Fancy Bear seen looking into Log4j. Huawei’s history as a threat. PseudoManuscrypt in 35k victims. | #datingscams | #russianliovescams | #lovescams

Dateline the Internet: the Log4j vulnerability (Log4shell).

Emergency Directive 22-02 (CISA) This page contains a web-friendly version of the Cybersecurity and Infrastructure Security Agency’s Emergency Directive 22-02, “Mitigate Apache Log4j Vulnerability”.

Log4j: Where’s Fancy Bear been? Right there, choppin’ lumber… (The CyberWire) One of the mysteries about Log4shell so far has been the relative absence of Russian exploitation, whether by privateers or intelligence services. But it turns out, SecurityScorecard has found, that the GRU has been there all along.

SecurityScorecard Finds Log4j Exploitation from Nation State Actors (SecurityScorecard) Log4Shell has been identified as potentially the most dangerous exploit since ShellShock. Check out our Threat Intelligence team’s latest findings on the origins and impact of this vulnerability and how you can stay ahead.

Log4j Security Vulnerability: Understanding the Origins, Implications, and What It Means for You (Security Scorecard) The SecurityScorecard Global Investigations team continues its investigation of the Log4j vulnerability. Using our global scanning technology, we’ve developed insights into the scope and extent of the Log4j vulnerability…

The internet runs on free open-source software. Who pays to fix it? (MIT Technology Review) Volunteer-run projects like Log4J keep the internet running. The result is unsustainable burnout, and a national security risk when they go wrong.

No one’s losing faith over open source software despite Log4Shell, says expert (IT World Canada) IT departments and developers around the world are furiously scanning applications for evidence of the critical zero-day vulnerability in the Apache log4j2 Java-based logging library in open source code on their systems. According to Apache, the vulnerability — called by some Log4Shell — was discovered by Chen Zhaojun of the Alibaba Cloud Security Team. What […]

Threat Groups Reportedly Working on Log4Shell Worm (SecurityWeek) Industry professionals debate concerns related to the possible development of a worm that leverages the Log4Shell vulnerability.

0-Day Log4Shell Is Serious, But It’s Just the Tip of The Iceberg (Medium) Why Today’s Cybersecurity Threats Are More Threatening and How They May Differ From the Hurdles We Met in the Past

The impact of the Log4j vulnerability on OT networks (Help Net Security) Operational Technology (OT) networks are at risk from the Log4j (CVE-2021-44228) vulnerability. Find out more about this.

Major tech companies struggle to plug holes in logging software (Reuters) Some of the world’s largest technology companies are still struggling to make their products safe from a gaping vulnerability in common logging software a week after hackers began trying to exploit it.

What Is the Log4j Vulnerability? What to Know. (Wall Street Journal) A flaw in widely used internet software has left companies and government officials scrambling to respond to a potentially glaring cybersecurity threat to global computer networks.

Log4j Attack Methods Explained by CrowdStrike (Redmond Mag) CrowdStrike on Thursday presented advice for organizations attempting to address a security vulnerability in the Log4j Java logging framework used in Apache Web servers, currently undergoing widespread exploitation.

CVE-2021-44228: The Log4Shell Vulnerability (Lightspin) All you need to know about the newly discovered, critical, zero-day vulnerability – Log4Shell.

Media Alert: Qualys Offers Free Access to Its Web Application Scanning App to Help Organizations Quickly Find Log4Shell Vulnerabilities (PR Newswire) Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of disruptive cloud-based IT, security and compliance solutions, today announced it…

Khonsari ransomware exploiting Log4j bug to target Minecraft servers, Microsoft confirms (Computing) Researchers observe multiple attempts to deploy a Khonsari ransomware that hits Windows machines by making use of Log4Shell bug

MobileIron customers urged to patch systems due to potential Log4j exploitation (ZDNet) MobileIron’s parent company released an advisory about the issue and messaged customers last weekend.

Log4Shell: Know if You’re at risk and how to take action (Rezilion) Get your free Log4Shell risk assessment today to quickly understand if you have vulnerable versions of log4j (CVE-2021-44228) across your environment and whether they’re actually exploitable and require immediate action. 

Here’s Everything To Know About The 0-Day Log4Shell Vulnerability (JFrog) Understand the Log4Shell exploitation vectors, learn exactly what’s vulnerable, and discover remediations about this zero-day vulnerability.

Iranian hacker group targets Israelis in ‘Log4j’ exploit attack (Jerusalem Post) A series of Log4j attacks were blocked by Check Point, which witnessed communications between a server used by an Iranian group and the targets in Israel.

