Attacks, Threats, and Vulnerabilities
How Belarus’s ‘Cyber Partisans’ exposed secrets of Lukashenko’s crackdowns (Washington Post) A series of hacks on Belarus’s government by pro-democracy activists have uncovered details on apparent abuses by security forces, exposed police informants and collected personal data on top officials including the son of President Alexander Lukashenko.
Operation ‘Harvest’: A Deep Dive into a Long-term Campaign (McAfee Blogs) A special thanks to our Professional Services’ IR team, ShadowServer, for historical context on C2 domains, and Thomas Roccia/Leandro Velasco for malware
Apple Security Flaw: How do ‘Zero-Click’ Attacks Work? (SecurityWeek) Apple rushed to patch a major security flaw which allows spyware to be downloaded on an iPhone or iPad without the owner even a button. But how do such “zero-click” attacks work, and can they be stopped?
Amid vaccine mandates, fake vaccine certificates become a full blown industry (Check Point Software) Black market for fake vaccine certificates booms Check Point Research (CPR) continues to monitor the black market in which fake COVID-19 vaccine
Biden Mandate Sparks Price-Gouging for Fake Vax Cards (The Daily Beast) “It’s clear to us they’re using current events to galvanize the market,” researchers at cybersecurity firm Check Point found, said spokesperson Ekram Ahmed.
‘Incredible spike’ in fake vaccination card traffic raises concerns (WTSP) Aside from potentially spreading COVID and facing a fine, getting a fake vaccine card could lead to identity theft, a security expert says.
Attackers Impersonate U.S. Department of Transportation to Harvest Microsoft Credentials (INKY) Between Aug. 16-18, INKY detected 41 phishing emails attempting to impersonate the U.S. Department of Transportation (USDOT). The basic pitch was, with a trillion dollars of government money flowing through the system, you, dear target, are being invited to bid for some of this bounty.
Are “corrupt my file” sites safe? Here’s why to avoid corrupt-a-file services (The Mac Security Blog) File corruption sites claim they can make any file unreadable, so you can get extra time to submit a project. Ethics aside, is it safe to submit documents to such services?
Anonymous Claims to Have Stolen Huge Trove of Data From Epik, the Right-Wing’s Favorite Web Host (Gizmodo) The controversial domain registrar, which has been known to host Nazis and other unfortunate groups, apparently just had all of its data boosted.
Solana Has Been Down for Hours Due to ‘Resource Exhaustion’ (Decrypt) Solana validators may have to restart the recently-rising blockchain network after it was overwhelmed by transactions.
New Zealand DDoS wave targets banks, post offices, weather forecasters and more (Register) Nobody from government will say a word about who’s behind it
Lubbock County confirms private information accessible under new computer system, says situation not a data breach (KLBK | KAMC | EverythingLubbock.com) Lubbock County released a statement Tuesday about previously private court information being made available to the public via a new records system. An earlier release by the …
Cyber incident targets Texas facility (Workboat) The Coast Guard recently received a report from a Maritime Transportation Security Act (MTSA) regulated facility in Texas regarding an attack on an internet public facing server.
Fortunately, the faci
Security Patches, Mitigations, and Software Updates
Patch Tuesday: Microsoft Plugs Exploited MSHTML Zero-Day Hole (SecurityWeek) Microsoft ships a patch for the CVE-2021-40444 vulnerability that has already been actively exploited via booby-trapped Microsoft Office documents.
Microsoft patches Office zero-day in today’s Patch Tuesday (The Record by Recorded Future) Microsoft has released patches today for a zero-day vulnerability in one of the Windows components that was abused in the wild for attacks using weaponized Office documents.
Patch Tuesday: Microsoft patches a zero-day bug under active attack (Computing) In total, 66 security flaws have been addressed in this month’s security update
Digi PortServer TS 16 (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.6
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Digi International, Inc.
Equipment: PortServer TS 16
Vulnerability: Improper Authentication
2. RISK EVALUATION
Successful exploitation of this vulnerability allows write access, which grants control of settings, command execution, and access to the command line interface.
Schneider Electric Struxureware Data Center Expert (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.1
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Schneider Electric
Equipment: Struxureware Data Center Expert
Vulnerabilities: OS Command Injection, Path Traversal
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow remote code execution.
Siemens Simcenter Femap (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 3.3
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: Simcenter Femap
Vulnerability: Out-of-bounds Read
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to leak information in the context of the current process.
