Cyber Attacks, Threats, and Vulnerabilities
Lithuanian parliament under cyber attack (Euractiv) Lithuania’s parliamentary website came under cyber attack yesterday (11 April) just as a special session of the World Congress of Crimean Tartars was meeting to discuss mass violations of human Rights in Russian-occupied Crimea
The Panama Papers: Shadow networks and how they operate (Global Risk Insights) The revelation by the Panama Papers that some of the world’s rich and powerful hide money and assets abroad is not a new one. The extent to which they do it, the level of systematization and its unexpected connection to some of the poorest, conflict ridden regions of world is baffling
Saucy public servants exposed – targets for cyber criminals (IT Wire) And you thought public servants led dull, colourless lives. Cyber criminals are out to provide otherwise – unless you pay
‘Inadvertent’ cyber breach hits 44,000 FDIC customers (Washington Post) In yet another example of fragile security in federal cyber systems, data for 44,000 Federal Deposit Insurance Corp. customers was breached by an employee leaving the agency
BAE Systems sounds security klaxon over Qbot malware (Inquirer) Qbot ain't no BB9. Steady yourselves. The security threat diviners at BAE Systems have warned of a modified instance of Qbot that is bad news for you and your systems
Security Alert: Citadel Trojan Resurfaces as Atmos, Carries on the ZeuS Legacy (Heimdal Security) More than 6 months after its creator was sentenced to prison, the infamous Citadel malware resurges in a modified form, called Atmos. The new strain is currently targeting banks in France and it was also spotted being delivered with Teslacrypt. Here’s the full story
More big-name sites hit by rash of malicious ads that attack end users (Ars Technica) Some of Netherlands' top sites ran ads that redirected to the Angler exploit kit
New Android Ransomware Identified By Trend Micro (Android Headlines) It seems as if it is almost weekly when a new virus, malware or other form of Android-related security or privacy issue arises and today is marking the latest noted issue. In fact, the issue came to light yesterday when Trend Micro published a blog post on a new malware which is going by the ANDROIDOS_SLOCKER.AXBB tag. As is usually the case, the details here are not meant as a form of scaremongering and instead are simply intended to keep Android device owners informed
Meet The Cryptoworm, The Future of Ransomware (Threatpost) Ransomware is evolving and soon will share the same deadly efficiencies as notorious worms of the past, such as Conficker and SQL Slammer. In fact, according to security researchers at Cisco Talos, today’s newest ransomware, SamSam, is a harbinger of a new wave of more malicious, tenacious and costly ransomware to come
Self-spreading ransomware next computer threat, Cisco Systems says (CBC) Samsam or Samas strain encrypts large databases and locks out authorized users until ransom paid
Imagining The Ransomware Of The Future (Dark Reading) Cisco Talos Lab paints a dark picture of what ransomware could have in store next
Security experts find ‘no cure’ for ransomware (Financial Times) When an administrator at Brown University downloaded an invoice she received by email, she did not expect it to kidnap data from her and her colleagues’ computers, encrypt it and demand a ransom for its release
What’s in a Name? For Crimeware and DDoS Sellers, Everything! (Recorded Future) A recent OVERFLOW DDoS BOT Web advertisement serves as a good example for scalable threat assessment and prioritization workflow
Watch out! There are Apple ID SMS phishers about! (Graham Cluley) "Your Apple ID is due to be expire today"... yeah, right
Cyberattackers Find Coveted Openings in Easy-to-Fix Network Vulnerabilities (Legaltech News) While network vulnerabilities and the rise of DIY servers provide openings for hackers, simple network fixes can prevent up to 85 percent of these cyberattacks
Moxa Won’t Patch Publicly Disclosed Flaws Until August (Threatpost) A number of publicly disclosed vulnerabilities in Moxa networking gear won’t be patched until August, if at all, according to an alert published on Friday by the Industrial Control System Cyber Emergency Response Team (ICS-CERT)
Baddies' brilliant plan to get mobile malware whitelisted: Bribery (Register) App developers like money too
Scammer fakes kidnapping using information posted on Facebook (Naked Security) Conjure up your greatest fear about posting stuff on social media. Got it? It can’t be too much worse than what seems to have happened to Hector Martinez
Bulletin (SB16-102) Vulnerability Summary for the Week of April 4, 2016 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week
Security Patches, Mitigations, and Software Updates
Just say NO to Adobe Flash Player -- emergency patch vs. Cerber ransomware (Computerworld) Adobe Systems’ Flash Player software is vulnerable (again). Ransomware is exploiting it. So patch now—or just uninstall it already!
