Underworld developments, cyberespionage, and a large DDoS incident in Russia.Daily Briefing for 09.09.21 – The CyberWire

Attacks, Threats, and Vulnerabilities

United Nations’ Computers Breached by Hackers Earlier This Year (Bloomberg) Attackers gained access to UN network using stolen credentials. The identity of the hackers, or their motive, isn’t yet clear.

AlphaBay’s Return: SWOT Findings (Digital Shadows) A Structured Analytical Technique (SAT) to make sense of an exciting event in the threat landscape: the sudden comeback of AlphaBay marketplace.

Grayfly: Chinese Threat Actor Uses Newly-discovered Sidewalk Malware (Symantec Enterprise Blogs) Recent campaigns involved exploits against Exchange and MySQL servers. Group has heavy focus on telecoms sector.

A spyware app designed to monitor Kurdish targets attracted more than 1,400 downloads (CyberScoop) More than 1,400 people have downloaded a spyware app that, while appearing to deliver news, enables hackers to collect sensitive data about the Kurds, an ethnic community living throughout Iran, Iraq and northern Syria. The espionage campaign involves duping Android smartphone owners into downloading a program that spies use to record phone calls, extract files, take screenshots and gather other information from unwitting victims, according to details published Tuesday by the security vendor ESET.

Pro-China social media campaign hits new countries, blames U.S. for COVID (Reuters) A misinformation campaign on social media in support of Chinese government interests has expanded to new languages and platforms, and it even tried to get people to show up to protests in the United States, researchers said on Wednesday.

Pro-Chinese government propaganda campaign spurs on COVID-19 protests in the US (ZDNet) The campaign is far more extensive than previously thought.

GUEST ESSAY: Why it’s worrisome that China has integrated Huawei switches into telecoms worldwide (The Last Watchdog) In the previous discussion, China’s 14th Five-Year Plan was summarized to capture relevant aspects of dual circulation, the Digital Silk Road (DSR), and the Belt Road Initiative (BRI) that aim to advance China as an economic, technological, and foreign policy powerhouse. Related: Part 1. China’s 5 year digital plans Both of those initiatives are well-funded, […]

AT&T Alien Labs warns of ‘zero or low detection’ for TeamTNT’s latest malware bundle (Register) Chimaera toolkit found on ‘thousands’ of Windows, Linux, and container systems worldwide

Confluence Server Webwork OGNL Injection (CVE 2021-26084) being Exploited in the Wild (Bugcrowd) Learn everything you need to know about the Confluence Server OGNL Injection on this 15-minute Security Flash

Critical Flaw in Pac-Resolver NPM Package Affects 290,000 Repositories (SecurityWeek) High severity Pac-Resolver package flaw could be exploited by malicious actors on the local network to execute code remotely when the user attempts to send an HTTP request.

Zoho Confirms Zero-Day Authentication Bypass Attacks (SecurityWeek) Zoho confirms attacks against an authentication bypass vulnerability in its ADSelfService Plus product.

CISA Warns of Actively Exploited Zoho ManageEngine ADSelfService Vulnerability (The Hacker News) CISA Warns of Actively Exploited Critical Flaw Affecting Zoho ManageEngine ADSelfService

CISA warns of Zoho server zero-day exploited in the wild (The Record by Recorded Future) The US Cybersecurity and Infrastructure Security Agency urged organizations today to apply the latest security update to their Zoho ManageEngine servers to patch a zero-day vulnerability that is currently being actively exploited in the wild for more than a week.

In space, no one can hear cyber security professionals scream (Register) Miscreants hacking vulnerable orbital hardware could set living standards back by decades in seconds

FBI warns OnePercent ransomware group exploiting AWS & 8 other apps (Becker’s Hospital Review) The FBI and Cybersecurity and Infrastructure Security Agency warned that the OnePercent ransomware group has been launching attacks on U.S. companies since November.

REvil ransomware may be set to return (Computing) The ransomware group disappeared from the internet in July, abandoning forums and disconnecting its servers. Now, the infrastructure is back

CISA Reminds of Risks Connected to Managed Service Providers (SecurityWeek) The U.S. government’s CISA issues new guidance to help reduce overall risks associated with Managed Service Providers (MSPs).

