Norway confirms its Fancy Bear sighting. FireEye says red-teaming tools were stolen. CISA issues ICS advisories. Patch Tuesday.

Dateline

2021 Predictions (Avast) Looking ahead to 2021, Avast foresees a significant presence of Covid-19 vaccination scams, abuse of weak home office infrastructures, ransomware attacks and more.

Key cybersecurity problems expected to mark 2021 (Help Net Security) After a year in which COVID-19 upended the way we live, work and socialize, we are likely to see a wealth of cybersecurity problems in 2021.

Predicting the Unpredictable: PCI Pal Releases Cybersecurity and Compliance Predictions for 2021 (BusinessWire) If 2020 has taught us anything, it’s that trying to predict upcoming threats and opportunities is like playing roulette – don’t bet anything you can’t

New Research: 2020 Vulnerabilities on Target to Match or Exceed Last Year (RBS) Today, we released our new 2020 Q3 Vulnerability QuickView Report, revealing that the number of vulnerability disclosures is back on track to reach or bypass 2019 as we head into 2021. Our VulnDB team aggregated 17,129 vulnerabilities disclosed during the first three quarters of 2020, marking a 4

The Remote-Work Transition Shifts Demand for Cyber Skills (Threatpost) According to Cyberseek, there are more than half a million open cybersecurity positions available in the U.S. alone (522,000).

10 Cybersecurity Certifications to Boost Your Career in 2021 (SearchSecurity) Heading into 2021, cybersecurity professionals are simultaneously in high demand and worried about keeping their jobs as companies continue to battle the COVID-19 pandemic. Cybersecurity certifications can help on both fronts. Here's our top 10 list.

A Year in Review (Akamai) What a year it’s been. If you are reading this — we made it to December 2020.

Cyber Attacks, Threats, and Vulnerabilities

New Malware Arsenal Abusing Cloud Platforms in Middle East Espionage Campaign (Cybereason) The Cybereason Nocturnus Team has identified an active espionage campaign employing three previously unidentified malware variants that use Facebook, Dropbox, Google Docs and Simplenote for command & control and the exfiltration of data from targets across the Middle East.

A Zebra in Gopher's Clothing: Russian APT Uses COVID-19 Lures to Deliver Zebrocy (Intezer) Russian APT28 using COVID-19 vaccine as phishing lures to deliver the Go version of Zebrocy malware.

Norway Accuses Russian Hackers of Parliament Attack (SecurityWeek) Norway blamed the Russian hacker group known as Fancy Bear and APT28, for cyberattack on the Norwegian parliament in August 2020.

Norway says Russian hacking group APT28 is behind August 2020 Parliament hack (ZDNet) Russian hackers breached the Norway's Parliament email accounts in August this year.

U.S. Cyber Firm FireEye Says It Was Breached by Nation-State Hackers (Wall Street Journal) The cybersecurity company said the attack compromised its software tools used to test the defenses of its thousands of customers.

FireEye, a Top Cybersecurity Firm, Says It Was Hacked by a Nation-State (New York Times) The Silicon Valley company said hackers — almost certainly Russian — made off with tools that could be used to mount new attacks around the world.

U.S. cybersecurity firm FireEye discloses breach, theft of hacking tools (Reuters) FireEye, one of the largest cybersecurity companies in the United States, said on Tuesday that it had been hacked, likely by a government, and that an arsenal of hacking tools used to test the defenses of its clients had been stolen.

US cybersecurity firm FireEye hit by 'state-sponsored' attack (BBC News) FireEye says tools used for testing clients' security have been stolen, without naming the culprits.

FireEye reveals that it was hacked by a nation state APT group (BleepingComputer) Leading cybersecurity company FireEye disclosed today that it was hacked by a threat actor showing all the signs of a state-sponsored hacking group.

FireEye Says 'Sophisticated' Hacker Stole Red Team Tools (SecurityWeek) FireEye said that a “highly sophisticated” threat actor broke into its corporate network and stole a range of automated hacking tools and scripts.

Cybersecurity firm FireEye says it was hacked by a nation-state (TechCrunch) FireEye, normally the first company that cyberattack victims will call, has now admitted it too has fallen victim to hackers, which the company called a “sophisticated threat actor” that was likely backed by a nation-state. In a blog post confirming the breach, the company’s chief…

FireEye, one of the world's largest security firms, discloses security breach (ZDNet) FireEye suspects it was the victim of a nation-state hacking group.

