Cyber Attacks, Threats, and Vulnerabilities
Analysis | The Cybersecurity 202: The federal government may be about to engage in the biggest telework experiment yet. But hacking and other cyber dangers pose serious challenges (Washington Post) The federal government has never attempted to work remotely on anywhere near this scale before.
Facebook, Twitter suspend Russian-linked operation targeting African Americans on social media (Washington Post) Facebook and Twitter have disabled a Russian operation designed to stoke racial tensions among African Americans in the United States, the companies announced Thursday, raising fresh alarms that the Kremlin may seek to interfere in the 2020 presidential election and divide American voters.
How Russian meddling is back before 2020 vote (CNN) Russian trolls have outsourced their disinformation campaigns to Ghana and Nigeria, focusing on racial issues in the US ahead of the presidential election.
State-sponsored hackers are now using coronavirus lures to infect their targets (ZDNet) Chinese, North Korean, and Russian government cyberspies caught using COVID-19-themed emails to infect victims with malware.
()
Hackers are seizing on coronavirus fears to steal data, researchers and U.S. regulators warn (Washington Post) Among the most sophisticated efforts has been a campaign by a group of Chinese hackers, researchers found.
Capitalizing on Coronavirus Panic, Threat Actors Target Victims Worldwide (Recorded Future) Insikt Group investigates how threat actors are using the global disruptions caused by the COVID-19 outbreak to further their cyber threat activities.
Cybercriminals, nation-states increasingly tailoring coronavirus spearphishing campaigns (CyberScoop) Cybercriminals and nation-state actors continue to exploit fears about the novel coronavirus, sending emails that look to be from legitimate health authorities to try delivering malware to victims, according to researchers at several different cybersecurity companies.
The Emergence of Coronavirus and Olympics Scams (Zscaler) The Zscaler ThreatLabz team has been actively monitoring scams and threat campaigns around the coronavirus health emergency and the Summer Olympics.
Hackers Posing as CDC, WHO Using Coronavirus in Phishing Attacks (BloombergQuint) Hackers Posing as CDC, WHO Using Coronavirus in Phishing Attacks
CovidLock: Mobile Coronavirus Tracking App Coughs Up Ransomware (DomainTools) The security research team at DomainTools recently observed an uptick in suspicious Coronavirus and COVID-19 domains, leading them to discover CovidLock, a malicious Andr
Princess Cruises, hobbled by coronavirus, admits data breach (TechCrunch) The data breach occurred almost a year ago, a statement said.
Data of millions of eBay and Amazon shoppers exposed (Naked Security) Eight million customer records belonging to companies including Amazon, eBay, Shopify, PayPal, and Stripe were collected.
Facebook cookie-stealing trojans surface on Android devices (TechRepublic) The trojans are designed to gain control of Facebook user accounts by capturing browser cookies in Android, says Kaspersky.
Rockwell Automation Allen-Bradley Stratix 5950 (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.7
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Rockwell Automation
Equipment: Allen-Bradley Stratix 5950
Vulnerability: Improper Access Control
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to write a modified image to the component.
ABB eSOMS (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.6
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: ABB
Equipment: eSOMS
Vulnerabilities: Use of Web Browser Cache Containing Sensitive Information, Improper Restriction of Rendered UI Layers or Frames, Improper Neutralization of HTTP Headers for Scripting Syntax, Sensitive Cookie Without ‘HttpOnly’ Flag, Protection Mechanism Failure, Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute, Exposure of Sensitive Information to an Unauthorized Actor, External Control of Critical State Data, Weak Password Requirements, SQL Injection, Cross-site Scripting, Cleartext Storage of Sensitive Information, Inadequate Encryption Strength
ABB Asset Suite (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.1
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: ABB
Equipment: Asset Suite
Vulnerability: Authorization Bypass Through User-Controlled Key
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker access to unauthorized information in the application by direct resource access.
Flawed eBay reviews dupe customers into buying shoddy goods (The Telegraph) Ebay shoppers are being misled into buying substandard and counterfeit goods due to a flaw in the online marketplace’s review system, a new investigation has found.
