Rebranded ransomware gang hits schools, hospitals. Phishing-as-a-service. Tardigrade update. Pharma company fends off Hive. | #datingscams | #russianliovescams | #lovescams

Attacks, Threats, and Vulnerabilities

A Hacking Spree Against Iran Spills Out Into the Physical World (WIRED UK) Hackers have targeted the country’s trains, gas stations, and airline infrastructure, as cyber conflict with Israel continues to escalate.

Sabbath hackers are targeting US schools and hospitals (IT PRO) The rebranded hacking group is demanding multi-million-dollar ransom payments, according to Mandiant

Hack ‘Sabbath’: Elusive new ransomware detected (SearchSecurity) Mandiant researchers say a rebranded ransomware group called “Sabbath” has emerged with hard-to-detect infection tools.

Ransomware gang targeting schools, hospitals reinvents itself to avoid scrutiny (CyberScoop) An under-the-radar ransomware group that’s been attacking schools, hospitals and other critical infrastructure has tried to cover its tracks by rebranding, according to findings from researchers at Mandiant. Sabbath, a rebrand of the ransomware group Arcane, “is unfortunately not slowing down” in its attacks, Tyler McLellan, principal analyst at Mandiant, said in a statement.

Kitten.gif: Meet the Sabbath Ransomware Affiliate Program, Again (Mandiant) In September 2021, Mandiant discovered a post on seeking partners for a new ransomware affiliate program. By October 21, 2021, the 54BB47h (Sabbath) ransomware shaming site and blog were created and quickly became the talk of security researchers. In contrast with most other affiliate programs, Mandiant observed two occasions where the ransomware operator provided its affiliates with pre-configured Cobalt Strike BEACON backdoor payloads.

Shape-Shifting ‘Tardigrade’ Malware Hits Vaccine Makers (Threatpost) Some security researchers say it’s actually Cobalt Strike and not a SmokeLoader variant, but BioBright says in-depth testing shows it’s for real a scary morphic malware that changes its parts and recompiles itself.

Project Zero Flags High-Risk Zoom Security Flaw (SecurityWeek) Google Project Zero’s Natalie Silvanovich reports a pair of Zoom security defects that expose Windows, macOS, Linux, iOS and Android users to malicious hacker attacks.

Recently Patched Apache HTTP Server Vulnerability Exploited in Attacks (SecurityWeek) A recently patched Apache HTTP Server SSRF vulnerability (CVE-2021-40438) has been exploited in attacks, according to Cisco and Germany’s BSI cybersecurity agency.

What We’ve Learned About SSH Brute Force Attacks (Sucuri) The first time I encountered brute force attacks I was a hosting specialist who received calls from frustrated site owners that wanted to know who’d gained access to their server. Many of them didn’t understand the importance of a password’s character strength, or how frequent attacks on “root” are as a username, including myself at one point in time.

Google Play apps downloaded 300,000 times stole bank credentials (Ars Technica) Crooks find new ways to prevent Google from detecting malicious packages.

More than 300,000 Play Store users infected with Android banking trojans (The Record by Recorded Future) More than 300,000 Android users were infected with banking trojans after installing apps from the official Google Play Store over the past few months, mobile security firm ThreatFabric said today.

300.000+ infections via Droppers on Google Play Store (Threat Fabric) The “Deceive the Heavens to Cross the sea” stratagem comes from the first chapter of the ‘Thirty-Six Stratagems’, a famous Chinese collection of tactics and techniques used in politics, war and civil life. It translates to “hide in plain sight” or “mask your true goals”.

Egress: Research Reveals Surge in Phishing-as-a-Service Activity Targeting Black Friday Shoppers (Businesswire) Research published by email security firm Egress has revealed a surge in phishing kits imitating major brands in the lead up to Black Friday, as secur

Ransomware Operators Threaten to Leak 1.5TB of Supernus Pharmaceuticals Data (SecurityWeek) Biopharmaceutical company Supernus Pharmaceuticals last week confirmed it fell victim to a ransomware attack that resulted in a large amount of data being exfiltrated from its network.