Russia's FireEye Hack Is a Statement—but Not a Catastrophe (Wired) The fallout from the attack may not be as dire as it first sounds.

Unauthorized Access of FireEye Red Team Tools (FireEye) A state-sponsored adversary stole FireEye Red Team tools, so we are releasing hundreds of countermeasures to ensure the security community is protected.

November 2020’s Most Wanted Malware: Notorious Phorpiex Botnet Returns As Most Impactful Infection (Check Point Software) Check Point Research reports new surge in attacks using the Phorpiex Botnet delivering the Avaddon ransomware in malicious spam campaigns Our latest

Report: Massive Instagram Click Farm Uncovered (vpnMentor) Led by Noam Rotem and Ran Locar, vpnMentor’s research team recently uncovered a huge illicit Instagram click farm based somewhere in Central Asia and operating globally. Click

Vishing criminals let rip with two scams at once (Naked Security) It would be funny if it weren’t a crime.

Over 100 GE Healthcare Devices Affected by Critical Vulnerability (SecurityWeek) Over 100 CT, X-Ray, MRI and other types of medical devices made by GE Healthcare are affected by a critical vulnerability that could allow an attacker to access or modify sensitive data.

Mitsubishi Electric GOT and Tension Controller (ISSSource) Mitsubishi Electric Corporation is working on a fix, but has a plan to handle an out-of-bounds read vulnerability in its GOT and Tension Controller products, according to a report with CISA.

Critical Flaws in Millions of IoT Devices May Never Get Fixed (Wired) Amnesia:33 is the latest in a long line of vulnerabilities that affect countless embedded devices.

Multiple Embedded TCP/IP Stacks (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Multiple (open source) Equipment: uIP-Contiki-OS, uIP-Contiki-NG, uIP, open-iscsi, picoTCP-NG, picoTCP, FNET, Nut/Net Vulnerabilities: Infinite Loop, Integer Wraparound, Out-of-bounds Read, Integer Overflow, Out-of-bounds Write, Improper Input Validation, Improper Null Termination CISA is aware of a public report, known as “AMNESIA:33” that details vulnerabilities found in multiple open-source TCP/IP stacks. CISA is issuing this advisory to provide early notice of the reported vulnerabilities and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.

GE Healthcare Imaging and Ultrasound Products (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Healthcare Equipment: GE Imaging and Ultrasound Products Vulnerabilities: Unprotected Transport of Credentials, Exposure of Sensitive System Information to an Unauthorized Control Sphere 2.

Mitsubishi Electric GOT and Tension Controller (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Corporation Equipment: GOT and Tension Controller Vulnerability: Out-of-bounds Read 2.

Schneider Electric Easergy T300 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Easergy T300 Vulnerability: Missing Authentication for Critical Function, Missing Authorization, Missing Encryption of Sensitive Data, Improper Restriction of Rendered UI Layers or Frames 2.

Schneider Electric Modicon M221 Programmable Logic Controller (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable from an adjacent network Vendor: Schneider Electric Equipment: Modicon M221 Programmable Logic Controller Vulnerabilities: Inadequate Encryption Strength, Small Space of Random Values, Missing Encryption of Sensitive Data, Exposure of Sensitive Information, Use of a One-Way Hash with a Predictable Salt 2.

Siemens Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SENTRON PAC3200, SENTRON PAC4200, SIRIUS 3RW5 Vulnerability: Integer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition.

Siemens XHQ Operations Intelligence (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: XHQ Operations Intelligence Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Cross-site Scripting, Basic XSS, SQL Injection, Relative Path Traversal, Cross-site Request Forgery 2.

Siemens SICAM A8000 RTUs (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SICAM A8000 Remote Terminal Unit Series Vulnerability: Protection Mechanism Failure 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain unauthorized read or write access to network traffic to or from the device.

Siemens Products using TightVNC (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC ITC Industrial Thin Clients, SIMATIC WinCC Runtime Advanced/Professional, SIMATIC HMI Panels, SIPLUS extreme products Vulnerabilities: Heap-based Buffer Overflow, NULL Pointer Dereference, Classic Buffer Overflow 2.

Siemens SIMATIC Controller Web Servers (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC Controller Web Servers Vulnerability: Uncaught Exception 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition.

