Prophet Spider enters initial access C2C market. Prometheus TDS in the criminal souks. Money trail links BlackMatter, DarkSide.

Attacks, Threats, and Vulnerabilities

How PROPHET SPIDER Exploits Oracle WebLogic | CrowdStrike ( Learn how PROPHET SPIDER exploits unpatched Oracle WebLogic servers to gain initial access and how the adversary monetizes access to victim environments.

Prometheus TDS (Group-IB) Review of malicious campaigns executed with the help of Prometheus TDS — a service designed to distribute malicious files and redirect users to phishing and malicious sites

Meet Prometheus, the secret TDS behind some of today’s malware campaigns (The Record by Recorded Future) A recently discovered cybercrime service is helping malware gangs distribute their malicious payloads to unsuspecting users using a network of hacked websites.

New Hacking Group Shows Similarities to Gang That Attacked Colonial Pipeline (Wall Street Journal) The parallels between the new BlackMatter group and the group that hacked the pipeline suggest DarkSide may have returned under a new name, according to professionals who analyze hacking techniques and ransomware payments

New Chinese Spyware Being Used in Widespread Cyber Espionage Attacks (The Hacker News) Researchers Uncover New Chinese Spyware is Being Used in Wide-Scale Cyber Espionage Attacks

Chinese Cyberspy Group APT31 Starts Targeting Russia (SecurityWeek) China-linked hacking group APT31 has been using new malware in recent attacks targeting Mongolia, Belarus, Canada, the United States, and — for the first time — Russia.

Russian Federal Agencies Were Attacked With Chinese Webdav-O Virus (The Hacker News) Chinese Webdav-O malware was used to attack the Russian federal agencies

Microsoft Exchange was used to hack diplomats long before 2021 cyber attack (Fortune) The attacks are similar to the 2021 hack of Microsoft Exchange servers which hit thousands of businesses.

DeadRinger: Chinese APTs strike major telecommunications companies (ZDNet) Previously unknown campaigns center around “Chinese state interests.”

Iran leak hints at second tier targets as next terror gateway (Digital Journal) A new report highlights the coordinated attempt to collect information on the vulnerabilities of second-tier targets, with the threat coming from Iran.

Leaked Document Says Google Fired Dozens of Employees for Data Misuse (Motherboard) Some allegations potentially center around accessing Google user or employee data.

44% of cloud privileges are misconfigured, warns Varonis (iTWire) Forty-four percent (44%) of cloud privileges are misconfigured and users often have overly-broad privileges which are mis-assigned due to a security team oversight or malicious activity, according to cybersecurity company Varonis’ latest security risk report. Varonis says misconfiguration can open u…

Hackers are using CAPTCHA techniques to scam email users (CyberScoop) More email users fell for scams using CAPTCHA technology in 2020, a new report from security firm Proofpoint shows. The technique, which uses a visual puzzle to help authenticate human behavior, received 50 times as many clicks in 2020 compared to 2019.

Why social engineering and spear phishing are such constant business threats (TechHQ) Social engineering and spear phishing are still persistently among the major intrusion tactics used by cybercriminals today.

Ransomware Actors Set Up a Call Center to Lure Victims (BankInfoSecurity) Ransomware actors have taken a page from the playbooks of tech support scammers of yore by guiding victims to download malware through persuasion over the phone.

New Raccoon Stealer Campaign Underscores an Evolving Threat (Dark Reading) An information stealer disguised as pirated software targets cryptocurrencies and data while dropping malicious content on infected devices.

New Research Uncovers 5 Vulnerabilities in Mitsubishi Safety PLCs (Nozomi Networks) Nozomi Networks Labs has discovered five vulnerabilities affecting Mitsubishi safety PLCs that relate to the authentication implementation of the MELSOFT communication protocol.

Q&A: Joe Weiss of Applied Control Solutions on Control Systems and Cybersecurity (ThreatConnect) During a recent ThreatConnect Podcast, Joe Weiss, Managing Partner at Applied Control Solutions gave his insights and thoughts on Control Systems and Cybersecurity issues facing our nation’s critical infrastructures.

