Watering-hole in Hong Kong. US, EU join Paris Call. NSO C-suite turnover. ICS advisories. Rising tensions in Eastern Europe.



Attacks, Threats, and Vulnerabilities

COVID-19: North Korean hackers detected searching for vaccine manufacturing secrets (Sky News) The cyber campaign comes despite the regime in Pyongyang claiming that there are no COVID-19 cases in the country and declining three million vaccine doses from UNICEF.

North Korean hackers target the South’s think tanks through blog posts (ZDNet) Responsibility for new attacks has been laid at the feet of the Kimsuky threat group.

Lazarus hackers target researchers with trojanized IDA Pro (BleepingComputer) A North Korean state-sponsored hacking group known as Lazarus is again trying to hack security researchers, this time with a trojanized pirated version of the popular IDA Pro reverse engineering application.

South Korean Users Targeted with Android Spyware ‘PhoneSpy’ (SecurityWeek) Researchers find Android malware with extensive spyware capabilities, including data theft, GPS monitoring, and audio and video recording.

PhoneSpy: The App-Based Cyberattack Snooping South Korean Citizens (Zimperium Mobile Security Blog) Zimperium has discovered the active malware campaign PhoneSpy, a spyware aimed at South Korean residents with Android devices.

macOS zero-day deployed via Hong Kong pro-democracy news sites (The Record by Recorded Future) A suspected state-sponsored threat actor has used Hong Kong pro-democracy news sites to deploy a macOS zero-day exploit chain that installed a backdoor on visitors’ computers.

Google Caught Hackers Using a Mac Zero-Day Against Hong Kong Users (Vice) “The nature of the activity and targeting is consistent with a government backed actor,” the Google researchers say.

This new Android spyware masquerades as legitimate apps (TechCrunch) The spyware has already ensnared over a thousand victims.

FBI: Iranian threat actor trying to acquire leaked data on US organizations (The Record by Recorded Future) The US Federal Bureau of Investigation says that a threat actor known to be associated with Iran is currently seeking to acquire data from organizations across the globe, including US targets.

PA alleges: NSO Group spyware used to hack foreign ministry workers’ phones (Times of Israel) Palestinian Authority asserts it has proof of ‘Israeli intrusion,’ after rights groups’ alleged they were targeted with the Israel-based firm’s tech

Google Caught Hackers Using a Mac Zero-Day Against Hong Kong Users (Vice) “The nature of the activity and targeting is consistent with a government backed actor,” the Google researchers say.

Analyzing a watering hole campaign using macOS exploits (Google) To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. In late August 2021, TAG discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political group.

Watering hole attacks enabled hackers to target iPhone and Mac users in Hong Kong (Computing) A zero-day bug in macOS Catalina allowed threat actors to install backdoors on Apple devices

Taiwan Government Faces 5 Million Cyberattacks Daily: Official (SecurityWeek) Taiwan’s government agencies face around five million cyberattacks and probes a day, an official said, as a report warned of increasing Chinese cyber warfare targeting the self-ruled island

AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits (AT&T Alien Labs) AT&T Alien Labs™  has found new malware written in the open source programming language Golang. Deployed with more than 30 exploits, it has the potential of targeting millions of routers and IoT devices.

Cyber-mercenary group Void Balaur has been hacking companies for years (The Record by Recorded Future) Cyber-security firm Trend Micro has published today a 46-page report detailing the history and activity of a hacker-for-hire group that has been advertising its services in the cybercrime underworld and conducting on-demand intrusions since the mid-2010s.

Void Balaur: Tracking a Cybermercenary’s Activities (Trend Micro) The internet brings new and innovative technologies and services, yet it also serves as the battleground for malicious actors who seek to attack or steal information from organizations and individuals. To fulfill the demands of offensive cyberattacks, an industry has emerged that can sell tools, services and training to governments, corporations, organized crime and even wealthy individuals. Cybermercenaries are part of this industry, and in return for their services, they get monetary rewards or other benefits.

TrickBot teams up with Shatak phishers for Conti ransomware attacks (BleepingComputer) A threat actor tracked as Shatak (TA551) recently partnered with the ITG23 gang (aka TrickBot and Wizard Spider) to deploy Conti ransomware on targeted systems.

THREAT ANALYSIS REPORT: From Shathak Emails to the Conti Ransomware (Cybereason) The ITG23 group is partnering with the TA551 (Shatak) threat group to distribute ITG23’s TrickBot and BazarBackdoor malware which attackers use to deploy Conti ransomware on compromised systems…

Robinhood Hackers Accessed Internal Tool for Removing Account Security Features, Screenshots Show (Vice) Robinhood told Motherboard that based on its investigation, the hackers did not make changes to any customer accounts.

