Cybersecurity News
- Microsoft has set October 15, 2020 as the date it will enforce the deprecation of the legacy Transport Layer Security (TLS) web protocols TLS 1.0 and 1.1 in Office 365.
- Сybersecurity researchers have discovered critical vulnerabilities in industrial VPN implementations primarily used to provide remote access to operational technology (OT) networks that could allow hackers to overwrite data, execute malicious code, and compromise industrial control systems (ICS).
- Japan is poised to start work on global quantum key distribution service and associated infrastructure. Toshiba as a lead contractor of this project aims to build a wide-area network that can accommodate over 100 quantum cryptographic devices and 10,000 users around the world.
- NATO Cooperative Cyber Defence Centre of Excellence, NATO CCDCOE, published “Malware Reverse Engineering Handbook”. It gives an overview of how to analyze malware executables that are targeting the Windows platform. The authors are presenting the most common techniques used in malware investigation and also incident response and collaboration tools.
- Security researchers have discovered more than 400 pieces of vulnerable code inside the Qualcomm Snapdragon digital signal processor (DSP) chip that powers millions of high-end smartphones from Google, Samsung, LG, Xiaomi, OnePlus, and other device manufacturers. Qualcomm’s Snapdragon chip is among the most common in Android smartphones, note the Check Point researchers who found the vulnerabilities they collectively dubbed “Achilles.”
- A team of Chinese researchers has described the analysis process that resulted in the discovery of 19 vulnerabilities in a Mercedes-Benz E-Class, including flaws that can be exploited to remotely hack a car.
- Researchers are warning of a critical vulnerability in a WordPress plugin called Comments – wpDiscuz, which is installed on more than 70,000 websites. The flaw gives unauthenticated attackers the ability to upload arbitrary files (including PHP files) and ultimately execute remote code on vulnerable website servers.
- The National Security Agency released a Limiting Location Data Exposure Cybersecurity Information Sheet (CSI) to guide National Security System (NSS) and Department of Defense (DoD) mobile device users on how they might reduce risk associated with sharing sensitive location data. The guide summarizes how and why mobile devices expose location data and explains potential risk that comes with using them. It provides mitigations to limit the sharing of this information but warns there is no solution to fully mitigate a mobile device from being located.
Cybersecurity Blog Posts
- Warren Axelrod told about cybersecurity metrics on threats, attacks, vulnerabilities and incidents that are used to make decisions. He showed that there is a similar tendency at the coronavirus epidemic and explained how dangerous are decisions based on inadequate metrics or the inability to understand the import and implications of known metrics.
- Aryeh Goretsky wrote about Thunderspy, a series of vulnerabilities in the Thunderbolt technology, and described practical methods to defend against it, as well as anti-tamper steps that can help ascertain if a computer has been physically compromised.
- Christa Miller shared the recent news and research on digital forensics standards and described four new resources aim to address different aspects of this sphere. In the United States, the Scientific Working Group on Digital Evidence (SWGDE) and the National Institute of Standards and Technology (NIST)’s Organization of Scientific Area Committees (OSAC) Digital and Multimedia Scientific Area Committee offer new considerations for digital forensics telework. In Europe, sets of deliverables newly released from the FORMOBILE and LOCARD projects describe law enforcement agencies’ mobile forensics requirements, along with several key elements of a “blockchain of custody” deployment.
- Anton Chuvakin presented the results of the poll about SIEM which showed that people are challenged by roughly the same things about SIEM as they were during its younger years.
Research & Analytics
- Cybersecurity company Group-IB published a new research which aims to shine a light on the shadowy world of ‘pirate’ CDNs, the streaming sites they fuel, and the companies helping to finance their operations. Online casinos and bookmakers reportedly play a major role, with platforms using players’ gambling activities and losses to keep pirate sites afloat.
- Canalys forecasts that worldwide cybersecurity spending will grow 5.6% in its best-case scenario, where investment continues to outpace the economy. The overall shipment value, covering endpoint security, network security, web and email security, data security, and vulnerability and security analytics, is expected to reach US$43.1 billion. Even in Canalys’ worst-case scenario, if IT budgets come under serious pressure, the global cybersecurity market is still forecast to grow 2.5% in 2020.