Siemens LOGO! 8 BM (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: LOGO! 8 BM Vulnerabilities: Missing Authentication for Critical Function, Use of Hard-coded Cryptographic Key, Use of a Broken or Risky Cryptographic Algorithm, Insufficiently Protected Credentials 2.

Siemens SIMATIC S7-300 and S7-400 CPUs (Update C) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7-300 and S7-400 CPUs Vulnerability: Insufficiently Protected Credentials 2.

Siemens Industrial Products (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: Siemens Industrial Products containing certain processors Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2.

Siemens SIMATIC, SIMOTICS (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 3.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC, SIMOTICS Vulnerability: TOCTOU Race Condition 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-224-05 Siemens SIMATIC, SIMOTICS that was published August 11, 2020, on the ICS webpage on us-cert.gov.

Siemens UMC Stack (Update D) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: UMC Stack Vulnerabilities: Unquoted Search Path or Element, Uncontrolled Resource Consumption, Improper Input Validation 2.

Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update D) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK Vulnerability: Unquoted Search Path or Element 2.

Siemens SIMATIC, SINAMICS (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: SIMATIC, SINAMICS Vulnerabilities: Uncontrolled Search Path Element, Heap-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-161-05 Siemens SIMATIC, SINAMICS (Update A) that was published July 14, 2020, to the ICS webpage on us-cert.gov.

Siemens PROFINET-IO Stack (Update C) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Siemens PROFINET-IO Stack Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-042-04 Siemens PROFINET-IO Stack (Update B) that was published August 11, 2020, to the ICS webpage on us-cert.gov.

Siemens Industrial Products (Update K) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Industrial Products Vulnerabilities: Excessive Data Query Operations in a Large Data Table, Integer Overflow or Wraparound, Uncontrolled Resource Consumption 2.

Siemens LOGO! Soft Comfort (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: LOGO! Soft Comfort Vulnerability: Deserialization of Untrusted Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-134-03 Siemens LOGO! Soft Comfort that was published May 14, 2019, on the ICS webpage on us-cert.cisa.gov.

Siemens LOGO! 8 BM (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: LOGO! 8 BM Vulnerabilities: Missing Authentication for Critical Function, Improper Handling of Extra Values, Plaintext Storage of a Password 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-161-04 Siemens LOGO!

Siemens SCALANCE X Switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C (Update D) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable from the same local network segment (OSI Layer 2) Vendor: Siemens Equipment: SCALANCE X switches, RUGGEDCOM Win, RFID 181-EIP, and SIMATIC RF182C Vulnerability: Heap-based Buffer Overflow 2.

Siemens LOGO! (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: LOGO! Vulnerabilities: Insufficiently Protected Credentials, Man-in-the-Middle 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-243-02 Siemens LOGO! that was published August 31, 2017, on the ICS webpage on us-cert.cisa.gov.

Never click on this kind of Zoom invite. You’ll thank us forever (Fast Company) Zoom phishing scams are the latest conduit for planting malware to steal identities, passwords, and financial information.

Attackers Know Microsoft 365 Better Than You Do (Dark Reading) Users have taken to Microsoft Office 365's tools, but many are unaware of free features that come with their accounts -- features that would keep them safe.

FBI Director: Cyber Criminals Targeting Banks’ Third Parties (ABA Banking Journal) FBI Director Christopher Wray urged banks to be wary of “cyber criminals targeting the vulnerabilities in third-party services.”

Exclusive: Personal Data Of 7 Mn Indian Cardholders Leaked On Dark Web (Inc42 Media) Personal data of 7 Mn cardholders has been leaked in a public Google Drive link made available on the dark web.

How merchant social media gateways became new fraud traps (PaymentsSource) Crooks are hiding payment skimmers within plain sight on retailer websites, using social contact buttons in a way that's hard for security protection to spot.

No personal information stolen in Baltimore County schools ransomware attack, officials say (Baltimore Sun) Baltimore County officials do not believe that the personal data of students or employees was stolen in the November ransomware attack that crippled the school system, they announced Monday.

Data breach creates potential risk for Memorial donors (Marysville Journal-Tribune) Unavailable.A software company utilized by Memorial Health for its fundraising efforts has suffered a data breach. Blackbaud, a cloud software company, recently disclosed it has been the victim of a ransomware attack that may have involved thousands of client organizations around the world. Affected entities range from non-profits and hospital systems to educational institutions andRead More

Personal information of some U of M employees exposed in security breach (Memphis Business Journal) A security breach at the University of Memphis has caused private information of certain faculty and staff members to be compromised.

