Wednesday, October 27, 2021
The Register

China Telecom booted out of USA as Feds worry it could disrupt or spy on local networks

FCC urges more action against Huawei and DJI, too The US Federal Communications Commission (FCC) has terminated China Telecom's authority to provide communications services in the USA.…
SecurityWeek

150 People Arrested in US-Europe Darknet Drug Probe

Law enforcement officials in the U.S. and Europe have arrested 150 people and seized more than $31 million in an international drug trafficking investigation stemming from sales on the darknet, the Justice Department said Tuesday. read more

Free Tool Helps Security Teams Measure Their API Attack Surface

Data Theorem's free API Attack Surface Calculator helps security teams understand potential API exposures.

SquirrelWaffle Loader Malspams, Packing Qakbot, Cobalt Strike

Say hello to what could be the next big spam player: SquirrelWaffle, which is spreading with increasing frequency via spam campaigns and infecting systems with a new malware loader.

North Korea's Lazarus Group Turns to Supply Chain Attacks

State-backed group is among a growing number of threat actors looking at supply chain companies as an entry point into enterprise networks.

Ready to Play? Squid Game Becomes an Attractive Lure to Spread Cyberthreats

Following demand from viewers, cybercriminals are not shy in taking advantage of fans’ eagerness to watch the show, with well-known fraud schemes hitting the web.

This AI predicts how old children are. Can it keep them safe?

Yoti’s tech may be enticing for Big Tech companies: It works out if you’re under or over 13, the age most social media platforms require to create an account.

Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure

Much is made of shared responsibility for cloud security. But Oliver Tavakoli, CTO at Vectra AI, notes there's no guarantee that Azure or AWS are delivering services in a hardened and secure manner.

IBM Announces Advances and New Collaborations in AI-Powered Automation, 5G Connectivity and Security at Mobile World Congress Los Angeles

IBM collaborates with Boston Dynamics, Cisco, Palo Alto Networks and Turnium Technology Group to help equip businesses in next phase of digital transformation.

CISA Announces Appointment of Washington Secretary of State Kim Wyman as Senior Election Security Lead

As an expert on elections, her appointment speaks to the Agency’s dedication to working with election officials throughout the nation in a non-partisan manner to ensure the security and resilience of our election infrastructure.

Dark Web Drug Busts Lead to 150 Arrests

Operation Dark HunTor spanned eight countries—and put the focus on sellers more than marketplaces.

Gas Stations in Iran Downed by Cyberattack

Unknown attackers hijacked gasoline pump machines and defaced them with a message that reportedly included a phone number for Supreme Leader Ayatollah Ali Khamenei's office.

BrandPost: Secure SD-WAN Improves Network Protection in Fuel Distribution System

Customer PerspectivesA petroleum distribution business developed innovative ideas for increasing customer loyalty, but it needed to upgrade its technology infrastructure to bring those concepts to life.The company, which operates several hundred full-service gas stations, wanted to provide direct internet...
Infosecurity Magazine

State Department to Form Cyber Bureau

State Department to Form Cyber BureauThe United States is planning to create a new government department that will deal with matters of digital policy and cybersecurity.  On Monday, Secretary of State Tony Blinken announced plans for the State Department to...
Security Affairs

Expert managed to crack 70% of a 5,000 WiFi network sample in Tel Aviv

A researcher from the security firm CyberArk has managed to crack 70% of Tel Aviv’s Wifi Networks starting from a sample of 5,000 gathered WiFi. CyberArk security researcher Ido Hoorvitch demonstrated how it is possible to crack WiFi at scale...
The Register

These couldn’t wait for Patch Tuesday: Adobe issues bonus fixes for 92 security holes in 14 products

It's 2021 and of course code with classic buffer overflows is still shipping A mere two weeks after its most recent set of security patches, Adobe has issued another 14 security bulletins covering 92 CVE-listed bugs.…

Cybersecurity Talent Gap Narrows as Workforce Grows

Job satisfaction and salaries have both increased for cybersecurity professionals, as younger workers seek specific training to prepare for a cybersecurity career.

Lazarus Attackers Turn to the IT Supply Chain

Kaspersky researchers saw The North Korean state APT use a new variant of the BlindingCan RAT to breach a Latvian IT vendor and then a South Korean think tank.
IBM Security

Data Security: How Data Activity Monitoring Protects Against Ransomware

Ransomware is an attack on your data. Can you say that your approach to preventing ransomware is focused on data? Organizations are becoming more aware of the chaos that ransomware can create — to the tune of $4.62 million...
Infosecurity Magazine

150 Arrested Over Darknet Drug Trafficking

150 Arrested Over Darknet Drug TraffickingAn international law enforcement action has led to the arrest of 150 individuals worldwide on suspicion of buying or selling illicit goods on the dark web.  Operation Dark HunTor involved the combined effort of police forces...
F5 Networks

Grafana vulnerability CVE-2021-39226

Grafana vulnerability CVE-2021-39226 Security Advisory Security Advisory Description Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated ...
DHS

Fuji Electric Tellus Lite V-Simulator and V-Server Lite

This advisory contains mitigations for Stack-based Buffer Overflow, Out-of-bounds Write, Untrusted Pointer Dereference, Out-of-bounds Read, Access of Uninitialized Pointer, and Heap-based Buffer Overflow vulnerabilities in Fuji Electric Tellus Lite V-Simulator and V-Server Lite remote monitoring and operation software.
MSRC

We’re Excited to Announce the Launch of Comms Hub!

We are excited to announce the launch of Comms Hub to the Researcher Portal submission experience! With this launch, security researchers will be able to streamline communication with MSRC case SPMs (case managers), attach additional files, track case and...
F5 Networks

Apache HTTP server vulnerability CVE-2021-39275

Apache HTTP server vulnerability CVE-2021-39275 Security Advisory Security Advisory Description ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included ...