Cyber Attacks, Threats, and Vulnerabilities
Cut Undersea Cable Plunges Yemen Into Days-Long Internet Outage (Wired) The fragility of global internet infrastructure has left the entire Red Sea region struggling to connect.
Report: Chinese hacking group APT40 hides behind network of front companies (ZDNet) A group of anonymous security analysts have tracked down 13 front companies operating in the island of Hainan through which they say the Chinese state has been recruiting hackers.
Russians Hacked Ukrainian Gas Company at Center of Impeachment (New York Times) The timing and scale of the attacks suggest the Russians may be looking for the same kind of damaging information on Joe Biden that President Trump wanted from Ukraine, security experts say.
Russians Breached Burisma During Trump Impeachment Probe, Report Says (Wall Street Journal) Hackers believed to be affiliated with Russia’s military breached the Ukrainian company where former Vice President Joe Biden’s son had served on the board as it became a focus of the impeachment inquiry, according to a U.S. cybersecurity firm.
Iranian State-Sponsored and Aligned Attacks: What You Need to Know and Steps to Protect Yourself (Proofpoint US) Recent events have led to a surge in concern about possible cyberattacks coming out of Iran. Below are the Proofpoint Threat Research team’s latest findings on state-sponsored and aligned Iranian attacks, details on 11 Iranian attack groups and their preferred tactics, and most importantly, security recommendations. Iranian Threat Actors: Operation Trends and Our Recent Findings
Report: 1,000s of UK Consultants and Firms Exposed in Huge Data Leak (vpnMentor) Led by Noam Rotem and Ran Locar, vpnMentor’s research team recently discovered; a breach in a database containing highly sensitive files from several
Snake alert! This ransomware is not a game… (Naked Security) Looks like the Snake ransomware was created especially for network-wide attacks.
Exploits Released for As-Yet Unpatched Critical Citrix Flaw (Dark Reading) Organizations need to apply mitigations for vulnerability in Citrix Application Delivery Controller and Citrix Gateway ASAP, security researchers say.
Severe Citrix Flaw: Proof-of-Concept Exploit Code Released (Data Breach Today) Proof-of-concept code has been released to exploit a severe Citrix vulnerability present in tens of thousands of enterprises. Citrix says it's developing permanent
Powerful GPG collision attack spells the end for SHA-1 (Naked Security) New research has heightened an already urgent call to abandon SHA-1, a cryptographic algorithm still used in many popular online services.
NZTA warns of sophisticated phishing scam involving fake vehicle licence renewal email (1 NEWS) The email appears to be a standard registration renewal reminder, and includes the transport agency logo.
Kaspersky security researchers accuse Russian cyber criminals of attacking banks in Sub-Saharan Africa (TODAY NEWS AFRICA) Kaspersky security researchers, who claim to have reported on thousands of notifications of attacks on major banks located in the sub-Saharan Africa (SSA) region, are now accusing some unknown Russian hackers for using a malware to attack banks in Sub-Saharan Africa. The company claimed the malware used in the attacks indicates that 'the threat actors' are 'most likely' to be an infamous Silence hacking group, previously known to be responsible for the theft of millions of dollars from banks across the world. The firm said in a statement it syndicated to media houses across Africa on Monday morning that the
Travelex services begin again after ransomware cyber-attack (the Guardian) Foreign currency firm restores some systems after £4.6m demand from hackers
Travelex claims it is 'making good progress' in recovery from Sodinokibi ransomware attack (Computing) Travelex continues to insist that no personal data was compromised
Travelex refuses to comment on whether it paid ransom to get its data back (Computing) Last week, a group claiming to be behind the Sodinokibi ransomware attack on Travelex threatened to release data. This week, Travelex refuses to comment on whether it paid up…
U.S. Government Issues Powerful Security Alert: Upgrade VPN Or Expect Cyber-Attacks (Forbes) Critical VPN vulnerability prompts U.S. Cybersecurity and Infrastructure Security Agency (CISA) to "strongly urge" updating now or face being compromised in a cyber-attack.