Siemens Simcenter STAR-CCM+ Viewer (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: Simcenter STAR-CCM+ Viewer
Vulnerability: Out-of-bounds Write
2. RISK EVALUATION
Successful exploitation of this vulnerability could lead to a crash and allow an attacker to execute code in the context of the current process.
Siemens SIMATIC CP (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SIMATIC CP 1543-1 (incl. SIPLUS variants) and SIMATIC CP 1545-1
Vulnerability: Cleartext Storage of Sensitive Information
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to read sensitive information.
Siemens APOGEE and TALON (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: APOGEE and TALON
Vulnerability: Classic Buffer Overflow
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the device with root privileges.
Siemens Teamcenter Active Workspace (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 4.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: Teamcenter Active Workspace
Vulnerability: Path Traversal
2. RISK EVALUATION
Successful exploitation of this vulnerability could lead to access control violations.
Siemens NX (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: NX
Vulnerabilities: Use After Free, Out-of-bounds Read
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could lead to an access violation and to arbitrary code execution on the target host system.
Siemens SIPROTEC 5 relays (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SIPROTEC 5 relays
Vulnerabilities: Classic Buffer Overflow
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition or trigger a remote code execution.
Siemens SIMATIC RFID (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SIMATIC RFID terminals
Vulnerability: Out-of-bounds Write
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to remotely execute code.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of SIMATIC RFID are affected:
Siemens SINEMA Server (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 4.7
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SINEMA Server
Vulnerability: Missing Authentication for Critical Function
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to obtain encoded system configuration backup files.
Siemens LOGO! CMR and SIMATIC RTU 3000 (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 5.4
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: LOGO! CMR, SIMATIC RTU 3000
Vulnerability: Use of Insufficiently Random Values
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker with network access to the LAN interface of an affected device to hijack an ongoing connection or spoof a new one.
Siemens SINEC NMS (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SINEC NMS
Vulnerabilities: Path Traversal, Cross-site Request Forgery
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to manipulate the SINEC NMS configuration by tricking an admin to click on a malicious link.
Siemens SIMATIC NET CP Modules (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SIMATIC CP 343-1 (incl. SIPLUS variants), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants), SIMATIC CP 343-1 ERPC, SIMATIC CP 343-1 Lean (incl. SIPLUS variants), SIMATIC CP 443-1 (incl. SIPLUS variants), SIMATIC CP 443-1 Advanced (incl.
Siemens SIPROTEC 5 (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SIPROTEC 5
Vulnerability: Improper Input Validation
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow unauthorized users to cause a denial-of-service condition by sending maliciously crafted web requests.
Siemens Desigo CC Family (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 10.0
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: Desigo CC Family
Vulnerability: Deserialization of Untrusted Data
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to perform remote code execution.
Siemens Siveillance OIS (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 10.0
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: Siveillance OIS
Vulnerability: OS Command Injection
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to execute code on the affected system with root privileges.
Siemens SINEMA Remote Connect Server (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.4
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SINEMA Remote Connect Server
Vulnerabilities: Modification of Assumed-Immutable Data, Improper Access Control, Exposure of Sensitive Information to an Unauthorized Actor, Improper Control of Interaction Frequency.
2.
Siemens LOGO! CMR and SIMATIC RTU 3000 (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: LOGO! CMR2020, LOGO! CMR2040 and SIMATIC RTU 3000 family
Vulnerabilities: Incorrect Calculation of Buffer Size, Improper Certificate Validation
2.
Siemens Industrial Edge (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: Industrial Edge Management
Vulnerability: Authorization Bypass Through User-controlled Key
2.
Siemens Teamcenter Active Workspace (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 4.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: Teamcenter Active Workspace
Vulnerability: Path Traversal
2. RISK EVALUATION
Successful exploitation of this vulnerability could lead to access control violations.
Siemens SIMATIC and TIM (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 5.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SIMATIC, TIM
Vulnerability: Incorrect Authorization
2. RISK EVALUATION
Successful exploitation of this vulnerability allows an unauthenticated attacker to read PLC variables from affected devices without proper authentication under certain circumstances.
Siemens JT2Go and Teamcenter Visualization (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: JT2Go & Teamcenter Visualization
Vulnerabilities: Improper Check for Unusual or Exceptional Conditions, Out-of-bounds Write, Out-of-bounds Read
2.