Security Patches, Mitigations, and Software Updates

Patch Tuesday, Good Riddance 2020 Edition (KrebsOnSecurity) Microsoft today issued its final batch of security updates for Windows PCs in 2020, ending the year with a relatively light patch load. Nine of the 58 security vulnerabilities addressed this month earned Microsoft's most-dire "critical" label, meaning they can be abused by malware or miscreants to seize remote control over PCs without any help…

Microsoft Patches Critical SharePoint, Exchange Security Holes (SecurityWeek) Microsoft’s final batch of security patches for 2020 shipped today with fixes for at least 58 documented vulnerabilities affecting a wide range of OS and software products.

Adobe Patches Code Execution Flaws in Prelude, Experience Manager, Lightroom (SecurityWeek) Adobe patches critical code execution vulnerabilities in its Prelude, Experience Manager and Lightroom products.

Cisco fixes Security Manager vulnerabilities with public exploits (BleepingComputer) Cisco has released security updates to address multiple pre-authentication vulnerabilities with public exploits affecting Cisco Security Manager that could allow for remote code execution after successful exploitation.

OpenSSL Ships ‘High Severity’ Security Patch (SecurityWeek) The OpenSSL Project today warned that the widely deployed TLS/SSL toolkit is vulnerable to a serious security flaw that exposes users to denial-of-service attacks.

Possible Code Execution Flaw in Apache Struts (SecurityWeek) Security update issued for Apache Struts 2 to address what is described as a “possible remote code execution” vulnerability (CVE-2020-17530)

SAP Security Patch Day – December 2020 - Product Security Response at SAP (SAP) This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape.

SAP Security Patch Day December 2020: Serious Vulnerability in SAP NetWeaver AS JAVA Requires Immediate Patching | Onapsis (Onapsis) SAP has published 14 new and updated Security Notes on its December Patch Day. This number includes four HotNews notes and two High Priority notes.

Apple to Tighten App Privacy, Remove Apps That Don't Comply (SecurityWeek) Apple is rolling out an anti-tracking feature in 2021 and warned it could kick apps off its widely used App Store if developers don’t obey requirements.

Pornhub calls halt to unverified users posting on its site (AP NEWS) Pornhub said Tuesday it was halting unverified users from uploading video material after a report alleged that the pornographic website was showing videos of rape and underage...

Cyber Trends

Internet Security Report - Q3 2020 (WatchGuard Technologies) The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Their smart, practical security advice contained in the Internet Security Report will enable you to better protect your organization in the ever-changing threat landscape.

CrowdStrike Releases Annual Cyber Front Lines Report (CrowdStrike) CrowdStrike announced the release of the Cyber Front Lines Report, which compiles the insights and observations of CrowdStrike’s services teams in 2020.

New Report from Fudo Security Identifies Key Trends in Secure Remote Access (BusinessWire) Global survey of cybersecurity leaders conducted by Fudo Security shows increased adoption of multi-layered solutions for secure remote access

Cyber criminals focus on small and medium enterprises as the damage by cyber crime grows (Startups Magazine) Accenture & Ponemon’s 2019 Cost of Cybercrime Study indicates that the right approach to cyber threats might save companies up to $5.2tn of future revenues in the next few years. Small and medium enterprises (SMEs) are among the most vulnerable as they only recently became more conscious of clear and present cyber threats.

2020 Small Business Digital Resilience Report by Moxtra Reveals Consumers Crave More Digital Engagement But Bad Experiences Drive Them Away (PR Newswire) The onset of the COVID-19 pandemic sparked a drastic evolution in the ways that small businesses interact with their customers. In fact, nearly...

Surge in Physical Threats During Pandemic Complicates Employee Security Efforts (Wall Street Journal) High-profile executives and rank-and-file staff have faced increased physical threats this year from inside and outside their companies, leading corporate security teams to search for ways to better protect employees—particularly those working from home, security executives say.

The State of Local Government Cybersecurity (Technology Solutions That Drive Government) A recently released survey shows plans are in place to respond to attacks, but there is weak engagement from local leaders and concerns over a lack of funding.

Stuxnet and Beyond: The Origins of SCADA and Vulnerabilities to Critical Infrastructure (Homeland Security Today) Many understand this growing threat to industrial control systems but don’t know the origins of a key attack vector.

