Cyber Attacks, Threats, and Vulnerabilities
Analysis | The Cybersecurity 202: The Sony hack ushered in a dangerous era in cyberspace (Washington Post) The hack five years ago foreshadowed Russia’s attack on the 2016 election
Mimecast threat intelligence report analyzes 99 billion rejected emails (Security News Desk) Transportation, legal and banking sectors hit the hardest by cyberattacks, according to new Mimecast threat intelligence report.
Fullz House Group Using Phishing and Web Skimming to Maximize Profits (The State of Security) A new threat group called "Fullz House" is using both phishing and web skimming in order to maximize the profits of its attacks.
Warning over Fullz House Magecart threat group using phishing and web skimming to compromise web payments (Computing) Fullz House Magecart threat group has branched out from selling 'Fullz' - full packages of information - on underground trading sites.
()
Report: Cyber Criminals Are Using YouTube To Install Cryptojacking Malware (Cointelegraph) Major antivirus software supplier Eset has found cyber criminals using YouTube to distribute mining modules to cryptojack Monero.
Stantinko botnet adds cryptomining to its pool of criminal activities (WeLiveSecurity) ESET researchers have discovered that the criminals behind the Stantinko botnet are distributing a cryptomining module to the computers under their control.
Active TrickBot Campaign Observed Abusing SendGrid and Google Docs (PhishLabs) We have observed an active TrickBot campaign targeting employees of multiple organizations. Unlike traditional BankBot attacks, it uses malicious links instead of attachments.
New DeathRansom Ransomware Begins to Make a Name for Itself (BleepingComputer) A new ransomware called DeathRansom began with a rocky start, but has now resolved it's issues and has begun to infect victims and encrypt their data.
Kaspersky online protection API left open to abuse by websites (ZDNet) Updated: The internal API has been subject to not one, but multiple failed fix attempts.
Kaspersky products allegedly have vulnerabilities that invite abuse by websites, but it denies claim (SiliconANGLE) Kaspersky products allegedly have vulnerabilities that invite abuse by websites, but it denies claim
Kaspersky: The art of keeping your keys under the door mat (Extensions, security, random bla bla) Any website can communicate with the Kaspersky applications. In the past this allowed disabling protection feature or even crashing the antivirus.
Dexphot Polymorphic Malware Shows Complexity of Everyday Threats (BleepingComputer) Ordinary malware can be a real nuisance to detect due to complex methods that allowed it to slip past security solutions. Dexphot is one such strain that managed to run attack routines on close to 80,000 machines earlier this year.
Microsoft Alerts to Stealthy Dexphot Malware, 80K Devices Infected (HealthITSecurity) Microsoft recently outlined a new malware variant known as Dexphot. While the virus is relatively innocuous in that it deploys cryptomining, it's highly complex techniques are cause for concern.
'Dexphot': A Sophisticated, Everyday Threat (National Cyber Security) World Largest Source Of Security News.
Insights from one year of tracking a polymorphic threat (Microsoft Security) We discovered the polymoprhic threat Dexphot in October 2018. In the months that followed, we closely tracked the threat as attackers upgraded the malware, targeted new processes, and worked around defensive measures. One year’s worth of intelligence helped us gain insight not only into the goals and motivations of Dexphot’s authors, but of cybercriminals in general.
A Teen Was Not Banned For Her TikTok About China's Concentration Camps But For Making A Dark Thirst Joke About Bin Laden (BuzzFeed News) "It was a dark humor joke that he was at the end, because obviously no one in their right mind would think or say that."
DDoS: An Underestimated Threat (Dark Reading) Distributed denial-of-service (DDoS) attacks have become more common, more powerful, and more useful to attackers. Here's how to fight back.
ABB Relion 650 and 670 Series (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 5.3
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: ABB
Equipment: Relion 650 and 670 Series
Vulnerability: Improper Input Validation
2. RISK EVALUATION
Successful exploitation of this vulnerability may allow an attacker to reboot the device, causing a denial of service.
ABB Relion 670 Series (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 10.0
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: ABB
Equipment: Relion 670 Series
Vulnerability: Path Traversal
2. RISK EVALUATION
Successful exploitation of this vulnerability may allow an attacker to read and delete files on the device.
The Implications of Last Week's Exposure of 1.2B Records (Dark Reading) Large sums of organized data, whether public or private, are worth their weight in gold to cybercriminals.
Snapshot: Top 25 Most Dangerous Software Errors (Department of Homeland Security) The Common Weakness Enumeration (CWE) list of the 25 most dangerous software errors is a compilation of the most frequent and critical errors that can lead to serious vulnerabilities in software.
