library of adversary emulation plans that enable defenders to replicate man
Helping SMBs keep cyber attackers at bay (PR Newswire) As more companies embrace working from home as a long-term model, they need to take steps to protect themselves against a growing number of...
Portshift Announces Security for AWS Fargate Running EKS (PRWeb) Portshift, a leader in Kubernetes-native solutions, today announced serverless container security support for AWS Fargate. Building upon the company's
Dashlane Launches Industry-First Tool for Businesses: Historical Password Health Score Reporting (PR Newswire) Dashlane today announced the availability of a new Password Health Reporting Dashboard for its business customers. The first-of-its-kind...
Adding a human layer to data security in government organisations - (Enterprise Times) As public services go increasingly online, there is a need for human factor security to prevent accidental and even deliberate data breaches.
SecZetta Integration with CyberArk Provides Increased Security for Third-Party Users with Privileged Access | SecZetta (SecZetta) SecZetta, the leading provider of third-party identity management solutions, announced the availability of a new integration with CyberArk. As a result of the integration with the CyberArk Privileged Access Security Solution, SecZetta now offers a plugin that allows session management for SecZetta system administrators.
Lorca security scaleups to get Splunk data expertise (ComputerWeekly) Lorca inducts Splunk onto its co-marketing programme, giving security scaleups access to new data expertise.
General Dynamics Delivers Unmanned System Data Security Tech to US Gov’t (ExecutiveBiz) General Dynamics's mission systems business has supplied encryption systems to the U.S. governme
Berkley Cyber Risk Solutions Partners with Leading Cybersecurity Technology Firm, CrowdStrike (Valdosta Daily Times) Berkley Cyber Risk Solutions, a Berkley Company, is proud to announce that it is partnering with CrowdStrike, Inc., a leader in cloud-delivered endpoint protection. Policyholders can now enhance their endpoint security with solutions from CrowdStrike.
Qatar Financial Centre Regulatory Authority moves to the Microsoft trusted cloud (Middle East & Africa News Center) The financial regulator to accelerate a secure digital transformation journey –empower employees, optimise operations and reinvent products and services 14 September 2020; Doha, Qatar – The Qatar Financial Centre Regulatory Authority (QFCRA) today announced its migration to the Microsoft Cloud in efforts to accelerate its digital transformation journey. The move, which was prompted by the […]
Area 1 Security Announces New Horizon PhishGuard™ Service at the Gartner Security & Risk Management Summit 2020 (PR Newswire) Gartner Security & Risk Management Summit -- Area 1 Security, the first and only preemptive Cloud Email Security provider, today announced...
Generali Global Assistance Identity And Cyber Protection Division Expands Global Footprint (PR Newswire) Generali Global Assistance ("GGA"), today announced that it has successfully launched its identity and cyber protection platform, Iris Identity...
Zerto IT Resilience Platform Named ‘Top Five Azure Cloud Backup Solution’ by the Data Center Intelligence Group (BusinessWire) Zerto, an industry leader for IT resilience, has today been named a TOP 5 Microsoft Azure cloud backup solution by the Data Center Intelligence Group.
Technologies, Techniques, and Standards
CISA, FBI working with industry to make it ‘more painful’ for hackers to function (Federal News Network) The federal government’s cybersecurity threat advisor, and the FBI, are improving communication with industry and making it harder for hackers.
Getting Sassy About SASE - the Value of Edge Security (Akamai) As a former Gartner analyst and now a strategist at Akamai, I have had several conversations with CISOs across the world on the topic of 'designing a future-ready security architecture'.
Microsoft open-sources tool that enables continuous developer-driven fuzzing (Help Net Security) Microsoft has open-sourced the continuous developer-driven fuzzing platform used by its internal teams to strengthen Windows, Microsoft Edge.
Security pushes DevOps to breaking point (CIO Dive) The future of DevOps is "going to break application security," said Dale Gardner, research director at Gartner.
Research and Development
Air Force looking at how to defend JADC2 systems (C4ISRNET) As DoD is looking to build out the JADC2 architecture, Air Force officials acknowledge it must be defended from digital threats.
Quantum-based technology: a milestone in future-proofing data (teiss) Quantum computers are likely to cause major problems for cyber security. But even before they are commercially available, the technology behind them is being tested as a way of securing data.
Academia
Zscaler and New York University Teach Cloud Security Expertise to Cybersecurity Master’s Students (GlobeNewswire) Partnership with Tandon School of Engineering Giving Students Hands-on Experience in SASE and Zero Trust through Zscaler Certifications
Legislation, Policy, and Regulation
The Kremlin’s Plot Against Democracy (Foreign Affairs) How Russia Updated Its 2016 Playbook for 2020
Nakasone ‘Confident’ in Election Security, Calls Influence Ops ‘Next Great Disruptor’ (Meritalk) Gen. Paul Nakasone, who heads both the National Security Agency and U.S. Cyber Command, today expressed confidence in the country’s ability to conduct safe and secure elections in November, while also warning that foreign influence operations pose an ongoing challenge for the U.S.
