Cyber Attacks, Threats, and Vulnerabilities
Someone hacked N. Korean Radio Station to Play "The Final Countdown" (HackRead) It's just another day with just another radio station transmission getting hijacked. This time, unknown intruders compromised the transmission of a short-wave...
U.S. Government Shares Details of FALLCHILL Malware Used by North Korea (Security Week) FALLCHILL malware used by North Korean government hackers is a fully functional RAT, DHS says
Russian Ministry of Defense posts video game screenshot as evidence of US collusion with ISIS (Military Times) The Russian MOD claims the U.S. military helped provide cover to an ISIS convoy fleeing the Syrian town of Abu Kamal on Nov. 9.
Suspect Russian accounts tweeted about Brexit in run-up to vote (Times) The Russian town of Gelendzhik, on the banks of the Black Sea, has a population of 55,000. According to Twitter, one of its inhabitants is Svetlana Lukyanchenko, a voracious user of the social...
How Russian bots appear in your timeline (BBC News) A number of high-profile social media accounts have been exposed as Russian "bots".
How A Russian Troll Fooled America (Medium) Reconstructing the life of a covert Kremlin influence account
Bot-driven web traffic and its application security impact (Help Net Security) Research focused on highly targeted industries exposes the proliferation of bot-driven web traffic and its impact on organizations’ application security.
Governments manipulate social media, threaten global Internet freedom (Help Net Security) Governments around the world are dramatically increasing their efforts to manipulate information on social media, threatening global Internet freedom.
Government-controlled 'keyboard' armies now a global phenomenon, new report says (Los Angeles Times) Russia and China pioneered the use of online commentary and political bots to manipulate information on social media. That trend has gone global, a new Freedom House report on global internet freedom says.
The Troll Smearing Roy Moore’s Accuser Stole a Dead Navy SEAL’s Identity (The Daily Beast) And that’s just one of a host of lies from ‘@Umpire43,’ whose attempts to discredit Roy Moore’s accusers went instantly viral in the Trumposphere.
Critical flaws open Foscam C1 IP cameras to compromise (Help Net Security) Cisco Talos researcher Claudio Bozzato has unearthed a dozen of critical vulnerabilities affecting the Foscam C1 series of indoor HD cameras.
Flaw in Siemens RTU Allows Remote Code Execution (Security Week) Potentially serious vulnerabilities have been found in some Siemens SICAM remote terminal unit (RTU) modules, but patches will not be released as the product has been discontinued.
Google researcher finds 79 Linux USB vulnerabilities (Naked Security) Kernel USB drivers have turned out to be a rich hunting ground for Google researcher Andrey Konovalov
Eavesdropper Flaw, Marcher Malware Threaten Mobile Devices (eSecurity Planet) The vulnerability and phishing attack should both be easy to resolve -- but they're thriving.
There is a Pre-Installed Backdoor in OnePlus 5, 3 and 3T Devices (HackRead) If you are using OnePlus 5, 3 or its 3T model, an IT security researcher Elliot Alderson (whose real name is Robert Baptiste) has bad news for you. The res
Weaponizing 3-D printers: Cyberattacks could turn battlefield tech into threats (Fifth Domain) Now that military branches have created and tested 3-D printed weapons, Navy submarine-like vessels and even MREs, the conversation around additive manufacturing in the military has turned to securing those assets from cyberattacks.
Is the US military prepared for cyberattacks on satellites? (Fifth Domain) Keeping the U.S. defensive resources safe from cyberattacks means protecting systems in the remote locations throughout the world — and off-world.
The Ukrainian electric grid cyber attacks were not “success stories” (Control Global) The Ukrainian cyber attacks were not “half full” success stories but a message to the Ukraine and the US as to what the attackers could do to our grids. This is particularly important to the US as the BlackEnergy malware has been in our electric grids since at least October 2014.
Google study reveals how criminals break into Gmail accounts (Naked Security) The researchers’ conclusion? Password-based authentication is dead in the water
How hackers crack passwords and why you can't stop them (CSO Online) Password crackers have access to more stolen passwords and better password hacking software and tools than ever before.
Mobile devices present a significant risk for GDPR noncompliance (Help Net Security) Accessing data from mobile devices presents a significant risk for GDPR noncompliance, according to research for Lookout.
Unsecure Server Exposed Private Data of Popular Ride-Hailing Service (HackRead) Ride-hailing apps are currently in vogue now, there are countless small to large startups that are providing apps such as Uber and Lyft that are able to ac
Forbes '30 Under 30' Conference Website Exposed Attendees' Personal Information (Motherboard) A former honoree discovered a security flaw in Forbes’ system that revealed phone numbers, emails, and date of birth.
Flashpoint - Pricing of Goods and Services on the Deep & Dark Web (Flashpoint) The forums and marketplaces where illicit goods and services are exchanged play an influential role in today’s cyber and physical threat landscape.
