Ransomware payloads inside a VM. US sanctions WeChat and TikTok. Notes on APT41. Google vs. stalkerware, misrepresentation.

Cyber Attacks, Threats, and Vulnerabilities

Iranian hacker group developed Android malware to steal 2FA SMS codes (ZDNet) The malware could steal 2FA SMS codes for Google accounts. Also contained vague functionality to do the same for Telegram and various social networks.

APT41: Indictments Put Chinese Espionage Group in the Spotlight (Symantec Enterprise Blog) Seven men have been charged in the U.S. in relation to attacks by China-linked espionage operation which Symantec monitors as two distinct groups – Blackfly and Grayfly

Maze attackers adopt Ragnar Locker virtual machine technique (Sophos News) Under pressure to evade detection by endpoint protection, ransomware criminals try a more radical approach

Maze ransomware now encrypts via virtual machines to evade detection (BleepingComputer) The Maze ransomware operators have adopted a tactic previously used by the Ragnar Locker gang; to encrypt a computer from within a virtual machine.

US 2020 Presidential apps riddled with tracking and security flaws (BleepingComputer) The Vote Joe app, used by the Biden 2020 Presidential campaign to better engage with voters, was found to be leaking potentially sensitive information about voters, such as their political affiliations and past voting choices.

Credential Stuffing (Avast) Automated cyberattacks are torching trust in local systems we depend on to elect a president and withstand the global pandemic.

NCSC asks academic institutions to prepare for more ransomware attacks (teiss) NCSC advised academic institutions in the UK to implement a ‘defence in depth’ strategy to defend against malware and ransomware attacks.

U.K. warns of surge in ransomware threats against education sector (BleepingComputer) The U.K. National Cyber Security Centre (NCSC), has issued an alert about a surge in ransomware incidents targeting educational institutions, urging them to follow the recently updated recommendations for mitigating malware attacks.

Ransomware attack at German hospital leads to death of patient (BleepingComputer) A person in a life-threatening condition passed away after being forced to go to a more distant hospital due to a ransomware attack.

German hospital hacked, patient taken to another city dies (ABC News) German authorities say a hacker attack caused the failure of IT systems at a major hospital in Duesseldorf, and a woman who needed urgent admission died after she had to be taken to another city for treatment

Hospital patient dies following botched ransomware attack (Graham Cluley) When a ransomware attack knocked out systems at a major hospital in Düsseldorf, Germany, there were tragic consequences.

Ontario nurses' regulatory body investigating 'cybersecurity incident' (CBC) The College of Nurses of Ontario has been dealing with a "cybersecurity incident" that may have compromised the personal information of its almost 200,000 members, CBC News has learned.

CERT/CC Releases Information on Critical Vulnerability in Microsoft Windows Netlogon Remote Protocol (CISA) The CERT Coordination Center (CERT/CC) has released information on CVE-2020-1472, a vulnerability affecting Microsoft Windows Netlogon Remote Protocol. An unauthenticated attacker could exploit this vulnerability to obtain Active Directory domain administrator access. Although Microsoft provided patches for CVE-2020-1472 in August 2020, unpatched systems will be an attractive target for malicious actors.

Wibu-Systems CodeMeter (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Wibu-Systems AG Equipment: CodeMeter Vulnerabilities: Buffer Access with Incorrect Length Value, Inadequate Encryption Strength, Origin Validation Error, Improper Input Validation, Improper Verification of Cryptographic Signature, Improper Resource Shutdown or Release 2.

Advantech WebAccess Node (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Advantech Equipment: WebAccess Node Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate their privileges.

Philips Clinical Collaboration Platform (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: Clinical Collaboration Platform Vulnerabilities: Cross-site Request Forgery, Improper Neutralization of Script in Attributes in a Web Page, Protection Mechanism Failure, Algorithm Downgrade, Configuration 2.

Conroe ISD makes system adjustments following cyber attack (KPRC) Conroe Independent School District officials had to make some changes to their network following a cyberattack meant to overwhelm the system.

