Ransomware alert. Cybersecurity's "water treatment model." Managing and transferring risk. More cyberstalking guilty pleas.

Cyber Attacks, Threats, and Vulnerabilities

Overstating the foreign threat to elections poses its own risks, U.S. officials and experts say (Washington Post) Iranian government-backed hackers last week pulled off a feat few were expecting. They became the first foreign adversary to interfere in the 2020 election by sending threatening emails to voters.

Russian cyber actors are targeting national parliaments and ministries of foreign affairs, US agencies warn (Computing) Hackers used ComRAT and Zebrocy malware in these attacks

US shares info on Russian malware used to target parliaments, embassies (BleepingComputer) US Cyber Command today shared information on malware implants used by Russian hacking groups in attacks targeting multiple ministries of foreign affairs, national parliaments, and embassies.

US Cyber Command details implants used in attacks on parliaments and embassies (Security Affairs) US Cyber Command published technical details on malware implants used by Russia-linked APTs on multiple parliaments, embassies US Cyber Command shared technical details about malware implants employed by Russian hacking groups in attacks against multiple ministries of foreign affairs, national parliaments, and embassies. Experts from the US Cyber Command’s Cyber National Mission Force (CNMF) unit […]

MAR-10310246-1.v1 – ZEBROCY Backdoor (CISA) This Malware Analysis Report (MAR) is the result of analytic efforts between the Cybersecurity and Infrastructure Security Agency (CISA) and the Cyber National Mission Force (CNMF). The malware variant, known as Zebrocy, has been used by a sophisticated cyber actor. CISA and CNMF are distributing this MAR to enable network defense and reduced exposure to malicious activity. This MAR includes suggested response actions and recommended mitigation techniques.

MAR-10310246-2.v1 – PowerShell Script: ComRAT (CISA) This Malware Analysis Report (MAR) is the result of analytic efforts between the Cybersecurity and Infrastructure Security Agency (CISA), the Cyber National Mission Force (CNMF), and the Federal Bureau of Investigation (FBI). The malware variant, known as ComRAT, has been used by Turla, a Russian-sponsored Advanced Persistent Threat (APT) actor. CISA, CNMF, and FBI are distributing this MAR to enable network defense and reduced exposure to malicious activity. This MAR includes suggested response actions and recommended mitigation techniques.

Hackers Could Unleash Ransomware Attacks on US Health System, US Officials Warn (Voice of America) Cyber criminals could soon unleash a wave of ransomware attacks targeting U.S. hospitals and health care providers, according to a statement released by three federal agencies, including the FBI. In the statement, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) warned they had “credible information of an increased and imminent cybercrime threat to U.S.

Advisories: “Brazen” Russian ransomware hackers target hundreds of US hospitals (Ars Technica) The threat comes as virus cases spike and the election nears the final stretch.

US hospitals under 'imminent threat' of ransomware attack, say CISA and the FBI (Computing) 'Brazen, heartless and disruptive threat actors' deliberately targeting health facilities during the pandemic

Ransomware Hits Dozens of Hospitals in an Unprecedented Wave (Wired) As Covid-19 infections spike in many parts of the US, malware gangs are wreaking havoc on the health care system.

Hackers Hit Hospitals in Disruptive Ransomware Attack (Wall Street Journal) Medical centers across the U.S. are bracing for aggressive cyberattacks after security companies and the federal government warned that Russian cybercriminals had hobbled operations at several hospitals over the past week.

Florida hospitals on high alert as feds warn of cyber attacks (Tampa Bay Times) “Florida’s hospitals are facing a significant and serious threat with the potential for damaging consequences and massive disruption,” said Florida Hospital Association President and CEO Mary Mayhew

More hospitals hit by ransomware as feds warn about cyberattacks (NBC News) Federal agencies had warned of "an increased and imminent cybercrime threat" to health care providers, particularly from a gang that uses a strand of ransomware called Ryuk.

Brooklyn & Vermont US hospitals hit by ransomware attacks (Security Affairs) Wyckoff Heights Medical Center in Brooklyn and the University of Vermont Health Network are the last victims of the Ryuk ransomware operators. Ryuk ransomware operators continue the target the US healthcare industry, the last victims in order of time are the Wyckoff Heights Medical Center in Brooklyn and the University of Vermont Health Network. The […]

UVM Health Network cyber-attack won’t affect most appointments (Local 22/44 News) So far, no patients’ records appear to have been compromised in a cyber-attack discovered Wednesday afternoon.

Over 100,000 machines remain vulnerable to SMBGhost exploitation (WeLiveSecurity) While Microsoft issued a patch for the SMBGhost vulnerability in SMB in March, over 100,000 machines remain susceptible to attacks exploiting the flaw.

