BuzzSec

Decisions in the UK and Australia, and lawsuits in the United States, could force facial-recognition providers to remove data from their machine-learning models. from Dark Reading https://www.darkreading.com/vulnerabilities-threats/legal-cases-and-privacy-policies-threaten-use-of-facial-biometrics

More than 150 HP printer models have bugs that could enable attackers to steal data and gain an initial foothold on enterprise networks. from Dark Reading https://www.darkreading.com/vulnerabilities-threats/hp-issues-firmware-updates-for-printer-product-vulnerabilities

While SD-WAN is a key part of a hybrid workplace and multicloud operation, it should be treated as a stepping stone to SASE, not an alternative. from Dark Reading https://www.darkreading.com/edge-ask-the-experts/what-s-the-difference-between-sase-and-sdwan-

Strong encryption is critical to protecting sensitive business and personal data. Google estimates that 95 percent of its internet traffic uses the encrypted HTTPS protocol, and most industry analyst firms conclude that between 80-90 percent of network traffic is encrypted today. This is a significant step forward for data integrity and consumer privacy. However, organizations […] from Threatpost https://threatpost.com/decryption-improve-security/176613/

A sixth member of international hacking group The Community was sentenced to 10 months in prison and ordered to pay $121,549.37 in restitution. from Dark Reading https://www.darkreading.com/endpoint/attacker-sentenced-in-multi-million-dollar-sim-hijacking-scheme

The insurer won’t pay for 'acts of cyber-war' or nation-state retaliation attacks.    from Threatpost https://threatpost.com/lloyds-cyber-insurance-exclusions/176669/

On November 9, 2021, as part of Patch Tuesday, Microsoft released an update to address CVE-2021-41379 , a “Windows Installer Elevation of Privilege Vulnerability” that had a modest CVSS score (5.5), without much fanfare. The original CVE allows an attacker to delete files on a system using elevated privileges. Fast-forward to November 22, 2021, when after investigating the patch, the researcher that discovered the vulnerability, Abdelhamid Naceri, found that it did not fully remediate the issue and published proof-of-concept (PoC) code on GitHub proving exploitation of the vulnerability is still possible on patched versions of Windows allowing for SYSTEM-level privileges. The working PoC “overwrites Microsoft Edge elevation service 'DACL' and copies itself to the service location, then executes it to gain elevated privileges.” With a zero-day exploit available, attackers have been chipping away at ways to utilize the vulnerability, especially in malware . As of November 30

Millions of texts leading to the Flubot spyware/banking trojan are targeting everyone who uses Androids in the country, in an "exceptional" attack. from Threatpost https://threatpost.com/finland-flubot-text-messages/176649/

The side that's better at collaborating with allies will have the upper hand, and until now, that distinction has gone to the cybercriminals. from Dark Reading https://www.darkreading.com/attacks-breaches/government-industry-cooperation-may-be-the-most-potent-ransomware-antidote

Cyberattackers had unfettered access to the technology giant's file server for four months. from Threatpost https://threatpost.com/panasonic-data-breach-questions/176660/

On September 16, 2021, Apache released version 2.4.49 of HTTP Server, which included a fix for CVE-2021-40438 , a critical server-side request forgery (SSRF) vulnerability affecting Apache HTTP Server 2.4.48 and earlier versions. The vulnerability resides in mod_proxy and allows remote, unauthenticated attackers to force vulnerable HTTP servers to forward requests to arbitrary servers — giving them the ability to obtain or tamper with resources that would potentially otherwise be unavailable to them. Since other vendors bundle HTTP Server in their products, we expect to see a continued trickle of downstream advisories as third-party software producers update their dependencies. Cisco, for example, has more than 20 products they are investigating as potentially affected by CVE-2021-40438, including a number of network infrastructure solutions and security boundary devices. To be exploitable, CVE-2021-40438 requires that mod_proxy be enabled. It carries a CVSSv3 score of 9.0. Seve

