Cyber Attacks, Threats, and Vulnerabilities
GCHQ in cyberwar on anti-vaccine propaganda (Times) GCHQ has begun an offensive cyber-operation to disrupt anti-vaccine propaganda being spread by hostile states, The Times understands.The spy agency is using a toolkit developed to tackle
Coronavirus: GCHQ launches war against Russian anti-vaccine propaganda (The Week UK) State-sponsored disinformation campaigns are being blocked and agents locked out of their accounts
GCHQ to tackle anti-vaccine disinformation linked to Russia (Engineering and Technology) GCHQ has launched a cyber investigation into disinformation around vaccines being spread by “hostile” states, according to reports.
Vietnamese hacking group OceanLotus uses imitation news sites to spread malware (CyberScoop) Suspected Vietnamese government-linked hackers are behind a series of fake news websites and Facebook pages meant to target victims with malicious software, according to Volexity research published Friday.
FBI: Hackers stole source code from US government agencies and private companies (ZDNet) FBI blames intrusions on improperly configured SonarQube source code management tools.
Defense Contractor Hacking More Expansive Than First Thought (BankInfo Security) A hacking operation that targeted defense contractors earlier this year was more expansive than first thought, with hackers using never-before-seen malicious tools
Beware of the tricks from Trickbot and Emotet Trojans, an advisory from Check Point Research (Microwire) Editor's brief: The global pandemic is hitting hard in the autumn/winter season now, with rapid escalation in Europe and North America. Even with multiple onsl
RansomEXX Trojan attacks Linux systems (Securelist) We recently discovered a new file-encrypting Trojan built as an ELF executable and intended to encrypt data on machines controlled by Linux-based operating systems.
Are Chinese spies trying to hack this anticensorship startup? Its execs believe so (Fortune) Executives at the anti-censorship startup Arweave believe they're being spear-phished by Chinese government hackers.
How Ryuk Ransomware operators made $34 million from one victim (BleepingComputer) One hacker group that is targeting high-revenue companies with Ryuk ransomware received $34 million from one victim in exchange for the decryption key that unlocked their computers.
Trump lawsuit site to report rejected votes leaked voter data (BleepingComputer) The DontTouchTheGreenButton.com website just launched by the Trump campaign in relation to the recently filed Arizona "rejected votes" lawsuit was discovered to be leaking voter data.
Report: Hotel Reservation Platform Leaves Millions of People Exposed in Massive Data Breach (Website Planet) Company: Prestige Software, based in Spain.
Severity: High
Size: 24.4 GB, totaling
Hotel reservation platform leaked user data from top online booking sites (HackRead) The list of online booking sites affected by the breach includes some of the top industry giants including Booking.com.
BigBasket Faces Potential Data Breach; Details Of 2 Crore Users Put On Sale On Dark Web (BloombergQuint) The company has filed a police complaint with Cyber Crime Cell in Bengaluru and is verifying claims made by cyber experts.
BigBasket faces data breach; details of 2 crore users put on sale on dark web (Mint) BigBasket has filed a police complaint in this regard with Cyber Crime Cell in Bengaluru and is verifying claims made by cyber experts.Cyble said that a hacker has put data allegedly belonging to BigBasket on sale for around ₹30 lakh
Another Alibaba-Backed Grocer Suffers Massive Data Breach (Benzinga) In more trouble for the Chinese tech giant, Alibaba Group Holdings Ltd (NYSE: BABA)-backed Indian grocer BigBasket suffered a massive data breach...
BigBasket Is The Latest Victim Of CyberAttack In India: Fundraising Deals To Go Awry? (Dazeinfo) BigBasket data breach is the worst cyber attack that company has ever faced. It hss put millions of users on risk as their sensitive personal information
Cipla asks its IT team to be on alert after cyber attacks on major pharma firms (Moneycontrol) Cipla CFO Kedar Upadhye has asked his IT team to be as paranoid as possible and take the help of experts, and continue to track some hostile activities like conversations on the dark web, and multiple other things that one can do
New cybersecurity threat discovered in the EA Games – Origin Platform (European Gaming Industry News) Nettitude discover a critical vulnerability that compromises the security of user devices. Nettitude announced we have identified a vulnerability affecting the Electronic Arts Origin Windows client. This discovery is a major find for Nettitude as we strive to continually enhance and maintain the security of our clients and the digital world we live in. […]
Luxottica data breach exposes LensCrafters, EyeMed patient info (BleepingComputer) A Luxottica data breach has exposed the personal and protected health information for patients of LensCrafters, Target Optical, EyeMed, and other eye care practices.
