Attacks, Threats, and Vulnerabilities
Chinese hackers stole Mekong River data from Cambodian ministry – sources (Reuters) Buried in a long U.S. indictment accusing China of a global cyberespionage campaign was a curious detail: Among the governments targeted by Chinese hackers was Cambodia, one of Beijing’s most loyal Asian allies.
Chinese hacking group APT31 uses mesh of home routers to disguise attacks (The Record by Recorded Future) A Chinese cyber-espionage group known as APT31 (or Zirconium) has been seen hijacking home routers to form a proxy mesh around its server infrastructure in order to relay and disguise the origins of their attacks.
Senator flags reported cyber espionage by ‘Chinese-speaking actors’ ahead of polls (Philstar.com) Sen. Risa Hontiveros on Tuesday called on the government to investigate reported cyber espionage attacks carried out by Chinese “actors” against the Philippines, warning that the regional power might deploy the same tactics to interfere with upcoming elections next year.
India’s electricity infrastructure faced repeated cyberattacks, says Govt (Times Now) Four of India’s five regional centres that help oversee the country’s crucial electricity load management faced cyberattacks in recent months
The Cybersecurity 202: The Pegasus Project raised the curtain on a vast spyware network. Here are four takeaways. (Washington Post) For at least half a decade, the smartphone hacking tools created by a controversial Israeli firm have allowed governments to silence critics and journalists, threaten opponents and extend oppression and intimidation outside their borders.
Dalai Lama’s inner circle listed in Pegasus project data (the Guardian) Indian government, which hosts the Tibetan leader, suspected of being NSO client that selected numbers
NSO CEO exclusively responds to allegations: “The list of 50,000 phone numbers has nothing to do with us” (CTECH) “I’ll give you a simple statement: Journalists, human rights activists, and civil organizations are all off-limits,” said Shalev Hulio
‘Somebody has to do the dirty work’: NSO founders defend the spyware they built (Washington Post) CEO Shalev Hulio said he would ‘shut Pegasus down’ if there were a better alternative. In lengthy interviews, Hulio and co-founder Omri Lavie traced a journey launched from an Israeli kibbutz and said the company’s technology had saved lives.
What We Know About the Secretive Company Behind the Pegasus Spy Software (Slate Magazine) Israeli tech firm NSO Group has been mired in controversy for years.
A case against security nihilism (A Few Thoughts on Cryptographic Engineering) This week a group of global newspapers is running a series of articles detailing abuses of NSO Group’s Pegasus spyware. If you haven’t seen any of these articles, they’re worth re…
LuminousMoth – PlugX, File Exfiltration and Persistence Revisited (Bitdefender) Foreword
A few months ago, Bitdefender researchers started to investigate an extended
operation that targeted victims from Myanmar and Thailand for what looked like
cyber espionage and intelligence gathering.
Many aspects of this operation were recently comprehensively described in this
[https://securelist.com/apt-luminousmoth/103332/] article by the Kaspersky team,
but we decided to present our perspective on the operation and offer other IOCs
The investigation started with our us
XLoader malware steals logins from macOS and Windows systems (BleepingComputer) A highly popular malware for stealing information from Windows systems has been modified into a new strain called XLoader, which can also target macOS systems.
Top prevalent malware with a thousand campaigns migrates to macOS (Check Point Research) As reported by Check Point in December 2020, Formbook Info Stealer affected 4% of organizations worldwide and made it to the top 3 list of the most prevalent malware. Now it received a second birth under the name of XLoader, migrated to macOS and is able to operate both in Windows and macOS.
Industrial Firms Warned of Risk Posed by Cloud-Based ICS Management Systems | (SecurityWeek) Researchers show how malicious actors could abuse cloud-based ICS management systems in attacks aimed at industrial organizations.
Incident report: Spotting SocGholish WordPress injection (Expel) Learn more about Incident report: Spotting SocGholish WordPress injection with Expel.
