Hello readers!
In today's Inside Security, our premium content includes:
- SECURITY FUNDING: A summary of the latest security funding news, including Ping's $4.7M purchase of blockchain startup ShoCard.
- PATCH WATCH: The latest patches from Cisco, IBM, Google, and more.
On Thursday, don't miss my SECURITY TRENDS and PODCAST NOTES features for premium subscribers.
If you'd like to read this premium content, Inside Security is offering a 14-day free trial, so you can sample the perks paid readers enjoy and see if you like it. To sign up for the trial, click here.
Stay safe!
|
Fred
|
|
|
|
SECURITY FUNDING:
Onapsis (Boston, Mass.), an application cybersecurity and compliance startup: $55M in Series D funding led by Caisse de dépôt et placement du Québec and NightDragon with participation from .406 Ventures, LLR Partners, and Arsenal Venture Partners. To date, the startup has raised...
ShoCard (Cupertino, Calif.), a blockchain-based consumer identity management startup: $4.7M from Ping, which acquired the startup. ShoCard founder Armin Ebrahimi has been named...
To read more, click here to upgrade to premium!
|
|
A hacker group is exploiting the Microsoft Windows Error Reporting (WER) service to carry out file-less "Kraken" attacks, warned Malwarebytes security researchers. The malware buries itself in WER-based executables to evade detection. The attackers send a spearphishing attack with a bogus worker's compensation document. If the recipient clicks on it, it triggers a malicious macro that launches a file-less attack.
More:
- Malwarebytes believes the hacking group is a Vietnamese APT.
- WER is a feedback mechanism intended to gather data about hardware and software problems that Windows detects.
- The malicious macro used in the attack employs a modified version of CactusTorch VBA module to execute its shellcode.
ZDNET
|
|
Apple's T2 security chip on Macs can be hacked, and the flaw can't be patched, according to researchers. A successful attack on the chip requires two exploits used for jailbreaking iOS devices, Checkm8 and Blackbird, because T2 is based on the iPhone's A10 chip. The attack uses code in the read-only memory section of the chip, which means it is not patchable.
More:
- The T2 chip is installed alongside the main Intel CPU on Apple desktops, including the iMac, Mac Pro, and Mac mini, as well as Macbooks.
- Security firm IronPeak warned that Macs built since 2018 "are no longer safe to use if left alone," even if the power is off.
- IronPeak noted that once attackers get access to the T2 chip, they have full root access and kernel execution privileges.
- 9to5 Mac stressed that the risk to Mac users is low because an attacker needs physical access to the computer.
9TO5 MAC
|
|
PATCH WATCH:
Qualcomm patched seven critical bugs in its BT Controller, data network stack and connectivity, and data modem, as well as 14 high-severity bugs in BT Controller and other products.
To receive the full list of security patches and receive this feature weekly, start your FREE 14-day trial of premium!
|
|
ZeroFox has purchased Cyveillance, a threat intelligence firm, from LookingGlass Cyber Solutions for an undisclosed consideration. ZeroFox plans to combine Cyveillance's threat intelligence capabilities with its digital risk protection platform.
More:
- Baltimore-based ZeroFox said it is using acquisitions as "multipliers" in its growth strategy.
- Cyveillance offers digital risk protection services, a data lake repository, finished intelligence, and investigation, analysis, and response services.
- Gilman Louie, executive chairman of LookingGlass, will join the ZeroFox board of directors.
BALTIMORE BUSINESS JOURNAL
|
|
Attackers are using an upcoming IRS deadline for COVID-19 relief applications as a phishing lure to steal data from U.S. users. The malicious email contains a link to a compromised SharePoint form that asks for Social Security, driver's license, and tax ID numbers. The use of SharePoint enables the attackers to bypass email gateways, explained Chetan Anand, co-founder of Armorblox.
More:
- The IRS has given American taxpayers who haven't received their COVID-19 relief payment yet until Nov. 21 to apply.
