Cyber Attacks, Threats, and Vulnerabilities
Cybereason discovers new North Korean cyberattack tools (Israel Defense) The research division of the Israeli cyber defense company discovered a North Korean group that spied on governments, defense companies, the Security Council and pharmaceutical companies that worked on COVID-19 vaccines
Gitpaste-12: a new worming botnet with reverse shell capability spreading via GitHub and Pastebin (Official Juniper Networks Blogs) Gitpaste-12 is a new worm recently discovered by Juniper Threat Labs, whichuses GitHub and Pastebin for housing component code and has at least 12 different attack modules available. There is
Critical bug actively used to deploy Cobalt Strike on Oracle servers (BleepingComputer) Threat actors are actively exploiting Oracle WebLogic servers unpatched against CVE-2020-14882 to deploy Cobalt Strike beacons which allow for persistent remote access to compromised devices.
Positive Technologies expert has discovered a vulnerability in McAfee ePO security management system (Positive Technologies) The vulnerability allowed attackers to perform actions on behalf of system administrators, such as disabling protection and developing an attack on a network
WECON PLC Editor (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low skill level to exploit
Vendor: WECON
Equipment: PLC Editor
Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to execute code under the privileges of the application.
Mitsubishi Electric GT14 Model of GOT1000 Series (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Mitsubishi Electric
Equipment: GT14 model of GOT1000 Series
Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Session Fixation, NULL Pointer Dereference, Improper Access Control, Argument Injection, Resource Management Errors
2.
Mitsubishi Electric Factory Automation Engineering Products (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.3
ATTENTION: Low skill level to exploit
Vendor: Mitsubishi Electric
Equipment: Mitsubishi Electric, Factory Automation Engineering products
Vulnerability: Unquoted Search Path or Element
2.
Mitsubishi Electric MELSEC iQ-R Series (Update B) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 5.3
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Mitsubishi Electric
Equipment: MELSEC iQ-R Series
Vulnerability: Resource Exhaustion
2.
Data breach affecting 12,600 patients reported at Beaufort hospital. What happened? (Island Packet) Over 12,600 patients were affected by a data breach at Beaufort Memorial Hospital in early August, the hospital confirmed Wednesday.
Facebook Has A Metric For “Violence And Incitement Trends.” It’s Rising. (BuzzFeed News) The metric, which assesses the potential for danger based on keywords, rose to 580 from 400 this week — a 45% increase.
Timberline data breach reported at schools in Polk, Dallas, Warren counties; authorities unaware of personal data misused (Des Moines Register) The school districts involved in the data breach are Urbandale, Indianola, Bondurant-Farrar, Saydel, and Carlisle schools.
Student data leaked on dark web after cyberattack on Newcastle University (jbKlutse) Back in September, a hacking group named DoppelPaymer launched a cyberattack on Newcastle University, disrupted its IT systems, and stole several files, including user data.
Pwned: Deloitte Hacker IQ game forced offline after hack (The Daily Swig) Consultancy firm’s cybersecurity quiz pulled after researcher exposed vulnerability
Exclusive: Russian hackers targeted California, Indiana Democratic parties (Reuters) The group of Russian hackers accused of meddling in the 2016 U.S. presidential election earlier this year targeted the email accounts of Democratic state parties in California and Indiana, and influential think tanks in Washington and New York, according to people with knowledge...
Security Patches, Mitigations, and Software Updates
Update Your iOS Devices Now — 3 Actively Exploited 0-Days Discovered (The Hacker News) Update Your Apple iOS Devices Now — 3 Actively Exploited 0-Days Discovered by Google
Cyber Trends
2021 Cyber Threat Trends Outlook (Booz Allen Hamilton) The year 2020 has been unlike any we have experienced, and this is true with regard to cyber threats, too.
McAfee Labs Threats Report (McAfee Labs) At McAfee, we have focused our threat research teams entirely on ensuring your data and systems remain secure, and for the first time have made available the MVISION Insights preview dashboard to demonstrate the prevalence of such campaigns.
2020 could be 'the worst year in cybersecurity history' (TechRadar) Bitdefender report paints a grim picture for cybersecurity market
Marketplace
ConnectWise to acquire Perch Security for US$80m (CRN Australia) Security platform vendor with in-house SOC.