This elaborate scam uses social engineering to trick victims into sending the hacker Bitcoin while holding Instagram accounts hostage. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/bitcoin-scam-videos-on-instagram-are-part-of-an-elaborate-account-takeover-scam

New data shows the business of phishing is moving “up and to the right” in nearly every way measurable, indicating a serious problem as threat actors continue to see growing success. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/phishing-attacks-smash-all-records-in-q3-2021-with-the-highest-monthly-number-of-attacks-ever

The need for increased mobile security in the Energy sector has become evident with new data highlighting why these phishing attacks are occurring and effective ways to stop them. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/mobile-phishing-attacks-surge-161-in-the-energy-industry

As smart cities become the new normal for urban living, they must be resilient against the speed and sophistication of modern cyber threats. from Dark Reading https://www.darkreading.com/dr-tech/ransomware-vs-cities-a-cyber-war

You already knew remote workers increase the risk of cyberattack. New data spells out exactly what the impact of a remote workforce is on data breaches and the cost to remediate. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/data-breach-costs-increase-by-1-million-when-remote-workers-are-involved

With a little patience and research, you can discover a role you love that also protects those around you. from Dark Reading https://www.darkreading.com/careers-and-people/finding-your-niche-in-cybersecurity

from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-11-47-heads-up-new-dangerous-and-persistent-metamorphic-malware-strain-called-tardigrade

Links between the tactics and tools demonstrated in attacks suggest a former affiliate has switched loyalties, according to new research. from Threatpost https://threatpost.com/yanluowang-ransomware-thieflock-threat-actor/176640/

A state-sponsored threat actor is sending spear phishing emails to North Korean defectors and also to journalists who cover matters related to North Korea, according to researchers at Kaspersky. The threat actor first messages the target via a hacked Facebook account belonging to one of the target’s acquaintances. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/spear-phishing-campaign-targets-north-korean-defectors

J oin us for a live demo on Security Awareness Training and phishing in action! from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/join-us-for-a-live-demo-on-simulated-phishing-and-awareness-training-2021

Interesting : Intel’s issue reflects a wider concern: Legacy technology can introduce cybersecurity weaknesses. Tech makers constantly improve their products to take advantage of speed and power increases, but customers don’t always upgrade at the same pace. This creates a long tail of old products that remain in widespread use, vulnerable to attacks. Intel’s answer to this conundrum was to create a warehouse and laboratory in Costa Rica, where the company already had a research-and-development lab, to store the breadth of its technology and make the devices available for remote testing. After planning began in mid-2018, the Long-Term Retention Lab was up and running in the second half of 2019. The warehouse stores around 3,000 pieces of hardware and software, going back about a decade. Intel plans to expand next year, nearly doubling the space to 27,000 square feet from 14,000, allowing the facility to house 6,000 pieces of computer equipment. Intel engineers can request a specif

One Equity Partners led the $300 million round, increasing the valuation of Armis from the $2 billion valuation it achieved less than 8 months ago. from Dark Reading https://www.darkreading.com/perimeter/armis-now-valued-at-3-4b

Oversubscribed round, including Samsung, rewards technical innovations and rapid market adoption, positions company for continued leadership. from Dark Reading https://www.darkreading.com/attacks-breaches/stellar-cyber-raises-38m-series-b-to-address-need-to-provide-360-degree-visibility-across-entire-attack-surface

Kaspersky surveyed healthcare decision-makers to learn how the digital transformation of the industry is going and which problems they believe should be solved to create a world in which everyone can gain access to quality care. from Dark Reading https://www.darkreading.com/endpoint/9-out-of-10-healthcare-organizations-provide-telehealth-services-yet-almost-half-face-patients-mistrust-toward-privacy