Iranians tried to hack seven Israeli sites using critical vulnerability, Israeli security firm says (Haaretz) The Iranian group tried to attack seven Israeli government and commercial targets using a vulnerability in the Apache Log4j logging platform, said Check Point

Attacks, Threats, and Vulnerabilities

Chinese Spies Accused of Using Huawei in Secret Australia Telecom Hack (Bloomberg) Software update loaded with malicious code is key evidence in years-long push to block Huawei, officials say

State-sponsored Chinese hackers target SEA govts (Tech Wire Asia) Chinese hackers, likely state-sponsored, have been broadly targeting government and private-sector organizations across Southeast Asia.

Backdoor gives hackers complete control over federal agency network (Ars Technica) Avast researchers say the malware has ties to a previously seen espionage hack.

Avast Finds Backdoor on US Government Commission Network (Avast Threat Labs) Avast has found a targeted attack on a small US federal government commission. Despite the fact that they did not cooperate with us, we were able to analyze two files involved in this attack.

Pegasus vs. Predator: Dissident’s Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware (The Citizen Lab) Two Egyptians—exiled politician Ayman Nour and the host of a popular news program (who wishes to remain anonymous)—were hacked with Predator spyware, built and sold by the previously little-known mercenary spyware developer Cytrox. The phone of Ayman Nour was simultaneously infected with both Cytrox’s Predator and NSO Group’s Pegasus spyware, operated by two different government clients.

A new spyware-for-hire, Predator, caught hacking phones of politicians and journalists (TechCrunch) Meta said it notified about 50,000 people targeted by seven surveillance-for-hire outfits.

NSO iPhone malware builds a computer inside your phone to steal data (New Scientist) An incredibly sophisticated piece of malware developed by the Israeli tech firm NSO Group works by creating an entirely separate computer inside the memory of an iPhone, allowing attackers to snoop and steal data

Facebook disrupts operations of seven surveillance-for-hire firms (BleepingComputer) Facebook has disrupted the operations of seven different spyware-making companies, blocking their Internet infrastructure, sending cease and desist letters, and banning them from its platform.

Facebook bans seven ‘cyber mercenary’ companies from its platforms (the Guardian) Company will also send warnings to 48,000 people believed to be targeted by malicious activity after investigation

Facebook takes down accounts for seven “cyber-mercenary” firms (The Record by Recorded Future) Meta (formerly Facebook) said today that it suspended accounts on its Facebook and Instagram platforms operated by seven companies that provide surveillance and cyber-mercenary services.

Meta bans seven private surveillance groups for using Facebook to spy on people worldwide (Computing) Targets include journalists, dissidents, human rights activists and critics of authoritarian regimes and their families

Facebook, Other Researchers Step Up Fight Against Cyberspying for Hire (Wall Street Journal) Meta Platforms says groups used Facebook, Instagram, WhatsApp to hack devices.

Taking Action Against the Surveillance-For-Hire Industry (Meta) We disabled seven surveillance-for-hire entities who targeted people across the internet in over 100 countries.

Thousands of Industrial Systems Targeted With New ‘PseudoManuscrypt’ Spyware (SecurityWeek) More than 35,000 devices around the world, including many ICS and government systems, have been targeted with a new spyware dubbed PseudoManuscrypt.

‘PseudoManuscrypt’ Mass Spyware Campaign Targets 35K Systems (Threatpost) It’s similar to Lazarus’s Manuscrypt malware, but the new spyware is splattering itself onto government organizations and ICS in a non-Lazarus-like, untargeted wave of attacks.

New PseudoManuscrypt malware has infected 35,000 systems this year (The Record by Recorded Future) A new malware botnet named PseudoManyscrypt has infected roughly 35,000 Windows computers this year, security firm Kaspersky said today.

PseudoManuscrypt: a mass-scale spyware attack campaign (Kaspersky) In June 2021, Kaspersky ICS CERT experts identified malware whose loader has some similarities to the Manuscrypt malware, which is part of the Lazarus APT group’s arsenal. In 2020, the group used Manuscrypt in attacks on defense enterprises in different countries. These attacks are described in the report “Lazarus targets defense industry with ThreatNeedle”.