Siemens SIMATIC S7-1200 (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.1
ATTENTION: Exploitable remotely
Vendor: Siemens
Equipment: SIMATIC S7-1200 Devices
Vulnerability: Improper Authentication
2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-21-222-09 Siemens SIMATIC S7-1200 that was published August 10, 2021, to the ICS webpage on us-cert.cisa.gov.
HCC Embedded InterNiche TCP/IP stack, NicheLite (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: HCC Embedded
Equipment: InterNiche stack (NicheStack), NicheLite
Vulnerabilities: Return of Pointer Value Outside of Expected Range, Improper Handling of Length Parameter Inconsistency, Use of Insufficiently Random Values, Improper Input Validation, Uncaught Exception, Numeric Range Comparison Without Minimum Check, Generation of Predictable Numbers or Identifiers, Improper Check or Handling of Exceptional Conditions, Improper Null Termination
Siemens PROFINET Devices (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: PROFINET Devices
Vulnerability: Allocation of Resources Without Limits or Throttling
2.
Siemens SIMATIC Software Products (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.3
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: SIMATIC Software Products
Vulnerability: Incorrect Permission Assignment for Critical Resource
2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-21-194-06 Siemens SIMATIC Software Products that was published July 13, 2021, to the ICS webpage on us-cert.cisa.gov.
Siemens SINAMICS PERFECT HARMONY GH180 (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.1
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SINAMICS PERFECT HARMONY GH180
Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer
2.
Siemens SINUMERIK ONE and SINUMERIK MC (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.1
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SINUMERIK ONE and SINUMERIK MC
Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer
2.
Siemens SIMATIC S7-1200 and S7-1500 CPU Families (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.1
ATTENTION: Exploitable remotely
Vendor: Siemens
Equipment: SIMATIC S7-1200 and S7-1500 CPU Families
Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer
2.
Siemens Linux-based Products (Update D) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.4
ATTENTION: Exploitable remotely
Vendor: Siemens
Equipment: Linux based products
Vulnerability: Use of Insufficiently Random Values
2. UPDATE INFORMATION
This updated advisory is a follow-up to the advisory update titled ICSA-21-131-03 Siemens Linux-based Products (Update C) that was published August 10, 2021, to the ICS webpage on us-cert.cisa.gov.
Siemens SIMATIC SmartVNC HMI WinCC Products (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely
Vendor: Siemens
Equipment: SIMATIC HMIs/WinCC Products
Vulnerabilities: Access of Memory Location After End of Buffer, Improper Handling of Exceptional Conditions, Improper Restriction of Operations within the Bounds of a Memory Buffer, Uncontrolled Resource Consumption
2.
Siemens Web Server of SCALANCE X200 (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: Web Server of SCALANCE X200
Vulnerabilities: Heap-based Buffer Overflow, Stack-based Buffer Overflow
2.
Siemens SCALANCE and SIMATIC libcurl (Update B) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SCALANCE and SIMATIC
Vulnerability: Out-of-bounds Read
2. UPDATE INFORMATION
This updated advisory is a follow-up to the advisory update titled ICSA-21-068-10 Siemens SCALANCE and SIMATIC libcurl (Update A) that was published March 9, 2021, to the ICS webpage on us-cert.cisa.gov.
Siemens TIA Administrator (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: TIA Portal and PCS neo
Vulnerability: Improper Access Control
2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-21-040-05 Siemens TIA Administrator that was published February 9, 2021, to the ICS webpage on us-cert.cisa.gov.
Siemens SCALANCE X Switches (Update B) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.1
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SCALANCE X200, X200IRT, X300
Vulnerabilities: Use of Hard-coded Cryptographic Key
2.
Siemens SCALANCE X Products (Update B) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SCALANCE X Products
Vulnerabilities: Missing Authentication for Critical Function, Heap-based Buffer Overflow
2.
Mitsubishi Electric MELSEC iQ-R Series (Update B) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Mitsubishi Electric
Equipment: MELSEC iQ-R series
Vulnerability: Uncontrolled Resource Consumption
2.
Siemens SCALANCE & SIMATIC (Update E) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SCALANCE, SIMATIC
Vulnerability: Resource Exhaustion
2. UPDATE INFORMATION
This updated advisory is a follow-up to the advisory update titled ICSA-20-105-07 Siemens SCALANCE & SIMATIC (Update C) that was published September 8, 2020, to the ICS webpage on us-cert.cisa.gov.
