Individuals at Risk
Cyber Privacy
200M Adult Cam Model, User Records Exposed in Stripchat Breach: The leak included model information, chat messages and payment details. ThreatPost, November 16, 2021
Cyber Defense
Securing your digital life, the finale: Debunking worthless “security” practices: We tear down some infosec conventional wisdom—there’s a lot of bad advice out there. ars technica, November 17, 2021
The 200 Worst Passwords of 2021 Are Here and Oh My God: This year’s top slots featured obvious winners like “1234” and “12345,” which can be cracked in less than a second. Gizmodo, November 16, 2021
Cyber Update
Netgear patches severe pre-auth RCE in 61 router and modem models: Networking equipment vendor Netgear has patched the fifth set of dangerous remote code execution bugs impacting its small office and small home (SOHO) routers this year. TheRecord, November 17, 2021
Cyber Warning
New banking Trojan SharkBot makes waves across Europe, US: The malware specializes in infiltrating Android handsets. ZDNet, November 16, 2021
Netflix Bait: Phishers Target Streamers with Fake Service Signups: Lures dressed up to look like movie and TV streaming offers are swiping payment data. ThreatPost, November 16, 2021
Cyber Humor
Information Security Management for the Organization
Information Security Management
A Journey in Organizational Resilience: The Data Life Cycle: With so many efforts focused on restoring systems, applications and workloads, it is easy to miss an important piece: the data that makes business processes possible. A fully restored system is as good as offline if you don’t have the data required to work. SecurityIntelligence, November 15, 2021
Ransomware attacks are getting more complex and even harder to prevent: Ransomware attackers are probing known common vulnerabilities and exposures (CVEs) for weaknesses and quickly capitalizing on them, launching attacks faster than vendor teams can patch them. Unfortunately, ransomware attackers are also making attacks more complex, costly, and challenging to identify and stop, acting on potential targets’ weaknesses faster than enterprises can react. VentureBeat, November 13, 2021
Top 10 Cybersecurity Best Practices to Combat Ransomware: Immutable storage and more: Sonya Duffin, data protection expert at Veritas Technologies, offers the Top 10 steps for building a multi-layer resilience profile. ThreatPost, November 12, 2021
Open Source Project Aims to Detect Living-Off-the-Land Attacks: The machine learning classifier from Adobe can determine whether system commands are malicious and classify them using a variety of tags useful for security analysts. DarkReading, November 11, 2021
Cyber Warning
Palo Alto Networks’ Unit 42 Warns Cloud Attacks, Ransomware on the Rise: Palo Alto Networks’ threat intelligence team Unit 42 noticed a significant uptick in cloud attacks over the past three years and anticipates more than 80% of cyberattack cases will have a cloud aspect by the end of next year. SDX Central, November 18, 2021
Cybersecurity in Society
Cyber Crime
Costco Confirms: A Data Skimmer’s Been Ripping Off Customers: Big-box behemoth retailer Costco is offering victims 12 months of credit monitoring, a $1 million insurance reimbursement policy and ID theft recovery services. ThreatPost, November 12, 2021
Cyber Attack
Phishing Scam Aims to Hijack TikTok ‘Influencer’ Accounts: Threat actors used malicious emails to target more than 125 people with high-profile TikTok accounts in an attempt to steal info and lock them out. ThreatPost, November 17, 2021
Fake Ransomware Infection Hits WordPress Sites: WordPress sites have been splashed with ransomware warnings that are as real as dime-store cobwebs made out of spun polyester. ThreatPost, November 17, 2021
Moses Staff hackers wreak havoc on Israeli orgs with ransomless encryptions: A new hacker group named Moses Staff has recently claimed responsibility for numerous attacks against Israeli entities, which appear politically motivated as they do not make any ransom payment demands. BleepingComputer, November 15, 2021
Cloudflare blocks an almost 2 Tbps multi-vector DDoS attack: Earlier this week, Cloudflare automatically detected and mitigated a DDoS attack that peaked just below 2 Tbps — the largest we’ve seen to date. This was a multi-vector attack combining DNS amplification attacks and UDP floods. The entire attack lasted just one minute. The attack was launched from approximately 15,000 bots running a variant of the original Mirai code on IoT devices and unpatched GitLab instances. Cloudflare, November 13, 2021
Hoax Email Blast Abused Poor Coding in FBI Website: The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities. KrebsOnSecurity, November 13, 2021
Hackers undetected on Queensland water supplier server for 9 months: Hackers stayed hidden for nine months on a server holding customer information for a Queensland water supplier, illustrating the need of better cyberdefenses for critical infrastructure. BleepingComputer, November 11, 2021
Cyber Warning
Hackers Are Threatening The Global Supply Chain: As the global supply chain struggles from the aftershocks of the pandemic, spreading the suffering to nearly every industry, cyber criminals vultures are descending on the vulnerabilities to create more dangerous disruption. Oil Price, November 14, 2021
Cyber Defense
Ethical Hackers Stymie $27bn of Cybercrime: Ethical hackers have prevented $27bn worth of cybercrime during the COVID-19 pandemic, according to new research by California crowdsourced cybersecurity platform Bugcrowd. Info Security, November 16, 2021
Know Your Enemy
Top Cybersecurity Threats Around the Globe: Cybersecurity threats, risks and challenges vary a lot from one region to the next and one nation to the next. Targets vary based on local resources to exploit. Cyber criminals and nation-state attackers zero in on specific nations, companies and organizations for varying incentives. SecurityIntelligence, November 17, 2021
Evil Corp: ‘My hunt for the world’s most wanted hackers’: Many of the people on the FBI’s cyber most wanted list are Russian. While some allegedly work for the government earning a normal salary, others are accused of making a fortune from ransomware attacks and online theft. If they left Russia they’d be arrested – but at home they appear to be given free rein. BBC, November 17, 2021
Threat from Organized Cybercrime Syndicates Is Rising: Europol reports that criminal groups are undermining the EU’s economy and its society, offering everything from murder-for-hire to kidnapping, torture and mutilation. ThreatPost, November 12, 2021
National Cybersecurity
Iran is ‘leapfrogging our defenses’ in a cyber war ‘my gut is we lose’: Hacking expert Kevin Mandia: On Thursday, a federal grand jury indicted two Iranian hackers for election interference that included obtaining confidential voter information from at least one state’s election website for a cyber-based disinformation campaign targeting 100,000 Americans. Earlier this week, the U.S. government warned that Iranian hackers also have been on the ransomware offensive. CNBC, November 18, 2021
UK and US join forces to strike back in cyber-space: The US and UK are joining forces to “impose consequences” on their shared adversaries who conduct malicious cyber-activities. BBC, November 17, 2021
DHS chief information security officer wary of Pentagon’s changes to CMMC: The Department of Homeland Security is testing out its own way of evaluating contractor cybersecurity measures, amid concerns about the efficacy of the Defense Department’s Cybersecurity Maturity Model Certification program. Federal News Newtowk, November 16, 2021
Cyber Talent
The US government just launched a big push to fill cybersecurity jobs, with salaries to match: Cybersecurity workers could get paid as much as the vice president. ZDNet, November 16, 2021
Cyber Enforcement
Two Iranian Nationals Charged for Cyber-Enabled Disinformation and Threat Campaign Designed to Influence the 2020 U.S. Presidential Election: An indictment was unsealed in New York today charging two Iranian nationals for their involvement in a cyber-enabled campaign to intimidate and influence American voters, and otherwise undermine voter confidence and sow discord, in connection with the 2020 U.S. presidential election. US Dept. of Justice, November 18, 2021