Power Apps misconfigured. Hacktivism in Iran? FBI warns of “OnePercent”. Poly Network’s alt-coins returned. Unhappy underworld?

Attacks, Threats, and Vulnerabilities

Hackers Leak Surveillance Camera Videos Purportedly Taken From Inside Iran’s Evin Prison (Zero Day) The reported breach comes weeks after computer systems belonging to Iran’s railway system were also hacked. The railway incident has been attributed to Iranian hacktivists.

FBI sends its first-ever alert about a ‘ransomware affiliate’ (The Record by Recorded Future) The US Federal Bureau of Investigations has published today its first-ever public advisory detailing the modus operandi of a “ransomware affiliate.”

FBI Reports on OnePercent Ransomware Delivered Through Phishing Emails (Armorblox) This blog summarizes the OnePercent Group ransomware delivered through phishing emails and lists attacker techniques used in the campaign.

PRISM attacks fly under the radar (AT&T Cybersecurity) Executive summary

AT&T Alien Labs has recently discovered a cluster of Linux ELF executables that have low or zero anti-virus detections in VirusTotal (see example in figure 1), though our internal threat analysis systems have flagged them as malicious.  Upon inspection of the samples, Alien Labs has identified them as modifications of the open-source PRISM backdoor used by multiple threat actors in various campaigns.

We have conducted further investigation of the samples and discover

By Design: How Default Permissions on Microsoft Power Apps Exposed Millions (UpGuard) 38 million records were exposed in multiple data leaks resulting from misconfigured Microsoft Power Apps portals. Data included sensitive information such as COVID-19 contact tracing data, COVID-19 vaccination appointments, social security numbers for job applicants, employee IDs, and millions of names and email addresses.

38M Records Were Exposed Online—Including Contact-Tracing Info (Wired) Misconfigured Power Apps from Microsoft led to more than a thousand web apps accessible to anyone who found them.

Microsoft platform leaked 38 million files from states, large businesses (StateScoop) The cybersecurity firm UpGuard found that a default setting in a product used to build apps and websites left troves of personal information easily accessible.

Microsoft Power Apps misconfigurations expose 38 million records (Computing) American Airlines, J.B. Hunt, and Ford were all affected

Hundreds of thousands of Realtek-based devices under attack from IoT botnet (The Record by Recorded Future) A dangerous vulnerability in Realtek chipsets used in hundreds of thousands of smart devices from at least 65 vendors is currently under attack from a notorious DDoS botnet gang.

Realtek SDK Vulnerabilities Exploited in Attacks Days After Disclosure (SecurityWeek) Mirai malware variant distributed in attacks exploiting Realtek SDK vulnerabilities. Attacks started a few days after disclosure of the flaws.

CISA Warns Organizations of ProxyShell Attacks on Exchange Servers (SecurityWeek) CISA over the weekend issued an alert to warn of malicious actors actively exploiting the recently disclosed Microsoft Exchange vulnerabilities named ProxyShell.

Multiple attempts to exploit Realtek vulnerabilities discovered by our researchers – SAM Seamless Network (SAM Seamless Network) An overview of device vulnerabilities, cyber threats, and IoT security recommendations based on data from 2M networks and 70M devices.

Phishing campaign uses UPS.com XSS vuln to distribute malware (BleepingComputer) A clever UPS phishing campaign utilized an XSS vulnerability in UPS.com to push fake and malicious ‘Invoice’ Word documents.

Poly Network says it has recovered all $610 million it lost in cryptocurrency heist (Engadget) One of the most unusual cryptocurrency heists in recent memory has come to a close..

A Hacker Stole and Then Returned $600 Million (Vice) The bizarre saga of the Poly Network heist is seemingly over after the company recovered all the stolen funds and is now in the process of returning them to its customers.

No Honor Among Thieves: Scamming the Scammers (Digital Shadows) There are criminals out there who are scamming their people. This blog will dive into the types of reverse scams observed in the cybercriminal underground.