Risk Considerations for Managed Service Provider Customers (CISA) To aid organizations in making informed Information Technology (IT) service decisions, the National Risk Management Center (NRMC) at the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) developed this set of risk considerations for Managed Service Provider customers.

Hackers leak passwords for 500,000 Fortinet VPN accounts (BleepingComputer) A threat actor has leaked a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer.

Near half a million Fortinet VPN passwords exposed online (Computing) It follows an FBI warning from April that threat actors were attempting to compromise vulnerable Fortinet FortiOS servers

Hackers Leak VPN Account Passwords From 87,000 Fortinet FortiGate Devices (The Hacker News) Fortinet says a malicious actor had unauthorizedly disclosed VPN login names and passwords associated with 87,000 FortiGate SSL-VPN devices.

How Groove Gang is shaking up the Ransomware-as-a-Service market to empower affiliates (Intel471) We believe that that the Groove gang is associated with the Babuk ransomware gang, either as a former affiliate or subgroup.

Instagram bans are now being sold as crime-as-a-service (Avast) Bans-as-a-service take advantage of Instagram’s loose policies, and they’re available for a low price.

New CPU side-channel attack takes aim at Chrome’s Site Isolation feature (The Record by Recorded Future) A team of academics from universities in Australia, Israel, and the US has successfully mounted CPU side-channel attacks that recover data from Google Chrome and Chromium-based browsers protected by the Site Isolation feature.

How Cloudflare helped mitigate the Atlassian Confluence OGNL vulnerability before the PoC was released (Cloudflare) On August 25, 2021, Atlassian released a security advisory for their Confluence Server and Data Center. The advisory highlighted an Object-Graph Navigation Language (OGNL) injection that would result in an unauthenticated attacker being able to execute arbitrary code.

Russia’s Yandex says it repelled biggest DDoS attack in history (Reuters) A cyber attack on Russian tech giant Yandex’s servers in August and September was the largest known distributed denial-of-service (DDoS) attack in the history of the internet, the company said on Thursday.

Howard University Cancels Classes, Shuts Campus After Ransomware Attack (SecurityWeek) Private educational institution Howard University on Monday revealed that it decided to close its physical campus and cancel classes after experiencing a ransomware attack.

Campus Status Update for 9/9 (Howard Newsroom) The following operational status will be in place for faculty, staff and students during this phase of our emergency management response

Security Patches, Mitigations, and Software Updates

Vulnerabilities fixed in PAX POS terminals could be exploited to commit fraud (Positive Technologies) Positive Technologies advises banks to install new firmware versions on POS terminals PAX S920 and PAX D210

Google Android Security Update Patches 40 Vulnerabilities (SecurityWeek) The Android Security Bulletin for September 2021 includes patches for a total of 40 vulnerabilities, including seven that are rated critical.

2021 Threat Hunting Report Reveals Adversaries Access Critical Networks 3x Faster Than Before (CrowdStrike) CrowdStrike released the 2021 Threat Hunting Repor highlighting a 60% increase in attempted intrusions in all industries & geographic regions. Download here.

Russian cybercrime continues as government-backed attacks on companies dwindle, CrowdStrike says (CyberScoop) The Russian approach to hacking shifted considerably over the past year, with state-sponsored attacks on commercial organizations dropping off even as the local cybercrime scene dominated the field, CrowdStrike said in a report Wednesday.

Dark web prices for stolen PayPal accounts up, credit cards down: report (Comparitech) Comparitech researchers analyzed 40+ dark web marketplaces to find out how much your credit card, Paypal, and SSN are worth to cybercriminals

Verizon small business survey finds growing optimism; security remains a top concern (Verizon) Return of Verizon Small Business Days: Small and medium businesses can access up to 1k in savings September 13-17th

Rebellions & Rejections Report (HP Wolf Security) The global pandemic forced organizations to pivot rapidly from an office-based workforce model to one in which dynamic, hybrid working is the norm. This new way of working isn’t a short-term trend. According to our HP Wolf Security Blurred Lines and Blindspots report, 23% of office workers globally expect to predominantly work from home post-pandemic, with an additional 16% expecting to split their time equally between home and the office. This will have far-reaching consequences for organizations across all economies.

