Cyber Attacks, Threats, and Vulnerabilities
US Cyber Command exposes new Russian malware (ZDNet) Together with CISA and the FBI, US Cyber Command wish Russian state hackers a "Happy Halloween!"
Latest Cyber Attacks Disinformation, Not Voting System Breaches (LA Progressive) Cyber Attacks - After murky high-profile media coverage, details emerge that question whether Iran was even involved.
The voting technology problems that could trigger panic at the polls (POLITICO) From malfunctions to server outages, plenty could go wrong in key states Tuesday — and spark false rumors that could make things even worse.
FBI, Homeland Security detail how Iranian hackers stole US voter data (Yahoo) The FBI and Homeland Security's CISA have detailed how Iranian hackers stole US voter info, including by exploiting badly configured websites.
FBI: How Iranian hackers stole voter info from state election sites (BleepingComputer) DHS CISA and the FBI today shared more info on how an Iranian state-sponsored hacking group was able to harvest voter registration info from U.S. state websites, including election sites.
Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data (CISA) Analysis by CISA and the FBI indicates this actor scanned state websites, to include state election websites, between September 20 and September 28, 2020, with the Acunetix vulnerability scanner (Active Scanning: Vulnerability Scanning [T1595.002]). Acunetix is a widely used and legitimate web scanner, which has been used by threat actors for nefarious purposes. Organizations that do not regularly use Acunetix should monitor their logs for any activity from the program that originates from IP addresses provided in this advisory and consider it malicious reconnaissance behavior.
Back to the Future: Inside the Kimsuky KGH Spyware Suite (Cybereason) The Cybereason Nocturnus Team has been tracking a North Korean cyber espionage group known as Kimsuky and has identified a new spyware suite along with new attack infrastructure.
Beware a New Google Drive Scam Landing in Inboxes (Wired) Scammers are luring people into Google Docs in an attempt to get them to visit potentially malicious websites.
New Wroba Campaign Is Latest Sign of Growing Mobile Threats (Dark Reading) After years of mostly targeting users in Japan, Korea, and other countries in the region, operators of the Trojan expanded their campaign to the US this week.
Google’s Project Zero discloses Windows 0day that’s been under active exploit (Ars Technica) Security flaw lets attackers escape sandboxes designed to contain malicious code.
Intelligence Briefing | Trickbot Ransomware (SentinelOne Inc) SentinelLabs Research Provides Evidentiary Findings &
Further IOCs to Substantiate FBI Alert AA20-302A
Gold seller JM Bullion hacked to steal customers' credit card (BleepingComputer) Precious metal online retailer JM Bullion has disclosed a data breach after their site was hacked to include malicious scripts that stole customers' credit card information.
Gold Bullion Seller Hit by Magecart Attack (Infosecurity Magazine) JM Bullion waited several months to inform customers
Isentia's breach and its impact on government departments (Includes interview) (Digital Journal) The media monitoring firm Isentia in Australia has been hit by a ransomware attack. What does this mean for the company's work with government departments and the Australian Stock Exchange?
Sonoma Valley Hospital’s ‘security incident’ was Russian ransomware attack (Sonoma Index-Tribune) Sonoma Valley Hospital’s internet interruption that started Oct. 11 has now been identified as a cyberattack, likely caused by Russian-controlled ransomware that has attacked six hospitals across the country, according to reports.
FBI, DHS warn of hospital cyberattacks as Ryuk ransomware wakes from hibernation (Healthcare Dive) The malware that hit more than 250 Universal Health Services hospitals last month is poised for another onslaught, federal officials warned.
Over 1M Lazada RedMart accounts sold online after data breach (BleepingComputer) Singapore's largest online grocery store Lazada Redmart has suffered a data breach after 1.1 million user accounts were put up for sale on a hacker forum.
Phishing JavaScript Obfuscation Techniques Soars (Akamai) In our previous blogs, first where we explained JavaScript Obfuscation techniques and introduced a detailed overview on how JavaScript is being used to obfuscate page content to make phishing attacks and other web scams as evasive as possible; followed by...
Research Report: Florida Ransomware Incidents 2016-2019 (Cyber Florida) October 28, 2020, Tampa, FL: Ransomware continues to be a major threat to public and private sector institutions across the country. In 2019, the nation saw a dramatic increase in attacks targeting public entities, a trend that, unfortunately, continues to this day. This in-depth technical report, penned by Ryan Haggard, a graduate student at the
Saskatchewan Polytechnic cancels classes due to cyber attack (Prince Albert Daily Herald) The Prince Albert Daily Herald is Prince Albert's only employee owned and operated, community focused daily Newspaper.