Overmedicated: Breaking the Security Barrier of a Globally Deployed Infusion Pump (McAfee Blogs) Cyberattacks on medical centers are one of the most despicable forms of cyber threat there is. For instance, on October 28th, 2020, a cyberattack at the

Zoom RCE from Pwn2Own 2021 (Sector 7) On April 7 2021, Thijs Alkemade and Daan Keuper demonstrated a zero-click remote code execution exploit in the Zoom video client during Pwn2Own 2021. Now that related bugs have been fixed for all users (see ZDI-21-971 and ZSB-22003) we can safely detail the bugs we exploited and how we found them. In this blog post, we wanted to not only explain the bugs and our exploit, but provide a log of our entire process.

What’s *THAT* on my 3D printer? Cloud bug lets anyone print to everyone (Naked Security) That’s funny. I could have sworn I didn’t run a print job yesterday… but will you look at that?

JPMorgan Chase Bank Notifies Customers of Data Exposure (SecurityWeek) JPMorgan Chase Bank last week sent out notification letters to inform customers that their personal information might have been inadvertently exposed to other customers.

Nokia subsidiary SAC Suffers Data Breach Following Conti Ransomware Attack (Heimdal Security Blog) After being impacted by a Conti ransomware attack, the Nokia subsidiary SAC Wireless is now revealing it had suffered a data breach.

Phishing attack exposes medical information for 12,000 patients at Revere Health (St. George Spectrum & Daily News) A phishing email attack that breached Revere Health employees email exposed medical records 12,000 for 12,000 patients, but no financial infor was shared.

New Hampshire Town Loses $2.3M in Taxpayer Money to Cyberattack (NBC Boston) The town of Peterborough, New Hampshire, said Monday that it has lost $2.3 million in taxpayer dollars as the result of a cyberattack. “It pains us to inform the residents and taxpayers of Peterborough that, like so many other towns and cities, we have fallen victim to an internet-based crime that has defrauded our taxpayers of $2.3m,” Select Board Chairman…

Vulnerability Summary for the Week of August 16, 2021 | (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Security Patches, Mitigations, and Software Updates

Required 2-Step Verification for Creators in the YouTube Partner Program – YouTube Community (Google Support) Heads up – starting on November 1, 2021: YouTube will require all monetizing YouTube channels to enable 2-step verification (2SV).

CISA warns admins to urgently patch Exchange ProxyShell bugs (BleepingComputer) The US Cybersecurity and Infrastructure Security Agency (CISA) issued its first alert tagged as “urgent,” warning admins to patch on-premises Microsoft Exchange servers against actively exploited ProxyShell vulnerabilities.

Urgent: Protect Against Active Exploitation of ProxyShell Vulnerabilities (CISA) Malicious cyber actors are actively exploiting the following ProxyShell vulnerabilities: CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. An attacker exploiting these vulnerabilities could execute arbitrary code on a vulnerable machine.

New Data-Driven Study Reveals 40% of SaaS Data Access is Unmanaged, Creating Significant Insider and External Threats to Global Organizations Automated SaaS Security (DoControl) With millions of assets in SaaS applications, latest research from DoControl serves as a wake-up call to CIOs and CISOs and the enterprises they protect

Appsec Stats Flash (NTT Application Security) The state of application security is rapidly evolving and there is a need for a more frequent analysis of the threat landscape.

Remote working not led to an increase in IT downtime, claims research (Tech Digest) New research by Databarracks has revealed 27% of organisations experienced no unplanned IT downtime in the last 12 months

Claroty Biannual ICS Risk & Vulnerability Report: 1H 2021 (Claroty) Claroty’s research arm, Team82, today published its Biannual ICS Risk & Vulnerability Report, which analyzes vulnerabilities affecting industrial control systems, SCADA systems, and operational technology networks that were disclosed during the first half

Ransomware poses threat to vulnerable local governments (Washington Post) Ransomware is the invisible threat that’s sweeping the nation.


Elastic to Acquire build.security for Cloud Security Expansion (SecurityWeek) Elastic NV pushes further into cybersecurity with the announcement of plans to acquire early-stage Israeli startup build.security.