Nobody loves cheap and easy things more than cybercriminals. And few things are as abundant and easy to use as stolen emails and passwords (or password hashes). Over the last 5 years , 11.7 billion credentials have been leaked across the Internet, 61% of breaches involve leaked credentials. and the effects of credential theft spill well beyond a single account—as 65% of users reuse passwords across sites.  Leaked credentials are the easiest attack vector into companies for cybercriminals. They use leaked or stolen credentials to log in to corporate accounts and systems, subverting security through stolen trust. From that initial point of access criminals have a number of options at their disposal from stealing information directly, to launching business email compromise, to exploiting vulnerabilities for privilege escalation. How Do Cybercriminals Acquire and Use Credentials? User names—which are often email addresses—and passwords can be stolen or bought by criminals. Crimina

On this week’s show we welcome back Recorded Future’s Allan Liska to discuss his newly published book, Ransomware: Understand, Prevent, Recover . In the years since Allan co-authored his previous book on ransomware much has changed, with an increased sophistication from the threat actors, higher ransom demands and extortion thrown into the mix. Allan Liska explains these changes, and provides his expert insights on what organizations need to do to protect themselves from this continuing threat.            This podcast was produced in partnership with the CyberWire . The post Preparing for the Next Ransomware Generation appeared first on Recorded Future . from Recorded Future https://www.recordedfuture.com/podcast-episode-236/

Attackers are reportedly targeting IKEA employees in a phishing campaign that leverages stolen reply-chain emails. from Dark Reading https://www.darkreading.com/attacks-breaches/ikea-email-systems-targeted-in-cyberattack

Despite heightened concerns over ransomware, fewer organizations in a Dark Reading survey reported being an actual victim of a ransomware attack over the past year. from Dark Reading https://www.darkreading.com/edge-threat-monitor/phishing-remains-the-most-common-cause-of-data-breaches-survey-says

The vast majority of cloud workload compromises stem from poor security configurations or compromised passwords, while cryptojacking is the common payload, research shows. from Dark Reading https://www.darkreading.com/threat-intelligence/google-analyzes-methods-behind-gcp-workload-attacks

HAECHI-II initiative represents Interpol's stepped-up efforts to tackle the operators of financially motivated online scams and other cyberattacks. from Dark Reading https://www.darkreading.com/attacks-breaches/over-1-000-individuals-arrested-in-international-cybercrime-fighting-operation

IKEA, king of furniture-in-a-flat-box, warned employees on Friday that an ongoing cyberattack was using internal emails to malspam malicious links in active email threads. from Threatpost https://threatpost.com/ikea-email-reply-chain-attack/176625/

Tech firm reveals that data on one of its file servers was accessed by attackers. from Dark Reading https://www.darkreading.com/attacks-breaches/panasonic-hit-in-data-breach

Attackers are honing Google Play dropper campaigns, overcoming app store restrictions. from Threatpost https://threatpost.com/banking-trojan-infections-google-play/176630/

The North Korea-linked group is deploying the Chinotto spyware backdoor against dissidents, journalists and other politically relevant individuals in South Korea. from Threatpost https://threatpost.com/scarcruft-apt-desktop-mobile-attacks/176620/

A temporary fix has been issued for CVE-2021-24084, which can be exploited using the LPE exploitation approach for the HiveNightmare/SeriousSAM bug. from Threatpost https://threatpost.com/unpatched-windows-zero-day-privileged-file-access/176609/

Some security researchers say it’s actually Cobalt Strike and not a SmokeLoader variant, but BioBright says in-depth testing shows it’s for real a scary morphic malware that changes its parts and recompiles itself. from Threatpost https://threatpost.com/shape-shifting-tardigrade-malware-hits-vaccine-makers/176601/

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/bulletins/sb21-333

IKEA has been working to contain a continuing phishing campaign that’s afflicting the furniture and houseware chain’s internal email system. BleepingComputer describes it as a “reply-chain email attack.” This form of attack is unusual but not unknown. The attackers obtain a legitimate corporate email and reply to it. “As the reply-chain emails are legitimate emails from a company,” BleepingComputer explains, “and are commonly sent from compromised email accounts and internal servers, recipients will trust the email and be more likely to open the malicious documents.” from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/phishing-reported-in-ikeas-internal-email-system