VA data breach also hit 17,000 community care providers, senators say (Federal News Network) Democrats on the Senate Veterans Affairs Committee say roughly 17,000 community care providers were also victims of the VA data breach, which the department made public earlier this week.

Oberlin College warns donors of massive data breach (Chronicle) The college sent out a letter Thursday afternoon to alumni, parents and friends of the college, saying their information may have been compromised in a May cybersecurity attack.

Data breach at Public Health Wales exposes details of 18k Covid-19 patients (Government Computing Network) Public Health Wales admitted to a data breach that resulted in making public the personal data of more than 18,000 Covid-19 patients.

Care Forum Wales chair says Public Health Wales' data breach highlights need for 'urgent reforms' (North Wales Chronicle) A SOCIAL CARE leader says the disastrous data breach, which led to the details of more than 18,000 people who tested positive for coronavirus being…

CTO On Ransomware Attack On University Hospital New Jersey (Information Security Buzz) In reference to the news of the recent ransomware attack on University Hospital New Jersey (UHNJ) – it was reported the institution has suffered a massive 48,000 document data breach after a ransomware operation leaked their stolen data. Furthermore it was found that the SunCrypt ransomware operation has leaked the data have leaked a 1.7 …

US Federal Courts Hit With Nationwide Phone Outage (Law360) Federal courts across the U.S. were hit with an unidentified glitch Thursday that took out part of the judiciary's phone system, as the ongoing coronavirus pandemic continues to deepen reliance on telecommunications for a large volume of legal business.

Security Patches, Mitigations, and Software Updates

iOS 14 and iPadOS 14 Patch Vulnerabilities, Introduce New Privacy Features (SecurityWeek) Apple has patched nearly a dozen vulnerabilities and it has introduced new privacy features with the release of iOS 14 and iPadOS 14

Malware and spear phishing abuse killed Mozilla's Firefox Send file-sharing service (CNET) Expanding beyond the Firefox browser to online services isn't simple.

Google Play Bans Stalkerware and ‘Misrepresentation’ (Threatpost) The official app store is taking on spy- and surveillance-ware, along with apps that could be used to mount political-influence campaigns.

Developer Program Policy: September 16, 2020 announcement (Play Console Help) We're updating the following policies. All new and existing apps will receive a grace period of at least 15 days from the September 16, 2020 issuance of this notification (unless otherwise stated) to

Cyber Trends

75% of IT execs 'worried' about being targeted in cyber-attack (Security Brief) A new report from ConnectWise has shed light on the widespread concern about cyber-attacks, with 91% of SMB executives considering a move to an MSP if it provided the 'right' solution.

Ransomware en masse on the wane: top threats inside web-phishing in H1 2020 (Security Affairs) Web-phishing targeting various online services almost doubled during the COVID-19 pandemic, it accounted for 46 percent of the total number of fake web pages. Singapore, 09/18/2020 — Group-IB, a global threat hunting and intelligence company headquartered in Singapore, evidenced the transformation of the threat portfolio over the first half of 2020. It came as no […]

Ransomware operators are banding together says Cyber Threatscape report (Continuity Central) The international business continuity management news, jobs and information portal

Is Japan prepared to fight off global cyberattacks? (The Japan Times) Ministerial sectionalism and the lack of a central cybersecurity body are stopping the government from getting a clear-eyed view of cyberthreats, an expert says.

Marketplace

Check Point To Buy Secure Remote Access Startup Odo Security (CRN) Check Point Software Technologies has agreed to purchase cybersecurity startup Odo Security to help enterprises enable secure remote access for employees to any application.

Snowflake venture backers in line to make billons after soaring IPO (Silicon Valley Business Journal) Silicon Valley investors in San Mateo-based Snowflake Inc.'s historic IPO this week are looking at multi-billion dollar gains.

After raising $326M in IPO, Sumo Logic sees stock rise 22% on first trading day (SiliconANGLE) After raising $326M in IPO, Sumo Logic sees stock rise 22% on first trading day - SiliconANGLE

Oracle, Walmart Aim for Big Stakes in TikTok (Wall Street Journal) Backers of plans for Oracle to join with TikTok to create a new U.S. company for the video-sharing app are working on a new ownership structure aimed at alleviating U.S. concerns over Chinese control.