Mass spyware campaign targets thousands of ICS computers around the world (Yahoo) Number of systems on which PseudoManuscrypt was detected, by day Number of systems on which PseudoManuscrypt was detected, by day Woburn, MA, Dec. 16, 2021 (GLOBE NEWSWIRE) — From January to November 2021, Kaspersky experts uncovered a new piece of malware that has targeted more than 35,000 computers across 195 countries. Dubbed “PseudoManuscrypt” for its similarities with the advanced persistent threat (APT) group Lazarus’ Manuscrypt malware, this new malware contains advanced spying capabilit

‘Tropic Trooper’ Reemerges to Target Transportation Outfits (Threatpost) Analysts warn that the attack group, now known as ‘Earth Centaur,’ is honing its attacks to go after transportation and government agencies.

Tropic Trooper Targets Transportation and Government Organizations (Trend Micro) Our long-term monitoring of the cyberespionage group Earth Centaur (aka Tropic Trooper) shows that the threat actors are equipped with new tools and techniques. The group seems to be targeting transportation companies and government agencies related to transportation.

Brazil investigates use of staff credentials in cyberattacks against government bodies (ZDNet) Malicious actors have accessed some systems using civil servant login and password details, an initial probe into recent breaches has been found.

Have Money for a Latte? Then You Too Can Buy a Phish Kit (Proofpoint) Phish kits have enabled threat actors of varying skills to easily craft and distribute tailored campaigns that are difficult for potential victims to distinguish as malicious.

The Pradeo Lab identifies another app with Joker malware on Google Play (Pradeo) Joker is a malware that silently exfiltrates data and subscribes users to unwanted premium subscription. The malware was found in 24 apps on Google Play.

McMenamins breweries hit by a Conti ransomware attack (BleepingComputer) Portland brewery and hotel chain McMenamins suffered a Conti ransomware attack over the weekend that disrupted the company’s operations.

North American Propane Distributor ‘Superior Plus’ Discloses Ransomware Attack (SecurityWeek) North American propane distributor Superior Plus this week announced that it had to shut down certain computer systems after falling victim to a ransomware attack.

Kronos Ransomware Attack May Keep Affected Systems Down for Weeks (Texas Lawyer) Dozens of companies and government organizations reported being affected, a number that falls far short of its likely impact.

Coombe hospital operating normally despite cyber attack (RTE.ie) The IT systems at the Coombe Hospital in Dublin have been locked down as an investigation begins into a cyber attack.

Services ‘continuing as normal’ at The Coombe following cyber attack, hospital says (TheJournal.ie) The hospital says services are “continuing as normal” but it has locked down its IT systems as a precaution.

Coombe Hospital IT systems ‘locked down’ after overnight cyber attack (Dublin Live) A HSE spokesperson said the attack has impacted “several systems” in the hospital

The metaverse has a groping problem already (MIT Technology Review) A woman was sexually harassed on Meta’s VR social media platform. She’s not the first—and won’t be the last.

Report: Audio Tech Giant Exposed Thousands of Customers’ Data (vpnMentor) Led by Noam Rotem and Ran Locar, vpnMentor’s research team recently discovered that consumer audio giant Sennheiser had accidentally left an old cloud account full of customer

Security Patches, Mitigations, and Software Updates

Hillrom Addressed A Zero-Day Vulnerability Affecting Its Cardiac Devices (Latest Hacking News) Hillrom will release the patches for the Welch Allyn cardiac devices zero-day vulnerability with the upcoming firmware updates.

Xylem AquaView (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 9.3
ATTENTION: Low attack complexity
Vendor: Xylem, Inc.
Equipment: AquaView
Vulnerability: Use of Hard-coded Credentials
2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an authenticated local attacker to create users, delete users, disable user groups, and update the system and its security levels.

Delta Electronics CNCSoft (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 6.1
ATTENTION: Low attack complexity
Vendor: Delta Electronics
Equipment: CNCSoft
Vulnerability: Out-of-bounds Read
2. RISK EVALUATION

Successful exploitation of this vulnerability could allow information disclosure or an application crash.

Wibu-Systems CodeMeter Runtime (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 7.1
ATTENTION: Low attack complexity
Vendor: Wibu-Systems AG
Equipment: CodeMeter
Vulnerability: Improper Privilege Management
2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to crash the CodeMeter Runtime Server, which could cause a denial-of-service condition.

Mitsubishi Electric GX Works2 (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 5.3
ATTENTION: Exploitable remotely/high attack complexity
Vendor: Mitsubishi Electric
Equipment: GX Works2
Vulnerability: Improper Handling of Length Parameter Inconsistency
2. RISK EVALUATION

Successful exploitation of this vulnerability may cause a denial-of-service condition in GX Works2.

