/Consider disabling ActiveX. BladeHawk cyberespionage targeting Kurds. Post-Labor Day, ransomware gangs are stirring. (via Qpute.com)
the cyberwire

Consider disabling ActiveX. BladeHawk cyberespionage targeting Kurds. Post-Labor Day, ransomware gangs are stirring. (via Qpute.com)

Attacks, Threats, and Vulnerabilities

The Cybersecurity 202: Ransomware threats barrel back after a slow Labor Day (Washington Post) Ransomware may take a holiday, but it doesn’t last long.

Germany Protests to Russia Over Pre-Election Cyberattacks (SecurityWeek) Germany has protested to Russia over attempts to steal data from lawmakers that it suspects may have been in preparation to spread disinformation ahead of the upcoming German election

BladeHawk group: Android espionage against Kurdish ethnic group (WeLiveSecurity) ESET researchers have investigated a targeted mobile espionage campaign against the Kurdish ethnic group, that has been active since at least March 2020.

REvil ransomware’s servers mysteriously come back online (BleepingComputer) The dark web servers for the REvil ransomware operation have suddenly turned back on after an almost two-month absence. It is unclear if this marks their ransomware gang’s return or the servers being turned on by law enforcement.

REvil ransomware group returns following Kaseya attack (The Record by Recorded Future) A dark web portal previously operated by the REvil ransomware gang has come back to life earlier today, sparking fears that the once-vaunted ransomware gang will soon resume its attacks.

Critical vulnerability in HAProxy (JFrog) JFrog security research team discovers new critical vulnerability (CVE-2021-40346) in HAProxy. The new vulnerability can be exploited for HTTP Request Smuggling attacks.

Microsoft Office Zero-Day Hit in Targeted Attacks (SecurityWeek) Microsoft’s embattled security response unit is scrambling to deal with another zero-day attack hitting users of its flagship Microsoft Office software suite

Microsoft warns of new IE zero-day exploited in targeted Office attacks (The Record by Recorded Future) Microsoft’s security team issued an alert earlier today to warn about a new Internet Explorer zero-day that is being abused in real-world attacks.

Microsoft MSHTML Remote Code Execution Vulnerability (Security Update Guide – Microsoft Security Response Center) Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.

Flowspec Bulletproof Services Enable Cybercrime Worldwide (RiskIQ) In our analysis of threat infrastructure spanning the global attack surface, we see bulletproof hosting providers continue to play an integral role in threat campaigns and provide essential services for cybercriminals. Flowspec, a bulletproof hosting provider that has been around since October 2018, is a one-stop-shop for threat groups, facilitating phishing campaigns, malware delivery, Magecart skimmers, and large swaths of other malicious infrastructure.

What it was like inside Microsoft during the worst cyberattack in history (Fast Company) Microsoft president Brad Smith describes the chaos inside the tech giant during the SolarWinds hack.

Inside the response to the massive Russian SolarWinds hack (Axios) The SolarWinds breach offered a variety of lessons for preventing future attacks.

New Zealand banks, post office hit by outages in apparent cyber attack (Reuters) Websites of a number of financial institutions in New Zealand and its national postal service were briefly down on Wednesday, with officials saying they were battling a cyber attack.

Live: Cyber attack fears – Kiwibank, ANZ, NZ Post, MetService back online after CERT flags cyberattacks – NZ Herald (New Zealand Herald) A number of websites are down. CERT NZ says it is aware of a DDoS attack.

Howard University targeted by ransomware attack (Washington Business Journal) The university said its IT team detected service disruptions Friday.

Hit with ransomware attack, Howard University forced to cancel classes (ABC News) Law enforcement agencies warned that the weekend could be ripe for attacks.

City of Bridgeport notifies residents of cyber attack; offers free credit monitoring (WBOY) BRIDGEPORT, W.Va. – The City of Bridgeport is the latest victim of a cyber attack that happened several months ago. In a five-page letter and reference guide was sent out to residents over th…

Claims of ransomware attacks on factoring firm eCapital shrouded in mystery (FreightWaves) Two ransomware gangs claim they attacked and stole data from freight factoring provider eCapital. But was the company actually hacked twice?

Data Security Update (Dallas Independent School District) The Dallas Independent School District recently received notice of a data security incident involving the district’s electronic records that may affect former and current students, alumni, parents, and district employees.

WhatsApp moderators can read your messages, says report (Computing) Facebook has repeatedly claimed that nobody can read end-to-end encrypted messages sent between WhatApp users

Security Patches, Mitigations, and Software Updates

Microsoft, CISA urge use of mitigations and workarounds for Office document vulnerability (ZDNet) Microsoft said disabling the installation of all ActiveX controls in Internet Explorer mitigates the attack.