Vulnerability Summary for the Week of January 6, 2020 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Siemens CP, SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM (Update E) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: CP, SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM
Vulnerability: Out-of-bounds Read
2.
Siemens SCALANCE X Switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C (Update C) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable from the same local network segment (OSI Layer 2)
Vendor: Siemens
Equipment: SCALANCE X switches, RUGGEDCOM Win, RFID 181-EIP, and SIMATIC RF182C
Vulnerability: Heap-based Buffer Overflow
2.
Siemens SCALANCE X Switches Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 5.8
ATTENTION: Exploitable remotely
Vendor: Siemens
Equipment: SCALANCE X switches
Vulnerabilities: Cross-site Scripting
2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-18-163-02 Siemens SCALANCE X Switches that was published June 12, 2018, on the ICS webpage on us-cert.
Siemens Industrial Products with OPC UA (Update D) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: SIMATIC, SINEC-NMS, SINEMA, SINEMURIK Industrial Control Products with OPC UA
Vulnerability: Uncaught Exception
2.
Siemens SIMATIC WinAC RTX (F) 2010 (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: SIMATIC WinAC RTX (F) 2010
--------- Begin Update A Part 1 of 4 ---------
Vulnerability: Insufficient Resource Pool
--------- End Update A Part 1 of 4 ---------
Siemens SCALANCE X (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.1
ATTENTION: Low skill level to exploit
Vendor: Siemens
Equipment: SCALANCE X Switches
Vulnerability: Storing Passwords in a Recoverable Format
2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-19-162-04 Siemens SCALANCE X that was published June 11, 2019, to the ICS webpage on us-cert.gov.
Siemens PROFINET Devices (Update B) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: PROFINET Devices
Vulnerability: Uncontrolled Resource Consumption
2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-19-283-02 Siemens PROFINET Devices that was published October 10, 2019, on the ICS webpage on us-cert.gov.
Siemens Industrial Real-Time (IRT) Devices (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: Industrial Real-Time (IRT) Devices
Vulnerability: Improper Input Validation
2.
Siemens EN100 Ethernet Module (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: EN100 Ethernet Module
Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Cross-site Scripting, Relative Path Traversal
2.
Siemens SCALANCE X (Update B) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 5.4
ATTENTION: Exploitable remotely
Vendor: Siemens
Equipment: SCALANCE X
Vulnerability: Expected Behavior Violation
No update yet on Enloe cyber attack; no patient data compromised, hospital says (Chico Enterprise-Record) Enloe Medical Center in Chico was attacked in a ransomware incident the evening of Jan. 2, according to a press release from the hospital. Unfortunately, the incident is still being investi…
Las Vegas Fought Off Potentially Massive Cyber Attack And Won (ScreenRant) Las Vegas stops a cyber-attack in its tracks, becoming the latest in the line of ransomware cyber-attacks targeting major US cities.
Security Patches, Mitigations, and Software Updates
NSA found a dangerous Microsoft software flaw and alerted the firm — rather than weaponize it (Washington Post) The National Security Agency recently discovered a major flaw in Microsoft’s Windows operating system — one that could potentially expose computer users to significant breaches or surveillance — and alerted the firm of the problem rather than turn it into a hacking weapon, according to people familiar with the matter.
Cryptic Rumblings Ahead of First 2020 Patch Tuesday (KrebsOnSecurity) Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows.