ByteDance plans TikTok IPO if U.S. clears deal: sources (Reuters) China's ByteDance is planning a U.S. initial public offering of TikTok Global, the new company that will operate the popular short video app, should their proposed deal be cleared by the White House, people familiar with the matter said on Thursday.

Will anyone buy TikTok’s business in India? (Quartz India) "With the size of the deal expected to be anywhere upwards of $2.5 billion (Rs1.8 lakh crore) and the complexities involved of having a Chinese licensor, it is not everyone's cup of tea."

DITO investing P1B on cybersecurity amid spying fears (GMA News Online) “The [P1 billion] amount  is contracted to be utilized for the building of our Security Operations Center to monitor cyberattacks... It will also fund the equipment, the software, and the training of our team,” DITO chief technology officer Rodolfo Santiago said in a virtual press chat on Thursday.

Paytm and Paytm First Games pulled down from Google Playstore for alleged violation of gambling policies (CNBCTV18.com) CNBC-TV18 has learnt that Google had notified Paytm developers a few days back on this issue and is in constant touch with them regarding the digital wallet and e-commerce app.

Google takes down Paytm from Play Store (ETCIO.com) Google said it has these policies to protect users from potential harm, and when an app violates these policies, we notify the developer of the violat..

Privacy-focused search engine DuckDuckGo is growing fast (BleepingComputer) DuckDuckGo, the privacy-focused search engine, announced that August 2020 ended in over 2 billion total searches via its search platform.

Is FireEye Turning Into a Top Cybersecurity Stock? (The Motley Fool) The cybersecurity specialist's fortunes seem to be changing, but there is more than what meets the eye.

Atlantic Data Forensics Wins Cyber Defender of the Year Award in the 2020 MD Cybersecurity Awards, Presented by the Cybersecurity Association of Maryland, Inc. (PR Newswire) Atlantic Data Forensics (ADF) today announced the Cybersecurity Association of Maryland, Inc. (CAMI), Maryland's only nonprofit organization...

Novetta Recognized for National Security Efforts Under NCIS RISER Program; Bill Dorr, Kevin Heald Quoted (Executive Gov) Novetta has been recognized by the Naval Criminal Investigative Service (NCIS) Technical Services Fi

Ex-Symantec CEO Greg Clark to become new Forescout CEO (CRN Australia) Weeks after sale to Advent International closed.

Paladin Capital Group appoints former NCSC CEO Ciaran Martin in managing director’s role (FSM Magazine) Fire & Security Matters (FSM), the independent voice for the fire, security and risk management sectors.

Redshift Networks Assembles World Class Advisory Board Of Enterprise, (PRWeb) RedShift Networks, a cloud service, software and appliance solution provider solving the growing Unified Communications/Collaboration (UC)/5G security

Exostar Expands Executive Leadership Team to Support Growing Worldwide Customer Community (BusinessWire) New CTO & CRO to lead effort to bring innovative, easy-to-use, enterprise-class secure business collaboration products to highly-regulated industries.

Products, Services, and Solutions

Ericsson boosts 5G core security with its Packet Core Firewall (Capacity Media) Ericsson has enhanced its 5G core network security offering for communications service providers (CSPs) with the launch of its cloud native Ericsson Packet Core Firewall.

Celerium Named a Licensed Partner Publisher by CMMC Accreditation Body, and Debuts CMMC Quiz and Self-Assessment Tool via CMMC Academy (PR Newswire) The CMMC Academy, an initiative of Celerium Inc., today announced that the CMMC Accreditation Body approved Celerium to be a Licensed Partner...

Illumio Core is Now Fully Qualified for the Oracle Exadata Ecosystem Running on Oracle Linux (Illumio) Learn how Oracle and Illumio have partnered to allow Exadata customers to implement a simple, highly scalable, and comprehensive security solution for robust protection of Oracle workloads.

Texas Teams Up with FireEye to Tackle Ransomware (BusinessWire) FireEye and Mandiant to support the State of Texas in its efforts to combat ransomware and evolving cyber threats.

