the future: the latest about the next few months.
RiskIQ Report Uncovers Consumer Spending and Safety Sentiment for Online Shopping this Holiday Season (RiskIQ) RiskIQ, the global leader in attack surface management, today released the findings from its Consumer Holiday Shopping Sentiment and Outlook 2020 report.
Cyber Monday Is Imminent. Are You Ready? (Infrascale) Cyber Monday is always the Monday after Thanksgiving. In 2020, that date will be Monday, November 30. Are you ready? No, we don’t mean ready to make a lot of online purchases. Or, from a retailer perspective, ready to process higher-than-usual data transaction volumes. Those are givens. Rather, are you prepared for a secure Cyber […]
Shop Safely (CISA) The holiday season is a prime time for hackers, scammers, and online thieves. While millions of Americans will be online looking for the best gifts and Cyber Monday deals, hackers will be looking to take advantage of unsuspecting shoppers by searching for weaknesses in their devices or internet connections or attempting to extract personal and financial information through fake websites or charities.
Five tips to stay cyber-safe while online shopping during the holidays (Show Me Mizzou) As more people are shopping online for the holidays, especially during the COVID-19 pandemic, they can unknowingly become prime targets for cybercriminals to steal their online data, such as credit card numbers and other sensitive personal information.
Quarterly Financial Crime Report - Q4 2020 Edition (Feedzai) The Quarterly Financial Crime Report Q4 2020, reports on fraud trends as captured by Feedzai’s exclusive data from over 4 billion global transactions.
Cyber security in 2021: four predictions for how the threat landscape will develop (Continuity Central) Despite the clear and present danger that the COVID-19 pandemic presents, most organizations are aware that cyber threats are a top long term issue that needs to be addressed. In this article Avesta Hojjati looks at four cyber threat areas that will develop in 2021.
Remote Work Will Escalate Opportunities For Cybercriminals: Survey (Entrepreneur) According to Juniper Networks, 73 per cent of the participants said their organization’s network and security has sometimes struggled in terms of the added business demands
Cyber frauds in India may go up in 2021: Kaspersky (Express Computer) Read Article With more users getting connected to the Internet and entering the digital payments ecosystem, cyber fraud incidents may go up in 2021, researcher at cybersecurity firm Kaspersky warned on Monday. The year 2020 saw several UPI-related frauds and several banks have issued advisories alerting their users about the same. “As more options for […]
Cyber Attacks, Threats, and Vulnerabilities
Suspected Chinese hackers impersonate Catholic news outlets to gather intel about Vatican diplomacy (CyberScoop) Entities linked with diplomacy between the the Vatican and Beijing are still of keen interest for suspected Chinese-linked hackers.
TA416 Goes to Ground and Returns with a Golang PlugX Malware Loader (Proofpoint) Following the Chinese National Day holiday in September, Proofpoint researchers observed a resumption of activity by the APT actor TA416.
What are the latest threats to journalist's cybersecurity? (Journalism) As phishing campaigns and government spyware are becoming increasingly sophisticated, newsrooms must realise they are only as strong as their weakest link
Maze Ransomware Influenced LockBit's New Data Leaks Website (Security Intelligence) The LockBit ransomware gang launched a new data leaks website after having learned from Maze ransomware attackers. Learn how to combat their tactics.
Hacker leaks the user data of event management app Peatix (ZDNet) More than 4.2 million user accounts have been made available for download online earlier this month.
Subdomain of Official Joe Biden Campaign Website Defaced by Turkish Hacker (SecurityWeek) A Turkish hacktivist has managed to deface a subdomain of the official Joe Biden campaign website
Another 'Minecraft' lesson for kids: Beware of deceitful adware apps (CyberScoop) Part of the appeal of “Minecraft” is that the in-game experience is highly customizable with thousands of bits of third-party software.
FBI warns of recently registered domains spoofing its sites (BleepingComputer) The U.S. Federal Bureau of Investigation (FBI) is warning the general public of the risks behind recently registered FBI-related domains that spoof some of the federal law enforcement agency's official websites.
