Cyber Attacks, Threats, and Vulnerabilities
KONNI RAT Eyes North Korea (Infosecurity Magazine) A previously unknown remote administration tool has been uncovered after evading detection by the security community for more than three years.
The Bondnet Army (GuardiCore) GuardiCore Labs has recently picked up Bondnet, a botnet of thousands of compromised servers of varying power. Managed and controlled remotely, the Bondnet is currently used to mine different cryptocurrencies and is ready to be weaponized immediately for other purposes such as mounting DDoS attacks as shown by the Mirai Botnet. Among the botnet’s victims are high profile global companies, universities, city councils and other public institutions.
Blackmoon Rising: Banking Trojan Back with New Framework (Fidelis Cybersecurity) Banking trojans – true to their name – typically steal web credentials from users of financial services websites. Targeted services can include banks, wealth management firms, investment banks, retirement investment services companies and others – essentially any website where money can be accessed and managed.
Carbanak Hackers Refine Intrusion Tactics (Security Week) The prolific Carbanak crime group has refined its intrusion strategy and expanded its arsenal of tools used in attacks, a new Trustwave report reveals.
Thieves drain 2fa-protected bank accounts by abusing SS7 routing protocol (Ars Technica) The same weakness could be used to eavesdrop on calls and track users’ locations.
Attackers exploited SS7 flaws to empty Germans' bank accounts (Help Net Security) Cyber criminals have started exploiting a long-known security vulnerabilities in the SS7 protocols to bypass German banks' two-factor authentication.
Cerber Ransomware Version 6 Gets Anti-Vm and Anti-Sandboxing Features (BleepingComputer) Security researchers have spotted version 6 of the Cerber ransomware, and this new edition continues to add new features, heightening the overall complexity this ransomware family has been showing.
Netflix Incident A Sign Of Increase In Cyber Extortion Campaigns (Dark Reading) Attackers using threats of data exposure and DDoS disruptions to try and extort ransoms from organizations
Concern mounts at Indian ID scheme as portals ‘leak’ 100m people’s details (Naked Security) India’s controversial Aadhaar biometrics ID card scheme is increasingly needed for everything from travel to banking, yet worries are growing about the security of the data held on citizens
India's Aadhaar Biometrics Database Is About to Become a Security Nightmare (BleepingComputer) A report released on Monday by The Centre for Internet and Society reveals that over 135 million records from India's Aadhaar national ID systems have already leaked online.
Someone Hit the Internet with a Massive Google Doc Phishing Attack (Motherboard) PSA: don’t click on random Google Doc links.
Sneaky Gmail phishing attack fools with fake Google Docs app (CSO Online) Google Docs was pulled into a sneaky email phishing attack on Tuesday that was designed to trick users into giving up access to their Gmail accounts.
Google Docs Phishing Attack Abuses Legitimate Third-Party Sharing (Dark Reading) Phishing messages appear nearly identical to legitimate requests to share Google documents, because in many ways, they are.
All your Googles are belong to us: Look out for the Google Docs phishing worm (Ars Technica) An e-mail disguised as a Google Docs share is ingenious bit of malicious phishing.
OAUTH phishing against Google Docs ? beware! (SANS Internet Storm Center) We got several reports (thanks to Seren Thompson, Tahir Khan and Harry Vann) about OAUTH phishing attacks against Google users. The phishing attack arrives, of course, as an e-mail where it appears that a user (potentially even one on your contact list, so it looks very legitimate) has shared a document.
Google Shuts Down Docs Phishing Spree (Threatpost) Google has removed offending accounts involved in a widespread phishing attack today impersonating Google Docs.
Recent Google Docs Phishing attack is a win for Blue Teams (CSO Online) On Wednesday afternoon, social media exploded with reports of a new Phishing attack targeting users of Google Docs. The attack was clever, centered on getting the victim to grant permissions to an application called Google Docs before spreading to the victim's contacts. Fortunately, the attack didn't last long, thanks to the efforts of thoughtful users, Google, and Cloudflare.