Oklahoma Chooses Anomali to Build Statewide Threat Intelligence Program (StreetInsider.com) Anomali Helps State Detect COVID-19 Related Cyberattacks, Unemployment Fraud, Risk Created by Remote Workers

Former Hargreaves Lansdown CIO partners with global cyber security platform to take on the fight against hackers. (Computing) Computing is the leading information resource for UK technology decision makers, providing the latest market news and hard-hitting opinion.

Palo Alto Networks Introduces Industry's First Next-Generation SD-WAN Solution Enabling the Secure Cloud-Delivered Branch and Simplified Network Operations (PR Newswire) As SD-WAN has become the primary WAN architecture, organizations are demanding solutions that deliver a better user experience while being...

SolarWinds Announces Integration With ServiceNow Service Graph Connector Program (Odessa American) AUSTIN, Texas--(BUSINESS WIRE)--Sep 17, 2020--

Network Solutions Provider, a Leader in Business Technology Optimization and Security, and CyGlass Form a Strategic Partnership to Include CyGlass' Network Defense as a Service Solution in its Product Portfolio (PR Newswire) CyGlass, a leading SaaS AI-based Network Detection and Response (NDR) platform, and Network Solutions Provider (NSP), a leader in providing...

10 ransomware protection tools you need to know about (CRN Australia) The best remediation tools to hit the market in 2020.

Technologies, Techniques, and Standards

User acceptance: the biggest I&AM hurdle (Computing) The holy grail of I&AM is to actually improve the user experience while making the business more secure, but most organisations are a long way from that

Are Your Company Credentials Exposed on the Dark Web? (Secplicity) The dark web is a collection of anonymous websites that are publicly available, yet hide the IP addresses to make it impossible for users to identify the host. It’s very common that sensitive information made available by data breaches ends up becoming available illicitly for sale on the dark web. According to the 2019 Global […]

'You Are Not Anonymous on Tor' - Study Shows Privacy Network Offers Superficial Anonymity (Bitcoin News) A paper called “Tor 0-day” says that it is an open secret among the internet service community: “You are not anonymous on Tor.”

Negotiating Secure Work During the Pandemic (SIGNAL Magazine) Intelligence community contractors evolve to serve the national security mission during COVID-19.

Onerous Honorlock: UW cannot justify using malware in effort to proctor students (The Badger Herald) With applications such as Honorlock gaining popularity in UW, its use remains questionable in terms of ethicality, security

Justifying your 2021 cybersecurity budget (Help Net Security) As part of justifying a 2021 cybersecurity budget, CISOs need to focus on quick wins, cost-effective SaaS solutions, and ROI predictions.

Military Services Look at New Approaches to Intelligence Operations (SIGNAL Magazine) Intelligence is metamorphosing as recent changes feed into operational evolution.

The Air Force is working on better intelligence integration for defensive cyber (C4ISRNET) Air Force defensive cyber teams are working to utilize intelligence from the very beginning planning stages of operations.

Pioneering Cyberspace Squadron hosts Mission Defense Team Conference (DVIDS) The 62d Cyberspace Squadrons hosts a conference to collaborate across the Air and Space Force cyberspace communities.

Secret Service conducts cyber incident simulation (Homeland Preparedness News) The Secret Service recently hosted a virtual Cyber Incident Response Simulation officials focused on ransomware attack and mitigation strategies.

CISA Named Top-Level Root CVE Numbering Authority (CNA) (Security Affairs) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has been named a Top-Level Root CVE Numbering Authority (CNA). The US Cybersecurity and Infrastructure Security Agency (CISA) has been named a Top-Level Root CVE Numbering Authority (CNA), it will be overseeing CNAs in assigning CVE identifiers for vulnerabilities in industrial control systems (ICS) and medical devices. […]

Design and Innovation

How MIT's SCRAM could break the cyber-attack logjam (TechBeacon) MIT's SCRAM incident reporting encryption could be a game-changer for helping companies plan cybersecurity strategies. Is it right for your company?