Mitsubishi Electric FA Engineering Software (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 5.5
ATTENTION: Low attack complexity
Vendor: Mitsubishi Electric
Equipment: FA Engineering Software
Vulnerabilities: Out-of-bounds Read, Integer Underflow
2. RISK EVALUATION

Successful exploitation of these vulnerabilities may cause a denial-of-service condition.

Siemens Capital VSTAR (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.8
ATTENTION: Exploitable remotely / Low attack complexity
Vendor: Siemens
Equipment: Capital VSTAR
Vulnerabilities: Access of Resource Using Incompatible Type, Improper Validation of Specified Quantity in Input, Out-of-Bounds Read, Improper Restriction of Operations within the Bounds of a Memory Buffer, Improper Null Termination, Integer Underflow, Improper Handling of Inconsistent Structural Elements

Siemens POWER METER SICAM Q100 (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 9.1
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: POWER METER SICAM Q100
Vulnerability: Stack-based Buffer Overflow
2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to remotely execute code.

Siemens JTTK and JT Utilities (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: JTTK and JT Utilities
Vulnerabilities: Out-of-bounds Write, Use after Free, Out-of-bounds Read
2. RISK EVALUATION

Successful exploitation of these vulnerabilities could lead the application to crash or potentially lead to arbitrary code execution.

Siemens SINUMERIK Edge (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 7.4
ATTENTION: Exploitable remotely
Vendor: Siemens
Equipment: SINUMERIK Edge
Vulnerability: Improper Certificate Validation
2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to spoof a trusted entity by interfering in the communication path between the client and the intended server.

Siemens JT2Go and Teamcenter Visualization (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: JT2Go and Teamcenter Visualization
Vulnerabilities: Out-of-Bounds Write, Use of Uninitialized Variable, Out-of-Bounds Read, Off-by-One Error, Use-after-Free
2. RISK EVALUATION

Successful exploitation of these vulnerabilities could lead the application to crash or potentially lead to arbitrary code execution.

Siemens SIMATIC eaSie PCS 7 Skill Package (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 6.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SIMATIC eaSie PCS 7 Skill Package
Vulnerability: Path Traversal
2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an authenticated remote attacker to read arbitrary files on the application server.

Siemens SIMATIC ITC (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SIMATIC ITC Products
Vulnerabilities: Using Components with Known Vulnerabilities
2. RISK EVALUATION

Successful exploitation of these LibVNC vulnerabilities could allow remote code execution, information disclosure, and denial-of-service attacks.

Siemens Questa and ModelSim (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 9.0
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: Questa Simulation and ModelSim Simulation
Vulnerability: Insufficiently Protected Credentials
2. RISK EVALUATION

Successful exploitation of this vulnerability could allow access to unencrypted data.

Siemens Siveillance Identity (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: Siveillance Identity
Vulnerabilities: Exposure of Resource to Wrong Sphere
2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to access or modify several internal application resources.

Siemens Simcenter STAR-CCM+ Viewer (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: Simcenter STAR-CCM+ Viewer
Vulnerability: Out-of-bounds Write
2. RISK EVALUATION

Successful exploitation of this vulnerability could lead to a crash, arbitrary code execution, or data extraction.

Siemens Healthineers syngo fastView (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Siemens Healthineers, a subsidiary of Siemens
Equipment: syngo fastView
Vulnerabilities: Out-of-bounds Write
2. RISK EVALUATION

Successful exploitation of these vulnerabilities could lead to a crash of the application or arbitrary code execution.

Siemens JT Utilities and JT Open Toolkit (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: JT Utilities, JT Open Toolkit
Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read, Stack-based Buffer Overflow, Use After Free, Improper Restriction of Operations within the Bounds of a Memory Buffer, Heap-based Buffer Overflow
2.

Siemens Teamcenter Active Workspace (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 6.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: Teamcenter Active Workspace
Vulnerability: Path Traversal
2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to achieve remove code execution.

Siemens SiPass Integrated (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SiPass Integrated
Vulnerabilities: Exposure of Resource to Wrong Sphere
2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to access or modify several internal application resources.

Siemens JTTK and JT Utilities (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: JTTK and JT Utilities
Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read
2. RISK EVALUATION

Successful exploitation of these vulnerabilities could cause the application to crash or allow arbitrary code execution. 

