Information Technology

Google has released details of a high-severity flaw affecting the Bluetooth stack in the Linux kernel versions below Linux 5.9 that support BlueZ.
Linux 5.9 was just released two days ago and Intel is recommending in its advisory for the high-severity Bluetooth flaw, CVE-2020-12351, to update the Linux kernel to version 5.9 or later. 

“Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access,” Intel notes in its advisory for CVE-2020-12351. BlueZ is found on Linux-based IoT devices and is the official Linux Bluetooth stack.
SEE: Security Awareness and Training policy (TechRepublic Premium)
Intel says the BlueZ project is releasing Linux kernel fixes to address the high-severity flaw, as well as fixes for two medium-severity flaws, CVE-2020-12352 and CVE-2020-24490. 
CVE-2020-12352 is due to improper access control in BlueZ that “may allow an unauthenticated user to potentially enable information disclosure via adjacent access.” CVE-2020-24490 refers to BlueZ’s lack of proper buffer restrictions that “may allow an unauthenticated user to potentially enable denial of service via adjacent access.”
Andy Nguyen, a security engineer from Google, reported the bugs to Intel.
Researchers from Purdue University last month claimed that BlueZ was also vulnerable to BLESA (Bluetooth Low Energy Spoofing Attack), along with the Fluoride (Android), and the iOS BLE stack. 
Google has detailed the bugs on the Google Security Research Repository on GitHub. Nguyen’s description of the BleedingTooth vulnerability sounds more serious than Intel’s write-up. 
Nguyen says it’s a “zero click” Linux Bluetooth Remote Code Execution flaw and has published a short video demonstrating the attack using commands on one Dell XPS 15 laptop running Ubuntu to open the calculator on a second Dell Ubuntu laptop without any action taken on the victim’s laptop.  
[embedded content]
BlueZ contains several Bluetooth modules including the Bluetooth kernel subsystem core, and L2CAP and SCO audio kernel layers. 
According to Francis Perry of Google’s Product Security Incident Response Team, an attacker within Bluetooth range who knows the target’s Bluetooth device address (bd address) can execute arbitrary code with kernel privileges. BleedingTooth affects Linux kernel versions 5.8 and higher but not Linux 5.9 and higher.   
“A remote attacker in short distance knowing the victim’s bd address can send a malicious l2cap packet and cause denial of service or possibly arbitrary code execution with kernel privileges. Malicious Bluetooth chips can trigger the vulnerability as well,” Perry writes. 
SEE: Network security policy (TechRepublic Premium)
Google has also published proof-of-concept exploit code for the BleedingTooth vulnerability.  
Google plans to publish further details about BleedingTooth shortly on the Google Security Blog. 
Intel recommends installing the following kernel fixes to address these issues if a kernel upgrade is not possible.  More

IBM is announcing a bevy of updates to Cloud Pak for Security, its platform for tackling cybersecurity threats across multicloud and hybrid environments. 

Launched last year as the foundation of IBM’s open security strategy, Cloud Pak for Security is designed to glean threat information and insights from various sources without having to move data. The system leverages IBM’s investment in Red Hat, including Open Shift, and is designed specifically to unify security across hybrid cloud environments.
Over the last year IBM has expanded the capabilities within Cloud Pak for Security to address some of the key components of threat management — such as detection, investigation and response — using AI and automated workflows.  
IBM is now rolling out new capabilities that aim to extend the platform even further, including a new integrated data security hub that promises to bring data security insights directly into threat management and security response platforms. IBM posits that data security has historically been siloed from threat management, focused on policy and compliance rather than integrated into threat detection and response.
With integrated data security, IBM said it can connect these previously siloed functions and offer security and response teams greater visibility into data-level security.
In addition to the data security hub, IBM is also announcing pre-built connectors for five third-party threat intelligence feeds, and dedicated service offerings that aim to help Cloud Pak customers get up and running on the the platform.
“With these updates, Cloud Pak for Security will include 1 access to six threat intelligence feeds, 25 pre-built connections to IBM and third-party data sources, and 165 case management integrations which are connected through advanced AI to prioritize threats, and automation playbooks to streamline response actions for security teams,” IBM said in a press release. “With the new capabilities, Cloud Pak for Security has become the first platform in the industry to connect data-level insights and user behavior analytics with threat detection, investigation and response.” More