Why Exactly 310 of Robinhood’s 7 Million Cyber-Attack Victims Should Be Worried (Time) The danger is that the exposed information could be used to facilitate further attacks

Careful: ‘Smart TV remote’ Android app on Google Play is malware (BleepingComputer) Two Android apps sitting on the Google Play store have been found to contain malware this week. These apps are called ‘Smart TV remote’ and ‘Halloween Coloring’.

A stitch in BIND saves nine | Synopsys (Software Integrity Blog) A vulnerability was discovered in the named DNS server implementation contained in the development branch builds of BIND 9.

Critical Flaw in WordPress Plugin Leads to Database Wipe (SecurityWeek) An authenticated attacker could exploit the flaw to trigger the restart of the WordPress installation process and create an administrator account.

Agent 008: Chaining Vulnerabilities to Compromise GoCD (SonarSource) We discovered 3 more code vulnerabilities in the popular GoCD CI/CD system that can be chained by attackers to leak or modify internal code. Learn more in this blog post.

Positive Technologies: Vulnerabilities in Apple Pay, Samsung Pay, and Google Pay Allow Attackers to Make Unauthorized Purchases (Positive Technologies) Attackers Need Only a Smartphone With an Added Credit Card and Enabled Public Transport Schemes

Nearly 100 TCP/IP Stack Vulnerabilities Found During 18-Month Research Project (SecurityWeek) Project Memoria was 18-month research project that resulted in the discovery of nearly 100 vulnerabilities across 14 TCP/IP stacks

Stor-a-File hit by ransomware through SolarWinds Serv-U (Register) New research says it’s Clop’s favourite attack method du jour

Zero-Day Disclosure: PAN GlobalProtect CVE-2021-3064 (Randori) On November 10, 2021 Palo Alto Networks (PAN) provided an update that patched CVE-2021-3064 which was discovered and disclosed by Randori.

14 New Vulnerabilities Discovered in BusyBox (SecurityWeek) A total of 14 new vulnerabilities have been discovered in BusyBox and the researchers who found them have disclosed some details.

PrawnHub! Hackers redirect Angling Direct customers to adult website (Graham Cluley) Mischievous hackers have breached the IT systems of the UK’s biggest fishing gear outlet, redirecting customers of its online store to an X-rated website. It’s 2021, for Cod’s hake. We should be doing…

Opposition Parties ‘Surprised’ by Lack of Encryption Amid Cyber Attack (VOCM) The Opposition parties say they’re surprised that the personal information accessed during the recent cyberatt…

City of Moline falls victim of cyber attack, now under federal investigation (WQAD) The exact amount of the scam remains sealed right now as the insurance company works to recoup the lost funds.

Southern Ohio Medical Center diverting ambulances after apparent cyber attack (WOWK 13 News) According to a release from Southern Ohio Medical Center, a third party was able to gain access to computers at the facility. This is believed to be a targeted cyber attack. T…

SOMC hit by cyber-attack, says operations not affected (WSAZ) Southern Ohio Medical Center says its computer software has been hit by a targeted cyber-attack.

SOMC suffers from cyber attack – Portsmouth Daily Times (Portsmouth Daily Times) Patients who had appointments at Southern Ohio Medical Center (SOMC) facilities Thursday received notice that their appointments were ca

Security Patches, Mitigations, and Software Updates

Crucial BIOS update rolling out for Intel 11th Gen, 10th Gen, and more CPUs, fixes LPE bug (Neowin) Intel has published an updated security advisory for a couple of new LPE bugs that were discovered. A lot of the newer CPUs, except Alder Lake, are vulnerable too. Firmware patches are rolling out.

Microsoft patches Excel zero-day used in attacks, asks Mac users to wait (BleepingComputer) During this month’s Patch Tuesday, Microsoft has patched an Excel zero-day vulnerability exploited in the wild by threat actors.

Patch Tuesday updates the Win 7 updater… for at most 1 more year of updates (Naked Security) The clock stopped long ago on Windows 7, except for those who paid for overtime. But there won’t be any double overtime!

Palo Alto Networks patches zero-day bug in its GlobalProtect Portal VPN (Computing) Nearly 10,000 internet-facing servers are estimated to be running on vulnerable software

SAP Patches Critical Vulnerability in ABAP Platform Kernel (SecurityWeek) SAP on Tuesday announced the release of five new and two updated security notes as part of its November 2021 Security Patch Day, including one note that deals with a critical vulnerability in ABAP Platform Kernel.