New Attack Leverages Milanote to Host Phishing Content (Avanan) Hackers are utilizing Milanote, a collaboration platform, to host phishing content.
Notorious Cybercrime Gang, FIN7, Lands Malware in Law Firm (eSentire) The lure successfully bypassed the law firm’s email filters, and it was not detected as suspicious by any of the firm’s employees.
16-Year-Old HP Printer-Driver Bug Impacts Millions of Windows Machines (Threatpost) The bug could allow cyberattackers to bypass security products, tamper with data and run code in kernel mode.
Nasty Linux systemd security bug revealed (ZDNet) Qualsys has found an ugly Linux systemd security hole that can enable any unprivileged user to crash a Linux system. The patch is available, and you should deploy it as soon as possible.
Fortinet’s security appliances hit by remote code execution vulnerability (Register) Cure worse than the disease for anyone with the ‘fgfmsd’ daemon activated
Windows “HiveNightmare” bug could leak passwords – here’s what to do! (Naked Security) Windows “hives” contain registry data, some of it secret. The nightmare is that these files aren’t properly protected against snooping.
Chat logs show how Egregor, an $80 million ransomware gang, handled negotiations with little mercy (CyberScoop) In a series of ransomware payment negotiations last December, operatives from a gang known as “Egregor” alternated from treating their victims with surprising civility, and behaving like cartoonish movie villains. “The Egregor Team wishes you a Merry Christmas and a Happy New Year,” they’d say at intervals of their chat room communications, sometimes in the middle of an extortion back-and-forth.
Saudi Aramco facing $50M cyber extortion over leaked data (AP NEWS) Saudi Arabia’s state oil giant acknowledged Wednesday that leaked data from the company — files now apparently being used in a cyber-extortion attempt involving a $50 million ransom demand — likely came from one of its contractors.
Saudi Aramco Facing $50M Cyber Extortion Over Leaked Data (SecurityWeek) Saudi Aramco acknowledged that leaked data from the company — files now apparently being used in a cyber-extortion attempt involving a $50 million ransom demand — likely came from one of its contractors.
Saudi Aramco Confirms Data Leak After Reported Cyber Ransom (Bloomberg) Oil producer says no impact to operations from data release. Extornist offered to delete Aramco data for $50 million: AP.
Ransomware Attack on UK Rail System – Spray and Pray or Targeted? (SecurityWeek) Northern Rail, one of the UK’s local railway systems covering the north of England, had its new self-service ticketing machines taken off-line following a ransomware attack
Malware on employee’s company computer led to cyber attack on UVM Medical Center (VTDigger) An employee took a company computer on vacation, and when they opened an unassuming personal email, cyber criminals planted malware on the computer and later hacked into the hospital’s network.
A Priest Was Outed By His Phone’s Location Data. Anyone Could Be Next. (Gizmodo) The latest scandal to rock the Catholic Church was both incredibly unnerving and entirely preventable. Why isn’t anyone doing anything about it?
Manila City COVID-19 vaccination website vulnerable to data breach, a resident warns (Philstar.com) The website of Manila local government COVID-19 vaccine registration had issues where data of residents’ information were exposed without the need for authentication, a Manila resident said.
America’s water systems are vulnerable to a Pearl Harbor-level cyberattack, Angus King warns (Lewiston Sun Journal) Maine’s junior senator said the nation faces “an extremely dangerous situation” until it bolsters its security against web-based attacks on critical infrastructure.
Sen. King: ‘Next Pearl Harbor will be cyber’ attack (WesternSlopeNow.com) Lawmakers are concerned cyber threats put the nation’s physical infrastructure at risk and they realize the US is not prepared for the attacks that are growing in number and severity.
Security Patches, Mitigations, and Software Updates
Apple iPhone patches are out – no news if recent Wi-Fi bug is fixed (Naked Security) Remember that weird iPhone Wi-Fi bug from a week or so ago? Let’s hope this update patches it!