Supernus Pharmaceuticals Targeted in Ransomware Incident (Supernus Pharmaceuticals) The Investor Relations website contains information about Supernus Pharmaceuticals’s business for stockholders, potential investors, and financial analysts.

Marine Services Provider Swire Pacific Offshore Discloses Data Breach (SecurityWeek) Singapore marine services company says an unauthorized party accessed confidential proprietary commercial information and personal data.

Panasonic confirms data breach, says hackers accessed the company’s internal network (Computing) The breach reportedly started on 22 June and ended on 3 November

Panasonic Investigating Data Breach (SecurityWeek) Panasonic recently discovered a network breach in which someone accessed a file server reportedly storing technology and business information.

Panasonic confirms data breach after hackers access internal network (TechCrunch) The technology giant confirmed the breach lasted between June 22 and November 3.

Panasonic Hit in Data Breach (Dark Reading) Tech firm reveals that data on one of its file servers was accessed by attackers.

Notice of Unauthorized Access to File Server | Headquarters News (Panasonic Newsroom Global) Panasonic Corporation has confirmed that its network was illegally accessed by a third party on November 11, 2021.

Dark web market Cannazon shuts down after massive DDoS attack (BleepingComputer) Cannazon, one of the largest dark web marketplaces for buying marijuana products, shut down last week after suffering a debilitating distributed denial of service attack.

Vestas confirms cyber security incident was ransomware attack (Windpower Monthly) Read Vestas confirms cyber security incident was ransomware attack and other wind energy news & analysis on Windpower Monthly

Cyber attack closes LCCC, RBGA (Alton Telegraph) Last week’s cyber attack has closed Lewis & Clark Community College and the RiverBend Growth Association.

Hackers plant card-stealing malware on website that sells baron and duke titles (The Record by Recorded Future) A threat actor has hacked the website of the Principality of Sealand, a micronation in the North Sea, and planted malicious code on its web store, which the government is using to sell baron, count, duke, and other nobility titles.

Vulnerability Summary for the Week of November 22, 2021 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Phishing by the Numbers – Oct 2021 (Cyren) This blog is part of our monthly blog series analyzing incident response data from Cyren threat researchers and Cyren security clouds including Cyren Inbox Security.

Tool Overload, Asset Blindness and Misplaced Confidence in Controls Cited as Key Security Challenges, According to Panaseer 2022 Security Leaders Peer Report (PR Newswire) Control failures are behind a growing number of security incidents at large organisations, according to the Panaseer 2022 Security Leaders Peer…

Deep Instinct BrandVoice: The True Cost Of Rising Cyber Threats, According To A Cybersecurity CFO (Forbes) Threat actors are successfully staying ahead of the curve by constantly reinventing themselves.

3 reasons why cyberattackers love Cyber Monday (Red Sift Blog) Cyber Monday 2021 is a big deal for ecommerce businesses and consumers alike. In 2020, Cyber Monday sales totaled $10.8 billion.

New study finds financial service companies at steep risk of cyberattack (Silicon Valley Business Journal) Local experts say businesses can do more to protect valuable corporate information.

Ransomware Attacks Across the Globe Locked 68 Healthcare OT Facilities (Fast Mode) Ransomware attacks across the globe locked 68 care providers out of their respective networks during Q3 of this year alone,


Armis Raises $300 Million at $3.4 Billion Valuation (SecurityWeek) Enterprise device security company Armis has raised another $300 million, at a valuation of $3.4 billion.

Cycode Raises $56M Series B Round to Secure Software Supply Chains (Businesswire) Cycode, the leader in software supply chain security, today announced a $56M Series B round led by New York-based global private equity and venture ca

Exclusive: Herndon customer identity startup raises millions in new funding (Washington Business Journal) The investment will speed up hiring, positioning the company to double within the next year.

Global Cybersecurity Software Firm Quest to be Acquired (Channel Futures) Global cybersecurity, data intelligence, and IT operations management software provider Quest will be acquired by Clearlake Capital Group.