Siemens PROFINET-IO Stack (Update E) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: Siemens PROFINET-IO Stack
Vulnerability: Uncontrolled Resource Consumption
2. UPDATE INFORMATION
This updated advisory is a follow-up to the advisory update titled ICSA-20-042-04 Siemens PROFINET-IO Stack (Update D) that was published March 9, 2021, to the ICS webpage on us-cert.gov.
Siemens Industrial Products (Update O) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: Industrial Products
Vulnerabilities: Excessive Data Query Operations in a Large Data Table, Integer Overflow or Wraparound, Uncontrolled Resource Consumption
2.
Siemens SCALANCE X Switches (Update C) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.6
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SCALANCE X switches
Vulnerability: Insufficient Resource Pool
2. UPDATE INFORMATION
This updated advisory is a follow-up to the advisory update titled ICSA-19-225-03 Siemens SCALANCE X Switches (Update B) that was published February 9, 2021, to the ICS webpage on us-cert.cisa.gov.
Apple products vulnerable to FORCEDENTRY zero-day attack – patch now! (Naked Security) Double trouble: two zero-days, patched in the same emergency update. So please don’t delay – patch today!
Trends
X-Force Report: No Shortage of Resources Aimed at Hacking Cloud Environments (Security Intelligence) From human error to a burgeoning dark web marketplace, see how cybercriminals are evolving their attacks on cloud environments. Get the latest from the 2021 X-Force Cloud Threat Landscape Report.
The state of network security in 2021 (Barracuda Networks) Network breaches, ransomware attacks, and remote-work challenges highlight need for cloud-native Secure Access Service Edge (SASE) deployments
Open Source Continues to Fuel Digital Transformation, Sonatype’s 2021 Software Supply Chain Report Reveals Important Trends (Yahoo) Developer Demand for Open Source Increased 73% Year over Year; 29% of Popular Project Releases Are Vulnerable, Highlighting the Critical Need for Automated Dependency ManagementFULTON, Md., Sept. 15, 2021 (GLOBE NEWSWIRE) — Sonatype, the leader in developer-friendly tools for software supply chain automation and security, today released its seventh annual State of the Software Supply Chain Report that reveals continued strong growth in open source supply and demand dynamics. Further, with regar
Sonatype’s 2021 State of the Software Supply Chain (Sonatype) Now in its seventh year, Sonatype’s 2021 State of the Software Supply Chain Report blends a broad set of public and proprietary data to reveal important findings about open source and its increasingly important role in digital innovation.
Open Source Continues to Fuel Digital Transformation, Sonatype’s 2021 Software Supply Chain Report Reveals Important Trends (Yahoo) Developer Demand for Open Source Increased 73% Year over Year; 29% of Popular Project Releases Are Vulnerable, Highlighting the Critical Need for Automated Dependency ManagementFULTON, Md., Sept. 15, 2021 (GLOBE NEWSWIRE) — Sonatype, the leader in developer-friendly tools for software supply chain automation and security, today released its seventh annual State of the Software Supply Chain Report that reveals continued strong growth in open source supply and demand dynamics. Further, with regar
Security Experts Witnessed a 55,239% Increase in Ransomware Activity in Q2 – Nuspire (Nuspire) Nuspire, a leading managed security services provider (MSSP), today announced the release of its 2021 Q2 Quarterly Threat Landscape Report. Sourced from 90 billion traffic logs, the report outlines new cybercriminal activity and tactics, techniques and procedures (TTPs) with additional insight from its threat intelligence partner, Recorded Future. In…
Operational technology vulnerabilities increased by 46%, Skybox Security research reveals (Skybox Security) New threat intelligence research finds critical infrastructure at heightened risk.
Survey Reveals Four Out of Five Organizations Plan to Begin Zero Trust Security Solution Rollout within One Year (Zero Trust Edge) Of the almost 1300 security and risk professionals who participated in the July 2021 Zero Trust Market Dynamics Survey, 83% indicated that they consider Zero Trust to be an essential strategy for their organizations, according to Dr. Chase Cunningham.
New ReliaQuest Study: Organizations are Prioritizing Cybersecurity Initiatives but are Dragged Down by Lack of Fundamentals (BusinessWire) Open XDR-as-a-Service leader ReliaQuest, in partnership with Ponemon Research, announced publication of a survey report detailing the needs and priori
The Changing Face of Cyber Claims 2021 (Marsh) The Changing face of Cyber Claims 2021 is a report based on an analysis of cyber insurance claims managed by Marsh in Continental Europe from 2016-2020.