Walmart-exclusive router and others sold on Amazon & eBay contain hidden backdoors to control devices | CyberNews (CyberNews) Walmart-exclusive Jetstream routers and Wavlink routers contain hidden backdoors. The routers are actively being exploited by Mirai malware
Smart doorbells 'easy target for hackers' study finds (BBC News) UK watchdog Which says consumers are at risk of having their home networks compromised.
11 Smart Video Doorbells Could Let Hackers Into Your Home | Information Security Buzz (Information Security Buzz) 11 smart doorbells purchased from online marketplaces have failed Which? security tests, in the latest example of smart products that could pose a risk to you and your home. These…
Tried and True Hacker Technique: DOS Obfuscation (Medium) What program is built-in and available on every Microsoft Windows machine out in the wild?
Malware creates scam online stores on top of hacked WordPress sites (ZDNet) The malware gang also poisoned the victims' XML sitemaps with thousands of scammy entries, lowering the sites' SERP ranking.
Researchers Show Tesla Model X Can Be Stolen in Minutes (SecurityWeek) Researchers have demonstrated that a Tesla Model X can be stolen in minutes via an attack targeting the keyless entry system.
Attack on Vendor Affects Website of Arizona Court System (SecurityWeek) A internet interruption resulting from a ransomware attack on a hosting provider has limited functionality of the Arizona state court system’s webpage for most of this week, according to the vendor and court officials.
Floor covering provider Headlam discloses data breach (Reuters) Floor coverings distributor Headlam Group said on Tuesday there had been an unauthorised access to some of its computer systems, resulting in some data being accessed.
Iowa City hospital suffers phishing attack (Security Magazine) During a time where hospitals are already strapped for resources, Mercy Iowa City hospital reported that an internal email compromise and phishing email incident led to the exposure of personal information of some 60,473 individuals.
Louisiana Hospitals Report Data Breach (Infosecurity Magazine) Cyber-attack exposes data of thousands of hospital patients of LSU Medical Centers
Official Manchester United club statement 20 November 2020 (Manchester United Official App) Read official comment on an incident affecting Manchester United.
Manchester United praised for swift response to cyber attack (ComputerWeekly) Manchester United’s systems were attacked last week, and the club has been praised for a swift and decisive response.
CVPH still recovering from cyber attack (Press-Republican) Restoration of Epic medical record system encourages UVMHN officials
Vulnerability Summary for the Week of November 16, 2020 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security Patches, Mitigations, and Software Updates
VMware Releases Workarounds for CVE-2020-4006 (CISA) VMware has released workarounds to address a vulnerability—CVE-2020-4006—in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. An attacker could exploit this vulnerability to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency encourages users and administrators to review VMware Security Advisory VMSA-2020-0027 and apply the necessary workarounds.
Critical VMware Zero-Day Bug Allows Command Injection; Patch Pending (Threatpost) VMware explained it has no patch for a critical escalation-of-privileges bug that impacts both Windows and Linux operating systems and its Workspace One.
VMware Fixing Command Injection Hole (ISSSource) VMware has a workaround and is working on a fix for a command injection vulnerability it its Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address command injection vulnerability, according to a release with US-CERT.
Facebook fixes Messenger bug that allowed Android users to spy on each other (Security Magazine) Facebook has fixed a critical flaw in the Facebook Messenger for Android messaging app. Natalie Silvanovich of Google’s Project Zero reported the bug to the Facebook bug bounty program. The bug could have allowed a sophisticated attacker logged in on Messenger for Android to simultaneously initiate a call and send an unintended message type to someone logged in on Messenger for Android and another Messenger client (i.e. web browser).
Cyber Trends
ESG Research Finds Strong Traction for XDR to Automate SOC Decision Making (GlobeNewswire) 93% plan XDR investments in next 12 months as organizations grapple with deficiencies in threat detection and response
Report: TPRM teams Need to Move Beyond Questionnaire-Based Assessments (RiskRecon) A new RiskRecon research project found that third-party risk teams do not believe the questionnaire responses from the vendors they are working with.