This year's most hackable holiday gifts (Help Net Security) McAfee announced its third annual Most Hackable Holiday Gifts list to help consumers identify potential security risks associated with popular gifts this h
New McAfee Survey Reveals 20 Percent of Consumers Would Knowingly Buy a Connected Device Vulnerable to Hacking (BusinessWire) Today McAfee announced its third annual Most Hackable Holiday Gifts list to help consumers identify potential security risks associated with popular g
10-year-old kid succeeds in unlocking his mum’s iPhone X, with just a glance (HOTforSecurity) If you have a spare thousand dollars burning a hole in your pocket you might be tempted to purchase Apple’s latest smartphone, the iPhone X. The new device comes with a bigger screen than the previous regular incarnation of the iPhone and an improved camera... #biometrics #faceidsecurity #iphonex
Security Patches, Mitigations, and Software Updates
Microsoft Patches 20 Critical Browser Vulnerabilities (Security Week) Microsoft’s Patch Tuesday updates for November address more than 50 vulnerabilities, including 20 critical flaws affecting the company’s web browsers.
Adobe Patches 80 Flaws Across Nine Products (Security Week) Adobe on Tuesday announced the availability of patches for a total of 80 vulnerabilities across the company’s Flash Player, Photoshop, Connect, Acrobat and Reader, DNG Converter, InDesign, Digital Editions, Shockwave Player, and Experience Manager products.
November’s Patch Tuesday Includes Defense in Depth Update for Attacks Abusing Dynamic Data Exchange (TrendLabs Security Intelligence Blog) Microsoft's Patch Tuesday for November fixes over 50 security issues and provided mitigations against attacks abusing Dynamic Data Exchange.
Adobe, Microsoft Patch Critical Cracks (KrebsOnSecurity) It’s Nov. 14 — the second Tuesday of the month (a.k.a. “Patch Tuesday) — and Adobe and Microsoft have issued gobs of security updates for their software.
Microsoft Word Vuln Went Unnoticed for 17 Years: Report (Dark Reading) Researchers claim Microsoft Word vulnerability, patched today, has existed for 17 years.
Cyber Trends
What is a cyber attack? Recent examples show disturbing trends (CSO Online) From virtual bank heists to semi-open attacks from nation-states, this year has been rough on IT security. Here are some of the major cyber attacks of 2017 and what we can learn from them.
Comodo Detects Malware in Every Country | Threat Report Q3 2017 (Comodo News and Internet Security Information) Comodo Threat Research Labs detects nearly 400 million malware incidents worldwide in Q3 2017.
2017 Has Broken the Record for Security Vulnerabilities (Dark Reading) Some 40% of disclosed vulns as of Q3 are rated as severe, new Risk Based Security data shows.
The cybersecurity skills shortage is an existential threat (CSO Online) ESG research with ISSA shows that organizations don’t have the right levels of cybersecurity personnel, skills and ongoing training to keep up with cyber risk.
Federal Cyber Artificial Intelligence IQ Test Shows 90 Percent of Feds View AI as Cyber Fix, but 48 Percent Afraid of AI Risks (Meritalk) Low AI anxiety – only 24 percent of Feds fear AI will eliminate their jobs
ThreatConnect Provides a Report on Healthcare and Medical Industry Threats (ThreatConnect) Learn about the threats and how to protect your healthcare organization
Is the healthcare industry prepared to combat evolving cyber threats? (Help Net Security) One in four UK healthcare IT professionals aren't confident in their organisation's ability to respond to cyberattacks, according to Infoblox.
Most UK law firms aren't ready for GDPR, claims report (Graham Cluley) Remember – this isn’t just an issue for businesses based in Europe.
Enterprise Physical Security Drives IoT Adoption (Dark Reading) The vast majority of respondents to a new survey are deploying IoT technologies for building safety in the form of security cameras.
Marketplace
Deloitte acquires big data team out of Asia-Pacific competitor to bolster Sydney, Melbourne and Singapore offices (CRN Australia) CBIG Consulting's APAC team joins Deloitte's Sydney, Melbourne offices.
Two compliance companies merge to build a $100M firm (TechCrunch) Once upon a time there were two compliance companies. Smarsh was owned by Los Angeles-based private equity firm, K1 Investment Management. It worked with..
Announcing $23 Million Series C Funding to Drive the Future of Log Analytics (Logz.io) We are excited to announce our $23 million series C funding! Learn more about our vision, our technology, and upcoming releases here.
Survey of bug bounty hunters shows who pans for pwns (Ars Technica) Bug hunters are educated, young, looking for challenge—and cash to feed security habit.
LookingGlass Appoints Michael Taxay and Jeremy Haas to Executive Leadership Team (BusinessWire) Cybersecurity professionals Michael Taxay and Jeremy Haas have joined LookingGlass Cyber Solution's executive leadership team.
Scott Collins Joins Vectra as Director of North America Channels (PRNewswire) Vectra, the leader in automating the hunt for in-progress...
Lacework Names Dan Hubbard Chief Security Architect (PRNewswire) Lacework™, the industry's first solution to bring automation,...
Terbium Labs Welcomes Munish Walther-Puri to its Executive Leadership Team as Chief Research Officer and Head of Intelligence Analytics (GlobeNewswire News Room) Terbium Labs, the premier dark web intelligence company, today announced the appointment of Munish Walther-Puri to Chief Research Officer and Head of Intelligence Analytics.