HPE survey finds 76% of doctors and nurses believe telehealth will dominate patient care in near future (HPE) ITDMs turn to agile, secure, and cost-effective technologies to serve their entire edge-to-cloud environments
Marketplace
Private AI Secures $3.15 Million Seed Round to Streamline Privacy Compliance for Enterprises (PR Newswire) Private AI, a developer of privacy-preserving machine learning and natural language processing tools, is pleased to announce that it has…
Exclusive Networks ‘could be valued at €2.1bn’ in planned IPO (CRN) Trading is expected to start on Euronext Paris later this month
Satori Secures $20M in Series A to Accelerate Adoption of Cloud Data Platforms with DataSecOps (StreetInsider.com) B Capital Group and Evolution Equity Partners co-led investment round, alongside seed investor YL Ventures
Exabeam Opens Office in ‘Silicon Valley of Maharashtra’ Pune, India to Support Cloud Offering Demand (BusinessWire) Exabeam opens office in India.
Zero Trust Networking Leader Perimeter 81 Wins Prestigious SINET 16 Innovator Award (BusinessWire) Zero Trust Networking Leader Perimeter 81 Wins SINET 16 Innovator Award
Baltimore cyber exec is finding balance, excitement in growing another tech business (Baltimore Business Journal) Tina Williams-Koroma is still figuring out how to best balance her time and responsibilities between leading a cybersecurity consulting firm full time, and taking care of two new babies — one, a three-and-a-half-month-old human, and the other, a fledgling cyber startup.
LogMeIn Names Patrick McCue as Global Vice President of Channel Sales (GlobeNewswire News Room) LogMeIn, Inc., a leading provider of cloud-based SaaS solutions such as GoToConnect, GoToMeeting, LastPass and…
Snort Inventor and Sourcefire Founder Martin Roesch Joins Netography as CEO (BusinessWire) Network Detection and Response (NDR), company Netography today announced that industry luminary Martin Roesch has joined the company as CEO. With the
Experienced Identity Management Leader Zubaid Kazmi Joins MorganFranklin Consulting (BusinessWire) MorganFranklin Consulting, a leading finance, technology, and cybersecurity advisory and management firm that specializes in solving complex transform
SPHERE Appoints Global Cybersecurity Leader and CISO Chris Olsen to Board of Directors (PR Newswire) SPHERE, a woman-owned cybersecurity business focused on providing best-of-breed software and services for access governance across data,…
Microsoft makes top lawyer Brad Smith its vice chair (CNBC) Chief Microsoft lawyer Brad Smith is a major company stockholder, having joined the software maker in 1993 and become its president in 2015.
SPHERE Appoints Global Cybersecurity Leader and CISO Chris Olsen to Board of Directors (PR Newswire) SPHERE, a woman-owned cybersecurity business focused on providing best-of-breed software and services for access governance across data,…
Armis Appoints Desiree Lee as New CTO for Data (Armis) Armis reinforces the strategic focus on data, asset, and device visibility across all environments with the appointment of Desiree Lee as new Chief Technology Officer (CTO) for Data.
Products, Services, and Solutions
SANS Institute Launches “New2Cyber” Curriculum to Help Professionals Kickstart Careers in Cybersecurity (SANS Institute) New2Cyber provides professionals new to cybersecurity field with foundational knowledge and skills to pursue entry-level cybersecurity roles
Code42 Partners with Carahsoft to Bring Insider Risk Detection and Response Solution to the Public Sector (GlobeNewswire News Room) Powerful Code42 Solution Now Available through Carahsoft Federal, State and Local Government Contract Vehicles
LAFC partners with global cyber protection leader Acronis and welcomes TeamLogic IT as #CyberFit delivery partner (Acronis) For information about Acronis and Acronis’ products or to schedule an interview, please send an email or get through to Acronis’ representative, using media contacts.
Embroker Launches New Standalone, Digital-First Cyber and Crime Business Insurance Products (BusinessWire) Embroker today announced the availability of two new standalone digital insurance products: Cyber Insurance and Commercial Crime Insurance.
