Cyber Attacks, Threats, and Vulnerabilities
Statement from CISA Director Krebs Following Final Day of Voting (CISA) Following the final day of voting, Director of the Cybersecurity and Infrastructure Security Agency, Christopher Krebs, issued the following statement:
DHS Cyber Czar Says There’s ‘No Evidence’ Foreign Interference Changed Any 2020 Votes (The Daily Beast) Chris Krebs said no foreign powers were able to change American votes.
A Big 2020 Election Hack Never Came. Here’s Why (Defense One) America’s cyber defenders are getting more proactive — and more chatty.
Disinformation Now the Top Concern Following Hack-Free Election Day (Dark Reading) After an Election Day without foreign interference and cyberattacks, security experts turn their focus to disinformation.
Election Day was largely free from disruptive cyberattacks, as efforts shift to combating misinformation (TechCrunch) But Homeland Security's cybersecurity unit said "we're not out of the woods yet."
The 2020 Election Was Attacked, But Not Severely Disrupted. Here's How (NPR) Federal officials credit years of preparation and tough lessons from the Russian attack on the 2016 election for what they called a much better showing by government agencies at every level.
Facebook and Instagram notifications warn US users there’s no winner yet in presidential election (TechCrunch) Facebook and Instagram are running notifications in their respective apps informing U.S. users that the winner of the 2020 U.S. presidential election has not yet been determined. In large pop-ups appearing at the top of the Facebook and Instagram News Feeds, the notification states that “Vote…
QBot Trojan delivered via malspam campaign exploiting US election uncertainties (Malwarebytes Labs) Criminals won't pass a unique opportunity to leverage current events to deliver malware.
QBot phishing lures victims using US election interference emails (BleepingComputer) The Qbot botnet is now spewing U.S. election-themed phishing emails used to infect victims with malicious payloads designed to harvest user data and emails for use in future campaigns.
Malspam Campaign Milks Election Uncertainty (Threatpost) Emails try to lure victims with malicious documents claiming to have information about voting interference.
Newly discovered 'RegretLocker' ransomware targets Windows virtual machines (SiliconANGLE) Newly discovered 'RegretLocker' ransomware targets Windows virtual machines - SiliconANGLE
REvil Ransomware Operator Bids for KPot Stealer Source Code (SecurityWeek) The source code for the KPot information stealer was put up for auction, with the REvil ransomware operators apparently being the sole bidders
Sophos Uncovers Attackers Targeting Non-Governmental Organizations in Myanmar With New ‘KilllSomeOne’ Backdoor (GlobeNewswire) Operators Used Four Different DLL Side-Loading Scenarios To Install And Execute New Malware After Removing A Resident PlugX Backdoor Targets and Tools Suggest Adversaries are a Chinese APT Group
Cisco discloses AnyConnect VPN zero-day, exploit code available (BleepingComputer) Cisco has disclosed today a zero-day vulnerability in the Cisco AnyConnect Secure Mobility Client software with proof-of-concept exploit code publicly available.
SMTP Multipass - 7 Elements (7 Elements) 7 Elements discovered a vulnerability in Rackspace that exposed all its global hosted email customers to the potential malicious use of their email.
Emotet Attacks Continue to Soar as Botnet Spreads Globally (BankInfo Security) The number of attacks related to Emotet continues to spike after the dangerous botnet re-emerged over the summer with a fresh phishing and spam campaign, according
Google Forms Abused to Phish AT&T Credentials (Threatpost) More than 200 Google Forms impersonate top brands – including Microsoft OneDrive, Office 365, and Wells Fargo – to steal victims' credentials.
Law Firms' Reported Cyberattacks Are 'Tip Of The Iceberg' (Law360) Two recent high-profile data security incidents at BigLaw firms have once more drawn attention to law firms' cybersecurity vulnerabilities, and with the coronavirus pandemic forcing lawyers to adapt to a remote work environment, experts warn that the disclosed events are just the "tip of the iceberg" of such attacks.