CWE - 2019 CWE Top 25 Most Dangerous Software Errors (MITRE) Common Weakness Enumeration (CWE) is a list of software weaknesses.
How scammers use Black Friday to target consumers (TechRepublic) Holiday shopping scams try to bait consumers with special giveaways, giftcards, discounts, and coupons, according to a new report from cyber security company ZeroFOX.
Black Friday Cyberattacks Just Soared 275%: Here’s What You Do Now (Forbes) Do this one thing to avoid falling victim to a cyberattack over the holidays.
Cybercriminals primarily targeting e-commerce apparel sites: Kaspersky (ETCIO.com) As cybercriminals are targeting customers of apparel e-commerce websites, including fashion, shoes, gifts, toys and jewellery.
The top 5 online heists: Don't be a victim (Cult of Mac) This online security post is presented by Dashlane. Ocean’s 11-style capers, whether in movies or in the real world, are a lot more colorful than the
Parents say creep hacked their baby monitor to tell toddler they ‘love’ her (Naked Security) The Taococo FREDI baby monitor has repeatedly been criticized for being easy to hack.
Additional OMV offices reopening across Louisiana after cyber attack (KSLA) Louisiana State Police identified eight Louisiana Office of Motor Vehicles (OMV) locations across the state which will reopen Monday, Nov. 24 after an issue indirectly linked to a cyber attack that crippled state government Monday, Nov. 18 led to extended closures at locations statewide.
DiBella's sub shops hit with cyberattack (Times Union) Customers of DiBella's Subs, including shops in the Capital Region, are being urged to check their credit and debit card bills after the company was hit with what authorities said was a highly sophisticated cyberattack carried out between March 22 and Dec. 28, 2018.
Security Patches, Mitigations, and Software Updates
Windows 7 end-of-life is coming. How much should you worry? (CyberScoop) Windows 7 is going “end of life” on Jan. 14, 2020, meaning updates to the system will stop being issued by Microsoft. What should enterprises worry about?
Twitter will remove inactive accounts and free up usernames in December (The Verge) Another chance at the username you’ve always wanted.
Cyber Trends
Will Banks Always Be Vulnerable to Hackers? (Built In) We talked to an expert on financial sector cybersecurity.
Merchants must find ways to balance security with a seamless customer experience (Help Net Security) Customers demand a better experience, so merchants need to balance security and customer experience if they want to make a good impact on their bottom line.
Tripwire on Twitter (Twitter) “Black Friday and Cyber Monday are around the corner. Do you think that there is enough awareness amongst the general public of the potential cybersecurity threats they face?
Marketplace
New details emerge on a nearly $1B cyber contract (Fifth Domain) The Army released information regarding requirements for a critical cyber training contract that can be used by the joint force.
UK Cyber-security skills gap ‘at breaking point' (Netimperative - latest digital marketing news) A new, in-depth piece of research conducted amongst UK CIOs and senior IT professionals has revealed that the cybersecurity skills gap has reached a crisis point.
Huawei CEO: We can still be No.1 without Google (CNN) Huawei CEO and founder Ren Zhengfei says the Chinese tech company can still become the world's top smartphone seller, even without Google software and apps.
Xerox turns to HP shareholders in takeover proposal (Silicon Valley Business Journal) Xerox said it would take its proposal for a $33bn takeover of HP directly to the personal computer maker’s shareholders, escalating hostilities between the two companies.
Xerox threatens HP with hostile takeover (The Telegraph) Xerox is preparing to take its $33.
Trend Micro Leads the Industry in Hybrid Cloud Security Market Share (Trend Micro Newsroom) Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in cybersecurity solutions, today announced it has been named by IDC as the #1 vendor in Software-Defined Compute (SDC) workload protection, according to the analyst firm’s new independent report: Worldwide Software Defined Compute Workload Security Market Sh
Google’s tensions with employees reach a breaking point (KFOR.com) For years, Google was seen as the gold standard of office life. The company pushed workplace culture to new frontiers with enviable benefits such as free meals, office slides, onsite childcare and an emphasis on transparency. But Google is quickly developing a very different reputation as it confronts a mounting backlash from its own employees.
Army Cyber Command HQ Brings Opportunity to South Carolina (Government Technology) The U.S. Army’s new Cyber Command headquarters at Fort Gordon and other related developments have created a “huge opportunity” for the entire state, University of South Carolina President Robert Caslen said.
Xiologix appoints Brian Page as CTO (Help Net Security) Xiologix is excited to announce that Brian Page has joined the team as the new Chief Technology Officer (CTO), bringing over 20 years of experience.
