Ransomware incidents look worse than first thought. Fancy Bear fingered, again? Glitch suspends trading on Japan's exchanges.

Cyber Attacks, Threats, and Vulnerabilities

Threat Spotlight: New InterPlanetary Storm variant (Journey Notes) The cybercriminal organization behind InterPlanetary Storm malware has released a new variant into the wild, now targeting Mac and Android devices.

Attacks on Flight Tracking Services Possibly Linked to Armenia-Azerbaijan Conflict (SecurityWeek) DDoS attacks against flight tracking services Plane Finder and Flightradar24 may be linked to the conflict between Armenia and Azerbaijan.

Why Armenia and Azerbaijan Are on the Brink of War (Foreign Affairs) Local Tensions Meet Global Rivalries in Nagorno-Karabakh

Justice department hit by a costly cyberattack (The Mail & Guardian) The theft of R10-million from the Guardian’s Fund account prompts the justice department to freeze all accounts until an audit can determine the extent of the damage

CMA CGM concedes data breach is likely as criticism mounts over its handling of ransomware attack (Splash247) CMA CGM is facing growing criticism for the way it has communicated the ongoing IT fallout from its ransoware attack that brought much of the group’s web infrastructure down on Monday. The French liner issued a statement from Marseille at 15.30hrs local time yesterday, nearly 24 hours from their last update, in which the Rodolphe …

CMA CGM Suspects Data Breach from Cyber Attack (gCaptain) CMA CGM said it suspects a data breach in this week’s ransomware cyber attack. The French shipping giant said in an update on Wednesday that its back-offices are gradually being reconnected t…

Exclusive: Russian operation masqueraded as right-wing news site to target U.S. voters - sources (Reuters) The Russian group accused of meddling in the 2016 U.S. election has posed as an independent news outlet to target right-wing social media users ahead of this year's vote, two people familiar with an FBI probe into the activity told Reuters.

Memory sticks used to program Philly’s voting machines were stolen from elections warehouse (Philadelphia Inquirer) The discovery set off a scramble to ensure voting machines had not been compromised and to contain the fallout. City officials said the theft would not disrupt the election.

Privacy, civil rights groups demand transparency from Amazon on election data breaches (TheHill) A group of more than a dozen privacy and civil rights organizations on Thursday demanded that Amazon disclose information about breaches of election data in order to increase the company’s public transparency ahead of November.

Distributed Denial-of-Service Attacks Could Hinder Access to Voting Information, Would Not Prevent Voting (Homeland Security Today) The FBI and CISA have worked closely with election officials across the country to identify alternative channels to disseminate information to voters, such as verified social media accounts, traditional media, and other backup resources.

Beware of false claims of hacked voter information (Cedar Springs Post Newspaper) Claims are likely intended to cast doubt on legitimacy of U.S. elections

Sick of political campaign spam? Resist hitting unsubscribe—it could lead to identity theft (Yahoo) You know all those political emails clogging your inbox as Election Day looms? Believe it or not, most of them aren’t even making their way to you.

Russia’s Fancy Bear Hackers Likely Penetrated a US Federal Agency (Wired) New clues indicate that APT28 may be behind a mysterious intrusion that US officials disclosed last week.

Linkury adware caught distributing full-blown malware (ZDNet) Linkury (SafeFinder) installations linked to infections with the Socelars and Kpot infostealer trojans.

Blackbaud: Ransomware gang had access to banking info and passwords (BleepingComputer) Blackbaud, a leading cloud software provider, confirmed that the threat actors behind the May 2020 ransomware attack had access to unencrypted banking and login information, as well as social security numbers.

Blackbaud admits hackers stole banking details, passwords (ComputerWeekly) Software firm paid off a ransomware gang, believed its hackers when they said they had destroyed the data, and has now discovered the cyber criminals accessed even more sensitive information than it thought.

Blackbaud ransomware hackers could access unencrypted banking data and login credentials (Computing) Blackboard had originally claimed such data was protected

Mounting Ransomware Attacks Morph Into a Deadly Concern (Wall Street Journal) Hackers are launching more brazen attacks aimed at locking down entire networks, not just a few workstations, and increasingly target health-care companies, putting lives at risk as they demand higher bounties.