5 Social Engineering Attacks to Watch Out For (The State of Security) Social engineers exploit the one weakness that is found in each and every organization: human psychology.
Global ransomware attacks surged by 110% at 34 million Year-on-Year (Atlas VPN) Ransomware attacks broke a two-year record in September of 2020. According to data analyzed by the Atlas VPN team, there were 34.11 million ransomware attacks detected this September — 110% more than the same period last year when 16.21 million attacks were recorded.
Not all cyberattacks are malware incidents - it didn’t take any lines of code to blow up a 27-ton generator (Control Global) Andy Greenberg from Wired wrote an interesting article, “How 30 lines of code blew up a 27-ton generator,” about the Aurora demonstration held on March 3, 2007, at the Idaho National Laboratory (INL).
Japanese Nuclear Regulator Suffers Cyber Attack (Silicon UK) Nuclear agency in Japan (the Nuclear Regulation Authority) reportedly suffers a cyber attack and switched off its email systems
Company that runs US illegal immigration detention centers discloses ransomware attack (ZDNet) Data for inmates and employees at three centers in California, Florida, and Pennsylvania was exposed in a ransomware attack on August 19.
Ransomware attacks hit U.S. hospitals (Axios) The escalation shows how unbound by moral considerations cyber criminals are when selecting their targets.
Another Indian pharmaceutical giant reports cybersecurity breach within two weeks of ransomware hack on Dr Reddy’s (Business Insider) Indian pharmaceutical company Lupin has confirmed an ‘information security incident’ that has affected multiple internal systems. The incident comes within
Vastaamo breach: Is blackmailing your customers the new extortion trend? (SC Media) The digital extortion attack against Vastaamo represents a significant escalation in tactics, as the culprits blackmailed individual psychotherapy patients.
Toy Manufacturer Mattel Discloses Ransomware Attack (SecurityWeek) American toy manufacturing giant Mattel this week revealed that it fell victim to a ransomware attack that impacted some of its operations
Researchers Find a Security Flaw With Microsoft Store Games (MakeUseOf) The exploit is a particularly nasty one, but there's an easy way to fix it.
Games in Microsoft Store Can Be Abused for Privilege Escalation on Windows (SecurityWeek) A recently patched privilege escalation vulnerability affecting Windows abuses Microsoft Store games
'Watch Dogs: Legion,' a game about hacking, may be victim of a hack (Engadget) Hackers claim to have leaked the source code for 'Watch Dogs: Legion' after threatening to share it.
Watch Dogs: Legion 558GB of Source Code Allegedly Leaked (NDTV Gadgets 360) Watch Dogs: Legion was released last week, but ransomware group called Egregor allegedly attained the source code in mid-October.
Capcom hacked. Resident Evil game developer discloses cyber attack (The State of Security) Japanese game developer Capcom has revealed that it suffered a security breach earlier this week which saw malicious hackers access its internal systems.
Japanese game dev Capcom hit by cyberattack, business impacted (BleepingComputer) Japanese game developer Capcom has disclosed that they suffered a cyberattack over the weekend that is impacting business operations, including email systems.
Capcom quietly discloses cyberattack impacting email, file servers (ZDNet) The attack forced Capcom to temporarily pull services to stop the attack from spreading.
Muscatine schools looking into possible student data breach (Discover Muscatine) Since the 2009-2010 school year, the Muscatine Community School District has contracted with Timberline Billing Service LLC to process our Medicaid claims for our students who receive special education services. On March 5, 2020, Timberline noticed suspicious activity on its ne ...
Chatham commissioners discuss cyber incident, future building projects in regular meeting (The Chatham News + Record) During a regular session Monday night, the Chatham County Board of Commissioners discussed future building projects as well as last week’s cyber attack on Chatham County’s …
Some in-person classes resume at Saskatchewan Polytechnic following cyberattack (Global News) Online classes, including Zoom classes, remain cancelled.