SAP Security Patch Day November 2021: Critical Patch for ABAP Platform Kernel (Onapsis) SAP’s November Patch Day contained 11 notes in total with only three new notes above CVSS 7.0, a record low number for the year.

VMware Working on Patches for Serious vCenter Server Vulnerability (SecurityWeek) VMware is working on patches for a high-severity privilege escalation vulnerability affecting vCenter Server.

Citrix Patches Critical Vulnerability in ADC, Gateway (SecurityWeek) Citrix this week released patches for a couple of vulnerabilities affecting Citrix ADC, Gateway, and SD-WAN, including a critical bug leading to denial of service (DoS).

WECON PLC Editor (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: WECON
Equipment: PLC Editor
Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Write
2. RISK EVALUATION

Successful exploitation of these vulnerabilities may allow arbitrary code execution.

Multiple Data Distribution Service (DDS) Implementations (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 8.6
ATTENTION: Exploitable remotely/low attack complexity
Vendors: Eclipse, eProsima, GurumNetworks, Object Computing, Inc.

Siemens SIMATIC WinCC (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 9.9
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SIMATIC WinCC
Vulnerabilities: Path Traversal, Insertion of Sensitive Information into Log File
2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow local attackers to escalate privileges, and read, write, or delete critical files.

Siemens Mendix (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 4.0
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: Mendix
Vulnerability: Use of Web Browser Cache Containing Sensitive Information
2. RISK EVALUATION

Successful exploitation of this vulnerability could allow a local attacker to read cached documents by exploring the browser cache.

Siemens Mendix Studio Pro (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 5.3
ATTENTION: Exploitable remotely
Vendor: Siemens
Equipment: Mendix Studio Pro
Vulnerabilities: Incorrect Authorization
2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow authenticated attackers to manipulate the content of specific objects or to retrieve a specific attribute of arbitrary objects.

Siemens SCALANCE W1750D (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SCALANCE W1750D
Vulnerabilities: Improper Restriction of Operations Within the Bounds of a Memory Buffer, Command Injection, Path Traversal
2.

Siemens Nucleus RTOS-based APOGEE and TALON Products (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: Nucleus RTOS based APOGEE and TALON Products
Vulnerabilities: Type Confusion, Improper Validation of Specified Quantity in Input, Out-of-bounds Read, Improper Restriction of Operations within the Bounds of a Memory Buffer, Improper Null Termination, Buffer Access with Incorrect Length Value, Integer Underflow, Improper Handling of Inconsistent Structural Elements

Siemens NX OBJ Translator (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 7.8
ATTENTION: low attack complexity
Vendor: Siemens
Equipment: NX
Vulnerabilities: Use After Free, Access of Uninitialized Pointer
2. RISK EVALUATION

Successful exploitation of these vulnerabilities could lead to an access violation and arbitrary code execution on the target system.

Siemens Climatix POL909 (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 6.4
ATTENTION: Exploitable remotely
Vendor: Siemens
Equipment: Climatix POL909 (AWM module)
Vulnerability: Missing Encryption of Sensitive Data
2. RISK EVALUATION

Successful exploitation of this vulnerability could allow sensitive data disclosure or modification of data in transit.

Siemens SENTRON powermanager (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: SENTRON powermanager
Vulnerability: Incorrect Permission Assignment for Critical Resource
2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an authenticated local attacker to inject arbitrary code and escalate privileges.

Siemens SIMATIC RTLS Locating Manager (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 5.5
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: SIMATIC RTLS Locating Manager
Vulnerabilities: Insertion of Sensitive Information into Log File, Cleartext Storage of Sensitive Information, Improper Input Validation
2.

Siemens NX JT Translator (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 3.3
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: NX
Vulnerabilities: Out-of-bounds Read, Access of Uninitialized Pointer
2. RISK EVALUATION

Successful exploitation of these vulnerabilities could lead to access violation and arbitrary code execution on the target host system.

Siemens Siveillance Video DLNA Server (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 8.6
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: Siveillance Video DLNA Server
Vulnerability: Path Traversal
2. RISK EVALUATION

Successful exploitation of this vulnerability could allow access to sensitive information on the DLNA server.