The solution combines NanoLock’s device-level, zero-trust protection with Waterfall’s hardware-enforced IT/OT perimeter protection to provide a powerful OT security solution that mitigates cyber events from both IT and OT networks. from Dark Reading https://www.darkreading.com/operations/nanolock-security-and-waterfall-security-partner-to-deliver-ot-security-for-industrial-and-energy-applications

A gradual transition to a world beyond passwords predisposes zero-trust projects to success. from Dark Reading https://www.darkreading.com/vulnerabilities-threats/paving-the-road-to-zero-trust-with-adaptive-authentication

Michael Kan at PCMag reported on this new strain of Windows malware.  It can constantly adapt to avoid detection and was first found targeting the biotech industry, including the infrastructure behind vaccine manufacturing, according to security researchers. The warning comes from a non-profit called BIO-ISAC , which focuses on information sharing to protect the biotech industry from cybersecurity threats. The threat is setting off alarm bells because it goes beyond typical polymorphic malware, which will only rewrite part of its computer code to evade detection. Instead, the uncovered malware goes even further by completely recompiling its code during each infection when it first connects to the internet. This “metamorphic” ability prevents the malware from leaving a consistent signature behind, making it harder for antivirus programs to spot. According to Wired, one security researcher tested the malware almost 100 times and “every time it built itself in a different way and

Organizations need to build a culture of security in order to defend themselves against cyberattacks, according to John Scimone, Senior Vice President and Chief Security Officer at Dell Technologies. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/john-scimone-svp-and-chief-security-officer-at-dell-technologies-says-security-is-everyones-job

Michael Kan at PCMag reported on this new strain of Windows malware.  It can constantly adapt to avoid detection and was first found targeting the biotech industry, including the infrastructure behind vaccine manufacturing, according to security researchers. The warning comes from a non-profit called BIO-ISAC , which focuses on information sharing to protect the biotech industry from cybersecurity threats. The threat is setting off alarm bells because it goes beyond typical polymorphic malware, which will only rewrite part of its computer code to evade detection. Instead, the uncovered malware goes even further by completely recompiling its code during each infection when it first connects to the internet. This “metamorphic” ability prevents the malware from leaving a consistent signature behind, making it harder for antivirus programs to spot. According to Wired, one security researcher tested the malware almost 100 times and “every time it built itself in a different way and

Research on the Vibrio bacteria and its co-evolution with its bobtail squid hosts. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here . from Schneier on Security https://www.schneier.com/blog/archives/2021/11/friday-squid-blogging-bobtail-squid-and-vibrio-bacteria.html

A visualization of the Internet made using network routing data. Image: Barrett Lyon, opte.org. Imagine being able to disconnect or redirect Internet traffic destined for some of the world’s biggest companies — just by spoofing an email. This is the nature of a threat vector recently removed by a Fortune 500 firm that operates one of the largest Internet backbones. Based in Monroe, La., Lumen Technologies Inc. [ NYSE: LUMN ] (formerly CenturyLink ) is one of more than two dozen entities that operate what’s known as an Internet Routing Registry (IRR). These IRRs maintain routing databases used by network operators to register their assigned network resources — i.e., the Internet addresses that have been allocated to their organization. The data maintained by the IRRs help keep track of which organizations have the right to access what Internet address space in the global routing system. Collectively, the information voluntarily submitted to the IRRs forms a distributed database o

Self-Service Remote Code Execution This week, our own @wvu-r7 added an exploit module that achieves unauthenticated remote code execution in ManageEngine ADSelfService Plus, a self-service password management and single sign-on solution for Active Directory. This new module leverages a REST API authentication bypass vulnerability identified as CVE-2021-40539 , where an error in the REST API URL normalization routine makes it possible to bypass security filters and upload arbitrary files on the target. wvu’s new module simply uploads a Java payload to the target and executes it, granting code execution as SYSTEM if ManageEngine ADSelfService Plus was started as a service. Storm Alert Warning, this is not a drill! A critical unauthenticated command injection vulnerability is approaching the Nimbus service component of Apache Storm and has been given the name CVE-2021-38294 . A new exploit module authored by our very own zeroSteiner has landed and will exploit this vulnerability t