The NCSC and Microsoft are looking for cybersecurity companies to help protect the UK (Microsoft News Centre UK) News of the accelerator comes as the NCSC revealed it dealt with a record number of cybersecurity incidents in the past year.
Microsoft to support next generation of security startups (ComputerWeekly.com) Tech giant lends its support to the NCSC Cyber Accelerator scheme, which is seeking its seventh cohort of startups.
Investors Should Let the Palantir Dust Settle Before Choosing a Side (InvestorPlace) PLTR stock has obvious potential -- and obvious risk. With so many questions, investors would do well to let the story play out a little while longer.
Is there an alternative to Huawei? (The Economist) OpenRAN could be it
Facebook and TikTok block hashtags used to spread election conspiracy theories (The Verge) Social networks have been trying to crack down on misinformation.
Facebook, Alarmed by Discord Over Vote Count, Is Said to Be Taking Action (New York Times) New measures would slow down the flow of information and make election misinformation less visible, according to people with knowledge of the matter.
GOP-Linked 'Stop the Steal' Facebook Group Is Gaining Thousands of Members a Minute (Vice) The group, run by Trump allies, is spreading disinformation about the election and calling for "boots on the ground to protect the integrity of the vote."
Trump’s Special Twitter Treatment Would End With Biden Win (Bloomberg) For now, violating posts get warning label, not removal. But ‘world leader’ newsworthiness rules wouldn’t apply.
Ingram Micro reveals cyber centre of excellence (CRN Australia) Adds sales, technical and marketing support for partners in region.
Anonymous Trump Critic And Former DHS Staffer Miles Taylor Has Left Google (BuzzFeed News) Taylor, who had been on unpaid leave from Google, was employed by the company for a little more than a year.
Products, Services, and Solutions
MediaPRO Puts Human Connection First with Launch of Security and Privacy Training Series Paradigm (PR Newswire) MediaPRO, a leading provider of security and privacy training solutions, today announced the release of their new series of security and...
Westcon Signs Distribution Agreement with Breach & Attack Simulation Leader AttackIQ (AttackIQ) Westcon has signed an agreement with AttackIQ, the leader in Breach and Attack Simulation (BAS), to distribute its solutions with immediate effect in the EMEA and APAC regions. Carl Wright, Chief Commercial Officer at Attack IQ, comments: “Breach damage is worse than ever. In 2021, cyber damage on the global economy is expected to reach $6 […]
Comodo Announces Sovaton as Distributor Partner for South African Cybersecurity Marketplace (Yahoo) Comodo, the world’s leader of next-generation cybersecurity announced a partnership with Sovaton, a value-added distributor (VAD) with a sole focus on IT security solutions to protect and defend ...
Technologies, Techniques, and Standards
Government Security Alerts: Why Cybersecurity Pros Must Pay Attention (Dice Insights) Federal government agencies such as the NSA and CISA are taking a much more active role in alerting organizations to cybersecurity issues.
Red team vs. blue team vs. purple team: What's the difference? (SearchSecurity) Simulated cybersecurity attacks can teach an enterprise a lot about its employees, policies and technologies. Learn about the differences between red teams vs. blue teams vs. purple teams and how they all fit into the equation to improve an organization's security posture.
Here's How Law Firms Can Ward Off Disgruntled Atty Leaks (Law360) As Cole Schotz PC grapples with the fallout of a breach of client information caused by a disgruntled former associate, other law firm leaders are likely reexamining their own information security policies, which experts say in many cases leave a good deal of room for improvement.
What to do with old online accounts you don't use anmore? (KOMO) Chances are you have old online accounts that you haven’t used for a long time, maybe years. I know I do. I talked to the digital security experts at Sophos, and they say the smart move is to delete these old accounts. “Those old accounts may not seem like they have much value to you, but criminals have been passing around those old passwords and keeping track of a lot of those accounts,” said Chester Wisniewski, a principal research scientist at Sophos.