Siemens Linux Based Products (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 7.4
ATTENTION: Exploitable remotely
Vendor: Siemens
Equipment: Linux based products
Vulnerability: Use of Insufficiently Random Values
2. RISK EVALUATION

Successful exploitation of this vulnerability could compromise confidentiality and integrity.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following Siemens Linux based products are affected:

Siemens Nucleus Products DNS Module (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 8.1
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: Nucleus NET, Nucleus RTOS, Nucleus Source Code, VSTAR
Vulnerabilities: Out-of-bounds Write, Use of Out-of-Range Pointer Offset
2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow a denial-of-service condition or for the execution of code remotely.

Siemens Nucleus Products IPv6 Stack (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: Nucleus 4, Nucleus NET, Nucleus ReadyStart, Nucleus Source Code, VSTAR
Vulnerabilities: Infinite Loop
2. RISK EVALUATION

Successful exploitation of these vulnerabilities could cause a denial-of-service condition.

Multiple Embedded TCP/IP stacks (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Multiple
Equipment: Nut/Net, CycloneTCP, NDKTCPIP, FNET, uIP-Contiki-OS, uC/TCP-IP, uIP-Contiki-NG, uIP, picoTCP-NG, picoTCP, MPLAB Net, Nucleus NET, Nucleus ReadyStart
Vulnerabilities: Use of Insufficiently Random Values

Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update A) (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 6.7
ATTENTION: Low skill level to exploit
Vendor: Siemens
Equipment: SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK
Vulnerability: Unquoted Search Path or Element
2.

Ransomware attack on mining operations “almost inevitable,” says cybersecurity expert (MINING.COM) “The world’s leading mining companies are now unanimous in reporting that cyber threats are a principal risk to them achieving their goals.

Armis Data Highlights Increased Risk for Healthcare organizations as Attack Surface Expands (Armis) Armis released data showing the increased security risk faced by healthcare organizations and patients as an increase in connected devices creates an expanded attack surface, putting the patient journey at risk.

Top Attack Vectors: October 2021 – Expel (Expel) This report dives into the top attack vectors and trends among the incidents our SOC investigated in October 2021. Learn our key recommendations to protect your org from these types of attacks.

The Rising Threat Stemming From Identity Sprawl (SecurityWeek) The identity sprawl generated by remote working and business digitization is out of control. This is the clear message from a global survey of more than 1,000 IT professionals.

Businesses don’t know how to manage VPN security properly – and cyber criminals are taking advantage (ZDNet) Remote working has resulted in a rise in the use of corporate VPNs. But inexperience means many businesses aren’t equipped to look for and patch security vulnerabilities being exploited by malicious hackers.

ICS, OT Cybersecurity Incidents Cost Some U.S. Firms Over $100 Million: Survey (SecurityWeek) A report shows that the average cost of an ICS/OT cybersecurity incident is $3 million and some companies reported costs of over $100 million.

Marketplace

The Wild West of the Nascent Cyber Insurance Industry (SecurityWeek) SecurityWeek takes a look inside the nascent cyber insurance industry and examines the challenges this dynamic industry faces as it becomes a key part of the global business landscape

Contrast Security Raises $150 Million at ‘Unicorn’ Valuation (SecurityWeek) Code security company Contrast Security has closed $150 million Series E funding round at a billion-dollar valuation

Kaspersky acquires Brain4Net to boost XDR platform with orchestrated SASE (Back End News) Kaspersky, a global cybersecurity company and leader in endpoint protection, has acquired an emerging company, Brain4Net. The organization has been developing solutions and services to help enterpr…

Beyond Identity and Atlas Identity Announce Strategic Partnership (Beyond Identity) Beyond Identity selects Atlas Identity to drive UK customer expansion in the UK

Telos Corporation Expands U.S. Public Sector Market Reach Through DLT Solutions’ Contract Vehicles (GlobeNewswire News Room) Following the launch of Telos CyberProtect Partner Program, cybersecurity leader increases solutions portfolio access to U.S. SLED market through…

Discord pushes pause on exploring crypto and NFTs amidst user backlash (TechCrunch) Discord founder and CEO Jason Citron sought to reassure users Wednesday that the company doesn’t have impending plans to shift its business toward NFTs. In a tweet earlier this week, Citron shared an image of crypto wallet MetaMask integrated into Discord’s user interface with the text …

FRANCE : Franco-Canadian venture RFence debuts in radio-frequency interceptions market (Intelligence Online) Financed by French public sector investment bank Bpifrance and Canadian partners, the young French company RFence aims to break into the radio-frequency interceptions market, starting with the

CEO-designate of NSO spyware firm quits following U.S. blacklist (Reuters) The executive due to take over as CEO of Israeli spyware company NSO Group has quit after the business was blacklisted by the U.S. Commerce Department, the company said on Thursday.