Nervous System: The First Major Data Breach, 1984 (Legaltech News) Data breaches affecting millions of Americans is no new phenomenon. This month's history of cybersecurity explores the time in 1984 when over 90 million Americans had their credit histories exposed.

Marketplace

Cloud Visibility Firm Orca Security Raises $55 Million (SecurityWeek) US and Israel-based cloud visibility firm Orca Security raises $55 million in a Series B funding round, which brings the total raised by the company to $82 million.

Fortinet snaps up network monitoring vendor Panopta (ARN) Network security vendor Fortinet has acquired software-as-a-service monitoring vendor Panopta.

Cyber insurance startup At-Bay raises $34M Series C, adds M12 as a new investor (TechCrunch) The cyber insurance company plans to grow its team and launch new products

Peraton's 'transformative' deal to buy Northrop's IT business boosts both, experts say (Washington Business Journal) The anticipated divestiture hones Northrop's strategic priorities while tripling the size of Peraton.

WISeKey signs a $15.5 million high growth capital investment agreement with Alpha Blue Ocean to finance the acquisition of arago and integration of Artificial Intelligence on its Cybersecurity platform (GlobeNewswire) WISeKey signs a $15.5 million high growth capital investment agreement with Alpha Blue Ocean to finance the acquisition of arago and integration of Artificial Intelligence on its Cybersecurity platform

Juniper Buys Apstra in Move Toward Self-Driving Data Center Network (Data Center Knowledge) The startup’s intent-based networking technology automates network configuration, deployment, and management, moving Juniper closer to its self-driving network vision.

Former Auth0 exec hiring for new stealthy security startup (Portland Business Journal) Joan Pepin left Auth0 this fall to launch her own security startup to help companies secure data more efficiently and effectively.

Five things to know about FireEye, the Milpitas cybersecurity firm that thinks it was attacked by Russia (Silicon Valley Business Journal) Here's a primer on the Milpitas company, one of the world's largest cybersecurity companies, which announced that it had been attacked by a “nation with top-tier offensive capabilities."

FireEye Stock Falls After Company Says It Was Hit By A ‘State-Sponsored’ Cyber Attack (Barron's) The cyber security company said “we are witnessing an attack by a nation with top-tier offensive capabilities.”

FireEye shares drop 7.5% after revealing hackers targeted security testing tools (NASDAQ:FEYE) (SeekingAlpha) In a regulatory filing, FireEye (NASDAQ:FEYE) reveals that it "recently was attacked by a highly sophisticated cyber threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack."The actions were designed to specifically target and attack FireEye.

FireEye Drops After Cybersecurity Company Says It Was Hacked (Bloomberg) Attackers from ‘a nation with top-tier offensive capabilities’. Breach was discovered after company found a suspicious login.

FireEye hack looks unlikely to disrupt cybersecurity momentum: At the Open (NASDAQ:FEYE) (SeekingAlpha) The premarket drop in FireEye (FEYE, -10%) is a big pothole in the recent trajectory of the stock. But it looks like the broader cybersecurity sector can keep its upward path from a technical perspective.FireEye disclosed late yesterday a security breach and theft of Red Team tools it uses to test vulnerabilities in systems that analysts called “undoubtedly concerning” and “clearly a negative.”Shares had made some bullish moves with respect to technical levels recently, but are set to lose that ground at the open today.FEYE is indicated to start trading at $13.85.

After cybersecurity attack, Israel reconsiders its tender with Shirbit insurance company (CTECH) Shirbit is one of the leading vehicle insurance companies for government employees, but after its system was hacked and personal information made public, Israel is reconsidering renewing the contract

CrowdStrike: Expanding Its Market Opportunity (Seeking Alpha) Cybercrime is expected to cost the world $10.5 trillion by 2025, making it the 3rd largest economy.

Mark Zuckerberg threatened to end Facebook’s UK investment in private 2018 meeting with digital chief, warning over ‘anti-tech’ tone (TechCrunch) Round of applause for the Bureau of Investigative Journalism — which fought for two years to obtain details of a closed door meeting between Facebook’s Mark Zuckerberg and the UK secretary of state in charge of digital issues at the time, Matt Hancock (now health secretary). Freedom of …

Tenable founders launch new cybersecurity foundation with $1M in grants (Washington Business Journal) Investment firm Gula Tech Adventures is launching the Gula Tech Foundation with a goal of providing millions of dollars in competitive grants to cybersecurity nonprofits around the country.