New South Wales Attorney General and Minister for the Prevention of Domestic Violence Mark Speakman on Wednesday introduced legislation to state Parliament with the aim of offering further protections for victims of the distribution of non-consensual intimate images and videos online, colloquially known as “revenge porn”.
Under the proposed amendments to the Criminal Procedure Act 1986, victims of intimate image abuse would have the same court protections as other sexual assault complainants. Judicial officers would also have greater powers to order images and recordings be destroyed.
Speakman said the proposed reforms acknowledge the seriousness of these types of offences and the distress and damage they inflict on victims’ lives.
See also: New Australian Online Safety Act to include take-down of cyber abuse
“Coming to court can often involve extensive questioning about intimate details of a victim’s experience and the terrible hurt caused. These reforms are aimed at helping to reduce the trauma of that experience,” he said.
“It is vital victims know if they report intimate image abuse that they will be appropriately supported in court, while also helping them regain privacy and dignity.” 
The proposed reforms allow the court to order an offender to remove, retract, delete, or destroy an intimate image when found guilty of threatening to distribute it without consent.
“What happens to intimate images can be a source of ongoing fear and trauma for many victims, and our Bill seeks to address that anxiety,” Speakman added. “It will give victims some sense of control and peace of mind that even when only a threat is made, that those images can no longer be accessed or disseminated in the future.
See also: Facebook gets about 500,000 reports of revenge porn a month, report says (CNET)
“Unfortunately, the rapid advent of technology has facilitated a rise in this type of criminal behaviour, so it is crucial our justice response keeps pace.”
The amendments, if passed, would also provide victims with the ability to give evidence remotely and in a closed court, access a support person, have their identity protected from publication, and avoid cross-examination by an unrepresented accused personally.
Citing the NSW Bureau of Crime Statistics and Research, Speakman said there were 296 charges for intimate image offences between July 2018 and June 2019, and 420 charges laid between July 2019 and June this year.
The Australian government in August 2018 passed legislation aimed at protecting citizens from revenge porn by mandating civil and criminal penalties.
Under the legislation, individuals could face civil penalties of up to AU$105,000 and corporations of up to AU$525,000 if they do not remove an image when requested to by the eSafety Commissioner.
IF YOU OR ANYONE YOU KNOW IN AUSTRALIA NEEDS HELP CONTACT ONE OF THESE SERVICES:
Suicide Call Back Service on 1300 659 467
Lifeline on 13 11 14
Kids Helpline on 1800 551 800
MensLine Australia on 1300 789 978
Beyond Blue on 1300 22 46 36
Headspace on 1800 650 890
QLife on 1800 184 527
LATEST FROM NSW More

The Australian Transaction Reports and Analysis Centre (Austrac) announced on Wednesday it has concluded its investigation into Afterpay, having decided it will not pursue any further regulatory action.
Austrac ordered the appointment of an external auditor into Afterpay’s Australian operations in June last year. Specifically, the regulator asked for the examination of Afterpay’s compliance with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act).
“In response to the findings and recommendations identified in the external audit report, Afterpay has uplifted its AML/CTF compliance framework and financial crime function, and completed all remediation necessary to ensure compliance,” Austrac wrote on Wednesday.
“After considering the report and the response by Afterpay, Austrac has decided not to undertake further regulatory action.
Austrac said it has “reiterated the importance” for Afterpay to meet its compliance obligations in the future, and that it would continue to work with the company to ensure it understands the compliance obligations it has, as well as its role in fighting financial crime.
See also: Sweeping change: Fintech committee offers ‘quick wins’ fix to Australian ecosystem
The regulator took the opportunity to remind new and emerging financial services businesses that they may have obligations under the AML/CTF Act.  
“Startup ventures and technology-based financial businesses must consider whether they have AML/CTF obligations and if they do put in place systems and controls that identify and mitigate money laundering and terrorism financing risks,” Austrac said.
Austrac in September asked for a similar investigation of PayPal, with the examination to focus on “ongoing concerns” regarding the Australian arm’s compliance with the AML/CTF Act.
These concerns relate to PayPal Australia’s compliance with its International Funds Transfer Instruction reporting obligations.
However, Austrac in March announced an extension was granted to the auditors, taking into consideration the scope of the audit, the size, and complexity of PayPal Australia’s business operations and the overlap with PayPal’s international operations.
“The extension will allow PayPal Australia and the external auditor to fully examine their compliance with the AML/CTF Act,” Austrac said.
Last month, Austrac reached an agreement with Westpac to settle the anti-money laundering and counter-terrorism financing allegations that were raised by the watchdog in November 2019.
Should the Federal Court accept the penalty, the bank will pay AU$1.3 billion for breaching the AML/CTF Act over 23 million times. Westpac has admitted to the breaches, which include failing to report international funds transfers of more than AU$11 billion.
MORE FROM AUSTRAC More