As Coronavirus rumors swirl, an Illinois public health agency's website is sidelined by hackers (Mother Jones) The ransomware outage could take weeks to fix.
C-U Public Health District's website held hostage by ransomware attack (The News-Gazette) It will be working with local governments to help push out vital information about the coronavirus on alternate websites and is urging the public to stay up to date by
Card data from the Volusion web skimmer incident surfaces on the dark webt (ZDNet) In September-October 2019, hackers planted malware to steal card data from 6,589 online stores.
Confessions app Whisper spills almost a billion records (Naked Security) Researchers say the exposure includes exact locations of users’ last posts, nicknames, age, and gender.
List of world's worst 'digital predators' stretches from India and Brazil to US (the Guardian) Freedom of expression group names and shames alleged offenders on online censorship and orchestrated repression
Security Patches, Mitigations, and Software Updates
Avast pulls plug on insecure JavaScript engine in its security software suite (Register) Code interpreter ran with admin-level access, not sand-boxed, potentially open to remote-code execution
Microsoft delivers emergency patch to fix wormable Windows 10 flaw (Ars Technica) Attackers got a head start when critical SMBv3 flaw details leaked 2 days ago.
Microsoft patches SMBv3 wormable bug that leaked earlier this week (ZDNet) Emergency out-of-band fix for CVE-2020-0796 is now rolling out to Windows 10 and Windows Server 2019 systems worldwide.
Out-of-Band Windows Updates Patch Wormable SMB Vulnerability (SecurityWeek) Microsoft has released out-of-band updates for Windows to patch a wormable SMB vulnerability tracked as CVE-2020-0796, CoronaBlue and SMBGhost
Microsoft discontinues RDCMan app following security bug (ZDNet) Microsoft recommends using the Windows in-box remote desktop client (MSTSC) instead.
Firefox 74 offers privacy and security updates (Naked Security) A month after shipping version 73 of its Firefox browser, Mozilla has released version 74 with a range of privacy and security enhancements.
Cyber Trends
Venafi Survey Results: Are We In a Permanent State of Cyber War? (Venafi) 485 IT security professionals were polled at RSA to garner their opinions on the seriousness of our current state of cyber warfare. The results may surprise you. Learn more.
Q1 Fraud and Abuse Report (Arkose Labs) In order to better understand the threat posed to businesses by the growing ease of cybercrime and ready availability of pre-built fraud tools, Arkose Labs teamed up with several customers and analyzed over 1.3 billion sessions. Download this report to learn more about The most commonly used methods by fraudsters to target online commerce during …
The 2020 Open Source Vulnerabilities Report (WhiteSource) Read WhiteSource's 2020 State of Open Source Security Vulnerabilities Report to gain insights on open source security’s weakest and strongest points.
Mobile Theft & Loss Report 2020 (Prey) The first edition of the Mobile Theft & Loss Report, which represented 2018’s theft statistics collected by Prey, marked the beginning of our company’s journey towards understanding theft and its evolution in the mobile landscape.
Marketplace
DisruptOps raises $9M with serial entrepreneur, cyber security veterans taming the cloud (Startland News) A fresh funding infusion is expected to help DisruptOps strengthen its team and its ability to react to threats in the cloud, said Jody Brazil.
Dimension Data unifies operations, becomes more client focused (IT-Online) Dimension Data is to operate under a single name as aims to deliver the changing technology needs of its clients. “As the market around us continues to evolve, we are conscious of the need to remain relevant by delivering products and services that enable our clients to meet the increasing demand for personalisation and customisation. …
Tanium Named One of the 2020 Best Workplaces in Technology by FORTUNE and Great Place to Work® (Yahoo) Tanium ranked 4 in the "medium company" category on the 2020 Best Workplaces in Technology by FORTUNE Magazine and Great Place to Work®.
The Army roughs out its $1B cyber training contract (Fifth Domain) The draft solicitation for the massive DoD cyber training contract, which contains the Persistent Cyber Training Environment (PCTE), has been released to industry.
Coronavirus impacts Cloud/Cyber Expo but the show goes on despite some absences (SC Magazine) Some major sponsors pulled out of attending cloud Expo 2020 leaving unmanned stands at the show, including Sophos, IBM, Tripwire, Neustar, Appgate, ISC(2), Crest & others - but the show went on.
Why Palo Alto Networks Shares Fell 21% Last Month (The Motley Fool) The network security expert's second-quarter revenue came in far below expectations, and the near future looks grim.
Bitcoin falls 40pc in one day as coronavirus strips it of its 'safe haven' tag (The Telegraph) The price of Bitcoin has plunged to its lowest level in 11 months, endangering hopes that it can serve as a safe haven asset during the worsening coronavirus pandemic.
Cybersecurity firm Rapid7 to create 200 jobs in Belfast (Silicon Republic) US-headquartered cybersecurity firm Rapid7 has announced plans to open a new office in Belfast and hire 200 additional staff.
World-leading cyber security company Rapid7 to base at Chichester House (The Irish News) BELFAST'S high-tech Chichester House is to provide office space to US-based cyber security firm Rapid7, which is set to double its staff numbers to almost 400 in the next two years.
Johns Joins Parsons' Cyber Leadership (Yahoo) Parsons Corporation (NYSE: PSN) today announced that it has hired John Johns as vice president account executive of the company's federal intelligence operating unit under the company's cyber and intelligence market.
Products, Services, and Solutions
Verizon’s networks stand ready for increases in data traffic (Yahoo) With recent increases in telecommuting and online learning, Verizon’s networks stand ready to serve customers at work, at home and remotely – including first responders and those protecting the public -- when critical connectivity is needed most. Since the emergence of the coronavirus (COVID-19), the
German Development Agency Chooses BlackBerry for Emergency Management Solution (PR Newswire) BlackBerry Limited (NYSE: BB; TSX: BB) announced today that the German Development Agency, Deutsche Gesellschaft für Internationale...
Castle Unveils Four Account Takeover Tactics Cyberattackers are Using to Successfully Exploit Users (Castle) Castle, the consumer identity protection company, today announced Identity-Aware Bot Detection, an industry-first product for protecting organizations against advanced bot attacks while maintaining the optimal customer experience.
VPN Company gives away free service to fight misinformation (Atlas VPN) Countries with internet restrictions leave citizens uninformed or misinformed about the virus. Atlas VPN stands for the free flow of information.
Odo Security Offers Free Remote Access Solution for Employees Working from Home During the Coronavirus Outbreak (AP NEWS) Odo Security, a leader in zero trust network access (ZTNA) and management, today announced it is offering free subscriptions to its market-leading secure remote access solution, OdoAccess, to companies for use by their employees based in countries impacted by the Coronavirus health crisis.
UAE firm picked to provide secure mobile network at Expo 2020 Dubai (ArabianBusiness.com) Esharah Etisalat Security Solutions is also the security network provider for the Government of Dubai
Technologies, Techniques, and Standards
‘Security Hygiene’ During Coronavirus Threat (Avast) Corporate remote-work rules can – and should – be stringent.
New to working from home? Here are 8 rules you should follow. (NBC News) We asked some of the country’s top digital security experts what precautions they suggest first-time telecommuters should follow.
Group Established To Share Cyber Threat Information With Campaigns (PR Newswire) U.S. CyberDome, a 501(c)(4) organization, now shares cyber threat information with political campaigns. "U.S. CyberDome is a non-partisan,...
FIRST releases updated Computer Security Incident Response Team (CSIRT) Services Framework – Version 2.1 (FIRST — Forum of Incident Response and Security Teams) The Forum of Incident Response and Security Teams (FIRST) has released an updated version of its Computer Security Incident Response Team (CSIRT) Services Framework
Companies Walk Fine Line on Employee Data Amid Coronavirus Outbreak (Wall Street Journal) As the coronavirus outbreak has turned into a pandemic, privacy lawyers say companies must be careful not to demand excessive personal information from workers, saying that could violate data-protection and employment laws in Europe and the U.S.
Back to the Future: A Threat Intelligence Journey (Dark Reading) Threat intelligence needs the problem solvers, the curious ones, the mission seekers, the analytical minds, the defenders, and the fierce -- whatever their gender.
