Cybersecurity News of the Week, September 26, 2021



The first annual SecureTheVillage Golf Tournament is October 20. Celebrate Cybersecurity Awareness Month on the links. Includes breakfast, lunch, and cocktail reception afterwards. Not a golfer? That’s OK. Come to the reception. A limited number of foursomes and sponsorships are still available.

CybersecureAmerica 2021: A Reasonable Approach to Reasonable Security, the Sequel

Following last year’s successful conference, this year’s annual conference in support of Cybersecurity Awareness Month returns to the topic of reasonable security. … Join SecureTheVillage and our expert panel of information security professionals for a workshop-style conference on reasonable security. October 21. 9:00 – 12:30 Pacific Time.

Individuals at Risk

Identity Theft

Social Security Numbers Aren’t Secure: What Should We Use Instead?: The answer is not as simple as replacing each nine-digit number with a longer one. Scientific American, September 24, 2021

Cyber Privacy

What’s Up with WhatsApp Encrypted Backups: WhatsApp is rolling out an option for users to encrypt their message backups, and that is a big win for user privacy and security. The new feature is expected to be available for both iOS and Android “in the coming weeks.” EFF has pointed out unencrypted backups as a huge weakness for WhatsApp and for any messenger that claims to offer end-to-end encryption, and we applaud this improvement. Next, encryption for backups should become the default for all users, not just an option. EFF, September 16, 2021

Cyber Update

Netgear fixes dangerous code execution bug in multiple routers: Netgear has fixed a high severity remote code execution (RCE) vulnerability found in the Circle parental control service, which runs with root permissions on almost a dozen modern Small Offices/Home Offices (SOHO) Netgear routers. BleepingComputer, September 21, 2021

Cyber Warning

Unpatched Apple Zero-Day in macOS Finder Allows Code Execution: All a user needs to do is click on an email attachment, and boom – the code is silently executed without the victim knowing. It affects Big Sur and prior versions of macOS. ThreatPost, September 22, 2021

This new SMS smishing malware is targeting Android mobile users: TangleBot malware campaign tries to lure potential victims with Covid-19 lures. TechRadar, September 22, 2021

Social Media

Facebook’s latest “apology” reveals security and safety disarray: “Hard to say” who is responsible for platform-wide safety and security. ars technica, September 21, 2021

No More Apologies: Inside Facebook’s Push to Defend Its Image: Mark Zuckerberg, the chief executive, has signed off on an effort to show users pro-Facebook stories and to distance himself from scandals. The New York Times, September 21, 2021

Cyber Humor

Information Security Management for the Organization

Information Security Management

NIST Brings Threat Modeling into the Spotlight: One noteworthy element of the National Institute of Standards and Technology’s recent Recommended Minimum Standard for Vendor or Developer Verification of Code is the prominence given to threat modeling, which is ranked first in NIST’s six recommended technique classes for software verification, alongside more traditional (but still important) methods, including automated testing, code-based analysis, dynamic analysis, check included software, and fixing bugs. Dark Reading, September 23, 2021

NIST Issues Cybersecurity Framework for Ransomware Risk Management: The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) recently issued a Ransomware Profile* identifying steps organizations can take to prevent, respond to and recover from ransomware events**. According to the profile, its “purpose…is to help organizations identify and prioritize opportunities for improving their security and resilience against ransomware attacks.” NIST encourages organizations to use the document as a guide for profiling the state of their own readiness and to identify gaps to achieve their goal. The National Law Review, September 23, 2021

After ransomware attack, company finds 650+ breached credentials from NEW Cooperative employees: According to FYEO, “chicken1” was used over 10 times by employees at the company. ZDNet, September 21, 2021

Cybersecurity in Society

Cyber Crime

Canadian VoIP provider held for ransom by DDoS attack: A Canadian voice-over-IP provider called is being held to ransom by what it called a “massive” and sustained DDoS attack, which could cause the company to lose business. IT World Canada, September 21, 2021

Iowa farm services provider hit with BlackMatter ransomware and $5.9 million ransom: Security researchers leaked conversations between New Cooperative negotiators and BlackMatter operators. ZDNet, September 20, 2021

Alaskan health department still struggling to recover after ‘nation-state sponsored’ cyberattack: Washington (CNN)Some computer networks at the Alaskan health department are still offline after foreign government-backed hackers breached the department in May, a spokesperson told CNN on Monday. CNN, September 20, 2021