Hitachi ABB Power Grids System Data Manager | (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 6.3
ATTENTION: Low attack complexity
Vendor: Hitachi ABB Power Grids
Equipment: System Data Manager
Vulnerability: Cleartext Storage of Sensitive Information

Successful exploitation of this vulnerability could allow an attacker access to sensitive information.

Mitsubishi Electric MELSEC iQ-R Series (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 7.4
ATTENTION: Exploitable remotely
Vendor: Mitsubishi Electric Corporation
Equipment: MELSEC iQ-R Series CPU Module
Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Insufficiently Protected Credentials, Overly Restrictive Account Lockout Mechanism

A Peek Inside the 2021 Threat Hunting Report (CrowdStrike) In this year’s Threat Hunting Report, CrowdStrike’s Falcon OverWatch threat hunters share the trends in adversary tradecraft that have emerged over the past year.

Growing Numbers of Network Engineers Turning to NetOps to Enhance Security (BusinessWire) New Opengear research confirms growing numbers of network engineers are turning to NetOps to enhance security.

Global Ransomware Report – August 2021 (BlackFog) In August we uncovered 21 reported ransomware attacks with government and healthcare being the most targeted during the month. The first healthcare incident took place in Italy where the Italian vaccination registration system was taken offline by RansomEXX. While US based Eskenazi Health and Memorial Health System were forced to divert ambulances and cancel procedures due to ransomware attacks.

Security Compass Releases Research Report: The State of Cloud Adoption in 2021 (BusinessWire) Security Compass today published the results of a new report, “The State of Cloud Adoption in 2021.”

Professor: Companies Aren’t Ready for Cyberattacks – and They Know It (UVA Today) McIntire School of Commerce professor Chris Maurer found that many organizations aren’t taking necessary cybersecurity measures – though they know they should.

Every organization needs to up cyber protection: Microsoft President (Yahoo Finance) Brad Smith, Microsoft President, talks about the new sections in the updated version of his New York Times best-selling book ‘The Promise and the Peril of the Digital Age.

Why cyber scare tactics have missed the mark (VentureBeat) We need to go beyond innovating with tools and tech and think about innovating with outreach and communications beyond the security field.

Redgate Monitoring Survey Exposes the Top Challenges DBAs Face with Rapidly Growing Server Estates (IT News Online) Data professionals are under more pressure than ever, maintaining the performance of fast-growing server estates, managing cloud migrations, meeting increased security and compliance concerns, and coping with staffing and recruitment issues, a survey from Redgate reveals.

Cyberinsurance Carriers Top Hackers’ Hit List (Law360) Insurers offering coverage for cyberattacks have themselves been victimized by cybercrime in recent months, fueling concerns that hackers could steal and threaten to leak the details of cyber policies, affecting insurers and policyholders alike.

Cybellum and the Automotive Security Research Group (ASRG) Survey finds that the automotive industry isn’t ready for upcoming cybersecurity regulations (PR Newswire) Cybellum, a leader in product security lifecycle management and The Automotive Security Research Group (ASRG) released a report today outlining…

The top phishing keywords in the last 10k+ malicious emails we investigated (Expel) Curious how attackers are prompting victims to engage with phishing campaigns? Check out the top keywords from the malicious emails our SOC investigated and our top resilience recommendations.


Thoma Bravo Makes Strategic Investment in Intel 471 (PR Newswire) Thoma Bravo, a leading software investment firm, today announced it has signed a definitive agreement to make a strategic growth investment in…

Ad Fraud Protection Firm Pixalate Raises $18.1 Million (SecurityWeek) Pixalate, a firm that provides fraud protection for mobile app and connected TV advertising, has raised $18.1 million in growth capital, bringing the total amount raised by the company to $22.7 million.

Inpher Secures Strategic Investment from Swisscom Ventures to Accelerate Growth in Secure, Privacy-Preserving Computing (PR Newswire) Inpher, Inc., the pioneers of Secret Computing©, today announced a strategic investment from Swisscom Ventures to fuel growth and partnership…

Nominations are Now Open for LogRhythm’s Inaugural Pinnacle Awards (LogRhythm) LogRhythm today announced nominations are open for its inaugural Pinnacle Awards from now through Sept. 13. Outstanding security leaders, programs and organizations will be recognized at the upcoming RhythmWorld 2021 Security Conference, which will take place virtually Oct. 12–14, 2021.

The 10 most powerful cybersecurity companies (ChannelAsia) What makes these 10 security vendors the biggest power players? We break it down.

How Akamai Evolved Into a Security Vendor (Security Boulevard) In this episode of The View with Vizard, host Mike Vizard talks with Dr. Boaz Gelboard, Akamai chief security officer, about how Akamai, a longtime

Zscaler Appoints Industry Veteran Eileen Naughton to its Board of Directors (GlobeNewswire News Room) Naughton’s senior leadership experience in People and Culture, team strategy, operations and execution at global technology and media companies complements…

Ping Identity appoints ANZ channel leader (CRN Australia) Taps Robert Cipriani from Druva for the role.