Security Patches, Mitigations, and Software Updates
Google Patches 30 Vulnerabilities With November 2020 Android Updates (SecurityWeek) Google this week announced the availability of a new set of monthly patches for the Android operating system, containing fixes for a total of 30 vulnerabilities
Patch for Critical VMware ESXi Vulnerability Incomplete (SecurityWeek) VMware has released new patches for ESXi after determining that a fix for a critical vulnerability was incomplete.
Cyber Trends
The cold cyberwar and geopolitics: which weapons can protect endpoints? (Panda Security Mediacenter) The COVID-19 pandemic has been accompanied by another associated threat: cyberterrorism. Find out more information about how to protect your endpoint.
NCSA Cybersecurity Awareness Month Survey Report 2020 (Stay Safe Online) The National Cyber Security Alliance (NCSA) engaged in a study to better understand consumer behavior around internet-connected devices and perceptions of security. NCSA also explored generational differences in perception and behavior changes during Covid-19. There were 1000 total survey respondents, half of respondents were between 18-34 years old and half were between 50-75 years old. The sample was taken from the US only and all respondents owned a connective device. The fieldwork timing was between Sept 9 2020- Sept 15, 2020.
Q3 Ransomware Demands rise: Maze Sunsets and Ryuk Returns (Coveware) Ransom payments in Q3 increased as more victims were impacted by new combinations of attacks leveraging both encryption ransomware and data exfiltration.
Why Paying to Delete Stolen Data is Bonkers (KrebsOnSecurity) Companies hit by ransomware often face a dual threat: Even if they avoid paying the ransom and can restore things from scratch, about half the time the attackers also threaten to release sensitive stolen data unless the victim pays for a promise to have the data deleted. Leaving aside the notion that victims might have…
Paying Ransom for Egregor is no guarantee of data recovery says Cert-in (Sify) In a recent advisory notification, Indias premiere Computer Emergency Response Team has added that paying money is no guarantee of recovering data. It also revealed snapshots.
Cyber Experts Comment On Bitdefender Report: The ‘New Normal’ State Of Cybersecurity (Information Security Buzz) In response to a new Bitdefender report which found that COVID-19 has left businesses at a far higher risk of cyber-attacks, largely due to their corporate
SEC Commissioner warns of increased cyberattacks on corporate America (Westfair Communications) U.S. Securities and Exchange Commission Chairman Jay Clayton is warning corporate America that cybersecurity assaults are showing no signs of abating.
A whistlestop tour of some of the year's biggest cyber security stories (Computing) Bears, scares and ransomware
Stress a Major Factor in Pandemic Cybercrime Growth (Infosecurity Magazine) Businesses should consider employee personalities when establishing a cybersecurity strategy
Heightened stress means greater security risks, report finds (Security Brief) 80% of companies say that an increased cybersecurity risk caused by human factors has posed a challenge during the COVID-19 pandemic, particularly in times of heightened stress.
Marketplace
PAS Global to be Acquired by Hexagon AB (PR Newswire) PAS Global, LLC (PAS), the OT Integrity company, today announced it has agreed to be acquired by Hexagon AB (Hexagon), a global leader in...
Brazil's Telefonica sells cyber security firm for $20 million (Gadget Now) Brazil's telecom services provider Telefonica Brasil SA has sold its 100% stake in cyber-security firm Telefonica Ciberseguranca e Tecnologia do Brasil (CyberCo Brasil) to another company within the group, according to a securities filing on Tuesday.
Confluera Expands Reseller Program with 3SG Plus Partnership to Advance Global XDR Market (BusinessWire) Confluera, the autonomous detection and response company, today announced its partnership with 3SG Plus, technology solutions provider to local govern
Aryaka Debuts as a “Strong Performer” in SD-WAN Services Report by Independent Research Firm (Aryaka) Aryaka®, the Cloud-First WAN company delivering the #1 managed WAN/SD-WAN solution, announced today that the organization has been named a Strong Performer by Forrester Research in “The Forrester Wave™: Software-Defined WAN Services, Q4 2020.” Click here to download the complete report: The company and its annual revenue […]
After Huawei, Airtel to replace ZTE in Punjab; Nokia to get new 4G biz (ETTelecom) After replacing Huawei in Rajasthan and Rest of Tamil Nadu circles with Ericsson, Sunil Mittal-driven Bharti Airtel is likely to soon replace China's ..
