Purging social media connections in Afghanistan. Cyber incident reported at State. ShinyHunters are back.
Attacks, Threats, and Vulnerabilities
Taliban hunting for ‘collaborators’ in major cities, threat assessment prepared for United Nations warns (Washington Post) The Taliban has stepped up its hunt for former Afghan security officials and people who may have worked with U.S. or NATO forces, according to a confidential threat assessment prepared for the United Nations and seen by The Washington Post.
Taliban violence drives Afghans to wipe social media profiles (NBC News) As the Taliban maintain control of Kabul, residents across Afghanistan are racing to delete photos from their mobile phones and social media accounts.
Opinion | How the Taliban Turned Smartphones Into Weapons (New York Times) They employed social media to cultivate an image of strength within Afghanistan, while projecting an air of legitimacy to the outside world.
What I Learned While Eavesdropping on the Taliban (Defense One) I spent 600 hours listening in on the people who now run Afghanistan. It wasn’t until the end of my tour that I understood what they were telling me.
State Department hit by cyber attack, source says (Fox Business) The State Department is the latest to fall victim to a cyberattack and the notification of a possible serious breach was made by the Department of Defense Cyber Command, a source told Fox News Saturday.
US State Department Hit By Cyber-Attack (Infosecurity Magazine) Reports over the weekend revealed the US State Department recently suffered a cyber attack
U.S. State Department recently hit by a cyber attack -Fox News (Reuters) The U.S. State Department was recently hit by a cyber attack, and notifications of a possible serious breach were made by the Department of Defense Cyber Command, a Fox News reporter tweeted on Saturday.
U.S. State Department reportedly hit by a cyberattack in recent weeks (CNBC) The extent of the breach and whether or not there is any ongoing risk to operations is unclear, according to a Fox News reporter.
Exclusive: Hacker Selling Private Data Allegedly from 70 Million AT&T Customers (RestorePrivacy) A well-known threat actor with a long list of previous breaches is selling private data that was allegedly collected from 70 million AT&T customers. We analyzed the data and found it to include social security numbers, date of birth, and other private information. The hacker is asking $1 million for the entire database (direct sell) …
ShinyHunters Selling Alleged AT&T Database with 70 million SSN and Date of birth; AT&T Denies it originated from their systems (Cyble) Cyble’s research on ShinyHunters selling alleged AT&T database affecting over 70 Million users’ SSNs and DoBs.
AT&T responds to report that 70M customer records were breached in massive hack (BGR) A massive AT&T hack might impact 70 million people, with a well-known hacker selling online the personal data for $1 million.
Cyber criminals offer data from 70 million AT&T customers (Market Research Telecast) After T-Mobile in the USA, the top dog AT&T is also threatened with a security debacle due to an apparently massive data breach. The bustling hacker group ShinyHunters offers private data allegedly from 70 million …
Claimed AT&T hack of 70M customer records; carrier denies… (9to5Mac) There has been a claimed AT&T hack of personal data from 70M customers, less than a week after a confirmed hack of tens of millions of…
AT&T denies data breach after hacker auctions 70 million user database (BleepingComputer) AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers.
T-Mobile’s epic data breach is only sounding worse and worse (Android Police) It seems like we can’t go a week without hearing about another massive security breach at a mega-corporation. This week’s shocker comes courtesy of
How attackers could exploit breached T-Mobile user data (CSO Online) Follow-on attacks using stolen T-Mobile data are a real risk for victims. Here’s how attackers can leverage that data to compromise accounts or launch phishing campaigns.
Company Data Hoards Create Tempting Targets for Hackers (Wall Street Journal) The hoards of consumer information that companies collect multiply the damaging effects of data breaches, lawyers and cybersecurity specialists say.
Mozi botnet gains the ability to tamper with its victims’ traffic (The Record by Recorded Future) A new version of Mozi, a botnet that targets routers and IoT devices, is now capable of tampering with the web traffic of infected systems via techniques such as DNS spoofing and HTTP session hijacking, a capability that could be abused to redirect users to malicious sites.
Google Discloses Details of Unpatched Windows AppContainer Flaw (SecurityWeek) Google disclosed the details of a Windows AppContainer vulnerability after Microsoft said it would not fix it, but Microsoft later reversed course and said it could patch it after all.
LockFile: Ransomware Uses PetitPotam Exploit to Compromise Windows Domain Controllers (Symantec) Previously unseen ransomware hit at least 10 organizations in ongoing campaign.
Microsoft Exchange Servers Still Vulnerable to ProxyShell Exploit (Huntress Labs) Attackers are actively scanning for vulnerable Microsoft Exchange servers and abusing the latest line of Microsoft Exchange vulnerabilities that were patched in early 2021.
