Cyber Attacks, Threats, and Vulnerabilities
Iran says hackers attacked two of its key institutions (Reuters) Hackers launched large-scale attacks on two Iranian government institutions this week, a senior official said on Thursday, without giving details on the targets or the suspected perpetrators.
Iranian state hacker group linked to ransomware deployments (ZDNet) Amidst rising tensions between Israel and Iran, security researchers fear new escalation.
Telegram, Apple, Belarus, and Conflating ‘Irrelevance’ With ‘Inconvenience’ (Daring Fireball) I’ve said it before and will adamantly say it again: it is *prima facie* wrong that one of the rules of the App Store is that an app is not allowed to explain the rules of the App Store.
Massive Cyberattack Propagating via Redirector Domains and Subsidiary Domains (GreatHorn) The GreatHorn Threat Intelligence Team has discovered a massive cyberattack propagating via open redirector domains and subsidiary domains belonging to multiple global brands, spreading through tens of thousands of mailboxes and targeting business users across industries, geographies, and companies.
Twitter confirms outage was caused by 'inadvertent change' (Engadget) Twitter's support page notes it is "Investigating Irregularity with Twitter APIs," that seem to have taken the site offline around 5:35 PM ET.
New Emotet attacks use fake Windows Update lures (ZDNet) Emotet diversifies arsenal with new lures to trick users into infecting themselves.
What the Bad Neighbor vulnerability means for enterprise security (Security Magazine) Among the Windows 10 vulnerabilities Microsoft announced yesterday, the Bad Neighbor vulnerability stands out, posing a potential nightmare scenario for enterprises. With a severity score of 9.8 out of 10, the remote code execution (RCE) vulnerability would allow an attacker to run malware or launch a denial of service (DoS) attack.
US Election-Related Web Properties Prone to Fraud and Misinformation Due to Lack of Domain Security (Circle ID) The risks of fraud and disinformation in the U.S. election process have been hiding in plain sight. CSC's new research finds that a large majority of web domains closely linked to the campaign websites for Joe Biden and Donald Trump lack basic domain security protocols and are prone to domain spoofing tactics. This makes them a potential target for hackers looking to spread disinformation ahead of the election, and criminals who want to take advantage of voter intentions...
TM mum on whether cyber-attack affected ship, air registries (Newsbook) Transport Malta has remained silent on whether a cyber-attack on its system has affected the Ship and Air registry, when replying to questions sent by Newsbook.com.mt on Wednesday, as it cited that no more details could be divulged due to an ongoing magisterial inquiry.
Online proctor service ProctorTrack disables service after hack (BleepingComputer) The online proctoring service ProctorTrack has disabled access to their service after its parent company was hacked.
Cruise operator Carnival suffers data breach – customer information potentially exposed (The Daily Swig) Global cruise line and casino brands implicated in cyber-attack
Confirmed: Barnes & Noble hacked, systems taken offline for days, miscreants may have swiped personal info (Register) Nook, line and sinker: Servers restored from backups, punters unable to download purchased e-books
Barnes & Noble Warns Customers About Data Breach (Dark Reading) Famed bookseller says non-financial data was exposed in a new attack.
Barnes & Noble Hack: A Reading List for Phishers and Crooks (Threatpost) Customers' lists of book purchases along with email addresses and more could have been exposed during a (ransomware?) attack — and that's a problem.
Barnes & Noble Investigates Hacking Incident (BankInfo Security) Books retailer Barnes & Noble is investigating a security incident involving unauthorized access to its corporate systems, including those storing customers’
Robinhood Internal Probe Finds Hackers Hit Almost 2,000 Accounts (Bloomberg) Almost 2,000 Robinhood Markets accounts were compromised in a recent hacking spree that siphoned off customer funds, a sign that the attacks were more widespread than was previously known.
How to check if your passwords saved in Keychain were compromised on iOS 14 (The Next Web) Welcome to TNW Basics, a collection of tips, guides, and advice on how to easily get the most out of your gadgets, apps, and other stuff. Apple has introduced a ton of security and privacy features in iOS 14 including blocking trackers and knowing which apps used your camera and mic. Get 100+ hours of video …
Wibu-Systems CodeMeter (Update C) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 10.0
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Wibu-Systems AG
Equipment: CodeMeter
Vulnerabilities: Buffer Access with Incorrect Length Value, Inadequate Encryption Strength, Origin Validation Error, Improper Input Validation, Improper Verification of Cryptographic Signature, Improper Resource Shutdown or Release
2.
