FamousSparrow likes hotel data. Ransomware hits another farm co-op. REvil cheated affiliates? Conti warning. Autodiscover flaw.

Attacks, Threats, and Vulnerabilities

APT focus: ‘Noisy’ Russian hacking crews are among the world’s most sophisticated (The Daily Swig | Cybersecurity news and views) Unpacking the Matryoshka dolls behind Kremlin-backed cybercrime campaigns

Iran may be behind cyberattack on company serving major names in Israeli tech, experts say (Haaretz) After looting 15 terabytes of information from Israeli company Voicenter, a group of foreign hackers offered the data online for $1.5 million. But evidence points to motives beyond just money

Afghanistan: Details of another MoD data breach emerge (Computing) The breach may expose Afghans who worked with British forces

Afghanistan: Second email data breach by MoD uncovered (BBC News) The MoD apologises again as it emerges dozens of people were mistakenly copied in to another email.

Crystal Valley Farm Coop Hit with Ransomware (Threatpost) It’s the second agricultural business to be seized this week and portends a bitter harvest with yet another nasty jab at critical infrastructure.

Crystal Valley Cooperative becomes latest agriculture business hit with ransomware (ZDNet) The company released a statement on Tuesday evening, but its websites are now down.

Second farming cooperative shut down by ransomware this week (BleepingComputer) Minnesota farming supply cooperative Crystal Valley has suffered a ransomware attack, making it the second farming cooperative attacked this weekend.

CISA, FBI, NSA warn of increased attacks involving Conti ransomware – CyberScoop (CyberScoop) The Department of Homeland Security’s cybersecurity agency, the FBI and National Security Agency urged organizations in an alert Wednesday to update their systems amid an increase in Conti ransomware attacks.

Conti Ransomware (CISA) Immediate Actions You Can Take Now to Protect Against Conti Ransomware
• Use multi-factor authentication.
• Segment and segregate networks and functions.
• Update your operating system and software.

A new APT is targeting hotels across the world (The Record by Recorded Future) A new advanced persistent threat (APT), a term used to describe state-sponsored cyber-espionage groups, has been spotted mounting attacks against hotels across the world.

FamousSparrow: A suspicious hotel guest (WeLiveSecurity) ESET researchers uncover a cyberespionage group, FamousSparrow, that has targeted hotels, governments, and private companies worldwide since at least 2019.

How REvil May Have Ripped Off Its Own Affiliates (Threatpost) A newly discovered backdoor and double chats could have enabled REvil ransomware-as-a-service operators to hijack victim cases and snatch affiliates’ cuts of ransom payments.

He Escaped the Dark Web’s Biggest Bust. Now He’s Back (Wired) DeSnake apparently eluded the DOJ’s takedown of AlphaBay. The admin talked to WIRED about his return—and the resurrection of the notorious underground marketplace.

Report: Suspected Chinese hack targets Indian media, gov’t (Spectrum News 1) A U.S.-based cybersecurity company says it has uncovered evidence that an Indian media conglomerate, a police department and the agency responsible for the country’s national identification database have been hacked, likely by a state-sponsored Chinese group

“Bom” Skimmer is Magecart Group 7’s Latest Model (RiskIQ) RiskIQ has tracked Magecart since skimmers first surfaced in 2014 and burst into the headlines in the landmark attack against British Airways in 2018. In the time since, our researchers have cataloged hundreds of iterations of Magecart skimmers as different threat groups build, appropriate, tweak, and develop them to suit their unique purposes.

An email ‘autodiscover’ bug is helping to leak thousands of Windows passwords (TechCrunch) More than 340,000 Exchange mailbox credentials were exposed in four months.

Hundreds of Thousands of Credentials Leaked Due to Microsoft Exchange Protocol Flaw (SecurityWeek) Hundreds of thousands of Windows domain and application credentials leaked due to a flaw related to the Autodiscover protocol used by Microsoft Exchange.

Microsoft Exchange protocol can leak credentials (Register) Email clients fail over to unexpected domains if they can’t find the right resources

Microsoft Autodiscover abused to collect web requests, credentials (ZDNet) Updated: Researchers were able to exploit a protocol design feature on a vast scale.

Exchange Autodiscover feature can cause Outlook to leak credentials (CSO Online) A design issue in the Microsoft Exchange Autodiscover feature can cause Outlook and other third-party Exchange client applications to leak plaintext Windows domain credentials to external servers. Here’s what companies can do now to mitigate the risk.

Microsoft Exchange Autodiscover bug leaks hundreds of thousands of domain credentials (The Record by Recorded Future) Security researchers have discovered a design flaw in a feature of the Microsoft Exchange email server that can be abused to harvest Windows domain and app credentials from users across the world.