Spyware Zero-Day Hits Show Apple Ecosystem’s Imperfections (BankInfoSecurity) Following revelations that commercial spyware vendor NSO Group was able to exploit the latest model of the Apple iPhone to install surveillance software, experts
Chrome 92 Brings Several Privacy, Security Improvements (SecurityWeek) Google on Tuesday announced the release of Chrome 92 in the stable channel, with 35 security patches and with various other security improvements, such as better site isolation and phishing protection.
Oracle Releases July 2021 CPU With 342 Security Patches (SecurityWeek) Oracle on Tuesday announced the availability of a total of 342 new security patches as part of its July 2021 Critical Patch Update (CPU).
Microsoft just published a workaround for this important Windows 10 flaw (ZDNet) Microsoft offers a workaround to a bug that could give attackers the ability to copy an organisation’s password hashes for offline cracking.
Cyber attackers ‘weaponising’ Operational Technology to harm, kill humans: study (iTWire) By 2025 cyber attackers will have weaponised operational technology (OT) environments to successfully harm or kill humans, according to new research from Gartner. “In operational environments, security and risk management leaders should be more concerned about real world hazards to humans and the en…
Aqua Security’s 2021 Cloud Native Security Survey Reveals Runtime Knowledge Gap (Aqua) Aqua released results of its 2021 Cloud Native Security Survey revealing the knowledge gap around runtime security and the associated risks.
Risk of Cloud Breaches Rising, Teams Struggling to Address Them, Fugue and Sonatype Survey Finds (Fugue) Fugue partnered with Sonatype to survey 300 cloud engineers and security professionals to gain insights into the causes, challenges, and solutions for securing cloud environments.
2021 Mid-Year Cyber Threat Landscape Report | Deep Instinct (Deep Instinct) It’s usual at Deep Instinct to compile an annual Threat Report. However, this year has been exceptional for cyber threats, […]
Phishers’ Favorites Top 25 H1 2021, Worldwide Edition (Vade Secure) Crédit Agricole was the most impersonated brand in phishing in H1 2021, followed by Facebook and Microsoft.
State of Pentesting 2021 (Cobalt) Data from 1602 pentests and 601 responses summarizes the most common security vulnerabilities for different assets and industries.
Ransomware fallout is devastating and could often be avoided, study finds (TechRepublic) Ransomware victims face tightened budgets, lost productivity and other problems. In most cases, new post-attack security measures could have prevented the ransomware attack if implemented beforehand.
Microsoft acquires CloudKnox Security to offer unified privileged access and cloud entitlement management (The Official Microsoft Blog) Helping organizations strengthen cloud security and Zero Trust At Microsoft, we are committed to supporting organizations in their digital transformation and helping them to deliver secure and seamless experiences. Since IT modernization often spans multiple clouds, cloud security and identity are top of mind for most of our customers. Modern identity security needs to protect…
DNSFilter Raises $30 Million in Series A Funding (SecurityWeek) DNSFilter has closed a $30 million Series A funding round that will be used to grow its DNS security system that continuously scans billions of domains using its own AI-based recognition system
Clearview AI raises $30 million from investors despite legal troubles. (New York Times) The facial-recognition start-up closed a Series B financing round. It faces multiple lawsuits challenging its business model.
Cybereason refused a $1.5B exit two years ago. Now the company is funding at double its valuation (Geektime) Just a couple of years ago the company bet on itself, turning down a $1.5B offer. Now, the company secures $275M in funding and doubles its valuation…
Ex-Military Cyber Experts To Take Game-Changing $1.5 Billion Startup Public (Forbes) From hacking tools for U.S. intelligence agencies to software meant to shame companies doing a terrible job at security, QOMPLX is a Beltway unicorn fighting against cyber criminals.