Dragos continues expansion in Saudi Arabia (Trade Arabia) Dragos, a global leader in cybersecurity for industrial control systems (ICS)/operational technology (OT) environments, is expanding further in Saudi Arabia in alignment with accelerated growth in the country.

BIG unveils new ESET Campus in Bratislava, Slovakia (Building Design & Construction) The ESET Campus will comprise 12 buildings in Patronka, Bratislava.

ReliaQuest Expands U.S. Presence With New Salt Lake City Office (ReliaQuest) ReliaQuest expands in Salt Lake City with a new office. This new location will allow the Company’s Salt Lake City office to continue to grow and serve as a major hub for ReliaQuest.

Huawei pivots as scrutiny reshapes business (Capacity Media) Blocked from a growing number of telecoms networks, Huawei is changing its business model to focus on new revenue streams. Saf Malik reports.

Whistleblower Frances Haugen Still Believes in Silicon Valley (Wired) The face behind the Facebook papers tells how she became Mark Zuckerberg’s nightmare—and thinks people can still make a positive impact at the company.

Jack Dorsey Steps Down as Twitter CEO, Replaced by CTO Parag Agrawa (Bloomberg) Co-founder says Twitter is ready to ‘move on’ to new leader. Dorsey to remain head of digital-payments company Square.

Who Is Parag Agrawal, Twitter’s New C.E.O.? (New York Times) A longtime Twitter insider and a confidant of co-founder Jack Dorsey, Mr. Agrawal takes over as the social media company confronts various challenges.

Who is Parag Agrawal? New Twitter CEO promises “open, direct conversations” with users (Newsweek) Jack Dorsey announced he is stepping down as the leader of the social media giant, and his successor has already been named.

Exabeam Welcomes Gianna Driver as Chief Human Resources Officer (Businesswire) Exabeam today announced the appointment of Gianna Driver as Chief Human Resources Officer.

Products, Services, and Solutions

The B2B marketer’s guide to podcast advertising: how to create tangible demand with a direct response budget (The CyberWire) New guide helps B2B marketers take advantage of rapidly emerging opportunities in podcast advertising.

Trend Micro Unrivaled Performance Securing 2.5 Trillion Cloud Events Daily (PR Newswire) Trend Micro Incorporated (TYO: 4704; TSE: 4704), the leader in cloud security, today announced industry-breaking milestones reached in global…

CloudSphere Achieves AWS Migration and Modernization Competency (Businesswire) CloudSphere has achieved AWS Migration and Modernization Competency for discovering, planning, and helping customers move business services to AWS.

Cavirin Selected as Solutions Partner for AWS Inspector-Next Partner Program (Businesswire) Cavirin integrates Amazon Inspector into Cavirin’s hybrid cloud security and compliance platform.

Kasten by Veeam Announces Support for AWS Marketplace for Containers Anywhere, a New Channel for Hybrid Kubernetes Deployments (Kasten by Veeam) Kasten K10 by Veeam adds support for Kubernetes applications on AWS and on premises via AWS Marketplace for Containers Anywhere

Resecurity® Partners with Safety and Intelligence Network Africa (SINA) to Advance Cyber Threat Intelligence (Yahoo Finance) Resecurity, a cybersecurity and intelligence company, today announced its partnership with Safety and Intelligence Network Africa (SINA) to accelerate cybersecurity knowledge and skills transfer through training, awareness and innovative cyber intelligence solutions. Based in Ghana, Accra, SINA is the leading organization for providing training for security and risk management professionals, government, military and law enforcement officers.