Project Veritas scammed out of $165,000 by a phishing email: Project Veritas, the conservative media group known for staging “sting operations” with hidden cameras where they trick people into saying things out of context that “confirm” right-wing conspiracy theories, announced last week that they got duped by what was essentially a sting operation. Shortly after the company’s offices were flooded by Hurricane Ida, the company received an email that appeared to be from their attorneys following up on an invoice — but it turned out to be a phishing scam. BoingBoing, September 21, 2021

Cyber Negligence

Data of 106 Million Visitors to Thailand Breached: A British cybersecurity researcher stumbled across his own personal data online after discovering an unsecured database containing the personal information of millions of visitors to Thailand. InfoSecurity, September 20, 2021

Cyber Surveillance

Spyware ‘found on phones of five French cabinet members’: Mediapart claims indicate that devices were targeted by NSO’s Pegasus spyware. The Guardian, September 23, 2021

Cyber Leak

Hackers leak LinkedIn 700 million data scrape: A collection containing data about more than 700 million users, believed to have been scraped from LinkedIn, was leaked online this week after hackers previously tried to sell it earlier this year in June. TheRecord, September 22, 2021

Know Your Enemy

Large-Scale Phishing-as-a-Service Operation Exposed: Discovery of BulletProofLink—which provides phishing kits, email templates, hosting and other tools—sheds light on how wannabe cybercriminals can get into the business. ThreatPost, September 23, 2021

He Escaped the Dark Web’s Biggest Bust. Now He’s Back: DeSnake apparently eluded the DOJ’s takedown of AlphaBay. The admin talked to WIRED about his return—and the resurrection of the notorious underground marketplace. Wired, September 23, 2021

How REvil May Have Ripped Off Its Own Affiliates: A newly discovered backdoor and double chats could have enabled REvil ransomware-as-a-service operators to hijack victim cases and snatch affiliates’ cuts of ransom payments. ThreatPost, September 22, 2021

Former NSA Hacker Describes Being Recruited for UAE Spy Program: David Evenden was hired in 2014 to work in Abu Dhabi on a defensive cybersecurity project, only to discover it was actually an offensive spy operation for a United Arab Emirates intelligence service. ZeroDay, September 20, 2021

Cyber Freedom

Fallout begins for far-right trolls who trusted Epik to keep their identities secret: The colossal hack of Epik, an Internet-services company popular with the far right, has been called the “mother of all data lodes” for extremism researchers. Some of those named in the data have already lost their jobs. The Washington Post, September 25, 2021

Indictment, Lawsuits Revive Trump-Alfa Bank Story: In October 2016, media outlets reported that data collected by some of the world’s most renowned cybersecurity experts had identified frequent and unexplained communications between an email server used by the Trump Organization and Alfa Bank, one of Russia’s largest financial institutions. Those publications set off speculation about a possible secret back-channel of communications, as well as a series of lawsuits and investigations that culminated last week with the indictment of the same former federal cybercrime prosecutor who brought the data to the attention of the FBI five years ago. KrebsOnSecurity, Septemeber 23, 2021

Democracy advocate finds internet freedom has declined globally for 11th consecutive year: A non-government organisation says internet freedom globally has deteriorated as more countries have pursued new rules for tech companies on content, data, or competition over the past year. ZDNet, September 21, 2021

National Cybersecurity

Biden sanctions cryptocurrency exchange over ransomware attacks: WASHINGTON, Sept 21 (Reuters) – The Biden administration on Tuesday unveiled sanctions against a cryptocurrency exchange over its alleged role in enabling illegal payments from ransomware attacks, officials said, part of a broader crackdown on the growing threat. Reuters, September 21, 2021

America Is Being Held for Ransom. It Needs to Fight Back: Mr. Alperovitch, a computer scientist, is chairman of the Silverado Policy Accelerator, a think tank focused on cybersecurity, trade security and climate change, and a co-founder and former chief technology officer of CrowdStrike, a cybersecurity company. The New York Times, September 20, 2021

Cyber Enforcement

Police Announce Huge Bust of Mafia’s Cyber Crime Operations: European police accused several people of SIM swapping, phishing, and hacking in support of Italian organized crime. Vice, September 20, 2021

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge