Three-quarters of organizations surveyed by security firm Fortinet said they had at least one intrusion/breach attributable to the cybersecurity skills gap. The COVID-19-inspired shift to remote working has made the cybersecurity skills gap even more critical as IT teams struggle to provide employees with remote secure access to systems, the survey found.

More from Fortinet:

• 68% of organizations find it hard to recruit, hire, and retain cybersecurity talent
• 47% of organizations had three or more intrusions/breaches attributable to the cybersecurity skills gap.
• The hardest security position to hire for is cloud security architect.
• 82% of organizations said they prefer to hire candidates with cybersecurity certifications.
• The (ISC)2 Cybersecurity Workforce Study estimates it would take more than 4 million workers to fully close the cybersecurity gap.

4G and 5G cellular networks could be vulnerable to cyberattacks because of decades-old standards and protocols, according to Sergey Puzankov, a security researcher at Positive Technologies. Of particular concern, the signaling system 7 (SS7) standard and protocols, first developed in 1975, are still used in these networks. SS7 contains security flaws that could enable attackers to intercept phone calls, as well as bypass two-factor authentication.

More:

• 5G is forecasted to account for 21% of all wireless infrastructure investment in 2020.
• Puzankov told a BlackHat Asia audience that the attacks he uncovered all involve cross-protocol actions.
• Vendors have implemented security measures to protect their networks, but the researcher warned that these measures do not go far enough.

Cisco has agreed to buy PortShift, an Israeli-based DevOps and Kubernetes security startup, for a reported $100M. So far, PortShift has raised $5.3M from Team8, an incubator that is backed by Cisco, Microsoft, Walmart, and other larger companies. Cisco said the purchase was intended to expand its capabilities in cloud-native application security. 

More:

• PortShift provides a Kubernetes-native security platform, which enabling DevOps, security, and operations teams to secure the containerized applications life-cycle.
• Cisco will add Portshift to its Emerging Technologies and Incubation (ET&I) Group when the purchase closes, expected in the first half of its fiscal year 2021.
• The networking giant has made a number of recent high-profile cybersecurity acquisitions, including Duo for $2.35M and OpenDNS for $635M.

Universal Health Services said Thursday that computers and systems at all of its 250 U.S. healthcare facilities were shut down by a malware attack over the week. The healthcare provider said that it expects to get networks restored and reconnected "soon." It stressed that electronic medical record systems were not directly impacted by the attack.

More:

• As Inside Security reported, UHS had to redirect ambulances and move patients requiring surgery to different hospitals as a result of the attack.
• Based on descriptions that UHS employees posted on social media and related to media outlets, it appears that the attack was carried out by the Ryuk ransomware group. 
• UHS operates more than 400 healthcare facilities in the U.S. and U.K, has more than 90,000 employees, and serves 3.5 million patients per year.

The Internet Engineering Task Force (IETF) has published its proposed standard for network time security after an arduous five-year process. The standard is intended to fix vulnerabilities that exist in the current network time protocol (NTP), which is used to synchronize time between different computers over data networks. The vulnerabilities could enable distributed denial-of-service (DDoS) amplification, packet manipulation, and replay attacks.

More:

• The synchronization of time is crucial for the functioning of critical infrastructure, such as electrical power systems and transportation systems.
• Among other things, the proposed standard uses asymmetric cryptography for initial server authentication, which is designed to prevent man-in-the-middle attacks.
• The standard prevents the use of NTP implementations in DDoS amplification attacks.

Facebook said Thursday that a China-based malware campaign named SilentFade targeted its ad platform. The attackers were able to place fraudulent ads using compromised Facebook and Instagram accounts and remain undetected. Facebook fixed the security bug in its platform in 2019.

More:

• Facebook sued the alleged perpetrators, Hong Kong-based ILikeAd Media International Company and its employees Chen Xiao Cong and Huang Tao, in a California court last year.
• The attackers ran fraudulent drug ads and spam with fake celebrity endorsements. 
• Facebook researchers warned that other attackers are likely to employ similar techniques on social media platforms. 