Design and Innovation
DISA posts blockchain RFI (Intelligence Community News) DISA is conducting market research to ensure better understanding of the capabilities available in the market place relevant to a Blockchain as a service offering.
Research and Development
What is Quantum Cryptography & What Does It Promise? (Analytics India Magazine) Quantum cryptography can help in solving cyberspace security problems for the future internet and applications such as IoT and smart cities.
Legislation, Policy, and Regulation
No grounds for claims of Russia’s 'destructive behavior' in cyberspace — Putin (TASS) The claims concern alleged meddling in elections and more, according to the Russian president
Switzerland outlines digital foreign policy strategy (SWI swissinfo.ch) Switzerland wants to help shape international law to give people better control of their data and improve digital governance around the world.
Government must take cyber threat to democracy seriously (The Strategist) With voting underway in the US, the eyes of the world are focused on America’s democratic process. Unfortunately, so is the attention of groups of state-backed hackers from around the world as the US’s adversaries ...
The Cybersecurity 202: The security of future elections could ride on this one’s outcome (Washington Post) As Americans await the outcome of the 2020 election, the security of future elections may hang in the balance.
OMB’s CIO.gov Site Confirms Sandoval as New Federal CISO (Meritalk) Confirmation of the appointment of Camilo Sandoval as the new Federal CISO has emerged in the form of his listing on the Office of Management and Budget’s (OMB) CIO.gov website as holding the Federal CISO title.
Litigation, Investigation, and Law Enforcement
Brazilian police investigate online hacking of high court (Washington Post) Brazil’s federal police opened an investigation into the hacking of computers at one of the country’s high courts on Thursday.
Austrian opposition lambasts government over Vienna attack intel failure (Reuters) Austria's opposition parties lambasted the government on Thursday over its admitted mishandling of intelligence that might have prevented a deadly rampage in Vienna this week, accusing it of trying to shift the blame onto others.
Feds Seize $1 Billion in Stolen Silk Road Bitcoins (Wired) A hacker identified only as Individual X had been sitting on a cryptocurrency gold mine for seven years before the IRS came knocking.
Silk Road Bitcoins Worth Over $1 Billion Are Target of U.S. (Bloomberg) Justice Department seeks forfeiture of funds it seized Tuesday. It’s the biggest cryptocurrency bust the government has made.
More domains with ties to suspected Iranian influence campaign are seized by US (CyberScoop) The U.S. Department of Justice’s actions against alleged Iranian influence campaigns continued this week with the seizure of 27 internet domains, including four that the feds say were targeted directly at U.S. audiences.
United States Seizes 27 Additional Domain Names Used by Iran’s Islamic Revolutionary Guard Corps to Further a Global, Covert Influence Campaign (US Department of Justice) The United States has seized 27 domain names that Iran’s Islamic Revolutionary Guard Corps (IRGC) unlawfully used to further a global covert influence campaign.
Traders Settle Case Tied to Hack of SEC’s Corporate Database (Wall Street Journal) Two men accused of trading on information hacked from a government database by Ukrainians will pay $425,000 to settle regulatory claims, a fraction of the illegal profits they were alleged to have earned.
ICO faces legal action over alleged failure to address illegal data sharing (Computing) The ICO agreed that the AdTech industry had violated the GDPR but says that a tribunal will decide the matter 'in due course'
European Consumer Groups Begin Suing Over Data Breaches (Wall Street Journal) Lawsuits filed against British Airways and Marriott could be the vanguard of a wave of European class-action cases dealing with privacy concerns, lawyers say.
$350K Proposed Settlement Reached in Saint Francis Data Breach Lawsuit (HealthITSecurity) Patients impacted by the 2019 ransomware attack on Ferguson Medical Group, now owned by Saint Francis Healthcare, reached a $350,000 with the health system to recoup data breach recovery costs.
ShopRite Settles with NJ AG for Data Breach (The National Law Review) New Jersey Attorney General (AG) Gurbir S. Grewal announced on November 2, 2020, that his office has settled with ShopRite’s parent company, Wakefern Food Corp. (Wakefern) and two of its superma
How the Hatch Act changes after Election Day (Federal Times) What constitutes prohibited political activity becomes less restrictive for federal employees the day after the election.