It Took Google One Hour to Shut Down Massive Self-Replicating Phishing Campaign (BleepingComputer) A massive phishing campaign took place today, but Google's security staff was on hand and shut down the attacker's efforts within an hour after users first reported the problem on Reddit.
Don’t Open That Google Doc Unless You’re Positive It’s Legit (WIRED) A sneaky new phishing scam has taken Gmail inboxes by storm.
Don’t trust OAuth: Why the “Google Docs” worm was so convincing (Ars Technica) You really think someone would just go on the Internet and tell lies?
Greenwich Schools Warn Parents of Massive Google Cyber Attack (Greenwich Free Press) Phil Dunn, Greenwich Schools Chief Information Officer warns parents: DO NOT click any links containing shared Google Docs until you are instructed to; once you click a link, you authorize the sharing of your contact information and the attack spreads.
WhatsApp appears to have completely broken (The Independent) WhatsApp has completely broken. People are unable to send or receive chats or even load up conversations, according to users. And there doesn't seem to be any easy way of fixing the issue, which is affecting many of its users and is likely a problem with its servers. Problems with the app surged over the last hour, according to the website Down Detector.
WhatsApp was down for two hours and the internet wasn’t happy (The Verge) It's been a bit of a rough day if you enjoy using the internet. Google Docs experienced a widespread phishing attack, sending the internet into panic. Now WhatsApp has been down for more than an...
New iCloud Phishing Scam steals credit card data, access device' camera (HackRead) When it comes to phishing scams, the general concept is that cyber criminals will only send a link to trick users into logging in with their social media...
Fuze collaboration platform exposed online meetings to attackers as a result of 'improper access control' (Computing) Glaring access control flaw meant Fuze meetings were indexed by search engines
Security snafu left Fuze recordings accessible to all (TheINQUIRER) But it's fixed now
WordPress admins, take note: RCE and password reset vulnerabilities revealed (Help Net Security) POC exploit code for an unauthenticated RCE flaw in WordPress 4.6 and info about a password reset 0day vulnerability in v4.7.4 has been released.
Unity 3D Forums Hacked by OurMine Hacking Group (HackRead) The OurMine hackers are back in the news again. This time the group hacked and defaced the official domain of Unity 3D Forums leaving a deface page along with...
Gannett hit with email phishing attack (USA TODAY) The attack was discovered when the perpetrators attempted a fraudulent wire transfer of money.
Researcher: ‘Baseless Assumptions’ Exist About Intel AMT Vulnerability (Threatpost) Embedi, which is behind the Intel AMT vulnerability revealed Monday, seeks to clarify “baseless assumptions” being made about the flaw.
This elite cybercrime group is wreaking havoc on the U.S. restaurant industry (Cyberscoop) A sophisticated hacking group with suspected ties to cybercrime gangs operating in Eastern Europe is now actively targeting and breaching prominent brand-name restaurants in the U.S. A recently disclosed data breach suffered by the Chipotle chain was carried out by hackers linked to a group known as FIN7 or Carbanak Group, CyberScoop has learned. In addition to Chipotle, the hackers appears to be targeting national restaurant franchises Baja Fresh and Ruby Tuesday, according to malware samples and other evidence CyberScoop obtained.
Sabre Warns Hotels: Card Data Potentially Compromised (BankInfo Security) Travel industry software giant Sabre has alerted hotels that its software-as-a-service SynXis Central Reservations system - used by more than 36,000 properties -
Sabre hires Mandiant to probe breach in hotel reservation system (Reuters) Sabre Corp said on Tuesday there had been a breach in its hospitality unit's hotel reservation system and had hired FireEye Inc's Mandiant forensics division to probe the incident.
Centrify calls for two-factor authentication mandate (Scoop) Centrify calls for two-factor authentication mandate after Sabre reveals data breach
Want to get your Android phone purring? Don’t install Full Optimizer (Naked Security) Full Optimizer and its little brother, Full Optimizer Lite, don’t optimize your phone – instead they aggressively deliver ads. Here’s what SophosLabs has learned about these apps
Robots Under Attack: Trend Micro Uncovers New Risks (Infosecurity Magazine) Robots Under Attack: Trend Micro Uncovers New Risks. New report highlights threat to Industry 4.0
Industrial Robots are Hackable: How Do We Fix Them? (Trend Micro: Simply Security) Discuss cyber attacks involving robots and many people might think you’re talking about the latest Hollywood blockbuster to hit the screens. The reality, however, is that industrial robotic systems now form a vital cog in the manufacturing process of everything from silicon chips to cars and even glassware. A new Trend Micro report, Rogue Robots:...
Cyber Trends
Seeing Security from the Other Side of the Window (Dark Reading) From the vantage of our business colleagues, security professionals are a cranky bunch who always need more money, but can't explain why.
The State of Cyber: Dashlane Unveils New Data on America's Passwords (Yahoo! Finance) As part of its campaign, Dashlane conducted an in-depth study of Americans' password habits. Dashlane's new research found that the average American has 150 accounts that require passwords. The company projects the total of number accounts Americans will need passwords for will double to 300
2017 witnessed 5,000-fold decrease in largest spam botnet mailings | Latest News & Updates at Daily News & Analysis (dna) 2017 witnessed 5,000-fold decrease in largest spam botnet mailings - According to Kaspersky Lab’s Spam and phishing in Q1 2017 report, the world's largest spam botnet and Necurs demonstrated a relative decline in its fraudulent mailshot traffic. In December 2016, Kaspersky Lab’s spam traps detected over 35 million fraudulent mail shots but in March 2017 that number fell to almost 7,000.
Small Budgets Cripple Cybersecurity Efforts of Local Governments (Dark Reading) A survey of local government chief information officers finds that insufficient funding for cybersecurity is the biggest obstacle in achieving high levels of cyber safety.
Most Federal Agencies Remain Vulnerable to Cyberattack (Lifezette) Government websites lag woefully behind private sector in speed, usability and security
Majority of workers blindly open email attachments (Help Net Security) The vast majority (82 percent) of users open email attachments if they appear to be from a known contact, despite the prevalence of well-known sophisticate
Rethinking web security against large local attacks (The Mandarin) Cyber research for the Australian financial sector has revealed a significant increase in domestic attacks, suggesting public agencies need to strengthen their upstream defences and no longer rely only on geo-blocking to defend their key data.
Verizon DBIR 2017 loses international contributors (TechTarget) Looking at the overall numbers for the contributors to the Verizon Data Breach Investigations Report (DBIR) from the past five years, it would seem like the amount of partners is hitting a plateau, but looking at the specifics raises questions about international data sharing.
European businesses not seeking help from the security industry ahead of GDPR (Help Net Security) Compliance and GDPR are not seen as important reasons for employing 3rd party security firms, despite the need for knowledge to comply with regulations.
Marketplace
Coalfire Issues First Annual FedRAMP Marketplace Report (Businesswire) Coalfire, a leader in cybersecurity risk management and compliance services, today announced the results of its first annual FedRAMP marketplace repor
General Dynamics makes cybersecurity products acquisition (Washington Business Journal) Falls Church-based General Dynamics Corp. (NYSE: GD) is growing its cybersecurity product line, announcing Tuesday that it had purchased a cyber products division of Phoenix-based Advatech Pacific Inc.
IBM to snap up remnants of Verizon's cloud business (ZDNet) After bowing out of the public cloud last year, Verizon is now shedding its private cloud offerings.
So who is tech giant Palantir? (San Jose Mercury News) Usually swirling in a shroud of secrecy, data mining giant Palantir recently rubbed residents of Palo Alto the wrong way over its use of a public park.
Microsoft, IBM Could Be Subject to New Chinese Security Reviews (TheStreet) Starting in June, China will perform security reviews on both foreign and domestic technology firms providing hardware or services in the country.