Digital Shadows launches SocialMonitor (Digital Shadows) Digital Shadows announces a new feature, SocialMonitor, within its SearchLight™ solution enabling organizations to rapidly identify fake social media accounts.
Barracuda expands incident response capabilities with automated workflows and public APIs (Barracuda Networks) Using Barracuda Total Email Protection, customers can proactively identify threats and take quick and effective action to remediate them
Barracuda introduces data classification capabilities to help customers find sensitive data and malware (Barracuda Networks) New Barracuda Data Inspector automatically scans OneDrive and SharePoint to identify sensitive information and malicious files
Barracuda launches cloud-native security capabilities to accelerate Secure Access Service Edge (SASE) deployments (Barracuda Networks) Cloud-native SASE platform enables modern security architectures by allowing security inspection and policy enforcement in the cloud, at the branch, or on the device.
Quantum Symphony Deploys Aparavi Platform to Deliver Data Intelligent Cyberattack Prevention Services for SMBs (PR Newswire) APARAVI® Software Corporation, the trusted disruptor in unstructured data management, today announced the company’s partnership with Quantum…
Beyond Identity Closes Software Supply Chain Vulnerability (Financial IT) Introduces Secure and Automated Way to Ensure All Source Code Entering GitHub, GitLab, and Bitbucket Repositories is Signed by a Developer With a Validated Corporate Identity Passwordless MFA provider Beyond Identity today announced a groundbreaking solution that closes a critical vulnerability and secures the software supply chain against insider threats and malicious attacks.
Apiiro and NetSPI Partner to Provide Contextual, Risk-Based Penetration Testing – Apiiro | Industry-first Code Risk Platform™ (Apiiro) Apiiro, the industry’s first Code Risk PlatformTM, and NetSPI, the leader in penetration testing and attack surface management, today announced a strategic partnership to combine Apiiro’s comprehensive Application Risk Management capabilities with NetSPI’s Penetration Testing as a Service (PTaaS).
Transition to the cloud in a pandemic year: Danfoss implements new IGA solution with Nixu’s help (News Powered by Cision) The Danish manufacturing and engineering company Danfoss transitioned to a modern Identity Governance and Administration (IGA) solution to manage its over 40,000 digital identities. The project received industry recognition, winning the award of Identity Fabrics & Enterprise IAM Project of the Year in KuppingerCole’s European Identity and Cloud Conference in September 2021.
TrueFort Announces Fast Zero Trust Workload Segmentation for CrowdStrike Customers (BusinessWire) Integration enables quick implementation of microsegmentation and least-privilege security policies on apps and workloads via CrowdStrike agents.
Industrial Defender Partners with Diverse Solutions Engineering to Bridge the Gap Between Cybersecurity and Safety for Oil, Gas and Petrochemical Organizations – Industrial Defender (Industrial Defender) This partnership between Industrial Defender and Diverse Solutions Engineering incorporates OT cybersecurity into process hazard analyses to prevent cyberattacks.
Mission Secure Partners with XONA to Provide Zero-Trust OT Cybersecurity Solutions for Industries Reliant on Remote Operations Capacity (PR Newswire) Mission Secure, the leading industrial control (ICS) cybersecurity technology company, today announced a strategic partnership with XONA, the…
LOGIX Launches SD-WAN, a SASE Solution from Versa Networks, to Offer a Secure Networking Solution to Customers (The Argus-Press) LOGIX Fiber Networks (“LOGIX”), a Texas-based telecom provider of highly secure fiber-based data, voice and data center services, today announced a new collaboration with Versa Networks to offer its leading software-defined wide area network (SD-WAN) Secure Access Service Edge (SASE) solution to its customers.
Technologies, Techniques, and Standards
Healthcare vs. HIVE Ransomware: How to Protect Yourself (Deep Instinct) The healthcare industry is not immune from ransomware even though many ransomware gangs have discouraged the use of their variants […]
Fuzzing Closed-Source JavaScript Engines with Coverage Feedback (Google Project Zero) Posted by Ivan Fratric, Project Zero tl;dr I combined Fuzzilli (an open-source JavaScript engine fuzzer), with TinyInst (an open-sou…
What Is Cyber Insurance and Do I Need It? (MUO) As more people look to improve their online security, one area often looked at is cyber insurance. But what is it, and is it worth buying?