Hunters Raises $30 Million Round to Lead the Open Extended Detection and Response (XDR) Market (BusinessWire) Hunters today announced a $30 million Series B round led by Bessemer Venture Partners, with participation from existing investors YL Ventures, Blumber

Intel Lands Pentagon Deal to Support Domestic Chip Making (Wall Street Journal) Intel said it would provide commercial foundry services as part of a broader program with the government agency that aims to build up domestic design and production of cutting-edge chips.

Cyber insurance market encounters ‘crisis moment’ as ransomware costs pile up (CyberScoop) It’s a sure sign of trouble when leading insurance industry executives are worried about their own prices going up.

Tessian | Tessian partners with Optiv Security as part of the company’s move to a 100% channel model (RealWire) Human Layer Security company Tessian today announces that it is moving to a 100% channel model, partnering with leading cybersecurity partners like Optiv Security to help enterprises secure the human layer and protect against threats caused by human error

Aryaka Recognized in First Global Provider Carrier Managed SD-WAN LEADERBOARD by Vertical Systems Group (BusinessWire) Aryaka Recognized in First Global Provider Carrier Managed SD-WAN LEADERBOARD by Vertical Systems Group

ReliaQuest Announces New Corporate Headquarters at Thousand & One (BusinessWire) ReliaQuest, the leader in Open XDR-as-a-Service, today announced a new corporate headquarters at Thousand & One in Tampa, Florida. The new headqua

Consilient Appoints Shawn Holtzclaw as Company President (PR Newswire) Today, Consilient announced it appointed Shawn Holtzclaw to serve as the company’s president, effective immediately. Shawn Holtzclaw comes to…

Splunk Welcomes Pamela Fusco as Chief Information Security Officer (Splunk) Former U.S. Navy and Citibank Cybersecurity Veteran Joins Cloud Data Leader Splunk Inc. (NASDAQ: SPLK), provider of the Data-to-Everything Platform, today announced the appointment of Pamela Fusco as the company’s Chief Information Security Officer (CISO), effective immediately. With over 30 years

Products, Services, and Solutions

SNP Expands Portfolio with New SAP S/4HANA® Migration Solution for IBM Cloud (SNP) SNP Expands Portfolio with New S/4HANA® Migration Solution for IBM Cloud

Cowbell Cyber Delivers Industry’s First Distribution APIs For Instant Cyber Insurance Quoting and Policy Issuance (Cowbell Cyber) Cowbell Cyber, the industry’s first AI-powered cyber insurance provider for small to medium enterprises (SMEs), today announced the release of application programming interfaces (APIs) for streamlined digital distribution of cyber insurance.

Spyderbat Announces Full Suite of Attack Tracing and Intercept Product (PRWeb) Spyderbat, Inc., a trailblazer in Attack Tracing and Intercept (ATI), announces three ATI product versions – Community Edition, Professional Edition, and Ent

Spyderbat Announces Defend The Flag Challenges (PRWeb) Spyderbat Inc., a trailblazer in Attack Tracing and Intercept (ATI), announces Defend The Flag Challenges. Spyderbat aims to improve the skills of blue teams

HID Global Extends its HID IdenTrust Certificate Authority (CA) Offering to Include Timestamping-as-a-Service (HID Global) Binds Digital Certificates to Their Signing Date and Time

Sumo Logic Unveils Cloud SOAR Solution to Help Enterprises Modernize Their SOC (Sumo Logic) Sumo Logic Cloud SOAR Now Generally Available to Help Enterprises Modernize the SOC with Progressive Automation, Orchestration and Insightful Decision-Making

Centrilogic Introduces Expanded Cybersecurity and Managed Security Services Portfolio (GlobeNewswire News Room) Company Welcomes Security Industry Veteran Steven Cohen as Practice Lead…

Votiro Launches Solution that Allows Employees to Download Files from the Web without Risk or Hidden Threat (BusinessWire) Votiro releases a Secure File Gateway for Web Browser solution to sanitize files downloaded from Google Chrome and Microsoft Edge.

HYCU® Leads Public Service Initiative for Ransomware Recovery with R-Score (HYCU) R-Score is a public service to help organizations identify and measure their ability to effectively recover in the event of a ransomware attack.

