Bug bounty in alt-coin theft. Non-state threat actors. DeepBlueMagic. PrintNightmare exploitation. Taliban takes Afghanistan.

Attacks, Threats, and Vulnerabilities

Crypto platform Poly Network rewards hacker with $500,000 ‘bug bounty’ (Reuters) Poly Network, the cryptocurrency platform which lost $610 million in a hack earlier this week, confirmed on Friday it had offered the hacker or hackers a $500,000 “bug bounty”.

Hacker Returns Stolen Cryptocurrency in Heist Reversal (Wall Street Journal) The hacker who plundered more than $600 million of crypto assets from a decentralized finance platform known as Poly Network has now returned almost all of the money.

Russian cyberspies targeted the Slovak government for months (The Record by Recorded Future) A Russian cyber-espionage group linked to one of Russia’s intelligence forces has targeted the Slovak government for months, Slovak security firms ESET and IstroSec said this week.

We cannot confirm info on cyber attack – Lithuanian FM (Baltic Times) VILNIUS – Lithuania’s Ministry of Foreign Affairs says it cannot confirm publicly circulating information about a cyber attack, theref…

Mysterious Hacker Group Suspected in July Cyberattack on Iranian Trains (New York Times) An investigation by a cybersecurity company has concluded that a little-known group opposed to the Iranian government was most likely behind the hack that caused chaos on the railway system.

Indra Group Attack on Iran Highlights the Threats to Global Critical Infrastructure (Check Point Software) Check Point Research (CPR) warns governments everywhere of the importance of protecting critical infrastructure, as it learns that the July 9 cyber attack

Multiple ransomware gangs pounce on ‘PrintNightmare’ vulnerability (CyberScoop) The so-called PrintNightmare vulnerability in Microsoft software is turning into a dream for ransomware gangs. For the second time this week, security researchers have warned that extortionists exploited the critical flaw in an attempt to lock files and shake down victims.

Night Terrors: Ransomware Campaigns Are Exploiting PrintNightmare (PCMAG) Security researchers discover several ransomware campaigns exploiting the Windows PrintNightmare vulnerability.

Experts Shed Light On New Russian Malware-as-a-Service Written in Rust (The Hacker News) Researchers Warn of New Russian Malware-as-a-service Written in Rust Programming

The fiendish new trick cyber-criminals are using to evade capture (BBC News) Bitcoin researchers discover a new darknet tool criminals are using to help launder their digital money.

Accenture Responds Following LockBit Ransomware Attack (Security Boulevard) Global IT consultancy company Accenture announced that it has fully restored its systems after experiencing a LockBit ransomware attack. On August 11, Accenture shared details about an incident involving some of their IT assets.

Hackers stole client info, work materials in Accenture ransomware attack (CyberScoop) Ransomware hackers began leaking Accenture data after the consulting giant suffered a security incident where the perpetrators made off with client-related documents and work materials. The gang, known as LockBit 2.0, has threatened to leak further after providing purported proof of the breach.

Accenture LockBit Attack Reconfirms Ransomware is Running Rampant (CXOToday.com) Global IT consultancy giant Accenture that employs around 569,000 people across 50 countries has been hit by the LockBit ransomware.

Hacker claims to steal data of 100 million T-mobile customers (BleepingComputer) T-Mobile is actively investigating a data breach after a threat actor claims to have hacked T-Mobile’s servers and stolen databases containing the personal data of approximately 100 million customers.

T-Mobile Investigating Claims of Massive Customer Data Breach (Vice) Hackers selling the data are claiming it affects 100 million users.

Hacker selling ‘full data from 100M T-Mobile customers’ – carrier investigating (9to5Mac) A hacker is selling what they claim is personal data from 100 million T-Mobile customers in the US, claiming to have full records for each…

Firewalls and middleboxes can be weaponized for gigantic DDoS attacks (The Record by Recorded Future) In an award-winning paper today, academics said they discovered a way to abuse the TCP protocol, firewalls, and other network middleboxes to launch giant distributed denial of service (DDoS) attacks against any target on the internet.