CEO-designate of spyware firm NSO quits after US blacklisting (the Guardian) Resignation comes after Biden administration said Israeli firm acted contrary to US security interests

New NSO CEO steps aside; Crisis surrounding Israeli cyber firm continues (The Jerusalem Post) The US Commerce Department announced last week that it had added the cyber offense firms NSO Group and Candiru to its blacklist.

Why this LogRhythm co-founder launched a new Boulder cybersecurity startup (Denver Business Journal) Two years after stepping away from the company he helped build, LogRhythm co-founder Chris Petersen is back in charge of a Boulder startup providing military grade cybersecurity to small and medium-sized businesses.

Why SailPoint Stock Jumped on Wednesday (The Motley Fool) The company’s transition to a subscription-based model has gone better than expected.

What We Can Learn From Darktrace’s Stock Plummet (Diving Daily) If you’re a follower of the stock market, you have probably come across the name ‘Darktrace’ at some point in the last two or three weeks. That’s because, in

The Darktrace share price plunges 30% in a month. What’s up? (The Motley Fool UK) Having exceeded £10 in late September, the Darktrace share price has collapsed by 30% in the past month. What went wrong for this cyber-security stock?

Ketch Named a Cool Vendor in Privacy by Gartner (Yahoo) Ketch Named a Cool Vendor in Privacy by Gartner

NightDragon Launches Advisory Council to Advance the Next Generation of Cybersecurity, Safety, Security and Privacy Companies (Yahoo) NightDragon today announced the launch of its inaugural Advisory Council, a group of leading industry executives to accelerate the growth of its portfolio companies and advance its investment strategy. With its inaugural members, NightDragon hopes to grow a community of insightful industry leaders committed to the mission of working together to help close the gap between offense and defense in cybersecurity, safety, security and privacy.

Protegrity Appoints Paul Mountford as CEO to Lead Company Expansion (BusinessWire) Protegrity, a global leader in data security, today announced the appointment of Paul Mountford as the company’s new CEO. Mountford joins Protegrity f

Novetta Vet Rick Johnson Named IntelliBridge CFO (GovCon Wire) Looking for the latest GovCon News? Check out our story: Rick Johnson Named IntelliBridge CFO. Click to read more!

Matt Biggin Joins Egress as VP of Engineering From Mimecast (Yahoo) Egress, the leading provider of intelligent email security, announced today that it has hired Matt Biggin as its new VP of Engineering to scale and deliver its product roadmap.

NINJIO Announces Appointment of Brett Wahlin to their Board of Directors (PR Newswire) NINJIO announced today the appointment of Brett Wahlin, to their board of directors. Brett will advise the company on its continued development…

Alan Paller, Cyber Security Industry Titan and SANS Institute Founder, Passes Away (SANS Institute) It is with deep sadness that SANS Institute (SANS) announces that SANS founder Alan Paller, 76, passed away on November 9.

Products, Services, and Solutions

Hunters XDR SOC Platform Now Available in AWS Marketplace (GlobeNewswire News Room) Leading Open Extended Detection and Response (XDR) platform automates threat hunting in AWSScales to ingest, index and correlate all AWS security logs and…

Latest Releases of Configit Ace® and Configit Quote® Enable End-to-End Configuration Lifecycle Management Integration (Configit) Configit, the global leader in Configuration Lifecycle Management (CLM), is pleased to announce the latest release of the Configit Ace® enterprise-grade product configuration platform and Configit Quote® CPQ solution that will make Configuration Lifecycle Management integration easier, faster, and more efficient for manufacturers of complex, configurable products.

Tenable Teams with IBM Security X-Force Red to Continuously Detect and Prevent Active Directory Attacks (Yahoo Finance) Tenable®, Inc., the Cyber Exposure company, today announced an expansion of its strategic relationship with IBM Security X-Force Red to deliver comprehensive Active Directory security services that continuously detect and prevent attacks against the Active Directory and connected environment in real-time. By combining the power of Tenable.ad with X-Force Red’s team of veteran hackers, organizations can identify and disrupt attack opportunities bef

Tanium collaborates with Deep Instinct to strengthen endpoint security for organizations (Help Net Security) Tanium announced a partnership with Deep Instinct, offering organizations around the globe the ability to evolve endpoint security.