Image: ZDNet
Microsoft has released today its monthly batch of security updates known as Patch Tuesday, and this month the OS maker has patched 87 vulnerabilities across a wide range of Microsoft products.
By far, the most dangerous bug patched this month is CVE-2020-16898. Described as a remote code execution (RCE) vulnerability in the Windows TCP/IP stack, this bug can allow attackers to take over Windows systems by sending malicious ICMPv6 Router Advertisement packets to an unpatched computer via a network connection.
The bug was discovered internally by Microsoft engineers, and OS versions vulnerable to CVE-2020-16898 include Windows 10 and Windows Server 2019.
With a severity score of 9.8 out of a maximum of 10, Microsoft considers the bug dangerous and likely to be weaponized, and rightfully so.
Patching the bug is recommended, but workarounds such as disabling disable ICMPv6 RDNSS support also exist, which would allow system administrators to deploy temporary mitigations until they quality-test this month’s security updates for any OS-crashing bugs.
Another bug to keep an eye on is CVE-2020-16947, a remote code execution issue in Outlook. Microsoft says this bug can be exploited by tricking a user “to open a specially crafted file with an affected version of Microsoft Outlook software.”
Below are additional details about today’s Microsoft Patch Tuesday and security updates released by other tech companies:
Microsoft’s official Security Update Guide portal lists all security updates in a filterable table.
ZDNet has published this file listing all this month’s security advisories on one single page.
Adobe’s security updates are detailed here.
SAP security updates are available here.
Intel security updates are available here.
VMWare security updates are available here.
Chrome 86 security updates are detailed here.
Android security updates are available here.
Tag
CVE ID
CVE Title
Adobe Flash Player
ADV200012
October 2020 Adobe Flash Security Update
.NET Framework
CVE-2020-16937
.NET Framework Information Disclosure Vulnerability
Azure
CVE-2020-16995
Network Watcher Agent Virtual Machine Extension for Linux Elevation of Privilege Vulnerability
Azure
CVE-2020-16904
Azure Functions Elevation of Privilege Vulnerability
Group Policy
CVE-2020-16939
Group Policy Elevation of Privilege Vulnerability
Microsoft Dynamics
CVE-2020-16978
Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft Dynamics
CVE-2020-16956
Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft Dynamics
CVE-2020-16943
Dynamics 365 Commerce Elevation of Privilege Vulnerability
Microsoft Exchange Server
CVE-2020-16969
Microsoft Exchange Information Disclosure Vulnerability
Microsoft Graphics Component
CVE-2020-16911
GDI+ Remote Code Execution Vulnerability
Microsoft Graphics Component
CVE-2020-16914
Windows GDI+ Information Disclosure Vulnerability
Microsoft Graphics Component
CVE-2020-16923
Microsoft Graphics Components Remote Code Execution Vulnerability
Microsoft Graphics Component
CVE-2020-1167
Microsoft Graphics Components Remote Code Execution Vulnerability
Microsoft NTFS
CVE-2020-16938
Windows Kernel Information Disclosure Vulnerability
Microsoft Office
CVE-2020-16933
Microsoft Word Security Feature Bypass Vulnerability
Microsoft Office
CVE-2020-16929
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office
CVE-2020-16934
Microsoft Office Click-to-Run Elevation of Privilege Vulnerability
Microsoft Office
CVE-2020-16932
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office
CVE-2020-16930
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office
CVE-2020-16955
Microsoft Office Click-to-Run Elevation of Privilege Vulnerability
Microsoft Office
CVE-2020-16928
Microsoft Office Click-to-Run Elevation of Privilege Vulnerability
Microsoft Office
CVE-2020-16957
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office
CVE-2020-16918
Base3D Remote Code Execution Vulnerability
Microsoft Office
CVE-2020-16949
Microsoft Outlook Denial of Service Vulnerability
Microsoft Office
CVE-2020-16947
Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Office
CVE-2020-16931
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office
CVE-2020-16954
Microsoft Office Remote Code Execution Vulnerability
Microsoft Office
CVE-2020-17003
Base3D Remote Code Execution Vulnerability
Microsoft Office SharePoint
CVE-2020-16948
Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePoint
CVE-2020-16953
Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePoint
CVE-2020-16942
Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePoint
CVE-2020-16951
Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint
CVE-2020-16944
Microsoft SharePoint Reflective XSS Vulnerability