Facebook and Instagram had missteps on Nigeria EndSARS protest, but Twitter boosted it (Quartz Africa) “It seems clear the social media platform’s algorithms are completely falling to differentiate between genuine posts and fake news."

Buer Loader “malware-as-a-service” joins Emotet for ransomware delivery (Naked Security) A relative newcomer in the “malware-as-a-service” scene is starting to attract the big-money ransomware criminals.

Domain Parking: A Gateway to Attackers Spreading Emotet and Impersonating McAfee (Unit42) Domain parking might appear harmless at first glance, but parked domains can redirect visitors to unwanted landing pages or turn entirely malicious.

Microsoft US election warning: Attackers hit Windows 10 Netlogon flaw (ZDNet) Microsoft gets reports about attacks on the Netlogon protocol bug in Windows 10.

Cyber actors are attempting to exploit Windows Zerologon and Oracle security flaws, researchers warn (Computing) The vulnerabilities have already been addressed but many systems remain unpatched

BEC Attacks Targeting Energy and Infrastructure Rise by 93% (Infosecurity Magazine) Overall BEC attacks grew by 15% in Q3 compared with Q2

A change for the better – process sensors are now important for control system cyber security (Control Global) Last year, Dragos’ Joe Slowak and Rob Lee publicly pushed back on the need to address process sensors. Apparently, Dragos has reversed their position based on the results from a LOGIIC project “Learn why Sensors Matter Within Industrial Cybersecurity”. This work can be important if the Dragos findings can help change the mindset of those in the OT community who continue to ignore these critical control system devices.

Mitsubishi Electric MELSEC iQ-R, Q and L Series (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R, Q and L Series Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition in the Ethernet port on the CPU module.

Mitsubishi Electric MELSEC iQ-R (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Session Fixation, NULL Pointer Dereference, Improper Access Control, Argument Injection, Resource Management Errors 2.

Mitsubishi Electric MELSEC iQ-R Series (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R Series Vulnerability: Uncontrolled Resource Consumption 2.

WECON LeviStudioU (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: WECON Technology Co., Ltd (WECON) Equipment: LeviStudioU Vulnerabilities: Stack-based Buffer Overflow, Improper Restriction of XML External Entity Reference 2.

Top GOP official says cyber attackers stole $2.3 million from Republican Party of Wisconsin (Milwaukee Journal Sentinel) Chairman Andrew Hitt said the party discovered the attack Oct. 22 and by Friday realized $2.3 million was taken.

Wisconsin Republican Party says hackers stole $2.3 million (AP NEWS) Hackers have stolen $2.3 million from the Wisconsin Republican Party's account that was being used to help reelect President Donald Trump in the key battleground state, the...

Scammers Spoof MAGA Hat Vendors to Steal $2.3m from Republicans (Infosecurity Magazine) Wisconsin Republican Party appears to have been hit by a BEC attack

Steelcase furniture giant hit by Ryuk ransomware attack (BleepingComputer) Office furniture giant Steelcase has suffered a ransomware attack that forced them to shut down their network to contain the attack's spread.

Steelcase hit with cyber attack (Woodworking Network) Steelcase, the largest contract furniture in North America, was hit with a cyberattack October 22, the company revealed in an SEC filing.

Council apologises for data breach (Government News) A Melbourne council accidentally published personal information about hundreds of residents on a public website.

Chatham County hit by cyber attack. Systems rendered ‘inoperable’ (News & Observer) An unidentified “cyber incident” breached Chatham County’s communication systems Wednesday, County Manager Dan LaMontagne said.

Chenango County cyber attack (WIVT - NewsChannel 34) With election day looming, a cyber attack on Chenango County computers nearly two weeks ago is raising concerns over voting this year.

Cyber Trends

Recent Threats Highlight the Importance of Cybersecurity in Healthcare (Forescout) Early on October 28, we got to know that personal and medical details – including names, social security numbers, and diagnostics images – of more than 3 million U.S. patients are available online, unprotected and accessible to anyone who knows how to search for it. Later that same day, the Cybersecurity and Infrastructure Security Agency […]

The top 10 fastest-growing cybersecurity skills (Security Magazine) A new examination of the top 10 fastest-growing cybersecurity skills shows employers are ready to pay more for workers who can prevent attacks before they occur by building a secure digital ecosystem from the ground up, according to data from Burning Glass Technologies.

Interview: Matt Drake, Director, Cyber Intelligence, SAIC (Infosecurity Magazine) Matt Drake discusses nation state attempts to influence this year's election

Cybersecurity as we know it will be 'a thing of the past in the next decade,' says Cloudflare's COO, as security moves towards a 'water treatment' model (Business Insider) Cybersecurity attacks have been on the rise, but the technology to fight them is improving, says Cloudflare COO Michelle Zatlyn.