Maureen Perrelli joins Secureworks as new Chief Channel Officer (Help Net Security) Secureworks announced the appointment of Maureen Perrelli as its new Chief Channel Officer, leading the company’s global channel engagement strategy.
CUJO AI Announces Appointment of Kimmo Kasslin as VP of Labs (Yahoo) CUJO AI, a cybersecurity and network intelligence software provider for network operators, announced today that cybersecurity expert Kimmo Kasslin joined the CUJO AI team and has been appointed vice president to lead CUJO AI Laboratories operations, ensure smooth and efficient processes, and further
Products, Services, and Solutions
Difenda Debuts ServiceNow Integration for Venafi Trust Protection Platform (BusinessWire) With Difenda Machine Identity Protection for ServiceNow, enterprises can accelerate machine identity protection services throughout the business.
Code42 Offers New Insider Risk Detection Capabilities to Help Security Teams Quickly Spot Data Theft When Employees Resign and Depart (BusinessWire) Code42 has advanced its data security solution with new capabilities designed to help companies defend against the rising tide of insider threats.
nsKnox and KPMG offer fraud prevention technology, delivered as a holistic managed service (Help Net Security) nsKnox, a leading cyber security provider of corporate payment protection technology, announced an international strategic partnership with KPMG.
Kali Linux 2019.4 includes new undercover mode for pentesters doing work in public places (Help Net Security) Kali Linux 2019.4 includes several new features, including a new default desktop environment, and a new “undercover” mode for pentesters doing assessment work in public places.
Technologies, Techniques, and Standards
The overlooked part of an infosec strategy: Cyber insurance underwriting (Help Net Security) In order to strengthen the case for underwriting of SMBs and large enterprises, AXA XL provide some insights into how cyber insurance underwriting works.
How cyberinsurance works to protect companies in case of a security breach (TechRepublic) Cyberinsurance can help protect your organization from the financial costs associated with data breaches. Learn the details to decide if it's the right fit for your company.
Why incident response is not limited to IT security matters (Manila Standard) Almost half (46%) of enterprises worldwide experienced at least one data breach in 2018, with victims including such well-known names as Marriott International and British Airways. That means there is a high chance for any enterprise to fall victim to an incident. With this in mind, companies are focusing not only on preventing breaches, but also preparing the methods to limit the impact when it happens.
Look Out For Business Email Compromises (Information Security Buzz) Phishing has emerged as one of the most dangerous types of security threats for businesses, with phishing attacks growing in the second quarter of this year, especially against software-as-a-service and webmail services. That’s according to a recent report by the Anti-Phishing Working Group (APWG), a nonprofit industry association that fights phishing, crimeware and e-mail spoofing. …
Air Force plans new cyber AFSC to defend weapons systems (Air Force Times) Aircraft such as the F-22 Raptor and E-3 Sentry, also known as the AWACS, are among those weapon systems safeguarded by mission defense teams.
Why I Hate Software Upgrades (Checkmarx) The application security testing world is made up of various different solutions, all with one ultimate aim – to protect software from hackers and attacks.
GSM Traffic and Encryption: A5/1 Stream Cipher (Black Hills Information Security) Raymond Felch // Disclaimer: Be sure to use a faraday bag or cage before transmitting cellular data so you don’t accidentally break any laws by illegally transmitting on regulated frequencies. Additionally, intercepting and decrypting someone else’s data is illegal, so be careful when researching your phone traffic. Some useful terminology: Mobile Phone Related: MS mobile …
How to Use CCAT: An Analysis Tool for Cisco Configuration Files (Black Hills Information Security) Kayla Mackiewicz // Last year, fellow tester Jordan Drysdale wrote a blog post about Cisco’s Smart Install feature. His blog post can be found here. If this feature is enabled on a Cisco device, an attacker can download or upload a config file and even execute commands. Whether you use the Smart Install feature or …
Rainy Day Windows Command Research Results (Black Hills Information Security) Sally Vandeven // We have all heard people talk about how much cooler Linux is than Windows, so much easier to use, etc. Well, they are not necessarily wrong… but we have learned that Microsoft has some very interesting gems hiding in plain sight. Seriously, Microsoft seems to be making a concerted effort to add some …
What's Changed in Recon-ng 5.x (Black Hills Information Security) Brian King // Recon-ng had a major update in June 2019, from 4.9.6 to 5.0.0. This post is meant to help with the adjustment by providing a cheat sheet for common commands and mapping of some old syntax to the new syntax. If you’re at all like me, you’ll assume that what you know from …
Design and Innovation
Can the Pentagon achieve cybersecurity through obscurity? (Fifth Domain) At Cybercon, a proposal to reduce industry transparency in the name of national security.