Britain’s armed forces get ready for a revolution (The Economist) The emphasis is on threats short of open warfare and the technological prowess to combat them

JROC Struggles To Build ‘Information Advantage’ Requirement (Breaking Defense) "I'm not sure exactly how we're going to document what information advantage really is," says Vice JCS Chief Gen. John Hyten, who chairs the Joint Requirements Oversight Council.

Facebook is cracking down on groups that give health advice and promote violence (CNBC) Facebook announced new policies that will limit the spread of groups on its social network that focus on giving users health advice as well as groups with ties to violence.

Twitter rolls out new security features to prevent Election Day chaos (The Verge) The move follows one of the company’s biggest breaches.

Twitter adds security measures for high-profile political users (Axios) The move follows a major hack of notable Twitter users in July.

Twitter Expands QAnon Restrictions To Include Candidates, Elected Officials (Forbes) Twitter also reported a 50% decrease in engagement on QAnon content since it began its crackdown in July.

Facebook issues new rules on internal employee communication (CNBC) Facebook CEO Mark Zuckerberg on Thursday outlined to employees a new set of principles to guide debates and conversations within Workplace, the company's internal social network.

Academia

Army Futures Command picks Austin Community College for software factory (C4ISRNET) The Army is setting up a software factory that will help the service collaborate with students and industry as it modernizes in the digital age.

Legislation, Policy and Regulation

China Has to Approve TikTok-Oracle Deal Too, ByteDance Says (Wall Street Journal) TikTok owner ByteDance and Oracle are waiting to learn whether President Trump will give his blessing to their deal, but another hurdle remains: Beijing still has to sign off too.

U.S. to Ban TikTok Downloads, Use of WeChat on Sunday (Wall Street Journal) Commerce Secretary Wilbur Ross said the U.S. will ban downloads of the video-sharing app TikTok and the U.S. use of the messaging and electronic payment app WeChat after Sunday night over national security and data privacy concerns.

US will ban WeChat and TikTok downloads on Sunday (CNN) The Commerce Department plans to restrict access to TikTok and WeChat on Sunday as the Trump administration's executive orders against the two apps are set to take effect.

Commerce Department Prohibits WeChat and TikTok Transactions to Protect the National Security of the United States (U.S. Department of Commerce) In response to President Trump’s Executive Orders signed August 6, 2020, the Department of Commerce (Commerce) today announced prohibitions on transactions relating to mobile applications (apps) WeChat and TikTok to safeguard the national security of the United States.

Putin discusses development of Russia-Belarus ties with Security Council (TASS) The Russian president called on the security top brass to elaborate approaches to the development of relations with Moscow’s closest partner nations

Ukraine-U.S. military exercises begin as Russia holds drills in Belarus (Reuters) Ukraine and the United States launched joint military exercises on Thursday, two days after Russia began joint military drills with forces in neighboring Belarus.

O’Toole says he wouldn’t allow Huawei onto Canada’s 5G network (The Western Standard) It comes on the day, the Globe and Mail reported Huawei had communicated to Ottawa that it promised not to spy on Canada.

Paying Cyber-Ransoms Should be Outlawed, Ex-Security Boss Says (BNN) Ciaran Martin, who stepped down as head of the U.K.’s National Cyber Security Centre this month, will call on Boris Johnson’s government to make it illegal for companies to pay cyber hackers a ransom.

FERC Opens Supply Chain Cyber Risk Inquiry (ERO Insider) FERC began an inquiry into the reliability risks posed by equipment originating overseas, seeking comment on utilities' use of equipment provided by entities associated with U.S. adversaries.

FERC Seeks Comments on Potential Risks to Bulk Electric System (Federal Energy Regulatory Commission) News Release: September 17, 2020 Docket No. RM20-19-000 Item No. E-2 NOI The Federal Energy Regulatory Commission (FERC) is seeking comments on the potential risks to the bulk electric system posed by using equipment and services produced or provided by entities identified as risks to national security.

Towards a post-privacy world: proposed bill would spur open data sharing between agencies (Which-50) The federal government has announced a plan to increase the sharing of citizen data across the public sector. This would include data sitting with

Brazil, Canada Lead Surge In Global Privacy Law Expansion (Law360) A new Brazilian data protection law and proposed changes to Canada's privacy regime highlight the enhanced liability risks that businesses face around the world as countries race to craft personalized ways to regulate the use and sharing of personal data.