Sumo Logic Finds Attack Surface Expanding (Security Boulevard) An annual report published today by Sumo Logic, a provider of security tools delivered as a cloud service, highlights the degree to which security has
Research from Sumo Logic Highlights the Acceleration of Digital Transformation, Modern Applications, and Architectures During COVID-19 Global Pandemic (GlobeNewswire) 5th Annual Continuous Intelligence Report Reveals Increase in Multi-Cloud Adoption, Heightened Requirements of Cloud Architectures, Security and More, Underscoring the Need for Real-time Analytics to Drive World-class Customer Experiences
Q3 Mobile Malware Rise Soars in Asia with 97% Transactions Flagged Fraudulent, Reports Upstream’s Secure-D (Upstream) 161 million blocked transactions and one in five of all infected users in Indonesia Nine out of 10 most suspicious apps linked to Google Play – four MEIZU phone apps in the list London, November 24, 2020 – In the third quarter of 2020 there has been a consistent and significant increase in mobile malware […]
Voice phishing attacks on the rise, remote workers vulnerable (IT Brief) There is an increase in voice phishing attacks, where hackers use existing employee names in attempt to trick victims into sharing login credentials and data by phone.
Customer attitudes to digital identity: meet the expectations of tomorrow (Onfido) We surveyed over 4,000 people across the USA, UK, France and Germany to find out what digital identity means for them - and packaged our findings into a white-paper to share what we learnt.
Increased Use of Digital Accounts During COVID But New Customers Remain Concerned about Privacy and Security (Onfido) Onfido survey shows spike in digital account usage but concerns about security and privacy remain paramount with 43% of respondents abandoning new account setup
Marketplace
Why Startups Should Focus On Cybersecurity (Forbes India) Young companies don't have legacy IT issues and can implement robust cybersecurity systems right from the beginning, and not as an afterthought
Cyber insurance 101: Timely guidance on an essential tool (SearchSecurity) If you don't already have a policy, it's time for this cyber insurance 101 guide. IT security pros: Learn why a cyber insurance policy must be part of your risk mitigation strategy and how policy types vary so you can choose the best one for your organization.
Lightspin Emerges from Stealth with $4 Million Seed Round; Former White Hat Hackers "Think" Like Intruders to Secure Cloud and Kubernetes Environments (PR Newswire) Lightspin, a pioneer in contextual cloud security protecting native, Kubernetes, and microservices from known and unknown risks, today...
Capstone Headwaters Advises StratoZen on its sale to ConnectWise (Capstone Headwaters) Capstone Headwaters, a leading international investment banking firm, advised StratoZen, Inc., on its sale to ConnectWise, LLC, a portfolio company of Thoma Bravo, LLC. Strong and Hanni served as legal counsel to the Company on the transaction.
Splunk to acquire Flowmill, network performance monitoring company (SeekingAlpha) Splunk (NASDAQ:SPLK) signed a definitive agreement to acquire Palo-Alto based Flowmill, cloud network observability company with expertise in network performance monitoring, for continuing to deliver its vision to offer the world's most comprehensive Observability Suite.
Experian Acquires Tapad, a Leading Digital Identity Resolution Provider (AiThority) Experian, the global information services company, announces that it has completed the acquisition of Tapad
Palantir wins Army network modernization contract, expanding its military work (FedScoop) Hitting the public market and the scrutiny that comes with it have not slowed down Palantir’s dealings with the military.
DynCorp falls short in bid to keep $700M Army intell contract (Washington Technology) DynCorp's argument that the Army Intelligence and Security Command picked the wrong company for a $700 million contract failed to convince the Government Accountability Office.
Cato Networks CEO on 'aggressive' European expansion (CRN) SASE vendor claims its valuation now exceeds $1bn in largest funding round to date
Avast: The Czech Business's Road to Success (PragueLife! Magazine) In today’s world, plenty of businesses grow and expand to foreign countries, including large and small firms, and fresh start-ups. Czech companies remain
Cybrary sees big growth, gives back with free cyber courses amid Covid-19 (Baltimore Business Journal) Ryan Corey, CEO of Cybrary, said about 30,000 people are taking free training courses on his company's career development platform each day.