Excel is still a security headache after 30 years because of this one feature (TechRepublic) Threat researcher explains why it’s tricky to tell the difference between legitimate Excel Macros and ones that deliver malware.

Hacker Says He Found a ‘Tractorload of Vulnerabilities’ at John Deere (Vice) A group of security researchers released their findings after spending months researching weaknesses in the operating systems of two major agriculture companies.

Cyber-attack or shipping lingo lost in translation? (TradeWinds) A misunderstanding on the common use of nautical terms led to one of shipping’s biggest red-herring alerts

Matt Tait Warns of Stolen Zero Days at Black Hat USA 2021 (For All Secure) Matt Tait opened Day 1 of Black Hat USA 2021 with a remote keynote presentation on supply chain compromises entitled “Supply Chain Infections and the Future of Contactless Deliveries.”

New DeepBlueMagic Ransomware Strain Found by Heimdal™ (Heimdal Security Blog) Our team of malware analysts has discovered a new strain of ransomware, DeepBlueMagic, with an innovative method of encrypting server partitions.

Microsoft warning: This unusual malware attack has just added some new tricks (ZDNet) Microsoft ramps up warnings about an apparent low-tech attacker that’s adopting more sophisticated techniques.

New Attack Sends Phishing Via DocuSign (Avanan) Attackers have begun to send phishing links directly through DocuSign.

Ransomware gang uses PrintNightmare to breach Windows servers (BleepingComputer) Ransomware operators have added PrintNightmare exploits to their arsenal and are targeting Windows servers to deploy Magniber ransomware payloads.

‘Unpatched’ vulnerabilities in Wodify fitness management platform allow attackers to steal gym payments, extract member data (The Daily Swig) Personal trainers urged to exercise caution over alleged security flaws

Wodify (Bishop Fox Labs) The Bishop Fox team discovered three vulnerabilities that could have a severe business and reputational risk for Wodify.

Amnesty concerned about electronic ID card security (Taipei Times) Amnesty International Taiwan yesterday called for the establishment of a dedicated oversight body for the government’s planned electronic identification card (eID) program, citing potential privacy and security concerns

Cyberattack hits vaccine records for thousands of Durham Region children: CTV News investigation (CTV Toronto) The personal information of more than three thousand children in daycares throughout Durham Region was stolen in a cyberattack early this year that CTV News Toronto has learned is larger than previously known.

Memorial Health System experiences cyber attack (Marietta Times) In the early hours of Sunday morning, Memorial Health System experienced an information technology security incident. “IT noticed irregularities in the data system,” said Memorial Health System President and CEO Scott Cantley at a press conference. “Security protocols call for the shut down of our Information Technology system.” Memorial Health System is working with security […]

Moorfields Eye Hospital Dubai investigates cyber attack (The National) Cyber criminals have targeted some of the hospital’s servers in a recent ‘IT security incident’

Security Patches, Mitigations, and Software Updates

Microsoft Addresses June Patch Glitch, and Starts Bundling SSUs with LCUs for Windows 10 (Redmondmag) Microsoft on Tuesday announced the release of a ‘standalone’ servicing stack update (SSU) for Windows 10 systems to address a patching problem that had affected some organizations trying to apply a June security update.

Microsoft confirms another Windows Print Spooler bug, offers workaround (CVE-2021-36958) (Help Net Security) Microsoft has released an out-of-band security advisory acknowledging the existence of yet another Print Spooler vulnerability (CVE-2021-36958).

How to prepare for Apple’s Mail Privacy Protection (Help Net Security) Mail Privacy Protection stops senders from using invisible pixels to collect information about the user. Here’s what to do about it.