Microsoft to patch serious Windows security flaw in today's Patch Tuesday update (Computing) Flaw in crypt32.dll file that handles core cryptographic functions in Windows' CryptoAPI so serious users have been urged to patch straightaway
Microsoft ends free Windows 7 security updates on Tuesday (Washington Post) Microsoft will stop providing free security updates for the Windows 7 operating system on Tuesday, meaning computers using it will be more vulnerable to malware and hacking
Windows 7 Extended Support ends today (Computing) From now on, you're on your own (unless you pay Microsoft $25-$50 per PC per year for the next three years for essential patches)
()
Citrix to release 'thoroughly tested' fixes for CVE-2019-19781 security flaw by the end of January (Computing) More than 2,000 servers in the UK vulnerable to Citrix remote access security flaw
Cyber Trends
New CrowdStrike Report Finds an Increase in Cyber Adversaries Turning to Business Disruption as Main Attack Objective (CrowdStrike) 2019 CrowdStrike Services Report offers observations gained from the front lines of incident response and proactive services and insights for 2020
CrowdStrike Services: Observations from the Front Lines | Report (CrowdStrike) Observations gained from the front lines of Incident Response and Proactive Services in 2019 and insights that matter for 2020
We are all becoming digital slaves for the sake of convenience (The Telegraph) It seems that everywhere we turn, there is a website, device or camera ready to harvest our data.
Now Big Brother is watching how you type or hold your phone (The Telegraph) Every time you grab your smartphone, you may be handing over crucial data on your identity.
Marketplace
Cybersecurity startup exits total $11.3 billion in 2013-2019 — report (Times of Israel) There are 436 cybersecurity firms operating in Israel in various stages of development, IVC report says; figures released ahead of Cybertech conference at end of month
Cybersecurity and Penetration Testing Specialists Raxis Secures Growth Investment from RCP Equity (PR Newswire) Raxis, an Atlanta-based cybersecurity and pen testing firm, announced today its first major outside investment from RCP Equity (rcpequity.com)....
Trusona Secures $20 Million in Series C Funding Led by Georgian Partners (PR Newswire) Trusona, the leader in passwordless multi-factor authentication technology, today announced that it has secured $20 million in additional...
NortonLifeLock Announces Sale of ID Analytics Business to LexisNexis Risk Solutions (Seeking Alpha) Divestiture Will Allow NortonLifeLock to Further Sharpen its Focus on Consumers
Entisys360 Doubles Down on Cybersecurity; Invests in New Services Offerings (Yahoo) Entisys360 has purchased the cybersecurity technology solutions and services assets from Sacramento-based Performance Technology Partners (PTP).
ICF Announces Definitive Agreement to Acquire ITG (PR Newswire) ICF (NASDAQ:ICFI), a global consulting and technology services provider, announced that it has entered into a definitive agreement to acquire...
Is Microsoft going to eliminate Israel's cybersecurity companies? (Haaretz) The U.S. company’s drive is being led by an Israeli R&D unit it created through a series of local startup acquisitions
What goes wrong when accounting firms become consultants (Quartz) Accounting firms are spending more time consulting because It’s lucrative, virtually unregulated, and offers greater potential for growth. But that trend comes at a cost.
Exploring CrowdStrike's Competitive Advantage (Seeking Alpha) CrowdStrike has some peculiar competitive moat worth exploring. Its early start, economies of scale, strategic partners, and ability to upsell will make it tough for competitors to catch up.
Q Cyber Hires Mercury for Hacking Lawsuit (O'Dwyers PR) Mercury scores $1.2M contract from Israel's Q Cyber Technologies, which has been sued for its alleged hacking of Facebook's WhatsApp messaging service.
ImageWare Systems Kicks off 2020 with over $1.2 Million in Multiple Deals (Globe Newswire) ImageWare expands its presence in financial services and government sectors.
Former Hortonworks, Docker CEO comes back to head up Cloudera (Silicon Valley Business Journal) Rob Bearden moved to the Palo Alto company's board after Hortonworks was merged into it a year ago and was CEO of open-source software startup Docker for about six months in 2019. Now he will be Cloudera's CEO.
Imperva Appoints Chief Customer Officer and Chief Revenue Officer (Yahoo) Imperva, Inc., the cybersecurity leader championing the fight to secure data and applications wherever they reside, today announced the appointment of Nanhi Singh as chief customer officer and Paul J. Loftus as chief revenue officer to lead the company through its next chapter of growth.
