Lazarus Group phishes for hacking tools. Rockethack’s odd position in the C2C market. CISA’s holiday advice. SEC scam warning.

Attacks, Threats, and Vulnerabilities

North Korean Hackers Caught Snooping on China’s Cyber Squad (The Daily Beast) North Korean hackers are under fierce pressure to raise revenue to fund regime goals. Now they’re trying to spy on Chinese security researchers to get better hacking tools.

Void Balaur explained—a stealthy cyber mercenary group that spies on thousands (CSO Online) Unlike other groups, Void Balaur will target individuals and organizations in Russian-speaking countries and seems to have intimate knowledge of telecom systems.

APT41’s cyber attack methods are a blueprint for hacker groups- TechHQ (TechHQ) APT41’s cyberattack methods is becoming the blueprint for other hacker groups to launch attacks on the supply chain and other industries as well.

Reminder for Critical Infrastructure to Stay Vigilant Against Threats During Holidays and Weekends (CISA) As Americans prepare to hit the highways and airports this Thanksgiving holiday, CISA and the Federal Bureau of Investigation (FBI) are reminding critical infrastructure partners that malicious cyber actors aren’t making the same holiday plans as you. Recent history tells us that this could be a time when these persistent cyber actors halfway across the world are looking for ways—big and small—to disrupt the critical networks and systems belonging to organizations, businesses, and critical infrastructure. 

New ‘SharkBot’ Android Banking Malware Hitting U.S., UK and Italy Targets (SecurityWeek) A newly discovered Android banking trojan has been observed targeting international banks and five different cryptocurrency services.

Github cookie leakage – thousands of Firefox cookie files uploaded by mistake (Naked Security) Be aware before you share! That’s a good rule for developers and techies, just as much as it is for social media addicts.

Space cyber wargame exposes satellite industry risks (README) Space industry executives grappled with a simulated crisis Monday as a hacker compromised a satellite and set it on a collision course.

US SEC warns investors of ongoing govt impersonation attacks (BleepingComputer) The Securities and Exchange Commission (SEC) has warned US investors of scammers impersonating SEC officials in government impersonator schemes via phone calls, voicemails, emails, and letters.

Beware of Communications Falsely Appearing to Come from the SEC – Investor Alert (US Securities and Exchange Commission) The SEC’s Office of Investor Education and Advocacy is issuing this Investor Alert to warn you of communications – including phone calls, voicemails, emails, and letters – that may falsely appear to be from the SEC.  

LinkedIn Fakes: A Wolf in Business Casual Clothing (@hatless1der | Blog) Nobody wants to believe they’ll fall for a scam. Especially not any of you, my intelligent, savvy, and OPSEC-conscious friends! Your radar is always on and carefully protecting your personal …

Dangerous ‘Joker’ Apps Steal Cash, Spy on Users, and Read Texts | Here’s a List of the 13 Malicious Apps (Tech Times) A malware analyst released a list of 13 apps that could steal users’ money, spy on them, and even read and send texts. Learn more.

Iran’s Mahan Air Says It Foiled Cyber Attack on Systems (Bloomberg) Iranian airline Mahan Air foiled a cyber attack targeting the company’s “internal systems” on Sunday, a spokesman said on state TV.

Iranian private airline Mahan Air ‘foils cyber attack’ (The National) The carrier’s internal system was the target of the attack, state media reported

Iran’s top private airline Mahan Air foils cyberattack (Daily Sabah) Iran’s second-largest airliner experienced a cyberattack which disrupted access to Mahan Air, reports said Sunday. Mahan Air’s website displayed…

Iran’s Mahan Air says it foiled cyber attack on systems (AJOT) Iranian airline Mahan Air foiled a cyber attack targeting the company’s “internal systems” on Sunday, a spokesman said on state TV.

Riviera Utilities hit by cyber attack affecting email systems (FOX10 News) Riviera Utilities was hit with a cyber attack targeting its email systems but company officials told FOX10 News on Friday that no other systems were

Vestas hit by cyber security incident, shuts some IT systems (Reuters) Vestas has been hit by a cyber security incident and has shut down its IT systems across multiple business units and locations to contain the issue, the world’s largest maker of wind turbines said on Saturday.