Following California’s lead, a new UK law would ban default passwords in IoT devices. from Schneier on Security https://www.schneier.com/blog/archives/2021/11/proposed-uk-law-bans-default-passwords.html

Fake merchandise and crypto jacking are among the new ways cybercriminals will try to defraud people flocking online for Black Friday and Cyber Monday. from Threatpost https://threatpost.com/new-twists-on-gift-card-scams-flourish-on-black-friday/176593/

A new notification from the FBI warns organizations of attacks at the perfect time when organizations are spending money, new people are being introduced, and operations are in flux. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/fbi-cyber-attacks-target-organizations-involved-in-mergers-and-acquisitions

New data shows Phishing , Vishing, Social Media attacks, and Microsoft 365 credential attacks are all on the rise as more users are demonstrating savviness around identifying malicious content. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/email-classified-as-malicious-by-employees-has-increased-by-35-in-the-last-year

New phishing attacks in the form of impersonated Amazon order confirmation emails cause potential victims to make phone calls and give up credit card details. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/phishing-attacks-impersonating-amazon-continue-raising-concerns-on-the-cusp-of-black-friday-and-the-holidays

New data shows a majority of organizations experience ransomware attacks during holiday breaks, disrupting operations and your time away from work! from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/planning-on-relaxing-during-the-holiday-think-again-ransomware-attacks-may-have-you-working-over-a-holiday-break

The acquisition adds next-generation network detection and response technology to OpenText Security & Protection Cloud. from Dark Reading https://www.darkreading.com/dr-tech/opentext-acquires-bricata

The convergence and integration of OT and IT has resulted in a growing number of cyber risks for critical infrastructure. Here are some of the ways attackers are targeting operational technology systems. from Dark Reading https://www.darkreading.com/edge-articles/how-threat-actors-get-into-ot-systems

In the final installment of Season 4 of Security Nation, Jen and Tod sit down with Chris John Riley, senior security engineer at Google and co-host of the First Impressions podcast (the one about cybersecurity, not Jane Austen). They chat about Minimum Viable Secure Product (MVSP), a set of controls Chris recently helped develop at Google that aim to provide a better baseline for security when evaluating vendor risk. They discuss the state of supply chain security for technology vendors and the challenges of establishing what really qualifies as “minimum” in terms of security protocols. Stick around for our Rapid Rundown, where Tod and Jen talk about a recently disclosed DNS rebinding vulnerability in Sky routers that exposed them to takeover attacks over the course of a whopping 17 months. Check back in with us for Season 5 of Security Nation in January. In the meantime, have a safe holiday and a happy New Year!​ Chris John Riley Chris John Riley is a Senior Security Engineer at

MediaTek systems-on-a-chip are embedded in more than one-third of smartphones and IoT devices around the world. from Dark Reading https://www.darkreading.com/threat-intelligence/mediatek-chip-flaw-could-have-let-attackers-spy-on-android-phones

Dark Reading co-founder and editor-in-chief Tim Wilson passed away on Nov. 23. from Dark Reading https://www.darkreading.com/careers-and-people/in-appreciation-tim-wilson

A new trojan called Android.Cynos.7.origin, designed to collect Android users’ device data and phone numbers, was found in 190 games installed on over 9M Android devices. from Threatpost https://threatpost.com/9m-androids-malware-games-huawei-appgallery/176581/

Despite tight security measures by Google/Apple, cybercriminals still find ways to bypass fake app checks to plant malware on mobile devices. Dave Stewart, CEO of Approov, discusses technical approaches to defense against this. from Threatpost https://threatpost.com/defend-app-impersonation/176519/

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/current-activity/2021/11/24/vmware-releases-security-updates

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/current-activity/2021/11/18/cisa-releases-capacity-enhancement-guides-enhance-mobile-device