Cybersecurity Expert, Dan Barahona, Joins Qualys as Chief Marketing Officer (Yahoo) Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based security and compliance solutions, today announced that Dan Barahona has joined as Chief Marketing Officer (CMO) to lead the organization through its next phase of growth. Dan will direct the company's worldwide marketing
Products, Services, and Solutions
GroupSense and Cybraics Form Strategic Technology Alliance (PR Newswire) GroupSense, a digital risk management company, and Cybraics, a security analytics and artificial intelligence (AI) company, today announced a...
WatchGuard Delivers Industry’s First Pay-as-You-Go Option for Network Security Hardware and Services (Yahoo) WatchGuard® Technologies, a global leader in network security and intelligence, secure Wi-Fi and multi-factor authentication, today announced the expansion of the WatchGuard FlexPay program to include fully automated, monthly billing for its network security hardware and services. Available for both
Nok Nok Labs Joins Forces with BBVA to Boost the Use of Authentication on Mobile Banking Services (PR Newswire) Nok Nok Labs — one of the driving forces behind the new FIDO (Fast Identity Online) standard aimed at strengthening the security of biometric...
ControlScan Becomes a Payment Application Qualified Security Assessor (Globe Newswire) As a PA-QSA Company, ControlScan will expertly guide software and application developers through PA Data Security Standard validation
A10 Networks Extends Carrier-class Firewall Product line - Security Middle East (Security Middle East) A10 Networks have announced it is extending the capabilities of the Thunder Convergent Firewall (CFW), part of the A10 Orion 5G Security Suite
Neustar Delivers UltraThreat Feeds for More Effective Data Security (Yahoo) Neustar announces UltraThreat Feeds, a new service providing proprietary near real-time threat data to identify and stop bad traffic.
Escape from Google: 12 privacy-promoting search engines reviewed (Computing) If you can live without personalisation there are plenty of alternatives
Technologies, Techniques, and Standards
Veterans of the Financial Fraud, Digital Tech Industries Guide Launch of 'Breach Clarity Score' for Consumers, Financial Institutions | Markets Insider (Business Insider) Each time data security expert Jim Van Dyke concluded his work on a data breach lawsuit, he cou...
Design and Innovation
Google urged to tame privacy-killing Android bloatware (Naked Security) A letter sent to the Google CEO by Privacy International claims bloatware has allowed a privacy and security hole to open almost unnoticed.
Reddit bans ‘impersonation,’ but satire and parody are still OK (Naked Security) Relax: Nic Cage deepfakes aren’t going anywhere. It’s only “maliciously misleading” impersonations that are now verboten.
Research and Development
Raytheon tapped for self-evaluating machine learning system (UPI) Raytheon Co. announced on Monday it has begun work on a machine-learning technology allowing machines to teach machines through use of artificial intelligence.
Shift5, Inc., Awarded US Air Force Small Business Innovation Research (SBIR) Funding (PR Newswire) Cybersecurity company Shift5, Inc., announces that it has been awarded a Phase I Small Business Innovative Research (SBIR) contract from the US...
Academia
UNG wins NSA Codebreaker Challenge 'in commanding fashion' (University of North Georgia) The University of North Georgia (UNG) scored a decisive victory in the 2019 National Security Agency (NSA) Codebreaker Challenge, which ran for 110 days and finished Jan. 10. UNG students, faculty and staff tallied 230,450 points, more than tripling second-place Georgia Tech's 56,050. Third-place Oregon State University was the only other school to top 40,000 points. A total of 531 universities and colleges competed.
DSU helping to lead charge in cyber security (KSFY) More online interactions and expanding internet connection calls for added security. Dakota State University is helping to combat the cyber threats that are becoming more prevalent.
School children challenged to create the cyber X-Factor in online safety competition (West Yorkshire Police) As schools return for the beginning of a new year, pupils in Years 7, 8 and 9 are being challenged to develop an innovative crime prevention resource to help keep each other safe online.