Security researchers from Check Point were able to identify the developers of specific zero-day Windows exploits using a new technique used to monitor exploit developers' activities. The researchers were able to attribute 16 Window Kernel local privilege escalation exploits to two exploit developers known as Volodya (BuggiCorp) and PlayBit (luxor20080).

More from CheckPoint:

• The technique focuses on developing "fingerprints" of the exploit authors based on unique identifiers, such as the way the code was written and implemented.
• Volodya’s clients include banker trojan authors such as Ursnif, ransomware authors such as GandCrab, Cerber, and Magniber, and APT groups such as Turla, APT28, and Buhtrap
• The Check Point researchers encouraged other researchers to use the technique to identify additional exploit writers.

Security firm ESET was able to uncover an advanced persistent threat (APT) group that remained hidden on government and private company networks in Eastern Europe for nearly a decade. The group, named XDSpy, used the XDDown downloader to infect victims and download secondary modules that enabled the attacks to remain undetected.

More from ESET:

• Spearphishing was the primary technique used to infect the target's network.
• The group was first identified in a Belarus CERT advisory about a campaign targeting government agencies in the country.
• The malware disguised itself by using string obfuscation and dynamic Windows API library loading.
• The group focused its attacks on monitoring removable drives, taking screenshots, and exfiltrating documents.

PATCH WATCH: (This premium content appeared in the Sept. 30 issue of Inside Security.)

• Cisco patched a high-severity bug in its Cisco Aironet Access Points software that could enable an attacker to launch a denial-of-service attack against a vulnerable system. The flaw is due to insufficient input validation in the software's Ethernet packet handling.
• IBM patched a number of flaws in its products, including six high-severity bugs. The updates included a fix for a high-severity bug in the WebSphere Application Server for its IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise products.
• MB Connect line patched four vulnerabilities in its mymbCONNECT24 and mbCONNECT24 products that could enable an attacker to gain access to confidential information or carry out a remote code execution attack.
• Red Hat fixed several bugs in the kernel packages for Red Hat Enterprise Linux 7, which could enable a remote attacker to carry out denial-of-service and elevation-of-privileges attacks.
• Synopsys warned about authentication bypass vulnerabilities in chipsets of wireless routers made by Qualcomm, Mediatek, and Realtek. Mediatek and Realtek said they will send out patches upon request. Qualcomm said that the vulnerable chipsets have been discontinued and that currently supported chipsets are not affected by the flaw.
• Yokogawa fixed a vulnerability in its WideField3 tool for programming FA-M3 PLCs that could enable an attack to terminate the program unexpectedly.

As previously reported in Inside Security:

• Apple patched vulnerabilities in MacOS that could enable an attacker to carry out a remote code execution (RCE), security restriction bypass, or information disclosure attack. Read more...
• Facebook patched a critical bug in the Instagram mobile app that could enable an attacker to spy on victims. Read more...
• Google fixed a privilege escalation bug in OS Config, a Google Cloud Platform service for Compute Engine that manages operating systems running on virtual machine (VM) instances. Read more...
• Twitter patched a bug that could have led to the disclosure of developer information, such as application programming interface (API) keys and user access tokens. Read more...

QUICK HITS:

• U.S. law enforcement indicted or sanctioned at least six foreign hacker groups between July and September.
• An Emotet phishing campaign is posing as the Democratic National Committee. 
• The German privacy agency has fined clothing retailer H&M $41M for spying on employees.
• The SunCrypt ransomware group has added distributed denial-of-service attacks to its arsenal of data theft and encryption.
• Learn how to achieve powerful results from SMS—like 25x+ ROI—with 6 SMS marketing campaigns from leading brands.

*This is a sponsored post.

We're hiring! Check out our available positions:

• Business Researcher
• Director of Research
• Growth Marketing Manager
• Sales Representative
• Copy Editor