Siemens Nucleus RTOS-based APOGEE and TALON Products (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: Nucleus RTOS based APOGEE and TALON Products
Vulnerabilities: Type Confusion, Improper Validation of Specified Quantity in Input, Out-of-bounds Read, Improper Restriction of Operations within the Bounds of a Memory Buffer, Improper Null Termination, Buffer Access with Incorrect Length Value, Integer Underflow, Improper Handling of Inconsistent Structural Elements

Delta Electronics DIAEnergie (Update A) (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Delta Electronics
Equipment: DIAEnergie
——— Begin Update A Part 1 of 3 ——— 

HCC Embedded InterNiche TCP/IP stack, NicheLite (Update B) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: HCC Embedded
Equipment: InterNiche stack (NicheStack), NicheLite
Vulnerabilities: Return of Pointer Value Outside of Expected Range, Improper Handling of Length Parameter Inconsistency, Use of Insufficiently Random Values, Improper Input Validation, Uncaught Exception, Numeric Range Comparison Without Minimum Check, Generation of Predictable Numbers or Identifiers, Improper Check or Handling of Exceptional Conditions, Improper Null Termination

Siemens Linux-based Products (Update G) (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 7.4
ATTENTION: Exploitable remotely
Vendor: Siemens
Equipment: Linux based products
Vulnerability: Use of Insufficiently Random Values
2. UPDATE INFORMATION

This updated advisory is a follow-up to the advisory update titled ICSA-21-131-03 Siemens Linux-based Products (Update F) that was published November 11, 2021, to the ICS webpage at www.cisa.gov/uscert.

Mitsubishi Electric MELSEC iQ-R Series (Update C) (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Mitsubishi Electric
Equipment: MELSEC iQ-R series
Vulnerability: Uncontrolled Resource Consumption
2.

Siemens SIMOTICS, Desigo, APOGEE, and TALON (Update B) (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 7.1
ATTENTION: Exploitable from an adjacent network/low skill level to exploit
Vendor: Siemens
Equipment: SIMOTICS, Desigo, APOGEE, and TALON
Vulnerability: Business Logic Errors
2.

Siemens TIA Portal (Update C) (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 7.8
ATTENTION: Low skill level to exploit
Vendor: Siemens
Equipment: TIA Portal
Vulnerability: Path Traversal
2. UPDATE INFORMATION

This updated advisory is a follow-up to the advisory update titled ICSA-20-014-05 Siemens TIA Portal (Update B) that was published January 12, 2021, to the ICS webpage at www.cisa.gov/uscert/ics.

Trends

Managed Services Report: No Rest for the Wary (MITRE-Engenuity) Organizations are increasingly relying on external support from managed services. In order to gain a better understanding of the state of affairs in managed services security, MITRE Engenuity, MITRE’s tech foundation for the public good, commissioned Cybersecurity Insiders to run an extensive industry survey to answer essential questions

How are Cyber Security Teams Prioritizing Vulnerability Risk? (Vulcan Cyber) Risk-based vulnerability management (RBVM) is essential to proactive defense against cyber threats, but many programs are too often ineffective and inefficient

The CISO Circuit Report – TPRM (Edition 7) (YL Ventures) This edition spotlights today’s most pressing concerns around TPRM solutions and processes. Read on to discover what’s behind the ongoing friction with TPRM, how much TPRM solutions factor into CISO decision-making, how else CISOs currently offset third-party risk, the future of TPRM and more!

Transmit Security Reveals 50% of Gen Z Consumers Abandon an Online Purchase If They Forget Their Password (Business Wire) Transmit Security Reveals 50% of Gen Z Consumers Abandon an Online Purchase If They Forget Their Password

Are Password Resets Costing Your Company? [Survey] (Beyond Identity) Are passwords keeping consumers from both online and offline experiences? The results of this study might surprise you.

Exclusive: ‘Cyber is the most dangerous weapon in the world,’ JPMorgan council warns (CNN) Business leaders and former policymakers are sounding the cyber alarm.

Why ransomware attacks happen out of hours or during the holidays (Register) Security teams have a choice to make – and doing nothing is not an option

The Great Resignation will drive cyber attacks in 2022 (Security Brief) AI cyber security experts Darktrace predict that the Great Resignation we’ve seen during the pandemic will drive cyber attacks in 2022. 

REPORT: The state of cyber security in the UK charity sector (Charity Digital) We dig into the findings of our cyber security survey to see what charities think about cyber security and how they are addressing the increasing threat to the sector

GUEST ESSAY: Why the arrests of cyber criminals in 2021 will incentize attackers in 2022 (The Last Watchdog) In 2021, law enforcement continued making a tremendous effort to track down, capture and arrest ransomware operators, to take down ransomware infrastructure, and to claw back ransomware payments. Related: The targeting of supply chains While some of these efforts have been successful, and may prevent more damage from being done, it is important to realize […]

Spam Rates in the U.S. Spike Again; Truecaller’s 2021 Global Spam Report Shows Rising Spam Call Volumes in Latter Half of the Year (PR Newswire) Truecaller has launched its fifth edition of the annual Global Spam Report – a detailed, global study on how spam and scam affects all of us….