Legislation, Policy, and Regulation
Cybersecurity Threats Call for a Global Response (IMF Blog) Last March, Operation Taiex led to the arrest of the gang leader behind the Carbanak and Cobalt malware attacks on over 100 financial institutions worldwide. This law enforcement operation included the Spanish national police, Europol, FBI, the Romanian, Moldovan, Belarusian, and Taiwanese authorities, as well as private cybersecurity companies. Investigators found out that hackers were operating in at least 15 countries.
China is blaming everyone but itself for Taiwan’s presidential election result (Quartz) Rather than accepting that its strategy is pushing Taiwan further away, China is blaming cheating, foreign forces, and fake news for president Tsai Ing-wen's win.
Britain secretly funded Reuters in 1960s and 1970s: documents (Reuters) The British government secretly funded Reuters in the 1960s and 1970s at the beh...
Britain’s Huawei decision will be its first major trade test in a post-Brexit world (Quartz) Washington and Beijing are exerting ever greater pressure on London over Huawei.
United States presents Britain with fresh intelligence on Huawei risks in last-ditch attempt to block deal (The Telegraph) The United States has presented the British government with fresh intelligence warning about the risk of giving Huawei access to its 5G network in a last-ditch attempt to stop it.
Susan Collins saw US intel saying Iranian general planned ‘imminent attack’ as Trump expands on claim (Bangor Daily News) That “imminent attack” justification has been cited by the Trump administration, but the definition of imminent largely hasn’t been fleshed out.
US points to dissent in Iran in wake of deadly drone strike (Military Times) Defense Secretary Mark Esper and other administration officials joined President Donald Trump in trying to draw attention to dissent in Iran instead of lingering questions about the scale of the threat used to justify a drone strike on Iran’s top military leader.
Esper: U.S. Could Strike Iran Or Proxies 'Where Legally Available And Appropriate' (NPR) In an interview with NPR on Monday, Defense Secretary Mark Esper said if U.S. troops or interests are threatened, the U.S. will have the right to retaliate.
Hezbollah Has Prepared for This Moment for Decades (Foreign Affairs) The Lebanese militant group could star in Iran’s response to the Soleimani strike.
Trump says US 'better at cyber than anyone in the world’ (Fifth Domain) President Donald Trump said the United States “is better at cyber than anyone else in the world” in a Jan. 9 interview with a Toledo television station,
'We Can't Be Complacent' About the Crypto Debate (Decipher) The encryption debate is as old as the Internet, and Jennifer Granick warns that giving ground now could have serious long-term effects.
Lawmakers look to spread COPPA out to cover kids up to 16 (Naked Security) If that bill passes, you can say bye-bye to YouTube, says one content creator.
The Cybersecurity 202: Sanders and Warren still mum on campaign protections against hackers (Washington Post) With just three weeks to go before the Iowa caucuses, two top-polling Democratic candidates are still declining to say how they’re protecting their campaigns against hacking.
Litigation, Investigation, and Law Enforcement
Iran announces arrests over downing of plane that killed 176 (AP NEWS) Iran's judiciary said Tuesday arrests have been made for the accidental shootdown of a Ukrainian passenger plane that killed all 176 people on board just after takeoff from...
Attorney General William P. Barr Announces the Findings of the Criminal Investigation into the December 2019 Shooting at Pensacola Naval Air Station (US Department of Justice) Good afternoon, and thank you for coming. We are here to discuss the results of the investigation into the shooting that occurred on Dec. 6, 2019 at Pensacola Naval Air Station.
Ex-Treasury staffer Natalie Edwards pleads guilty to leaking secrets (New York Post) The former US Treasury Department staffer accused of leaking confidential information to a reporter pleaded guilty Monday to a single count of conspiracy. Natalie Mayflower Sours Edwards admitted b…
Astros’ GM Jeff Luhnow and Manager A.J. Hinch Suspended, Then Fired After Sign-Stealing Probe (Wall Street Journal) Houston Astros general manager Jeff Luhnow and field manager A.J. Hinch were suspended by MLB for the entire 2020 season—and then immediately fired by the team—after an investigation found that the team used technology to steal signs during its run to the World Series championship in 2017.