Nobelium cyberespionage campaign found. Signed rootkit aims at gaming. Mercedes-Benz data breach. CISA tracks “bad practices.” – The CyberWire


Before we move on, allow me to say that geoFence was designed and coded by US citizens to the strictest standards.

Attacks, Threats, and Vulnerabilities

Microsoft says new breach discovered in probe of suspected SolarWinds hackers (Reuters) Microsoft (MSFT.O) said on Friday an attacker had won access to one of its customer-service agents and then used information from that to launch hacking attempts against customers.

Microsoft Warns of Continued Attacks by the Nobelium Hacking Group (PCMAG) Microsoft says the Nobelium hackers who have targeted SolarWinds, USAID, and other organizations accessed information stored on one of its employee's devices.

Microsoft support agent and some basic customer details hit by SolarWinds attackers (ZDNet) What Redmond is framing as a small breach has come alongside the company admitting some malware passed through its driver signing process.

Microsoft says SolarWinds hacking group has breached three new victims (The Record by Recorded Future) Microsoft said on Friday that it discovered new cyberattacks carried out by Nobelium, the codename the company has assigned to the Russian state-sponsored hacking group responsible for the SolarWinds hack last year.

Microsoft says a new breach was discovered in probe of suspected SolarWinds hackers (Business Insider) The company said it had found the compromise during its response to hacks by a team it identifies as responsible for earlier major breaches at SolarWinds.

WD My Book NAS devices are being remotely wiped clean worldwide (BleepingComputer) Western Digital My Book NAS owners worldwide are finding that their devices have been mysteriously factory reset and all of their files deleted.

Old Vulnerability Exploited to Hack, Wipe WD Storage Devices (SecurityWeek) WD warns customers that someone has been exploiting an old vulnerability to hack My Book Live NAS devices and trigger a factory reset that results in all data being erased.

Western Digital blames 2018 bug for mass-wiping attacks on old NAS devices (The Record by Recorded Future) US-based Western Digital has blamed an old 2018 vulnerability for a series of attacks during which a mysterious entity has triggered mass-factory resets that have wiped user data from internet-exposed My Book Live and My Book Live Duo network-attached storage (NAS) devices.

AEM CRX Bypass: The 0-day that took control over some enterprise AEM CRX Package Manager | Detectify Labs (Detectify Labs) Detectify Crowdsource ethical hackers discovered a zero day, AEM CRX Bypass, in Adobe Experience Manager which allowed them to execute RCE.

NFC Flaws Let Researchers Hack ATMs by Waving a Phone (Wired) Flaws in card reader technology let a security firm consultant wreak havoc with point-of-sale systems and more.

Mercedes-Benz USA accidentally puts out data from nearly 1,000 customers (Reuters) Mercedes-Benz USA said on Thursday sensitive personal information of nearly 1,000 customers and interested buyers was inadvertently made accessible on a cloud storage platform.

Mercedes-Benz data breach exposes SSNs, credit card numbers (BleepingComputer) Mercedes-Benz USA has just disclosed a data breach impacting under 1,000 customers and potential buyers that exposed their credit card information, social security numbers, and driver license numbers.

Mercedes-Benz vendor data breach leaks sensitive customer information (Roadshow) The company says fewer than 1,000 customers are affected, but info compromised may include Social Security and credit card numbers.

Mercedes-Benz USA Announces Initial Findings of Data Investigation Affecting Customers and Interested Buyers (Mercedes-Benz USA) On June 11, 2021, a vendor informed Mercedes-Benz that sensitive personal information of less than 1,000 Mercedes-Benz customers and interested buyers was inadvertently made accessible on a cloud storage platfor

Builder for Babuk Locker ransomware leaked online (The Record by Recorded Future) The builder for the Babuk Locker ransomware was leaked online this week, allowing easy access to an advanced ransomware strain to any would-be criminal group looking to get into the ransomware scene with little to no development effort.

Hackers Crack Pirated Games with Cryptojacking Malware (Threatpost) Threat actors have so far made about $2 million from Crackonosh, which secretly mines Monero cryptocurrency from affected devices.