Vulnerabilities in NicheStack TCP/IP Stack Affect Many OT Device Vendors (SecurityWeek) More than a dozen vulnerabilities, collectively named INFRA:HALT, have been identified in the NicheStack TCP/IP stack, which is used by many OT device vendors.

Critical Flaws Affect Embedded TCP/IP Stack Widely Used in Industrial Control Devices (The Hacker News) There are critical vulnerabilities in the NicheStack Embedded TCP/IP stack commonly used in industrial controls

New Scam Targets Auto Accidents (Avanan) A new scam targets automobile accidents.

Advanced Technology Ventures Discloses Ransomware Attack (SecurityWeek) Silicon Valley venture capital firm Advanced Technology Ventures says personal information of private investors compromised in ransomware attack.

Lehigh Valley Health patients added to Accellion data breach toll: 3 million affected (Becker’s Hospital Review) Allentown, Pa.-based Lehigh Valley Health Network began notifying patients that their data was stolen in the Accellion data breach that has affected at least 3 million others, according to an Aug. 3 report by The Morning Call.

Sanford Health dealing with cyberattack; no signs of patient data being compromised (Sioux Falls Argus Leader) Sanford officials did not provide details as to the nature of the cyber attack or its impact.

Watch a Hacker Hijack a Capsule Hotel’s Lights, Fans, and Beds (Wired) It’s not a ghost. It’s a half-dozen vulnerabilities in a digital automation system.

Security Patches, Mitigations, and Software Updates

Google Patches Several Chrome Flaws That Can Be Exploited via Malicious Extensions (SecurityWeek) Researchers describe the Chrome sandbox escape vulnerabilities that earned them tens of thousands of dollars.

Google Patches High-Risk Android Security Flaws (SecurityWeek) The latest Android OS refresh contains fixes for more than 30 vulnerabilities, some rated highly critical.

Amazon and Google patch major bug in their DNS-as-a-Service platforms (The Record by Recorded Future) At the Black Hat security conference today, two security researchers have disclosed a security issue impacting hosted DNS service providers that can be abused to hijack the platform’s nodes, intercept some of the incoming DNS traffic, and then map customers’ internal networks.

Super Duper Secure Mode (Microsoft Browser Vulnerability Research) The VR team is experimenting with a new feature that challenges some conventional assumptions held by many in the browser community. Our hope is to build something that changes the modern exploit landscape and significantly raises the cost of exploitation for attackers. Mitigations have a long history of being bypassed, so we are seeking feedback from the community to build something of lasting value.

ICS Vendors Address Vulnerabilities Affecting Widely Used Licensing Product (SecurityWeek) ICS and other vendors have published advisories to address serious DoS vulnerabilities affecting a widely used licensing and DRM solution from Wibu-Systems.

Salesforce Release Updates — A Cautionary Tale for Security Teams (The Hacker News) What are Salesforce Release Updates? What is the importance of Salesforce Security Updates?

Google Chrome is scrapping an essential security feature, but there’s a good reason ( GOOGLE looks set to scrap an essential security feature from its popular Chrome web browser. But the Mountain View-based firm isn’t resting on its laurels – there’s a very good reason for this drastic change.

14 Top Cybersecurity Trends To Expect At Black Hat Conference (CRN) As Black Hat Conference 2021 kicks off, CRN speaks with 14 prominent executives to see what cybersecurity trends they expect to be the talk of this year’s event.