Darktrace Signs Multi-Million-Dollar Deal With Global Leader In Automotive Technology And Electronics (PR Newswire) Darktrace, a global leader in cyber security AI, today announced that one of Europe’s largest automotive technology and electronics companies…

Darktrace tackles cyber attackers for FIFA World Cup in Qatar (Business Weekly) Technology from Cambridge cyber defence company Darktrace is to combat attackers to help Qatar mount an incident-free World Cup soccer tournament. Power International Holding (PIH), the Qatari business conglomerate assisting with providing infrastructure for the 2022 FIFA World Cup, has chosen Darktrace AI to protect its digital environments against cyber-threats. A giant in

Play Launches Allot Security-as-a-Service Solution to Protect Customers Against Cyber Threats (GlobeNewswire News Room) Poland’s leading mobile operator offers network-based cybersecurity services to protect consumer customers from malware, viruses, phishing and ransomware…

F-Secure and CyberPeace Institute partnership to counter attacks against vulnerable communities (Security Brief) Global cybersecurity provider F-Secure has signed a letter of intent with the Switzerland-based CyberPeace Institute to counter attacks against vulnerable communities.

Air Force Spent Millions on Encrypted App Wickr (Vice) Recently acquired by Amazon, Wickr is becoming a go-to encrypted chat platform for the U.S. military and other government agencies.

TIC 3.0 Compliant Managed Security Service for Remote Work Now Available (PR Newswire) With government agencies facing more cyberthreats than ever before, Lumen Technologies (NYSE: LUMN) announced today a new managed security…

Glasswall Earns a SOC 2 Type II Certification for its Content Disarm a (PRWeb) Glasswall, a global leader in content disarm and reconstruction (CDR) technology, today announced that it has successfully completed its

Global Fantasy Football Platform Sorare Partners With SEON to Stop Referral Fraud (SEON) We are pleased to announce that Sorare, a French iGaming company, has successfully deployed SEON tools to protect its business. Offering an exciting and modern take on fantasy football, Sorare leverages blockchain technology to transform online football fandom.  Brian O’Hagan, Growth Lead at Sorare, said about the implementation: “SEON helps us fight fraud, especially with […]

Datadobi Validates Google Cloud Storage as an Endpoint for Data Management (Businesswire) Datadobi announces DobiProtect Software Suite Enables Users to Build a True Multi-Cloud Strategy With Data Available at Multiple Hyperscalers

GTT Partners With Palo Alto Networks to Power Its SASE Platform (GTT) Designed for a hybrid workforce, it deploys a full set of security features into one platform, protecting all application traffic & giving the best possible UX.

Technologies, Techniques, and Standards

Failure to Launch: Why CMMC requirements will trip up the defense industrial base (Washington Technology) The road to cyber compliance is bumpy and many contractor are bound to fail. Here’s why and what you can do to protect your organization.

Utility Metrics for Differential Privacy: No One-Size-Fits-All (NIST) In previous posts we discussed different ways to implement differential privacy, each of which offers some trade-off between p

CISA Releases Guidance on Securing Enterprise Mobile Devices (SecurityWeek) The United States Cybersecurity and Infrastructure Security Agency (CISA) last week published a Capacity Enhancement Guide (CEG) to help organizations secure mobile devices and their access to enterprise resources.

CISA mulls plan to safeguard federal civilian email (FCW) According to contracting documents, the Cybersecurity and Infrastructure Security Agency is looking to take a leading role in identifying and defending against threats against federal civilian executive branch email systems and networks.

CISA, DOD Spearhead 5G Security Assessment Method Development; Vincent Sritapan Quoted (Executive Gov) The departments of Homeland Security (DHS) and Defense (DOD) have drafted a five-step framework meant to help agencies determine a security baseline for 5G technology projects, Federal News Network reported Thursday.DHS’ Cybersecurity and Infrastructure Security Agency (CISA) worked with DOD to crea

Commerce Proposes Third Party Audits as Criteria in Supply Chain Rule for Software ( The Government Accountability Office says CISA should also update its approach to communications sector reliability by securing the supply chain for information and communications technology.

Protecting business-critical data at the rack level (Security Brief) It is important to have both digital and physical security visibility into the data center. Here’s how intelligent PDUs can help.

Cyberattacks threaten the corporate world. Here’s what companies need to know about what comes next. (Business Insider) Cyberattacks threaten reputation, mergers and acquisitions, corporate valuation, the ability to raise funding, and other business-centric functions.

