Code Deployed Prevents Detection and Kills Competition
Researchers at Trend Micro have discovered threat actors deploying malicious code that targets Huawei Cloud and removes defensive applications and services. The malicious codes, they say, disable the hostguard service that detects security issues, protects the system and monitors the agent.

https://www.inforisktoday.co.uk/trend-micro-linux-malware-targets-huawei-cloud-a-17714

Profit Projections Down £25 Million, Revenue Deferrals Put At £50 Million
A ransomware attack on Scottish multinational engineering firm Weir Group led to several ongoing but temporary disruptions including engineering, manufacturing and shipment rephrasing, hitting profits despite no ransom being paid.

https://www.inforisktoday.co.uk/ransomware-attack-hits-engineering-giant-weir-group-a-17710

Company Outlines Added Security for High-Profile Users, Announces 2FA Enrollment
Some 14,000 Google users were warned of being suspected targets of Russian government-backed threat actors on Thursday. The next day, the tech giant announced cybersecurity updates - particularly for email accounts of high-profile users, including politicians and journalists.

https://www.inforisktoday.co.uk/google-says-russian-apt-targeting-journalists-politicians-a-17708

Microsoft: 58% of Attacks Reported Worldwide Originated From Russia
Microsoft, in its annual threat review report, Digital Defense, says 58% of cyberattacks worldwide over the past year originated in Russia. And 92% of the Russia-based threat activity came from the nation-state threat group Nobelium.

https://www.inforisktoday.co.uk/nobelium-makes-russia-leader-in-cyberattacks-a-17705

Officials and Experts Debate Legality, Diplomatic Ramifications of the Statement
The Dutch government says it may use intelligence agencies or military services to counter cyberattacks - including ransomware attacks - that threaten the country’s national security. This comes in a letter from Dutch Minister of Foreign Affairs Ben Knapen in response to a parliamentary inquiry.

https://www.inforisktoday.co.uk/netherlands-says-armed-forces-may-combat-ransomware-attacks-a-17703

Erik Decker, CISO of Intermountain Health, on Ways to Bolster Security Posture
A federal law signed earlier this year amending the HITECH Act could help incentivize many healthcare sector entities to bolster their cybersecurity programs, says federal adviser Erik Decker, CISO of Intermountain Health, who suggest other incentives, as well.

https://www.inforisktoday.co.uk/efforts-to-incentivize-healthcare-sector-cyber-investments-a-17704

US Breach Notification Transparency Declining, Identity Theft Resource Center Warns
The number of breach reports filed by U.S. organizations looks set to break records, as breaches tied to phishing, ransomware and supply chain attacks keep surging, the Identity Theft Resource Center warns. It says that there’s also been a rise in tardy breach notifications containing little detail.

https://www.inforisktoday.co.uk/data-breach-reports-rise-as-supply-chain-attacks-surge-a-17701

Discussion Also Addresses the Importance of Product Security
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the importance of product security, the impact of ransomware on healthcare sector entities during the pandemic and thinking about cybersecurity awareness creatively.

https://www.inforisktoday.co.uk/ismg-editors-panel-first-fatality-linked-to-ransomware-a-17698

Martin Cook, Sr. Solutions Engineer, Reliaquest Discusses How to Streamline Your Time to Response
In this exclusive interview, Martin Cook, Senior Solutions Engineer with ReliaQuest, discusses how to reduce complexity, increase visibility and tap into new resources to enhance your own abilities to detect, investigate and respond to attacks.

https://www.inforisktoday.co.uk/analyzing-results-2021-cybersecurity-complexity-study-eu-uk-a-17700

110,000 Servers Exposed to Active Attacks; US Government Urges Immediate Patching
Apache HTTP Server users are being warned to install yet another patch, as a fix released Wednesday was incomplete and introduced a new flaw. The U.S. Cybersecurity and Infrastructure Security Agency has urged all users to update immediately, citing in-the-wild attacks exploiting Apache’s software.

https://www.inforisktoday.co.uk/apache-issues-another-emergency-patch-for-exploited-flaws-a-17697