Microsoft Office SharePoint
CVE-2020-16945
Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint
CVE-2020-16946
Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint
CVE-2020-16941
Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePoint
CVE-2020-16950
Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePoint
CVE-2020-16952
Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Windows
CVE-2020-16900
Windows Event System Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16901
Windows Kernel Information Disclosure Vulnerability
Microsoft Windows
CVE-2020-16899
Windows TCP/IP Denial of Service Vulnerability
Microsoft Windows
CVE-2020-16908
Windows Setup Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16909
Windows Error Reporting Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16912
Windows Backup Service Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16940
Windows – User Profile Service Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16907
Win32k Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16936
Windows Backup Service Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16898
Windows TCP/IP Remote Code Execution Vulnerability
Microsoft Windows
CVE-2020-16897
NetBT Information Disclosure Vulnerability
Microsoft Windows
CVE-2020-16895
Windows Error Reporting Manager Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16919
Windows Enterprise App Management Service Information Disclosure Vulnerability
Microsoft Windows
CVE-2020-16921
Windows Text Services Framework Information Disclosure Vulnerability
Microsoft Windows
CVE-2020-16920
Windows Application Compatibility Client Library Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16972
Windows Backup Service Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16877
Windows Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16876
Windows Application Compatibility Client Library Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16975
Windows Backup Service Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16973
Windows Backup Service Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16974
Windows Backup Service Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16922
Windows Spoofing Vulnerability
Microsoft Windows
CVE-2020-0764
Windows Storage Services Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16980
Windows iSCSI Target Service Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-1080
Windows Hyper-V Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16887
Windows Network Connections Service Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16885
Windows Storage VSP Driver Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16924
Jet Database Engine Remote Code Execution Vulnerability
Microsoft Windows
CVE-2020-16976
Windows Backup Service Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2020-16935
Windows COM Server Elevation of Privilege Vulnerability
Microsoft Windows Codecs Library
CVE-2020-16967
Windows Camera Codec Pack Remote Code Execution Vulnerability
Microsoft Windows Codecs Library
CVE-2020-16968
Windows Camera Codec Pack Remote Code Execution Vulnerability
PowerShellGet
CVE-2020-16886
PowerShellGet Module WDAC Security Feature Bypass Vulnerability
Visual Studio
CVE-2020-16977
Visual Studio Code Python Extension Remote Code Execution Vulnerability
Windows COM
CVE-2020-16916
Windows COM Server Elevation of Privilege Vulnerability
Windows Error Reporting
CVE-2020-16905
Windows Error Reporting Elevation of Privilege Vulnerability
Windows Hyper-V
CVE-2020-16894
Windows NAT Remote Code Execution Vulnerability
Windows Hyper-V
CVE-2020-1243
Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-V
CVE-2020-16891
Windows Hyper-V Remote Code Execution Vulnerability
Windows Installer
CVE-2020-16902
Windows Installer Elevation of Privilege Vulnerability
Windows Kernel
CVE-2020-16889
Windows KernelStream Information Disclosure Vulnerability
Windows Kernel
CVE-2020-16892
Windows Image Elevation of Privilege Vulnerability
Windows Kernel
CVE-2020-16913
Win32k Elevation of Privilege Vulnerability
Windows Kernel
CVE-2020-1047
Windows Hyper-V Elevation of Privilege Vulnerability
Windows Kernel
CVE-2020-16910
Windows Security Feature Bypass Vulnerability
Windows Media Player
CVE-2020-16915
Media Foundation Memory Corruption Vulnerability
Windows RDP
CVE-2020-16863
Windows Remote Desktop Service Denial of Service Vulnerability
Windows RDP
CVE-2020-16927
Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
Windows RDP
CVE-2020-16896
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Windows Secure Kernel Mode
CVE-2020-16890
Windows Kernel Elevation of Privilege Vulnerability More