Microsoft admits to signing rootkit malware in supply-chain fiasco (BleepingComputer) Microsoft has now confirmed signing a malicious driver being distributed within gaming environments. This driver, called "Netfilter," is in fact a rootkit that was observed communicating with Chinese command-and-control IPs.

Microsoft admits certifying a driver loaded with rootkit malware, says 'small number' of customers compromised by SolarWinds hackers (Computing) Bogus driver connected to command-and-control servers based in China. Nobelium stole data via support agent's machine

Microsoft signed a malicious Netfilter rootkit (GData) What started as a false positive alert for a Microsoft signed file turns out to be a WFP application layer enforcement callout driver that redirects traffic to a Chinese IP. How did this happen?

Investigating and Mitigating Malicious Drivers (Microsoft Security Response Center) The security landscape continues to rapidly evolve as threat actors find new and innovative methods to gain access to environments across a wide range of vectors. As the industry moves closer to the adoption of a Zero Trust security posture with broad and layered defenses, we remain committed to sharing threat intelligence with the community to shine a light on the latest techniques and exploits of attackers so the industry can better protect itself.

Hackers are infecting gamers' PCs with malware to make millions from crypto (CNBC) Cyber criminals are targeting gamers with "mining malware" as they look to get crypto-rich, according to research published by security firm Avast.

Cryptographic mining Crackonosh malware found in GTA V, The Sims 4 torrents (Eminetra) Cybercriminals are targeting gamers with “mining malware” because they are trying to get a lot of cryptocurrencies. the study Published by security company Avast. Avast said Thursday that so-called “craconosh” malware was hidden in free versions of games such as NBA 2K19, Grand Theft Auto V, Far Cry 5, The Sims 4, and Jurassic World …

Attacks against game companies are up. But why? (SC Media) Malicious hackers are increasingly mobbing the video game industry, but security experts can’t pinpoint a single explanation for the surge.

If These ‘Very Dangerous’ Apps Are Installed On Your Phone, Delete Them Now (Forbes) Android users at risk as Play Store security is beaten again…

Rossen Reports: New data breach hits cruise lines, here’s what to do (WAPT) One of the cruise lines says it's making changes to improve security of its information systems and will reach out to those who are affected by the breach.

Texas hacker says smart meters secrets are being spilled (KTSA) Smart metering systems, the ones used by energy companies like CPS Energy, are spilling some secrets that...

Cyber attack strikes Eastern Wyoming College (News Channel Nebraska) Eastern Wyoming College (EWC) recently was a recipient of a cyber attack.

'It's evil' Ransomware attack on hospital system in Savannah is part of a growing trend (Savannah Morning News) The ransomware attack on St. Joseph's/Candler that was first detected on June 17 is part of a growing trend of such attacks.

Hackney blames a cyber-attack for not issuing council tax refund (the Guardian) It was more than seven months ago, but it still can’t say when I’ll get my money

Records Show Some UW Institutions Used Software US Officials Say Was Compromised By Russian Hackers (Wisconsin Public Radio) University of Wisconsin System email records show some System institutions used SolarWinds software that U.S. officials say was hacked by attackers working for the Russian government.

Governor confirms another data breach at Workforce WV (WVVA) WVVA News has learned of another data breach at Workforce West Virginia on Tuesday.

Not Even Superheroes Have the Power to Stay Off of Breached Password Lists (Specops Software) Batman or Spiderman? Superman or Thor? Flash or Falcon? The infatuation with and intense debate over Marvel and DC superhero and villain...

Security Patches, Mitigations, and Software Updates

Google Rolling Out Security Update for Google Drive (SecurityWeek) The update makes sharing links for some Google Drive files more secure and will require attention from Google Workspace admins.

The Most Important Things Microsoft Announced Today (Wired) After leaks and rumors, we got our first look today at Windows 11 and the future of Windows as a platform. Here's what you have to look forward to this fall.

Shut Out of Windows 11: TPM Requirement Excludes Many PCs (Tom's Hardware) Even some three year old computers may not be able to run the OS.

Microsoft says TPM 2.0 is mandatory for installing Windows 11 (Computing) The technology is essential to protect future PCs from cyber criminals and sophisticated attacks from nation-states, the company says

Why You Need To Start Worrying About Microsoft Windows 11 Now (Forbes) Unfortunately, the bright side of Windows 11 comes at a cost. Your existing computers may not work with it.