Cybersecurity & Privacy Group Of The Year: Edelson (Law360) Edelson PC won initial approval of a $650 million cash settlement in a biometric privacy case against Facebook and retained a $925 million jury verdict against dietary supplement marketer ViSalus in an unauthorized robocall suit, landing it among Law360's 2020 Cybersecurity & Privacy Practice Groups of the Year.

Cyber security firm to open new EMEA HQ in Manchester and double city headcount (Business Live) Its new HQ will offer collaborative working hubs and an event space at the famous tower

TrueFort Adds Robert Strickland to Board of Advisors (BusinessWire) TrueFort's unique application-centric approach to securing businesses from cyber threats fills a void left by IT infrastructure security tools.

Jscrambler Announces Jasvir Nagra as Technical Advisor (GlobeNewswire) Cybersecurity company strengthens its advisory board with one of the key minds in software protection to further accelerate its growth

Products, Services, and Solutions

AppOmni Announces Significant Updates to Enterprise Essentials Platform (PR Newswire) AppOmni, the leading provider of SaaS Security Posture Management (SSPM), today announced the expansion of their platform to include GitHub and...

Financial Data Exchange Releases New Open Finance Standards & FDX API Version 4.5 (PR Newswire) The Financial Data Exchange (FDX) announced its Fall release this morning which includes a myriad of technical standards and updates to the...

Cybint Partners with Leading Cybersecurity Technologies, Webhose and IntSights, to Enhance Its Learning Experience (reBlonde) The partnerships open Cybint’s users to the Webhose and IntSights threat intelligence platforms, boosting its program and empowering participants to detect, analyze, and respond to various cyber threats

Intel and Consilient Join Forces to Fight Financial Fraud with AI (Intel Newsroom) What’s New: Consilient, a newly formed company dedicated to establishing a next-generation system for anti-money laundering and countering the financing

Samsung SmartThings and Google Join Forces to Enhance Smart Homes With Nest Integration (Samsung) New integration allows SmartThings users to control Nest devices

Interview: Forcepoint on moving data protection from the SOC into the business (IT Brief) “Systems, applications, employees and customers count on cybersecurity but it is something separate.

Johnson Controls and Microsoft announce global collaboration, launch integration between OpenBlue Digital Twin and Azure Digital Twins (Microsoft) Microsoft announces the general availability of Azure Digital Twins Holistic integration across digital twin technologies will enable users to digitally manage physical spaces, maximize efficiency, support COVID-19 safety and pilot new solutions Solution aims to encompass the entire ecosystem of building and device management technologies with digital cloud technologies Collaboration will support efficient and environmentally […]

Chubb launches digital life insurance in Brazil: Roundup (Digital Insurance) Also: Aon's cybersecurity platform, MassMutual insurtech unit picks Sapiens, more

Cato Networks launches cloud API to automate and monitor SASE deployments (FierceTelecom) Cato Networks is now offering its enterprise customers a cloud API to provision and manage their Cato SASE deployments from third-party platforms. The Cato Cloud AP automatically provisions new sites and policies while also monitoring Cato's network analytics and security events from security information and event managements (SIEMs) software and third-party applications.

Zscaler Announces Cloud Protection to Automate Security for Cloud Workloads (PRWire) New Comprehensive Portfolio Extends Zero Trust Architecture to Cloud Workloads on Any Cloud Platform; ThreatLabZ Research Shows Cloud Security Best Practices Routinely Missed

Group-IB Threat Intelligence & Attribution Deemed Compliant With Recommendations for Cybersecurity Companies by a Big Four Accounting Firm (PR Newswire) Group-IB, a global threat hunting and intelligence company headquartered in Singapore, announces that its Threat Intelligence & Attribution...

PrivacyCheq Offers Apple-style 'Nutrition Label' Privacy Notices for CCPA Compliance (PR Newswire) Today, PrivacyCheq is launching PrivacyUX LiveStart, a low cost, structured version of its PrivacyUX for CCPA service. Unlike typical...

Press Release: BackupAssist Classic v11 Launches to Help Ensure Cybercrime Resilience (Cyber Resilience Blog) Groundbreaking Cyber Black Box Collects and Stores Data that Can Aid Digital Forensic Investigations, Assist in Cybercrime Insurance Claims and Help Cybercrime Investigators to Track and Prosecute Global Cyber Criminals

Wipe Mac Hard Drive with T2 Security Chip Using Jetico’s BCWipe (Yahoo) BCWipe Total WipeOut now delivers a reliable solution to wipe Mac hard drives with a T2 security chip installed.