Israeli cyber investigator uncovers Microsoft password leak (The Jerusalem Post) A breach in the tech giant’s login mechanism meant that over 372,000 usernames and passwords were leaked.

Autodiscovering the Great Leak (Guardicore) See the most recent research from Amit Serper on a vulnerability in Autodiscover from Microsoft Outlook that affects credential leaks.

Many Hikvision Cameras Exposed to Attacks Due to Critical Vulnerability (SecurityWeek) More than 70 Hikvision cameras and NVRs are affected by a critical vulnerability that can allow an attacker to take control of devices without user interaction.

Hackers leak LinkedIn 700 million data scrape (The Record by Recorded Future) A collection containing data about more than 700 million users, believed to have been scraped from LinkedIn, was leaked online this week after hackers previously tried to sell it earlier this year in June.

Phone calls disrupted by ongoing DDoS cyber attack on VOIP.ms (Ars Technica) Threat actors asking $4.2 million from VoIP.ms to stop DDoS attack.

Remote Code Execution Vulnerability Found in AWS WorkSpaces (SecurityWeek) Rhino Security Labs researchers have identified a vulnerability in the AWS WorkSpaces desktop client that could allow an attacker to execute arbitrary code remotely.

Flaws in Nagios Network Management Product Can Pose Risk to Many Companies (SecurityWeek) Researchers have discovered nearly a dozen vulnerabilities in widely used network management products from Nagios.

Shortened LinkedIn URL Used for Phishing (Avanan) A LinkedIn URL shortener is used to redirect users to phishing sites.

Everyone Gets a Rootkit (Eclypsium) In a connected, digitally transformed age, the term “no good deed goes unpunished” could perhaps be rephrased as “no good feature goes unexploited”. And so it is with ACPI, Microsoft WPBT, and every version of Windows since Windows 8.

Over a Hundred Thousand People’s Personal Information Exposed in Colombian Real Estate Company Data Breach (WizCase) WizCase’s security team recently found a major breach affecting the online database of Colombian real estate development firm, Coninsa Ramon.

Ireland’s health service using 30,000 outdated PCs after cyberattack (euronews) Six months after the HSE’s entire IT system was compromised, Irish lawmakers are demanding to know why it is still using outdated computers.

Security Patches, Mitigations, and Software Updates

Netgear Patches Remote Code Execution Flaw in SOHO Routers (SecurityWeek) Netgear warns that an attacker on the same network as a vulnerable device could intercept and manipulate router traffic to execute code as root.

VMware patch bulletin warns: “This needs your immediate attention.” (Naked Security) “It is a matter of time before working exploits are available,” warns VMware.

Google Issues Warning For 2 Billion Chrome Users (Forbes) Google has issued a serious upgrade warning to all Google Chrome users worldwide…

Google Working on Improving Memory Safety in Chrome (SecurityWeek) Google this week shared some details on its long-term plan to improve memory safety in Chrome, while also announcing the first stable release of Chrome 94, which patches a total of 19 vulnerabilities.

Why the ransomware crisis suddenly feels so relentless (MIT Technology Review) Attacks on major companies and critical infrastructure have panicked the US, but the roots of the problem go back years.

2021 has broken the record for zero-day hacking attacks (MIT Technology Review) But the reasons why are complicated—and not all bad news.

Intelligence Insights: September 2021 (Red Canary) Rose Flamingo rises, TA551 prevails, and Crypters-as-a-Service emerge as adversaries exploit enterprise applications for initial access.

Cyber Threats to Global Electric Sector on the Rise (Dragos | Industrial (ICS/OT) Cyber Security) Learn more on the increasing number of cyber intrusions and attacks targeting the Electric sector globally and how you can protect your organization from specific ICS-focused threat behaviors.

New Report from Positive Technologies Finds Ransomware Attacks Have Reached ‘Stratospheric’ Levels (Positive Technologies) New Report from Positive Technologies Finds Ransomware Attacks Have Reached ‘Stratospheric’ Levels

Cybersecurity threatscape: Q2 2021 (Positive Technologies) The number of attacks remained in the first quarter, while the number of targeted attacks is growing every quarter. In our reasearch we note that the trend toward creating malware targeting Unix systems, virtualization tools, and orchestrators has taken hold. In Q2, the number of ransomware attacks reached stratospheric levels: we believe that ransomware operators may soon abandon partners as a separate role and start supervising distributors directly.

The UK Online: Safety, scams and security (Veriff) Take a deep dive into safety, scams, and security online, with this article from the team at Veriff.


Panorays Closes $42 Million Series B Funding Round (Panorays) Panorays intends to use the funds to expand in the U.S. and internationally, and develop more tools to streamline security between organizations and vendors.