ManTech sees 'resurgence' following string of big contract wins (Washington Business Journal) Over the last six months, ManTech has secured key wins with the FBI, the National Geospatial-Intelligence Agency and the Department of Homeland Security.
Science Applications Int'l (SAIC) Secures $27M Task Order from U.S. Marine Forces Cyberspace Command (Street Insider) The Space and Naval Warfare Systems Center (SSC) Pacific awarded Science Applications International Corp. (NYSE: SAIC) a task order to provide the U.S. Marine Corps Forces Cyberspace Command (MARFORCYBER) and subordinate commands, including the Marine Corps Cyberspace Warfare Group and the Marine Corps Cyberspace Operations Group, with comprehensive cyber support services for systems architecture, cyber defense and offense, planning, information assurance, and engineering.
Fortscale Beefs Up Partner Programs, Aims to Recruit More Vendors (Channel Partners) Cybersecurity firm Fortscale says it is expanding and strengthening its partner programs to “fuel company growth and create new revenue streams for
Augusta’s cyber industry has billion dollar a year potential, says CSRA Alliance consultant (Augusta Chronicle) A former executive with the National Cyber Research Park said the Augusta region has the potential to turn its cyber assets into a $1 billion-a-year industry.
Darktrace wins four Stevie® Awards (Cambridge Network) News from Cambridge businesses. Network members upload news here about their products, services and achievements.
Bricata Adds Two More Veteran Cyber Security Executives to Roster (Benzinga) Ability to attract premier talent viewed as additional market validation for a new and unique approach to next generation intrusion prevention and detection
Security software developer FHOOSH names Bill Bonney to executive post (CSO Online) Bonney will help drive CISO solutions and partnerships.
Products, Services, and Solutions
Netwrix Introduces New Netwrix Auditor 9.0 (Netwirx) Upgraded Netwrix Auditor platform enables users to shield their IT infrastructures and data from ransomware and malicious insiders
STEALTHbits Leapfrogs Data Access Governance Market With New Technology (Marketwired) Announces latest release of flagship product -- StealthAUDIT 8.0
Skybox Security: Organizations Must Change Approach to Vulnerability Management to Stay Ahead of Real-World Threats (Yahoo! Finance) Skybox™ Security, a global leader in cybersecurity operations, analytics and reporting, today announced the availability of threat-centric vulnerability management for the Skybox™ Security Suite, signaling ...
SyferLock Joins Pulse Secure’s Technology Partner Program (Technuter) SyferLock Technology Corporation today announced that it has joined Pulse Secure’s Technology Partner Program and has proven interoperability of SyferLock’s GridGuard two-factor and multi-factor authentication solutions with Pulse Connect Secure and Pulse Workspace.
Chiron to Deliver "Information Security Operations Tradecraft Methodology" for Domestic and International Markets (PRNewswire) Chiron Technology Services, Inc. has incorporated a new dedicated...
Code42 Partners with Okta to Secure the Cloud and Protect Employee Data (Yahoo! Finance) Code42, the leader in cloud-based endpoint data protection and recovery, today announced a partnership with Okta to provide enterprise customers with added security and ease for their cloud adoption strategies.
PhishMe Adds New Modules to CBFree to Help All Organizations Thwart Ransomware and Business Email Compromise (Yahoo! Finance) PhishMe , the leading provider of human-phishing defense solutions, today announced the availability of five new interactive modules for its complimentary computer-based training program, CBFree.
Leidos And Fortinet Sign Agreement For Managed Security Services (Defense Daily Network) Leidos and Fortinet signed a partnership agreement allowing Leidos to act as an expert service provider for the Fortinet Security Fabric portfolio, Leidos
Deloitte Cyber Risk Mgmt Service Portfolio Gets NSA Accreditation (GovCon Wire) Deloitte has secured Certified Incident Response Assistance designa
BMC Launches SecOps Response Service for 'Cloudy' Enterprises (eSecurity Planet) The security and compliance platform banishes security blind spots for businesses that have embraced a multi-cloud approach to IT.