The Economic Costs of Cyber Risk (Foundation for the Defense of Democracies) Analysis, Memos | June 28, 2021 |

Water and Wastewater Systems Cybersecurity: 2021 State of the Sector (Water and Wastewater ISAC) With threats from increasingly sophisticated and destructive attackers, cybersecurity has become a top priority for water and wastewater systems. Recent incidents have added urgency to discussions within the sector and with Congress and in federal agencies on how best to help utilities improve their cybersecurity.

Security And Quality Violation Rates Increase Across Digital Advertising In Q1 2021 (PR Newswire) Confiant, the company that introduced the industry's first real-time creative verification solution for programmatic advertising in 2017, has...

Using VMs to hide ransomware attacks is becoming more popular (The Record by Recorded Future) In early 2020, security researchers were baffled to discover that a ransomware gang had come up with an innovative trick that allowed it to run its payload inside virtual machines on infected hosts as a technical solution that bypassed security software.

The first major AI-driven global cyber attack will occur in the next 12 months: survey (Continuity Central) Deep Instinct has launched its Voice of SecOps Report. This annual report highlights current and emerging threats, the impact these have on the day-to-day lives of SecOps professionals, and how automation will play a significant role moving forward. In Deep Instinct’s new survey of 600 IT and cyber security professionals, more than half of the survey respondents noted ransomware or zero-day attacks as the biggest threats to their organization.

Political campaigns worry they're next for ransomware hits (TheHill) Political campaigns are ramping up their protections, worrying the next in a rising number of ransomware attacks could target them.

Many companies believe it is important to protect employee privacy, yet few are effective in doing so (Help Net Security) 63% of respondents say it is important to protect employee privacy in the workforce, but only 34% of organizations are effective in doing so.

The 10 Biggest Cyber Attacks In History (Al Bawaba) Cyber attacks and crimes are no new news. However, with more of our information being shared online than ever before, we might be more vulnerable than w


Investors Eye Emerging Cybersecurity Space As APIs Explode (Crunchbase News) With venture capital flowing into the cybersecurity space at a record level, investors continue to hunt for the next big thing — and that could be looking at how applications talk to each other

Bit Discovery Banks $4 Million for Attack Surface Management Tech (SecurityWeek) Bit Discovery has banked another $4 million in venture capital funding to compete in the crowded attack surface management space.

Cybersecurity unicorn SentinelOne boosts IPO targets to $1.2B (Silicon Valley Business Journal) SentinelOne Inc. appears poised this week to put an exclamation point on the busiest year for Bay Area initial public offerings since the dotcom boom at the turn of the century.

AWS has acquired encrypted messaging service Wickr (TechCrunch) Amazon’s cloud services giant Amazon Web Services (AWS) is getting into the encrypted messaging business. The company has just announced that it has acquired secure communications service Wickr — a messaging app that has geared itself towards providing services to government and militar…

AWS Acquires Encrypted Communications Service Wickr (SecurityWeek) Amazon's AWS subsidiary has snapped up Wickr, a late-stage provider of encrypted communications technology.

Amazon Acquires Encrypted Messaging App Wickr (Motherboard) Wickr is a popular encrypted messaging platform used by journalists, criminals, governments, and businesses.

Crypto’s Top V.C. Is Playing the Long Game (New York Times) Katie Haun, a co-chair of Andreessen Horowitz’s new $2.2 billion crypto fund, is betting that the blockchain will be as big as the internet.

‘No changes’ to Dell-VMware partner synergies (CRN Australia) Channel chief says go-to-market strategies will remain fully intact.

Chinese surveillance firm builds influence in Washington, with help from former members of Congress (Washington Post) Former lawmakers have registered as foreign agents for the U.S. branch of Hikvision, the maker of cameras used to monitor Uyghur Muslims in China’s detention camps.

TikTok insiders say social media company is tightly controlled by Chinese parent ByteDance (CNBC) Former TikTok employees say there is cause for concern when it comes to the popular social media app's Chinese parent company.