Research and Development
Researchers have achieved a comms breakthrough (C4ISRNET) Overcoming technical and engineering challenges, an Army-funded project has achieved a milestone that could boost 5G speeds.
Academia
World’s best cybersecurity colleges battle at pentesting competition finals in Rochester (RIT) RIT hosted the international finals of the Collegiate Penetration Testing Competition (CPTC) Nov. 22-24. Stanford University took home the top trophy in the 2019 competition, while RIT placed second and California State Polytechnic University, Pomona placed third.
Tech SA: UTSA, other universities could benefit from cybersecurity bill (KSAT) A bill would allow DHS to work with five universities to train state and local governments on cybersecurity.
Hacking should be taught in schools says alleged hacker Lauri Love (The Telegraph) Hacking and other cybersecurity skills should be taught in schools in a similar way to sports, said alleged hacker Lauri Love.
Legislation, Policy, and Regulation
UN's cybercrime 'law' helps dictators and criminals, not their victims (TheHill) The biggest purveyors of cybercrime are among those who backed the resolution, which does little to contain or limit cybercrime.
Stop the hairy-chested, yellow-peril alarmism: Rudd's strategy for dealing with China (The Sydney Morning Herald) Former prime minister Kevin Rudd lays out a plan for a mature relationship with China in a speech he gave to launch the Quarterly Essay by Peter Hartcher, The Sydney Morning Herald's political and international editor.
German 'insult' on spying angers US (BBC News) A German minister drew parallels between the US and China when commenting on tech giant Huawei.
U.S. unveils procedure to shield telecom networks from national security threats (Reuters) The United States on Tuesday set out a procedure to protect its telecommunicatio...
Commerce proposes supply chain security rules (FCW) Proposed rules back up the White House’s earlier executive order to protect information and communications supply chains from foreign cyber dangers.
US proposes new rules for national security risks in foreign IT equipment (CNET) The Commerce Department would use advice from Homeland Security and the Director of National Intelligence in making decisions to prohibit some telecommunications equipment.
This Senate bill helps states with cybersecurity (Fifth Domain) The bipartisan bill, if signed into law, would facilitate joint cybersecurity exercises between the federal government and state and local governments.
Top Senate Democrats unveil new online privacy bill, promising tough penalties for data abuse (Washington Post) Senate Democrats on Tuesday proposed tough, new punishments for Facebook, Google and other Silicon Valley tech giants that mishandle their users’ personal data, unveiling a sweeping new online privacy bill that aims to provide people their “Miranda rights” for the digital age.
Here’s how a national intelligence watchdog is improving AI oversight (C4ISRNET) The ICIG's semiannual report laid out how the IG office is adapting to AI oversight.
Meet IARPA’s new director (C4ISRNET) The agency's new director replaces Stacey Dixon, who left the agency over the summer to become the new deputy director of the National Geospatial-Intelligence Agency.
Litigation, Investigation, and Law Enforcement
Charges of Ukrainian Meddling? A Russian Operation, U.S. Intelligence Says (New York Times) Moscow has run a yearslong operation to blame Ukraine for its own 2016 election interference. Republicans have used similar talking points to defend President Trump in impeachment proceedings.
U.S. Tech Companies Prop Up China’s Vast Surveillance Network (Wall Street Journal) Intel, Hewlett Packard Enterprise, Seagate and others aided and profited from China’s multibillion-dollar surveillance industry, which the government uses in its crackdown on Muslims in Xinjiang.
The Education Department is Investigating Foreign Influence at Two Prominent Universities (Nextgov.com) The agency wants detailed records of what the institutions received from the Russian, Chinese, Saudi Arabian and Qatar governments, as well as Huawei, ZTE and others.
Army Secretary expects briefing on possible TikTok vulnerabilities by year-end as US keeps pressure on China tech (CNBC) A review of popular social-networking app TikTok is underway, and the Army Secretary said he expects a brief on the security of the service by Christmas.
Small, regional utilities located near critical infrastructure targeted in cyberattack: WSJ (Utility Dive) Smaller electric utilities may be at higher risk of an attack because they lack the robust security infrastructure of larger power providers, according to experts.
Workers at Israeli surveillance firm NSO sue Facebook for blocking private accounts (Reuters) A group of employees from Israeli surveillance firm NSO Group filed a lawsuit ag...
Facebook countersued by NSO Group, Israeli spyware vendor (The Washington Times) Facebook was sued Tuesday by several employees of NSO Group, an Israel cybersecurity firm on the opposite end of a civil suit brought by the social networking company last month.
Data firm broke Canadian privacy laws with involvement in Brexit, U.S. campaigns - probe (Reuters) Canadian data firm AggregateIQ broke privacy laws with some of the work it did f...