Cyber Command urges orgs to implement F5 patch for BIG-IP configuration interface flaw
U.S. Cyber Command retweeted last Friday F5’s advisory to patch immediately the flaw that could unleash a Remote Code Execution (RCE), possibly leading to the creation or deletion files, disability of services, interception of information, run arbitrary system commands and Java code, completely compromise the system, and pursue further targets, such as the internal network.
You may be distracted by the pandemic but FYI: US Senate panel OK's backdoors-by-the-backdoor EARN IT Act
The idea is that companies would have to “earn” their legal shield – hence the name of the bill, EARN IT – by following the best practices created by the committee. Following significant pushback on those points, the Judiciary Committee made changes aimed at gaining the full approval of all its members. In the now-OK'd version of the bill, the commission, called the National Commission on Online Child Sexual Exploitation Prevention, would still create its rules but it would be “voluntary” for online platforms to follow them. Instead, if tech companies did follow the commission’s rules, it “would be a defense in any civil suit,” said committee chair Lindsay Graham (R-SC).
'If the public knew:' Ripple20 shows medical device software cyber weakness
The stakes are high. Last month, researchers discovered vulnerabilities in a popular TCP/IP library from a third-party software vendor Treck used by Baxter and B. Braun infusion pumps, potentially allowing hackers to take control of the devices remotely and alter medication dosages. Baxter downplayed the threat calling it low-risk or "controlled," as defined by the FDA's cybersecurity guidance, while B. Braun said it is working to patch the vulnerable source code.
IT forensics costs post-cyberattack spike 68% year-over-year
While 63% of the cost of a cyberattack for a non-healthcare policyholder went towards IT forensics, just 41% of this cost was dedicated to IT forensics for healthcare clients. Instead, legal costs took the top spot at 48% of the total cyberattack bill of healthcare clients. [...] “Right now, the industry is experiencing a big surge in cases, and demand for IT forensics services is growing,” he said. Meanwhile, there’s also a limited supply of firms offering these services, leading to a jump in the bill for forensics services post-cyberattack.
BEC Busts Take Down Multimillion-Dollar Operations
A second case involves Nigerian national Olalekan Jacob Ponle, also known as "Mr. Woodbery" and "Mark Kain." A criminal complaint accuses him of orchestrating BEC schemes to defraud US companies, which led to attempted or actual losses amounting to tens of millions of dollars. One Chicago company was tricked into sending wire transfers totaling $15.2 million.
Ransomware attack on insurance MSP Xchanging affects clients
Global IT services and solutions provider DXC Technology announced over the weekend a ransomware attack on systems from its Xchanging subsidiary. Xchanging is known as a managed service provider for businesses in the insurance industry but its list of customers includes companies from other fields: financial services, aerospace and defense, automotive, education, consumer packaged goods, healthcare, manufacturing.
Mexico’s Central Bank Thwarts Cyber Attack on Its Website [Subscription]
The central bank’s protection protocols kicked in, preventing disruption of its financial market processes and payment systems, according to a statement by the bank known as Banxico. The attempt comes two years after hackers hijacked Mexican financial institutions’ connections to the country’s domestic payment transfer system, operated by Banxico, and got away with at least $15 million. This latest attack was merely on the website and all central bank information and that of other financial institutions[.]
Defense cuts, cybersecurity and IoT: Five Senate NDAA amendments to know
1. Studying cyber exploitation
2. Cleaner audits
3. The Internet of Things
4. CISA strength
5. One less step for contractors
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
With the exception of a few French emails sent to targets in France, most of the group's communications are written in English, and its operators know their vocabulary — some emails contain words like "accretive" and "synergistic," both used in their proper context. In fact, the writing is so good that researchers think it may be possible Cosmic Lynx is hiring people to translate the initial emails so their English is nearly perfect, says Crane Hassold, senior director of threat research at Agari. "When you look at a Cosmic Lynx BEC attack, it is miles beyond what we generally see," he says of the group's sophistication.
FBI chief slams Chinese cyberattacks against U.S. calling it ‘one of the largest transfers of wealth in human history’
“To achieve its goals and surpass America, China recognizes it needs to make leaps in cutting edge technology, but the sad fact is that instead of engaging in the hard slog of innovation, China often steals American intellectual property and then uses it to compete against the very American companies it victimizes, in effect, cheating twice,” he said, adding that the Chinese government targets “research on everything from military equipment to wind turbines.”
FBI Opens a New China-Related Counterintelligence Investigation Every 10 Hours, Director Says
“China is engaged in a whole-of-state effort to become the world’s only superpower by any means necessary,” Wray said. “The greatest long-term threat to our nation’s information and intellectual property, and to our economic vitality, is the counterintelligence and economic espionage threat from China. It’s a threat to our economic security—and by extension, to our national security.”
LinkedIn was copying every keystroke of users until iOS 14 exposed it
The snooping tactics of LinkedIn were discovered because of the iOS 14 beta’s Universal clipboard privacy feature that instantly detects when a widget or app accesses data on the clipboard. [...] Apparently, the issue is caused by an equality check between the typed content and the clipboard contents. Berger reiterated in his tweets that LinkedIn never stores or transmits clipboard data, and a fix for this problem will be out soon.
Cops Seize Server that Hosted BlueLeaks, DDoSecrets Says
Authorities in Germany have seized a server used by the organization that published a trove of US police internal documents commonly known as BlueLeaks, according to the organization’s founder. [...] DDoSecrets has recently taken WikiLeaks mantle as the most influential leaking organization on the internet, publishing several dumps such as data stolen from the Chilean military, and Neo-Nazi messages exchanged on the chat platform Discord.
E-Verify’s “SSN Lock” is Nothing of the Sort
Lest you think your SSN and DOB is somehow private information, you should know this static data about U.S. residents has been exposed many times over in countless data breaches, and in any case these digits are available for sale on most Americans via Dark Web sites for roughly the bitcoin equivalent of a fancy caffeinated drink at Starbucks.
The death of remote access VPN
The problem with Remote Access VPN is that they are no longer suitable for a mobile workforce with rampant and unabating cybersecurity threats. To emphasize this problem, a Gartner’s June 2019 analysis predicts that by 2023, 60% of enterprises will phase out their Remote Access VPN in favor of Zero-Trust Network Access.
Microsoft Seizes Domains Used in COVID-19-Themed Attacks
The US District Court for the Eastern District of Virginia had earlier granted the company permission to seize the domains after Microsoft had filed a civil complaint about the attacks causing it "irreparable and ongoing harm." Tom Burt, Microsoft corporate vice president, customer security and trust, today likened the attacks to a form of business email compromise that targeted customers in 62 countries.
Citrix Bugs Allow Unauthenticated Code Injection, Data Theft
Attacks on the management interface of the products could result in system compromise by an unauthenticated user on the management network; or system compromise through cross-site scripting (XSS). Attackers could also create a download link for the device which, if downloaded and then executed by an unauthenticated user on the management network, could result in the compromise of a local computer.
Microsoft Launches Free Linux Forensics and Rootkit Malware Detection Service
Microsoft has announced a new free-to-use initiative aimed at uncovering forensic evidence of sabotage on Linux systems, including rootkits and intrusive malware that may otherwise go undetected. The cloud offering, dubbed Project Freta, is a snapshot-based memory forensic mechanism that aims to provide automated full-system volatile memory inspection of virtual machine (VM) snapshots, with capabilities to spot malicious software, kernel rootkits, and other stealthy malware techniques such as process hiding.
Exposed dating service databases leak sensitive info on romance-seekers
Independent VPN review site WizCase has reported finding six separate dating sites or apps that each potentially compromised thousands of users due to improper data storage. According to WizCase researchers, the vast majority of the affected accounts belong to Japanese dating sites Charincharin.net and kyuun-kyuun.com, which share the same database. [...] “Every server was easily accessible via the internet and not password protected,” the report stated.