Is data privacy an oxymoron? An EU initiative addresses growing concerns (CORDIS | European Commission) A team of researchers has launched a tracking-free website to protect the privacy of its visitors and help citizen scientists investigate digital cookies.

DOD Works to Increase Cybersecurity for U.S., Allies (U.S. DEPARTMENT OF DEFENSE) U.S. Cyber Command has taken a comprehensive and proactive approach that includes working with allies and partners to respond to cyber and other threats before they reach the homeland.

Trump plans to nominate official for FCC amid social media push (Reuters) President Donald Trump, pressing for new social media regulations, plans to nominate a senior administration official to be a member of the Federal Communications Commission (FCC), the White House said on Tuesday.

Senior Department of Energy cyber official to step down (CyberScoop) Bruce Walker, who has served as a senior Department of Energy official focused on cybersecurity since 2017, is leaving his post later this month to work at a security nonprofit, CyberScoop has learned.

Litigation, Investigation, and Enforcement

Assange Put Sources Named In War Logs At Risk, US Claims (Law360) WikiLeaks founder Julian Assange published the unredacted names of U.S. informants living in Iraq and Afghanistan that were contained in military war logs, creating a "grave and imminent risk" to innocent civilians, a U.S. prosecutor said at Assange's London extradition hearing Thursday.

F.B.I. Director Warns of Russian Interference and White Supremacist Violence (New York Times) Testimony by Christopher A. Wray contradicted efforts by President Trump and other officials to downplay the threats.

US looks out for 5 super hackers from China who attacked Indian govt websites (One India) 'In about 2019, the conspirators compromised Government of lndia websites, as well as virtual private networks and database servers supporting the Government of India. The conspirators used VPS PROVIDER servers to connect to an Open VPN network owned by the Government of India,' the indictment said.

US charges 5 Chinese “Apt41” actors for hacking into more than 100 companies (Security Magazine) U.S. federal agencies revealed criminal charges against five computer hackers, all of whom were residents and nationals of the People’s Republic of China (PRC). All were charged of computer intrusions affecting over 100 victim companies in the United States and abroad, including software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, non-profit organizations, universities, think tanks, and foreign governments, as well as pro-democracy politicians and activists in Hong Kong.

APT41 Operatives Indicted as Sophisticated Hacking Activity Continues (Threatpost) Five alleged members of the China-linked advanced threat group and two associates have been indicted by a Federal grand jury, on dozens of charges.

Treasury Dept. sanctions Iranian government-backed hackers (TheHill) The Treasury Department on Thursday announced sanctions against a prolific Iranian hacking group, 45 individuals and a front group allegedly used by the Iranian government to target Iranian dissidents and other groups.

Co-founder of cyber fraud prevention startup arrested for alleged fraud (CyberScoop) The co-founder of cyber fraud prevention startup NS8 was charged and arrested Thursday for allegedly tricking investors with falsified financial statements.

Spy Court Says It Lacks Authority To Declassify Its Records (Law360) The U.S. Foreign Intelligence Surveillance Court has refused to release court documents related to government surveillance and attorney misconduct, finding that it can't disclose the information in light of a February ruling over the declassification of records.

Treasury Says It Lacks Data On Finance Sector's Cyber Risks (Law360) The U.S. Treasury Department says it lacks the data — and the authority to collect the data — that would be necessary to comply with a government watchdog recommendation that it track the financial sector's cyber risk mitigation efforts to thwart cyber threats, according to a report published Thursday.

FBI Fights Intellectual Property Theft from University Offices (Nextgov.com) Director Christopher Wray noted the importance of attribution in the bureau’s strategy amid growing difficulty investigating cyber crime.

FBI in Utah aims to take bite out of potential election cybercrime, ballot fraud (Deseret News) As local FBI officials in Utah talked about the agency’s role to protect the 2020 election from fraud and abuse Thursday, their boss in Washington described "very active" efforts by the Russians to influence the outcome.