Customers of several brands that resell GoDaddy Managed WordPress have also been caught up in the big breach, in which millions of emails, passwords and more were stolen. from Threatpost https://threatpost.com/godaddy-breach-widens-reseller-subsidiaries/176575/

Just weeks after a judge ruled that NSO Group did not have immunity in a suit brought by Facebook subsidiary WhatsApp, Apple is adding significant weight to the company's woes. from Threatpost https://threatpost.com/apple-nso-lawsuit-pegasus-spyware/176565/

Piling more on NSO Group’s legal troubles, Apple is < a href=”https://www.apple.com/newsroom/2021/11/apple-sues-nso-group-to-curb-the-abuse-of-state-sponsored-spyware/”>suing them: The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices. NSO Group’s Pegasus spyware is favored by totalitarian governments around the world, who use it to hack Apple phones and computers. More news : Apple’s legal complaint provides new information on NSO Group’s FORCEDENTRY, an exploit for a now-patched vulnerability previously used to break into a victim’s Apple device and install the latest version of NSO Group’s spyware product, Pegasus. The exploit was originally identified by the Citizen Lab, a research group at the University of Toronto. The spyware was used to attack a small

Standards need to reflect that most endpoints will be remote and/or wireless. from Dark Reading https://www.darkreading.com/endpoint/when-will-security-frameworks-catch-up-with-the-new-cybersecurity-normal-

Researcher discovered a “more powerful” variant of an elevation-of-privilege flaw for which Microsoft released a botched patch earlier this month. from Threatpost https://threatpost.com/attackers-target-windows-installer-bug/176558/

Zero Trust is the right approach for protecting your end users. Executing it in the right way will also help you comply with the NIST standards and upcoming federal mandates. from Dark Reading https://www.darkreading.com/edge-ask-the-experts/why-should-i-adopt-a-zero-trust-security-strategy-

Amazon Redshift customers can use Baffle’s Data Privacy Cloud to secure the data pipeline as source data is migrated to Redshift and used for data analytics. from Dark Reading https://www.darkreading.com/dr-tech/baffle-data-privacy-cloud-protects-data-for-amazon-redshift-customers

The new variants, improved for stealth and persistence, share code with other malware samples attributed to the C-23 APT. from Dark Reading https://www.darkreading.com/threat-intelligence/new-android-spyware-variants-linked-to-middle-eastern-apt

Giving Tuesday is a great way for organizations and people to give back. However, this gives cybercriminals opportunities to take advantage of you with charity scams. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/avoid-donating-to-charity-scammers-during-giving-tuesday-2021

Cybercriminals are at it again with holiday phishing scams. Because of the popularity of online shopping, retailers' online Black Friday deals attract more and more scammers every year. Cyber Monday will also mean big online sales. That means you and your users need to be extra cautious when shopping online over the Black Friday and Cyber Monday weekend. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/scam-of-the-week-black-friday-cyber-monday-cybersecurity-tips

Are your users aware of the holiday phishing scams cybercriminals will be sending them? This holiday season may be closer to "normal" this year, and that means users will be even more focused on holiday activities. Cybercriminals will take advantage of holiday distractions and use social engineering  tactics to trick your users into becoming the next victim. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/free-resource-kit-stay-safe-this-holiday-season

The company seeks to hold Israeli firm NSO Group liable for the targeting of Apple users and requests a permanent injunction to ban its use of Apple products and services. from Dark Reading https://www.darkreading.com/endpoint/apple-sues-israel-s-nso-group-for-spyware-use

That’s just the start of what cyberattackers will zero in on as they pick up APT techniques to hurl more destructive ransomware & supply-chain attacks, says Fortinet’s Derek Manky. from Threatpost https://threatpost.com/attackers-will-flock-to-crypto-wallets-linux-in-2022-podcast/176546/

Attackers typically target consumers with malicious text messages containing obfuscated links, but experts say businesses are threatened as well. from Dark Reading https://www.darkreading.com/threat-intelligence/holiday-scams-drive-sms-phishing-attacks