Zerologon (CVE-2020-1472): SentinelOne First to Detect on the Endpoint (SentinelOne) Zerologon is a Windows 10/10 critical severity. SentinelOne is the only known vendor able to accurately detect the exploitation attempt on targeted hosts.

QNAP warns customers of recent wave of ransomware attacks (BleepingComputer) QNAP has issued an advisory about a recent wave of ransomware attacks targeting its NAS storage devices and encrypting files.

Data breach: Dfat reveals email addresses of vulnerable Australians stranded overseas (the Guardian) The email addresses belonging to hundreds of Australian citizens were accidentally disclosed in a message about interest-free loans

Mitiga is Cooperating with the FBI & Secret Service on a Global Business Email Compromise (BEC)… (Medium) Mitiga has uncovered a widespread and well-executed Business Email Compromise (BEC) campaign in which cybercriminals are impersonating…

TA2552 Uses OAuth Access Token Phishing to Exploit Read-Only Risks (Proofpoint) Since January 2020, Proofpoint researchers have tracked an actor abusing Microsoft Office 365 (O365) third-party application (3PA) access, with suspected activity dating back to August 2019.

This spyware poses as a fake Android WhatsApp update app (SonicWall) SonicWall Capture Labs threats researchers observed an interesting Android sample that passes itself as a WhatsApp Updater app.

Another view of control system supply chain risks – third party equipment suppliers (Control Global) Several years ago I was doing a control system cyber risk assessment for a regional transit agency. The most significant safety issue was the Liquified Natural Gas (LNG) transit bus refueling facility.

Technical glitch halts trading on Japan exchanges (BBC News) Stock markets in Tokyo and other cities suffered a day-long suspended trading session on Thursday.

Evasive URLs in Spam: Part 2 (Trustwave) A URL can be completely valid, yet still misleading. In this blog, we will present another technique with URLs that we observed in a recent malicious spam campaign. This is the continuation of an earlier blog that discussed how valid URL formats can be used in evading detection.

What Caused The Massive Microsoft Teams, Office 365 Outage On Monday? Here’s What We Know (Forbes) Microsoft online applications, including Teams and Office 365, went down across the U.S. for hours on Monday—so what happened?

Are There Data, Privacy Risks With Legal Research Platforms? (Legaltech News) A recent paper is calling for legal research platforms to become more transparent in how they prioritize results and share user data. But legal research companies say protecting data is fundamental to their business, even as they expand beyond their core offering.

Private Social App Clubhouse Courts Fresh Controversy (Bloomberg) A conversation hosted by the app drew fire for anti-Semitic content on a Jewish holy day.

Cache Creek Casino Closed Due To Cyber Attack (CBS Sacramento) Cache Creek Casino and Resort is not taking any gambles. The casino is closed for business after an apparent cyber-attack on its system.

Security Patches, Mitigations, and Software Updates

Cisco Patches Actively Exploited Flaws in Carrier-Grade Routers (SecurityWeek) Cisco this week released patches for two high-severity vulnerabilities in IOS XR software that have been actively exploited in attacks for over a month

Cyber Trends

The Cybersecurity 202: Americans are as insecure as ever on the 17th annual Cybersecurity Awareness month (Washington Post) Seventeen years after October became National Cybersecurity Awareness Month, Americans are undoubtedly far more aware of digital threats. But they're as insecure online as ever.

Breaking down morality and forum dynamics on cybercriminal forums (Security Magazine) Digital Shadows explored four main themes via which threat actors’ personalities or real-life identities are expressed on cybercriminal forums, providing examples they've observed over the years. This first blog looked at gender and nationality, while the second in the series examined morality and forum dynamics.

More than 12 Data Points are Publicly Available on 60% of Internet... (HOTforSecurity) With more than half the world now using social media and internet traffic increased 30%, new digital behaviors adopted during the coronavirus lockdown continue to reshape the digital landscape. Consumers worldwide shifted to online... #bitdefenderdigitalidentityprotection #cybercrime #databreach

Supply chain businesses still unprepared for cyberattacks — survey (FreightWaves) A new survey has found that while most businesses are concerned about cyberattacks, few are actually prepared for one.