Report: Home Depot Canada error exposes data of hundreds of customers (Chain Store Age) Home Depot Canada has confirmed it accidentally sent emails containing private customer information to the wrong recipients.
Study: With Increase in Remote Hiring, Employers Voice Concerns Over Identity Fraud During Hiring Process (Metro Atlanta CEO) Sterling, a leading provider of background and identity services, released a new whitepaper, The State of Identity Verification. Authored in partnership with HR.com's Research Institute, the whitepaper reveals that a large majority of organizations (80%) indicate it is possible that they have experienced employee or candidate identity (ID) fraud. Furthermore, there are various concerns about the quality and accuracy of employee and candidate ID data.
Security Patches, Mitigations, and Software Updates
()
Cyber Trends
Stealthbits Predicts 2021 to be the Year of the Black Swan Event (BusinessWire) Stealthbits predicts cybersecurity challenges in privacy regulations, outsourcing and ransomware will trigger 2021 Black Swan event
Rising Ransomware Breaches Underscore Cybersecurity Failures (Dark Reading) Ransomware's continued success speaks volumes about what's at stake for businesses and people, and, perhaps, the cybersecurity industry's inability to adapt quickly enough to protect everyone.
Mass. internet company sees spike in traffic to malware websites (WCVB) Cambridge-based Akamai says between March and May, as internet use at home skyrocketed, the company saw a 447 percent spike in devices going to malware sites.
No faith (The Eagle Times) So should we be concerned?
PCI DSS Compliance Flagged as Major Concern in Verizon Business Report (Comforte) According to a recent report from Verizon, PCI compliance is still a major concern for many companies.
2020’s nastiest malware revealed by Webroot (iTWire) Webroot has released its annual list of the Nastiest Malware, "revealing phishing, botnet attacks and ransomware as 2020’s most vicious cybersecurity threats". Webroot. It bills itself as securing businesses and individuals worldwide with threat intelligence and cyber resilience, with t...
The Internet Won’t Be the Same After Trump (The Atlantic) How the president changed life online—for better and for worse
Biggest influencers in cybersecurity in Q3 2020: The top ten (Verdict) The top influencers in cybersecurity revealed based on their performance and engagement online using research from GlobalData’s Influencer platform.
New 2020 Healthcare Threat Landscape Report (Proofpoint) The COVID-19 pandemic represent the largest public health crisis in a century. The healthcare industry has quickly adapted to what is both a medical and business challenge. But unfortunately, the bad guys have also adapted.
2020 Election Threats: An Overview of Our Research (Proofpoint) In January 2020, Proofpoint researchers established an internal working group tasked with hunting for threats surrounding the 2020 US elections.
Marketplace
Denver app security startup StackHawk closes $10M Series A funding (Colorado Inno) With a successful beta at its back and paying customers onboard, Denver application security startup StackHawk announced Tuesday that it has raised $10 million in Series A funding.
French scale-up Odaseva raises $25 million to continue global expansion (Tech.eu) French SaaS company Odaseva has raised $25 million in Series B funding to continue growing its data governance platform for enterprise. The round was led by Eight Roads Ventures with new investor F-Prime Capital and included previous backers Partech, Salesforce Ventures and Serena. “The Odaseva team started their journey focused on a major problem for […]
Accel-backed Eagle Eye Networks Brings In $40M Series E For Video Surveillance (Crunchbase News) Eagle Eye is leading the charge in the transition of video surveillance to the cloud.
Parsons to Acquire Braxton Science & Technology Group (AiThority) Parsons Corporation announced that it has entered into a definitive agreement to acquire Braxton Science & Technology Group, LLC (BSTG)
Three Law Firms Guide as Francisco Buys Raytheon Cyber Firm (Bloomberg Law) Paul Hastings, Kirkland & Ellis, and Davis Polk & Wardwell advised on a deal in which California-based Francisco Partners agreed to acquire Texas-based cyber security solutions provider Forcepoint from defense contractor Raytheon Technologies Corporation, according to a statement.