Game On: A Summer of Cybercrime Reveals Evolving Bot Threat (Imperva) Fans around the world clamored online, and even in-person, over the past several weeks to enjoy the thrill of competition. From the Tour De France and EURO 2020 tournament in June to the recent Summer Olympic Games in Tokyo, fans were eager to cheer on their nations and make a little money in the process, […]

A summer of cybercrime reveals evolving bot threats (Security Magazine) There’s a growing bot problem surrounding sporting events. The spikes in bot activity seen during some of the world’s largest sporting events in 2021 is evidence of an evolving security threat that continues to pervade daily life.

Over a Third of Organizations Damaged by Ransomware or Breach (Infosecurity Magazine) Over one-third of organizations worldwide have experienced a ransomware or breach that blocked access to systems or data

Hospitals still not protected from dangerous vulnerabilities (Help Net Security) When asked about common vulnerabilities, the majority of IT and IS hospital executives said their hospitals were unprotected.

He predicted the dark side of the Internet 30 years ago. Why did no one listen? (Washington Post) Philip Agre, a computer scientist turned humanities professor, was prescient about many of the ways technology would impact the world

Beige Against the Machine: The IBM PC turns 40 (Register) 5150: Not just a medical emergency, also the beginning of the office brick


Sophos acquires Refactr to optimize cybersecurity platforms with automation (Back End News) Cybersecurity firm Sophos announced its acquisition of Refactr, a firm that develops and markets development, security, and operations (DevSecOps) automation platform that bridges the gap between d…

Tevano Signs LOI to Acquire Illuria – Cyber Deception Specialist (Yahoo Finance) Vancouver, British Columbia–(Newsfile Corp. – August 12, 2021) – Tevano Systems Holdings Inc. (CSE: TEVO) (FSE: 7RB) (“Tevano”, or the “Company”), is very pleased to announce that it has signed a non-binding letter of intent dated for reference August 8, 2021 and signed by all the parties on August 11, 2021 (“LOI”) for the acquisition of cyber deception software developer Illuria Security Inc. (“Illuria”) (the “Transaction”).Under the terms of the LOI, Tevano will acquire …

Cisco confirms acquisition of Israeli startup Epsagon (Globes) Cisco EVP Liz Centoni: When the acquisition closes, the Epsagon team will join our strategy, incubation and applications group.”

The six biggest vendor cybersecurity acquisitions of all time, and why they were made (CRN) CRN runs through the top six cybersecurity acquisitions from vendors, following the news that NortonLifeLock is acquiring Avast

Money pours in for anti-hacking firms (The Straits Times) (NYTIMES) – As cyber attacks proliferated this year, Mr Sanjay Beri, chief executive of Netskope, received a phone call. Then an e-mail. Then more messages.. Read more at straitstimes.com.

As cyber funds continue to surge, founders must contemplate where to grab their millions (SC Media) As funding divvied to cyber startups continues to explode, founders face a new dilemma: When and from whom do they accept the millions of dollars?

5 Companies That Came To Win This Week (CRN) Companies that came to win this week include NortonLifeLock and Dataiku.

2 Cybersecurity Stocks That Just Crushed Earnings (The Motley Fool) They’re small, highly specialized players of the cybersecurity industry, and the need for their solutions continues to grow.

Group-IB Recognized as a Global Cyber Threat Intelligence Leader by Frost & Sullivan (PR Newswire) Group-IB, one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigation…

FireEye hires Mark Ellis as first NZ country manager (Reseller News) ​US-headquartered cyber security vendor FireEye has launched a physical presence for the first time in the New Zealand market, hiring Mark Ellis as its first local country manager.

Forcepoint Appoints Rees Johnson Chief Product Officer to Accelerate Company’s Data-first SASE Strategy (PR Newswire) Forcepoint, a global leader in data-first cybersecurity, today announced Rees Johnson has joined the company as Chief Product Officer (CPO)….

Products, Services, and Solutions

New infosec products of the week: August 13, 2021 (Help Net Security) The featured infosec products this week are from the following vendors: NETGEAR, McAfee, Sectigo, Arcserve, Nutanix, Sophos, Threat Stack.