Ongoing Vigilance and Improvements Characterize the State of Cybersecurity in 2020, New CompTIA Report Finds (PR Newswire) Organizations are building confidence that their cybersecurity practices are headed in the right direction, aided by advanced technologies,...

nVisium Research Reveals Gaps in Cybersecurity Training Initiatives Within Remote Workforce (PR Newswire) nVisium, a leader in application security, today released the findings of their recent research which explores the current state of...

Marketplace

Imperva to Acquire jSonar, Together Will Lead A New Generation of Data Security (Company) Industry veteran Ron Bennatan to join and lead Imperva’s Data Security business SAN MATEO, CA – Oct. 1, 2020 – Imperva, Inc., (@Imperva) the cybersecurity leader whose mission is to protect data and all paths to it, announced it has entered into an agreement to acquire jSonar, the leader in modern database security. The acquisition […]

McAfee Finally Pulls Trigger, Joins Tech IPO Rush (SDxCentral) McAfee finally pulled the trigger on its long-rumored initial public offering (IPO) this week following several other high-profile tech IPOs.

Secretive, never profitable Palantir makes its market debut (Defense News) Seventeen years after it was born with the help of CIA seed money, the data-mining outfit Palantir Technologies is finally going public.

Palantir closes below first trade after NYSE debut (CNBC) Palantir held its public market debut on Wednesday, 17 years after its founding, in a highly anticipated direct listing.

Palantir wants to be the ‘central operating system for all US defense programs’ (C4ISRNET) The company anticipates that there's $26 billion in federal work for them.

Is Palantir’s Crystal Ball Just Smoke and Mirrors? (Intelligencer) An inside look at how Big Data’s scariest, most secretive unicorn got its start.

Northrop Grumman : to Build Data System for Defense Intelligence Agency | MarketScreener (SURPERFORMANCE) Northrop Grumman Corporation has been awarded a task order contract by the U.S. General Services Administration's Federal Systems Integration and Management...

Facebook will ban ads that seek to delegitimize US election (CNBC) Facebook on Wednesday announced that it will not allow any ads on its service that seek to delegitimize the outcome of an election, including the upcoming U.S. election on Nov. 3.

Missile facility continues Rocket City reputation (The Redstone Rocket) While its history does lend itself to munition production, these days Redstone Arsenal is more well-known for its research and development.

Skybox Security Appoints Tom Gleason as Vice President, North America Sales and Field Operations (PR Newswire) Skybox Security, a global leader in cybersecurity management solutions, announced today that Tom Gleason has joined the company as Vice...

Products, Services, and Solutions

Visa accredits FIME U.S. laboratory for POS, mPOS and Tap to Phone testing () Payments testing and consultancy expert, FIME has been qualified to deliver Visa Contactless Payment Specifications (VCPS) Level 2 terminal testing at its San Jose lab. North American terminal vendors can now achieve multiple accreditations from the payment industry’s key international bodies and schemes in a single test session.

New from RiskLens: Compare Risk Treatment Options Based on Cost-Benefit Analysis (RiskLens) Answers the question: How much cyber risk can I buy down for budget invested, and which option yields best value?

Cyber Readiness Institute and U.S. Department of Homeland Security Partner to Help U.S. Businesses Secure Remote Workforces (Cyber Readiness Institute) The Cyber Readiness Institute (CRI) today expanded its partnership with the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) with the launch a new cybersecurity toolkit specifically focused on helping companies protect themselves, their customers, and their employees as millions have moved to remote work arrangements over the past six months.

Druva Achieves AWS Digital Workplace Competency Status (Yahoo) Druva Inc., a leader in Cloud Data Protection and Management, today announced that it has achieved Amazon Web Services (AWS) Digital Workplace Competency status. As Druva’s third AWS Competency designation, it further recognizes Druva’s deep expertise of AWS and experience helping customers build a digital

Tehama and Bitnobi to Enhance Data Trust Platform for the Canadian Department of National Defense (Tehama) Tehama, the fastest, easiest, most secure way to deploy a global workforce, and Bitnobi, a startup that has created a leading patented, privacy protected, data-sharing platform, announced the signing of a second contract with the Canadian Department of National Defence (DND) to advance the development of an innovative, integrated human resources data management platform.