Microsoft Outlook users with Office 365 get a security perk: Unsafe email warnings (PCWorld) Think of it as another layer of armor protecting you from spammers and phishing attacks
Facebook to tackle how shady advertisers rip off users (Naked Security) “If you can smell it, is that good for you?”
Cyber Trends
The rise of shadow IT (WhaTech) Question: what does BYOD have in common with shadow IT? Answer: they both started out as headaches for CIOs but have now become, or are becoming an accepted, and valued part of corporate IT
The inconvenient truth about API security (Help Net Security) Ovum Consulting asked IT and security professionals across a variety of industries globally about their use of APIs, adoption of API management platforms, and the security features included in those platforms
6 Cyber Surveys to Know: Ever-Evolving Needs for Data Security (Legaltech News) Exponential increases in data volume reveal new information governance needs. These surveys shed insights on the issues around big data
Keeping a grip on cyber risk, regulation increasingly challenging (Business Insurance) Forecasting critical risks is becoming increasingly more difficult, according to the 13th annual “Excellence in Risk Management” report released Monday by Marsh L.L.C and the Risk & Insurance Management Society Inc
Marketplace
Dell Preps for SecureWorks IPO as Cybersecurity Stocks Shine (The Street) Dell is making headway toward its spinoff of cybersecurity arm SecureWorks Inc., highlighting the strength of the cybersecurity sector amid an otherwise tough market for tech IPOs
Dell's SecureWorks valued at $1.42 billion in year's first tech IPO (Retuers) Dell Inc's [DI.Ul] cyber security unit, SecureWorks Corp, could be valued at up to $1.42 billion in its initial public offering, the first major U.S. listing of a technology company this year
BAE Taps Cyber Skills Honed for Spooks to Win Clients (Bloomberg Technology) In January, BAE Systems Plc got a routine call from a new client: The health-care company’s computer systems were mysteriously crashing. BAE’s sleuths soon discovered a dangerous new strain of a virus called Qbot
Gil Shwed threatens to move Check Point abroad (Globes) The Israeli IT security company's founder and CEO has complained about Check Point's tax burden
The 'Darth Vader' of Cyberwar Sold Services to Canada (Vice News) Documents show the Canadian military paid thousands of dollars to one of the world's most infamous cyber security firms at least twice
7 Hot Security Analytics Startups (eSecurity Planet) IT security startups are bringing technologies such as Big Data, predictive analytics and machine learning to the front lines of the cyber war. While most security analytics tools are marketed as adjuncts to existing security infrastructure, that could change as organizations explore their options and test drive these new tools
Bitcoin Messiah Patrick Byrne’s Medical Leave Could Rattle Blockchain’s Future (Wired) Overstock.com CEO and chairman Patrick Byrne has taken an indefinite medical leave of absence from the company, a decision will be felt most among the worldwide community working to advance bitcoin and the bitcoin blockchain
GSA Federal Acquisition Service Issues RFI on Cybersecurity Services for Gov’t Agencies (ExecutiveBiz) The General Services Administration is requesting information on existing cybersecurity services in the market that could meet the needs of government agencies
The four qualities of a successful cyber security start-up (Information Age) Investment in cyber security startups is increasing, but what will make a company the next big success story?