Why Hackers Love Smart Buildings (Wall Street Journal) When all of a building’s systems are online, the cybersecurity risks become much greater.

The Latest Cybersecurity Threat: Pay Us or We Release the Data (Wall Street Journal) These attacks are a lot more complicated—and potentially more costly.

The Cybersecurity 202: Ransomware is wreaking havoc on U.S. cities (Washington Post) When hackers struck Collierville, Tenn. with a ransomware attack in 2019, the city’s IT staff worked around the clock to recover.

Wrap-up: What does the internet know about us? (Avast) We look back on this year’s What Does the Internet Know About Me? series, which has explored privacy policies and data collection practices of the digital products that many of us use in our daily lives.


High Street Capital Acquires Controlling Share in NeoSystems (PR Newswire) NeoSystems, a full service strategic outsourcer, IT systems integrator and managed services provider to the government contractor market,…

SecureReview Rebrands to SessionGuardian (PR Newswire) SecureReview, an industry leader in cybersecurity for distributed workforces, announced today that they are debuting a new brand name and brand…

FireMon Acquires DisruptOps to Extend Cloud Security Reach (Security Boulevard) FireMon, a provider of a platform for managing network security policies, today revealed that it has acquired DisruptOps, a provider of a platform for

Thoma Bravo takes a stake in threat intelligence provider Intel 471 (TechCrunch) Private equity giant Thoma Bravo has taken a stake in Intel 471, a provider of cyberthreat intelligence for enterprises and governments. The strategic growth investment, which comes as organizations double down on cybersecurity amid a pandemic-fueled rise in cyber threats, will enable Intel 471 to …

Proofpoint Announces Occurrence of Fundamental Change and Make-Whole Fundamental Change Under 0.25% Convertible Senior Notes due 2024 (GlobeNewswire News Room) Proofpoint, Inc. (“Proofpoint”), a leading cybersecurity and compliance company, today announced…

Commit Acquires Israeli Tech Firm ITSoft to Bolster Its Unique Team Building Model, Cloud of People (Commit) Acquisition Adds 150 Software Development Specialists, Enables Try-Before-Buy Service Model and Team Deployments in Under Two Weeks

EUROPE : Italy’s Cy4gate aims for leadership of national interceptions market come hell or high water (Intelligence Online) Despite its own technical deficiencies, Cy4gate is determined to take over RCS Labs as a means of establishing itself on the legal interceptions market, just as the Italian government is trying to

Socure Featured on AIFinTech100 List of the World’s Most Innovative AI Solution Providers (BusinessWire) Socure, the leading provider of digital identity verification and fraud solutions, today announced that FinTech Global has named the company as one of

NSA Awards Hewlett Packard Enterprise $2 Billion Deal For High-Performance Computing Tech (Defense Daily) The National Security Agency (NSA) has awarded Hewlett Packard Enterprise a 10-year, $2 billion contract to provide high-performance computing (HPC)

How federal agencies are shifting IT investment strategies (FedScoop) A new survey reveals strong support from federal IT leaders for hybrid cloud investments to meet new hybrid work and mission needs.

Lookout Recognized in Eleven Gartner® Hype Cycle™ Reports (PR Newswire) Lookout, Inc., an integrated endpoint-to-cloud security company, today announced it has been identified as a sample vendor in the Cloud Access…

Onapsis Appoints Enterprise Technology Veteran Rick Hanson as Chief Operating Officer (BusinessWire) Onapsis, the leader in business-critical application cybersecurity and compliance, today announced the appointment of Rick Hanson as Chief Operating O

Former head of the U.S. Cyber Command and Director of the NSA Michael Rogers Joins NetAbstraction as Chairman of Advisory Board (KPVI) NetAbstraction, the security by obfuscation company, today announced that retired Admiral Michael Rogers, former head of the U.S. Cyber Command and director of

Peraton Appoints Mara Motherway As Senior Vice President, Government And Customer Relations (Johnson City Press) Peraton today announced the appointment of Mara Motherway to its executive leadership team as senior vice president, Government and Customer Relations.

