Cybersecurity News Headlines Update on September 18, 2020

US Department of the Interior OIG Audit Report Details Wireless Network Security Problems. According to an audit report from the Department of the Interior Office of Inspector General (DOIOIG), “the Department did not deploy and operate secure wireless network infrastructure, as required by the National Institute of Standards and Technology (NIST) guidance and industry best practices.” Penetration testers were able to access DOI’s internal wireless network with a smartphone and about $200 of equipment stashed in a backpack. They were able to intercept and decrypt traffic. The attacks the pen testers conducted were not detected by DOI employees. Read more in:

DOJ Charges Seven in Connection with Multiple Cyberattacks. The US Department of Justice has charged seven individuals in connection with a series of cyberattacks against software, pharmaceutical and technology companies, non-profit organizations, and universities. Two of the individuals have been arrested in Malaysia; the other five remain at large in China. Some of those charged are allegedly part of the APT41 hacking group. Read more in:

The US Charges Alleged Iranian Hackers. The US Department of Justice has filed charges against two Iranian men, Hooman Heidarian and Mehdi Farhadi, for allegedly launching numerous cyberattacks over the past seven years. The targeted organizations include universities, a defence contractor, a foreign policy organization, and government agencies. Prosecutors believe that Heidarian and Farhadi shared stolen data with Iranian government intelligence officials. Heidarian and Farhadi have not been arrested; they are on the FBI’s wanted list. Read more in:

The US Indicts Three for Alleged Theft of Intellectual Property and Other Information. The US Department of Justice has indicted three Iranian individuals, Said Pourkarim Arabi, Mohammad Reza Espargham, and Mohammad Bayati, for allegedly hacking aerospace and satellite companies. Their campaign allegedly ran from July 2015 until at least February 2019 and targeted organizations in the US as well as in other countries. The campaign was allegedly orchestrated “to steal critical information related to United States aerospace and satellite technology and resources.” Read more in:

Criminal Charges and Financial Sanctions in Cryptocurrency Phishing Case. The US Department of the Treasury’s Office of Foreign Assets Control has officially sanctioned two Russian individuals, Danil Potekhin and Dmitrii Karasavidi, in connection with a phishing campaign “that targeted customers of two U.S.-based and one foreign-based virtual asset service providers.” In addition, the Department of Justice has filed charges against Potekhin and Karasavidi for allegedly stealing millions of dollars’ worth of cryptocurrency. They remain at large. Read more in:

German Authorities Investigating Patient Death After Ransomware Attack on Hospital. In the wake of ransomware on its network, Dusseldorf University Hospital determined that it would not be equipped to conduct scheduled and outpatient procedures or offer emergency care. A patient with a life-threatening condition was rerouted to a different hospital, which resulted in the treatment being delayed by an hour; the patient did not survive. German authorities are investigating the incident as negligent manslaughter. Read more in:

NCSC Warns of Ransomware Attacks Against Education Sector. The UK’s National Cyber Security Centre (NCSC) has issued an alert warning of an increasing number of ransomware attacks targeting schools and universities. The alert describes common ransomware infection vectors (phishing emails, Remote Desktop Protocol, and unpatched hardware and software vulnerabilities) and provides a list of suggested mitigations. Read more in:

Ransomware Attack Disrupts Online Learning for California School District. A ransomware attack affecting the network of the Newhall School District in Valencia, California, resulted in a temporary shutdown of remote learning. District servers remain shut down to allow a forensic investigation. Read more in:

Adobe Patches Flaws in Media Encoder. Adobe has released an unscheduled update for Media Encoder to address “out-of-bounds read vulnerabilities that could lead to information disclosure in the context of the current user.” The flaws affect Adobe Media Encoder versions 14.3.2 and earlier. Read more in:

BLESA: Bluetooth Low Energy Spoofing Attacks Vulnerability. Researchers from Purdue University have uncovered “design weaknesses” in Bluetooth Low Energy protocol that could put devices at risk of spoofing attacks. The researchers note that “BLE requires limited or no user interaction to establish a connection between two devices.” The weaknesses lie in the fact that “link-layer encryption/authentication is optional” and that authentication procedure can be circumvented. Read more in:

Apple iOS Security Updates. Apple has released updates for iOS and iPadOS. The newest versions – iOS 14 and iPadOS 14 – fix 11 security issues, including a privilege elevation vulnerability that can be exploited if users are manipulated into opening a maliciously crafted file. Apple has also issued updates for Safari, tvOS, and watchOS. Read more in:

2,000 eCommerce Sites Running Magento were Hacked Over the Weekend. Nearly 2,000 eCommerce sites running on the Magento platform were compromised over the weekend. The attackers installed malicious code to log payment card data. Most of the hacked sites were running Magento version 1, which is no longer supported. Magento 1.x reached EOL at the end of June 2020. Read more in:

Malvertising Sneaks Into Banner Ads on Adult Sites, Exploits Flaws in Flash and IE. Hackers have placed malicious banner ads on numerous adult websites. The ads redirect users to malicious sites that attempt to install malware through vulnerabilities in Adobe Flash and Internet Explorer. Read more in:

Update Available for WordPress Email Subscribers & Newsletters Plugin Flaw. Developers of the Email Subscribers & Newsletters plugin for WordPress have released an updated version to fix a spoofing vulnerability. The plugin has more than 100,000 active installations. Users are urged to upgrade to version 4.5.6. Read more in:

USPS OIG: Vulnerable Apps Could Have Exposed Data. According to a July 27, 2020, memorandum from the US Postal Service (USPS) Office of Inspector General, USPS has been using six applications that contained known vulnerabilities and which remained unpatched for years. The flaws in the apps could have been exploited to gain access to sensitive data. USPS has since addressed the security issues. Read more in:

Dept. of Veterans Affairs Breach Affects 46,000. A data breach affecting the US Department of Veterans Affairs (VA) Financial Service Center (FSC) compromised personal information belonging to 46,000 veterans. The malicious actors accessed a FSC application without authorization. FSC has taken the application offline. Read more in:

Fairfax County, Virginia, School System Suffers Ransomware Attack. Fairfax County (Virginia) Public Schools (FCPS) is investigating a ransomware attack on “some of [its] technology systems.” While the attack did not disrupt the district’s remote learning program, FCPS is working with federal authorities and “cybersecurity consultants to investigate the nature, scope and extent of any possible data compromise.” Read more in:

Artech Information Systems Hit with Ransomware Last January. Artech Information Systems has disclosed that its systems were targeted in a ransomware attack in January 2020. While investigating reports of unusual activity on a user account, Artech discovered ransomware on several of its systems. The company brought in a third-party forensic investigation firm, which “determined that an unauthorized actor had access to certain Artech systems between January 5, 2020, and January 8, 2020.” The compromised systems contained sensitive information, including health and financial data. Read more in:

Tutanota’s DDoS Defense Prevented Users From Accessing Accounts. Tutanota, a company that offers encrypted email service, has apologized to its users for unintentionally shutting them out of their accounts while the company dealt with a distributed denial-of-service (DDoS) attack. Tutanota experienced DDoS attacks on at least five occasions in the past month. Read more in: Sorry we shut you out, says Tutanota: Encrypted email service weathers latest of ongoing DDoS storms

CISA and FBI Alert Warns of China’s State-Sponsored Hackers. The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint alert warning that cyber threat actors affiliated with China’s Ministry of State Security (MSS) have been targeting US government agencies. According to the alert, the Chinese hackers are exploiting vulnerabilities in Microsoft Exchange Server, F5 Big-IP, Pulse Secure VPN, and Citrix VPN. Patches are available for the flaws. Read more in:

IRS Seeks Technology to Help it Trace Cryptocurrency. The US Internal Revenue Service (IRS) is seeking proposals that will allow the agency to trace cryptocurrency transactions as part of its investigations into money laundering and other cybercrimes. The deadline for proposals is Wednesday, September 16. Read more in:

Researchers and Tech Companies Respond to Voatz’s CFAA Supreme Court Amicus Brief. Nearly 70 individuals and organizations in the cybersecurity community have signed a letter criticizing the argument put forth in an amicus brief submitted to the US Supreme Court regarding a case that could have wide-reading implications for security research. Voatz’s brief argues that the Computer Fraud and Abuse Act (CFAA) should not protect security researchers who do not have explicit permission to examine code for vulnerabilities. The signatories say that “As representatives of the security community, including pioneers of coordinated vulnerability disclosure, bug bounties, and election security, it is our opinion that Voatz’s brief to the Court fundamentally misrepresents widely accepted practices in security research and vulnerability disclosure, and that the broad interpretation of the CFAA threatens security research activities at a national level.” Read more in:

FBI Warns Financial Institutions of Credential Stuffing Attacks. An FBI warning sent to US organizations in the financial sector warns of an increase in credential stuffing attacks targeting their institutions. Suggested mitigations include advising customers and employees to use unique passwords for accounts and to change Internet login page responses so that they do not indicate if just one component of the login is correct. Read more in:

Microsoft: Russian Hackers Are Targeting US Presidential Campaigns. In a blog post, Microsoft writes that it “has detected cyberattacks targeting people and organizations involved in the upcoming presidential election.” Microsoft has seen malicious activity from hacking groups operating from Russia, China, and Iran. The attacks are targeting “candidates and campaign staffers, but also those they consult on key issues.” Read more in:

Zoom Will Offer Two-Factor Authentication to All Users. Zoom has announced plans to roll out two-factor authentication (2FA) to all users. There will be several 2FA options for users to choose from: authentication apps like Google Authenticator, Microsoft Authenticator, and FreeOTP, or code from Zoom sent via SMS or a phone call. Read more in:

Irish Data Protection Commission Will Order Facebook to Stop Sending EU User Data to the US. Facebook has received a preliminary order to stop sending the European Union (EU) user data to the US. Facebook has until mid-September to respond to the order from the Irish Data Protection Commission. The order grew out of a July 2020 ruling from the Court of Justice of the European Union (CJEU) that invalidated Privacy Shield, the current EU-US data transfer agreement because the protections it offered against US Surveillance laws were found to be inadequate to protect the rights of EU data subjects. The CJEU ruling left in place Standard Contractual Clauses (SCC), which provide for data transfers between EU and non-EU countries. The Irish Data Protection Commission believes that the SCC provisions are not sufficient and is therefore asking Facebook to stop data transfers. (Please note that the WSJ story is behind a paywall.) Read more in:

School Openings Delayed Due to Ransomware and Other Digital Disruptions. School districts in Connecticut, North Carolina, Nevada, and other US states have been hit with ransomware, interrupting plans for both online and in-person classes. In some districts, online classes have been interrupted by Zoom-bombing and distributed denial-of-service (DDoS) attacks. Hartford (Connecticut) Public Schools, which are resuming both in-person and remote classes, postponed the first day of school after suffering a ransomware attack. Read more in:

Pakistani Power Company Hit with Ransomware. Systems at K-Electric, the company that provides electricity to Karachi, Pakistan, were infected with Netwalker ransomware. The attack disrupted billing and online services. The attack reportedly occurred on September 7. Read more in: Netwalker ransomware hits Pakistan’s largest private power utility

Equinix Internal Systems Hit with Ransomware. Data colocation centre company Equinix has acknowledged that its internal systems were hit with ransomware. In a blog post, Equinix writes, “Note that as most customers operate their own equipment within Equinix data centres, this incident has had no impact on their operations or the data on their equipment at Equinix.” Read more in:

Microsoft Patch Tuesday. Microsoft’s monthly security update release for September includes fixes for 129 security issues. Twenty-three of the vulnerabilities are considered critical. One of the more worrisome flaws patched earlier this week is a memory corruption issue in Microsoft Exchange that could be exploited simply by sending a maliciously-crafted email. Read more in:

Adobe Patch Tuesday. On Tuesday, September 8, Adobe released fixes for vulnerabilities in Experience Manager, Framemaker, and InDesign. Nine of the 11 vulnerabilities fixed in Experience Manager could be exploited to execute arbitrary JavaScript in the browser. The two fixes for Framemaker could be exploited to allow arbitrary code execution, as could the five memory corruption flaws fixed in InDesign. Read more in:

CodeMeter Vulnerabilities. US-CERT has released industrial control systems (ICS) advisory warning of multiple vulnerabilities affecting Wibu-Systems CodeMeter. The flaws could be exploited “to alter and forge a license file, cause a denial-of-service condition, potentially attain remote code execution, read heap data, and prevent normal operation of third-party software dependent on the CodeMeter.” Read more in:

Bluetooth Vulnerability. A high-severity flaw in the pairing process for Bluetooth implementations 4.0 – 5.0 could be exploited to snoop on vulnerable devices. Devices that use the pairing process, known as Cross-Transport Key Derivation (CTKD) in implementations supporting pairing and encryption with both Bluetooth BR/EDR and LE in Bluetooth Specifications 4.2 through 5.0, are vulnerable to key overwrite. Attackers would need to be within wireless range of targeted devices. Read more in:

[Free Giveaway] Photo Watermark Software v8.2 Registration Code – Protect Photos From Unauthorized Use

If you are sharing photos to network, you never know what will happen. Someone could take the photos for their own use, or Malicious revised, you might never even know. Watermark-software.com is now free giveaway registration code for Photo Watermark Software v8.2, to protect ownership rights of your photos by applying professional watermarks (text, image, logo, or signature) to all of the pictures.

[Free Giveaway] Photo Watermark Software v8.2 Registration Code - Protect Photos From Unauthorized Use
[Free Giveaway] Photo Watermark Software v8.2 Registration Code – Protect Photos From Unauthorized Use
Do you have a huge library of photos that need watermarking? Photo Watermark Software v8.2 can add watermarks to a gallery of 500 photos in less than one minute together with additional features such as batch resizing, photo cropping, photo frames, editing/deleting EXIF info, converting photo format, and support all popular formats.

Detail of features and download information as below:
Continue reading “[Free Giveaway] Photo Watermark Software v8.2 Registration Code – Protect Photos From Unauthorized Use”

What Risks You May Face when Trading and Storing Cryptocurrencies and How To Protect Yourself

Crypto may be one of the most secure ways of transacting, but, just like everything else, it comes with its own risks. First, there is the issue of price volatility, then there is the issue of cryptocurrencies being stolen from hacked exchanges and many more risks. To be a good investor and manage your online fortune appropriately, you need to be well-versed with the most common risks that come with dealing with cryptocurrencies and how you can protect yourself and your coins. Stay tuned to find out more.

What Risks You May Face when Trading and Storing Cryptocurrencies and How To Protect Yourself
What Risks You May Face when Trading and Storing Cryptocurrencies and How To Protect Yourself. Photo by dmitrydao on Unsplash

Continue reading “What Risks You May Face when Trading and Storing Cryptocurrencies and How To Protect Yourself”

Emerging Technology Industry News Headlines Update on September 10, 2020

Huawei HarmonyOS coming to mobile devices early next year. Richard Yu, head of Huawei’s consumer business group, announced Thursday afternoon confirmed that HarmonyOS, known in Chinese as HongmengOS, its in-house replacement for Android, will run on smartphones. HarmonyOS will be available as early access to developers in December, with consumers to see it early next year.

Bytedance is planning to invest several billion dollars in Singapore over the next three years as part of Bytedance’s global expansion to establish data centre and expected to add hundreds of jobs in Singapore, according to Bloomberg reported. Read more at Bloomberg Technology > TikTok Owner to Spend Billions in Singapore After U.S. Ban

China’s food delivery drivers are overburdened with too many orders, inaccurate navigation systems, and payment algorithms that punish drivers, according to an article published Tuesday by People (人物).

Sales for China’s new energy vehicle (NEV) will fall 17% annually to 1 million units this year, this will be temporary due to reduced purchase subsidies and extended production quota mandates, according to China Passenger Car Association (CPCA).

China’s largest technology and financial services companies are stepping up efforts to expand in Singapore, as the doors slamming shut on mainland groups in the US and India make the Asian finance hub crucial for international growth, reported the Financial Times. Alibaba-backed Ant Group, China’s second-largest brokerage Haitong Securities, Huawei’s cloud division and Tencent-backed digital bank WeBank are among the companies that have in recent months approached Singapore’s industry groups about becoming members or partnerships.

China’s pivot to domestic production of hi-tech products is gathering pace as the country looks to shake off dependence on foreign technology in light of decoupling threats from the United States. Read more at South China Morning Post > China tech firms embrace inward economic pivot, but some wary of ‘technological isolation’

The Ant Group calculator. Ant Group’s IPO is set to be a blockbuster, but no one knows exactly how big it will be yet. Reuters put together at a calculator that estimates Ant’s market value based on the performance of its four main fintech businesses. It says the most likely “starting point” is $275 billion.