Plug and Play Ventures Left an Amazon S3 Bucket Open to the Internet
A Silicon Valley venture capital firm that runs a matchmaker service linking investors with startups exposed 6GB of data, including deal flow information pertaining to investors and startups. The exposure has been closed, but it’s unclear if the company will notify regulators.

https://www.inforisktoday.co.uk/silicon-valley-vc-firm-leaked-deal-flow-data-a-17696

DOJ Also Announces Formation of National Cryptocurrency Enforcement Team
The U.S. Department of Justice said this week it will pursue government contractors that fail to report cybersecurity incidents. The department also announced the formation of a Cryptocurrency Enforcement Team to prosecute the misuse of virtual currencies.

https://www.inforisktoday.co.uk/us-doj-to-fine-contractors-for-failure-to-report-incidents-a-17695

Ransomware Variant Updated; Group Claimed Credit for Accenture Attack
Federal regulators are warning healthcare and public health sector organizations of potential attacks by the ransomware group LockBit 2.0 and its affiliates. The group claimed credit for the August attack on consultancy firm Accenture. What preventative steps should healthcare sector entities take?

https://www.inforisktoday.co.uk/hhs-warns-healthcare-sector-about-lockbit-20-threats-a-17694

5-Year Intrusion Is the Latest Incident Involving Lesser-Known - Yet Key - Provider
Who had heard of Syniverse before it recently disclosed a five-year breach, potentially exposing call-routing data and text messages for hundreds of mobile phone networks? The incident is just the latest supply chain attack to hit a lesser-known but nevertheless critical service provider.

https://www.inforisktoday.co.uk/breach-syniverse-reveals-yet-another-supply-chain-attack-a-17692

Exploits Use Ethernet Cables, Can Leak Data to Location Several Meters Away
Researchers at Ben-Gurion University of the Negev, Israel, have uncovered a new type of electromagnetic attack, dubbed LANtenna, that exfiltrates sensitive data from an isolated, air-gapped computer using Ethernet cables as transmitting antennas.

https://www.inforisktoday.co.uk/lantenna-attacks-exploit-air-gapped-networks-via-ethernet-a-17688

Legislation Would Also Direct US DHS to Study Ransomware, Cryptocurrencies
U.S. lawmakers have introduced legislation that would require the reporting of ransom payments within 48 hours of the transaction. The bill would also require DHS to create a voluntary website to log ransom payments and task the department with studying ransomware and cryptocurrencies.

https://www.inforisktoday.co.uk/new-bill-would-require-ransom-disclosure-within-48-hours-a-17689

Recent Cyber-Related Incidents Spotlight the Serious Potential Risks Facing Patients
The expanded recall of insulin pump devices due to vulnerabilities that pose the risk of injury or death to patients and a recent malpractice lawsuit alleging that the effects of a ransomware attack led to a baby’s death are the latest warnings of dangers posed by security issues in medical gear.

https://www.inforisktoday.co.uk/patient-safety-concerns-grow-over-medical-gear-security-a-17687

Reports: Platform’s Entire Source Code Compromised in 125GB Leak
Amazon-owned video streaming service Twitch, which focuses on video games and e-sports broadcasts, reportedly suffered a massive data breach, which the company vaguely confirmed via Twitter. A post on the anonymous online forum 4chan reportedly indicates that the entire platform was compromised.

https://www.inforisktoday.co.uk/video-game-streamer-twitch-confirms-massive-data-breach-a-17686

Shodan Search Shows 112,000 HTTP Servers Running Vulnerable Version
Apache, a popular open-source web server software for Unix and Windows, says it has fixed a zero-day vulnerability in its HTTP server that it says has been exploited in the wild. The path traversal and file disclosure vulnerability only affects Apache HTTP servers upgraded to version 2.4.49.

https://www.inforisktoday.co.uk/apache-fixes-zero-day-flaw-exploited-in-wild-a-17685

Cybersecurity Specialist John Walker on How Attackers Work
Cyber extortion through digital means is nothing new, says U.K.-based cybersecurity expert John Walker, but the concerning aspect of today’s ransomware attacks is that they are “low-cost in the macro sense and so easy to achieve.”

https://www.inforisktoday.co.uk/understanding-real-threat-ransomware-a-17684