2021: the latest from the future
National Cyber Threat Assessment 2020 (Canadian Centre for Cyber Security) Canadian individuals and organizations increasingly rely on the Internet for daily activities. In a COVID-19 context, this trend has accelerated to enable Canadians to work, shop, and socialize remotely in accordance with public health physical distancing guidelines. However, as devices, information, and activities move online, they are vulnerable to cyber threat actors.
2021 Cybersecurity Predictions (WatchGuard Technologies) In 2021 and beyond, we predict that cyber criminals will find new and innovative ways to attack individuals, their homes and devices, in order to find a path to your trusted corporate network.
Increase in Ransomware Sophistication and Leverage of Legacy Malware Predicted for 2021 (Infosecurity Magazine) Sophos’ 2021 threat report predicts an increase in ransomware and legacy malware use
Asigra Forecasts Five Ransomware Challenges Expected to Increase Business Risk in 2021 (Totaltelecom) Asigra Inc., a leader in backup and recovery software that delivers comprehensive backup repository cyber protection, today forecast five ransomware challenges expected to impact businesses in 2021, driven in part by an escalation of increasingly sophisticated ransomware attacks globally. Tasked with ensuring operational continuity, Asigra is responding to these challenges and providing guidance on maintaining productive business operations.
UN and Europol Warn of Growing AI Cyber-Threat (Infosecurity Magazine) Report claims new tech could be exploited as attack vector and surface
Exploiting AI: How Cybercriminals Misuse and Abuse AI and ML (Trend Micro) We discuss the present state of the malicious uses and abuses of AI and ML and the plausible future scenarios in which cybercriminals might abuse these technologies for ill gain.
Cyber Attacks, Threats, and Vulnerabilities
Ghost in the machine: Researchers find Webex vulnerabilities allow hidden visitors (CyberScoop) Halloween may have been last month, but IBM researchers revealed Wednesday that they discovered a way ghosts could haunt Cisco Webex meetings.
Cisco Webex 'Ghost' Flaw Opens Meetings to Snooping (Threatpost) Cisco patched the Webex flaw, as well as three critical-severity vulnerabilities, in a slew of security updates on Wednesday.
GO SMS Pro Vulnerable to Media File Theft (Trustwave) The GO SMS Pro application is a popular messenger app with over 100 million downloads and was discovered to publicly expose media transferred between users of the app. This exposure includes private voice messages, video messages, and photos. This means any sensitive media shared between users of this messenger app is at risk of being compromised by an unauthenticated attacker or curious user.
Researchers Find Tens of AWS APIs Leaking Sensitive Data (SecurityWeek) Palo Alto Networks security researchers identified more than 20 Amazon Web Services (AWS) APIs that can be abused to obtain information such as IAM users and roles
Large-Scale Attacks Target Epsilon Framework Themes (Wordfence) So far today we have seen more than 7.5 million attacks against more than 1.5 million sites, coming from over 18,000 IP addresses.
How the Industrial Cloud Gets Hacked (EE Times Asia) We are surrounded by hackable devices.
The AI Telegram bot that abused women is still out of control (WIRED UK) A bot automated deepfake abuse online. Researchers say their warnings have been ignored and Telegram has failed to remove it
Despite Data Breach, Liquid Exchange Continued Listing New Tokens Before Warning Users | Crypto Briefing (Crypto Briefing) The hacker convinced a domain hosting provider that manages one of Liquid’s domain names to give them control of the account and domain.
Mercy Iowa City data breach exposes tens of thousands of Iowans' Social Security numbers, private medical information (Iowa City Press-Citizen) An investigation found that the data of more than 60,000 Mercy Iowa City patients may have been exposed in the breach.
Great Hearts Academies students and parents were victims of data breach (Arizona Mirror) An unknown number of students at Great Hearts Academies and their parents had their names and contact information stolen by a hacker in a ransomware attack earlier this year, Arizona Mirror has learned.
Cyberattack could ‘sow mistrust’ (The Chatham News + Record) The cyber-attack which leveled the Chatham County government computer network three weeks ago — disconnecting phone lines and email services and prohibiting access to county records — could have …
Americold Operations Downed by Cyber-Attack (Infosecurity Magazine) Drivers stuck outside facilities after suspected ransomware attack
Cold storage giant Americold hit by cyber attack, operations impacted (teiss) Cold storage giant Americold suffered a cyber attack that forced it to take urgent steps and engage security experts to contain its fallout.