Advantech R-SeeNet (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Advantech
Equipment: R-SeeNet
Vulnerability: SQL Injection
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow remote attackers to retrieve sensitive information from the R-SeeNet database.
Advantech WebAccess/SCADA (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Advantech
Equipment: WebAccess/SCADA
Vulnerability: External Control of File Name or Path
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to execute remote code as an administrator.
Remote Learning for Sandwich Students Affected by Cyber Attack (CapeCod.com) Remote learning for students in the Sandwich Public Schools District has been impacted by a cyber attack, according to Superintendent Pamela Gould. In a message sent to families th…
Cyber attack disrupts remote learning in Cape Cod schools (Providence Journal) A cyberattack has caused ongoing internet issues at the Sandwich Public Schools for about a week, disrupting remote learning for students.
Seyfarth Cyberattack Spotlights Gaps In Law Firm Security (Law360) The recent ransomware attack against Seyfarth Shaw LLP should be a wake-up call for law firms to rethink their cybersecurity strategies and policies, as the shift to remote work caused by the coronavirus pandemic is making firms more vulnerable than ever, cybersecurity experts say.
Security Patches, Mitigations, and Software Updates
SonicWall Fixes Critical Flaw in Firewall Appliances (Decipher) A critical flaw in SonicOS could lead to remote code execution in vulnerable SonicWall firewall appliances.
Patching Gets More and More Complicated but is Critical for Managing Risk (The National Law Review) Patching vulnerabilities has always been challenging, but these days, it is getting more and more complicated as manufacturers try to stay abreast of zero-day vulnerabilities and issue patches as quic
Cyber Trends
86.6% of businesses prioritize employee empowerment in their future workplace strategy (NTT) Today NTT Ltd. releases its 2020 Intelligent Workplace Report ‘Shaping Employee Experiences for a World Transformed’, which highlights that the pandemic has put employee wellbeing at the forefront of the business agenda.
BEC Attacks: Nigeria No Longer the Epicenter as Losses Top $26B (Threatpost) BEC fraudsters now have bases of operation across at least 39 counties and are responsible for $26 billion in losses annually — and growing.
Business email fraud centered in Atlanta, says study (Atlanta Journal Constitution) Cybercriminals who target unwitting business owners have flocked to Atlanta, according to a new report. Atlanta has the largest concentration in the U.S. of criminals who engage in business email phishing, one of the biggest types of cybercrime.
The Geography of BEC: The Global Reach of the World’s Top Cyber Threat (Agari) Every single day, the Agari Cyber Intelligence Division (ACID) engages with Business Email Compromise (BEC) scammers who try (and fail) to target Agari customers with phishing attacks.
Federal watchdog finds escalating cyberattacks on schools pose potential harm to students (TheHill) The Government Accountability Office (GAO), a federal watchdog agency, on Thursday published findings concluding that an increasing number of cyberattacks on educational institutions were putting students incre
Marketplace
DoD, NSA announce cybersecurity training initiative (Intelligence Community News) The training program, called the Cybersecurity Education Diversity Initiative (CEDI), addresses the nation’s cybersecurity talent gap.
Dimension Data positioned for future growth (ITWeb) The company has completed its transition to operate as one entity, bringing all its subsidiaries under a single Dimension Data brand.
Israeli-German zero-day vulnerabilities broker firm Incredity offers Huawei bug bounty (Intelligence Online) Cyprus was home to Israeli cyber industry in Europe for a long time but some big-name firms have recently left the island, like NSO which has closed the Cypriot subsidiary of Circles. New firms such as Legacy Technologies and Incredity have chosen to make Germany their new European haven.
CyCognito Named Winner of 2020 SINET 16 Innovator Awards (GlobeNewswire) The SINET 16 is an annual list of the most innovative and compelling cybersecurity companies in the world
YouTube bans QAnon, other conspiracy content that targets individuals (NBC News) YouTube said it would be enforcing the updated policy immediately and plans to “ramp up in the weeks to come.”
What Did Colorado Catch When Palantir Moved to Denver? (Westword) The high-tech company left the Silicon Valley in August.
Momentum is on CrowdStrike’s Side: Will it Last? (Beth.technology) This is an analysis by David Marlin, equity analyst for Beth.Technology. In this analysis, he explains why he is long CrowdStrike. A periodic transaction report filed on September 3 rd revealed Nancy…
Why Mimecast Shares Will Break Out (Seeking Alpha) Mimecast posted strong first-quarter results and raised its outlook. Cybersecurity platform gaining big customer wins. 20% upside explained.