Black Hat insights: All-powerful developers begin steering to the promise land of automated security (The Last Watchdog) Software developers have become the masters of the digital universe. Related: GraphQL APIs pose new risks Companies in the throes of digital transformation are in hot pursuit of agile software and this has elevated developers to the top of the food chain in computing. There is an argument to be made that agility-minded developers, in […]

Cybersecurity’s new normal: Ransomware, phishing and Zero Trust (ITP) In the era of public cloud, mobility, and work-from-home, the notion of perimeter security has quickly become outdated. While awareness and education can help lessen the risk of cyber-attacks, a single moment of inattention and carelessness can be enough to devastate the business, says A10 Networks’ Babur Nawaz Khan

Mismanagement Driving Cybersecurity Skills Gap: Research (SecurityWeek) Annual survey shows that the cyber skills gap continues to worsen; that cybersecurity professionals continue to feel they are under compensated; they do not get enough training; are under-resourced; and they don’t feel supported

SAP Customer Survey Reveals False Sense of Security (SecurityWeek) The SAP Security Survey Report 2021 shows that many SAP customers have a false sense of security.

1 in 4 Former Employees Still Has Access to Files at Old Job (Small Business Trends) As many as 1 in 4 employees still has access to data at a former job. Almost 42% of employees admit to sharing workplace passwords.

Darktrace reports a 50% increase in AI-driven responses to cyber attacks | Cambridge Network (Cambridge Network) Darktrace, a global leader in cyber security AI, today announced that its Antigena ‘machine fights back’ technology has autonomously responded to an increasing number of attacks on cloud and collaboration applications this year. The company reports a 50% increase in AI actions taken during the first half of 2021 compared to the latter half of 2020, to thwart attacks on

Employee stress leads to greater cyber risk for Australian companies (IT Brief) More than half (55%) of Australian employees feel their stress levels are impacting their ability to focus on their job, and are undertaking risky behaviours that expose organisations to cyber threats, according to new research from Forcepoint.


The Cybersecurity 202: The year’s biggest cybersecurity conferences are back, but limited (Washington Post) The Black Hat and Def Con conferences, which are typically crowded and bustling summer highlights for the cybersecurity community, are far more muted this year.

Deloitte Makes Fifth Cybersecurity Acquisition In 2021: aeCyberSolutions (CRN) aeCyberSolutions is Deloitte’s fifth cybersecurity acquisition this year after Root9B, CloudQuest, Terbium Labs, and TransientX.

Dutch companies have more insurance against ransomware (DodoFinance) Surprisingly, more companies are insured against ransomware in other countries. In the Netherlands, 47% of companies have insurance, 63% in India, 58% in

Orca Security Spearheads Effort to Elevate Transparency in the Cybersecurity Industry (BusinessWire) Orca Security today announced the launch of, a new initiative to elevate transparency and drive open discussion in the cyberse

Welcome to Transparency in Cybersecurity (Transparency in Cyber) Security by obscurity doesn’t work. 42% of cybersecurity vendors restrict their customers’ ability to post product reviews and benchmarks

Princeton Identity Announces Partnership with EPAM to Develop High-Security Remote Work Solutions (Yahoo Finance) Princeton Identity (PI), a leading developer of iris and face biometric identity solutions, announced today that it has entered into a partnership agreement with EPAM Systems, Inc., a leading global provider of digital platform engineering and development services—also named among the top 15 companies in Information Technology Service on the Fortune 1000 list. Together, the companies will address the need for solutions that provide secure use of confidential information as it is accessed by a re

WSJ News Exclusive | Location-Data Broker X-Mode to Be Bought by Digital Envoy (Wall Street Journal) The embattled provider that was kicked off Apple and Google platforms last year to be renamed Outlogic as it becomes part of larger company.

Darktrace expands Aussie presence following 60% YoY growth (Technology Decisions) AI cybersecurity firm Darktrace has announced its expansion in Australia, as more organisations adopt an AI-driven approach to cyber defence.

Oregon examines spyware investment amid controversy (Washington Post) The future ownership of an Israeli spyware company whose product has been used to hack into the cellphones of journalists, human rights workers and possibly even heads of state is up in the air.

Netta Schmeidler of Morphisec Named Winner of the Top 10 Women in Cybersecurity for 2021 by Cyber Defense Magazine ( Morphisec, a leader in cloud-delivered endpoint and server security solutions, today announced that its VP of Product Netta Schmeidler has

PwC Australia hires new cybersecurity chief (CRN Australia) TransGrid CISO on board in plan to add 100 cyber security staff over the next year.