Jscrambler Raises $15 Million in Series A Funding to Rewrite the Rules of Website Security (BusinessWire) Jscrambler, a technology company specializing in cybersecurity products for web and mobile applications, announced today it has raised $15 million in

Peraton expands again with cloud services acquisition (Washington Business Journal) The Herndon IT contractor went back to M&A well to secure a range of cloud-enabled as-a-service offerings and a portfolio of federal and state contracts.

FRANCE : Tehtris opens doors to fellow French cybersecurity operators (Intelligence Online) After having long kept its distance from the rest of France’s cybersecurity community, Tehtris has decided to open up by creating Ecosystem, a partnership programme aimed mainly at companies working

FireEye Announces Plans to Relaunch as Mandiant, Inc. at Cyber Defense Summit 2021 and Trade on Nasdaq as MNDT (Yahoo Finance) FireEye plans to change its corporate name, and relaunch as Mandiant, Inc. on October 4, 2021.

Tim Cook says employees who leak memos do not belong at Apple, according to leaked memo (The Verge) The company has historically gone to great lengths to track down workers

ThreatX Named a Visionary in the 2021 Gartner® Magic Quadrant™ for Web Application and API Protection (BusinessWire) ThreatX today announced it has been recognized as a Visionary in the Gartner 2021 Magic Quadrant for Web Application and API Protection.

Silverfern IT marks 30 years in business, ramps up security investment (ARN) In 1991, Liong Eng told his pregnant wife he wanted to take the leap and start a business, and if it didn’t work out, he would just apply for another job.

Cobalt Iron Named Top 10 Cybersecurity Company by CIO Bulletin

(WallStreet.com) Cobalt Iron Inc., a leading provider of SaaS-based enterprise data protection, today announced that it has been chosen as part of the CIO Bulletin Top 10 Cyber Security Companies for 2021. The company received the award on the strength of its Cobalt Iron Compass® enterprise SaaS backup platform.

Facebook Chief Technology Officer Schroepfer to Step Down (Bloomberg) Veteran executive ‘Schrep’ will shift to senior fellow role. Hardware boss Andrew Bosworth will be promoted to CTO role.

Fresh Off $1.2 Billion IPO, AI Company Hires Ex-Expedia Exec as CLO (Corporate Counsel) Conder will replace Efi Harari, who has been SentinelOne’s chief legal officer since June 2017. Harari will stay on as chief of staff.

SAIC Appoints Kevin Brown as Chief Information Security Officer (BusinessWire) SAIC appoints Kevin Brown as new chief information security officer

Cequence Security Announces New Additions to Leadership Team (Cequence) Cequence Security, API and bot security leader, expands leadership team with with new CFO/General Counsel and VP of Customer Success.

Products, Services, and Solutions

BreachQuest Shields Businesses From New Treasury Department Sanctions Linked To Ransomware Payments (PR Newswire) Yesterday, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced a crackdown on the use of digital currencies…

PayU partners with AU10TIX to streamline merchant onboarding (PAYPERS) PayU a Netherlands-based payment service provider, has partnered with identity management company AU10TIX to screen customers and ensure a frictionless onboarding …

NS1 Announces DDoS Overage Protection (BusinessWire) With DDoS Overage Protection, NS1 customers can avoid unexpected cost increases due to distributed denial-of-service (DDoS) attacks.

Druva Introduces the Industry’s First and Only Curated Recovery Technology For Accelerated Ransomware Recovery (BusinessWire) Druva Inc., the leader in Cloud Data Protection and Management, today introduced the industry’s first and only curated recovery technology, leveraging

Nutanix CEO Teases Security Platform, Zero Trust at Next (SDxCentral) Nutanix announced new security capabilities and teased some still under development including zero trust during at its annual .Next event.

Qohash Launches New Qostodian Recon Product to Help Organizations Discover and Secure Their Sensitive Data (PR Newswire) Qohash announces the launch of Qostodian ReconTM, its new on-premise data discovery and classification solution that catalogs sensitive data to…

Hitachi ID Introduces New Features and Enhanced Usability in Latest Security Fabric Update (GlobeNewswire News Room) The Hitachi ID Bravura Security Fabric version 12.2 elevates identity protection for organizations, better preparing them for tomorrow’s attacks…

Cymulate Expands End-to-End Security Posture Validation Capabilities with Vulnerability Prioritization Technology and External Attack Surface Assessment (PR Newswire) Cymulate, the industry standard for SaaS-based Continuous Security Validation, announced today the launch of two new solutions to enable…

This popular password manager is now seriously affordable (Techradar) Keep all your account credentials safe with one of the best password managers around