Bitglass Named a Leader in Gartner’s Magic Quadrant for CASBs for Third Consecutive Year (Yahoo) Bitglass, the Total Cloud Security Company, announced today that it has been named a Leader in the 2020 Gartner Magic Quadrant for Cloud Access Security Brokers (CASBs), marking the third year in a row that the company has been recognized in this quadrant. Bitglass was named a Leader for its completeness of vision and its ability to execute in the CASB market.
Forget Fastly: Akamai Technologies Is a Better Edge Computing Stock (The Motley Fool) Both edge computing specialists are poised to thrive, but Fastly's stock price corresponds to phenomenal long-term expectations.
Why Fortinet Shares Fell as Much as 9.5% On Friday (The Motley Fool) The cybersecurity veteran delivered a strong third-quarter report and impressive guidance for the next quarter, but the stock still got a haircut on a brutal day for tech stocks overall.
Booz Allen withstands Covid impacts on the back of federal business (Washington Business Journal) The McLean technology and cybersecurity company posted 11% revenue gains for the quarter, mitigating the loss of contract fee in its defense and intelligence business.
Apple denies Pennsylvania ballot verification app days before election (AppleInsider) Apple on Friday rejected an app designed to ensure ballots are being correctly counted in Pennsylvania, saying the software violates App Store privacy guidelines.
Twitter Unlocks New York Post Account After Two-Week Standoff (Wall Street Journal) Twitter said it was reinstating the New York Post’s account after the social-media company changed the policy that had kept the newspaper frozen out of the platform for more than two weeks.
Instagram will disable a feature that could be used to sow election misinformation (CNBC) Instagram announced it will temporarily remove the recent tab from hashtag pages to reduce the spread of misinformation in the lead up to the U.S. election.
Facebook says it will limit the use of the 'Save our Children' hashtag, but not 'Save the Children,' after QAnon co-opted the anti-trafficking movement (Business Insider) Facebook will limit the use of the QAnon conspiracy theory's "Save our Children" hashtag. It will not limit "Save the Children."
Facebook Quietly Suspended Political Group Recommendations Ahead Of The US Presidential Election (BuzzFeed News) “This is a measure we put in place in the lead-up to Election Day. We will assess when to lift them afterwards, but they are temporary."
Trump allies, largely unconstrained by Facebook’s rules against repeated falsehoods, cement pre-election dominance (Washington Post) From a pro-Trump super PAC to the president’s eldest son, conservatives have blown past Facebook’s fact-checking guardrails, with few consequences.
Biden camp slams Facebook as thousands of ads remain blocked in final week (POLITICO) Biden's campaign said ads that had previously been approved by the tech giant have been erroneously removed.
Wikipedia's Plan to Resist Election Day Misinformation (Wired) The encyclopedia is determined to emerge from the insanity of a pandemic and a polarizing election with its information and reputation intact.
()
Singtel-owned Trustwave names former DXC and HPE exec as new CEO (Channel Asia) Singtel has appointed Eric Harmon as CEO of cyber security division Trustwave, replacing Arthur Wong who has led the company since 2018.
Products, Services, and Solutions
SecZetta and SecurePoint Announce Partnership to Strengthen Third-Party Identity Lifecycle and Risk Management in Africa (SecZetta) Together, SecZetta and SecurePoint provide clients with an end-to-end solution for third-party identity lifecycle and risk management, placed into the context of their broader IAM and risk management practices.
Sophos launches rapid response service to neutralise cyber attacks (iTWire) Global cyber security vendor Sophos has launched a service known as Sophos Rapid Response, which it claims is an industry-first, fixed-fee, remote incident response service that can find and neutralise active cyber attacks right through the 45 days of the service. In a statement, the company said th...
Palo Alto and PwC team up to boost cybersecurity defenses (ITP) A new solution will combine MDR services delivered by PwC and Palo Alto combines the various advisory services, analytics, and modern, AI-driven detection and response capabilities and metrics
KnowBe4 Offers Work From Home Resource Centre (PR Newswire) KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced it has launched a...
Fime & Bridge partner to accelerate open banking API compliance (Fime & Bridge) Fime and Bridge powered by Bankin’’, one of Europe’s leading open banking solutions, have partnered to help banks fast-track the functional and security testing of their APIs to achieve exemption from the fall back mechanism under thePSD2 regulation.