NTT Accelerates Application Security Expansion in EMEA with Key VP Hire (PR Newswire) The Application Security Division of NTT Ltd., a world leader in application security, today at Black Hat USA 2021 announced the appointment of…

Netenrich Hires Technology Veterans to Accelerate Company Growth as Digital Operations Leader (PR Newswire) Netenrich, a Resolution Intelligence® company, today announced the appointment of two respected industry executives, Rich Lane, Chief Strategy…

1Kosmos Adds Former Splunk and ForgeRock Leaders to the Executive Team (BusinessWire) 1Kosmos expands its executive team with new SVP of Global Business Development and Strategic Alliances and VP of Product Management.

Morphisec Appoints Michael Gerard as Chief Marketing Officer ( Morphisec, a leader in cloud-delivered endpoint and server security solutions, is proud to announce that it has appointed Michael Gerard

Delphix appoints Pritesh Parekh as Chief Trust & Security Officer (Security Magazine) Pritesh Parekh will be responsible for DevOps, trust, security, and QA in engineering.

GreatHorn Appoints New Chief Revenue Officer to Spearhead Scalable Business Growth Acceleration (GreatHorn) Accomplished industry veteran Arthur Braunstein joins GreatHorn’s leadership team to focus on direct and channel sales momentum. Read the release for more details.

Products, Services, and Solutions

Code42 Incydr Detects Corporate Data Exfiltration Movement to Personal Google Drive, Box and other Cloud Applications (BusinessWire) Code42 Incydr can automatically distinguish between browser uploads to corporate and personal cloud applications, including Google Drive™ and Box.

AU10TIX Applauded by Frost & Sullivan for Enhancing the Customer Onboarding Process with Its AI-powered Identity Management Solution (PR Newswire) Based on its recent analysis of the global identity management market, Frost & Sullivan recognizes AU10TIX with the 2021 Global Product…

Object Management Group Systems Modeling Certification Tests Available Online | Object Management Group (OMG) Today, the international technology standards organization Object Management Group® (OMG®) announced that its popular systems modeling certification exams are available online (virtually) at Pearson OnVUE.

Untangle Taps Brigantia Partners To Grow SMB Security Distribution in the UK (PR Newswire) Untangle® Inc., a leader in comprehensive network security for small-to-medium businesses (SMBs) and distributed enterprises, today announced a…

Vectra AI Reveals Cybersecurity Blind Spots in PaaS and IaaS Environments with Security Survey (PR Newswire) Vectra AI, a leader in threat detection and response, today released the findings of the PaaS & IaaS Security Survey Report. The report…

Facebook open-sources Winterfell, a computational integrity library (VentureBeat) Facebook has open-sourced a new library, Winterfell, that aims to bring computational integrity techniques to a wider audience.

SafeBreach Intros New Tools to Automate Zero-Day Detection (eSecurityPlanet) A fuzzer for Hyper-V and an automated zero-day detection tool are two of the many security tools that will be unveiled at Black Hat and Def Con.

Radware and INAP Deepen Partnership to Provide Cloud Web Application Security and DDoS Protection to Enterprises Worldwide (Yahoo Finance) Expanded portfolio offers advanced hybrid cybersecurity defenses and services

IBM and Black & Veatch Collaborate on AI-Driven Monitoring Solutions (PR Newswire) IBM (NYSE: IBM) and Black & Veatch today announced a collaboration to jointly market Asset Performance Management (APM) solutions, including…

5 reasons why depending on your ISP for DDoS protection is a bad idea | Imperva (Imperva) A distributed denial of service (DDoS) attack is a malicious attempt to make an online service unavailable to users, usually by temporarily interrupting or suspending the services of its hosting server. Once thought of as prankish annoyance, DDoS attacks today are often a tool for cybercriminals to earn income. They’re regarded as one of the […]