President Donald Trump claims mail carriers in West Virginia are “selling the ballots” and that the postal service “is losing 30 and 40 percent [of mailed-in ballots].” These are lies. It’s all part of an attempt to cast fear, uncertainty, and doubt around the election. Meanwhile, the California GOP has installed unofficial ballot drop-off boxes that state officials say are illegal. Think your vote will be counted if you were to drop your ballot off in one of these? I doubt it.

2020 Election

So, what can you do? How do you make sure your drop-off ballot or early vote doesn’t disappear into a black hole? People from Google, Microsoft, and other companies have come up with their own answer: WeVoteSafely.org.
WeVoteSafely is a non-partisan site, run by volunteers and without corporate support, for US citizens who are worried about voting in-person on November 3 and concerned that the US Postal Service will lose their ballots.
To help with the third option for voting — ballot drop-off — WeVoteSafely offers a searchable listing of legitimate authorized ballot drop-off locations. Users can locate their nearest ballot drop box by entering their address or using a location service. They will then see a map showing exactly where real drop-off boxes are located. The map also provides a link back to the source of the collection box information to provide trust in the data. 
Tara Grumm, Director of Microsoft Research Outreach, explained, “WeVoteSafely.org is a public service, the site does not display ads, track users or collect any personal information other than the location data needed to provide accurate voting information. The location data is discarded after use, and the site only tracks county-level information about usage to identify gaps in data or other issues to fix.”
The data has been collected by volunteers and its sources can be found on a county-by-county basis. This data was then gathered into Google Sheets and Excel workbooks. Volunteers collected information on the type of safe voting location (e.g. ballot drop box versus early voting); the location’s physical address; and the URL of the authoritative city/county/state source for the information. Additional elements — such as dates/times of availability and location notes — were also captured, where available.
Don’t trust the data? The group understands your skepticism. From their FAQ: “It is ALWAYS a best practice to NOT blindly believe something you happen to read on the Internet. That is even (especially!) true with information on voting. Every location on our maps include a link back to the original city/county/state source of official information.” 
The site uses a human-curated, crowd-sourced search engine and the FAQ notes that while “there is a LOT of cutting/pasting that went into building this site, we might have missed something along the way.” So, if you find an error/omission or have updated information, they want you to tell them so they can fix the problem.
The data for each legal drop-off site is then geocoded. Confusion is still possible — for example, LaGrange, IL vs La Grange, IL — therefore, some manual corrections were made to the data. 
This data is then loaded into Microsoft’s Power BI, a business analytics service running on Microsoft’s Azure cloud. The front-end uses Google Maps. 
Even now there are a few outstanding issues. Some states and counties haven’t finished nailing down their drop-off and early voting sites. Fairfax City and Fairfax County in Virginia, for example, is still proving troublesome. Still, the database covers 98% of the country with over 16,000 locations.
Worried about your own data? The group wants you to know: The service collects no personally identifiable information. That means:

We do NOT use cookiesWe do NOT use any third-party analytics tools or plug-insWe do NOT log/track your specific address or lat/long location information (however, we DOtrack the city, county, and state that users are querying for to help prioritize our dropbox/earlyvoting location research efforts)We do NOT use unique user identifiers on sites across the webNo tricks, no gotchas, no exceptions

I checked the site with my own privacy tools and it’s as clean as a whistle. I also looked at its data for my own home county, Buncombe county in North Carolina, and found it was accurate. If you want to vote early and you want to make sure your vote is counted, I highly recommend this site.
Related Stories: More

Business email compromise (BEC) phishing scams are one of the most common forms of cybercrime – and new fraud gangs are appearing across the globe to trick firms into handing over money, according to an investigation by cybersecurity researchers.
A number of these scams have in the past been operated out of Nigeria, which is where about half of BEC scams still originate, according to an analysis by researchers at security company Agari. But a quarter of BEC phishing scams operate from within the US.