GitHub Announces General Availability of Code Scanning Feature (SecurityWeek) GitHub announces the general availability of Code Scanning, a feature that enables developers to easily identify vulnerabilities in their code

Comodo Announces Cyfyx as First Master MSSP Partner in North America (Yahoo) Comodo, the world’s leader of next-generation cybersecurity announced a partnership with Cyfyx Cybersecurity, as its first Master MSSP in North America. Together Comodo and Cyfyx will bring Comod...

Zero in on the alerts that matter with Red Canary’s Alert Center (Red Canary) Go beyond the endpoint: Correlate and proritize alerts from across your security stack with Red Canary Alert Center.

Avatier's New Mobile Identity Governance & Administration Solution, Identity Anywhere, Powers Digital Transformation (Yahoo) Avatier Corporation, the pioneers of work from anywhere (WFA) Identity Governance & Administration (IGA) cloud service, container solutions and access governance solutions, today announced the release of Avatier for iOS and Android, a new mobile app platform that creates a collaborative, self-service

New Net Technologies (NNT) Expands Cloud Offering through Partnership With e92cloud (PR Newswire) New Net Technologies (NNT), a leader in cybersecurity and compliance software, today announced a distribution partnership with e92cloud, a...

Exasol and Pyramid Analytics Join Forces to Put the End-User Experience Front and Center (BusinessWire) Exasol and Pyramid Analytics partnership to bring enhanced analytics experience to joint customers

Telos Ghost Now Available in AWS Marketplace (Telos Corporation) Telos Corporation’s virtual obfuscation network, Telos Ghost, is now more easily accessible to key customers in AWS Marketplace

WatchGuard Enables Partners to Rapidly Expand Security Services Footprint and Grows Partner Ecosystem by More Than 50 Percent | WatchGuard Technologies (WatchGuard) WatchGuard adds endpoint security specialization option to channel program, and makes combined product portfolio available to partners just four months after acquisition of Panda Security

HID Global Announces Comprehensive Public Key Infrastructure-as-a Service (PKIaaS) Digital Certificate Management Platform (HID Global) HID Global, a worldwide leader in trusted identity solutions, today announced its HID HydrantID® Account Certificate Manager (ACM) solution.

Technologies, Techniques, and Standards

EU countries test their ability to co-operate in the event of cyber attacks (EU Reporter) EU member states, the EU Agency for Cybersecurity (ENISA) and the European Commission have met to test and assess their co-operation capabilities and resilience in the event of a cybersecurity crisis. The exercise, organized by the Netherlands with the support of ENISA, is a key milestone towards the completion of relevant operating procedures. The latter […]

Selecting Security and Privacy Controls: Choosing the Right Approach (NIST) Recently, NIST published a significant update to its flagship security and privacy controls catalog,

CISA and MS-ISAC Release Ransomware Guide (CISA) The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have released a joint Ransomware Guide that details practices that organizations should continuously engage in to help manage the risk posed by ransomware and other cyber threats.

Ransomware Guide, September 2020 (CISA) Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable.

Securing Space 4.0 – One Small Step or a Giant Leap? Part 1 (McAfee Blogs) McAfee Advanced Threat Research (ATR) is collaborating with Cork Institute of Technology (CIT) and its Blackrock Castle Observatory (BCO) and the National

New Zealand Stock Exchange DDOS attacks remind enterprises to check their first and last defence security lines (ITWeb) The New Zealand Stock Exchange DDOS attacks remind enterprises to check their first and last defence security lines, says Risna Steenkamp, GM: ESM at Networks Unlimited Africa.

Is Your Agency’s Insider Threat Strategy Missing This Major Element? (Homeland Security Today) With the sudden shift to telework in recent months, many aspects of cybersecurity have changed. In the case of insider threats, the focus has shifted to the unintended consequences of having everyone accessing sensitive data from home.

The Future of Work: Enabling the Not-so New Normal (Netskope) At this point in the pandemic, you’re probably tired of everyone referring to remote working as “the new normal.” Large companies like Facebook, Google, and Twitter have already announced that they will be working from home until the end of 2020 at the earliest, or as far out as August 2021. So, if these companies […]

Going beyond the ordinary: how SIEM does incident detection (Positive Technologies) Company infrastructures are rich with events potentially indicating security incidents, such as user violations of security policies or a breach of the local network. Security information and event management (SIEM) solutions perform centralized collection and analysis of event information.

