Cyber Attacks, Threats, and Vulnerabilities
It’s Official: North Korea Is Behind WannaCry (Wall Street Journal) The massive cyberattack cost billions and put lives at risk. Pyongyang will be held accountable.
UK and US blame WannaCry cyber-attack on North Korea (the Guardian) Foreign Office and US homeland security adviser say Pyongyang was responsible for attack that infected 300,000 computers
U.S. blames North Korea for 'WannaCry' cyber attack (Reuters) The Trump administration has publicly blamed North Korea for unleashing the so-called WannaCry cyber attack that crippled hospitals, banks and other companies across the globe earlier this year.
Trump administration blames North Korea for global WannaCry cyberattack (POLITICO) The attribution represents a move to confront a digital menace and seek international unity around the need to combat destructive cyber activity.
U.S. declares North Korea carried out massive WannaCry cyberattack (Washington Post) The Trump administration will call on states to implement all U.N. sanctions.
US Blames North Korea For WannaCry -- But Are Trump's Cyber Sleuths Wrong? (Forbes) The Trump administration blamed North Korea for the massive WannaCry ransomware outbreak Monday night in an op-ed in the Wall Street Journal. The article was penned by Tom Bossert, key Trump cybersecurity adviser and assistant to the president for homeland security and counterterrorism.
Beware the Hex-Men (GuardiCore) In the last few months GuardiCore Labs has been investigating multiple attack campaigns conducted by an established Chinese crime group that operates worldwide.
Novel Excel Spreadsheet Attack Launches Password Stealing Malware Loki Bot (Lastline) Password Stealing Malware: Lastline has uncovered a new attack vector launched through Microsoft Excel spreadsheets, and just recently expanded into other Office applications. Read more.
Android Malware Will Destroy Your Phone. No Ifs and Buts About It (BleepingComputer) A malware strain known as Loapi will damage phones if users don't remove it from their devices. Left to its own means, this modular threat will download a Monero cryptocurrency miner that will overheat and overwork the phone's components, which will make the battery bulge, deform the phone's cover, or even worse.
Jack of all trades (Securelist) Among this array of threats we found a rather interesting sample – Trojan.AndroidOS.Loapi. This Trojan boasts a complicated modular architecture that means it can conduct a variety of malicious activities: mine cryptocurrencies, annoy users with constant ads, launch DDoS attacks from the affected device and much more.
Bitcoin exchange shuts down after being hacked twice in one year (HOTforSecurity) A South Korean Bitcoin exchange has collapsed after suffering its second hack in less than a year. As The Telegraph reports, YouBit has announced that it suffered a hack at 04:35am local time today, which saw criminals steal 17% of its total assets. As a... #bitcoin #bitcoinexchange #youbit
Collaborative Takedown Kills IoT Worm 'Satori' (eWEEK) A new version the Mirai IoT malware that used two exploits in popular routers to build a 700,000-node botnet in less than four days is shut down by security researchers and internet service providers.
Satori botnet about to cause a whole lot of trouble worldwide (Techgenix) Meet Satori, the newest variant of the destructive Mirai botnet, which seems to have a lot more power in its arsenal than previous incarnations.
Hackers using Google Adwords & Google Sites to spread malware (HackRead) Today, we at HackRead have discovered a sophisticated malware scam that tricks users into downloading fake Google Chrome browser installer but in reality,
Telegram RAT Escapes Detection via Cloud Apps (Dark Reading) Netskope discovers a new RAT using Dropbox for its payload host and Telegram Messenger for command and control.
Hackers steal security firm's domain name in 10-hour attack potentially compromising customer data (Computing) If security firms can't stay secure, what chance for anyone else?
Cyberespionage Campaign Sphinx Goes Mobile With AnubisSpy (TrendLabs Security Intelligence Blog) We came across malicious apps on Google Play with cyberespionage capabilities, targeting Arabic-speaking users or Middle Eastern countries—AnubisSpy.
Warning over anti-virus evading 'polymorphic' Emotet banking Trojan (Computing) Online bankers warned that Emotet can evade detection by three-quarters of anti-virus software packages,Security ,Security,malware,Trojan,security,bromium
Two critical and unpatched flaws identified in vBulletin (HackRead) According to the latest research from Italy based security company TRUELIT’s researcher and an independent security expert, the widely used internet forum
User ‘Gross Negligence’ Leaves Hundreds of Lexmark Printers Open to Attack (Threatpost) Researchers warn hundreds of Lexmark printers are vulnerable to a trivial hack thanks to user “gross negligence.”
DHS project catches 18 first-responder apps with ‘critical’ cyber flaws (TheHill) Pilot program evaluates popular Android, iOS apps used by first responders for security and privacy concerns.
Example of 'MouseOver' Link in a Powerpoint File (SANS Internet Storm Center) I really like Microsoft Office documents... They offer so many features that can be (ab)used to make them virtual bombs. Yesterday, I found a simple one but nicely prepared Powerpoint presentation: Payment_copy.ppsx (SHA256:7d6f3eb45c03a8c2fca4685e9f2d4e05c5fc564c3c81926a5305b6fa6808ac3f). It was still unknown on VT yesterday but it reached now a score of 1/61![1]. It was delivered to one of my catch-all mailboxes and contained just one slide.
The truth about RFID credit card fraud (CSO Online) Despite demonstrations to show it's possible, documented cases of RFID credit card fraud are unknown. And as security professionals know, there is a huge gulf between potential crime and actual crime.
Watch out – fake support scams are alive and well this Christmas (Naked Security) Fake support scams – where the crooks help you “remove” malware you don’t have – are still a real problem. Take care over the holidays!
The Market for Stolen Account Credentials (KrebsOnSecurity) Past stories here have explored the myriad criminal uses of a hacked computer, the various ways that your inbox can be spliced and diced to help cybercrooks ply their trade, and the value of a hacked company.
Iran Cybersecurity Profile (Anomali) Iran is one of the major powers in the Middle East, and currently seeks to gain influence in the global landscape.
Security Patches, Mitigations, and Software Updates
Firefox Prepares to Mark All HTTP Sites "Not Secure" After HTTPS Adoption Rises (BleepingComputer) The increased adoption of HTTPS among website operators will soon lead to browsers marking HTTP pages as "Not Secure" by default.
An easy update for December Patch Tuesday (Computerworld) The primary concern for this month are the updates to IE and Edge, but a handful of others warrant attention, too.
Microsoft Word slams the door on DDEAUTO malware attacks (Naked Security) Remember how Microsoft said that DDEAUTO was a “feature”, not a vulnerability? Well, it just changed its mind – for Word, at least.
Keeper Security Patches Password Protection Flaw Reported by Google (eSecurity Planet) Password managers are supposed to help keep users safe, so what can you do to help mitigate the risk?
Cyber Trends
Only 14 Percent of Companies Increased Security Budgets After WannaCry, NotPetya Attacks (eSecurity Planet) Still, 13 percent of IT professionals felt that they were blamed when their organization became a victim.
New Study: Many Consumers Lack Understanding of Basic Cyber Hygiene (Tenable™) Data breaches have been a headache for many years and for a long time there seemed to be a general apathy about them.
Perceived Data Value Varies Wildly Across Industries, Countries (Infosecurity Magazine) Shareholder data is most highly valued by IT professionals at more than $1,700 per record.
Data Breach Briefing: the Run-Down on 5 Cybersecurity Studies (Bricata) Information sharing is a critical aspect of cybersecurity. While studies and surveys can’t match the data in a solid threat intel report, they are useful for understanding the benchmarks and experiences of peer organizations.
7 cyber security predictions for 2018 (CSO Online) Let’s face it: 2017 was a terrible year for cyber security with more phishing scams, ransomware, state-sponsored attacks, and new attack vectors. Will 2018 be better?
Dispelling Cybersecurity Myths (Recorded Future) Chief Security Architect Gavin Reid discusses cybersecurity myths that need to be dispelled, including the notion that companies should “do more with less.”
Survey Shows Many Americans Are Cyber-Illiterate (Infosecurity Magazine) Despite being aware of breaches like Equifax, 43% have not changed their online habits, and most think they haven't been impacted.
Marketplace
Cybersecurity IPOs In 2018 Could Be Plentiful (Investor's Business Daily) Most cybersecurity stocks seem to be in a funk heading into 2018 but a pickup in initial public offerings — and, perhaps, mergers — next year might pique the interest of investors.
Asian Cybersecurity Futures (CLTC) This report explores diverse political, economic, and technological factors that will shape Asia’s future as the region becomes more connected.
Thales acquires chip giant Gemalto in $5.6B all-cash deal (Cyberscoop) The deal comes after Gemalto rejected an offer from rival French tech firm Atos.
Check Point CEO Wants Faster Growth (Forbes) Let's say you start a company in 1993, take it public in 1996, sell your product in 88 countries, and are still running it in December 2017. Why not take your billions and go yachting? Why are you still at the company's helm and eager to speed up its growth?