More on privacy

In total, Agari identified BEC attacks originating from 50 countries around the world and identified South Africa and the UK as high-ranking regions of BEC activity. The UK, for example, is home to a prolific BEC outfit known as London Blue.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic) 
The research also identifies Eastern Europe and Russia as a region with a growing number of BEC scammers. Traditionally home to trojan malware and ransomware groups, the emergence of BEC groups in the region suggests the cyber-threat landscape could be changing as corporate phishing scams become more lucrative.
“While we knew there were some BEC actors operating out of the US, the fact they comprised a quarter of all global BEC actors was a surprise,” Crane Hassold, senior director of threat research at Agari, told ZDNet.
Nearly half the BEC scammers in the US are based in five states: California, Georgia, Florida, Texas, and New York, although evidence of people operating BEC attacks has been detected in 45 states in total.
The goal of a BEC attack is to trick an employee of an organisation into transferring a large sum of corporate funds – the average loss is $80,000, but some attacks can cost millions – into a bank account owned by the scammer.
Often these phishing attacks will take the form of a phoney email sent in the name of a real exec or supplier, asking the victim to transfer funds as a matter of urgency to secure a business deal or contract. In some cases, it’s known for BEC scammers to compromise legitimate email accounts of real contacts known to the target and use an established level of trust to help push the transfer through.
By the time someone realises the transfer was fraudulent, it’s already too late as the money is already in the hands of attackers. The FBI says almost half of reported financial losses to cybercrime in 2019 were lost to BEC scams.
Another element of these campaigns also has a significant footprint in the US; researchers collected information about 2,900 money mule accounts run by people whose job it is to transfer stolen funds and found that 80% of these were also based in the US. That’s mostly because businesses in the US have historically been the primary targets of BEC attacks and most of these attacks ask victims to send money to accounts in the same country, said Hassold.
However, while money mules are helping with criminal activity, in many cases the people involved don’t know that’s what they’re doing, having been scammed into providing their aid via social engineering, romance scams or work-from-home scams.
“Like a lot of other types of criminal activity, it’s a numbers game. There are a lot of cyber criminals involved in BEC campaigns, both in the US and internationally, and there are only so many arrests law enforcement can make,” said Hassold.
SEE: My stolen credit card details were used 4,500 miles away. I tried to find out how it happened
While BEC attacks can result in significant financial losses for businesses, it is possible to protect against them.
“Organisations first need to make sure they’re using an email defense that can protect against these types of basic social engineering attacks,” said Hassold.
“Additionally, to verify a payment request is legitimate, organizations should have policies in place that require out-of-band confirmation with the person requesting a payment,” he added.
MORE ON CYBERSECURITY More

Palo Alto Networks is releasing new features for its Prisma Cloud security platform. New features in this latest release will integrate technology from Palo Alto’s 2019 acquisition of Aporeto, a machine identity-based microsegmentation company. Other new Prisma Cloud features include data loss prevention, and identity and access management security.

With Palo Alto’s Prisma Cloud, organizations can securely connect office branches and mobile users to the cloud, allow for SaaS adoption with a cloud access security broker, and improve security across multi-cloud deployments. 
With the integration of Aporeto, Palo Alto is bringing identity-based microsegmentation into Prisma Cloud. The technology will provide visibility of network communications along with security policy control and management, the company said. 
Securing the cloud is a major focus for Palo Alto, along with securing the enterprise and providing security with its AI-powered platform Cortex. Over the last two years, Palo Alto built up its cloud security capabilities with the acquisition of the cloud security startup RedLock, as well as the purchase of Evident.io and Aporeto. 
As for the rest of the feature updates, Palo Alto said the new DLP capabilities offer discovery, classification, and malware detection for AWS S3. The IAM features provide customers Cloud Infrastructure Entitlement Management (CIEM) capabilities, visibility into who has access to specific cloud resources, and the ability secure those resources with automated least-privileged identity access.
“Enterprises are adopting cloud native architectures, including containers and serverless, and embracing methodologies like DevOps to increase release velocity and achieve greater scale,” said Doug Cahill, senior security analyst and group practice director for Enterprise Strategy Group. “This presents a requirement for security teams to integrate security across the full application lifecycle and deliver security through a platform-centric approach as markets converge. The innovation with Prisma Cloud 2.0 speaks to this approach.” More