Checkmarx appoints Razi Sharir as CPO (Help Net Security) Checkmarx announced that it has appointed Razi Sharir as CPO to drive continued growth, AppSec innovation and market leadership.

FireMon Founder Jody Brazil Returns As CEO After Acquisition (CRN) Longtime FireMon CEO Jody Brazil has returned as the company’s top executive following the company’s acquisition of cloud security operations startup DisruptOps. 

The Chertoff Group Continues its Growth With the Addition of Two Senio (PRWeb) The Chertoff Group, a global security advisory firm that enables clients to navigate changes in security risk, technology and policy, today announced the app

Atera Announces New Hires Amid Rapid Growth Period (PR Newswire) Atera, a remote-first IT management company helping businesses transform as the world evolves to a remote work model, today announced Lior…

Menlo Security appoints Chief Information Security Officer (Menlo Security) Mountain View, Calif. (September 9, 2021) — Menlo Security, a leader in cloud security, today announced the appointment of Devin Ertel as Chief Information Security Officer (CISO). In this role, he is responsible for providing internal cybersecurity direction and policy insights to both the company and Menlo Security customers. As CISO, Ertel will also spearhead global efforts to reduce the company’s risk and security exposure.

Sumo Logic Adds Margaret Francis to its Board of Directors (Sumo Logic) Francis Brings Modern Software Development and Product Led Growth Expertise to Help Company Drive Continuous Intelligence Category Leadership REDWOOD CITY, Calif., Sept. 09, 2021 (GLOBE NEWSWIRE) — Sumo Logic, (Nasdaq: SUMO), the pioneer in continuous intelligence , today announced the appointment

Products, Services, and Solutions

Valtix Latest Release Delivers Multi-Cloud Security Across All Major Cloud Platforms With Deployment in Under 5 Minutes (Valtix) Valtix, the first multi-cloud network security platform delivered as a service, today announced the latest release of its award-winning platform.

Socure’s Sigma Synthetic Fraud Solution Wins Aite-Novarica Group’s Impact Innovation Award in the Risk Mitigation Category (BusinessWire) Socure, the leading provider of digital identity verification and fraud solutions, has been recognized by Aite-Novarica Group, a global advisory firm

Securely Accelerate Application Delivery and Policy Management with AlgoSec ASMS A32.10 (GlobeNewswire News Room) AlgoSec’s latest product release delivers automated application connectivity and security policy changes, deepens application visibility and discovery,…

BlackCloak Earns SOC 2 Type II Certification for its Concierge Cybersecurity & Privacy Platform (BlackCloak | Protect Your Digital Life™) BlackCloak provides Concierge Cybersecurity for high-net-worth individuals and corporate executives to protect them from cyber crime, reputational risks, hacking and identity theft.

Radiflow’s New CIARA Release Revolutionizes Cybersecurity with OT Risk Platform (Radiflow) The new version offers a first-of-its-kind, non-intrusive breach attack simulator that accounts for the criticality of business processes.

E-REDES Secures Mission-Critical Substation Environments with Next-Generation Security from Check Point Software (Check Point Software) Check Point Software Digitalization is introducing new capabilities into

KB4-CON EMEA to Strengthen Organisations’ Human Firewalls (Africanews) KnowBe4 (NASDAQ: KNBE) (www.KnowBe4.com), the provider of the world’s largest security awareness training and simulated phishing platform, will be hosting KB4-CON EMEA (Europe, Middle East

Cobalt Iron Announces API Integration With ServiceNow
(Wallstcom) Cobalt Iron Inc., a leading provider of SaaS-based enterprise data protection, today announced a new user-configurable API integration with ServiceNow.

One Identity Integrates with ServiceNow to Help Customers Meet Security and Compliance Requirements for Sensitive Applications (One Identity) Integration with ServiceNow unlocks consistent and unified experience for joint customers, while gaining complete compliance and governance features of Identity Manager

Invixium and Open Options Sign Strategic Distribution Partnership (Invixium) Open Options to Distribute Invixium Solutions Integrated with DNA Fusion™ Access Control Software

Wisetail Strengthens Support for Enterprises with New Learning Experience and Management Product Features (BusinessWire) Wisetail, a leader in learning engagement and management software that build companies into communities, today announced updates to its platform that

G2 Names Egnyte a Leader in Multiple Categories for Data Security, Governance and Content Collaboration | Egnyte (Egnyte) Egnyte, a leader in cloud content security and governance, today announced it has received the top score in the G2 Fall 2021 Grid Report for Data Security Software.