Endpoint security can halt the ransomware scourge in its tracks (Security Brief) Ransomware is one of cybersecurity’s biggest problems - attack volumes are skyrocketing by 100% every year and attackers are getting rich.
Darktrace: You can't stop compromise, in fact you're probably compromised right now (Computing) Security firm outlines why traditional security techniques no longer work, with both networks and hacking techniques evolving so rapdily that security teams can't keep up.
Technologies, Techniques, and Standards
Proposed NIST Password Guidelines Soften Length, Complexity Focus (Threatpost) NIST’s latest password guidelines focus less on length and complexity of secrets and more on other measures such as 2FA, throttling, and blacklists.
The long history, and short future, of the password (The Conversation) Going as far back as the Bible, and as widely known as the phrase 'Open, Sesame,' passwords are a textual link to our past. But they may not be around much longer.
World Password Day: Make the Internet a more secure place (Help Net Security) Identity theft is one of the world’s fastest growing crimes, but adding strong authentication to your password can prevent it. Today is World Password Day,
Making security everybody's business goes beyond strong passwords (Help Net Security) Making security everybody’s business means that application owners understand their applications including their user base and the info in those apps.
Threat Intelligence: A Critical Defense Tool for Your Security Operations (Recorded Future) Threat intelligence and information sharing is raising a new kind of awareness around new methods of attack, especially when in combination with your SIEM.
Elite 6 Cyber Winner: Training a force to operate in cyberspace (C4ISRNET) Training a force to operate in cyberspace, a significantly more complex and dynamic environment than other domains, has caused substantial changes in how the Army views traditional training models.
A typical day of attack or ‘an episode’: How DISA battles cyberthreats (C4ISRNET) DISA Director Lt. Gen. Alan Lynn distinguishes between the never-ending responsibility of coordinating cyber defense for the agency, a typical day of attack and a major incident.
Crisis response: Battling through a degraded network (C4ISRNET) The military is increasingly reliant on the network for operations. So what happens when the quality is degraded? Return to the basics, said a panel of leaders from the various services.
Navy: Cyber resilience also means having a plan to operate without a network (C4ISRNET) Defending the Navy’s networks in cyberspace isn’t always about leveraging the latest innovative technology.
RCO: Electronic warfare capability hits European soil (C4ISRNET) The Army’s Rapid Capabilities Office has sent its near-term electronic warfare capability solution to Europe, and soldiers there will get a chance to put it to the test this summer, said RCO Director Doug Wiltsie.
Design and Innovation
The One Hire Facebook Really Needs to Make to Curb Violence (WIRED) By involving ethicists and social scientists in its product-building process, Facebook could better anticipate problems before they fester.
Research and Development
Dissect Cyber Alert For Small Businesses Targeted By Cyber Criminals (Homeland Security Today) To reduce losses from cybercrime, the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) Cyber Security Division (CSD) funded a new research initiative focused on the best way to alert small businesses to potential threats. The project, called Dissect Cyber, is being led by a threat analyst training and alert provider of same name. CSD is part of S&T’s Homeland Security Advanced Research Projects Agency.
Galois Awarded $1 million IARPA Contract To Improve Security Of Data Computation (PRWeb) RAMPARTS initiative to explore feasibility of leveraging fully homomorphic encryption (FHE) to secure data processing in untrusted environments
Academia
Doctoral student wins Best Full Paper Award at national cyber security conference (Oakland University) Ahmad Mansour, a Computer Science and Informatics Ph.D. candidate at Oakland University, recently won the award for Best Full Paper at the 12th annual Cyber and Information Security Research Conference held at the Oak Ridge National Laboratory in Tennessee.
Legislation, Policy, and Regulation
China announces tighter regulations for online news (BBC News) Editors must be government approved, and staff trained, assessed and accredited by the authorities.
China tightens rules on online news, network providers (Reuters) China on Tuesday issued tighter rules for online news portals and network providers, the latest step in President Xi Jinping's push to secure the internet and maintain strict party control over content.