OODAcast: Paul Kurtz, Iconic Cybersecurity Leader and Founder of TruSTAR (OODA Loop) Paul Kurtz is an internationally recognized expert on cybersecurity and the Co-Founder and Chairman of TruSTAR. In this OODAcast we dive into Paul's views on the cybersecurity landscape today and learn more about his approach to decision-making. We discuss a new concept he has been shepherding in the community regarding how cyber intelligence can be optimized for the benefit of any organization. We also extract lessons relevant for any leader who wants to make better, more accurate and actionable decisions in competitive environments.
Former VA Official Sean Kelley Takes VP Role at General Dynamics IT Unit (GovCon Wire) Sean Kelley, former deputy chief information officer for account management of benefits and veteran
Arctic Wolf Names Bob Skelley as Senior Vice President of Global Channels (Arctic Wolf) Arctic Wolf®, the leader in security operations, today announced the addition of Bob Skelley as Senior Vice President of Global Channels. In this new role, Skelley will lead Arctic Wolf’s channel organization with a near-term focus on developing the company’s international distribution strategy and partner ecosystem.
Products, Services, and Solutions
Vulcan Cyber Launches Remedy Cloud, Providing Free Access to Thousands of Vulnerability Fixes (PR Newswire) Vulcan Cyber®, the vulnerability remediation orchestration company, today announced Vulcan Remedy Cloud, a free service built on the world's...
IBM adds code risk analyzer to cloud-based CI/CD (InfoWorld) IBM Cloud Continuous Delivery’s Code Risk Analyzer scans Python, Node.js, and Java source code in Git repositories for security and legal risks
StarLink enhances IAM portfolio with SailPoint partnership (TahawulTech.com) StarLink has announced a partnership with SailPoint for distribution in the Middle East and Turkey.
Cato Automates Threat Intelligence Feed Assessment, Eliminating False Positives (AiThority) Cato Networks, provider of the world's first SASE platform, announced the first purpose-built reputation assessment system to combine threat intelligence and real-time network information
You can be a security intelligence expert, with these free tools from Recorded Future (Graham Cluley) Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! If 2020 taught the security industry anything, it is this: There…
Who Is a Secure Cyber Professional and What Do They Do? (EC-Council Official Blog) Nowadays, businesses are increasingly being done over network-connected devices, which makes everyone a target to cybercriminals. Find out what you need to be equipped with the necessary knowledge and skills to protect your information assets.
Technologies, Techniques, and Standards
Building the Business Case for Attack Surface Management (Bugcrowd) Note: This is part 5 of a 5-part series in which we examine a smarter approach to attack surface management. Catch up on last week’s post first. I love the term
Cyber resilience: 4 key trends SecOps team leaders need to know (TechBeacon) Remote work and the threat landscape are juicing a number trends around cyber resilience. Here are four that SecOps team leaders should be tracking.
Cybersecurity communication key to addressing risk (SearchSecurity) A positive security culture in an organization relies on improving cybersecurity communication between the IT team and the rest of the organization, as well as with vendors.
NCSC defends UK from 723 cyber attacks in fourth year of operations (Government Computing) NCSC defended the UK from 723 cyber incidents during the fourth year of its operations, of which nearly 200 are related to coronavirus.
Financial Stability Board toolkit reminds organisations that cyber resilience is crucial (Lexology) With the increased risks to cyber security posed by the switch to remote working necessitated by the Covid-19 pandemic, and the ICO this month…
Design and Innovation
How social media platforms are handling the 2020 election (Engadget) Labels are everywhere, but misinformation is still spreading, here's how social media is handling the 2020 election so far.