- Forrester published Build A Developer Security Champions Program report which lays the groundwork for standing up a successful program that lasts and improves the health of application security (AppSec). Key takeaways from the report highlight are the importance of embedding AppSec where developers need it most, the need for executive sponsorship and funding for your program and five critical steps to consider when building a program.
- In the report Big Security in a Small Business World Cisco experts debunked common SMB cybersecurity myths. Report data covers SMBs with 250 to 499 employees. 72% have employees dedicated to threat hunting, compared to 76% of large organizations. An impressive 86% have clear metrics for assessing the effectiveness of their security, compared to 90% of large organizations.
- The Cyber Attack Trends 2020 Mid-Year Report by Check Point highlights the trends cyber criminals use to attack organizations worldwide across all industries and gives you the information you need to explore current threat, trends and tactics used globally.
- Check Point Research’s latest Brand Phishing Report for Q2 2020 shows that Google and Amazon were the most imitated brands in phishing attempts, while Apple (the leading phishing brand in Q1) fell to 7th place from the top spot in Q1. The total number of Brand Phishing detections remains stable compared to Q1 2020.
- LogRhythm released the report The State of the Security Team: Are Executives the Problem? The surprising primary findings include 93% of security professionals lack the tools to detect known security threats, and 92% state they are still in need of the appropriate preventative solutions to close current security gaps.
- IBM published an annual report Cost of a Data Breach Report, which analyzed 500 companies and organizations that faced network hacks and data leaks. Currently, data leaks cost companies an average of $3.86 million. Although this figure is down 1.5% compared to 2019, major incidents involving more than 50 million records can cost companies up to $392 million.
- SANS paper Benefits and Adoption Rate of TLS 1.3 provides data testing the speed and security of TLS 1.3 compared to TLS 1.2 across major TLS libraries and a point-in-time measurement of TLS 1.3 adoption across the top 500 websites in the business, retail, technology, and news sectors.
- Sophos Labs informed about a new wave of ransomware attacks. The ransomware, called ProLock, is a successor to PwndLocker, a ransomware strain that emerged late in 2019. According to the FBI “flash”, victims of ProLock have included healthcare organizations, government agencies, financial institutions, and retailers.
Major Cyber Incidents
- Spanish state railway company Adif hit by REvil ransomware attack. This incident came after two previously successful campaigns against the infrastructure group, during which the attackers claimed they took 800 GB of data, including personal information and accounting figures.
- Smartwatch and wearables maker Garmin has shut down several of its services to deal with a ransomware attack that has encrypted its internal network and some production systems. The company is currently planning a multi-day maintenance window to deal with the attack’s aftermath, which includes shutting down its official website, the Garmin Connect user data-syncing service, Garmin’s aviation database services, and even some production lines in Asia.
- Digital banking app and tech unicorn Dave.com confirmed a security breach after a hacker published the details of 7,516,625 users on a public forum. Dave said the security breach originated on the network of a former business partner, Waydev, an analytics platform used by engineering teams.
- The Nefilim ransomware operation has begun to publish unencrypted files stolen from a Dussmann Group subsidiary during a recent attack. In a post to their data leak site, the Nefilim operators have published two archives containing 14 GB worth of stolen files. According to the file lists, these archives contain numerous documents, including Word documents, images, accounting documents, and AutoCAD drawings.
- The operators of the Maze ransomware have published tens of GB of internal data from the networks of enterprise business giants LG and Xerox following two failed extortion attempts. They claim to have stolen 50.2 GB from LG’s internal network, and 25.8 GB of Xerox data.
- CouchSurfing, an online service that lets users find free lodgings, is investigating a security breach after hackers began selling the details of 17 million users on Telegram channels and hacking forums.
- The Vermont Department of Taxes disclosed that taxpayers’ private information was exposed because of a security issue affecting its online filing site. The data breach affected all Vermonters who electronically filed Property Transfer Tax returns using the tax department’s site between February 2017 and July 2020.