()
Canary in the coal mine: Estonia ambassador on creating a security culture post cyberwar (SC Media) "You really need to move from the whole of government approach to a whole of society approach,” said Jonatan Vseviov, Estonia’s ambassador to the U.S. told SC Media during a fireside chat Wednesday.
U.S-China Cold War rages in cyberspace, where intellectual property is a costly front (Newsweek) "The theft of intellectual property by the People's Republic of China costs America as much as $500 billion a year," U.S. counterintelligence chief William Evanina told Newsweek.
Space, cyberspace and UNSC seat: France ticks all the boxes for India (Hindustan Times) We consider India as positive and trust it for exemplary dependency. France will support India’s bid for a permanent seat at the United Nations, says Emmanuel Lenain, ambassador of France
Trump Administration Pushes for U.S. Control of TikTok (Wall Street Journal) Trump administration officials are looking to give American investors a majority share of the company that will take over the Chinese-owned video sharing app TikTok, according to people familiar with the matter.
Politics surrounding TikTok's future in the U.S. pollute valid data security concerns, expert says (CNBC) Beijing-based ByteDance, which owns the popular short video sharing app, rejected Microsoft's bid to buy TikTok's U.S. operations and instead chose Oracle to become TikTok's U.S. technology partner.
911 services fall victim to FCC's Huawei 'rip and replace' program (Light Reading) According to the Rural Wireless Association, an unnamed service provider is no longer able to offer 911 services due to the FCC's actions against Huawei and ZTE.
House of Representatives passes Senate bill seeking cybersecurity improvements to government’s Internet-connected devices (Homeland Preparedness News) The House this week took up and passed the Internet of Things (IoT) Cybersecurity Improvement Act, a bill originally introduced by U.S. Sens. Cory Gardner (R-CO) and Mark Werner (D-VA) in 2017, which would require Internet-connected devices purchased by the … Read More »
Ratcliffe reinstates election briefings for intel panels (POLITICO) He also said he'll provide all lawmakers with written intelligence reports but not briefings.
Turnover on the CMMC Advisory Board continues (Federal News Network) Ty Schieber, the chairman of the CMMC-AB, and Mark Berman, the chairman of the communications committee, are leaving the CMMC Advisory Board unexpectedly.
Director Wray Addresses CISA Cybersecurity Summit (Federal Bureau of Investigation) FBI Director Christopher Wray delivered remarks for the 2020 Cybersecurity and Infrastructure Security Agency (CISA) National Cybersecurity Summit on September 16, 2020.
What’s at Stake in This Election? The American Democratic Experiment (New York Times) Congress should establish a bipartisan commission to monitor voting and ensure that laws and regulations are followed.
Litigation, Investigation, and Law Enforcement
Exclusive: Top Huawei executives had close ties to company at center of U.S. criminal case (Reuters) An obscure Hong Kong-registered company stands at the center of the U.S. criminal case against China's Huawei Technologies and its chief financial officer.
Iranian nationals indicted in hacking of U.S. networks (POLITICO) Federal prosecutors accused the two men, who are wanted by the FBI, of selling the stolen data on the black market.
US Sanctions Two Russians Accused of Using Fraud to Steal Millions in Crypto (CoinDesk) The pair is accused of having stolen $16.8 million from customers of three different crypto exchanges, including two in the U.S.
Blackbaud at Fault for Cyber Attack on Nonprofit Data, Suit Says (Bloomberg Law) Blackbaud Inc., a cloud services provider, faces a potential class action for allegedly failing to stop a ransomware attack that exposed nonprofit membership data.
US denies sending American accused of spying in Venezuela (Marine Corps Times) A senior U.S. official on Wednesday rejected claims that the government sent an American citizen to Venezuela where he’s been charged with plotting terrorist attacks and labeled a spy.
Canada’s Former U.S. Envoy Violated Ethics Law in Palantir Role (Wall Street Journal) Canada’s former chief envoy in Washington violated the country’s conflict-of-interest rules after taking on the role of senior executive at Palantir Technologies’s Canadian unit, the country’s ethics watchdog revealed.
Boeing hid design flaws in 737 Max jets from pilots and regulators (Ars Technica) Congressional report finds aerospace group cut corners.
China is running furtive surveillance of innocents' lives online. And so are we (The Spinoff) There is little to separate the methods of Zhenhua Data from those of the Peter Thiel founded Palantir, which has an office in Wellington alongside our spy agencies. It comes down to whether data-collection activities are seen as good or bad depending on who does it and under what circumstances, wri
Dunkin’ settles with N.Y. over data breach (Restaurant Business) The company agreed to refund customers who lost funds on their loyalty cards in a settlement with the New York attorney general.