EXPANDING EMPIRES | China tech in Africa: flip phones to fintech

China tech in Africa is nothing new. Huawei has built around 70% of the continent’s 4G networks. Transsion commands 40% of Africa’s smartphone market. Much of the activity by tech firms have focused on telecommunications infrastructure and the handset market. But as the infrastructure becomes more developed, Chinese companies are increasingly offering a new slate of digital services and backing novel African startups, with a focus on inclusive financial services.

  • Initially focused on the US, Chinese companies have since 2018 slowed down investing in the country, as tensions between the two superpowers rise. Companies including Alibaba and Tencent have instead sharpened their focus on the developing markets of India and Southeast Asia.
  • Huawei was instrumental in rolling out 4G across Africa and is set to drive 5G adoption on the continent.
  • Huawei received preferential loans from the Chinese government to establish telecom infrastructure throughout Africa, found Iginio Gagliardone, a professor at the University of the Witwatersrand who has written extensively about the influence of China in Africa.

  • Transsion controlled more than 40% of the African smartphone market at the end of last year, according to the International Data Corporation (IDC) > Africa’s Smartphone Market Posts Growth, but Uncertainty Around Global COVID-19 Outbreak Casts Shadow over Short-Term Prospects
  • Meituan-Dianping, Tencent, Netease, and Transsion have made big bets on African companies.
  • Alibaba has taken a different approach by launching training programs for aspiring African entrepreneurs.
  • Ant Group has taken notice of Africa’s fintech revolution. Ant Group partnered with Flutterwave to add Alipay as a payment method for Flutterwave’s 60,000 merchants last year.
  • Chinese investors have also increasingly sought out startups across Africa, looking to place their bets on Africans without bank accounts.

Threat & Attack Surface Intelligence (ASI): See What Adversaries See and Stop Them in KNOW Time

Your IT and Security teams watch your network and web site 24/7. You invest thousands (conservatively) in firewalls, SIEMs, anti-malware, Intrusion Prevention/ Detection Systems (IPS/IDS), and other security tools that bombard you with alerts all day long.

Threat & Attack Surface Intelligence (ASI): See What Adversaries See and Stop Them in KNOW Time
Threat & Attack Surface Intelligence (ASI): See What Adversaries See and Stop Them in KNOW Time. Photo by Kaitlyn Baker on Unsplash

Yet attacks can still take you by surprise. In one recent example, the veteran hacktivist group Anonymous resurfaced to affect the massive BlueLeaks attack on U.S. law enforcement. If it can happen to them, can happen to most any company.

Staying a step or two ahead of risk requires broad threat actor insight:

  • What are adversaries up to? There are hundreds of ways to get news about emerging and ongoing attacks but it takes time and expertise to stitch all the data together into reliable, actionable threat intelligence.
  • What do they see when they target your brand? “Outside-in” perspective is the missing link for IT and security operations (SecOps) teams. Resource-intensive assessments such as penetration or “pen” testing, bug bounties, and Red Team exercises can deliver it, but only for one point in time.

Continue reading “Threat & Attack Surface Intelligence (ASI): See What Adversaries See and Stop Them in KNOW Time”

Optimizing Hybrid Cloud Environments: Insights From The Battlefield

87% of organizations already have a hybrid cloud environment but optimization is key to improving performance, scalability, and cost-efficiency. We reviewed 200 cloud projects from the last 12 months to gain insights about optimization areas requiring an immediate business impact.

Optimizing Hybrid Cloud Environments: Insights From The Battlefield
Optimizing Hybrid Cloud Environments: Insights From The Battlefield. Photo by Caspar Camille Rubin on Unsplash

Based on our experience, organizations that harbour legacy modified datacenter operations are frequently not achieving an optimal state. These organizations also have a strong motivation to move to the hybrid cloud, but in many cases, they do so without a coherent strategy. This leads to many operational challenges, and it’s because of this reason these organizations must focus on adopting an optimized hybrid cloud to increase scalability, improve performance, and deliver rapid cost optimization.

Read on this article to learn how to achieve enhanced performance in your optimized hybrid cloud strategy.
Continue reading “Optimizing Hybrid Cloud Environments: Insights From The Battlefield”