Cybersecurity firm Censys hires new technology chief (Live24x7 News) Fresh off an investment round that netted the company $15.5 million, Ann Arbor cybersecurity firm Censys Inc. has a new
SAIC adds Michelle Sutphin as chief security officer (Intelligence Community News) Sutphin is responsible for developing, implementing, and overseeing compliance with SAIC’s security policies and programs.
SentinelOne Hires Former Trustwave Exec to Drive MDR Services (MSSP Alert) Endpoint security platform provider SentinelOne hires former Trustwave executive Brian Hussey to lead its Vigilance managed detection & response (MDR) program.
Bugcrowd Hires David Castignola as Chief Revenue Officer (Enterprise Security) Bugcrowd has appointed David Castignola as Chief Revenue Officer (CRO).
Products, Services, and Solutions
Cribl Introduces LogStream, Increasing Data Utilization for the Fortune 1000 (Cribl) Cribl Introduces LogStream, Increasing Data Utilization for the Fortune 1000! Built by Splunk alumni, the company closes $35 Million in Series B funding from Sequoia and CRV.
Zerto Announces Zerto 8.5 with Backup to Public Cloud and Support for Additional Cloud Platforms (BusinessWire) Zerto today announced Zerto 8.5 with new cloud capabilities at its “New World. New Backup.” launch event.
Zerto Launches New Data Protection Solution; Marks Significant Change to the Backup Industry (BusinessWire) Zerto today launched Zerto Data Protection, which displaces traditional backup with Continuous Data Protection for all applications.
Tech Startup Excaliber Challenges Big Tech Titans Twitter, Facebook, Gmail & YouTube (PR Newswire) When the New York Post Biden debacle erupted with the article censorship circus on Twitter and Facebook, Excaliber founder Howard Sherman had...
IBM Integrates Data Security (Security Boulevard) IBM Security today announced it is adding data security capabilities to IBM Cloud Pak for Security for the first time. Built on top of the Red Hat
Sixgill Partners With ThreatQuotient to Accelerate Threat Response (PR Newswire) Sixgill, the leader in threat intelligence enablement and enrichment, today announced that Sixgill Darkfeed, the company's predictive feed of...
Rapid7 Announces Availability of Enhanced Endpoint Telemetry for InsightIDR (GlobeNewswire) New capabilities extend endpoint visibility to further unify critical security data and drive accelerated investigations and response
Technologies, Techniques, and Standards
WSJ News Exclusive | Facebook Has Made Lots of New Rules This Year. It Doesn’t Always Enforce Them. (Wall Street Journal) The social-media giant has made a flurry of new rules designed to improve the discourse on its platforms. When users report content that breaks those rules, a test by The Wall Street Journal found, the company often fails to enforce them.
How officials are protecting the election from ransomware hackers (MIT Technology Review) Hackers played a significant role in the 2016 election, when the Russian government hacked into the Democratic campaign and ran an information operation that dominated national headlines. American law enforcement, intelligence services, and even Republican lawmakers have concluded, repeatedly, that Moscow sought to interfere with the election in favor of Donald Trump. Meanwhile, in the…
Late-game election security: What to watch and watch out for (CSO Online) Despite disruption of the Trickbot botnet network, last-minute leaks of stolen documents and post-election undermining of trust in the election system remain big concerns.
The United States Needs a Red Team to Protect the Election (Foreign Policy) Adversaries are trying to undermine U.S. democracy. Hackers and regular citizens must identify weaknesses and make the system resilient in the face of cyberthreats.
5 minutes with Julian Waits - How Security Operations Center leaders can create a culture of growth (Security Magazine) Here, we talk to Julian Waits, General Manager of Cybersecurity at Business Unit at Devo, to find out how security operations center (SOC) leaders can create a culture of growth among their teams.
Maryland Airmen gain experience in national cyber exercise (DVIDS) Six Airmen from the Maryland Air National Guard along with than 800 National Guard cyber operators from more than 40 states and territories participated in Cyber Shield 20, a virtual training exercise designed to build their skills defending networks.
The Army National Guard with assistance from the Air National Guard hosted Cyber Shield, which ran Sept. 12-27 and was conducted completely online for the first time due to the COVID-19 pandemic.
Secret Service conducts cyber incident simulation (Homeland Preparedness News) The Secret Service recently hosted a virtual Cyber Incident Response Simulation officials focused on ransomware attack and mitigation strategies. “Recognizing the dynamic nature of this threat, President Trump has made it a priority to build strong and robust cybersecurity across … Read More »
MYTH #3: It’s Better To Block Than To Permit Access (FireMon) This is part 3 of a 4-part series addressing compliance myths and what you need to know about uniting compliance and security in a hybrid environment. Read Part I here. One of the oldest security practices is to “just say no.” Businesses engaged in digital transformation can’t take that path. They have internal and external users, Read more...