Almost 2,000 Exchange servers hacked using ProxyShell exploit (The Record by Recorded Future) Almost 2,000 Microsoft Exchange email servers have been hacked over the past two days and infected with backdoors after owners did not install patches for a collection of vulnerabilities known as ProxyShell.
Google Docs Scams Still Pose a Threat (Wired) A 2017 worm caused havoc across the internet. One researcher is warning that despite new protections put in place, it could still happen again.
API Vulnerability Exposes COVID Vaccination Status of All Israeli Citizens (GlobalDots) Returning from my vacation abroad, I had to fill out a COVID declaration form on the Israeli Health Ministry website. Something looked weird when I filled it out on my mobile: It was too quick to indicate that I’m vaccinated, and this output came up even with a typo in my passport number. Hence I […]
A Short History of Essay Spam (How We Got from Pills to Plagiarism) (Sucuri) From answering beginner questions like ‘What is SEO spam?’ to breaking down the spammers’ code and exactly how they hide their injections in compromised websites, we have written regularly about spam at Sucuri.
Inside the Secret Codes Hackers Use to Outwit Ransomware Cops (The Daily Beast) After a flurry of disruptive ransomware attacks this summer, cybercriminal forums banned ransomware posts. But the ransomware gangs are finding ways to skirt the rules.
Positive Technologies helps to fix dangerous vulnerability in CODESYS ICS software (Positive Technologies) A Positive Technologies application analysis expert studied the CODESYS Runtime System and discovered a high-severity vulnerability
Ransomware hits Lojas Renner, Brazil’s largest clothing store chain (The Record by Recorded Future) Lojas Renner, Brazil’s largest clothing department store chain, said it suffered a ransomware attack that impacted its IT infrastructure and resulted in the unavailability of some of its systems, including its official web store.
Your Money: Underreported data breach may have exposed the private health information of 750K people (KSDK) Thousands of patients across the country had their medical data breached, and some attorneys claim they may not have been notified.
St. Joseph’s/Candler ransomware investigation ongoing, patients offered identity protection (Savannah Morning News) Patients were offered membership to identity protection service, Experian, as the investigation into the ransomware attack continues.
Security Patches, Mitigations, and Software Updates
Chrome update addresses seven high-severity vulnerabilities (Computing) Bug details ‘may be kept restricted until a majority of users are updated with a fix’
High-Severity DoS Vulnerability Patched in BIND DNS Software (SecurityWeek) Patches have been released for a high-severity DoS vulnerability affecting the BIND DNS software.
Third-Party Patches Available for More PetitPotam Attack Vectors (SecurityWeek) 0patch this week announced the release of patches that address additional attack vectors for the PetitPotam vulnerability.
Linux Threat Report 2021 1H: Linux Threats in the Cloud and Security Recommendations (Trend Micro) Linux powers many cloud infrastructures today. However, it is not immune to threats and risks. We discuss several pressing security issues including malware and vulnerabilities that compromise Linux systems in the first half of 2021.
North American bulk power providers reporting more cyber incidents, says NERC (Star Phoenix) The number of cybersecurity-related incidents reported to the North American electrical industry’s information-sharing centre last year more than doubled in…
Ransomware on a Rampage; a New Wake-Up Call (Forbes) The rampage of Ransomware is a wake-up call. We live in an increasingly hyper-connected world that impacts all aspects of our lives. Managing and protecting data is a security imperative for every industry and organization.
Synopsys acquires Code Dx (Israel Defense) The acquisition is intended to expand Synopsys’ application security portfolio and add software vulnerability correlation, prioritization, and consolidated risk reporting
Sequoia Makes Inc. 5000 List of Fastest-Growing Private Companies for Sixth Consecutive Year (PR Newswire) Sequoia Holdings LLC has earned a spot on Inc. Magazine’s Inc. 5000 list of the country’s fastest-growing private companies for the sixth year…
Demand for Telos cybersecurity tools offsetting federal contract delays (Washington Business Journal) Despite task order delays on two of its contracts, executives for the Ashburn-based cybersecurity company are sticking to their revenue guidance.
Armorblox Joins Internet2’s Research and Education Community as Industry Member (StreetInsider.com) Membership furthers Armorblox’s ability to collaborate with Internet2 members and meet the unique needs of the research and education community
Palantir Is an Enigma. The Opportunity in Its Stock Is Far More Clear. (Barron’s) Palantir stock is a favorite of retail investors, but the company’s outside-the-box thinking makes some on Wall Street nervous.
IDC MarketScape: U.S. Managed Detection and Response Services 2021 Vendor Assessment (IDC) IDC examines consumer markets by devices, applications, networks, and services to provide complete solutions for succeeding in these expanding markets.