Technologies, Techniques, and Standards

The Cybersecurity 202: More secure election machines won’t be ready until 2024 (Washington Post) Election officials and technology companies are embarking on a multiyear process to improve the security and accessibility of voting machines.

12 database security landmines, failures, and mistakes that doom your data (CSO Online) Lapses in protecting databases are common and attackers know it. Here are the top database weaknesses they try to exploit.

Dos and don’ts for managing ransomware risk in healthcare (Healthcare IT News) The advisory CISO at Akamai has some advice for IT and cybersecurity leaders – strategies to prepare for, and respond to, ransomware strikes.

Rural hospitals are more vulnerable to cyberattacks – here’s how they can protect themselves (Healthcare IT News) Even with fewer resources, experts say these processes and best practices can help rural and critical access hospitals strengthen their IT systems and protect patient safety.

Three principles to ensure a secure remote workforce (FedScoop) A recent Okta report outlines how agencies can secure their remote and hybrid workforce while meeting new federal zero-trust security requirements.

Debunking Wi-Fi® Security Myths: Wi-Fi Encryption Is Weak (TechSpective) One of the most common myths associated with Wi-Fi® security is that wireless encryption is weak and easily cracked. To be fair, this myth does have a

Wisconsin Guard cyber team serving 1st federal deployment (US Army) Soldiers with the Wisconsin National Guard’s Detachment 1, 176th Cyber Protection Team, have made tremendous strides during the unit’s f…

Palantir’s God’s-Eye View of Afghanistan (Wired) The company’s software can sift through enormous amounts of data, and those metrics can be used to make life-or-death decisions.

SPDX Becomes Internationally Recognized Standard for Software Bill of Materials (PR Newswire) The Linux Foundation, Joint Development Foundation, and the SPDX community, today announced the Software Package Data Exchange® (SPDX®)…

Design and Innovation

Twitter is testing an official ‘soft block’ feature (The Verge) Remove unwanted followers without cutting them off.

Project Maven: Startups Backed By Google, Peter Thiel, Eric Schmidt And James Murdoch Are Building AI And Facial Recognition Surveillance Tools For The Pentagon (Forbes) The DOD is working with Silicon Valley startups on AI, facial recognition and all manner of other technologies, as a new analysis of government contract records reveals Project Maven is expanding.


UB awarded $126k grant to host teen cybersecurity workshop (University of Buffalo) The funding, from the National Security Agency, will support GenCyber, a program that has brought more than 200 middle and high school students to UB.

Legislation, Policy, and Regulation

20 Years After 9/11, Surveillance Has Become a Way of Life (Wired) Constant tracking has compromised Americans’ sense of themselves. But we may be able to regain our freedom.

China’s PIPL privacy law imposes new data handling requirements (CSO Online) The Personal Information Protection Law will force global companies doing business in China to be more careful with cross-border flow of personal information.

UK offers cash for CSAM detection tech targeted at E2E encryption (TechCrunch) The U.K. government is preparing to spend over half a million dollars to encourage the development of detection technologies for child sexual exploitation material (CSAM) that can be bolted on to end-to-end encrypted messaging platforms to scan for the illegal material, as part of its ongoing polic…

White House Cyber Summit: Why top tech cyber pledges aren’t enough (BetaNews) The Biden administration might have called on high profile figures to improve cybersecurity, but the reality is it’s down to all businesses to tighten up their IT security measures.

Department of Commerce Establishes National Artificial Intelligence Advisory Committee (U.S. Department of Commerce) The Department is now seeking to recruit top-level candidates to serve on the committee

Commerce establishes National AI Advisory Committee (FedScoop) The Department of Commerce has set up a committee to advise the president and other federal agencies on artificial intelligence issues, Secretary Gina Raimondo announced Wednesday. It seeks to recruit top-level talent to serve on the new panel, which is called the National AI Advisory Committee. DOC also seeks members for a new AI and […]

The State of Consumer Data Privacy Laws in the US (And Why It Matters) (Wirecutter: Reviews for the Real World) Digital privacy laws help control how your data is stored, shared, and used by big businesses—but those protections vary wildly depending on where you live.

Coalition Calls for Biden Administration to Prioritize Privacy and Civil Liberties in Filling Vacancies (National Coalition Against Censorship) NCAC has joined a coalition of 20 organizations led by the ACLU in urging the Biden Administration to appoint privacy and civil liberties-minded candidates to fill the existing vacancies on the Privacy and Civil Liberties Oversight Board (PCLOB) and uphold government transparency. 

Litigation, Investigation, and Law Enforcement

‘Cyber Grave Robbers’ Accused of Stealing Identities of Surfside Condo Victims (New York Times) Three people were charged with pilfering tens of thousands of dollars by obtaining credit in the names of seven residents of the Florida condo that collapsed.

The Secret Vulnerability of Cybercriminals: Burnout (Wall Street Journal) Police should focus less on the leaders and more on the legions of cybercrime workers and the networks they maintain.

Guntrader users to take legal action over data breach concerns (FarmingUK) Firearm owners who may have had their personal details leaked online are preparing to take legal action against the online marketplace Guntrader.

Revealed: LAPD officers told to collect social media data on every civilian they stop (the Guardian) An internal police chief memo shows employees were directed to use ‘field interview cards’ which would then be reviewed

Cognizant reaches US$95 million settlement with U.S. shareholders over India bribery allegations (CRN Australia) For concealing bribes to officials in India.

Hacking Team Customer in Turkey Was Arrested for Spying on Police Colleagues [or: The Spy Story That Spun a Tangled Web] (Zero Day) An investigation that weaves a winding tale between police in Ankara who were charged with spying on their own colleagues… and the purchase of Hacking Team’s surveillance software.

Investigation Finds NSO Malware Being Used By The Bahrain Government To Target Activists And Dissidents (Techdirt.) More bad news for Israeli malware purveyor NSO Group. Despite its contradictory and simultaneous claims that it does not allow its customers to abuse its products and that it has no way of monitoring use of its products, more evidence continues to…

Germany’s ‘FBI’ bought Israeli NSO’s spyware despite knowledge of rights abuses, report says (Haaretz) Sources tell Die Zeit that after Germany’s Federal Criminal Police Office failed to develop their own spyware program, they turned to Israeli cyber-espionage firm

Encryption poised to hamper Jan. 6 investigators’ phone records push (POLITICO) Lawmakers probing the Capitol riot are edging closer to seeking communications, including that of their colleagues. But in some cases, the data is encrypted.

No Warrant Needed For IP Address Data, 7th Circ. Rules (Law360) Law enforcement doesn’t need a search warrant before using surveillance devices to see the IP addresses visited by a criminal suspect, the Seventh Circuit ruled Wednesday, saying a disgruntled employee convicted of lobbing cyberattacks at his former company has no expectation of privacy in the captured routing information.

Sonic Won’t Escape Trial In Data Breach Class Action (Law360) A federal judge has denied fast-food chain Sonic’s bid for an early judgment in a class action over a massive data breach in which hackers gained access to cash registers at 762 franchise restaurants.

IRS used vape store receipts to gather evidence against alleged Ukrainian scammer (CyberScoop) U.S. law enforcement officials gathered details about a suspected cybercriminal by collecting intelligence from his apparent messages to vape shops in Ukraine.

Ukrainian indicted for running brute-force botnet, selling hacked PC accounts (The Record by Recorded Future) The US Department of Justice announced today the extradition of a Ukrainian national from Poland on charges of selling access to compromised computer systems via a specialized marketplace on the dark web.

ProtonMail Amends Its Policy After Giving Up an Activist’s Data (Wired) The email service says it was unable to appeal a Swiss court’s demand to log the IP address of a French climate advocate.

‘I’m Part of Something That’s Really Evil’ (New York Times) The story of Terry Albury, an F.B.I. agent so disillusioned by the war on terror that he was willing to leak classified documents.

Read the original article

Author: Data Privacy Channel