VMware Carbon Black Unveils Cloud Endpoint Vulnerability Management Module (MSSP Alert) VMware Carbon Black launches a Vulnerability Management module equipped with Kenna Security risk scoring capabilities for its Cloud Endpoint solution.

Air Force Adopts Novetta Developed PICARD for Base Defense (Johnson City Press) Novetta, an advanced analytics company, announced today that the U.S. Air Force has accepted Novetta’s PICARD, Platform for Integrated C3 and Responsive Defense,

CERT-In empanels Siemens for security audit services (Devdiscourse) Siemens Ltd on Friday announced it has been empanelled by the Indian Computer Emergency Response Team (CERT-In) to offer information security auditing services to government organisations.

TechnoBind Partners with StorCentric to Provide Secure Data Management Solutions (CXOToday.com) TechnoBind, India’s first specialist distributor for data and associated domains, today announced it has signed up as a Value-Added Distributor (VAD) partner f

National Cyber Security Alliance Unveils Cybersecurity Education and Career Resource Library (GlobeNewswire News Room) On a mission to empower a more secure, interconnected world, the National Cyber Security Alliance partners with Palo Alto Networks and other cybersecurity…

iboss Expands CASB Functionality and Security Abilities on iboss Cloud Platform (Yahoo) iboss, the leading Secure Access Service Edge (SASE) cloud security provider, today announced the general availability of three new features that have been added to the iboss Cloud Platform: API Cloud Access Security Broker (CASB), Advanced CASB controls and Remote Browser Isolation (RBI). These latest enhancements continue to expand the CASB functionality, security, and data leakage protection abilities available on the iboss platform.

NordVPN now runs natively on Apple silicon Macs (NordVPN) Flex the performance boost of Apple’s powerful silicon chip while securing yourself online with the fastest VPN on the planet. The NordVPN version 6.6.1 for macOS is live on the App Store and our

Audiomack Drives Down Risk with Public Bug Bounty on the Bugcrowd Platform (BusinessWire) Bugcrowd, the industry-leading crowdsourced cybersecurity platform, today announced Audiomack, a free music sharing and discovery platform, is launchi

Technologies, Techniques, and Standards

Tech Hack Notification Delays Can Leave Corporate Customers in the Lurch (Wall Street Journal) Many companies struggle to obtain details that could help them prepare for fallout from a cyberattack on their technology supply chain.

Vulnerability disclosure is not a one size fits all (and that’s okay) (AMEInfo) It’s not surprising that anything directly tied to vulnerabilities tends to draw focused attention from the broader cyber community. Overall, it’s a good thing that’s the case.

Ransomware and cyber insurance: What are the risks? (Help Net Security) It is time security leaders understand the risks before adding cyber insurance to their strategy for ransomware prevention and recovery.

Oil and Gas Companies Must Act Now on Cybersecurity (Harvard Business Review) The World Economic Forum’s Cyber Resilience in the Oil and Gas Industry: Playbook for Boards and Corporate Officers Provides a New Blueprint to Secure Critical Infrastructure

Discovering CAPTCHA Protected Phishing Campaigns (Unit42) CAPTCHA-protected phishing campaigns are becoming more popular. We share techniques to detect malicious content despite these evasions.

Over 80% of data scientists struggle with real-world datasets despite training: Survey (ETCIO.com) Over 80 per cent of Data Scientists shared that they struggled initially because the datasets that a data scientist works within the real world are ma..

Design and Innovation

Your Child’s Safety (Facebook Safety Center) Safety is a conversation and a responsibility we all share. Get to know how Facebook approaches safety, and learn about the tools and resources available to teens, parents and teachers.

Security Threat Model Review of Apple’s Child Safety Features (Apple) To enable parents to play a more informed role in helping their children navigate communication online through on-device interventions to children on their devices when sexually explicit images are sent or received. For children younger than 13, enable the parent to receive notification each time the child confirms these events.

Apple Races to Temper Outcry Over Child-Porn Tracking System (Bloomberg) Company prepares employees for questions about new approach. Apple also will have an independent auditor assess the feature.