Sophos’ new service can actively neutralise cyber attacks (ITP) Sophos Rapid Response identifies first use of buer malware dropper to deliver ransomware in new wave of Ryuk attacks that hit healthcare facilities
Cloudflare rolls out zero trust security for distributed workforces (Data Center News) After decades of building legacy corporate networks, organisations are left with clunky systems designed to protect their now empty offices.
Your Destination Is Ahead: SailPoint's Latest SaaS Updates Accelerate Your Journey to Autonomous Identity (BusinessWire) SailPoint today announced a series of planned updates to its SaaS identity platform to enable an enterprise's identity processes.
Aryaka Announces Strategic Agreement with SYNNEX Corporation to Deliver Managed WAN as-a-Service to Enterprises (BusinessWire) Aryaka Announces Strategic Agreement with SYNNEX Corporation to Deliver Managed WAN as-a-Service to Enterprises
Technologies, Techniques, and Standards
DHS plans largest operation to secure U.S. election against hacking (Washington Post) A 24/7 war room will operate from Election Day until local officials are confident in the results. It shows just how far DHS’s cybersecurity agency has come since 2016.
A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak (Red Canary) These 10 detection opportunities helped detect and prevent a ransomware outbreak at a medical center.
US Cyber Command advances on platform to consolidate its myriad tools and data (C4ISRNET) Cyber Command's Unified Platform will serve as the connective tissue for all of Cyber Commands systems and capabilities.
Cyber warriors are getting new teammates: information operators (C4ISRNET) To better combat influence operations, and conduct them, the military services are integrating information operations personnel with cyber teams.
Design and Innovation
Defense Innovation Unit out to prove AI, automation can keep up with the speed of cyber (Federal News Network) The Defense Innovation Unit and the Air Force are testing three software tools using advanced technologies to sort through increasing cyber threats.
4 Startups Tapped to Pilot Capabilities at Defense’s 5G Living Lab (Nextgov.com) At some U.S. military bases, next generation connectivity is right around the corner.
Fact Checks and Context for Wayback Machine Pages (Internet Archive Blogs) Fact checking organizations and origin websites sometimes have information about pages archived in the Wayback Machine. The Internet Archive has started to surface some of these annotations for Wayback Machine users. We are attempting to preserve our digital history but recognize the issues around providing access to false and misleading information coming from different sources. […]
Did Satoshi choose to publish Bitcoin's whitepaper on Halloween as another Easter egg? (Cointelegraph) Things are not as they appear when it comes to Bitcoin
Academia
Liberty teams secure successful finishes in national cyber defense competition (Liberty News) Several members of Liberty University’s Cyber Defense Team and Cyber Defense Club landed among the top scorers in one of the country’s largest cyber defense competitions that included over 1,000 teams. Seven teams of students and one team of alumni...
Legislation, Policy, and Regulation
Dissuasion in Cyberspace: The Limitations of Classical Deterrence Theory (Small Wars Journal) Western society’s connectivity is accompanied by a new national security risk: cyberattacks. To a degree almost unimaginable a decade earlier, disruptive and destructive cyberattacks have become central to multi-domain warfare in interstate conflict. Our critical infrastructure, banking, and military systems rely on connectivity in cyberspace. Paradoxically, those who are at the forefront of these emerging technologies are also the most susceptible to attack.
Europeans Hope for Better Ties With U.S. on Data Privacy After Election (Wall Street Journal) Europeans officials and privacy experts hope the U.S. presidential election opens the door to improving relations over data privacy that grew shaky in recent years after a series of court challenges to American intelligence programs.
Singapore to work with UN to help nations implement norms for responsible cyber behaviour (The Straits Times) Building on a system developed by Asean, the Republic and the United Nations are taking steps to help create a safe digital future for the world. Read more at straitstimes.com.
India calls for 'coordinated' response on states supporting terror & radicalism amid French action (DNA India) India calls for 'coordinated' response on states supporting terror & radicalism amid French action - India was the first non-western country to publically back French President Macron as he faced negative comments by Turkey's Erdogan and Pakistan.
Ukraine’s controversial cybersecurity deal with Huawei (Rappler) From the US to Europe, the Chinese telecoms giant is facing sanctions and suspicion – but Kyiv is playing a different game
Superpowers embroiled in Cyprus 5G turf war (Financial Mirror) Cyprus’ 5G network rollout is caught up in a tug-of-war between two superpowers, China, and the US, locked in a battle for technological supremacy and geopolitical influence. China has accused the US of openly lobbying Cyprus to join its camp against Chinese vendors, such as tech giant Huawei and other telecom firms, which they deem
Romania Rejects Partnering With China's Huawei On 5G, Prime Minister Says (RadioFreeEurope/RadioLiberty) Romanian Prime Minister Ludovic Orban says Chinese tech giant Huawei “does not meet [security] conditions” to be part of building 5G networks in the country.