Cyberbit Launches the First Zero to Hero Cyber Skills Development Cloud (BusinessWire) Cyberbit launches their Cyber Skills Development Cloud, the only Zero to Hero cyber range skilling platform for cybersecurity professionals.

Technologies, Techniques, and Standards

Banks ordered to cyber attack themselves (Australian Financial Review) Banks must hire independent teams of 'red hat' hackers to secretly deploy the latest cyber attack techniques against themselves under new a new security framework.

Why Compliance Is No Longer King for Financial Services Cybersecurity (Dark Reading) Financial services companies' experience in risk management serves them well when it comes to minimizing their cyber-risk.

Census Bureau Announces Quality Assessments for 2020 Census (2020Census) The U.S. Census Bureau announced updated plans for releasing information about quality along with the first results from the census.

Aquarium Leaks. Inside the GRU’s Psychological Warfare Program (Free Russia Foundation) In this exclusive and groundbreaking report, Free Russia Foundation has translated and published five documents from the GRU, Russia’s military intelligence agency. The documents, obtained and analyzed by Free Russia Foundation’s Director of Special Investigations Michael Weiss, details the...

How Can Manufacturers Stop Damaging Cyber Attacks? (IndustryWeek) Privileged access security might be the route to addressing manufacturing's current cyber attack trend.

Telcos share challenges when dealing with family violence victims (CRN Australia) TIO shares recommendations for both telcos and affected customers.

Why IT and Security Teams Do Not See Eye to Eye (BankInfo Security) Forrester and VMWare Experts Discuss the reasons behind lack of collaboration between IT and security teams in APAC.. bank information security

Why the human factor matters in cybersecurity – and how to deal with it (Gulf Business) Companies need to find ways to integrate people, process and technology in a unified approach to security to protect their networks

Design and Innovation

Cloudflare and Apple design a new privacy-friendly internet protocol (TechCrunch) Engineers at Cloudflare and Apple say they’ve developed a new internet protocol that will shore up one of the biggest holes in internet privacy that many don’t know even exists. Dubbed Oblivious DNS-over-HTTPS, or ODoH for short, the new protocol makes it far more difficult for internet…

New transistor design disguises key computer chip hardware from hackers (Purdue University) A hacker can reproduce a circuit on a chip by discovering what key transistors are doing in a circuit – but not if the transistor “type” is undetectable.

Living in a Post-quantum Cryptography World (Check Point Software) Today, it is pretty expected from what we can see in the way hackers go after their victims. Whether through social engineering, phishing scams, or ransomware attacks ultimately it is just a hacker and his classic computer.

AWS expands on SageMaker capabilities with end-to-end features for machine learning (TechCrunch) Nearly three years after it was first launched, Amazon Web Services’ SageMaker platform has gotten a significant upgrade in the form of new features, making it easier for developers to automate and scale each step of the process to build new automation and machine learning capabilities, the c…

Netflix wants to help parents connect with their kids by explaining what they’re watching (The Verge) Netflix is using new reports to help parents try to connect with their kids’ Netflix obsessions.

Academia

UofSC, U.S. Army forge cyber training partnership (University of South Carolina) The University of South Carolina is partnering with the U.S. Army’s Cyber Center of Excellence at Fort Gordon in Savannah, Ga. to train personnel stationed there through specialized continuing education programs.

Legislation, Policy and Regulation

Brazil looks for legal options to ban China's Huawei from 5G: sources (Reuters) Brazilian President Jair Bolsonaro's government is looking for a legal way to exclude Chinese telecom equipment maker Huawei Technologies Co Ltd from 5G networks in Brazil, two sources familiar with the matter told Reuters.

China Bans 105 Apps Including US Based Tripadvisor From Local App Stores; Is It Settling Scores Over TikTok Ban? (ABP LIve) China has removed 105 apps including Tripadvisor from its local app stores as a 'clean up of illegal' apps on the web. Is it settling scores over the US TikTok ban? Here's all about it.

Home Affairs likens critical infrastructure protections to insurance and crime-fighting (ZDNet) Secretary Mike Pezzullo said while the government is working on how to protect all elements of the Australian economy, there's still an onus on organisations to actively defend against threats, just like they would expect the police to respond to a 'break and enter' despite having home insurance.