Marketplace

Lucidum Raises $4M Seed Investment to Automate Asset Discovery and Eliminate Blind Spots Across Cloud, Security and IT Operations (BusinessWire) Lucidum launched with funding from GGV Capital and Silicon Valley CISO Investments to eliminate blind spots across cloud, security and IT operations.

Parsons To Acquire Braxton Group, Expanding Capabilities In Space (Defense Daily) Parsons Corp. on Thursday said it has agreed to acquire Braxton Science & Technology Group (BSTG) for $300 million in a deal that expands its capabilit

The Cyber Charge: Legal Departments Follow Risk Straight Into Cybersecurity (Corporate Counsel) In-house legal departments are taking on a bigger role in their organizations' cybersecurity posture, but attorneys still need to know their limits.

Does Your Cyber Insurance Cover a State-Sponsored Attack? (Harvard Business Review) Decisions you make today will determine whether you’re facing financial chaos — or just a bad day at the office.

Is Cybersecurity Awareness Month worth it? (CSO Online) Cybersecurity awareness month has never gained traction beyond academia and the public sector. It’s time for all parties to commit or quit.

Cybersecurity firm helping to protect elections in Iowa (KWQC) "Iowans should remain confident that the state and its partners are taking all the necessary steps to protect the sanctity of their vote."

My Resignation From The Intercept (Glenn Greenwald) The same trends of repression, censorship and ideological homogeneity plaguing the national press generally have engulfed the media outlet I co-founded, culminating in censorship of my own articles.

Products, Services, and Solutions

Cloud Security Financial Services (Orca Security) Orca Security announces unique capabilities built specifically to respond to the public cloud security and compliance needs of global financial services customers

Securonix Extends Analytics-Driven Security Monitoring to Unmanaged and IoT Devices with Armis (BusinessWire) Partnership Enhances Visibility of Connected Devices and Improves Detection and Response to Unmanaged and IoT-Based Attacks

Volterra Achieves PCI DSS Certification (Volterra) Volterra distributed cloud services platform now has top level certification (Level 1) to ensure payment security and compliance for customers

ABB teams up with Forescout for cyber security enhancements (International Water Power) ABB has announced it is to integrate security solutions provider Forescout's cyber technology within its portfolio of industrial expertise and cyber security solutions to enhance operators’ abilities to detect known and unknown...

Gard partners with Nixu to take identity and access management to the next level (Cision) Gard, a global marine insurance provider, partners with cybersecurity company Nixu to implement a modern and secure cloud-based identity and access management solution.

Technologies, Techniques, and Standards

Cybersecurity Awareness Month: If You Connect IT, Protect IT. (NIST) This week’s blog post highlighting Cyber

Counting Queries: Extracting Key Business Metrics from Datasets (NIST) This post is part of a series on differential privacy.

NARUC releases cybersecurity tabletop exercise guide and Gridex V case study (Security Magazine) The National Association of Regulatory Utility Commissioners Center for Partnerships & Innovation announced the release of the Cybersecurity Tabletop Exercise Guide and Public Utility Commission Participation in GridEx V: A Case Study. These new publications highlight the need for public utility commissions and utilities to coordinate on cybersecurity preparedness efforts.

Cybersecurity Tabletop Exercise Guide (National Association of Regulatory Utility Commissioners) NARUC developed the Cybersecurity Manual, a comprehensive suite of cybersecurity tools, to help public utility commissions (PUCs) gather and evaluate information from utilities about their cybersecurity risk management and preparedness. These evaluations facilitate well-informed commission decisions regarding the effectiveness of utilities’ cybersecurity policies, practices, and related expenditures. This Cybersecurity Tabletop Exercise Guide is one of five tools in the Cybersecurity Manual.

Public Utility Commission Participation in GridEx V: A Case Study (National Association of Regulatory Utility Commissioners) A catastrophic physical or cyber attack on the electric grid can have devastating cascading consequences. When the lights go out or fuel stops moving for a prolonged period, the nation’s security and public health and welfare are in jeopardy. A timely, coordinated response across an array of critical stakeholders is imperative to ensure a rapid recovery. Planning and preparation are necessary components to an effective response and exercises are important vehicles for testing stakeholder readiness.

Risk Management in the Pandemic (Infosecurity Magazine) An adequate cyber risk management enables organizations to recognize and control a risky and an uncertain situation

How to identify a cyberattack and protect your business from hackers (ITProPortal) This article will be a guide to the indications that hackers have penetrated a system.

DHS plans largest operation to secure U.S. election against hacking (Washington Post) A 24/7 war room will operate from Election Day until local officials are confident in the results. It shows just how far DHS’s cybersecurity agency has come since 2016.

The US military is targeting foreign actors to defend the presidential election (C4ISRNET) Cyber Command is providing its unique authorities to operate outside the United States to share intelligence and act to disrupt actors, if necessary, as a means of protecting the integrity of the 2020 presidential election.