Design and Innovation

Facebook bans U.S. ads that call voting fraud widespread or election invalid (Reuters) Facebook Inc <FB.O> on Wednesday banned ads on its flagship website and Instagram photo and video sharing service that claim widespread voting fraud, suggest U.S. election results would be invalid, or which attack any method of voting.

FAA chief tests changes to Boeing’s grounded 737 Max (Federal News Network) The head of the Federal Aviation Administration, a former military and airline pilot, said Wednesday that he liked what he saw during a two-hour test flight of Boeing’s revamped 737 Max jetliner, a key step as the agency considers whether to let the plane return to flight after two deadly crashes.

Research and Development

Data61 and Monash claim quantum-safe and privacy-preserving blockchain protocol (ZDNet) The protocol, MatRiCT, is patented by CSIRO and licensed to Australian cryptocurrency developer HCash.

Academia

Exabeam Scholarship Program Supports the Next Generation of Cybersecur (PRWeb) Exabeam, the Smarter SIEM™ company, today announced it has awarded cybersecurity scholarships to a diverse group of three university-level students, f

Legislation, Policy and Regulation

Pompeo delivers warning to Italy over China's economic influence, 5G (Reuters) U.S. Secretary of State Mike Pompeo delivered a warning to Italy over its economic relations with China on Wednesday, and described Chinese mobile telecoms technology as a threat to Italy's national security and the privacy of its citizens.

Why MENA Regulators Are Moving To Open Banking (PYMNTS.com) The following Deep Dive analyzes how the pandemic has affected open banking and privacy regulations in the MENA region and implicated future regulations.

DoD’s interim rule adds a new twist to implementing cyber maturity model (Federal News Network) The Pentagon issued an interim rule under the Defense Federal Acquisition Regulations on Sept. 29 to add more clarity around the implementation timeline and around the requirements contractors will…

FCC commissioner calls for new scrutiny of undersea data cables (Reuters) A member of the U.S. Federal Communications Commission on Wednesday called for new scrutiny of undersea cables that transmit nearly all the world's internet data traffic.

To hunt hackers, FBI works more closely with spy agencies (Reuters) America's top law enforcement agents and spies are teaming up under one roof as part of a new federal strategy to fight foreign hackers, senior FBI officials said in an interview.

Lt. Gen. Stephen Fogarty: Army Cyber Command Shifts to Information Advantage Approach (Executive Gov) Lt. Gen. Stephen Fogarty, who leads the U.S. Army's Cyber Command (ARCYBER), said his group is s

Litigation, Investigation, and Enforcement

Exclusive: China preparing an antitrust investigation into Google - sources (Reuters) China is preparing to launch an antitrust probe into Alphabet Inc's <GOOGL.O> Google, looking into allegations it has leveraged the dominance of its Android mobile operating system to stifle competition, two people familiar with the matter said.

U.S. expected to sue Google next week as DOJ seeks support from states (Reuters) The U.S. Justice Department is expected to sue Alphabet's Google as soon as next week, and is currently urging state attorneys general to sign onto the lawsuit, according to three sources familiar with the process.

Comey defends probe of Trump and Russia as Republican insist it was biased (Washington Post) Former FBI director James B. Comey on Wednesday defended the bureau’s 2016 investigation into possible coordination between the Trump campaign and Russia, pushing back on Senate Republicans’ skeptical questions about the probe and taking particular aim at Attorney General William P. Barr’s assertion that it was unfounded.

Russia Was Aware Of Hillary's Collusion Smear Operation, And U.S. Officials Knew It (The Federalist) Russian intelligence was aware in 2016 of Hillary's plans to smear Trump with collusion charges, increasing the likelihood that Russian disinformation tainted the Clinton and FBI informations.

Intelligence Officials Urged Trump Spy Chief Not to Disclose Unverified Russian Claims About Clinton (Wall Street Journal) Officials at the Central Intelligence Agency and National Security Agency feared that sharing the information with Congress would give credence to unsubstantiated Kremlin-backed material.

Anthem to pay nearly $40 million to settle data breach probe by U.S. states (Reuters) Anthem Inc said on Wednesday it would pay $39.5 million as part of a settlement with U.S. states attorneys general following an investigation into a massive cyber-attack at the company in 2015.

Aerospace news worthy of attention.