Dark web (Professional Security) RiskIQ researched cybersecurity attitudes Dark web online consumers RiskIQ cyber threat intelligence
Security Patches, Mitigations, and Software Updates
Chrome Gets Patched Again—But 83% of Users Aren’t Running the Latest Version (Menlo Security) Your browser is outdated and unpatched and you need to patch it. Menlo provides malware-free web browsing until you do.
Cyber Trends
Cybereason Research Underscores Heightened E-Commerce Threats Going in (PRWeb) Cybereason's newest research underscores the dangers lingering online for hundreds of millions of holiday shoppers around the world in 2020.
BlueVoyant Report Reveals Biotech and Pharmaceutical Industry under Aggressive and Targeted Attack (BlueVoyant) BlueVoyant, a cybersecurity services company, today announced the findings from its Biotech and Pharmaceutical 2020 Report, which showed that attacks on this industry had increased by 50% between 2019 and 2020. The report highlighted that nation-states are ramping up cyber attacks on companies that are developing vaccines, and this is likely to increase as production and distribution gets underway.
79% of IT Leaders Look to Data Management for Competitive Advantage, According to New Survey (Druva) Survey of 700 IT Leaders by Druva finds increased focus on value of data, digital transformation and cloud data protection
DDoS attacks increased 300 per cent in the third quarter of 2020 compared to Q1 (Computing) Q3 DDoS attacks accounted for 56 per cent of all attacks seen so far this year
Data is more critical than ever, and so is its protection (Druva) There have been few organizational priorities of more importance than business resilience in 2020. Against the backdrop of a global pandemic that completely upended carefully thought out annual plans and initiatives, COVID-19 has forced organizations to re-evaluate priorities and focus resources on solutions that empower their organization’s continued success. Cloud migration initiatives have [...]
Bitglass’ 2020 Cloud Security Report: Only 31% of Organizations Use Cloud DLP Despite Data Leakage Being the Top Cloud Security Concern (BusinessWire) Bitglass, the Total Cloud Security Company, today released its 2020 Cloud Security Report, which uncovers whether organizations are properly equipped
56% of organizations suffered a ransomware attack in the last 12 months costing $1.1M per hack (Atlas VPN) According to the data acquired by the Atlas VPN team, 56% of organizations worldwide experienced at least one ransomware attack in the past 12 months, with an average ransom costing victims $1.1 million.
Despite Growing Cyber-Threats, Less Than Half of Organizations Perform Continuous Attack Surface Monitoring, New Survey From ESG and Bugcrowd Shows (Odessa American) Bugcrowd, the crowdsourced cybersecurity platform, today announced the release of the Attack Surface and Vulnerability Management Assessment survey, completed in partnership with analyst firm Enterprise Strategy Group (ESG).
Major security incidents are the new normal for hospitals and health systems (Healthcare IT News) The 2020 HIMSS Cybersecurity Survey finds very tight security budgets, vast landscapes of legacy systems and only modest improvements in risk assessments and proactive measures.
Cyber threat risks skyrocket in UAE as more businesses go virtual (Gulf News) Healthcare, government and aviation are among the worst-hit sectors in the Middle East
Allianz: Cyber crime brings expensive losses for companies, but internal failures most frequent cause of cyber claims (Taiwan News) Allianz: Cyber crime brings expensive losses for companies, but internal failures most frequent cause of cyber claims
Here's why business insurance rates are rising (AZ Big Media) Even before the pandemic, businesses saw the effects of a hardening insurance market, which generated higher business insurance rates.
UK retailers remain easy pickings for cybercriminals, new research finds - (Enterprise Times) UK Retailers might be slowly recovering from the fallout of the global pandemic. 60% of UK retailers have experienced a cyber-attack in 2020
()
Marketplace
Deepfence nabs $9.5 million to build AI shields for cloud workloads (VentureBeat) Deepfence, a startup developing AI-based protections against cybersecurity threats, has raised $9.5 million in funding.
Druva Acquires sfApex to Bolster Salesforce Data Protection and Governance (Druva) The integrated solution will allow CRM customers to get comprehensive backup, sandbox seeding and data governance capabilities
Abnormal Security Raises $50M in Series B Funding Led by Menlo Ventures to Accelerate Enterprise Adoption of Leading AI-driven Email Security Platform (BusinessWire) Abnormal Security, a next-generation email security company, today announced that it raised $50 million in Series B venture capital funding. Led by Me
With An Adtech Approach To Cyberattacks, Abnormal Security Hits $500 Million Valuation (Forbes) The startup raised $50 million with thanks to its artificial intelligence, which analyzes the behavior behind emails.
Army to Merge $100 Million Regional Cyber Operations Contracts (Bloomberg Government) U.S. Army’s cyber warfare division is considering a plan to consolidate its five regional cybersecurity centers under a single contract, according to a request for information released in early November. The new contract could be valued at $100 million or more, b...