Social Media Companies Survived Election Day. More Tests Loom. (New York Times) Twitter, Facebook and YouTube remained on alert as the lack of a clear election result kept the online misinformation flowing.
YouTube refuses to remove video that appears to violate its policies (CNBC) But it quietly added a warning label and removed ads from the video claiming it "undermines confidence in elections."
Research and Development
Army tests automated tools for cyber defenses (GCN) The Army is experimenting with automated tools that protect artificial intelligence capabilities and reduce the number of technical personnel needed on the battlefield.
AI meets cyber as Army tests tactical network protection (FCW) The Army recently wrapped up 11 weeks of testing more than 30 fresh-out-the-lab technologies that could be available in 2023.
Academia
New Bath research hub to bridge the gap between digital security and society (InYourArea.co.uk) A new £3.5 million research collaboration at the University of Bath will focus on the social science side of digital security.
DHS Awards $2M to Create National Network of Cybersecurity Institutes (Meritalk) The Department of Homeland Security (DHS) Science and Technology Directorate (S&T), in partnership with the Cybersecurity and Infrastructure Security Agency (CISA), announced Oct. 30 that it has awarded $2 million to an initiative that will build a national network of cybersecurity technical institutes.
Legislation, Policy, and Regulation
()
Prop 24: Expansion of landmark California data privacy law leading (The Mercury News) Two years ago, California became the first state to pass a sweeping digital privacy law seen as the strongest of its kind in the United States. Early returns Tuesday showed a measure to refine and …
California Voters Support New Internet Privacy Rules, Strengthening State Law (Wall Street Journal) California voters approved a measure aimed at tightening internet privacy rules and fortifying the state’s landmark privacy law that went into effect this year.
California just strengthened its digital privacy protections even more (Vox) Are federal privacy laws next?
California Voters Pass the California Privacy Rights Act of 2020 (cyber/data/privacy insights) California voters appear to have approved Proposition 24, a proposal to adopt the California Privacy Rights Act of 2020 (CPRA). As of this posting, California voters had voted “yes” on the measure by a 55-44% margin with 71% of precincts reporting. Most major media outlets have projected that the
Portland, Maine has voted to ban facial recognition (The Verge) The ballot initiative is aimed squarely at police
Vermont Guard cyber team to help respond to cyberattack on health network (Army Times) The Vermont Guard's Combined Cyber Response Team will review thousands of computers and devices used by the state's health network to ensure they don't have malware or a virus.
The military must learn to operate more in the gray zone (C4ISRNET) While not necessarily postured to operate daily below the level of armed conflict, the military must learn how to do so in order to defeat adversary advances.
Shuttering Asymmetric Warfare Group and Red Team is the ‘wrong direction,’ retired Army three-star says (Army Times) The Army’s decision to close some of its innovation programs closely associated with the Iraq and Afghanistan wars is ill-advised, said a former commander of coalition forces in Afghanistan.
Litigation, Investigation, and Law Enforcement
US, Brazilian law enforcement seize $24 million in cryptocurrency generated through online fraud (ZDNet) Suspects involved in the scheme are being accused of defrauding investors of over $200 million.
Twitter, Facebook Fined by Turkey for Breaching Law Aimed at Curbing Dissent (Wall Street Journal) Turkish authorities have fined Twitter, Facebook and three other social-media platforms for failing to comply with a new law that civil-rights activists have decried as an attempt to stifle dissent.
June Retrial Date Set for Ex-CIA Engineer in Leak Case (SecurityWeek) The retrial of a former CIA software engineer charged with leaking secrets to WikiLeaks in an espionage case will begin June 7, a judge said Wednesday.
Huawei Challenges FCC Security Risk Label at Fifth Circuit (Courthouse News) An attorney for Chinese telecommunications giant Huawei told a Fifth Circuit panel Wednesday that the Federal Communications Commission was wrong to label the company as a national security threat because it has no standards to make such a determination.