New Thinking: Britain’s ‘Largest’ Cybersecurity Accelerator Launches With Inclusivity In Its DNA (Forbes) Supported by government, Britain’s largest cybersecurity accelerator aims to provide help to 160 businesses between now and April next year. One key element of its mission is to promote greater diversity among entrepreneurs coming into the sector. So, what does that mean in practice?
Georgia Cyber Center could add third building as jobs, companies seeing Augusta as destination (Augusta Chronicle) As campus matures, so does its mission and its ability to draw professional talent to the Augusta area
Cybersecurity jobs: This is what we’re getting wrong when hiring – and here’s how to fix it (ZDNet) From demanding qualifications that few people have to expecting years of experience in new disciplines, businesses are making mistakes when advertising jobs – and it’s leaving IT security teams understaffed and exhausted.
“Working in the cybersecurity industry means you’re one of the good guys” (CTECH) Morphisec’s offering prevents the next cyberattack before it occurs, says VP of Product Netta Schmeidler, adding that like her, “more women are joining the industry, but it still isn’t enough”
Iron Bow’s Rhett Butler Appointed to AFCEA DC Board of Directors (BusinessWire) Iron Bow Technologies, an IT solutions provider to government, commercial and healthcare markets, today announced Rhett Butler, Vice President of Syst
Products, Services, and Solutions
Digital Guardian enhances endpoint DLP visibility and security controls to secure a hybrid work model (Help Net Security) Digital Guardian announced new enhancements to its endpoint DLP visibility and security controls specifically to secure a hybrid work model.
Identity management org Sailpoint unveils no-code tool (VentureBeat) SailPoint adds no-code tool to make it easier for IT teams to manage workflows based on employee identities.
Telos Corporation Accelerates Growth at Major U.S. Airports (GlobeNewswire News Room) Cybersecurity leader’s aviation channeling service experiences consistent growth, with renewals at marquis customers…
New infosec products of the week: August 20, 2021 (Help Net Security) The featured infosec products this week are from the following vendors: SailPoint, FORESEE, FireEye, Digital Guardian, and GrammaTech.
Technologies, Techniques, and Standards
Using threat intelligence to produce a cyber defence strategy (AusCERT) Latest blogs and updates from AusCERT
T-Mobile Suffered a Massive Data Breach. Its Response Is the 1 Thing No Company Should Ever Do (Inc.com) Communication is a pretty important part of taking care of your customers.
Cybersecurity is paramount for not for profits – we need to act now (Pro Bono Australia) The good news is, there are practical actions that every organisation can take to improve cybersecurity protections, writes Infoxchange Group CEO David Spriggs.
How To Not Let Cyberattacks Get The Better Of Your Small Business (TechFinancials) Small businesses are the heart and soul of the economy – each offering job opportunities, growing various industries, and enabling ….
7 data privacy tips for your phone from digital security experts (CNET) Want to prevent apps from stealing your data? We asked the experts what everyone should know.
Research and Development
Intel Wins US Government Project to Develop Leading-Edge Foundry… (Intel) Intel Foundry Services will lead the first phase of the U.S. Department of Defense’s RAMP-C program to establish a domestic commercial foundry infrastructure.
Cyberattacks on schools are a growing concern (KMGH) After a record number of cyberattacks in 2020, there are concerns schools could see more of these attacks as kids return to class.
Legislation, Policy, and Regulation
Singapore and US to work more closely on cyber security; three agreements signed (The Straits Times) PM Lee announced the agreements during a press conference with US Vice-President Harris on Monday.. Read more at straitstimes.com.
United States and Singapore Expand Cooperation on Cybersecurity (CISA) The MOU is one of many deliverables in Vice President Harris’ visit to Singapore.
‘Imbecilic’: Ex-UK Leader Tony Blair Slams Afghan Withdrawal (Military.com) He accused U.S. President Joe Biden of being “in obedience to an imbecilic political slogan about ending ‘the forever wars.’
The inside story of how Biden’s team handled Afghanistan’s collapse (POLITICO) By the morning of Wednesday, Aug. 11, the Afghan government’s already brittle control of the war-torn country was quickly unraveling in the face of a swift Taliban offensive coinciding with the nearly complete withdrawal of U.S. troops that President JOE BIDEN ordered in April.
‘This Is Actually Happening’ (POLITICO) Inside the Biden team’s five-day scramble as Afghanistan collapsed.
Flawed assumptions led to tragic outcomes in Afghanistan (Military Times) All planners know that assumptions are warranted when there is a lack of information to continue planning.
President Biden suggested rescue operations in Kabul. What comes next? (Military Times) Biden signaled he is open to allowing troops into Kabul to rescue Americans.
Biden vows to evacuate all Americans, foreign allies from Afghanistan (Military Times) About 18,000 individuals have been evacuated from the country since late July.