Why a Telephone Might Be the Best Tool to Stem Third Party Cyber Risk (Accellion) Businesses that build strong relationships with their partners make fewer assumptions about cybersecurity preparedness. So, frequent communication is key.
GDPR - Keeping personal data safe and secure (ResponseSource) Protecting personal data is at the heart of the General Data Protection Regulation (GDPR) but there remains confusion between gaining permissions to hold and process this data, and protecting it from ...
Design and Innovation
Pentagon seeking 5G prototypes for smart warehouses (C4ISRNET) The Department of Defense plans to use Marine Corps Logistics Base Albany, Georgia, to test the viability of 5G-enabled smart warehouses, which could transform military logistics.
Academia
U.S. Air Force Sponsors Spy Movie-Style Physical Hacking Challenge (AP NEWS) The Air Force Research Laboratory is sponsoring an elite hacking challenge for N York City-area colleges and universities that will test students’ ability to hack into physical security systems.
Legislation, Policy, and Regulation
()
Cyber Attack? Then We Fight Back: Sen. King (Breaking Defense) Amidst the usual calls for government reform and corporate responsibility, the Cyberspace Solarium Commission makes a surprisingly hard-headed case for old-school deterrence.
America needs to get its act together, warns cyber commission (Fortune) A bipartisan commission drafted 75 recommendations for U.S. cybersecurity policy, but it passed the buck on encryption.
Senators press EU to sanction Putin associate for election meddling (TheHill) A group of Democrats led by Senate Minority Leader Charles Schumer (D-N.Y.) on Thursday urged the European Union (EU) to sanction a top close associate of Russian President Vladimir Putin for meddling in U.S. elections.
Prime Minister calls for 'digital Dunkirk' in fight against coronavirus (Computing) Boris Johnson called on 30 UK tech firms to volunteer their resources to help UK response to COVID-19
Exclusive: France to allow some Huawei gear in its 5G network - sources (Reuters) France will authorize the use of some of Huawei's equipment in the rollout ...
Senate Fails to Approve Renewal of Domestic-Surveillance Powers (Wall Street Journal) The Senate’s failure to approve the legislation came amid doubts from President Trump that lawmakers had done enough to overhaul a surveillance system he has condemned
President Trump signs bill to help rural carriers replace Huawei gear (Engadget) This comes despite a lack of public evidence of spying.
FCC orders telecoms to inventory Chinese equipment (Alaska Journal) Nearly a year after the federal government labeled Chinese telecommunications companies Huawei and ZTE as potential national security threats, the Federal Communications Commission is looking for more complete information about which American companies are using their equipment.
Election commission hires cybersecurity expert to help states with 2020 infrastructure (CyberScoop) The federal agency that oversees funding for states to secure their election equipment is hiring a cybersecurity expert versed in voting technology as it prepares for the 2020 election. Joshua Franklin will start in the coming weeks in a top cybersecurity position at the Election Assistance Commission, according to multiple people familiar with the matter.
Iowa Senate acts on courthouse jurisdiction (The Gazette) Iowa senators voted overwhelmingly Wednesday to clearly put counties in charge of their courthouses after chastising Judicial Branch officials for conducting ill-conceived 'penetration tests' via a cybersecurity contractor in Dallas and Polk counties last year that resulted in arrests.
Litigation, Investigation, and Law Enforcement
Bhima Koregaon case: Malware on Rona Wilson's hard disk allowed remote access (Caravan Magazine) Among several other anomalies, Rona Wilson's hard disk contained a malware that allows remote access, which can be used to plant files on a system.
Homeland Security sued over secretive use of face recognition (Naked Security) As of June 2019, CBP had processed more than 20 million travelers using facial recognition, civil rights group ACLU says.
Israeli Court Orders Facebook to Unblock Account of NSO Group Employee (NDTV Gadgets 360) A lawsuit was filed by NSO employees in November against Facebook in Israel.
US judge frees Chelsea Manning from jail (BBC News) A judge rules that it is no longer necessary for her to testify in the inquiry into Wikileaks.