Difenda Joins Microsoft Intelligent Security Association (PR Newswire) SecOps-as-a-Service provider and cybersecurity consultancy Difenda announced today that it has joined the Microsoft Intelligent Security…

Technologies, Techniques, and Standards

NIST Seeks Feedback on Cybersecurity Labels for Software (Nextgov.com) The effort aims to create a user-friendly label to educate consumers about their purchases.

RPC Firewall Dubbed ‘Ransomware Kill Switch’ Released to Open Source (SecurityWeek) Now in open source, RPC firewall provides granular control over RPC, capable of blocking the use of lateral movement hacker tools and stopping ransomware attacks

How to spot and block cryptominers on your network (CSO Online) Cryptominer malware is stealthy and drags down network and device performance. Some simple tasks and basic tools can minimize its impact.

How to Not Get Scammed on Discord (Black Hills Information Security) Max Boehner & Noah Heckman // Introduction As 2020 sent us all into our homes social distancing, the demand for online messaging saw a huge spike in an effort for people to stay in contact with each other. In some cases, even entire social events (like conferences and club meetings) were ported to platforms such as Discord and Slack to increase biological security, while […]

Dependency Combobulator offers defense against namespace confusion attacks (The Daily Swig) Toolkit ‘tackles common scenarios’ and can evolve to detect emerging attack variants

Academia

Cameron University’s CU in Computing presentation to focus on Computer Science and Information Technology degree programs (Duncan Banner) If you’re considering a degree from Cameron University’s Department of Computing and Technology but aren’t sure of the differences between the department’s two undergraduate degree programs – Computer Science and

Legislation, Policy, and Regulation

Russian troop movements show wider conflict is possible, top Ukraine official says (Military Times) “All available information indicates that the armed forces of Russia permanently sustain a powerful offensive grouping around Ukraine,” Roman Mashovets, deputy head of Ukraine’s Office of the President for national security and defense, told Military Times Wednesday.

U.S. Warns Europe That Russia May Plan Ukraine Invasion (Bloomberg) Officials briefed EU, didn’t share information, people say. U.S. says it’s watching Russian military buildup near Ukraine.

Moscow won’t invade Ukraine — unless provoked: Russian envoy (Military Times) Russia has cast its weight behind a separatist insurgency in Ukraine’s east that erupted shortly after Moscow’s 2014 annexation of Ukraine’s Crimean Peninsula and has caused more than 14,000 deaths.

Belarus migrants: Poland PM blames Russia’s Putin for migrant crisis (BBC News) Thousands of migrants are at the Belarus-Poland border, camping in cold and dangerous conditions.

Blinken Warns Russia Over Troop Movements on Ukraine Border (Bloomberg) He says it resembles Russia’s ‘playbook’ before 2014 conflict. Ukraine’s Kuleba says Russia is already using gas as a weapon.

Belarus’s Lukashenko warns Europe: Sanction us again and we could cut gas supply (Washington Post) Belarusian President Alexander Lukashenko opened another potential front against Europe on Thursday, threatening to choke off gas supplies amid a deepening crisis that has brought migrants surging to E.U. borders and Western leaders planning to retaliate with more sanctions.

Iraqi migrants say they face beatings on both sides of the Belarusian border. (New York Times) Stories are emerging of the authorities in Belarus, Lithuania and Poland abusing asylum seekers from the Middle East and using them as political pawns.

Belarus Seeks to Export Instability (Foreign Policy) Minsk is creating a migration crisis on its borders to undermine its European Union neighbors.

Unlike Before, Poland Gets Support From Europe on Tough Borders (New York Times) Faced with the weaponization of migrants from Belarus, the European Union is defending Poland’s hard line even as it withholds funds over rule of law violations.

The EU Faces Legal Changes Ahead for Cybersecurity in Space (Via Satellite) Cybersecurity remains one of the central topics when it comes to the space sector, not the least because of the role that satellite networks play in society, from satellite communications to Earth Observation (EO), to navigation. Nevertheless, few national space legislations have expressly addressed the need to meet cybersecurity requirements.

China is boosting intel gathering capabilities aimed at Taiwan, says new report from Taipei (Defense News) Other measures include cyberattacks aimed at stealing data as well as “irregular patrols of reconnaissance aircrafts as well as UAVs,” according to Taiwan’s report.

China’s Tougher Regulation Is the New Normal, Tencent President Says (Wall Street Journal) Videogame publisher’s growth and profitability slow, hit by Beijing’s strict new rules.

US President Biden signs law to ban Huawei and ZTE from receiving FCC licences (ZDNet) The Secure Equipment Act of 2021 received bipartisan support prior to it being signed by Biden.

Biden signs legislation to tighten U.S. restrictions on Huawei, ZTE (Reuters) U.S. President Joe Biden on Thursday signed legislation to prevent companies like Huawei Technologies Co (HWT.UL) or ZTE Corp that are deemed security threats from receiving new equipment licenses from U.S. regulators.

Paris Call for trust and security in cyberspace (Pars Call International) The European Union and the United States are joining the Paris Call. Their decision will strengthen the Call and enable it to go further in the defence of stability in cyberspace. Welcome in the Paris Call community!

Harris calls for global action on cyber threats after US joins international effort (TheHill) Vice President Harris on Thursday called on global leaders to work together to counter cybersecurity threats and protect an open internet following a turbulent year of major cyberattacks. 

U.S. Gov Announces Support for ‘Paris Call’ Cybersecurity Effort (SecurityWeek) U.S. Vice President Kamala Harris on Wednesday announced support for the Paris Call for Trust and Security in Cyberspace.

U.S. joins global cybersecurity partnership ignored by Trump (Axios) Kamala Harris made the announcement in Paris, where she hailed a “new era” in relations with France.

US joins international cybersecurity partnership that Trump snubbed (CNN) The United States has joined an 80-country agreement that condemns reckless behavior in cyberspace and seeks to mobilize resources to secure the software supply chain that the Trump administration declined to sign, Vice President Kamala Harris announced Wednesday following a meeting with French President Emmanuel Macron.

FACT SHEET: Vice President Harris Announces Initiatives on Space and Cybersecurity | The White House (The White House) Following her meeting with President Emmanuel Macron of France, Vice President Kamala Harris is announcing a number of collaborative initiatives that the

Cyber agency beefing up disinformation, misinformation team (TheHill) The Cybersecurity and Infrastructure Security Agency (CISA) is beefing up its disinformation and misinformation team in the wake of a divisive presidential election that saw a proliferation of misleading information

Top US cyber official to enlist white-hat hackers as advisers (Roll Call) Good-guy computer hackers would advise government on software vulnerabilities and how to fix them to avoid cyberattacks

CISA Director to Appoint Hackers to Cybersecurity Advisory Committee (Nextgov.com) Security researchers have a crucial role to play in balancing an offense-heavy ecosystem, the director said.

Pentagon ‘zero trust’ cyber office coming in December (C4ISRNet) David McKeown, DoD’s chief information security officer, spoke at C4ISRNet’s CyberCon.

Pentagon to Launch ‘Zero Trust’ Cybersecurity Office in December Due to SolarWinds Attack – Report (Sputnik International) Zero trust assumes that there is no trust between networks, devices, or users, and therefore necessitates constant, real-time verification of data accessing users. It is a shift from perimeter-based security, in which an intruder can…

CYBERCOM has conducted ‘hunt-forward’ ops in 14 countries, deputy says (Breaking Defense) Lt. Gen. Moore didn’t provide details, but later said, “China is the number one priority for DoD. Therefore, it’s [CYBERCOM chief] Gen. Nakasone’s number one priority.”

The cyber battlefield against China and Russia is constantly shifting. Here’s how the NSA is trying to stay on top. (Defense News) “Even as we’re on this call right now, the cyberspace domain is changing,” a senior NSA official said. “New malware is being released, new vulnerabilities are being discovered”

CYBERCOM Deputy Likens Cyber Warfare to Mixed Martial Arts (Air Force Magazine) The second-in-charge at U.S. Cyber Command compared cyber defense to the gladiatorial combat known as mixed martial arts.

US Cyber Command publishes concept for integrating new capabilities (C4ISRNet) Cyber Command has created an integration office and a concept of operations to help better guide how new capabilities are integrated under the Joint Cyber Warfighting Architecture.

The cyber battlefield against China and Russia is constantly shifting. Here’s how the NSA is trying to stay on top. (Defense News) “Even as we’re on this call right now, the cyberspace domain is changing,” a senior NSA official said. “New malware is being released, new vulnerabilities are being discovered”

Making sense of the Pentagon’s cyber priorities (C4ISRNet) The Pentagon’s Mieke Eoyang describes the department’s top cyber policy priorities, including how to bolster the security of allies’ networks.

Cyber Marines could be empowered to act boldly under commandant’s future force vision (Defense News) Cyber Marines have already been integrated into Marine Corps training and operations, but the commandant’s plans for future operations could place a new importance on what these Marines bring to the fight.

Soldiers won’t always be able to rely on contractors for coders, says Army Software Factory director (C4ISRNet) The pilot program is already bearing fruit as participants develop soldier-centric software for the Army.

Ransomware takes center stage in U.S. official’s Middle East trip (Reuters) U.S. Deputy Treasury Secretary Wally Adeyemo will travel to the Middle East on Friday, a Treasury spokesperson told Reuters, where he will seek to build partnerships on ransomware and cybersecurity as hackers wreak havoc among some of America’s more vital industries.

VA releases new cybersecurity strategy in honor of Veterans Day | ZDNe (ZDNet) The Department of Veterans Affairs has dealt with multiple security incidents over the last two decades.

New bill sets ransomware attack response rules for US financial orgs (BleepingComputer) New legislation introduced this week by US lawmakers aims to set ransomware attack response “rules of road” for US financial institutions.

Congress demands TikTok share information about its ‘dangerous’ algorithm after oversight committee finds the platform is serving harmful content to underage users (Business Insider) In a letter, Congress writes that TikTok has failed to “adequately police” content including sex- and drug-related videos and COVID-19 misinformation.

Congressman leading call against NSO: This is not against Israel (The Jerusalem Post) Rep. Tom Malinowski (D-NJ) said the problem is “not about Israel or NSO per se. It is about what should be done to regulate out-of-control private hacking.”

They got hacked with NSO spyware. Now Israel wants Palestinian activists’ funding cut (NPR.org) A battle over Palestinian activist groups that Israel accuses of terrorism has taken a turn into the world of Israeli spyware. Israel hopes to convince European countries to stop funding the groups.

Former top officials warn democracy in ‘jeopardy’ without Congressional action on election security (TheHill) A bipartisan group of almost 100 former national security officials is urging Congress to take steps to secure elections ahead of next year, warning that without action, the nation’s democratic institutions are

A top Republican is warning against new cyber regulations (Washington Post) Is the government too hasty in regulating cyber?

Australia’s Ransomware Action Plan a major step forward for cybercrime prevention (Security Brief) The Australian Federal Government has put forward its Ransomware Action Plan – a new set of processes built on the 2020 cybersecurity strategy, which was a welcome addition in its own right. 

New Zealand security agency: satellite spying’s almost done (Register) Kiwis are done with dishes, and the Five Eyes alliance is cool with it

Brazil advances efforts to tackle electronic fraud (ZDNet) The Ministry of Justice will lead a special commission.

Argentina Enhances Response Against Cyberattacks (Diálogo) The Argentine Armed Forces strengthened their knowledge in denial of service, antivirus neutralization, and confidential data propagation, during the Cyber Dawg 2021 exercise that took place in the United States in late September.

CERT-PL employees rally around politically-dismissed chief (The Record by Recorded Future) The Polish government has fired the head of CERT-PL, the country’s official computer emergency response team, in what the organization’s employees have described as a dismissal based on the manager’s personal political views.

DHS requests public comment on AI, facial recognition (Security Magazine) The Department of Homeland Security (DHS) has requested feedback from industry leaders and interested parties on the subject of artificial intelligence, including facial recognition. The technologies have been used widely by the department, but DHS highlighted concerns around bias and privacy that follow AI and facial recognition implementations.

Litigation, Investigation, and Law Enforcement

Aleksandr Zhukov, self-described ‘king of fraud,’ is sentenced to 10 years – CyberScoop (CyberScoop) A Russian man who once described himself as the “king of fraud” for his role in orchestrating a multimillion dollar crime spree was sentenced Wednesday to 10 years in prison. Aleksandr Zhukov, 41, was convicted in May of defrauding U.S. advertising companies out of $7 million in part by using networks of hacked computers, or botnets, to artificially inflate web traffic.

BIS Fines US company for Illegal Exports to Huawei, HiSilicon (Export Compliance Daily) The Bureau of Industry and Security fined a Pennsylvania-based scientific equipment manufacturer $80,000 for illegally exporting goods to Huawei and HiSilicon Technologies in 2019, according to a Nov. 8 enforcement order. The company, SP Industries, exported more than $170,000 worth of goods to the Chinese technology companies just after they were added to the Entity List (see 1905160072).

Booking.com was breached by a hacker with links to US intelligence services (Computing) But the company did not disclose the incident to customers

WikiLeaks founder Julian Assange granted approval to wed lawyer in high-security London prison (Washington Post) WikiLeaks founder Julian Assange has been given permission to marry his partner inside the British top-security prison where he is being held as he fights an extradition request from the U.S. government.



Source link