Tanium helps protect the University of Salford from surge of cyberattacks (Intelligent CIO Europe) Mark Wantling, Chief Information Officer, the University of Salford, discusses the institution’s need to provide a safe and secure environment for its students, which gave it full visibility over its assets and the ability to close hundreds of thousands of endpoint vulnerabilities. Wantling explains how the visibility Tanium provided it with meant that the university […]

Cloudflare Joins Microsoft Intelligent Security Association (BusinessWire) Cloudflare, Inc. (NYSE: NET), the security, performance, and reliability company helping to build a better Internet, today announced that it has joine

Verve Industrial Protection Joins ServiceNow Partner Program (GlobeNewswire News Room) Enabling Industrial Organizations to Enhance OT Network Visibility Into Inventory and Manage OT Assets…

Technologies, Techniques, and Standards

There’s no escape from Facebook, even if you don’t use it (Washington Post) You pay for Facebook with your privacy. Here’s how it keeps raising the price.

Privacy Reset: A guide to the important settings you should change now (Washington Post) From Facebook to Venmo, staying on top of your privacy starts with these key settings.

Legislation, Policy, and Regulation

UK publishes 10-year plan to become ‘A.I. superpower’, seeking to rival U.S. and China (CNBC) The U.K. has released its plan to make the country a global “artificial intelligence superpower”, seeking to rival the likes of the U.S. and China.

Cyber security agency ‘under-resourced and over-tasked’ (RTE.ie) A Dáil committee has heard that Ireland’s spend on cyber security should be 25 times greater than its current level.

At U.N., Biden Calls for Diplomacy, Not Conflict, but Some Are Skeptical (New York Times) The president said he wants global cooperation to meet challenges, but some allies and adversaries say his actions point to confrontation with China and unilateral action, belying his words.

UK Minister Sorry Over Afghan Interpreters’ Data Breach (SecurityWeek) Britain’s defense minister apologized and his ministry suspended an official Tuesday after a “significant” data breach involving the email addresses of dozens of Afghan interpreters hoping to settle in the U.K.

Republican lawmakers raise security, privacy concerns over Huawei cloud services (TheHill) Sen. Tom Cotton (R-Ark.) and Rep. Mike Gallagher (R-Wis.) are raising concerns around U.S. and foreign governments’ potential use of Chinese telecommunications group Huawei’s cloud services, warning of security and privacy issues.

China Says FCC Can Mitigate Device Risk With Cyber Regime (Law360) Chinese manufacturers and the Chinese government are asking the Federal Communications Commission to forgo plans for a blanket ban on products made in countries that have been deemed a national security threat and instead craft a more narrowly focused compliance regime aimed at addressing U.S. national security concerns.

What utility companies need to know about software bill of materials (Utility Dive) The Biden administration wants more transparency in the software supply chain. It’s an area where utility companies have already been collaborating with the federal government.

Litigation, Investigation, and Law Enforcement

Yes, the FBI held back REvil ransomware keys (CSO Online) The ransomware keys might have been acquired by an ally, which would invoke the third-party doctrine where the decision to release was not the FBI’s alone.

How Hamburg became Europe’s unlikely data protection trailblazer (WIRED UK) Under former commissioner Johannes Caspar, Hamburg sent shock waves from Brussels to Silicon Valley

White House Blacklists Russian Ransomware Payment ‘Enabler’ (SecurityWeek) The U.S. announced sanctions against Russia-based virtual currency brokerage SUEX OTC, that officials say helped at least eight ransomware gangs launder virtual currency.

Facebook Ordered to Release Records on Closed Myanmar Accounts (Wall Street Journal) The company had shut down accounts for promoting violence against the Rohingya, but it resisted sharing information about those accounts with countries pursuing a genocide case against Myanmar.

Robot Crypto Traders Are the New Flash Boys (Bloomberg) Fast-moving token traders are jumping in line to front-run other people’s orders.

That Alfa-Trump Sussman indictment (Errata Security) Five years ago, online magazine Slate broke a story about how DNS packets showed secret communications between Alfa Bank in Russia and the …

ZoomInfo Must Face Proposed Ill. Class’s Privacy Suit (Law360) An Illinois federal judge ruled on Wednesday that ZoomInfo must face proposed class action claims that it nonconsensually uses Illinois resident names and identities to advertise paid access to its full database, ruling the proposed lead plaintiff sufficiently stated a claim.

Online Directory Can’t End Privacy Suit Over People Search (Law360) An Illinois federal judge rejected online directory RocketReach’s bid to escape proposed class claims that the company unlawfully used personal information to advertise its paid people search service, saying state privacy laws don’t exempt the company’s alleged conduct.

Source link

Sign up for our daily OT Cyber Analysis and Threat Intelligence news.