Research and Development
DARPA seeks NEED proposals (Intelligence Community News) On October 16, the Defense Advanced Research Projects Agency (DARPA) posted a submission opportunity for the Non-Escalatory Engagement to reduce...
Academia
NSA aims to boost Black students' access to security education, paid internships (CyberScoop) The National Security Agency and the Department of Defense announced an initiative on Thursday meant to increase access to cybersecurity education, mentoring and paid internships for students at historically Black colleges and universities.
UNF receives $500,000 award from National Security Agency (Jacksonville Daily Record) First responders and military veterans will be trained in health care cybersecurity.
Why are educational establishments so vulnerable to cyber-attack? (teiss) Why universities are at risk from hackers and what they should be doing to defend themselves.
Legislation, Policy, and Regulation
Philippines eyes partnership with Japan on cyber defense, drones (Kyodo News+) The head of the Philippines' military says that the country is considering partnering with Japan to beef up its cyber defense and drone capability as part of its force modernization program.
The U.S. Intelligence Community Is Not Prepared for the China Threat (Foreign Affairs) A Fundamental Realignment Is Needed to Counter Beijing
Forget Counterterrorism, the United States Needs a Counter-Disinformation Strategy (Foreign Policy) If the U.S. government wants to win the information wars, Cold War-era tactics won’t cut it anymore.
The Lawless Realm (Foreign Affairs) Countering the Real Cyberthreat
Chairman Pai Statement on Section 230 (Federal Communications Commission) Federal Communications Commission Chairman Ajit Pai issued a statement on Section 230 of the Communications Act
FCC Acts as Trump Intensifies Call to Dilute Social Media Shield (Bloomberg) U.S. Federal Communications Commission Chairman Ajit Pai said the agency will consider Donald Trump’s request to weaken a legal shield for social media companies such as Twitter Inc. as the president intensified his call to strip companies of their protections.
Trump's feud with social media amps up with more skirmishes, blocked accounts (SeekingAlpha) Heat between President Trump's campaign and social media is rising today after yesterday saw Facebook (FB -2.3%) and Twitter (TWTR -2.4%) putting the brakes on dissemination of a New York Post story.
Sens. Peters, Klobuchar and Reed introduce bill to counter COVID-19 misinformation (Homeland Preparedness News) U.S. Sen. Gary Peters (D-MI) has introduced a bill that would create a COVID-19 Misinformation & Disinformation Task Force to counter the rising misinformation and disinformation related to the Coronavirus pandemic. The task force will be charged with coordinating the … Read More »
Secretary Ross Highlights Commerce Actions Supporting Strategy for Critical and Emerging Technologies (U.S. Department of Commerce) In support of the National Strategy for Critical and Emerging Technologies, Secretary of Commerce Wilbur Ross said the Department is fully behind the President’s strategy and has already implemented a number of export controls on emerging technologies.
Multi-Domain Operations doctrine still a few years out, says US Army chief (Defense News) The Army is working to refine its war-fighting concept, but calling it doctrine won't happen for several years, the Army chief said.
DoD identifies top information operations adviser (C4ISRNET) Legislation mandated the department designate a person — dubbed the principal information operations adviser — to counsel the defense secretary on information operations.
State CIOs face same cyber issues as corporate peers, with budget constraints (SC Media) States must focus more on digital modernization and improve the role of CISOs, and the cyber issues they face mirror those of broad array of industries.
Litigation, Investigation, and Law Enforcement
WeChat Judge Skeptical Of Feds' Bid To Quickly Shutter App (Law360) A California federal judge said during a hearing Thursday she's unlikely to lift a preliminary injunction blocking the Trump administration from shutting down WeChat's U.S. operations, despite the government's concerns that China may be using the communications platform to surveil Americans and potentially interfere in elections.
U.S. Lawmaker, Citing Snowden, Seeks Probe Into NSA Targeting of Congressional, Supreme Court Emails (Gizmodo Australia) The acting intelligence community inspector general, Thomas Monheim, has been asked to investigate claims that Edward Snowden, while working as a contractor for the U.S. National Security Agency, was able to search a classified database for the private emails of a senior member of U.S. Congress. Rep. Anna Eshoo, Democrat...
Senate to Subpoena Twitter CEO Over Blocking of Disputed Biden Articles (Wall Street Journal) GOP senators said the Judiciary Committee would subpoena Jack Dorsey after his social-media company limited sharing of New York Post articles about Democratic presidential nominee Joe Biden and his son.