2021 Phishing Intelligence Report: Phishing in 2021 (Phished.io) Phished announces the results of its 2021 Phishing Intelligence Report. The report, which analysed data from more than 100 million phishing simulations across thousands of organisations all over the world, revealed that globally, almost a quarter (22%) of employees are likely to expose their…

Marketplace

Corellium Lands $25 Million Investment for Virtualization Tech (SecurityWeek) Fresh off a high-profile legal triumph over Apple, Corellium gets major attention from investors with Paladin Capital Group leading a $25 million funding round.

This female-led unicorn just raised more money — this time, from a big women investor group (Washington Business Journal) The latest influx brings the Arlington company’s lifetime funding to $128 million.

LogMeIn spins out LastPass as standalone company (Channel Life) LogMeIn says it plans to invest further in LastPass, particularly across the go-to-market functions, engineering, and the overall customer experience.

“Cyber startups are too expensive for sane companies to buy” (Globes) Tufin CEO Ruvi Kitov talks to “Globes” about share price ups and downs, the company’s new strategy, and what it won’t be doing with its cash.

NINJIO Adds Growth Marketing Expert Tom Richards To Expanding Executive Lineup (NINJIO) With recent strategic investment from Gauge Capital, cybersecurity awareness training company bolsters go-to-market strategy with key hire

Amazon Product Leader Stephen Benedict Joins ID.me as Chief Product Officer (PR Newswire) ID.me, the secure digital identity network with over 66 million members, today announced Stephen Benedict has joined ID.me as Chief Product…

BeyondTrust names Rob Spee as new SVP for Global Channels (ITP.net) Spee will lead BeyondTrust’s global channel strategy, with a focus on expanding market share through its global partner ecosystem

Protegrity expands its executive leadership team with new promotions (Help Net Security) Protegrity announced the expansion of its executive leadership team with the promotions of Terri McBride and Kaitlin Hartshor.

Products, Services, and Solutions

New infosec products of the week: December 17, 2021 (Help Net Security) The featured infosec products this week are from: AwareGO, MetricStream, MobileSphere, Nerdio, Ping Identity, Pondurance, Syxsense, and Tufin.

Glasswall Launches Premier Partner Program to Build Channel Ecosystem (PRWeb) Glasswall, a British cybersecurity company that offers instant protection against file-based threats with Content Disarm and Reconstruction (CDR)

BehavioSec’s Robust Partner Ecosystem Accelerates Behavioral Biometrics Adoption (Business Wire) BehavioSec announced that its partner ecosystem is providing more avenues for end-users to leverage behavioral biometrics.

ShiftLeft Expands “Attackability” Detection Coverage to JavaScript and TypeScript (Yahoo Finance) SANTA CLARA, Calif., December 16, 2021–ShiftLeft announced its Intelligent-SCA product has added scanning and attackability analysis for JavaScript (JS) and the TypeScript (TS) language.

Cybereason, Google Cloud team up to roll out new XDR solution (ITP.net) Cybereason XDR powered by Google Chronicle predicts, detects and responds to threats on a planetary scale and at high speed.

Zimperium and Intertrust Partner to Provide End-to-end Security for IoT devices in Zero-trust Environments (PR Newswire) Zimperium, the global leader in mobile security, and Intertrust, the pioneer in trusted computing and digital rights management (DRM)…

Technologies, Techniques, and Standards

ESF Members, NSA and CISA publish the fourth installment of 5G cybersecurity guidance (National Security Agency/Central Security Service) The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) published the fourth installment on securing integrity of 5G cloud infrastructures, Ensure Integrity

Security Guidance for 5G Cloud Infrastructures Part IV: Ensure Integrity of Cloud Infrastructure (CISA) The Enduring Security Framework (ESF) hosted a 5G study group comprised of government and industry experts over the course of eight weeks during the summer of 2020 to explore potential threat vectors and vulnerabilities inherent to 5G infrastructures

New State of Modern Application Security Report Highlights the Importance of Eliminating Friction Between Developers and Security (GlobeNewswire News Room) Tromzo, a developer-first application security management platform, has released the findings from their…

The DHS is inviting hackers to break into its systems, but there are ROE (The State of Security) The DHS is launching the “Hack DHS” bug bounty and inviting security researchers to uncover vulnerabilities and hack into its systems.

How to respond if your firm is victim to a ransomware attack (Computing) Of cyberattack cases reported to Kroll in 2020, over a third involved ransomware

US Air Force cyber team demonstrates first ever in-flight mission (C4ISRNet) Air Force defensive cyber teams will now be able to conduct cyber missions aboard MC-130Js in flight.

Cyber Marines build relationship with JSDF cyber units during cyber competition (United States Marine Corps Flagship) A small team of Marines with Defensive Cyberspace Operations – Internal Defensive Measures Company, 7th Communication Battalion, III Marine Expeditionary Force Information Group, competed against four

Design and Innovation

US Space Force to Launch Project Moonlighter Cybersecurity Satellite (Via Satellite) A U.S. Space Force effort to launch a dedicated cybersecurity testing satellite in 2023 will include a design modeled after the common 3U cubesats, which

Tool protects users’ private data while they browse (National Science Foundation) ‘SugarCoat’ targets scripts that harm users’ privacy

Legislation, Policy, and Regulation

Russia hands draft security pacts to US, expects quick talks (Army Times) Moscow’s proposals were passed on to U.S. Assistant Secretary of State for European and Eurasian Affairs Karen Donfried.

Full-blown warfare in cyberspace in progress, says Russian diplomat (TASS) What matters now is to calculate the damage and determine who will lose it in the end and what shape the world will eventually acquire as a result of this war, Andrey Krutskikh emphasized

‘A Third World War’: Russian official declares cyberwar already ‘in full swing’ (Washington Examiner) A global conflict between the great powers of the world is already “in full swing,” according to a senior Russian diplomat, and it’s happening in cyberspace.

US concerns grow over potential Russian cyber targeting of Ukraine amid troop buildup (TheHill) The increase in tensions between the United States and Russia due to Moscow amassing troops on the border with Ukraine is raising concerns Russia may not only put boots on the ground but also turn to hacking operations to put pressure o

Russia thwarts millions of cyberattacks every day, envoy says (TASS) The risk of cyber provocations against Russia is still in place, Andrey Krutskikh added

Is Deterrence in Cyberspace Possible? (Modern Diplomacy) Soon after the Internet was founded, half of the world’s population (16 million) in 1996 had been connected to Internet data traffic. Gradually, the Internet began to grow and with more users, it contributed to the 4 trillion global economies in 2016 (Nye, 2016). Today, high-speed Internet, cutting-edge technologies and gadgets, and increasing cross-border Internet […]

NATO Signals Support for Ukraine in Face of Threat From Russia (New York Times) The military alliance stood by its promise to open a path to Ukrainian membership amid warnings from Western intelligence agencies that Moscow could soon begin a military incursion.

Amid warnings to Russia over feared Ukraine attack, E.U. struggles over how tough to set sanctions (Washington Post) E.U. leaders are warning Russia that any military move into Ukraine will come at a high cost, with new sanctions from Moscow’s critical trading partner.

The EU Keeps Putin Guessing on ‘Consequences’ for a Ukraine Invasion (World Politics Review) EU leaders are gathered for the European Council summit in Brussels to discuss a response to the omicron variant and Russia’s buildup of troops on Ukraine’s border. But deep disagreements among the bloc’s leaders over strategy could hamper the ability to arrive at a collective solution.

Kyiv keeping calm and carrying on even as Kremlin boosts pressure on Ukraine (Washington Post) To understand how many people in Ukraine’s capital are dealing with Russian threats, a visit to Kyrylo Kislyakov’s basement bar offers some good lessons.

Biden’s Stand on Ukraine Is a Wider Test of U.S. Credibility Abroad (New York Times) President Barack Obama also warned of severe consequences if Russia took action against its neighbor. Vladimir Putin annexed Crimea anyway.

U.S. Sanctions Might Be Easy, but They’re Not Cheap (World Politics Review) As 2021 comes to a close, the international community faces several emerging humanitarian and security catastrophes in Ethiopia, Ukraine and Afghanistan. Each of these crises is vastly different from the others—but the U.S. has responded to all of them with the same political tool: economic sanctions.

Who’s Appeasing Putin Now? (Bloomberg) Biden’s failure to forcefully confront Russia on Ukraine and other matters puts Democrats in an awkward position.

America’s Cyber-Reckoning (Foreign Affairs) How to fix a failing strategy.