Cyber Command's Role in Election Defense: Important, But Not a Panacea (Lawfare) Cyber Command plays a part of the U.S.’s election defense, but other entities are better positioned to defend against certain election interference threats.

Design and Innovation

Facing Surge in Virus, European Countries Try to Fix Their Covid Apps (Wall Street Journal) Complaints include frightening alerts, privacy worries and scant uptake, while authorities have trouble gleaning useful data from the apps to track outbreaks.

Academia

Security Threats Facing Universities (Infosecurity Magazine) Universities weakened by COVID impact can be easy prey for cyber-attack; it’s time to fight back

Education Sector Facing Disproportionate Level of Spear-Phishing Attacks (Infosecurity Magazine) Education institutions have been targeted by more than 3.5 million spear-phishing attacks from June to September

UWF awarded $6 million grant to lead national cybersecurity workforce development program (Florida Trend) The University of West Florida will lead a coalition of 10 institutions designated as National Centers of Academic Excellence in Cybersecurity in establishing a program to address the critical national shortage of qualified cybersecurity professionals in the U.S. The National Security Agency selected UWF to oversee the program, which will launch in the spring and be funded by a two-year, $6 million...

Students can learn about cybersecurity at Oxnard College (Simi Valley Acorn) Oxnard College has established a new cybersecurity program that provides graduates with a certificate approved by the California Community Colleges chancellor's office. Starting with the spring 2

Legislation, Policy and Regulation

Coming Storms: The Return of Great-Power War (Foreign Affairs) Since the closing days of the Cold War, U.S. policymakers, pundits, international relations scholars, and policy analysts have argued that great-power war is a relic of a bygone age.

China's Personal Information Protection Law: Legislative Update (JD Supra) Long-awaited legislation in China—the Personal Information Protection Law of the People’s Republic of China—was released for public consultation on...

What the IoT Cybersecurity Improvement Act of 2020 means for the future of connected devices (Help Net Security) The IoT Cybersecurity Improvement Act of 2020 is a landmark accomplishment for the IoT industry but is hopefully only just the beginning.

DoD unveils electromagnetic spectrum superiority strategy (C4ISRNET) The new strategy outlines five strategic goals for achieving superiority in the electromagnetic spectrum.

Cybersecurity policy is a must in government (TechRepublic) One policy expert says cybersecurity measures should be an expected item that comes with every purchase, like the safety measures in your car.

Senate hauls Zuckerberg, Dorsey into hearing to yell at them about tweets (Ars Technica) Big Tech's scale causes real problems. Disingenuous posturing solves none of them.

Governors endorse interstate cyber assistance in defense bill (StateScoop) The National Governors Association backed a proposal that would allow National Guard units to respond remotely to cyber incidents across state lines.

Changing the Scope of the CCPA (Lexology) The CPRA significantly changes the types of “businesses” that are subject to the CCPA by amending the criteria (e.g., gross revenue, scope of data…

Want to collaborate on cyber? Just ask, city officials say (StateScoop) Getting state and local governments to work together is all about knowing who to call and being persistent about it, speakers said during an online conference.

Litigation, Investigation, and Enforcement

Facebook Antitrust Data-Hunt Gets Ground Rules From EU Court (Bloomberg) Facebook is suing EU over ‘irrelevant’ data demands in probes. Tech giant said data requests included risks to staff families.

Two Former eBay Employees Plead Guilty to Aggressive Cyberstalking Campaign Targeting Natick Couple (US Department of Justice) Two former employees of eBay, Inc. pleaded guilty today to their roles in a cyberstalking campaign targeting the editor and publisher of a newsletter that eBay executives viewed as critical of the company.

2 More Ex-EBay Workers Cop To Cyberstalking Charges (Law360) Two more former eBay workers on Thursday admitted to participating in a cyberstalking scheme to harass a Massachusetts couple who ran an e-commerce blog, bringing to five the number of defendants in the case who have entered guilty pleas.

ICO Slaps £250,000 Fine on Another Nuisance Call Company (Infosecurity Magazine) Reliance Advisory Limited made millions of unsolicited calls

Marriott Hit With £18.4 Million GDPR Fine Over Massive 2018 Data Breach (Forbes) The Information Commissioner's Office has hit Mariott International with an £18.4 million GDPR fine for failing to secure guests' personal details. This relates to a cyber attack that saw hackers access the data of 339 million guest records.

A Cautionary Tale of Data Breeches and the GDPR after Hacker Steals Extremely Sensitive Data of 40.000 Psychotherapy Patients (Lexology) In November 2018, a data security vulnerability in the systems of Vastaamo Oy (“Vastaamo”), a major provider of psychotherapy services in Finland, led…