Hawaii Officials Are Making A Cybersecurity Push To Keep Federal Contracts Flowing (Honolulu Civil Beat) Federal agencies are moving toward stricter enforcement of cybersecurity requirements for companies seeking government contracts.
NIST’S National Cybersecurity Center of Excellence Selects Forescout to Shape Zero Trust Architecture (GlobeNewswire News Room) Influential NIST zero trust architecture (ZTA) security project will help organizations address evolving mobile, cloud and hybrid workforce demands…
nVisium Announces Rapid Growth as Company Continues to Expand Capabilities in DevOps & Cloud Security (PR Newswire) nVisium, a leader in application security, today announced details on the company’s meteoric growth in acquiring, scaling, and expanding human…
Fortinet Wins Google Cloud Technology Partner of the Year Award for Security (Yahoo Finance) John Maddison, EVP of Products and CMO at Fortinet “We’re proud to be named a Google Cloud Technology Partner of the Year for Security. This award recognizes our outstanding success in 2020, using a winning combination of Google Cloud technologies with Fortinet’s industry-leading Security Fabric offerings to deliver innovative cloud security and customer satisfaction. Winning this award is an exciting testament to a longstanding partnership wi
Gartner® Recognizes Druva as a Visionary for it’s Data Protection-as-a-Service Platform (Druva) The 2021 Gartner Magic Quadrant report represents a market shift to include data protection for cloud and edge. Druva is recognized for the first-time in the report as a Visionary, positioned highest on ability to execute in this quadrant.
Armis Appoints Sachin Shah as CTO for Operational Technology and Industrial Control Systems (GlobeNewswire News Room) Latest hire reinforces company’s strategic focus on OT/ICS capabilities and its commitment to developing world-class cybersecurity solutions for the…
Products, Services, and Solutions
Vulcan Cyber Adds Cloud Security Module to Risk-Based Remediation Platform (PR Newswire) Vulcan Cyber®, developers of the industry’s only risk-based remediation platform for infrastructure, application and cloud security, today…
Nebraska Non-Profit Expands Operations and Boosts Security With the Arcules Cloud | Arcules, Inc. (Arcules, Inc.) Modern video surveillance without the limitations of on-premise solutions. The Arcules Integrated Video Cloud solution is designed to ensure security, scalability, reduced operations, and bandwidth management – all on one platform.
Lumen Wins U.S. Army Recruiting Communications Contract (PR Newswire) Lumen Technologies (NYSE: LUMN) announced today it recently won a task order to provide secure high-speed connectivity to the U.S. Army…
DuckDuckGo offers Apple-style security for Android users (Inside Wales Sport) Today, if you’re using an iPhone, you have tons of features to protect your privacy. Also, during the WWDC conference, Apple announced new features
IBM FlashSystem adds storage as a service, attack protection (SearchStorage) New IBM Storage as a Service provides a choice of pre-configured FlashSystem tiers; Safeguarded Copy adds immutable snapshots for ransomware protection.
Entrust Updates Cloud Key Lifecycle Management as Organizations Migrate to Multi-Cloud Environments (BusinessWire) Entrust enables organizations to automate and extend control of cryptographic keys across public clouds, enabling support for BYOK and native AWS keys
Technologies, Techniques, and Standards
CISA Considering Open-Source Registrar Platform For .Gov Domain (Nextgov.com) The agency is looking for support services to help manage the .gov registry as it takes control of the top-level domain from GSA.
Design and Innovation
A Zero Trust Approach to Architecting Silicon (Intel) Intel delivers a robust set of technologies that improve security posture and support a Zero Trust strategy.
DIU rethinking cyber endpoint protections through advanced deception tools (Federal News Network) The Defense Innovation Unit whittled its search for new or innovative cyber technologies from 20 options to six, testing two bleeding edge cyber tools.
Managing the threat landscape: what steps can educational institutes take? (Education Technology) Taking a proactive approach to security to protect your organisation and its key assets, as well as manage any ongoing risk.
U-D Mercy to start vehicle cybersecurity institute with Department of Defense grant (FOX 2 Detroit) Paul Spadafora, director of Professional Engineering Programs for Detroit Mercy’s College of Engineering & Science, said it’s important to establish the consortium because cybersecurity is a growing threat.
Legislation, Policy, and Regulation
Story: Conflict by other means: “Cyber is geopolitics.” (The CyberWire) Courtesy of the Wilson Center, Kennan Institute Director Matthew Rojansky and Silverado Policy Accelerator Co-Founder Dmitri Alperovitch held a press briefing yesterday morning on the topic of Russian and Chinese cyber mischief and the Biden Administration’s response.
Israel ‘creating task force’ to manage response to Pegasus project (the Guardian) Government team to investigate ‘policy changes’ on cyber exports following NSO revelations, according to Israeli media
Pegasus Project Shows the Need for Real Device Security, Accountability and Redress for those Facing State-Sponsored Malware (Electronic Frontier Foundation) EFF has warned for years of the danger of the misuse of powerful state-sponsored malware. Until governments around the world get out of the way and actually support security for all of us, including accountability and redress for victims, these outrages will continue.
Israel’s Prime Minister Wants to Create Global Cyber Network Shield (Bloomberg) Israel’s Prime Minister Naftali Bennett urged other nations to join with his country in building an international platform for defusing cyber attacks.
US turns cyberspace into another anti-China battlefield, ‘futile to contain Beijing’ (Global Times) In an apparent attempt to contain China and as part of its ceaseless efforts to form an anti-China chorus among its major allies, the Biden administration is seeking to turn cyberspace into a new battlefield by ganging up with its allies to accuse China of conducting cyberattacks worldwide, an allegation that was swiftly denounced by Chinese diplomats, internet institutions and experts as China has always been a long-term victim of US cyberattacks.
Blinken Reprimands China For Irresponsible Behavior In Cyberspace (The Tennessee Tribune) U.S. Secretary of State Antony Blinken, on July 19, reprimanded China for its pattern of irresponsible, disruptive, and destabilizing behavior in cyberspace, which poses a major threat to the economy and national security. Responding […]
Is China Looking to Stockpile Zero-Days? New Vulnerability Disclosure Rules Could Create Closed Pipeline From Security Researchers to CCP (CPO Magazine) New vulnerability disclosure rules announced by the Chinese government have raised the prospect of “zero-day hoarding,” as anything discovered in the country must now be reported to the CCP and to no one else (in most cases). This includes a rule forbidding disclosures to the general public before a vendor has had a “reasonable chance” to patch the issue.
Won’t someone think of the kids? China’s Cyberspace Admin steps up, orders massive cleanup to make the net safe for minors (Register) No rudeness. No cute kids spruiking tat. No violence. No fan frenzies. And no smutty emoticons
The U.S. Is Continuing Its Campaign Against Huawei (Lawfare) Huawei has not dominated recent headlines nearly as much as it did under the Trump White House. Yet that does not mean the U.S. campaign against Huawei has stopped.
New EU legislation to ban anonymous cryptocurrency wallets, transfers (The Record by Recorded Future) The European Commission has proposed legislation updates this week that introduce new rules for cryptocurrency service providers.
Is it time to ban ransomware insurance payments? (ComputerWeekly.com) The former head of the NCSC recently called for a dialogue over whether or not it is time to ban insurers from covering ransomware payments. Is he on the right track?
Biden to meet next month with private sector on cyber issues (AP NEWS) President Joe Biden and members of his national security team plan to meet next month with business executives about cybersecurity, an official said Wednesday. The Aug. 25 meeting comes as the White House is scrambling to help companies protect against ransomware attacks from Russia-based criminal syndicates and as the administration also confronts an aggressive cybersecurity threat from the Chinese government.
Senate Leaders Introduce Bill To Require Companies To Report Cyberattacks (International Business Times) Growing cyberattacks leads the Senate to introduce bill requiring companies to report hacking incidents.
Senators introduce bill requiring some critical groups to report cybersecurity incidents (TheHill) Leaders of the Senate Intelligence Committee and other bipartisan lawmakers on Wednesday formally introduced legislation requiring federal contractors and critical infrastructure groups to report attempted breaches&
FTC pledges to fight unlawful right to repair restrictions (The Verge) Apple’s on notice.
A Risk Management Cybersecurity Imperative For State, Local & Tribal Governments (Forbes) In 2020, an unprecedented number of ransomware and other destructive cyber-attacks targeting state, local, and tribal governments were reported and the numbers just keep soaring in 2021. Risk Management can help better protect our governmental institutions.
Litigation, Investigation, and Law Enforcement
India’s Watergate Moment (Foreign Policy) A journalist hacked by Pegasus says he will survive, but Indian democracy may not.
Pegasus Scandal: High Level Independent Investigation Needed, Says Cyber Security Expert (Outlook India) Hacking is a crime and no exemption is given either for government or for private persons in the application of this law, Apar Gupta tells Outlook.
How Mexico’s traditional political espionage went high-tech (Washington Post) Victims say the use of Pegasus spyware through 2017 had a chilling effect on journalists and human rights workers. The government says it halted the practice, but questions remain.
CIA probe of ‘Havana syndrome’ to be led by Bin Laden search veteran -source (Reuters) A CIA official who was involved in the search for Osama bin Laden has been chosen to head an agency task force investigating cases of an ailment known as “Havana Syndrome” among U.S. spies and diplomats, a government source said on Wednesday.
A Hospital Employee Stole The Identities Of Dying Patients To Steal Covid Benefits, Feds Claim (Forbes) The seriously infirm and the deceased are prime targets for fraudsters, say cybersecurity experts. And the U.S. government says criminals are choosing the dead’s identities to file for Covid unemployment benefits.
Massachusetts couple sues eBay over ‘unrelenting’ harassment campaign (Reuters) A Massachusetts couple sued eBay Inc on Wednesday for being subjected to an “unrelenting stream” of threats by its employees to stifle their online newsletter critical of the e-commerce company.
eBay and its former CEO were just sued by a Massachusetts couple who alleged the company sought to ‘psychologically torture’ them (San Jose Business Journal) The lawsuit is related to incidents that took place in 2019, when a group of eBay employees, including its then CEO, allegedly attempted to intimidate the operators of a small industry newsletter that was seen as critical of the company.
Panning for Litigation Gold in ‘1’s’ and ‘0’s’ (Baker Hostetler) Class action firms are seeking a new gold rush of suits through class action complaints alleging online consumer tracking software is wiretapping liability
British Man Arrested on Charges Stemming From Last Year’s Twitter Hack (Wall Street Journal) The attack, part of a donation scam, compromised the accounts of Joe Biden, Bill Gates, Kim Kardashian and many others.
UK man arrested in Spain for role in Twitter 2020 hack (The Record by Recorded Future) A 22-year-old UK national was arrested today in Spain for his role in hacking Twitter’s internal network and hijacking high-profile accounts in July last year.
UK man arrested over 2020 Twitter celebrity hacks (Engadget) Police have arrested a UK citizen over his alleged role in a 2020 Twitter hack that targeted celebrities and politicians..
Pennsylvania decertifies county’s voting system after audit (AP NEWS) Pennsylvania’s top election official has decertified the voting machines of a sparsely populated county that disclosed that it had agreed to requests by local Republican lawmakers and allowed a software firm to inspect the machines as part of an “audit” after the 2020 election.
UPMC settles employee data breach lawsuit for $2.7M (Becker’s Hospital Review) Employees who filed a class-action lawsuit against UPMC over a data breach have reached a $2.65 million settlement with the Pittsburgh-based health system, according to court documents.