"We're not a one-trick pony" (San Francisco Business Times) CEO George Kurtz led cybersecurity company CrowdStrike to be No. 1 in the Bay Area’s middle market.

Major Government Contractor Booz Allen Helps Cyber Victims Pay Ransoms—Exactly The Opposite Of U.S. Policy (Forbes) The consulting firm helps ransomware victims negotiate with and sometimes pay off cybercriminals to reopen hacked businesses—which stands in stark contrast to what the federal government advises.

3 Top Cybersecurity Stocks to Buy for the Long Haul (Nasdaq) The world is going digital at a rapid pace in the wake of the pandemic, and companies slow to update their operations or taking a lax approach to security are facing real-world consequences. The widespread hack exploiting SolarWinds (NYSE: SWI) and the Colonial Pipeline shutdown are just two examples.

Portsmouth firm expands effort to fight cyberattacks, ransomware (Seacoastonline) The ATOM Group of Portsmouth is opening a second location in Concord, NH.

16 companies hiring for infosec and cybersecurity roles (Silicon Republic) Check out some of the companies hiring in the areas of infosec, cybersecurity and incident response both in Ireland and further afield.

Nutanix CEO Eyes $61B Market Opportunity, Sets Profitability Targets (SDxCentral) Nutanix CEO Rajiv Ramaswami eyes a $61 billion market opportunity and charts a course to profitability six months into his new gig.

Nutanix selects new chairman (CRN Australia) Replacing former chairman and CEO Dheeraj Pandey.

Former Hewlett Packard Enterprise prez joins Coalfire board (BizWest) Coalfire Systems Inc., a Westminster cybersecurity firm, has added former Hewlett Packard Enterprise president Mike Nefkens to its board of directors.  “Coalfire is at the forefront of continuous cybersecurity integration and delivery. It’s an honor to work with a board of this caliber and at this critical moment in our industry’s history,” said Nefkens.

Angela Heise Named Microsoft Defense and Intelligence Corporate VP (GovCon Wire) Looking for the latest GovCon News? Check out our story: Angela Heise Named Microsoft Defense and Intelligence Corporate VP. Click to read more!

rThreat Announces Igor Volovich as Newest Member of Board of Advisors (WebWire) rThreat (, the first company to develop a Breach and Attack Emulation solution that enables fully automated, real-world, real-time measurement and validation of enterprise cybersecurity controls and risk posture by leveraging known and unknown threats, is proud to welcome Igor Volovich as the newest member of rThreat's Board of Advisors.

Products, Services, and Solutions

New infosec products of the week: June 25, 2021 (Help Net Security) The featured infosec products this week are from the following vendors: Splunk, ThreatConnect, Securonix, and Synology.

Adversa AI Red Team Invented Technology for Ethical Hacking of Facial Recognition Systems | Adversa AI (Adversa AI | Trusted AI Security) Adversa AI, the leading Trusted AI Research startup, has demonstrated a new attack method on AI facial recognition applications. By making imperceptible changes in human faces, it makes an AI-driven facial recognition algorithm misrecognize persons. Compared to other similar approaches, this method is transferable across all AI models and at the same time, it’s much more accurate, stealth and resource-efficient.

Splunk announces Splunk Security Cloud for SIEM, SOAR, and more (iTWire) Splunk has announced its new Splunk Security Cloud bringing best-in-class SIEM, security analytics, SOAR, collaboration tools, and threat research. The product protects hybrid multi-cloud organisations with data-driven modern security operations. Years ago the network perimeter was the boundary betw...

Mitsubishi Motors taps Cyfirma to strengthen cybersecurity posture (Back End News) Japanese automaker Mitsubishi Motors Corp. (Mitsubishi Motors) has tapped the services of Cyfirma, a predictive cyber-threat visibility and intelligence analytics platform company to expand visibil…

MongoDB Atlas for Government Achieves FedRAMP Ready Status Upon Launch (PR Newswire) MongoDB, Inc. (NASDAQ: MDB), the leading, modern general purpose database platform, today announced that it has been approved as FedRAMP Ready...