US’ Campaign Against Huawei As Security Risk Proves Correct (NDTV.com) The US government has warned for years that products from China’s Huawei Technologies Co, the world’s biggest maker of telecommunications equipment, pose a national security risk for any countries that use them.

DJI is a more elusive U.S. target than Huawei (Reuters) DJI Technology will be harder to ground than telecommunications firm Huawei Technologies. The U.S. government is squeezing the Chinese drone maker by banning American investment in the company. But unlike Huawei, DJI products are widely used in the United States, including by local police. And Western rivals are tiny, making any further crackdowns challenging.

NDAA passes Senate at $740 billion; heads to Biden’s desk (Breaking Defense) The legislation includes funding increases for deterrence initiatives in the Indo-Pacific and Europe, and approves Air Force efforts to divest of some legacy aircraft.

Representatives Tom Malinowski, Katie Porter, Joaquin Castro, and Anna Eshoo Applaud Congressional Passage of the “NSO Blacklist” to Counter the Hacking for Hire Industry (Representative Tom Malinowski) Representatives Tom Malinowski (NJ-07), Katie Porter (CA-45), Joaquin Castro (TX-20), and Anna G. Eshoo (CA-18) issued the following statement today on the passage this week in the National Defense Authorization Act (NDAA) of the first-ever legislation targeting private companies selling surveillance technologies to dictatorships. “This week, Congress passed legislation requiring the U.S. government to publish a blacklist of companies that have sold hacking and spyware technologies to governments that abuse human rights.

US Senate sends Biden defense bill, with funding for cyber-cooperation for Israel (Times of Israel) National Defense Authorization Act, which passed overwhelmingly, includes creation of interparliamentary group of US, Israel, Greece, Cyprus to combat Turkish aggression

Lawmakers Put Pressure on Spyware Vendors (Decipher) A group of 18 lawmakers are calling on the Biden administration to sanction surveillance technology firms for enabling “human rights abuses.”

U.S. blacklists world’s largest commercial drone firm for surveillance of Uyghurs in China (Axios) DJI is accused of supplying drones to authorities carrying out a genocide.

Cyber Workforce Bill Clears Senate (Nextgov.com) The bill aims at helping federal offices recruit top cybersecurity talent amid digital threats.

Cyber Command Is in the Ransomware Game—Now What? (Lawfare) Some unresolved questions that policymakers must consider in exploring a role for the military in countering ransomware.

Governments must manage ‘out of control demands’ of the internet (Computing) Datacentre power demands – and emissions – are increasing exponentially, and governments must incentivise change

Litigation, Investigation, and Law Enforcement

Google Faces Huge Fines in Russia as Putin Ally Wins Lawsuit (Bloomberg) Google lost an appeal over suit to unblock a YouTube account. U.S. technology giant says it’s complying with U.S. sanctions.

Phone of Indian activist jailed on terrorism charges was infected with Pegasus spyware, new analysis finds (Washington Post) A smartphone belonging to jailed Indian activist Rona Wilson was infiltrated using NSO Group’s Pegasus spyware before his arrest, according to a new forensic analysis by Amnesty International’s Security Lab that reignites questions about the use of malware attacks against dissidents and government critics in India.

EFF to Court: Deny Foreign Sovereign Immunity to DarkMatter for Hacking Journalist (Electronic Frontier Foundation) When governments or private companies target someone with malware and facilitate the abuse of their human rights, the victim must be able to hold the bad actors accountable. That’s why, in October, EFF requested that a federal court consider its amicus brief in support of journalist Ghada Oueiss in…

Online trend leads to threats of school violence nationwide (WINK NEWS) A viral threat is circulating across the nation on social media, threatening violence in schools Friday. Officials say the threats are not credible, but parents are still concerned. It started as a way for kids to get out of school but has mutated into something much more severe, and students will face hefty consequences for making […]

Former defense contractor attempted to provide military secrets to Russia, DOJ says (The Record by Recorded Future) A former defense contractor was arrested Wednesday night in South Dakota and charged with attempting to provide classified information to the Russian government, the US Department of Justice said.

New Jersey Cancer Care Providers Settle Data Breach Claim (Infosecurity Magazine) Healthcare providers accused of two security breaches in one year agree to $425K settlement

FTC settles with OpenX Technologies for $2 million for allegedly violating children’s privacy law (CyberScoop) Advertising platform OpenX Technologies will pay the Federal Trade Commission $2 million over allegations that it failed to comply with a federal rule requiring online services to obtain parents’ consent before collecting data about children under the age of 13.