Busting Myths: What Works And What Doesn’t In Preventing Employee-Driven Incidents (CTO Vision) It’s no secret that the majority of today’s incidents including ransomware, account compromise, and data loss, can be attributed to human fallibility. New findings on current efforts to deal with employee risk in the workforce reveal that traditional efforts simply don’t work. Cyentia Institute Partner, Wade Baker, and Elevate Security CEO, Robert Fly reveal surprising research findings to tough questions…
The Intersection of AppSec and Compliance (ZeroNorth) New research published today by ZeroNorth, “Application Security, Executive Orders & Compliance,” looks at the impact of government and industry directives on software security programs.
Research Report: Application Security, Executive Orders and Compliance (ZeroNorth) In May 2021, the White House issued an Executive Order (EO) focusing on improving the United States’ cybersecurity posture. Among other things, the EO calls for …
Design and Innovation
Q&A with WhatsApp’s Will Cathcart (Platformer) After a contentious year, candid talk on encryption, privacy, and ProPublica
Research and Development
US Air Force Selects Kinnami and West Virginia University for Next Generation Information Technology STTR (PR Newswire) Kinnami Software Corporation today announced it won a U.S. Air Force Small Business Technology Transfer (STTR) contract in partnership with…
Academia
Cambridge University Business School Has Links to China's Huawei: Report (Radio Free Asia) Chinese commentators say European countries underestimate the threat of Chinese government infiltration in universities.
Legislation, Policy, and Regulation
‘No indication’ Russia has cracked down on ransomware gangs, top FBI official says (The Record by Recorded Future) The FBI’s No. 2 on Tuesday said the agency has seen no evidence that the Russian government has moved against ransomware gangs operating on its soil.
Still no signs of Russian cooperation on ransomware (Washington Post) It’s been nearly three months since President Biden demanded Russian leader Vladimir Putin take action against ransomware gangs operating in Russian territory.
Why Putin Is Obsessed With ‘Foreign Agents’ (Foreign Policy) The Kremlin’s latest crackdown could ultimately backfire.
Departing U.K. Privacy Regulator Wants Global Consensus on Data Disputes (Wall Street Journal) Regional data-sharing rules are outdated and ineffective for international data flows, Elizabeth Denham says.
Emerging Privacy Regimes and the Need for US Leadership in the Digital Economy (Centre for Information Policy Leadership) The European Union’s Global Data Protection Regulation (GDPR) took effect on May 25, 2018, and since that day, the law has had a tremendous impact on the world of privacy. Indeed, it is not a stretch to call GDPR the most impactful global privacy development since Justice Brandeis’ treatise on “The Right to Privacy”, published 128 years earlier, at the end of the 19th century.
General Promises US ‘Surge’ Against Foreign Cyberattacks (SecurityWeek) NSA Director Gen. Paul Nakasone says he’s mounting a new “surge” to fight incursions that have at times debilitated government agencies and companies responsible for critical infrastructure
General promises US ‘surge’ against foreign cyberattacks (KTAR) The general who leads U.S. efforts to thwart foreign-based cyberattacks, and punish those responsible, says he’s mounting a “surge” to
U.S. Cyber Chief Says ‘Cyber Bullets’ Are Part of War on Hacks (Bloomberg) The U.S. government should be prepared to fire “cyber bullets” in response to significant hacking attacks as part of a comprehensive strategy to dissuade adversaries, National Cyber Director Chris Inglis said.
The United States of Sanctions (Foreign Affairs) The use and abuse of economic coercion
Why We Must Monitor the Sale of Surveillance Tech (The American Prospect) Learning about the Pentagon’s drone program through FOIA requests and public filings
Al-Qaida Fears in Afghanistan, But China Takes Spotlight for IC Leaders (Breaking Defense) One senior official said he wants his agency to have the urgency about China the way the US had urgency about counterterrorism after 9/11.
Democratic senator says Afghanistan failure is ‘tainting America’s reputation around the world’ (Business Insider) “My feeling is there has to be accountability,” Blumenthal said of the Biden administration’s handling of the Afghanistan evacuations.
Al Qaeda could rebuild in Afghanistan in a year or two, U.S. officials say. (New York Times) The new timeline is not a radical shift from previous assessments, but reflects the reality that the Taliban have a limited ability to control the borders of Afghanistan.
Republican House Leader: Closer Partnerships are Key to Cyber Fight (MeriTalk) Closer working partnerships between Federal cybersecurity authorities and the private sector hold the key to improving the U.S.’s ability to fend off and recover from the increasing wave of cyberattacks against U.S. targets including those from nation-states like Russia and China.