Army tactical network acquisition office releases $850M solicitation for encryption device (C4ISRNET) The multiple award contract is worth up to $850 million.
From Moscow With Love, Kaspersky finalises move to Zurich (GovNews) In a bold move to transfer sensitive data from Moscow to Zurich, cybersecurity company Kaspersky has finalised its ambitious plan for better transparency.
()
Dynamic Ratings Joins the Asset to Vendor Network (A2V) to Aid in Securing America’s Power Grid (Dynamic Ratings) Dynamic Ratings, a recognized leader in condition-based monitoring products and services providers to the utility industry, is proud to announce the company is joining the Asset to Vendor Network (A2V). Dynamic Ratings will join A2V founders Fortress Information Security (Fortress), American Electric Power (AEP) and Southern Company (Southern) in the national cybersecurity information-sharing collaborative focused on securing the supply chain in the utility industry.
NiSource Joins The Asset To Vendor Network In Push To Secure U.S. Utilities (Fortress Information Security) NiSource has joined the Asset to Vendor Network (A2V), a national cybersecurity information-sharing collaborative focused on the utility industry.
NTT Data Subsidiary Wins DHS Cybersecurity Support Order; Kevin Durkin Quoted (GovCon Wire) NTT DATA Services' federal government subsidiary has received a $23.3M task order from the Depar
Frost & Sullivan Honors PerimeterX with 2020 Best Practices Award (PerimeterX) Independent research firm Frost & Sullivan has recognized PerimeterX for web application security technology innovation.
Aryaka Ranked Number 462 Fastest-Growing Company in North America on Deloitte’s 2020 Technology Fast 500™ - Aryaka (Aryaka) San Mateo, CA. – November 19, 2020 – Aryaka®, the Cloud-First WAN company delivering the #1 managed WAN/SD-WAN solution, announced today that the organization has ranked 462 on Deloitte’s Technology Fast 500™, a ranking of the 500 fastest-growing technology, media, telecommunications, life sciences and energy tech companies in North America now in its 26th year. […]
Centrify Named a Leader in Privileged Identity Management by Independent Research Firm | Centrify (Centrify) Centrify, a leading provider of Identity-Centric Privileged Access Management (PAM) solutions, today announced that it has been named a leader in the Forrester Research, Inc., November 2020 report, “The Forrester Wave™: Privileged Identity Management, Q4 2020.” This marks the third major analyst report in 2020 in which Centrify has been identified as a leader in the market.
Arctic Wolf Expands Operations to Toronto and San Antonio (Arctic Wolf) Arctic Wolf®, the leader in security operations, today announced that on the heels of its $200M Series E and $1.3B valuation, the company is establishing regional centers of excellence focused on research and development (R&D) and security operations in Toronto, Ontario and San Antonio, Texas. Arctic Wolf plans to begin hiring immediately in these locations, with physical offices planned to open in 2021.
Products, Services, and Solutions
BlackBerry Achieves NSA Approval for BlackBerry UEM (BlackBerry) BlackBerry Limited (NYSE: BB; TSX: BB) today announced that its BlackBerry® Unified Endpoint Manager (UEM) software has achieved National Security Agency (NSA) Commercial Solutions for Classified Program (CSfC) approval.
Druva Delivers Industries Most Efficient Data Protection for Oracle Databases in Hybrid Environments (Druva) Direct-to-cloud data protection eliminates multi-step and complex legacy processes for managing Oracle databases
Druva Introduces New Multi-Layered Ransomware Defense to Combat Rising Threats (Druva) Advanced ransomware recovery enhancements and technology integrations bring ability to identify, respond at scale and recover with confidence
Buildkite Expands Integration with GitHub, Introduces New Workflows (Buildkite) New onboarding experience gives teams greater control and visibility, accelerates build speed and scale
BoxBoat Named First GitLab Certified Professional Services Partner (IT Business Net) BoxBoat Technologies, the premier DevSecOps and digital transformation consultancy, has become the first GitLab Professional Services Partner after becoming GitLab Select Channel Partners in July, 2020. This strategic relationship will help us deliver cutting edge DevSecOps, continuous integration, and source control management services to our customers.
VMware's blockchain platform is ready for the enterprise (ZDNet) The distributed ledger technology, which aims to provide enterprises with an open-sourced, scalable trust infrastructure for decentralized apps, officially launched Wednesday.
Claroty Partners with CrowdStrike to Protect Industrial Control System Environments (PR Newswire) Claroty, the global leader in operational technology (OT) security, today announced it is partnering with CrowdStrike, a leader in...