Vestas data ‘compromised’ by cyber attack (Reuters) Wind turbine maker Vestas on Monday said the cyber attack it reported at the weekend has affected parts of its internal IT infrastructure and that data has been “compromised”.

Russian cyber gang dumps NHS records on the ‘dark web’ (Mail Online) Highly sensitive medical records including details of abortions, HIV tests and mental health issues have been leaked online after a major cyber attack against British data storage company Stor-A-File.

Where could information stolen in the N.L. cyberattack go? A data privacy expert weighs in | CBC News (CBC) With confirmation from government officials that data was taken from Newfoundland and Labrador’s regional health authorities in last month’s cyberattack, a data privacy consultant provides some insight on where the data could go.

DESE offering help to teachers concerned by possible data breach (Daily Journal Online) The Department of Elementary and Secondary Education (DESE), in conjunction with Missouri’s Office of Administration Information Technology Services Division (OA-ITSD), has sent letters to certificated educators across the state whose

At least 3 Quad-Cities municipalities have fallen victim to cyber attacks. Experts say they are common, but can be prevented. (The Quad-City Times) Scammers pretending to be Brandt Construction emailed a city of Rock Island accountant to update automatic payment information. After the fraudsters returned a form, the accountant called their company contact

Brazilian Software Company Leaks Extensive Visitor Data (SafetyDetectives) The SafetyDetectives research team discovered a significant data leak affecting the Brazilian software company WSpot. WSpot provides a WiFi management solution

Now You Too Can Enlist Your Own Cyber-Thief, But Check Your Pockets (NTD) Want to hack your ex-spouse’s cellphone? Steal the private passwords to get dirt on your annoying neighbors? How …

Security Patches, Mitigations, and Software Updates

IBM tells POWER8 owners: the end is nigh for upgrades (Register) If you want more memory or internal storage, ordering before April 2022 is wise

Meta delays encrypted messages on Facebook and Instagram to 2023 (the Guardian) Move comes as child safety campaigners express concern plans could shield abusers from detection

Intelligence Insights: November 2021 (Red Canary) Compromised NPM package distributes cryptominer, TR delivers SquirrelWaffle, and Gamarue rises up the threat ranks.

New E-Commerce Cybersecurity Guide Helps Brands be Proactive This Holiday Shopping Season (RiskIQ) By now, it’s clear that threat actors are targeting the e-commerce holiday shopping season. In our 2020 Holiday Shopping Threat report, RiskIQ researchers found hundreds of threats against the ten-most trafficked e-commerce sites in the U.S. and U.K., including phishing, domain infringement, malicious mobile apps, and scams.

An E-commerce Guide: 12 Ways to Unmask Cyber Threats This Holiday Shopping Season (RiskIQ) This Holiday Shopping Season, Threat Actors Look For a Haul


API security ‘arms race’ heats up (VentureBeat) API security needs to become a bigger focus for enterprises, as more businesses become digitally oriented and API attacks increase rapidly.

Schwarz Group Acquires Israeli Hybrid Cloud Cybersecurity Innovator XM Cyber (PR Newswire) Schwarz Group, the world’s fourth-largest retailer and a growing force in cloud computing, today announced the acquisition of XM Cyber. With…

The backbone IT company of Russia enters the information security market, competing with Infowatch and Rostelecom-Solar (TGSL) SKB Kontur, a developer of online services for accounting and business, enters the information security market. The company acquired 80% of the developer of programs for the protection of corporate data “Atom Security”. Now SKB Kontur will compete with Natalya Kasperskaya’s Infowatch, Serchinform, Rostelecom-Solar.

Triangle cybersecurity firm SilverSky lands $31.5M, plans worldwide expansion (WRAL TechWire) Its financial strength bolstered by a new $31.5 million investment, Triangle-based SilverSky plans to expand cybersecurity offerings worldwide. 

China’s burned-out tech workers are fighting back against long hours (MIT Technology Review) A viral online project helped expose the punishing 996 work schedule—and shows how hard it is to make progress against it.

Palantir: Is this Polarizing Company a Powerhouse? (Nasdaq) If you have been a Palantir (PLTR) shareholder like myself over the past few months, I salute you because we have definitely been on a wild ride. While many treat Palantir as a meme stock, anybody who’s researched the company’s capabilities knows that Palantir is a high-quality company with high-quality revenues.

Darktrace’s Poppy Gustafsson Wins ‘CEO of the Year’ at 2021 Digital Masters Awards (Cambridge Network) Darktrace, a global leader in cyber security AI, has announced that CEO Poppy Gustafsson OBE has received the ‘CEO of the Year’ award at the Digital Masters Awards, her second award this month.

Daniel Ragsdale, Greg Bitel Appointed to Two Six VP Roles (GovCon Wire) Looking for the latest GovCon News? Check out our story: Daniel Ragsdale, Greg Bitel Take VP Roles at Two Six. Click to !

Products, Services, and Solutions

DuckDuckGo Wants to Stop Apps From Tracking You on Android (WIRED UK) The privacy-focused tech company’s latest update promises to block invasive data collection across your whole phone. and Sterling Launch In-Person Identity Verification Service to Streamline Access to Government Services Nationwide (PR Newswire) /PRNewswire/ —, the leading secure digital identity network used by 64 million individuals, today announced the launch of an in-person identity…

Plurilock’s Aurora Systems Enters Authorized Reseller Agreement with BeyondTrust (MarketScreener) Plurilock Security Inc. and related subsidiaries , an identity-centric cybersecurity solutions provider for workforces, announced that its wholly owned subsidiary,… | November 20, 2021

AT&T Cybersecurity Launches New Managed Solution to Help U.S. Federal Agencies Modernize and Protect their IT Infrastructure (Yahoo Finance) What’s the news? AT&T* has launched an integrated, managed cybersecurity solution to help U.S. federal agencies modernize and protect their IT infrastructure in compliance with Trusted Internet Connection (TIC) 3.0 cybersecurity guidance. AT&T Government Trusted Internet brings together software-defined wide area networking (SD-WAN) technology, security capabilities and fiber connectivity in a 24/7 managed solution through a single provider. The comprehensive, scalable solution integrates with t

BlackBerry Ranked Best New Endpoint Protection Solution By SE Labs (BlackBerry) BlackBerry Limited today announced that SE Labs has rated BlackBerry as the best new endpoint security offering of 2021.

The Code42 Incydr Product Protects Salesforce Customer, Pricing and Pipeline Data from Malicious and Unintentional Insider Risks (Businesswire) The Code42 Incydr product now detects when reports are exported from an organization’s Salesforce instance to an untrusted destination.

Group Salus Launches Beta Version of PreTector Cybersecurity Incident (PRWeb) Group Salus, developers of an artificial intelligence-based cybersecurity incident mitigation and response system for small and medium sized business (SMBs) and

Technologies, Techniques, and Standards

Tor Project sees decline in server numbers, will offer rewards for new bridge operators (The Record by Recorded Future) The Tor Project said this week that it has seen a drop in the number of Tor relays and bridge servers and is now offering various rewards to users who help bring the number back up.

The Infrastructure Dependency Primer (CISA) Welcome to the Infrastructure Dependency Primer. This tool is a supplement to the Infrastructure Resilience Planning Framework and is intended to help state and local planners better understand how infrastructure dependencies can impact risk and resilience in their community and incorporate that knowledge into planning activities. It provides a foundation for understanding critical infrastructure, identifying dependencies, and improving system resilience through planning. It is organized into three primary sections:

Can Time Be Hacked? Here’s How One Hacker Demonstrated It Can (Forbes) Cher sang about manipulating it while Doctor Who dramatized it. This hacker went one better and did it. Here’s how time got hacked.

Design and Innovation

Software Supply Chains: Turns Out All You Need to Trust is Caffeine and Cats (Atlantic Council) In the first episode of The Cyber Moonshot, we invite you to join us a few hundred years from now, in a quaint little food court on the surface of the moon. As we explore the lives and foibles of the lunar inhabitants, we will also explore the complexities and absurdities of cybersecurity. From software supply chains to smart homes to phishing, we will pull common cyber headaches and lessons away from the abstract or technical and firmly into a world where cats can sense trust and the cloud has a sentience of their own.

I Made the World’s Blandest Facebook Profile, Just to See What Happens (The Atlantic) My new Facebook account had the most generic interests possible, and still it brought me to a place no one should ever have to go.

The Department of Defense is issuing AI ethics guidelines for tech contractors (MIT Technology Review) The controversy over Project Maven shows the department has a serious trust problem. This is an attempt to fix that.

How Twitter got research right (Platformer) While other tech giants hide from their internal researchers, Twitter is doing its failing — and fixing — in public


Norwich receives $18.5 million grant to lead DOD Cyber InstituteNorwich receives $18.5 million grant to lead DOD Cyber Institute (Vermont Biz) Since 1999, Norwich University has dug deep into cyber security education. In September, the University received a grant to lead the Department of Defense Cyber Institute, which trains students in cybersecurity.

Northrop Grumman commits $12.5 million to Virginia Tech initiative (Roanoke Times) Global aerospace and defense company Northrop Grumman is making a $12.5 million commitment to Virginia Tech’s quantum information science and engineering.

Legislation, Policy, and Regulation

Russia preparing to attack Ukraine by late January: Ukraine defense intelligence agency chief (Military Times) Russia is building toward the ability to carry out an attack on Ukraine, the head of it’s defense intelligence agency told Military Times.

U.S. Intel Shows Russia Plans for Potential Ukraine Invasion (Bloomberg) Vladimir Putin’s actual intentions on Ukraine remain unclear. Intel shows readiness for quick, large-scale move into Ukraine.

France Warns of ‘Grave Consequences’ If Russia Invades Ukraine (Bloomberg) Le Drian says important to find a way to work together. Putin should rather use his influence on Belarus: Le Drian.

Russia Won’t Let Ukraine Go Without a Fight (Foreign Affairs) Moscow threatens war to reverse Kyiv’s pro-western drift.

NATO seeks collaboration with cyber security suppliers (Shephard Media) Framework agreement covers contracts worth up to €30 million in total across multiple NATO projects.

Data rules for machine learning: How Europe can unlock the potential while mitigating the risks (Atlantic Council) Artificial intelligence (AI) will increasingly shape societies and the global economy. Machine learning—which is responsible for the vast majority of AI advancements—is enhancing the way businesses and governments make decisions, develop products, and deliver services. How will the European Union unlock the potential of AI, while mitigating the risks?

Secretive Chinese committee focused on the “main economic battlefield” of tech (The Record by Recorded Future) China’s Politburo provided for the first time detail on the work of a secretive body whose purpose is to focus on what China called the “main economic battlefield” of technology.

US, China in ‘Early Stages’ of Possible Talks on Nukes, Cyberspace (VOA) But a top US security official warns that Beijing is already pushing back, saying Washington’s actions are causing it ‘heartburn’

Personal data protection law on the cards (Brecorder) The Ministry of Information Technology and Telecommunication has finalised the “Personal Data …

Israel must stop arming brutal regimes. It’s a Jewish imperative | Opinion (Haaretz) When Israeli weapons are placed, with government approval, into the hands of known human rights violators, Israel destroys its credibility as a moral actor: Making enemies of those fighting for freedom and democracy while betraying basic Jewish values

The House passes Biden’s $1.7 trillion budget plan, with millions in cybersecurity spending (The Record by Recorded Future) The House on Friday voted along mostly party lines to approve President Joe Biden’s $1.7 trillion social and climate change legislation, which devotes millions to cybersecurity programs throughout the federal government.

Biden signs infrastructure bill that provides nearly $2 billion for cybersecurity – CyberScoop (CyberScoop) Presdent Joe Biden signed a $1 trillion infrastructure bill into law on Monday that includes nearly $2 billion for cybersecurity and related provisions. The biggest piece of digital security funding is a Federal Emergency Management Agency cyber grant program, administered in consultation with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, that would distribute $1 billion over four years to state and local governments.

Cybersecurity experts say $2 billion is too little, too late (Popular Science) The question remains: Is it enough to actually improve the status quo, and counter threats from Russia and China? Experts are skeptical.

Agencies entering ‘execution’ phase of Biden’s cyber executive order (Federal News Network) Agencies have seen a deluge of new guidance and standards, but a top White House cyber official says it’s time to execute on the EO’s goals.

‘What’s at stake is obviously the security of our nation,’ NSA chief says of defending US from cyberattacks (ABC News) Every day there are millions of attempts to scan America’s cyber networks from foreign adversaries, Director of the National Security Agency Paul Nakasone says.