Query.AI Ramps Up Go-To-Market Efforts to Drive Next Phase of Growth (Query.AI)  Query.AI, the provider of the market’s only security investigations control plane for modern enterprises, announces the expansion of its leadership team with seasoned cybersecurity executives.

Former Symantec and Malwarebytes Executive Joins Corelight as Senior Vice President of Product (PR Newswire) Corelight, provider of the industry’s first open network detection and response (NDR) platform, today welcomed Clint Sand as its new senior…

Products, Services, and Solutions

JCB and Checkout.com to extend strategic partnership, as first payment services provider to bring JCB’s J/Secure™2.0 to the UK (Checkout.com) JCB International Co., Ltd., the international operations subsidiary of JCB Co., Ltd., and Checkout.com, the global payments processing platform, today announces the next evolution of their partnership with the rollout of J/Secure™2.0 which is compliant with EMV® 3-D Secure (EMV 3DS) to Checkout.com’s merchants in the UK.

A10 Networks enhances its solutions to help customers accelerate zero trust strategies (Help Net Security) A10 Network has enhanced its solutions to help customers meet and accelerate their zero trust strategies for public and private organizations.

Progress to Unveil New Capabilities at ChefConf 2021 that Ensure Successful DevSecOps Adoption (KULR-8 Local News) New cloud compliance, operator productivity, and cloud deployment capabilities help teams accelerate their DevOps journeys

Credence Security and ACE Lab Strengthen Partnership to Empower Regional Enterprises with Cutting-Edge Data Recovery Tools (Yahoo Finance) Credence Security, the leading regional distributor of specialized solutions in cybersecurity, forensics, governance, risk and compliance, has strengthened its existing partnership with ACE Lab, a pioneer in data recovery and digital forensics technologies to extend in order to cover the entire Middle East and Pakistan region.

RTÉ launches a new kids’ animated series on online safety, while Virgin Media adds YouTube Kids app (Irish Examiner) Young people’s online safety – and empathy – is a priority for many parents as social media and online consumption continues to change

BlackCloak Earns SOC 2 Type II Certification for its Concierge Cybersecurity & Privacy Platform (PR Newswire) BlackCloak, Inc., the first Concierge Cybersecurity & Privacy™ Protection Platform for Executives and High-Profile Individuals, today announced…

Aqua Security and IBM Team to Bring End-to-End Cloud Native Security to Power10-Based Systems, Enabling a Secured Platform for Containerized Workloads (BusinessWire) Aqua Security, the pure-play cloud native security provider, today announced that the company will be the first cloud native security PartnerWorld par

Sumo Logic and IBM Expand Collaboration to Accelerate Hybrid Cloud Adoption with Marketplace Availability and Red Hat OpenShift Operator Integration (Sumo Logic) Sumo Logic (Nasdaq: SUMO), the pioneer in continuous intelligence, and IBM (NYSE: IBM) today announced the availability of Sumo Logic’s Continuous Intelligence Platform™ on Red Hat Marketplace, the open cloud marketplace for enterprise customers that offers a simpler way to buy and deploy certified…

Riverside.fm is now SOC 2 Type 2 Compliant! (Riverside.fm) Riverside.fm is now SOC 2 Type 2 Compliant! Read on to understand what that means and why it’s important.

OneLogin Automates Advanced Identity Lifecycle Management Processes, Provides “Any-to-Any” Connectivity with Robust Integrations (GlobeNewswire News Room) New Offerings Streamline Workflows and Reduce Security Risks for Onboarding and Offboarding…

Technologies, Techniques, and Standards

Bye-Bye, Burnout: Save Security Teams Time with Automation (F-Secure) Employees are often described as weak links in organizations’ security. But when companies make it easy to report phishing emails, employees can be the first line of defense.

Moving the U.S. Government Towards Zero Trust Cybersecurity Principles (OMB | CISA) Read and comment on the U.S. government’s draft Federal Zero Trust Strategy. This strategy is intended to accelerate federal agencies towards a shared baseline of early zero trust maturity.

Cloud Security Technical Reference Architecture (CISA) The purpose of the Cloud Security Technical Reference Architecture (TRA) is to illustrate recommended approaches to cloud migration and data protection, as outlined in Section 3(c)(ii) of Executive Order 14028. As the Federal Government continues to transition to the cloud, the TRA will be a guide for agencies to leverage when migrating to the cloud securely. Additionally, the document explains considerations for shared services, cloud migration, and cloud security posture management.