Decrypting Apple’s Plan to Scan Photos on Your Phone (The Markup) Dispatches from Editor-in-Chief Julia Angwin

Deepfakes Are Now Making Business Pitches (Wired) The video technology, initially associated with porn, is gaining a foothold in the corporate world.

Research and Development

Facebook shut down German research on Instagram algorithm, researchers say (The Verge) The company doesn’t want anyone looking under the hood

Legislation, Policy, and Regulation

Afghan Government Collapses as Ghani Flees the Country (Foreign Policy) The United States evacuates its embassy while diplomats and aid officials brace for a new humanitarian catastrophe.

Afghan government collapses as Taliban sweeps in, U.S. sends more troops to aid chaotic withdrawal (Washington Post) Taliban fighters took control of Kabul on Sunday, delivering the militant Islamist group the prize it has long sought: authority over all of Afghanistan as the Western-backed government collapsed, President Ashraf Ghani fled, and the long-dominant American presence appeared to be coming to an abrupt and chaotic end after nearly 20 years.

Biden’s Afghanistan Exit Raises Questions About His Foreign-Policy Record (Wall Street Journal) The president has defended his troop-withdrawal decision, saying that Washington had accomplished its mission and had nothing to gain by perpetuating its military deployments in the country.

Biden administration scrambled as its orderly withdrawal from Afghanistan unraveled (Washington Post) By the middle of the week, as cities across Afghanistan were falling like dominoes to the Taliban and U.S. diplomats appeared increasingly at risk, President Biden’s plan for an orderly end to the United States’ longest war was quickly falling apart.

Opinion | Biden’s Afghanistan Surrender (Wall Street Journal) The President tries to duck responsibility for a calamitous withdrawal.

We All Lost Afghanistan (Foreign Affairs) Two decades of mistakes, misjudgments, and collective failure

Chronicle of a Defeat Foretold (Foreign Affairs) A review of Carter Malkasian’s “The American War in Afghanistan,” a look at how the U.S. and its NATO allies failed to defeat the Taliban.

Afghanistan’s collapse: Did US intelligence get it wrong? (ABC News) As the Taliban overtook Kabul Sunday, many Americans wondered how top Biden officials could have been so wrong in their assurances that Kabul would not easily fall.

Major surveillance firms are ‘gifting’ tools to find a foothold in Latin America (Rest of World) A new report by the digital rights organization Access Now is the first comprehensive look at how foreign companies, mainly from China and Israel, have driven increased demand for surveillance…

Made Abroad, Deployed at Home (Access Now) Swipe left, swipe right, like, share, repeat. We are increasingly aware of the impact digital technology has on our rights. Lawmakers around the world are turning their attention to companies like Google, Facebook, Amazon, Microsoft, and Apple, and in many cases they are developing new laws and policies to regulate these gatekeepers of fundamental rights. But other companies are flying under the radar, selling surveillance technology that is deployed across Latin America without sufficient transparency or public scrutiny.

Not just NSO: Israel and Morocco cybersecurity ties grow closer (Haaretz) With Lapid visiting, officials say defensive cyber cooperation between Israel and Morocco already in swing: ‘Morocco is no chump in the cyber field’

The hackers: A closer look at the shadowy world of offensive cyber (Israel Hayom) The international uproar over eavesdropping on world leaders launched Israeli company NSO Group into the spotlight, but many companies across the globe, and in Israel, sell the exact same products. “This has nothing to do with human rights, and everything to do with business,” says Isaac Ben-Israel, a world-renowned expert in the field.

Panel asks MHA to add cyber porn, blackmail offenders to national data base (Sify) The Standing Committee on the Ministry of Home Affairs, in its latest report, has asked the Ministry to include the offenders and criminals proliferating in cyber space who are repeatedly engaged in cyber pornography, cyber blackmailing, cyber stalking or bullying in the National Database of Sexual Offenders (NDSO).

Cyberspace and outer space are new frontiers for national security, according to an expert report (The Conversation) The growth of online and space activity make traditional ideas of national security increasingly outdated.