Cyware Partners with RiskIQ to Deliver Actionable Threat Intelligence (BusinessWire) Today, Cyware, the industry’s only Virtual Cyber Fusion platform provider, announced a partnership with RiskIQ, a leader in internet security intellig

Canadian network security firm launches industrial gateway (IT World Canada) A fledgling Canadian network security company has launched its second product, a plug and play device aimed at protecting IoT devices. Halifax-based Byos Inc. said its industrial Secure Gateway Edge is a small box that plugs into industrial controllers, security cameras, medical devices, POS devices and other networked devices to isolate them within a local […]

CompTIA ISAO Adds Real-time Cybersecurity Threat Analysis and Intelligence Resources from Sophos (CompTIA) ISAO members gain access to SophosLabs Intelix™ for rapid analysis of known and zero-day cybersecurity threats

H Layer Issues First SACP™ Credentials (PR Newswire) H Layer Credentialing, a wholly owned business unit of Professional Testing, Inc., grants first Security Awareness and Culture Professional…

DSM Technology Announces New VCSP Gold Status with Veeam® (PR Newswire) DSM, a Florida-based leader in Data Assurance, announced today that it has achieved Gold Status in the Veeam® Cloud & Service Provider (VCSP)…

Technologies, Techniques, and Standards

The Importance of Properly Scoping Cloud Environments (PCI SSC | CSA) The PCI Security Standards Council (PCI SSC) and the Cloud Security Alliance (CSA) are issuing a joint bulletin to educate stakeholders on the importance of properly scoping cloud environments and good cloud security measures for payment security protection

New CISA and NSA Guidance Details Steps to Harden Kubernetes Systems (SecurityWeek) New guidance from CISA and NSA provides information on the steps that administrators can take to minimize risks associated with Kubernetes deployments.

Addressing insider threats: how the board can maintain cyber security (Information Age) Paul Stark, general manager, UK at OnBoard, discusses how board members can address insider threats by maintaining cyber security

Spies Like Us (Foreign Affairs) Technology is enabling nonstate actors to collect and analyze intelligence—sometimes more easily, more quickly, and better than governments.

Design and Innovation

Post-quantum chip has built-in hardware Trojan (eeNews Europe) A team at the Technical University of Munich (TUM) has created a computer chip that implements post-quantum cryptography particularly effectively. In future, such chips could protect against hacker attacks with quantum computers. The researchers have also built hardware Trojans into the chip. They want to investigate how such “malware from the chip factory” can be debunked.


CYBER.ORG Releases First National K-12 Cybersecurity Learning Standards (BusinessWire) CYBER.ORG today announced the release of the nation’s first voluntary K-12 cybersecurity learning standards to be used to in schools and districts aro

K-12 Cybersecurity Learning Standards Fact Sheet ( The K-12 Cybersecurity Learning Standards will help increase cybersecurity literacy and build a robust pipeline of future cybersecurity talent.

K-12 Cybersecurity Learning Standards ( As the United States faces an onslaught of increasingly sophisticated cyberattacks, the nation lacks the workforce needed to combat these threats.

Facebook disables accounts at NYU political-ad research project (NASDAQ:FB) (SeekingAlpha) Facebook (FB +2.6%) has disabled accounts of New York University researchers who were looking into the effects of political ads on the service

Facebook Disables Accounts Tied to NYU Research Project (Bloomberg) Company says researchers of political ads were scraping data. NYU’s Ad Observatory got cease-and-desist letter last October.

Legislation, Policy, and Regulation

Toward more rational cyber policymaking, through better data? (The CyberWire) Almost exactly four hundred years ago, Francis Bacon made the case for overcoming the idols of the cave, the tribe, the marketplace, and the theater—four categories of cognitive pitfalls common to all humans—with something approximating scientific inquiry. Early this week, friends of the Atlantic Council explained why the United States needs a central repository for cyber statistics against which public and private decision makers can test their intuitions and check their biases.