CyberKnights Partners with CompTIA in Support of Cybersecurity Talent Assessment, Development, and Retention (Yahoo) CyberKnights, a product of Rofori Corporation, is a portal for cyber practitioners, employers, academia, and training providers. It promotes and facilitates cybersecurity talent assessment, development, and retention. CyberKnights and CompTIA have partnered to increase knowledge, skills, and awareness in the technology workforce.
Fugue’s Next-Generation Cloud Security Posture Management Product Now Available in AWS Marketplace (Fugue) By making Fugue available in AWS Marketplace, the company continues its mission to empower engineers to build and operate in the cloud securely with tools that are innovative and easy to adopt and use.
Datadobi Announces Support for File Data Migration and Protection to Microsoft Azure (BusinessWire) Datadobi has announced support for file data migration to and protection on Microsoft Azure.
Technologies, Techniques, and Standards
How The U.S. Fended Off Serious Foreign Election Day Cyberattacks (NPR) Officials feared the worst on Election Day: foreign-inspired disinformation and hacking. It didn't happen. Here's how government and private cyber sleuths helped keep the system safe.
How to keep COVID-19 vaccines safe from hackers (World Economic Forum) Here are 3 questions organizations involved in producing and distributing COVID-19 vaccines should be asking themselves to protect against cyberattack.
How to Identify Cobalt Strike on Your Network (Dark Reading) Common antivirus systems frequently miss Cobalt Strike, a stealthy threat emulation toolkit admired by red teams and attackers alike.
Air traffic control entity plans massive cyber security upgrade (ITWeb) BAir Traffic and Navigation Services will fast-track the appointment of critical resources to boost its cyber security, in response to growing global cyber threats.
Cyber espionage; the unwanted growth industry (InnovationAus) According to Verizon, state-based actors are responsible for the great majority – 82 per cent – of cyber espionage, with attacks aimed at stealing sensitive data from government or commercial organisations.Verizon has trawled through seven years-worth of data in its annual Data Breach Investigation Report (DBIR) to produce what it says is the first data-driven publication on advanced cyberattacks,
Ok Google: please publish your DKIM secret keys (A Few Thoughts on Cryptographic Engineering) The Internet is a dangerous place in the best of times. Sometimes Internet engineers find ways to mitigate the worst of these threats, and sometimes they fail. Every now and then, however, a major …
First Hour Response: The Only Way to Handle an Event Prior to it Becoming an Incident (Infocyte) Infocyte is the only organization offering an incident response guarantee. Learn more via our VP of Customer and Partner Success's blog here.
DDoS Extortion Attacks Are on the Rise: Are You Prepared (Neustar Blog) Distributed Denial of Service (DDoS) extortion campaigns, also called DDoS ransom attacks or RDDoS attacks, have risen so sharply in the last few months that the FBI has issued a warning to US companies.
Avoiding the “Twilight Zone” of Vendor Cyber Risk (JD Supra) When risk is stranger than fiction - While this might seem a fictitious depiction of how strategy and action gain momentum and approval...
Personal Cyber Insurance: What Is It and Do You Need It? (NBC4 Washington) Since the pandemic started, we’ve all been spending a lot more time on our phones and computers. And that means even more opportunities for cybercriminals to find their way into our digital lives. All it takes is one click on the wrong link, and you could be out thousands of dollars. They’ve become common headlines: data breaches, ransomware attacks, even…
Identity a cornerstone of effective fraud – and its prevention (Blue Notes) Just as major organisations are adapting to new technologies, so too are the fraudsters using data to drive illicit activities.
The Importance of Cybersecurity as a Business Strategy (IGI) Cybersecurity touches every aspect of a company, and should be driven by everyone from the CEO to the new hire to effectively protect company data.
Design and Innovation
Top intel official warns of bias in military algorithms (C4ISRNET) The Air Force's top intelligence officer warned of the dangers of using small or specific sets of data to train algorithms.
Legislation, Policy, and Regulation
Ericsson takes issue with Swedish ban on Huawei - FT (Reuters) Ericsson's CEO said Sweden's decision to ban China's Huawei from its 5G telecoms networks restricts free competition and trade, the Financial Times reported on Wednesday.
Lawmakers criticise choice of UK cyber security HQ (Reuters) Britain's GCHQ spying agency ignored evidence and broke its budget in choosing an expensive central London headquarters for a newly created cyber security centre, a report by a committee of lawmakers said on Thursday.
