We're pleased to announce that Verizon Business has joined our distinguished academic, research, and industry partnership program, focused on accelerating cybersecurity education and awareness around the world. Security experts from Verizon Business will regularly join us on our popular daily podcast to provide the insights and analysis organizations need to stay a step ahead with their security programs, to keep informed about the continually evolving threat landscape, and to stay abreast of the latest trends in cybersecurity business and technology. See the full announcement here.
Many industrial organizations are required to have incident response plans and procedures. Although these plans often satisfy regulatory requirements, they don’t prepare the organization or arm responders. Read the white paper to learn how to ensure IR efforts are successful, timely, efficient and help determine the root cause of the incident.
Disrupting Trickbot. Chaining vulnerabilities. An international call for backdoors.
The unknown operators KrebsOnSecurity said were disrupting Trickbot turns out to have been neither vigilantes nor criminal rivals, but rather US Cyber Command, as the Washington Post reported late Friday. Cyber Command had been concerned that Trickbot’s track record for deploying ransomware made it a potential threat to the November elections.
Microsoft also took action against Trickbot, with the cooperation of ESET, Lumen’s Black Lotus Labs Threat Research, NTT, and Symantec, obtaining a court order allowing Redmond to take the botnet down. The New York Times says Microsoft had been unaware of US Cyber Command’s activities against the botnet, and that the two actions appear not to have been coordinated.
On Friday the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a joint alert, updated yesterday, describing an effort by "APT actors" to chain Windows and VPN vulnerabilities (including Zerologon) in a campaign directed against state, local, tribal, and territorial government networks, critical infrastructure, and election support systems. They succeeded in penetrating and establishing a degree of persistence in some of their targets, but CISA and the Bureau say election security wasn't compromised.
On Sunday representatives of the Five Eyes, India, and Japan issued a joint "International Statement" on "End-To-End Encryption and Public Safety." The statement affirmed support for strong encryption, but deplored "counter-productive and dangerous approaches that would materially weaken or limit security systems," and then called upon companies to design systems so that law enforcement could, with proper authorization, access encrypted communications.
Today's issue includes events affecting Australia, Belgium, Canada, China, Cyprus, the European Union, Germany, India, Israel, the Democratic Peoples Republic of Korea, Luxembourg, Mexico, Nepal, New Zealand, Nigeria, Pakistan, Russia, Singapore, Taiwan, the United Arab Emirates, the United Kingdom, the United States, and Vietnam.