Technologies, Techniques, and Standards

CISA Publishes Cyber 'Bad Practices' (Breaking Defense) The bad practices are aimed especially at -- though not limited to -- educating critical infrastructure owners and operators. This includes, of course, the defense industrial base and many who support its supply chain -- from communications equipment and high-tech capabilities to electrical and mechanical components for military hardware, such as tanks, planes, and ships.

Bad Practices (CISA) As recent incidents have demonstrated, cyberattacks against critical infrastructure can have significant impacts on the critical functions of government and the private sector.

Ransomware: Strategies for Faster Detection and Response (GovInfoSecurity) What is the life cycle of a ransomware attack, and how can organizations better detect and block them? Peter Mackenzie of Sophos, says that while many victims

Ransomware is not out of control; security teams are (TechRadar) Common security practices can thwart most ransomware campaigns, cybersecurity veteran says

Ransomware funds more ransomware — how do we stop it? (The Verge) A vicious cycle.

Major FIDO Updates Launched to Accelerate Global Charge Past Passwords (BusinessWire) Identiverse- The FIDO Alliance today announced its first user experience (UX) guidelines and new FIDO2 standards enhancements aimed at accelerating th

New Cloud Security Alliance Research Evaluates Hyperledger (CSA) Report and checklist provide data compromise mitigation strategies for financial services industry

When authorised payments are not: spotting coercion in online transactions (Paypers) With impostor scams on the rise worldwide and increasingly difficult to detect, financial institutions must develop new strategies to combat the threat of advanced social engineering and maintain customer ...

Hyperledger Fabric 2.0 Architecture Security Report | CSA (Cloud Security Alliance) This report identifies Hyperledger Fabric 2.0’s security risks while being implemented as a permissioned blockchain enterprise network in the cloud.

Securing private networks in the 5G era (GSMA Intelligence) The combination of cloud, data and IoT security threats means security risks are greater in the 5G era. A key challenge for operators offering 5G-based services is ensuring that they have sufficient knowledge or tools to tackle upcoming security vulnerabilities. Having a strategy for building up security credentials will be crucial in supporting these plans.

The Challenge of Educating the Military on Cyber Strategy (War on the Rocks) Malicious cyber activity is ranked by some as the primary threat to international security. The strategic implications of cyberspace are particularly

Design and Innovation

DIU rethinking cyber endpoint protections through advanced deception tools (Federal News Network) Defense Innovation Unit cyber portfolio Deputy Director Patrick Gould said on behalf of cyber mission teams, his organization tested out two tools that advanced the use of deception approaches to stop…

‘What are the odds someone will find and exploit this?’ Nice one — you just released an insecure app (Register) Who’s to blame: devs or management? And how do we cure application vulnerability epidemic

Northrop Grumman Building ‘Justified Confidence’ for Integrated Artificial Intelligence Systems (Northrop Grumman Newsroom) “Justified confidence” in artificial intelligence is more than just new buzzwords. It’s about developing AI systems that are robust, reliable and accountable, and ensuring these attributes can be verified and validated. The National Security Commission...


Why study Computer Science with the University of Bath? (Computing) The University of Bath is keen to recruit more women to its online Computer Science MSc

Henry Hua of Cypress College named national 'cyber hero' by synED | Orange County Breeze (Orange County Breeze) Dean of Business and IT at Cypress College, Henry Hua, named a 'cyber hero' for his efforts to empower students through cybersecurity.

Legislation, Policy, and Regulation

The Cybersecurity 202: The United States is still number one in cyber capabilities (Washington Post) The United States remains by far the world’s most cyber-capable nation with no major competitors for the title.

US remains the world’s dominant power in cyberspace but China is catching up, report says (South China Morning Post) The IISS report assessed 15 countries’ core intelligence powers, leadership in global cyberspace affairs, security and resilience as well as offensive capabilities. US has been building dominance in cyberspace since the 1990s, and its power has been amplified by intelligence-sharing networks such as the Five Eyes alliance.

Cyber Capabilities and National Power: A Net Assessment (IISS) The result of two years of study by IISS researchers, this report provides a major new qualitative assessment of 15 countries’ cyber power, as well as a new qualitative framework for understanding how to rank global state cyber capacity.