Cloudy With a Chance of Migration: Helping Agencies Make the Move to the Cloud (CISA) By: Eric Goldstein, Executive Assistant Director, Cybersecurity and Infrastructure Security Agency

Zero Trust Maturity Model (CISA) CISA’s Zero Trust Maturity Model is one of many roadmaps for agencies to reference as they transition towards a zero trust architecture. The goal of the maturity model is to assist agencies in the development of their zero trust strategies and implementation plans and present ways in which various CISA services can support zero trust solutions across agencies.

No Trust? No Problem: Maturing Towards Zero Trust Architectures (CISA) By: Eric Goldstein, Executive Assistant Director, Cybersecurity and Infrastructure Security Agency

CISO Conversations: The Difference Between Securing Cities and Businesses (SecurityWeek) SecurityWeek spoke to CISOs from the City of Tampa, and from Tallahassee to learn if a city CISO needs to be similarly different to a private sector CISO

Research and Development

UMd., IonQ to establish first quantum computing research facility with millions-dollar investment (Washington Business Journal) University of Maryland, College Park is investing $20 million to establish The National Quantum Lab at Maryland (Q-Lab) on campus. Q-Lab will serve as a research facility enabled with quantum computing technology provided by nearby firm IonQ.

IonQ, UMD to Establish First-of-its-Kind Facility to Provide Quantum… (Maryland Today) $20M Investment From UMD Will Create National Quantum Lab in Discovery District


Cybersecurity event offers new competition for students, others (Around the O) The Cyber Cup Challenge has been added to the annual UO Cyber Resilience Summit

Legislation, Policy, and Regulation

Taliban forms acting government in Afghanistan, saying permanent leadership to be named soon, as protests grow (Washington Post) The Taliban on Tuesday took its first step toward formalizing its rule of Afghanistan, announcing the leaders of a caretaker government that included members of the powerful Haqqani network but excluded representatives of the country’s toppled government.

Afghans Protest After Taliban Claim to Have Crushed Panjshir Resistance (Foreign Policy) Chants of “Freedom” and “Death to Taliban” rang out in Kabul and other Afghan cities.

US-led meeting to set out framework for Taliban cooperation (the Guardian) Talks involving up to 20 nations come as militants ignore calls to form inclusive government in Afghanistan

China Weighing Occupation of Former U.S. Air Base at Bagram: Sources (US News) Building on friendly relations Beijing has secured with the new Taliban government in Afghanistan, China is now considering new ways to expand influence and embarrass the U.S.

‘Strategic ambiguity’: Former INDOPACOM chief calls for Taiwan policy review amid Chinese buildup (Stars and Stripes) Washington should review its ambiguous position on defending Taiwan during a Chinese attack, according to a former Indo-Pacific Command leader.

Allan Friedman: Software Bill of Materials Should Be Part of Multifaceted Cybersecurity Agenda (Executive Gov) Allan Friedman, who just moved to the Cybersecurity and Infrastructure Security Agency (CISA) to hel

Garbarino, Bipartisan Members Introduce The CISA Leadership Act (Representative Andrew Garbarino) Congressman Andrew R. Garbarino, Ranking Member of the House Committee on Homeland Security’s Cybersecurity, Infrastructure Protection, and Innovation Subcommittee introduced the CISA Leadership Act.

UK calls for browser-level controls to tackle cookie pop-up fatigue (The Record by Recorded Future) The UK’s privacy and data protection authority says that people are tired of cookie pop-ups and that the current cookie consent mechanism should be moved at the browser level.

Litigation, Investigation, and Law Enforcement

Coinbase Says SEC Plans Enforcement Action Over Crypto Lending Program (Wall Street Journal) Coinbase co-founder and Chief Executive Brian Armstrong accused the SEC of using ‘intimidation tactics behind closed doors’ to stop his company from launching a lending program.

Germany Admits Police Used Controversial Pegasus Spyware (SecurityWeek) The German government admitted that its federal police service used controversial Israeli spyware known as Pegasus, made by Israeli firm NSO Group

ProtonMail said Swiss court order left no choice but to log activist’s IP address (CyberScoop) ProtonMail, the encrypted email service that’s built a reputation for safeguarding user data, said it had no choice but to provide details about an activist to French authorities, amid mounting questions about the privacy protections in the popular mail client.

California AG says some hospitals not reporting ransomware attacks (Becker’s Hospital Review) California Attorney General Rob Bonta is calling on hospitals to comply with state cyberattack reporting laws because there are several unreported ransomware attacks, according to a Sept. 3 StateScoop report.

As Cyberthreats Mount, Advisors Have a Target on Their Backs (Barron’s) Seen as gateways to vast sums of money and stores of sensitive information, advisors are a favorite target of hackers. How can they respond, and what do regulators expect?


This is a syndicated post. Read the original post at Source link .