Cyberspace Solarium Commission warns over slow progress on supply chain risk (FedScoop) The landmark Cyberspace Solarium Commission warned Thursday in an annual report that major barriers remain over the designation of cybersecurity responsibilities under the Defense Production Act (DPA). In its initial report, published in March last year, the commission called on the federal government to use the DPA to foster domestic production of critical technology and […]

The Senate’s $1 trillion infrastructure bill includes funding to secure Americans’ water systems and power grids from cyberattacks (Washington Post) A Senate bill intended to shore up the nation’s roads, pipes and electric grid includes billions to protect that aging infrastructure from cyberattacks.

Litigation, Investigation, and Law Enforcement

Pegasus case: Govindacharya asks Supreme Court to revive his 2019 petition (The Hindu) The former Rashtriya Swayamsevak Sangh ideologue sought a court-monitored investigation and lodging of FIR against Facebook, WhatsApp, NSO Group and others involved in the ‘illegal surveillance’.

Pegasus: MP Thol Thirumavalavan Seeks Contempt Proceedings Against Current, Former Home Secys (The Wire) A former judge of the Supreme Court, two court registry officers and the woman who accused ex CJI Gogoi of sexual harassment were on the list of possible targets.

Canada lawyer: Huawei CFO committed “commercial dishonesty” (AP NEWS) A senior executive for Chinese communications giant Huawei Technologies committed fraud because of what she said during a meeting with a bank official, and what she did not say, a Canadian government lawyer told an extradition hearing Wednesday.

US case against Huawei CFO Wanzhou ”flawed,” her lawyers say (ETTelecom) The lengthy extradition proceeding is entering the committal phase which involves arguments over the US government’s request to extradite Meng.

Huawei Accused in Suit of Installing Data ‘Back Door’ in Pakistan Project (Wall Street Journal) A California company says Huawei required it to set up a system in China that gives Huawei access to sensitive information about citizens and government officials from a safe-cities surveillance project in Lahore. Huawei denies the claim.

China dismisses Canadian protests over cases tied to Huawei (AP NEWS) China on Thursday dismissed Canada’s protests of harsh sentences handed down by Chinese courts to Canadians whose cases are seen as linked to the arrest in Vancouver of a top executive at Chinese tech giant Huawei.

Suing the CISO: SolarWinds Fires Back (Secure World) Investors are suing the CISO of SolarWinds following the nation-state cyberattack against the company. Is this a warning for security leaders everywhere?

Business email compromise: 23 charged over ‘sophisticated’ fraud ring (ZDNet) Suspects in the Netherlands, Romania and Ireland arrested following coordinated investigation run by Europol into organised online crime, which sold fictional goods to victims.

Unmasked: 23 charged over COVID-19 business email compromise fraud (Europol) A sophisticated fraud scheme using compromised emails and advance-payment fraud has been uncovered by authorities in Romania, the Netherlands and Ireland as part of an action coordinated by Europol.  On 10 August, 23 suspects were charged as a result of a series of raids carried out simultaneously in the Netherlands, Romania and Ireland. In total, 34 places were searched. These criminals are believed to have defrauded companies in at least 20 countries of approximately €1 million. 

Huawei stole our tech and created a ‘backdoor’ to spy on Pakistan, claims IT biz (Register) Allegations of purloined trade secrets, unfair competition, national security threats, and more packed into lawsuit

London court orders Binance to trace cryptocurrency hackers (Reuters) London’s High Court has ordered Binance, one of the world’s largest cryptocurrency exchanges, to identify hackers and freeze their accounts after one user said it was the victim of a $2.6 million hack.

Tesla’s Autopilot System to Be Probed by U.S. Auto Safety Regulator (Wall Street Journal) The NHTSA said that it had identified 11 crashes since early 2018 in which a Tesla vehicle using its Autopilot system struck one or more vehicles involved in an emergency-response situation.

Source link

Sign up for our daily Maritme Cyber Analysis and Threat Intelligence news.