Exploding the myth of Huawei’s 5G security risk (Asia Times) BANGKOK – Once known for shoddy manufacturing of low-cost goods for American markets, China has grown against the odds into a true innovation powerhouse. Now, as the American economy descends…
Republicans Make an Unlikely Closing Pitch: Amend Section 230 (Wired) Mark Zuckerberg, Sundar Pichai, and Jack Dorsey will testify Wednesday on a niche internet law less than a week before Election Day. How did we get here?
The Cybersecurity 202: CISA’s political independence from Trump will be an Election Day asset (Washington Post) During four years in which government agencies have been increasingly manipulated to serve President Trump’s aims, the agency tasked with protecting the 2020 election against hacking has managed to steer clear of partisan politics.
Microsoft is mad as hell. This may make it worse (ZDNet) Recently, Microsoft expressed its extreme frustration at the American politicians and their inability to make things happen. New data shows Microsoft isn't alone, which may be more frustrating.
Litigation, Investigation, and Law Enforcement
ICE, IRS Explored Using Hacking Tools, New Documents Show (Vice) A cache of documents shared with Motherboard show much broader interest from the U.S. government in using malware in criminal investigations.
Marked for death on Facebook (Rest of World) Filipino activists and journalists want the social media company to tackle deadly disinformation coming from Rodrigo Duterte’s government
Meng Wanzhou: Questions over Huawei executive’s arrest as legal battle continues (BBC News) More details emerge as a legal battle over the extradition of Meng Wanzhou continues in Canada.
Is US case against Huawei a personal vendetta? (Asia Times) While the Joe Biden campaign has criticized US President Donald Trump’s China policy as “erratic and impulsive,” in many respects Trump has taken many positions that are in line with prior US admin…
How Hunter Biden's laptop, text messages, and emails became a major campaign issue (Fox 45 Baltimore) Former Vice President Joe Biden’s son Hunter Biden is now a major character in the 2020 election days before voters decide who will lead the country over the next four years.
Russian Tech Exec Loses Libel Case Over Trump Dossier Leak (Law360) A Russian technology executive lost his libel case against the author of the infamous Trump dossier on Friday, as a judge said that even though the hacking allegations within the report were defamatory he had not shown that the former British intelligence officer behind the document leaked it to BuzzFeed.
US court tells Apple to pay $503 million over patent violation (Computing) Apple told the court that it owed the claimant no more than $113 million
Marriott Hotels fined £18.4m for data breach that hit millions (Yahoo News) Up to 339 million people may have been hit in a cyber-attack on a chain later bought by Marriott.
UK watchdog reduces Marriott data breach fine to $23.8M, down from $123M (TechCrunch) The U.K.’s ICO has reduced the size of a data breach penalty for hotel business Marriott — dropping it to £14.4 million (~$23.8 million) in a final penalty notice, down from the £99 million ($123 million) figure that the watchdog initially said it would levy in July 2019. The fine relat…
ICO fines Marriott International Inc £18.4million for failing to keep customers’ personal data secure (ICO) The ICO has fined Marriott International Inc £18.4million for failing to keep millions of customers’ personal data secure.
Gang of cyber thug busted, 3 held (The Pioneer) Kwarsi police have arrested three people, including two Nigerians of the international cyber thug gang in the connection of cheating people by making them facebook friends from Delhi. The gang looted Rs 31.23 lakh from a teacher in the Kishanpur area of Aligarh. On the complaint of this teacher,
TikTok Influencers Win Block On Trump's App Ban (Law360) A Pennsylvania federal court on Friday granted an injunction to three TikTok "influencers" blocking the Trump administration's pending ban on the app, saying the ban likely violates a carveout to the national security law that it was issued under.
U.S. will 'vigorously defend' TikTok executive order despite ruling (Reuters) The U.S Commerce Department said on Sunday it would "vigorously defend" an executive order that seeks to bar transactions with Chinese-owned short video-sharing app TikTok after a federal judge halted the action.