Cabinet Office privacy advisor steps down because of lack of backing (Computing) Jerry Fishenden says Cabinet Office ministers have not been interested in the privacy group since Francis Maude's departure
Pentagon ends civilian hiring freeze, but tells managers to carefully scrutinize all positions (FederalNewsRadio.com) DoD ended the civilian hiring freeze, saying leaders should proceed with decisions to fill positions, but new hires would no longer require permission.
Networking is war fighting, says DISA director (C4ISRNET) The head of DISA notes that the agency assists in war fighting by running DoD's network globally.
Defense intelligence has opportunity to be ‘reimagined’ (C4ISRNET) With the goal of providing military commanders and policy-makers with the best possible analysis, defense intelligence has reached a point where innovations in information technology and cyber present an opportunity to drastically reimagine the entire enterprise, according to a Defense Intelligence Agency expert.
What is the Army doing to assure GPS and navigation? (C4ISRNET) All domains of war will be contested. This is the notion of multi-domain battle. And it includes the GPS signals that the military and the commercial world — think everyday navigation for ride-hailing app Uber — are so reliant upon for location and timing of operations.
The FBI Director Thinks a Law Against Encryption Is Possible Under Trump (Motherboard) The director of the FBI James Comey once again leaves the door open for a law that forces tech companies to put backdoors into their products.
Litigation, Investigation, and Law Enforcement
India’s Supreme Court hears challenge to biometric authentication system (CSO Online) Two lawsuits being heard this week before India’s Supreme Court question a requirement imposed by the government that individuals should quote a biometrics-based authentication number when filing their tax returns.
As Russia Investigation Widens, U.S. Lawmakers Get Rare Access to Raw Intel (Foreign Policy) The Senate Intel Committee takes a field trip to CIA headquarters.
FBI Director James Comey 'mildly nauseous' Clinton email probe decisions may have impacted election (USA TODAY) FBI Director James Comey staunchly defended his decision to publicly announce the reopening of the probe into Hillary Clinton's private email server 11 days before the November election, telling a Senate panel on Wednesday it would have been the "death of the FBI as an institution in America" had he remained silent about possible new evidence.
Comey on why he sent that letter to Congress (CNN) FBI Director James Comey is testifying before Congress Wednesday, and received several sharp questions on his decision to alert Congress just days before the election that his agency was investigating emails on Anthony Weiner's laptop that were potentially related to a probe of Hillary Clinton's use of a private server.
FBI Boss Comey Finally Explains His Infamous Clinton Letter (WIRED) The most candid look yet at what prompted James Comey to make the Clinton email investigation public right before the election.
Deconstructing Comey's testimony on Clinton emails (BBC News) FBI Director James Comey defends his decision to reopen the Clinton email investigation.
Clinton: FBI Letter and “Russian WikiLeaks” Cost Me Election (Infosecurity Magazine) Clinton: FBI Letter and “Russian WikiLeaks” Cost Me Election. Former frontrunner in no doubt about impact of last minute “events”
Judicial Watch claims more evidence of classified info in Clinton emails (Washington Examiner) "These new emails show Hillary Clinton is a serial violator of various laws concerning the handling of classified material," Judicial Watch...
FBI's Comey dangerous definition of "valid" journalism (Errata Security) The First Amendment, the "freedom of speech" one, does not mention journalists. When it says "freedom of the press" it means the physical printing press...
US Intelligence “transparency report” reveals breadth of surveillance by NSA, others (Ars Technica) Over 151 million call records collected to track 42 targets under new "limited" access arrangement.
IRS, Education Dept. delayed reporting major data breach, lawmakers claim (FederalNewsRadio.com) The House Oversight Committee scolded the IRS and Education Dept. for not sounding the alarm sooner on a major cyber incident.
Tinder orders researcher to remove dataset of 40,000 profile pictures (Naked Security) Faces scraped from Tinder were being used to train artificial intelligence, according to the researcher
Sextortion suspect must unlock her seized iPhone, judge rules (Ars Technica) "For me, this is like turning over a key to a safety deposit box."