Pakistan government approves new cybersecurity policy, cybercrime agency (The Daily Swig | Cybersecurity news and views) New policy welcomed as much-needed improvement to ‘poorly implemented’ Prevention of Electronic Crime Act

Israel’s top defense panel to discuss cyberarms after NSO scandal ( Classified intelligence subcommittee meeting will be held in wake of NSO scandal and growing backlash after Israeli spyware found on U.K., French phones.

WSJ News Exclusive | U.S. Taps Amazon, Google, Microsoft, Others to Help Fight Ransomware, Cyber Threats (Wall Street Journal) The creation of a joint initiative follows cyberattacks on critical U.S. infrastructure. “This will uniquely bring people together in peacetime, so that we can plan for how we’re going to respond in wartime,” says Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency.

White House sees ‘sign’ in new ransomware group’s pledge (The Record by Recorded Future) A senior White House official on Wednesday said remarks by a new Russia ransomware gang that it wouldn’t target U.S. critical infrastructure is a sign that the administration’s calls for the Kremlin to crack down on cybercriminals is working.

Senators highlight national security threats from China during rare public hearing (TheHill) The Senate Intelligence Committee held a rare public hearing Wednesday afternoon to stress increasing threats posed by China to U.S.

Senate bill would give states closer coordination with federal cyber authorities (StateScoop) The bill would further formalize the Department of Homeland Security’s cybersecurity relationships with state CIOs and election officials.

Senators propose exclusion of miners, software developers in infrastructure bill’s crypto ‘broker’ definition (The Block) A trio of U.S. senators is proposing a legislative exclusion for crypto companies, including miners and software developers, from a tax reporting

US Coast Guard updates cyber plans to reflect rapid threat changes (C4ISRNet) The Coast Guard is adapting to a rapidly changing cyber landscape.

Semper WiFi: Marine Corps launches into cyberwar with 4 new jobs for Marines (Task & Purpose) Hack the planet.

Mansfield Could Be Home To The Air National Guard’s New Cyber Wing (The Statehouse News Bureau) Officials from the Air Force and National Guard Bureau are scheduled to visit Mansfield-Lahm Airport, home of the 179th Airlift Wing, today.

Litigation, Investigation, and Law Enforcement

Journalists petition Supreme Court of India citing privacy violations, cyber attack by government (Jurist) Five journalists who were on the list of alleged surveillance targets by Indian government agencies using Israeli hacking software Pegasus on Monday filed writ petitions with the Supreme Court of Indi…

Huawei extradition fight enters crucial phase for CFO Meng Wanzhou — and for the Chinese tech giant (Washington Post) Weeks before the arrest of Huawei chief financial officer Meng Wanzhou in 2018, a book came out in which she wrote about the struggle to get the company’s financial records on a sound footing.

Scandal, Spyware, and 69 Pounds of Weed (The Daily Beast) Affidavits, contracts, and internal emails reveal the insane backstory of the controversy-ridden NSO Group’s first big overseas deal.

Senate Report: Federal Agencies Still Have Poor Cybersecurity Practices (SecurityWeek) Cybersecurity audits at eight U.S. government agencies show that they made little progress over the past two years.

Courts order handover of breach forensic reports in trend welcomed by consumers, feared by defendants (CyberScoop) In the past year, three judges have ordered companies that suffered data breaches to hand over internal forensic reports on how the incident happened — a trend that could lend new insights into incidents where consumers’ personal data is exposed, at the expense of companies that want to keep that information to themselves.

How American Law Lets Feds Spy On WhatsApp Without Needing To Say Why (Forbes) Pen registers let governments keep tabs on when and with whom WhatsApp users are talking and which IP addresses they’re using, and they don’t have to give judges a full explanation as to why. The same goes for surveillance on any communications technologies, from Facebook to car Wi-Fi.

Two Ex-Bank of America Traders Accused of Spoofing Found Guilty (Wall Street Journal) Edward Bases and John Pacilio were convicted of rigging precious-metals prices with a tactic known as spoofing after a criminal trial in Chicago.

Source link

Sign up for our daily OT Cyber Analysis and Threat Intelligence news.