Justice Dept.’s China focus likely to continue under Biden (Washington Post) President Donald Trump has identified China as the country’s biggest foe and the Justice Department mirrored that emphasis over the last four years with a drumbeat of cases against defendants ranging from hackers accused of targeting intellectual property to professors charged with grant fraud.
How to Defeat Disinformation (Foreign Affairs) An Agenda for the Biden Administration
IoT Cybersecurity Improvement Act Passes Senate (SecurityWeek) The IoT Cybersecurity Improvement Act, which aims to improve the security of IoT devices, has passed the Senate and is heading to the White House for the president’s signature
New bill looks to tighten cybersecurity waivers for civilian agencies (FCW) Two democratic lawmakers introduced legislation to increase oversight on waivers for cybersecurity measures at civilian agencies across the federal government.
Trump’s ‘Post-Election Purge’: Head Of Election Cybersecurity, 11 Other Top Officials Out (Forbes) The Trump administration's widely anticipated firing spree is well underway.
‘Absolute right guy for the job’: New cyber chief takes reins amid the chaos (POLITICO) Colleagues say Brandon Wales, a career employee at DHS, is ideally suited to lead its Cybersecurity and Infrastructure Security Agency after the president’s firing of Chris Krebs.
After Krebs' dismissal, DHS’s cyber agency is led by career official Brandon Wales. For now. (CyberScoop) Less than 24 hours after President Donald Trump fired Chris Krebs, the dust is still settling at the Department of Homeland Security cybersecurity agency that Krebs led.
CISA: Who is Brandon Wales? First Executive Director’s career explored – HITC (HITC) Who is Brandon Wales of CISA? Let’s explore the first Executive Director’s career in the wake of Trump’s firing of Chris Krebs.
Chris Krebs is gone but his firing may not be the last (BBC News) The president has fired a top election official, reportedly angry at his refusal to support claims of fraud.
Analysis | What the fired director of federal cybersecurity actually said about the election (Washington Post) He wanted to make sure that the supporters of losing candidates could be confident in that loss — which is very much not what Trump wants to see happen.
McEnany: Fired cybersecurity chief tried to sabotage election legal challenges (Washington Examiner) White House press secretary Kayleigh McEnany said the top U.S. cybersecurity official, who was abruptly fired by President Trump after defending the integrity of the 2020 election, appeared motivated to discredit the president's legal challenges in battleground states.
Trump Fires Security Chief Who Said 2020 Vote Was 'Most Secure' in US History (Voice of America) Barely two weeks after the polls closed in an election he is now projected to lose, U.S.
Trump Fires Security Chief Christopher Krebs (KrebsOnSecurity) President Trump on Tuesday fired his top election security official Christopher Krebs (no relation). The dismissal came via Twitter two weeks to the day after Trump lost an election he baselessly claims was stolen by widespread voting fraud.
The Cybersecurity 202: Fears grow about White House interference at CISA after Krebs’s ouster (Washington Post) Current and former cybersecurity officials fear it will be far more difficult to withstand political pressure from the Trump White House following a purge of its senior leadership.
Cyber Official’s Ouster Tests Government Relations With Private Sector (Wall Street Journal) Chris Krebs was widely credited with forging ties between the government and the private sector during his two-year tenure. Those ties are now under threat after he was fired Tuesday by President Trump, lawmakers and business executives say.
Firing Christopher Krebs Crosses a Line—Even for Trump (Wired) The president dismissed the widely respected cybersecurity agency director Tuesday night for pushing back against election disinformation.
Air Force Proceeds with Spectrum Warfare Wing (SIGNAL Magazine) The service’s first pursuit of such a wing is an answer to adversarial threats across the spectrum.
Litigation, Investigation, and Law Enforcement
Intel community readies postmortem on foreign interference in 2020 election (POLITICO) The report, including a public release that's due by January, can help determine whether the Nov. 3 election really was "the most secure in American history."
CBSA officer insists Meng Wanzhou represented legitimate national security concern (CBC) A Canada Border Services Agency officer who questioned Meng Wanzhou at Vancouver's airport nearly two years ago will face more tough questions Wednesday as the Huawei executive’s lawyers continue to grill him about his supposed concerns over national security.
Former Army Green Beret pleads guilty to divulging military secrets to Russia (Army Times) Peter Rafael Dzibinski Debbins, 45, pleaded guilty to a charge under the federal Espionage Act and faces up to life in prison when he is sentenced in February.
Ongoing Data Breach Dispute Underscores Emerging Legal Issues in Data Privacy Litigation (The National Law Review) From consumers and merchants to financial institutions and investors, fraud is a global problem that damages healthy economic growth.  Two sobering statistics illustrate that as the world has bec