3 Steps to Thriving in One of Cybersecurity's 1 Million Open Positions (SecurityWeek) Cisco's John Stewart believes there are roughly a million security role vacancies, and this gap is now officially a crisis
MITRE Appoints Dr. Jay Schnitzer Vice President and Chief Technology Officer (MITRE) The MITRE Corporation appointed Dr. Jay Schnitzer vice president and chief technology officer (CTO)
Duo Security Hires Ambrosia Vertesi as Vice President of People & Culture (PRNewswire) Duo Security, a cloud-based trusted access provider protecting the world's largest and fastest-growing companies, today announced that it welcomes to the executive team Ambrosia Vertesi as Vice President of People. Ambrosia was most recently Vice President of Talent at Hootsuite, where she spearheaded the company's hyper growth - from twenty to nearly a thousand employees globally in four years
RSA Picks Up Former Fortinet CMO, New Head Of Global Services (CRN) RSA is bolstering its executive lineup ahead of its parent company's pending purchase by Dell, adding Holly Rollo as chief marketing officer and Doug Howard as vice president of global services
DarkMatter Appoints Ex-Cisco Veteran Senior Vice President of Sales, Marketing & Business Development (PRNewswire) Rabih Dabboussi spent 20 years with Cisco in various leadership roles, most recently as Managing Director of Cisco UAE
Brooke Seawell Joins Malwarebytes Board of Directors (BusinessWire) Seawell brings more than 30 years of finance, operations and board leadership
Products, Services, and Solutions
Customized cyber coverage offered with $100 million in limits (Business Insurance) Beazley Group P.L.C. and a unit of Munich Reinsurance Co. Ltd. unit have entered into a coinsurance partnership to provide buyers with cyber limits up to $100 million or €100 million and coverage that is tailored, the insurers announced Monday
QA launches cyber attack defence training facility in London (ComputerWeekly) Training firm QA launches a cyber attack simulation facility in London to enable organisations to test and learn cyber defence skills
Your Data on a Date: Data Security for Every Occasion (IBM Security Intelligence Blog) You know how it is: They’ve met online, the attraction has built, and now they are going on their first date
A10 Networks Releases Fourth Generation Appliance Line (eWeek) A10 Networks' products have a variety of form factors, including physical, software or cloud-based, ensuring flexibility
Webroot: Smarter Cybersecurity & All the Protection Your Devices Need (Movie TV Tech Geeks) We’ve always known that malware, hackware, and most other wares are out there on the big bad internet, but this year, a new vicious one called ransomeware has been created
Technologies, Techniques, and Standards
Petya ransomware encryption has been cracked (Help Net Security) Petya ransomware hit companies hard, but the good news is that there are now tools available to get the encrypted files and locked computers back
Lateral Movement: When Cyber Attacks Go Sideways (SecurityWeek) Finding and stopping cyber attacks has become a key priority for everyone from the C-suite all the way to the frontline security and network administrator
European telcos join ETIS cybercrime initiative (Telecompaper) Global telecoms association ETIS has joined forces with Proximus, KPN, Swisscom and A1 Telekom Austria to launch an initiative aimed at professionalising the exchange of cyber threat intelligence among European telecoms providers
How to keep the IoT predators at bay (Computer Business Review) Opinion: Huntsman Security's Piers Wilson looks at the Internet of Things and how businesses can protect themselves from the potential threats
Why the FBI director puts tape over his webcam – and you should too (Naked Security) FBI Director James Comey gave a speech at Kenyon College in Ohio last week, making his case that “absolute privacy” has never existed in America – until now, when encryption by default creates spaces where law enforcement can not go, even with a court order
Design and Innovation
How monitoring behaviour could unmask the fraudsters (BBC) Thieves and fraudsters want to get their hands on our cash and data. And these days they can attack us from all corners of the globe
Click flicks and Hollywood hackers (Raytheon) Real-life cyber experts review the best and worst movie hackers
Hackers set to infiltrate New York film festival (Christian Science Monitor Passcode) Why DEF CON, one of the world's premiere hacker conferences, is setting up shop at one of the nation's top film festivals
Killing Clippy: Lessons in Usability & Legacy Code (Duo Security) Ah, Clippy. Some of us remember that creepy animated assistant that came pre-installed in Microsoft Office in the late 90s
Do GPU optimized databases threaten the hegemony of Oracle, Splunk and Hadoop? (Diginomica) GPU optimized databases are rapidly moving from science project to business reality. Here’s what it means
Academia
Registration Opens for U.S. Cyber Challenge’s Annual Cyber Quests Competition (US Cyber Challenge) U.S. Cyber Challenge opened registration today for the 2016 Cyber Quests online competition
Call for Papers: Journal of Cybersecurity Research (JCR). (Journal of Cybersecurity Research) The Clute Institute seeks quality journal manuscripts in cybersecurity research for publication in JCR. Inquires and manuscripts should be submitted to Journals@CluteInstitute.com. Accepted manuscripts are published open access (free of charge) on the Internet
Stanford launches new online courses in computer security (PRNewswire) Staying ahead in the cyber security game is critical to defending against new threats. To protect against cybercrime, corporations, business and government must continuously update their security measures and keep employees properly trained