Opinion: Shopping online this holiday season? Why you need to protect yourself (CNN) Cyber Monday is here, and while millions of Americans will be looking for the best deals the internet has to offer, cyber criminals will be hard at work looking to target online shoppers.

Cloud Security: Don’t wait until your next bill to find out about an attack! (Naked Security) Cloud security is the best sort of altruism: you need to do it to protect yourself, but you help to protect everyone else at the same time.

EPI: how to build trust and adoption among consumers and merchants? (Fime Group) The European Payments Initiative (EPI) is aiming to provide a pan-European payments solution. EPI aims to set itself apart from other payment methods and address the challenges created by the fragmentation of the European payments landscape.

Research and Development

China has found the solution to decrypt stolen data from hackers … in its favor (CVBJ) One of the techniques most used by hackers is to access servers and encrypt them so that companies have to


University of Technology Sydney and NTT Group partner to promote smarter, safer and more secure cities (NTT) The University of Technology Sydney (UTS) and NTT Corporation (“NTT”), a global leader in digital transformation, have agreed to promote smarter, safer and more secure cities in New South Wales (NSW) state.

Cedarville Named National Center of Academic Excellence in Cyber Defense for Second Time (Cedarville University) This is the second consecutive time that Cedarville has been received this prestigious designation from the National Security Agency. It was previously…

Swimlane Hosts Mullen High School for National Computer Science Week (Businesswire) Swimlane, the leader in low-code security automation, today announced it will host Mullen High School at its U.S. headquarters in observance of Nation

Legislation, Policy, and Regulation

Russian hacker wanted by FBI is unmasked (Mail Online) tracked suspected super-hacker Yeveniy Polyanin, 28, left, to a $380,000 home in the Siberian city of Barnaul, where his wife, Sofia, right, openly runs a social media baking business.

Threat of Russian invasion of Ukraine tests Biden administration (Washington Post) The White House is reviewing options to deter a feared Russian invasion of Ukraine, including providing more military aid to Kyiv and threatening sanctions, to dissuade Russian President Vladimir Putin from escalating the simmering conflict into a full-blown transatlantic crisis.

Latvia calls for permanent U.S. troops to guard against Russia threat (Reuters) Latvia needs a permanent U.S. military presence to deter Russia and wants to boost its defences with U.S. Patriot missiles, Defence Minister Artis Pabriks said on Monday as NATO’s chief visited allied troops in the Baltic country.

Viewpoint: Nations Vie for Growing Quantum Cryptography Market (National Defense) Quantum cryptography is a technology that uses advanced physics to secure the distribution of symmetric encryption keys.

The means to manage cyberspace and the duty of security (Israel Defense) Governments must play a key role in developing and leading the local ecosystems, but this national effort must involve many other stakeholders. Furthermore, cybersecurity is a national opportunity for developing the local economy and for positioning any country in the international arena.

Cyberspace Administration of China (CAC) publishes draft regulations for network data security management (JD Supra) On 14 November 2021, the Cyberspace Administration of China (CAC) published a consultation draft of the Regulations on Network Data Security…

UK spies seek help from tech firms against cyber threats (AP NEWS) Britain’s spies must give up some of their deep-rooted secrecy and seek help from tech firms to combat fast-moving cyber threats, the head of the U.K’s foreign intelligence agency says.

MI6 needs to come out of the shadows and change culture of secrecy, warns spy chief (The Telegraph) ‘Unlike Q in the Bond movies, we cannot do it all in-house,’ says Richard Moore, as Secret Intelligence Service opens up to technology firms

Should the SRA introduce tougher sanctions for AML breaches? (Legal Futures) We have recently seen the SRA fining law firms across England and Wales over a lack of proper anti-money laundering policies and procedures.

Biden to make first move on data privacy (Axios) The NTIA plans to hold “listening sessions” on how privacy can affect civil rights.

‘Cyber Grinches’ Snatching Toys Should Be Stopped, Lawmakers Say (Bloomberg) A group of Democrats wants to stop the Grinch from stealing Christmas. Except this time around the spoilsport they’re targeting is not a furry green creature, but a robot.

Lina Khan’s Battle to Rein in Big Tech (The New Yorker) As monopolies and other large companies gain increasing control of our daily lives, Khan is Joe Biden’s pick to do something about it.

Wisconsin Enacts Insurance Data Security Law Requiring Notification of Cybersecurity Incidents to Insurance Commissioner Within Three Business Days (Lexology) Entities that collect Wisconsin residents’ personal information and are licensed, registered, or authorized (licensee) with the Office of the…

Litigation, Investigation, and Law Enforcement

EXCLUSIVE Chinese province targets journalists, foreign students with planned new surveillance system (Reuters) Security officials in one of China’s largest provinces have commissioned a surveillance system they say they want to use to track journalists and international students among other “suspicious people”, documents reviewed by Reuters showed.

Months-long Interpol crackdown nets more than 1,000 online fraud arrests (CyberScoop) An Interpol operation to combat online fraud concluded with the arrests of 1,003 people and the interception of $27 million in illicit funds, according to the international police organization, which conducted the crackdown alongside 20 countries. Waged from June to September of this year, “Operation HAECHI-II” targeted online crime like romance scams, investment fraud and money laundering associated with illegal online gambling.

More than 1,000 arrests and USD 27 million intercepted in massive financial crime crackdown (INTERPOL) INTERPOL-coordinated operation saw 22 jurisdictions around the world cooperate to swiftly intercept the illicit proceeds of online fraud

ICO issues provisional view to fine Clearview AI Inc over £17 million (ICO) The Information Commissioner’s Office (ICO) has today announced its provisional intent to impose a potential fine of just over £17 million on Clearview AI Inc – a company that describes itself as the ‘World’s Largest Facial Network’. In addition, the ICO has issued a provisional notice to stop further processing of the personal data of people in the UK and to delete it following alleged serious breaches of the UK’s data protection laws.

Clearview AI warned over UK data law breaches (TechCrunch) Controversial facial recognition company Clearview AI is facing a potential fine in the UK. It has also been handed a provisional notice to stop further processing of UK citizens’ data and to delete any data it already holds as a result of what the Information Commissioner’s Office (ICO…

FBI investigating another local election data breach linked to MyPillow CEO Mike Lindell (Salon) Two election officials spoke with Lindell’s sidekick before leaked data was featured at his wild-eyed “cyber symposium.”

Patients File Lawsuits in Wake of Healthcare Data Breaches (HealthITSecurity) Some hospitals are successfully putting a stop to lawsuits filed in the wake of healthcare data breaches, claiming a lack of real injury to patients.

Where is the threshold for compensation in data breach claims? (BLM) Head of TMT and Cyber Practice Group Tim Smith analyses the recent decision in the High Court by Master McCloud in Rolfe and others v Veale Wasbrough Vizards LLP.

Class Certification Lifted in Hospital Patient Data Breach Case (Bloomberg Law) A class certification order in a data breach case against a West Virginia hospital has been lifted because one named plaintiff lacked standing, and the other didn’t show his claim was typical of the proposed class, the state’s top court said.

Tencent bows to Beijing’s pressure, opens WeChat groups to social media rivals (The Record by Recorded Future) Chinese internet giant Tencent will allow more content from third-party social media rivals to open directly within its popular WeChat app, bowing to pressure from the central government.

Criminal Case Reveals Breach of Swiss Secrecy ( The criminal investigation of Raiffeisen’s long-standing CEO has laid bare how Julius Baer was blindsided by a surprising violation of secrecy for client data.

Ohio Ransomware Ruling Heightens ‘Silent Cyber’ Worries – Law360 (Law360) An Ohio appeals court’s recent split ruling in a ransomware case shocked insurance attorneys, with some saying the decision contradicts hundreds of recent COVID-19 coverage decisions and could pin so-called silent cyberinsurance risks on unsuspecting insurers.

Click Here For The Original Source.

. . . . . . .