It’s a good time to be a federal IT nerd (FederalNewsRadio.com) With more pieces coming into focus, industry and former federal executives say the Trump administration’s plans for IT modernization have matured.
This Activist Investor Is Right for Thinking Akamai May Be a Nice Acquisition (TheStreet) Akamai Technologies finds itself with a new activist shareholder in Elliott Management's Paul Singer.
Pentagon Hacked in New U.S. Air Force Bug Bounty Program (Security Week) The Hack the Air Force 2.0 bug bounty program kicked off earlier this month with researchers finding a critical vulnerability that could have been exploited to gain access to a network of the U.S. Department of Defense.
Why Israeli Cybersecurity Firms Are Moving From Tel Aviv To Boston (WBUR) Cybersecurity is booming business in Boston with multiple local companies having raised over $100 million. We explore how this came to be -- and the power of Israel in developing the industry.
Cylance Names Rahul Kashyap as Global Chief Technology Officer (Digital Journal) Cylance® Inc., the company that revolutionized the antivirus and endpoint protection industry with true AI-powered prevention that blocks malware, fileless attacks and today’s most advanced cyberthreats, today announced the promotion of Rahul Kashyap to Global Chief Technology Officer (CTO).
Products, Services, and Solutions
Janrain Delivers First Universal Integration of CIAM Event Data with SIEM Systems (markets.businessinsider.com) Janrain®, the company that pioneered the Customer Identity and Access Management (CIAM) category, today announced it is the first CIAM provider to deliver universal integration with major Security Information and Event Management (SIEM) systems such as IBM QRadar and others to provide Security Operations Center (SOC) analysts with early detection and response to a wider swath of suspicious activities and possible security threats.
Open Garden wants to give you tokens for sharing your internet connection (TechCrunch) Open Garden launched its mesh networking platform at TechCrunch Disrupt NY 2012. Since then, the company has gone through a few iterations and found..
UJET Completes SOC 2 Type 2 and HIPAA Examinations (PRNewswire) UJET Inc., an enterprise-grade platform that makes it simple for any...
Claroty Platform Officially Interoperates with RSA® NetWitness® Suite (GlobeNewswire News Room) Actionable Security Alerts and Insights from the Claroty Platform Now Married with Full Context to Aid Security Forensics and Incident Response Teams
Let no endpoint go dark (Help Net Security) Absolute's Persistence technology is embedded in more than a billion endpoints for self-healing endpoint visibility and control.
Specops Software launches Multi-Factor Authentication for Office 365 (Broadway World) Specops Software launches Multi-Factor Authentication for Office 365
New AWS Paris region makes it easier for customers to follow France’s data privacy rules (TechCrunch) Amazon Web Services launched a new region in Paris today to serve customers in the European Union. This is AWS’ fourth region in the EU after Germany,..
Technologies, Techniques, and Standards
Why incident response is the best cybersecurity ROI (CSO Online) Former White House CIO says unexpected breaches can wreak havoc on a company's bottom line. Proper incident response planning can mitigate damage costs.
Comprehensive Endpoint Protection Requires the Right Cyber Threat Intelligence (Dark Reading) CTI falls into three main categories -- tactical, operational, and strategic -- and answers questions related to the who, what, and why of a cyber attack.
Why cryptography is much harder than software engineers think (Help Net Security) If your security depends on vendor-supplied ‘black boxes’, be very careful. Security through obscurity is no security at all.
Advanced Deception: How It Works & Why Attackers Hate It (Dark Reading) While cyberattacks continue to grow, deception-based technology is providing accurate and scalable detection and response to in-network threats.
Will Secure Authentication Remove the Need for Credentials? (Infosecurity Magazine) What if users were to abandon the use of usernames/passwords all together for authentication and migrate to alternative forms of authentication?
Don't Get Caught Unprepared When It Comes To IoT Security (Forbes) IoT requires an end-to-end approach to security. Here are six steps you can take to better ensure the security of your IoT initiatives.
Army’s new cyber requirements will be based on battlefield needs (C4ISRNET) The Army will begin to start writing requirements with the intended operational effects in mind to get capabilities out to soldiers as opposed to the existing prolonged requirements/program of record construct.
'Starwars' Debuts on List of Worst Passwords of 2017 (Dark Reading) Many of the old standbys made this year's list of the 25 stolen - and weakest - passwords found dumped online.
Academia
SIA Announces RISE Scholarship Winners (Security Industry Association) Security Industry Association recognizes 2017 RISE scholarship winners; funds to support professional development of young security professionals.
Louisiana Tech gets $1.3M grant to enhance cybersecurity programs (Federal Times) The university, in a news release, says the grant was awarded by the National Science Foundation and will be used to support Tech’s proposed CyberCorps Scholarship for Service program to prepare cybersecurity professionals for entry into the government workforce.
Legislation, Policy, and Regulation
Cyber security a focus of UN Internet governance conference (IT World Canada) The increasing number of cyber attacks blamed on nation states is getting on the nerves of a lot of Internet experts.Some say
Trump Identifies 'New Era of Competition' in Unveiling National Security Strategy (US News and World Report) Laying out his vision of world threats, Trump says Russia and China have emerged as global competitors that must be offset by U.S. economic might.
Cyberguerre : les Etats-Unis désignent leurs adversaires (LeMagIT) La Corée du Nord est accusée d’être responsable de l’épisode WannaCry. L’Iran n’échappe pas à l’opprobre de l’exécutif américain. Chine et Russie apparaissent traités avec plus de modération.
Trump Delivers a Mixed Message on His National Security Approach (New York Times) The disconnect between the president’s speech and the administration’s blueprint suggests the broader challenge of developing an intellectual framework for his policies.
SitRep: Cold War Returns, Democracy Promotion Rejected, in New Security Strategy (Foreign Policy) Pentagon revamps innovation offices, Putin thanks Trump
What Trump’s National Security Strategy says on cyber (Fifth Domain) Here's what the Trump administration's National Security Strategy means for the nation's cybersecurity strategy.
Russia Calls U.S. Security Strategy 'Imperial,' China Denounces 'Cold War' Thinking (RadioFreeEurope/RadioLiberty) Russia and China have lambasted U.S. President Donald Trump's new national security strategy, which refers to them as rivals of Washington that are seeking to undermine U.S. power and interests.
What Putin Really Wants (Defense One) Russia's strongman president has many Americans convinced of his manipulative genius. He's really just a gambler who won big.
Russia ready to repel cyber attacks during presidential election (TASS) Russia’s forthcoming election is due on March 18, 2018
Connecting the Dots in the War on Cyber Terrorism (CTECH) Agreements between the U.S., Israel and India, can be turned into a three-way pact to promote shared security interests
Jordan can take the lead in cyber security (Jordan Times) The Great Wall of China was built thousands of years ago to prevent China’s enemies from entering. Well, they did as mentioned in historical references three or four times. The enemies bribed the guards to open a gate under darkness for the stealthy armoured enemy soldiers to sneak in.
How Europe's New Internet Laws Threaten Freedom of Expression (Foreign Affairs) At every level, Europeans are moving to impose restrictions on the expression that Internet companies can permit on their platforms.
Antiquated Policy Complicates Threat Intelligence Collection (Security Week) Before the world began sending over 500 million tweets and posting more than four million Facebook messages each day, the practice of Open Source Intelligence (OSINT) gathering, conducted by law enforcement and government agencies for the purpose of evaluating threats to national security, largely involved analyzing and subscribing to newspapers delivered from all over the world.
New York City moves to create accountability for algorithms (Ars Technica) City Council passes bill addressing algorithmic discrimination in city government.
“There will be a [Senate] vote” to reinstate net neutrality, Schumer says (Ars Technica) Congress could block net neutrality repeal, but Democrats face tough odds.
Donald Trump Jr. and Ted Cruz lambast Mark Hamill’s support of net neutrality (Ars Technica) “It was Vader who supported govt power over everything said & done on the Internet.”
Litigation, Investigation, and Law Enforcement
Kaspersky sues DHS over federal blacklist (Ars Technica) “It failed to satisfy even the minimum standards of due process.”
DOJ confirms Uber is under criminal investigation (Naked Security) The plot of the Waymo vs Uber fight over stolen self-driving technology is getting thicker and thicker
Former DC Metro police officer convicted of trying to aid ISIS (TheHill) A federal jury on Monday convicted a former Washington, D.C., Metro Transit Police officer for obstructing justice and trying to support the Islamic State in Iraq and Syria (ISIS).
Whistleblowers worry about fate of spy agency ombudsman (Federal Times) A decision to put the man who handles whistleblower complaints at U.S. spy agencies on administrative leave has raised worries on Capitol Hill that it’s part of a plan to hamstring the program that helps intelligence workers report waste, fraud and abuse.
The Supreme Court Should Heed Friendly Advice on Microsoft Ireland (Just Security) AU Law Prof examines the conflict of laws issue in Microsoft Ireland case should the government prevail.
France puts Facebook on notice over WhatsApp data transfers (TechCrunch) Facebook and WhatsApp have been issued with formal notices by France's data protection watchdog warning that data transfers being carried out for 'business..