Top national security officials stress need for collaboration in cyberspace (ABC News) Cyber Command has over 2,000 military personnel from soldiers to civilians who are focused on securing the nation from foreign threat actors.

The Amazon lobbyists who kill U.S. consumer privacy protections (Reuters) Amazon has amassed a vast storehouse of consumer data. Internal documents reveal how it built a lobbying juggernaut that gutted privacy legislation in two dozen states.

Federal health critic calls out Ottawa for lack of help during N.L. cyberattack (CBC) Don Davies, a British Columbia member of parliament and the health critic for the New Democratic Party, called the federal response to the cyberattack “totally deficient,” saying more should be done to assure Canadians that medical systems are safe.

NYC aims to be first to rein in AI hiring tools (AP NEWS) Job candidates rarely know when hidden artificial intelligence tools are rejecting their resumes or analyzing their video interviews. But New York City residents could soon get more say over the computers making behind-the-scenes decisions about their careers.

Litigation, Investigation, and Law Enforcement

Treasury Sanctions Iran Cyber Actors for Attempting to Influence the 2020 U.S. Presidential Election (U.S. Department of the Treasury) Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated six Iranian individuals and one Iranian entity pursuant to Executive Order (E.O.) 13848, “Imposing Certain Sanctions in the Event of Foreign Interference in a United States Election,” for attempting to influence the 2020 U.S. presidential election.

Singapore fines hotel booking site for leaking 5.9m records (Register) left red-faced after leaving AWS access key in an APK

After RBL, police suspect data of SBI and Axis is at risk (The Hindu) Police said that the fraudsters had updated data of the thousands of customers who received new credit cards and it was a bank’s insider who is the architect of this whole fraud.

WSJ News Exclusive | Iranian Hackers Broke Into Newspaper Publisher Lee Enterprises Ahead of 2020 Election (Wall Street Journal) Computer systems of Lee Enterprises, which owns dozens of daily papers, were targeted in a disinformation campaign, say people familiar with case.

Attempted breach of Ohio county election network draws FBI and state scrutiny (Washington Post) Federal and state investigators are examining an attempt to breach an Ohio county’s election network that bears striking similarities to an incident in Colorado earlier this year, when government officials helped an outsider gain access to the county voting system in an effort to find fraud.

Ohio County ‘Shocked’ After Mike Lindell Event Shares Its Computers’ Data, Spurs FBI Probe (Newsweek) An Ohio county was “shocked” after screen shots from its computer system were shared at MyPillow founder Mike Lindell’s cyber symposium in August to promote baseless claims of election fraud.

Feds Probe Lindell Associate’s Link to Ohio Election-Data Breach (The Daily Beast) The attempted incursion led to data being downloaded and disseminated at a symposium backed by the MyPillow tycoon.

Indonesia probe police hack in latest cyber breach (Reuters) Indonesian police are investigating claims by a hacker who said this week they have stolen personal data of thousands of police officers, the latest in a spate of cyber attacks that has highlighted the country’s digital vulnerabilities.

US prosecutor demands emails from Darktrace following Mike Lynch fraud case (CityAM) US authorities are attempting to force Darktrace to hand over emails and documents following the ongoing fraud case against technology entrepreneur Mike Lynch.

Focus on Darktrace in Lynch fraud case (Times) The boss of Darktrace is facing a request from the US government to hand over emails and documents as it seeks to build a fraud case against Mike Lynch, the FTSE 100 cyber company’s founding investor.

Darktrace chiefs face US prosecutor demand for Mike Lynch emails (The Telegraph) Officials are investigating conspiracy and fraud allegations over the £7bn Autonomy sale to Hewlett Packard completed ten years ago

Identifying hacker Pompompurin: Fallout from the FBI email server hoax (Shadowbyte) The blog provides identification and attribution for the hacker Pompompurin, who is responsible for hacking the FBI email server, and more.

Complaining about Canada’s alleged failure to extradite someone makes no sense when there’s no request to extradite ( Yesterday, reported on a hoax email sent from a government system by an individual who calls himself “Pompompurin” on Twitter…

Nordstrom latest hit by flash mob robberies targeting Louis Vuitton, designer stores (Newsweek) Upwards of 80 people were seen flooding out of the store with bags filled with designer items.