- The compromised SharePoint account used in the attack belongs to an employee of the Reproductive Medicine Associates of Connecticut.
- To avoid falling for phishing scams, Anand recommends that users be wary of personal data sharing requests out of context, subject sensitive emails to "rigorous eye tests," and augment email security with threat detection.
THREATPOST
|
|
The Financial Industry Regulatory Authority (FINRA) is warning brokerage firms about widespread phishing campaigns exploiting surveys to steal data. The phishing emails are being sent from a bogus domain, regulation-finra.org, which looks like a legitimate FINRA domain. The scammers ask recipients to provide information to update FINRA's conduct and supervisory rules.
More:
- FINRA is a government-authorized not-for-profit organization that oversees U.S. brokerage firms.
- The agency has asked the Internet domain registrar NameCheap to suspend services from the bogus domain.
- FINRA recommends that firms verify the legitimacy of suspicious emails before responding to them, opening any attachments, or clicking on embedded links.
BLEEPING COMPUTER
|
|
A CyberArk researcher has uncovered bugs in security products from ten cybersecurity vendors. The flaws could enable a hacker to launch an escalation of privileges campaign using symbolic link (symlink) attacks or dynamic link libraries (DLL) hijacking. The vendors have all patched the vulnerabilities since being informed by the researcher about the flaws.
More:
- The ten vendors are Kaspersky, McAfee, Symantec, Fortinet, Checkpoint, Trend Micro, Avira, Microsoft, Avast, and F-Secure.
- A symlink attack involves specially crafted links that can be used to write, modify, or delete files.
- DLL hijacking enables a hacker to exploit Windows applications search and load malicious DLLs.
FOR MORE PATCH NEWS, CHECK OUT MY PATCH WATCH FEATURE IN THIS ISSUE. IF YOU'D LIKE TO READ THE FEATURE, upgrade to premium!
SECURITY WEEK
|
|
Iranian APT group Mercury is actively exploiting the Zerologon vulnerability in Windows Server, warned Microsoft Security Intelligence. Microsoft issued a patch for the Zerologon bug in its August Patch Tuesday update and added the bug to its Defender security tool. The flaw, located in the Windows Netlogon Remote Protocol, could enable an attacker to become a domain administrator of an enterprise network.
More:
- Microsoft recently provided guidance to administrators on how to mitigate the Zerologon vulnerability through a multi-step process.
- The Cybersecurity and Infrastructure Security Agency instructed federal agencies to patch the vulnerability by Sept. 22.
- Cisco Talos warned that attacks against the Zerologon bug were on the rise.
DARK READING
|
|
QUICK HITS:
- The Cellmate smart male chastity device is vulnerable to being locked by hackers, researchers warned.
- Attackers compromised Chowbus, a mobile Asian food delivery service, and stole customer data.
- The Cybersecurity Infrastructure Security Agency is warning state and local governments about an increase in Emotet trojan phishing attacks.
- Nuisance distributed denial-of-service attacks targeting the gaming industry are on the rise.
- See how leading sales teams are solving their challenges of selling remotely.*
- Top executives from Netflix, Calm, T-Mobile, and Okta discuss identity access management. Don’t miss the event. Sign up here.*
*This is a sponsored post.
We're hiring! Check out our available positions:
|
|
|
|
Fred Donovan is a professional writer, editor, and content specialist with decades of experience, most recently in the areas of information technology and cybersecurity. He has written for such publications as HealthITSecurity.com, FierceITSecurity, InfoSecurity Magazine, Report on Patient Privacy, TechGenix, and NetDefense. Fred has a B.A. from Harvard University in government and an M.S. in national security from Georgetown University.
|
|
Editor
|
Sheena Vasani is a journalist and UC Berkeley, Dev Bootcamp, and Thinkful alumna who writes Inside Dev and Inside NoCode.
|
|