Hospital network hit by cyber attack restoring services (AP NEWS) Computer experts at the University of Vermont Medical Center are working to restore systems disabled in a cyberattack that have hurt the hospital's ability to provide some...
Car dealer Sandicliffe hit by cyber attack where two employee email accounts were accessed – Car Dealer Magazine (Car Dealer Magazine) Dealer group Sandicliffe was victim to a cyber attack where personal data was potentially accessed due to a phishing scam. Those who may have been
After hacker attack, STJ gradually resumes work on Monday | ... (AlKhaleej Today) After hacker attack, STJ gradually resumes work on Monday | ...
What one threat group's work tells us about the use of legit tools for illegitimate ends (SC Media) A kill chain published by security researchers highlights just how much some threat groups rely on open source or commercial pentesting tools in their attacks.
Cyber Trends
45% of businesses faced a data breach in last 12 months (Atlas VPN) Data breaches continue to dominate headlines around the world. Recent findings analyzed by Atlas VPN reveal that as many as 45% of businesses had a data breach in the last 12 months.
Marketplace
British cybersecurity firm Darktrace targets $5bn London IPO (Yahoo) City sources said that the appointment of the investment banks, as part of a syndicate of advisers, is likely to be finalised in the coming days.
NSA award draws protest from the incumbent (Washington Technology) The National Security Agency has made an award on its $471.8 million 'Barkingbadger' contract for classified services and that has drawn the ire of a disappointed bidder.
Global Companies Join Forces to Tackle Third-Party Risk Management Challenges (MarketScreener) HITRUST names founding members of newly formed Third-Party Risk Management Council ...
On Election Day, Facebook and Twitter did better by making their products worse (Silicon Valley Business Journal) That gust of wind you felt coming from Silicon Valley on Wednesday morning was the social media industry’s tentative sigh of relief.
The rise and fall of the ‘Stop the Steal’ Facebook group (Silicon Valley Business Journal) The first post in the new Facebook group that was started Wednesday was innocuous enough. “Welcome” to Stop the Steal, it said.
Ruder Finn wins US$1.4m Huawei account in US (Campaign Asia) The China-based technology giant also renewed a $1.9 million deal with Racepoint Global.
Retired Air Force general named CEO of cybersecurity center (Colorado Springs Gazette) A retired Air Force lieutenant general has been named CEO of the National Cybersecurity Center, the Colorado Springs-based think tank that focuses on information security and blockchain technology.
Trulioo names new CFO, buguroo appoints EMEA sales director (Biometric Update) Trulioo has announced the appointment of Leigh Ramsden as its new Chief Financial Officer to lead all aspects of the company’s finances as its biometric identity verification business rapidly grows…
British MSSP Adarma appoints former Cisco man as new CEO (CRN) John Maynard takes over from David Calder who will step into the role of chief product officer
Products, Services, and Solutions
Berners-Lee's Inrupt releases first commercial offering, the privacy-preserving Enterprise Solid Server (Computing) ESS offers a route to 'inclusive capitalism', says CEO John Bruce
Bot-Driven Carding Fraud | PerimeterX (PerimeterX) Determine the cost of Carding Fraud
Free Website Risk Assessment (PerimeterX) Get a Free Website Risk Assessment. Discover your appsec exposure from third-party JavaScript, open source vulnerabilities and Magecart attacks.
University of Surrey adopts people-centric blueprint for cyber security (UKAuthority) Increasing threats from social engineering attacks demand a strengthening of the ‘people perimeter’, writes Peter Carthew, director UK public sector at Proofpoint
Real-time cybersecurity has just got real (Includes interview) (Digital Journal) Real Time in its truest form, is an effective solution that instantly responds to any activity an employee displays on the network at the precise moment it puts the company in jeopardy, says Stephen Burke of Cyber Risk Aware.
Cloudflare updates Spectrum with DDoS analytics & trends (The Spiceworks Community)
Enterprises that use Cloudflare’s
reverse proxy offering Spectrum will notice a few more things on their
Network Analytics dashboard this week – things that are designed to
...
CyberSeek™ Helps Organizations Address Growing Cybersecurity Staffing Challenges (PR Newswire) New data from CyberSeek™, America's top free resource on the U.S. cybersecurity job market, shows that the shortage of cyber professionals is...
IRONSCALES Announces Integration with Swimlane to Automate Email Secur (PRWeb) IRONSCALES, the pioneer of self-learning email security, today announced that it has partnered with Swimlane, an independent leader in secur
Threat Stack Unveils Machine Learning Capabilities in The Threat Stack Cloud Security PlatformⓇ (BusinessWire) Threat Stack today announced ThreatML™, its new machine learning engine that enhances security observability.
Technologies, Techniques, and Standards
Better Election Security Preparation Meant No “Russia, Russia, Russia” in 2020 Vote (The Heritage Foundation) As ballot counting continues in states across the country and potential election fraud is being flagged and litigated, we are thankfully not hearing about another form of election meddling; namely,
Cybersecurity Awareness: Surviving an Email Phishing Crisis (INKY) When it comes to cybersecurity awareness, email phishing prevention and education are always key. Learn more and make sure you’re prepared to handle an email phishing crisis.
The US Air Force is using a new cyber training platform to evolve defensive teams (C4ISRNET) The Persistent Cyber Training Environment is being used to mature new designs for defensive cyber teams.
How to ensure your child’s digital safety, here are a few tips straight from Microsoft (The Financial Express) Here are a few tips to ensure your child's digital safety from Microsoft.
Design and Innovation
WhatsApp Wants to Host Your Intimate Chats. Don’t Fret—They’ll Be Deleted in a Week. (Wall Street Journal) Facebook’s WhatsApp has introduced a setting that automatically deletes messages after seven days, a move aimed at encouraging users to feel comfortable chatting in confidence.
Facebook’s latest attempt to slow disinformation means probation for groups (Washington Post) A new system flags groups that violate community standards, and makes volunteer moderators approve all posts for two months
A vicious culture war is tearing through Wikipedia (WIRED UK) Edit-warring was already common as India descended into political polarisation. Then along came Covid-19
Pentagon’s artificial intelligence hub shifts its approach to now ‘seek out problems’ (C4ISRNET) The Defense Department wants to ensure it's delivering tools that war fighters will actually use. That requires strong relationships across the globe.
Silent Sentinel selected in US Air Force Challenge (Intelligent Aerospace) Team PSSAP competed in the ‘Base Security and Defense’ challenge, looking to demonstrate comprehensive and affordable perimeter security and actionable intelligence.
Research and Development
Europe nurtures ties with the United States to boost expertise in cybersecurity (CORDIS | European Commission) Research expertise in cybersecurity is fragmented and the exchange of this knowledge is lacking. For Europe to remain at the forefront of such know how, it needs to foster collaboration with top-notch institutions in the United States.
This could lead to the next big breakthrough in common sense AI (MIT Technology Review) You’ve probably heard us say this countless times: GPT-3, the gargantuan AI that spews uncannily human-like language, is a marvel. It’s also largely a mirage. You can tell with a simple trick: Ask it the color of sheep, and it will suggest “black” as often as “white”—reflecting the phrase “black sheep” in our vernacular. That’s…
Academia
What happens when private student information leaks (The Hechinger Report) Congressional watchdog report counts breaches of Social Security numbers and health records at schools. Malicious cyberattacks rare. Accidental mishandling of student data more common.
IUP to hold cybersecurity camp in February (The Indiana Gazette Online) For the fifth consecutive year, Indiana University of Pennsylvania has secured funding from the National Science Foundation and the National Security Agency to offer its free cybersecurity camp, GenCyber, for
U Illinois to Lead Planning Efforts on Network of Cybersecurity Tech Institutes (Campus Technology) The University of Illinois at Urbana-Champaign has received a $2 million grant to develop a plan for creating a national network of technical institutes focused on cybersecurity.
Legislation, Policy, and Regulation
Curaçao takes innovative approach against bullying and cyber-bullying in school (MENAFN) On the occasion of the First International Day against Violence and Bullying in Schools, including Cyberbullying, the Curaçao National Commission for UNESCO celebrated the day under the theme 'Together against Bullying in school'/'Huntu kontra Bullying den skol'/ 'Samen tegen pesten op school'. During UNESCO's 40th Genera
Auf den Terroranschlag folgt EU-Verschlüsselungsverbot - fm4.ORF.at (fm4.ORF.at) Im EU-Ministerrat wurde binnen fünf Tagen eine Resolution beschlussfertig gemacht, die Plattformbetreiber wie WhatsApp, Signal und Co künftig dazu verpflichtet, Generalschlüssel zur Überwachbarkeit von E2E-verschlüsselten Chats und Messages anzulegen.
Brazilian telecoms snub U.S. official over Huawei 5G pressure: source (Reuters) Brazil's top four telecom companies have decide not to meet with a visiting senior U.S. official who has advocated excluding China's Huawei Technologies Co [HWT.UL] from the Brazilian 5G equipment market, an industry source said on Friday.
Joint Parliamentary Panel Seeks Information On Data Breach Check Protocols From Mobile App Companies (Swarajyamag) Representatives from Airtel and Truecaller appeared in front of the committee on Friday.
UK-Japan trade deal threatens UK citizens' online privacy, ORG warns (Computing) Adopting a 'free flow of data' approach would be a radical departure from the UK's current position, argues the Open Rights Group
Biden Term Could Spell Sanctions, Boost Data Transfer Deal (Law360) Joe Biden's presidency could lead to tougher sanctions for state-backed actors who target the U.S. with cyberattacks and carve out an easier path for a key transatlantic data transfer deal, industry experts say.
The Cybersecurity 202: Biden will get tougher on Russia and boost election security. Here's what to expect. (Washington Post) President-elect Joe Biden is expected to dramatically shift how the government handles cybersecurity threats when he takes office in January.
ICT Supply Chain Lessons Learned Covid 19 (CISA) This analysis report, Building A More Resilient ICT Supply Chain: Lessons Learned During The COVID-19 Pandemic, examines how the COVID-19 pandemic impacted the logistical supply chains of information and communication technology (ICT) companies and provides recommendations on how organizations can increase their supply chain resilience from future risks.
Fmr. CIA chief Gen. Hayden: Biden should start getting daily presidential intel brief 'Now' (American Military News) On Friday, retired U.S. Air Force general and former CIA and NSA director Michael Hayden said Democratic presidential candidate Joe Biden should start receiving the daily presidential intelligence briefing.
Debt collectors will soon be allowed to reach you by text or on Facebook (CBS News) New federal rule doesn't limit how many times a debt firm can send emails or message you on social media.
Debt Collection Practices (Regulation F) (Bureau of Consumer Financial Protection) The Bureau of Consumer Financial Protection (Bureau) is issuing this final rule to revise Regulation F, which implements the Fair Debt Collection Practices Act (FDCPA) and currently contains the procedures for State application for exemption from the provisions of the FDCPA.
Connected cars must be open to third parties, say Massachusetts voters (Ars Technica) The ballot initiative passed with overwhelming support.
Litigation, Investigation, and Law Enforcement
Here are the GOP and Trump campaign’s allegations of election irregularities. So far, none has been proved. (Washington Post) Republicans have made claims of election irregularities in five states where President-elect Joe Biden leads in the vote count, alleging in lawsuits and public statements that election officials did not follow proper procedures while counting ballots in Tuesday’s election.
FTC likely to sue Facebook on antitrust violations by end of November (POLITICO) But the agency may keep the case internal, stymieing states that want to team up.
Huawei takes Swedish regulator to court over 5G ban (Capacity) Huawei is taking the Swedish telecoms regulator to court over its ban on operators from using its equipment in 5G networks.
ShopRite Settles with NJ AG for Data Breach (JD Supra) New Jersey Attorney General (AG) Gurbir S. Grewal announced on November 2, 2020, that his office has settled with ShopRite’s parent company, Wakefern...
Husband and Wife Sentenced for International Elder Fraud Scheme (US Department of Justice) A husband and wife were sentenced today to a combined 92 months in prison for their roles in a sophisticated fraud scheme that primarily targeted elderly Americans.