Universities aren’t doing enough to train the cyberdefenders America desperately needs (Washington Post) The threat of hacking seems to lurk around every corner, but American universities may not be doing enough to prepare the next generation of cyberdefenders
Legislation, Policy, and Regulation
Hashtag warfare: Anti-ISIS coalition looks to enhance its online messaging (Military Times) The U.S.-led military coalition battling the Islamic State group is expanding its online messaging efforts, launching a new digital hub intended to showcase the campaign's scope and successes, and making more deliberate moves on social media
Back to the drawing board on Wassenaar (Politico) An international summit is taking place this week in Vienna, where the United States is set to advocate renegotiating export controls that provoked widespread fears they would cripple the American cybersecurity industry, multiple sources told MC
European regulators to issue opinion on data transfer deal (The Hill) European privacy regulators are set to issue an opinion this week on a pending data transfer deal between the United States and the European Union
U.S. Senate Working on New Encryption Bill (Legaltech News) The pending legislation seeks to provide technical assistant to law enforcement when dealing with decrypted information, but privacy advocates cry foul
U.S. Bill Would Prioritize Cybersecurity at the Board Level (Lexology) In recent years, there has been an increase in the frequency and sophistication of cybersecurity attacks on both businesses and governments
Rep. Katherine Clark's crusade against the Internet's tormentors (Christian Science Monitor Passcode) The congresswoman from Massachusetts has made stamping out online harassment one of her signature issues and as a result has felt the slings and arrows of the hoards of digital harassers
US DoD prioritises cyber hardening (IHS Jane's) US Cyber Command (CYBERCOM) will be "Shifting from a focus on building the command to an emphasis on operationalising, sustaining, and expanding its capabilities" according to US Navy Admiral Michael Rogers, commander of the US Cyber Command (CYBERCOM), director of the National Security Agency (NSA), and chief of Department of Defense (DOD) Central Security Services
Soldiers and operators shift towards cyber electromagnetic activities (Homeland Prep News) The United States Army Cyber Command announced last week that soldiers and operators at the corps level or below will be shifting towards cyber electromagnetic activities (CEMA)
Litigation, Investigation, and Law Enforcement
British Border Force Hacked Refugees’ Laptops and Phones for 3 Years (Hack Read) As expected, the news sparked outrage amongst civil right groups and rape victim campaigners who claimed it was distressing to know the British government could target some of the most vulnerable people in a society like that
Obama ‘neither sought nor received’ briefing on Clinton email probe (The Hill) President Obama has neither requested nor received confidential briefings about federal investigations into Democratic presidential front-runner Hillary Clinton’s private email server, and his only source of knowledge is public news reporting, the White House said on Monday
Past cases suggest Hillary won’t be indicted (Politico) A Politico review shows marked differences between her case and those that led to charges
Charge Sheet Details Case Against Sailor Accused of Spying for China (MIlitary.com) A U.S. Navy officer accused of giving defense secrets to the Chinese government is Lt. Cmdr. Edward Lin, an official confirmed to Military.com on Monday
Accused spy served in one of Navy's most shadowy squadrons (Military Times) A U.S. Navy officer charged with spying for a foreign power worked at one of the service's most elite reconnaissance squadrons, whose operations are shrouded in secrecy
Did an Accused Navy Spy Trade Secrets for Sex? (Daily Beast) He says he grew up dreaming of Disneyland in his native Taiwan. But after he joined the U.S. Navy, defense officials say, accused spy Edward Lin’s life took a much darker turn
Documentaries about an expert convicted of leaking classified information (Help Net Security) Stephen Kim was a top level state department intelligence analyst. He went to prison under the Espionage Act
Ex-US Scientist Sentenced in Attempted Cyber-Attack (AP via ABC News) A former Nuclear Regulatory Commission scientist has been sentenced to a year and a half in prison for plotting a cyberattack on federal government computers. Charles Harvey Eccleston was sentenced Monday in Washington's federal court
Cybersecurity Expert Caught in FBI Mass Hack Gets Two Days Jail Time (Motherboard) The Department of Justice has charged at least 137 people in the US with child pornography related crimes, after the FBI used a hacking tool to identify visitors of a large site on the so-called dark web. Many of those people are facing years in prison. One person caught has avoided any serious jail time altogether though: Brian Haller, a former cybersecurity employee at Booz Allen Hamilton who himself has ties to the government
Publishers Strike Back at a Browser That Replaces Their Ads (Wired) Javascript creator Brendan Eich’s plan to flip web advertising on its head just hit a legal snag
First came the Breathalyzer, now meet the roadside police “textalyzer” (Ars Technica) Drivers in accidents could risk losing license for refusing to submit phone to testing
Sony Breach Settlement Reached (Dark Reading) Sony agreed to provide three years of identity theft protection to victims of data breach
How an internet mapping glitch turned a random Kansas farm into a digital hell (Fusion) An hour’s drive from Wichita, Kansas, in a little town called Potwin, there is a 360-acre piece of land with a very big problem