Online account takeover powers sent to PJCIS for review (iTnews) Legislation to face much-needed scrutiny.

The EU is making overtures about cybersecurity collaboration under Biden (CyberScoop) The European Commission and the office of the EU High Representative see more cooperation ahead with a new administration in the White House.

Trust, not escalation, should be the United States' cyberspace policy (TheHill) Establishing norms of acceptable behavior in conflicts requires the participation and leadership of the most powerful states of the age.

New AI privacy, security regulations likely coming with pending federal, state bills (CSO Online) CISOs should prepare for new requirements to protect data collected for and generated by artificial intelligence algorithms.

Defying Trump, House approves defense bill with veto-proof majority (Defense News) The House defied a veto threat from President Donald Trump on Tuesday and approved a $740.5 billion defense policy bill that Trump opposes because it doesn’t repeal a prized liability shield for social media firms.

Trump’s Defense-Bill Veto Threat, Explained (Wall Street Journal) President Trump has threatened to veto the sprawling bill over provisions related to the renaming of bases honoring Confederate figures, overseas troop levels and his demand that it include ending Section 230 of the Communications Decency Act.

The Pentagon has a decision to make on a major network security program (C4ISRNET) This year's NDAA forces the DoD to make a decision on the future of its Joint Regional Security Stacks program in 2021.

U.S. Cyber Command's First Decade (Lawfare) United States Cyber Command turned ten years old in 2020. It is a unique institution—a military command that operates globally against capable adversaries and yet never fires a shot—and its design has been a work in progress.

Some States Balk After C.D.C. Asks for Personal Data of Those Vaccinated (New York Times) The Trump administration is requiring states to submit personal data — including names, birth dates and addresses — of Covid-19 vaccine recipients.

Litigation, Investigation, and Enforcement

Huawei tested AI software that could recognize Uighur minorities and alert police, report says (Washington Post) An internal report claims the face-scanning system could trigger a ‘Uighur alarm,’ sparking concerns that the software could help fuel China’s crackdown on the mostly Muslim minority group

Huawei / Megvii Uyghur Alarms (IPVM) IPVM discovered a confidential Huawei document proving their use of racist software.

Nigerian intelligence bought tool to spy on citizens: Report (Al Jazeera) Defence Intelligence Agency acquired tools to spy on Nigerians’ calls and text messages, Citizen Lab report says.

Democrats seek intel on QAnon from DHS, FBI as backers join Congress (ABC News) Democrats are seeking information from DHS, FBI on QAnon as backers of the conspiracy group join Congress.

Former Cybersecurity Chief Sues Trump Campaign and Others, Charging Defamation (NPR) Christopher Krebs argues critics' public statements amounted to calling him a "traitor" for stating the 2020 presidential election was "the most secure in American history."

The Cybersecurity 202: Chris Krebs found another way to defend election after his firing: Suing the Trump campaign (Washington Post) Chris Krebs’s defamation lawsuit against President Trump's campaign marks the most significant effort yet to hold the president and his allies accountable for their violent rhetoric and baseless attacks on the election’s outcome that have led to threats against dozens of election officials.

US Healthcare Provider Proposes $4.2m Data Breach Settlement (Infosecurity Magazine) Montana healthcare provider tries to resolve lawsuit filed on behalf of victims of 2019 data breach

Home Depot data breach: Retailer settles with numerous states (TechGenix) The massive 2014 data breach at Home Depot — considered the largest retail card data breach in history — still has ramifications in 2020.

A Missile Engineer’s ‘Dark Fantasy’ and Alleged Revenge Plot (The Daily Beast) James Robert Schweitzer lost his security clearance over medical marijuana. What the feds say happened next is completely off the rails.

Justices Struggle With Autodialer Definition In Facebook Row (Law360) Several U.S. Supreme Court justices on Tuesday appeared receptive to Facebook's argument that the Telephone Consumer Protection Act narrowly prohibits only random-fired automated calls and texts to cellphones, although at least two conservative justices seemed concerned that Congress may have intended for the ban to sweep more broadly.

Norway confirms its Fancy Bear sighting. FireEye says red-teaming tools were stolen. CISA issues ICS advisories. Patch Tuesday.

COVID chum and, maybe, deepfakes for real.

The coming shape of the labor market.