US intelligence analysts feared Russia would dump hacked and forged Burisma emails targeting Biden as an 'October surprise,' report says (Business Insider) The news came hours after the New York Post published a misleading story with unverified emails said to be between Hunter Biden and a Burisma exec.
Feds examining whether alleged Hunter Biden emails are linked to a foreign intel operation (NBC News) One email, which has not been confirmed to be authentic, suggested a meeting between Joe Biden and a rep from a Ukraine firm that once paid his son Hunter.
White House was warned Giuliani was target of Russian intelligence operation to feed misinformation to Trump (Washington Post) U.S. intelligence agencies warned the White House last year that President Trump’s personal lawyer Rudolph W. Giuliani was the target of an influence operation by Russian intelligence, according to four former officials familiar with the matter.
Giuliani Details Steps Taken to Authenticate Hunter Biden Material (Epoch Times) Former New York City Mayor Rudy Giuliani says he spent three weeks authenticating the materials on a copy ...
The platforms spy a hack-and-leak (Platformer) In a New York Post report, Facebook and Twitter smell a rat
Facebook Gave A Platform To The Shady Ukrainians Pushing The New York Post Biden Story (BuzzFeed News) Facebook may have throttled the reach of the New York Post story. But these men are celebrating all the same.
Malwarebytes, Inc. v. Enigma Software Group USA, LLC on Petition for Writ of Certiorari to the United States Court of Appeals for the Ninth Circuit (Supreme Court of the United States) Statement of JUSTICE THOMAS respecting the denial of certiorari. This petition asks us to interpret a provision commonly called §230, a federal law enacted in 1996 that gives Internet platforms immunity from some civil and criminal claims.
US charges QQAAZZ group for laundering money for malware gangs (ZDNet) Among the QQAAZZ group's clients were famous malware groups like Dridex, Trickbot, and GozNym.
US, European authorities carry out sweeping crackdown on prolific QQAAZZ cybercriminal group (CyberScoop) U.S. and European law enforcement have embarked on a coordinated crackdown on an Eastern European cybercriminal group accused of trying to launder tens of millions of dollars stolen from victims.
Officials Announce International Operation Targeting Transnational Criminal Organization QQAAZZ that Provided Money Laundering Services to High-Level Cybercriminals (US Department of Justice) Fourteen members of the transnational criminal organization, QQAAZZ, were charged by a federal grand jury in the Western District of Pennsylvania in an indictment unsealed today. A related indictment unsealed in October 2019 charged five members of QQAAZZ. One additional conspirator, a Russian national, was arrested by criminal complaint in late March 2020 while visiting the United States, bringing the total number of charged defendants to 20.
U.S. Government Privacy Watchdog Asked to Investigate Surveillance of Black Lives Matter (Gizmodo Australia) A group of Democratic lawmakers on Thursday urged the U.S. government’s privacy and civil liberties watchdog to launch an investigation into claims of government surveillance at protests against police violence and racial inequality spurred this year by the death of George Floyd in Minneapolis police custody. Citing concerns that U.S....
UK’s ICO reduces British Airways data breach fine to £20M, after originally setting it at £184M (TechCrunch) One of the biggest data breaches in UK corporate history has been closed off by regulators not with a bang, but a whimper. Today the Information Commissioner’s Office, the UK’s data watchdog, announced that it would be fining British Airways £20 million ($25.8 million) for a data breach…
Anthem Agrees to $48 Million Multi-State Settlements Over 2014 Data Breach (JD Supra) Health insurer Anthem, Inc. has finally reached a settlement with a coalition of 41 states plus the District of Columbia, and a separate settlement...
OCC Fines Morgan Stanley Units for Data Security Incidents (Wall Street Journal) The Office of the Comptroller of the Currency, which regulates Morgan Stanley Bank NA and Morgan Stanley Private Bank NA, announced the penalty on Oct. 8. In both cases, sensitive information may have been left on decommissioned hardware.
C-SPAN suspends Steve Scully after he says he lied about his Twitter account being hacked (Washington Post) The host came forward with an explanation for a mysterious tweet about Trump ahead of a since-scrapped presidential debate.
To scan or not to scan… has GDPR been forgotten amidst the pandemic? (IBB Law) As it seems with all emergencies, the COVID pandemic has shown how quickly entire industries can evolve when the only...
When Dia actor Dheekshith Shetty fell prey to cybercriminals (The Times of India) The Dia actor says that the link seemed genuine and he clicked on it