What Can the U.S. Do If the Taliban Starts Aiding Terrorists? (Bloomberg) Biden talks about “over-the-horizon” forces, but long distance creates big problems.
Afghan army’s total collapse forces soul-searching at NATO meeting (Washington Post) The collapse of the Afghan military after 20 years of international support and training, billions of dollars spent, and thousands of lives lost forced a sobering round of soul-searching at an emergency meeting of NATO foreign ministers on Friday, according to diplomats involved in the discussions.
So Much for a ‘Foreign Policy for the Middle Class’ (Defense One) Biden’s answer to Trump’s approach lasted only as long as its first major test.
Biden doesn’t plan to fire anyone over Kabul chaos, sources say (Axios) Biden isn’t inclined to fire any senior national security officials over the chaos in Kabul unless the situation drastically deteriorates.
Opinion | Afghanistan is a disaster of choice, not inevitability (Washington Post) A moment of national calamity.
As Biden Faces a Political Crisis, His Party Looks On in Alarm (New York Times) Democrats fear that if the pandemic or the situation in Afghanistan continues to worsen, their party may lose the confidence of the moderate swing voters who lifted it to victory in 2020.
Opinion | Cleaning Up After Biden on al Qaeda (Wall Street Journal) Biden’s falsehoods show a misunderstanding of the continuing threat from Islamic terrorism.
A Message From CISA Director Jen Easterly About Afghanistan, Service, & Sacrifice (CISA) While I make it a point to communicate to the workforce in my role as CISA Director, I write this message as a Veteran, and the wife of a Veteran, both of us having served in multiple locations around the world, including Afghanistan. Throughout our lives we observe and experience events that will ultimately be written about in our history books. Some of these events, such as the ongoing situation in Afghanistan, stand out more than others because they impact us in deeply personal ways.
The US should deter ransomware computer attacks, by Jonathan Welburn and Quentin Hodgson (Press of Atlantic City) Just 10 years ago, ransomware was the domain of mostly small-fry hackers encrypting files to squeeze a few hundred dollars out of random individuals. Today it’s an urgent issue of
Ex-IDF cyber intel. official reveals secrets behind cyber offense (The Jerusalem Post) JPost One-on-One Zoomcast, Episode 31: Yonah Jeremy Bob with Yaron Rosen, Brig. Gen. (Res.): Former IDF cyber chief, president of cyber intel firm Toka, reveals how nations should defend cyberspace
Don’t jeopardize national security by weakening American tech (Dallas News) In the last 16 months, while America’s attention has been largely focused on the ongoing public health crisis, foreign adversaries have ramped up cyber…
NHS data grab delayed again, after millions opt out (Computing) NHS Digital says it will undertake a ‘listening exercise’ before announcing a new start date
Litigation, Investigation, and Law Enforcement
Pegasus attack has serious implications for rule of law, say senior retired police officers (The Hindu) Julio Ribeiro, Vikash Narain Rai, S.R. Darapuri voice concern on the impact of surveillance and planting of evidence
SEC Enforcement Targets Cybersecurity Disclosures Again (cyber/data/privacy insights) Securities and Exchange Commission Chairman Gary Gensler has pledged to bring a renewed focus to robust enforcement of the federal securities laws. As we observed in a recent blog post, under Chairman Gensler and Director Gurbir Grewal, the SEC’s Division of Enforcement will be more aggressive in se
Lina Khan’s Theory of the Facebook Antitrust Case Takes Shape (Wired) With a beefed-up complaint, the Federal Trade Commission explains precisely why it thinks the social media giant is an illegal monopoly.
Dear FTC, repeat after me: ad platforms don’t set prices | Mobile Dev Memo (Mobile Dev Memo) Dear FTC, repeat after me: ad platforms don’t set prices. Mobile marketing and advertising, freemium monetization strategy, and marketing science. Mobile Dev
T-Mobile data breach: More than 50 million people now affected (CNET) The company is reportedly now facing a class-action lawsuit, according to papers filed in a Washington court and seen by Vice.
T-Mobile Hit With Class Action Suits After Consumer Data Breach (Bloomberg Law) T-Mobile USA Inc. was hit with a pair of class action lawsuits in Washington federal court accusing the telecommunications company of violating the California Consumer Privacy Act.
Mike Lindell Is Hiding A County Clerk Amid FBI Probe Of A Vote Data Leak: Report (HuffPost) As the FBI investigates claims that Colorado voting machine passwords were given to a presumed QAnon leader, the clerk is reportedly at a secret safe house.
T-Mobile customers file class action lawsuits as investigation finds 53 million affected by data breach (Yahoo) T-Mobile does not believe that customers had their financial information, credit card information, debit, or other payment information stolen in the attack.