The US Takedown of Iranian Media Sites Extends a Thorny Precedent (Wired) Free speech advocates raised concerns after the Justice Department seized more than 30 domains this week.

Digital Authoritarianism is a National Security Threat, Pentagon Cyber Leader Says (Defense One) The U.S. must fund the development of technology that can compete with the offerings of authoritarian countries, said Mieke Eoyang, deputy assistant defense secretary for cyber policy.

Muhyiddin: Cyber security should be priority of every nation | New Straits Times (NST Online) Cyber security should be every nation’s top agenda as it battles the rise of borderless cybercrimes that come with threats, risks and vulnerabilities as the people become heavily reliant on digital technology amid the Covid-19 pandemic.

Was the Biden-Putin Summit a Success? (Foreign Policy) The White House set clear red lines on cyberwar, but don’t expect much progress in the months to come.

DOD Wants Partners to Up Their Cybersecurity Game, Official Says (U.S. DEPARTMENT OF DEFENSE) The Defense Department wants to help its partner contractors, large and small, become better at their own cybersecurity efforts, the deputy assistant of defense for cyber policy said.

A rise in ransomware threatens America’s critical infrastructure (Security Info Watch) Experts agree that the nation’s preparedness is woeful and a more collaborative approach between the public and private sector is crucial to stave off the next meltdown

New FTC chief Khan names some top staffers, including competition chief (Reuters) Tech critic and the new chair of the Federal Trade Commission, Lina Khan, has named three top staffers in a signal that the agency could become more aggressive in how it enforces antitrust law and laws against deceptive advertising.

Alaska’s CISO moved to DHS as state dealt with cyberattacks (StateScoop) Mark Breunig, who had been Alaska’s top cybersecurity official since January 2019, is the second state CISO to recently join the Department of Homeland Security.

Litigation, Investigation, and Law Enforcement

Supreme Court Creates Uncertainty for Privacy Lawsuits (Wall Street Journal) The U.S. Supreme Court ruled Friday that consumers who sued a credit-reporting bureau for falsely labeling them as terrorist suspects failed to prove a concrete harm, a decision that could narrow the ability of other plaintiffs to pursue complaints over privacy violations.

ManTech prevails in protest of $4B classified Air Force contract (Washington Technology) ManTech was one of three winners of a $4.4 billion classified Air Force security contract, but protested anyway and won its argument.

Dutch Group Launches Data Harvesting Claim Against TikTok (SecurityWeek) A Dutch consumer group is launching a 1.5 billion euro ($1.8 billion) claim against TikTok over what it alleges is unlawful harvesting of personal data from users of the popular video sharing platform.

Berlin’s No 1 digital detective agency is on the trail of human rights abusers (the Guardian) Investigators in Germany are using Google Earth, YouTube clips and social media posts to bring political crimes to the courts

Companies Scramble To Meet SEC's SolarWinds Info Deadline (Law360) After the U.S. Securities and Exchange Commission sent companies a request for information about their potential exposure to the now infamous SolarWinds cyber breach last week, they are scrambling to meet the short deadline and seeking clarity on how to avoid penalties, attorneys told Law360.

Incident response considerations: Protecting the attorney-client privilege (Reuters) Matthew G. White and Alexander F. Koskey of Baker Donelson examine the challenges of establishing attorney-client privilege and work product protections over reports in cyber-related litigation.

FIN7 ‘Pen Tester’ Headed to Jail Amid $1B in Payment-Card Losses (Threatpost) One of the Carbanak cybergang's highest-level hackers is destined to serve seven years while making $2.5 million in restitution payments.

Bill Barr rips Trump's "bulls" election fraud claims in new book: "It's just a joke" (Newsweek) Donald Trump's attempts to overturn the 2020 election became a "clown show," his former Attorney General said.

Trump's Election Fraud Claims Were 'All Bullshit' Former AG Barr Says (Rolling Stone) “We realized from the beginning it was just bullshit,” former attorney general Bill Barr said

Mike Lindell promises to show "100% non-subjective evidence" of election fraud in August (Newsweek) "They're gonna take this election down, and, yes, Donald Trump will be your president," the MyPillow CEO claimed.

Let's not forget that geoFence has a modern UI, that is secure and has the improved features that you need!