Tanium Deepens Strategic Partnership with CIS, Joining the Elite CIS CyberMarket (Odessa American) Tanium, the provider of unified endpoint management and security built for the world’s most demanding IT environments, today announced a strategic partnership with the Center for Internet Security, Inc. (CIS®).
Minnesota cyber company expands into San Antonio (San Antonio Business Journal) The company hasn't found a spot yet, but it is already hiring for dozens of positions for its San Antonio team.
Axis Security Chosen 2020 Red Herring Top 100 North America Winner (Security Boulevard) Axis Security, the leader in Zero Trust Access, today announced that it has been named a winner at Red
Trump Lashes Voting Tech Firm With Barrage of Debunked Claims (Bloomberg) Dominion cites Trump administration officials to fight claims. Corporations grapple for ways to counter disinformation.
Mariana Swann Joins Pondurance to Lead Assessment and MDR for Legal and Insurance (Pondurance) Mariana Swann Joins Pondurance to Lead Assessment and Managed Detection and Response Services for Legal and Insurance
Deloitte taps new head of government advisory practice (Washington Business Journal) Deloitte Consulting LLP selected a new head of its government and public services advisory practice Monday, tapping the chief of its government innovations and platforms practice, Matt Gentile, to lead the group.
Privitar Aligns for Continued Growth and Expansion with Appointments of Jessi Marcoff as Chief People Officer and Nicky Brocklehurst as VP of People | Privitar (Privitar) Privitar, the leading data privacy platform provider, today announced the expansion of its senior leadership team with the appointments of Jessi Marcoff as Chief People Officer and Nicky Brocklehurst as VP of People.
CISQ Welcomes Theis Eichel, VP of 7N, to Governing Board | CISQ - Consortium for Information & Software Quality (CISQ) Leading digital advisory to contribute to CISQ standards.
Products, Services, and Solutions
SHIELD Announces DeviceSHIELD to Protect Small Businesses from Cyber Fraud During the COVID-19 Pandemic (PR Newswire) SHIELD, the world's leading cybersecurity company specializing in cyber fraud and identity verification, today launched DeviceSHIELD, a cyber...
Carillon’s Credentialing Services Earns Trusted Status with SAFE Identity Bridge Certification Authority (GlobeNewswire) SAFE Identity and Carillon Information Security Inc. today announced that Carillon has achieved cross-certification with the SAFE Identity Bridge Certification Authority (SIBCA), a cryptographic infrastructure that enables individuals, organizations and online services in the healthcare sector to trust each other’s digital identities for high assurance electronic transactions.
Ivanti Announces Partnership with Avast Business to Integrate Patch Management Technology into Security Platforms for Small Businesses (KPVI) Ivanti, the company that automates IT and Security Operations to discover, manage, secure and service from cloud to edge, has announced its
Digital Shadows Launches Sensitive Document Alerts With Added Context (Security Boulevard) New capabilities within SearchLight™ to detect exposed sensitive but not protectively-marked technical and commercial documents, including product designs
Comodo and Multi-Visions (Canada) Enter into Distribution Agreement for North America (AiThority) Comodo, the world’s leader of next-generation cybersecurity announced a distribution partnership with Multi-Visions (Canada) for North America.
Acronis True Image 2021 Adds Vulnerability Assessments, Enabling Users to Close Security Gaps in Their Systems (Yahoo) Acronis, a global leader in cyber protection, today announced an update of Acronis True Image 2021 that incorporates a professional-grade vulnerability assessment tool into the personal cyber protection solution. Individuals and home office users can now scan their operating systems and applications for exploitable vulnerabilities and get recommendations on effectively closing those security gaps.
Technologies, Techniques, and Standards
Why foreign election interference fizzled in 2020 (Atlantic Council) Thanks to US agencies, the chaotic aftermath of the presidential election saw no massively successful foreign interference campaigns.
Cyber-Attacks Against Insurance Companies: How to Avoid the Risks (Votiro) Like many industries, insurance companies are in midst of a digital transformation, adopting new channels and services in order to conduct their business virtually and enhance their customers’ experiences. Digital claims, mobile apps, connection to the Internet of Things (IoT), and strategic integrations with third-party portals all open the door to cyber criminals looking to...
Are you self-sabotaging your online security? - (Enterprise Times) SailPoint claims that employees are self-sabotaging their cybersecurity by mix personal and business use of devices and sharing access.
Joint Staff developing service-wide campaign plan for multidomain operations (C4ISRNET) A 60-page campaign document in the works could help coordinate the Combined Joint All-Domain Command and Control development across the services.
US Air Force to reorganize network, security groups under single entity (C4ISRNET) The 688th Cyberspace Wing is combining three of its groups to create a network and security operations center.
Virtual credit cards are another step to protect your money online (ABC11 Raleigh-Durham) During the holiday season, it's vital to protect your information, including your money. One way to do that is by using a new type of credit card known as a virtual credit card. Virtual credit cards give shoppers an added layer of protection.
Azure Security Basics: Log Analytics, Security Center, and Sentinel (Black Hills Information Security) Jordan Drysdale // TL;DR The problem with a pentester’s perspective on defense, hunting, and security: Lab demographics versus scale. If it costs $15 bucks per month per server for me to get ATP data, demo its effectiveness, provide tips, tricks, and some basic guidance to the world, this is affordable. Deploying ATP on 5,000 virtual […]
Design and Innovation
Covid-19 is an accelerator, not disruptor, says former NSA Director (CTECH) Speaking with Nimrod Kozlovski for Calcalist and CTech’s Mind The Tech 2020 event, Michael S. Rogers shares how the pandemic changed investment strategies
Twitter to show a warning when you try to like a labeled tweet (The Verge) The company already displays a warning when you try to retweet a labeled tweet
Rheinmetall wins Bundeswehr cybersecurity innovation prize (Army Recognition) Rheinmetall’s work in the field of cybersecurity received a special accolade at the Innovation Conference 2020, an event staged by CODE, a research institute with close ties to the Bundeswehr.
The impact of spycraft on how we secure our data (ComputerWeekly) The history of cyber security owes much to the world of espionage, as a recent, pre-lockdown Science Museum exhibition showed.
US Army working on new electromagnetic deception tool (C4ISRNET) The Army is prototyping a new deception tool its calling the Modular Electromagnetic Spectrum Deception Suite, or MEDS.
Academia
Miles College lands $2M tech investment from IBM (Birmingham Business Journal) Miles College has received a huge tech investment from IBM.
Legislation, Policy, and Regulation
Indicting Russia's Most Destructive Cyberwar Unit: The Implications of Public Attribution (Council on Foreign Relations) There are three main reasons behind publicly attributing these attacks to Russia.
()
Canada PM Refuses to Commit to Huawei 5G Decision Timetable (SecurityWeek) Canadian Prime Minister Justin Trudeau -- under pressure from the opposition to ban Huawei from the country's 5G networks -- refused to say Tuesday when he might make his decision, or if it would come before year's end.
UK considers Huawei ban by September 2021 (Computing) A draft bill proposes tough penalties on firms that breach the ban on Huawei gear
The UK Government Isn't Being Transparent About Its Palantir Contracts (Vice) Rights groups say the UK has been quietly signing contracts with Palantir and we have no idea what's in them.
New US IoT law aims to improve edge device security (CSO Online) The Internet of Things Cybersecurity Improvement Act will require device manufacturers to meet new security standards for government contracts. Carryover effect expected for the private sector.
After years of work, Congress passes 'internet of things' cybersecurity bill — and it's kind of a big deal - CyberScoop (CyberScoop) Congress last week did something that it rarely does: It passed a meaningful cybersecurity bill.
Lawmakers Urge FCC To Initiate 'Rip And Replace' Effort (Law360) A bipartisan pair of U.S. House members urged the FCC on Monday to start rolling out a congressionally mandated plan to pay internet providers for the replacement of network equipment that could pose national security risks.
Trump accepts US presidency transition to Biden must begin (BBC News) The president says a key federal agency should "do what needs to be done", but he vows to fight on.
Biden Transition Updates (NPR.org) Latest news on President-elect Joe Biden's move toward the White House and President Trump's final days in office after the 2020 election.
Biden picks Avril Haines as director of national intelligence (NBC News) Having served Obama as a national security lawyer and deputy CIA director, Haines has been playing a key national security role in the Biden transition.
Biden makes history with pick of Janet Yellen for Treasury secretary as his Cabinet begins to take shape (USA TODAY) Biden chose Janet Yellen to become Treasury secretary, tapping her to guide his efforts to steer the pandemic-hit economy out of crisis.
Biden Picks Janet Yellen for Treasury Secretary (Wall Street Journal) Former Fed chief, if confirmed by Senate, would be first woman to hold job
Analysis | The Cybersecurity 202: Biden’s DHS pick adds cybersecurity chops to the incoming administration (Washington Post) Alejandro Mayorkas championed cybersecurity initiatives during the Obama years.
Biden Nominates Cuban-Born Lawyer to Lead Homeland Security Dept. (New York Times) Alejandro N. Mayorkas, a former deputy homeland security secretary, would be tasked with restoring faith in a department that carried out the Trump immigration agenda.
Biden picks Alejandro Mayorkas, a son of Jewish Cuban refugees, to lead the Department of Homeland Security (Washington Post) President-elect Joe Biden’s choice of Alejandro Mayorkas to lead the Department of Homeland Security thrilled immigrant advocates on Monday and won praise from former DHS leaders who described him as a savvy department veteran who would try to stabilize the organization after years of front-office turmoil under President Trump.
Biden Will Nominate First Woman to Lead Intelligence, First Latino to Run Homeland Security (New York Times) John Kerry, the former secretary of state, will be climate czar, according to the Biden transition team.
Top Biden adviser seen as making tech regulation more likely (Reuters) President-elect Joe Biden’s top technology adviser helped craft California's landmark online privacy law and recently condemned a controversial federal statute that protects internet companies from liability, indicators of how the Biden administration may come down on two...
7 National Security Names To Watch In The Biden Admin. (Law360) President-elect Joe Biden has so far prioritized both experience and diversity in his choices for a national security team. Here are seven key people likely to take the helm in guiding U.S. foreign policy over the next four years.
Litigation, Investigation, and Law Enforcement
Undersheriff, Apple security chief, businessman indicted in bribery schemes (Palo Alto Online) Four people, including top brass in the Santa Clara County Sheriff's Office, have been indicted in bribery schemes for donations to Sheriff Laurie Smith's reelection campaign in exchange for highly coveted gun permits.
Apple Security Chief Offered iPads to Police as a Bribe for Gun Permits, Prosecutors Allege (Wall Street Journal) Apple’s head of security has been indicted on bribery charges for a scheme in which prosecutors allege he offered iPads to secure gun permits for his company’s employees.
Two Romanians Arrested for Running Malware Encryption Services (SecurityWeek) Two Romanians suspected of running services for encrypting malware and testing it against antivirus engines were arrested last week
Blackbaud Faces Class Suit Over Ransomware Attack (Law360) Blackbaud Inc. has been hit with a proposed class suit claiming the cloud-based software and service provider failed to safeguard users' personal information and did not notify them until months after a ransomware attack compromised their information.
FTC-Zoom Consent Order: Implications for Remote Workforces (JD Supra) On November 9, 2020, the Federal Trade Commission (FTC) announced in a press release that it had reached a settlement with Zoom Video Communications,...
World of Warcraft Co. Faces Privacy Suit Over Tracking Code (Law360) Blizzard Entertainment Inc. has been spying on World of Warcraft players' mouse clicks and keystrokes in violation of California privacy law with the help of a tracking code supplied by Mouseflow Inc., according to a class action filed Friday in California federal court, the second such suit filed last week.
Judge Nixes Suit For Crypto Co. Investor's $728K Atty Fees (Law360) A New York federal judge tossed a lawsuit by an alleged pump-and-dump scheme mastermind asking for his attorney fees to be paid by a cryptocurrency company involved in the alleged scheme, ordering the man to pay the company's fees instead.