Cameyo Introduces Secure Cloud Tunneling to Further Reduce the Attack Surface for Remote & Hybrid Work Without VPNs (Yahoo Finance) Cameyo, the company that provides simple and secure Virtual Application Delivery (VAD) for any Digital Workspace, today announced Secure Cloud Tunneling, a new technology that provides greater protection for organizations enabling remote & hybrid work by eliminating the need to open ports in their firewall – a practice that can increase exposure to hackers and ransomware. Cameyo’s Secure Cloud Tunneling expands upon its native Zero Trust security architecture and continues Cameyo’s tradition of

Fraud.net Named Top Performer in FeaturedCustomers’ Summer 2021 Fraud Prevention Software Customer Success Report (WFMZ.com) Fraud.net has been named a Top Performer in the Fraud Prevention Software category in the Summer 2021 Customer Success Report published by FeaturedCustomers.

Keyfactor Delivers Hybrid and Multi-Cloud PKI with New Cloud-Based Certificate Automation Service (Keyfactor) Keyfactor delivers hybrid and multi-cloud PKI with a new cloud-based certificate automation service. Learn more about it here.

BlackBerry Awarded AAA Rating in SE Labs’ Breach Response Test (PR Newswire) BlackBerry Limited (NYSE: BB; TSX: BB) today announced the results from SE Labs’ Breach Response test on BlackBerry® Protect and BlackBerry®…

Technologies, Techniques, and Standards

How a Public-Private Partnership Provided Benefits to Eligible Individuals and Saved Billions for One State (FedScoop) ID.me and the Arizona Department of Economic Security (DES) Partnered to Ensure Eligible Individuals Received Pandemic Unemployment Assistance (PUA) while Protecting Taxpayers and Combating Fraud

Design and Innovation

Apple already scans iCloud Mail for CSAM, but not iCloud Photos (9to5Mac) Apple has confirmed to me that it already scans iCloud Mail for CSAM, and has been doing so since 2019. It has not, however, been scanning …


Cybersecurity education and training partnership sets global precedent (Sierra Vista, Arizona) The City of Sierra Vista is launching a new partnership with U of A and Social-Engineer to give students real-world experience in social engineering techniques while improving City employees’ ability to recognize and avoid attempted cyber attacks.

Legislation, Policy, and Regulation

What a Taliban Government Will Look Like (Foreign Policy) Early indications suggest Afghanistan will be led by a 12-man council of criminals, terrorists, and the more pliant members of the former government.

Petraeus Questions U.S. Ability to Counter Terrorism After Afghanistan’s Fall (USNI News) The “harsh reality” of the fall of Afghanistan to the Taliban raises question on how closely Washington can keep an eye on Islamic extremism, David Petraeus, a former top commander in the Middle East and a former CIA director, said on Monday. “You seldom can go wrong by preparing for the worst,” the retired Army …

Apple’s Tim Cook, Microsoft’s Satya Nadella Plan to Visit White House (Bloomberg) Tech, energy, water and banking companies among invitees. White House meeting comes with cyberattacks on the rise.

Tech executives invited to meet President Biden on cybersecurity (Computing) It follows a recent spate of ransomware attacks on American entities, hampering services and logistics

Litigation, Investigation, and Law Enforcement

Report finds NSO Group’s spyware used on Bahraini activists (Washington Post) Nine activists from Bahrain had their iPhones hacked by advanced spyware made by the Israeli company NSO Group, the world’s most infamous hacker-for-hire firm, a cybersecurity watchdog reported on Tuesday.

The Cybersecurity 202: Election officials are tearing into the Maricopa County audit (Washington Post) Election administrators from both parties are making their case that the audit of the 2020 election results in Maricopa County, Ariz., was partisan and ham-handed, even before it’s released.

Proofpoint Entitled To $14M In Trade Secrets Case, Jury Says (Law360) A California federal jury has said Proofpoint Inc. was entitled to about $14 million after finding that a former employee and a French technology company misappropriated most of the trade secrets at issue in a suit relating to cybersecurity.