Getting Talent is a Top Priority for Intelligence Community Leaders (ClearanceJobs) The second day of the 2021 Intelligence and National Security Summit cohosted by AFCEA International and INSA continued to lay out the themes, priorities, and drivers in the Intelligence Community (IC).
Lt. Col. Rene Innos inaugurated as chief of Estonia’s Cyber Command (ERR) Lt. Col. Rene Innos become the head of Estonia’s Cyber Command on Tuesday taking over from Col. Andres Hairk.
The U.S. Should Get Serious About Submarine Cable Security (Defense One) Three trends are accelerating risks to underwater cables’ security and resilience.
GOP lawmaker threatens to delay Biden national security nominees over Afghanistan (Defense News) The threat from Sen. Josh Hawley, R-Mo., comes amid bipartisan congressional criticism of the Biden administration’s Afghanistan withdrawal strategy.
Litigation, Investigation, and Law Enforcement
American hacker mercenaries face U.S. charges for work in UAE (Reuters) Three former U.S. intelligence operatives, who went to work as mercenary hackers for the United Arab Emirates, face federal charges of conspiring to violate hacking laws, according to Justice Department court documents filed on Tuesday.
US fines former NSA employees who provided hacker-for-hire services to UAE (The Record by Recorded Future) The US Department of Justice has fined three former NSA employees who worked as hackers-for-hire for a United Arab Emirates cybersecurity company.
Ex-U.S. Intelligence Officers Admit to Hacking Crimes in Work for Emiratis (New York Times) They were among a trend of Americans working for foreign governments trying to build their cyberoperation abilities.
Three former U.S. intelligence operatives admit to working as ‘hackers-for-hire’ for UAE (Washington Post) Three former U.S. intelligence operatives have admitted to working illegally as mercenary hackers for the United Arab Emirates in operations that included developing sophisticated spyware capable of tapping into mobile devices without any action by their users, the Justice Department announced Tuesday.
Former U.S. operatives agree to $1.68M settlement over mercenary hacking charges (TheHill) Three former U.S.
3 Former U.S. Intelligence Operatives Admit Hacking For United Arab Emirates (NPR) The defendants have agreed to pay nearly $1.7 million to resolve criminal charges that they provided sophisticated hacking technology to the United Arab Emirates.
Three Former U.S. Intelligence Community and Military Personnel Agree to Pay More Than $1.68 Million to Resolve Criminal Charges Arising from Their Provision of Hacking-Related Services to a Foreign Government (US Department of Justice) On Sept. 7, U.S. citizens, Marc Baier, 49, and Ryan Adams, 34, and a former U.S. citizen, Daniel Gericke, 40, all former employees of the U.S. Intelligence Community (USIC) or the U.S. military, entered into a deferred prosecution agreement (DPA) that restricts their future activities and employment and requires the payment of $1,685,000 in penalties to resolve a Department of Justice investigation regarding violations of U.S. export control, computer fraud and access device fraud laws.
United States of America v. Marc Baier, Ryan Adams, and Daniel Gericke, Defendants (United States District Court for the District of Columbia) The United States charges that COUNT ONE CONSPIRACY TO VIOLATE THE AECA AND THE ITAR (18 U.S.C. § 371) At all times material to this Information: 1. Beginning in or around December 2015 and continuing through in or around November 2019, in the District of Columbia and elsewhere, defendants MARC BAIER, RYAN ADAMS, and DANIEL GERICKE, together with others known and unknown to the United States,
ExpressVPN statement on Daniel Gericke (ExpressVPN) An official statement on the DPA relating to Daniel Gericke
RBNZ issued compliance notice over cyber attack in 2020 (Nasdaq) The privacy commissioner on Wednesday issued a compliance notice to the Reserve Bank of New Zealand with regards to the cyber attack in December 2020 that breached the bank’s data systems.
Privacy Commissioner issues compliance notice to Reserve Bank following 2020 cyber attack (Security Brief) It is necessary to publicly acknowledge the steps being taken by the Bank, to provide assurance to the public that these issues are being addressed, says Commissioner.
Massachusetts attorney general announces investigation into T-Mobile data breach (TheHill) Massachusetts Attorney General Maura Healey (D) on Tuesday announced that her office is undertaking an investigation into the recent data breach of T-Mobile that impacted more than 50 million individuals.