Products, Services, and Solutions
High-Tech Bridge announces free application discovery and inventory service (High-Tech Bridge) ImmuniWeb® Discovery provides continuous discovery, inventory and visibility of web and mobile applications and their APIs.
RedSeal Enhances Digital Resilience Platform, Dramatically Reducing Network Analysis Time and Boosting Security Team Productivity (Marketwired) Expanded coverage of hybrid datacenters creates more complete and accurate network models; New integration apps accelerate incident investigations and bring live traffic into RedSeal platform
Bay Dynamics Risk Fabric puts vulnerabilities in context (CSO Online) Many vulnerability management programs will direct IT teams to the critical threat on the non-critical asset, and place a midlevel threat on a critical asset thousands of places down on the priority scale. It’s not the program’s fault. It just doesn’t know context. That is one of the major problems in the vulnerability management space that the Bay Dynamics Risk Fabric program is designed to solve.
LockPath and SecurityScorecard Partner to Increase Efficiency in Vendor Risk Management (LockPath.com) This integration with SecurityScorecard will provide our customers with an even more advanced solution for managing risk from third parties of all types.
Barracuda Announces New Cloud Generation Firewall Capabilities (null) Barracuda Networks, Inc. (NYSE: CUDA), a leading provider of cloud-enabled security and data protection solutions, today announced expanded public cloud functionality for the Barracuda Web Application Firewall and Barracuda NextGen Firewall.
SecurityFirst™ Launches Channel Partner Program (IT Briefing) SecurityFirst™, a provider of data-centric cyber solutions, today announced the SecurityFirst Partner Program designed to help resellers and service providers make more money selling critical data protection to clients.
Graphus Launches Office in India to Drive Customer Growth and Expand Reseller Partner Network (BusinessWire) Graphus Inc., a leading cloud applications cybersecurity company, announced today they have incorporated a subsidiary company and opened a new office
New cryptocurrency exchange promises to bring virtual currencies to everyday purchases (Computing) The LBX Dragoncard will be accepted anywhere that takes Visa (so, everywhere)
Securonix Shrinks Cyber Incident Response Time With Phantom Integration - ForexTV (ForexTV) Securonix, the market leader in big data security analytics and user and entity behavior analytics, today announced integration of its Next Gen SIEM platform with Phantom, the clear leader in Security Automation and Orchestration (SA&O) market. This partnership enables security operations center (SOC) analysts to dramatically improve ...
Technologies, Techniques, and Standards
These Campaigns Explain Why AV Detection for New Malware Remains Low (Heimdal Security Blog) How long it takes for antivirus to detect new malware? These campaigns show why antivirus detection rates are slow. Protection guide included
Building a Threat Intelligence Framework to Defend Against Cyberattacks (Recorded Future) By building a threat intelligence framework, you can gain the ability to act quickly (before attacks occur) and to put threats into context.
Thwarting the Tactics of the Equifax Attackers (Cloudflare Blog) We are now 3 months on from one of the biggest, most significant data breaches in history, but has it redefined people's awareness on security? The answer to that is absolutely yes, awareness is at an all-time high. Awareness, however, does not always result in positive action. The fallacy which
Quantum Dawn War Games Test Cyber Resiliency in Finance Sector (Security Week) Quantum Dawn IV, a large-scale exercise to test the cyber resiliency of the U.S. finance sector, was held on Tuesday and Wednesday this week. The excercise had more than 900 participants from over 50 financial institutions, government agencies and regulators.
Today You’re Being Hacked – How To Choose Secure Settings (Heimdal Security) What can happen with your IoT devices in 24 hours and how to secure settings so you’re safe
Lock Down Your Facebook Privacy With These Simple Settings (WIRED) Friends, friends of friends, advertisers; keeping track of Facebook's privacy settings can get confusing. Here's how to get yours just right.
Design and Innovation
Microsoft Uses Neural Networks to Make Fuzz Tests Smarter (Dark Reading) Neural fuzzing can help uncover bugs in software better than traditional tools, company says.
Legislation, Policy, and Regulation
#ISSE17: Connected Devices Legal Framework Proposed by EC (Infosecurity Magazine) A new European Commission proposal will see certifications issued for devices
How the Government of Canada Plans To Set CyberSecurity Policy (eSecurity Planet) At SecTor security conference, the Director General for National Cyber Security in the Government of Canada details her government's policies for keeping Canadians safe online.
Canadians Are Worried About NSA Spying But Don’t Understand How It Happens (Motherboard) Canucks need to know the risks.
Cyber Experts Sound the Alarm (SIGNAL Magazine) The United States must continue to make inroads in the cyber domain, or it "will lose the war."
4 priorities for DoD’s cyber defense arm (Fifth Domain) A look at JFHQ-DoDIN's cyber priorities for the coming year.
Army Cyber Institute: “The Secret War Against the United States” (Cybersecurity Advisors) BLACKOPS Partners Corporation's urgent call to action is published in the U.S. Army Cyber Defense Review.
Statement from Telos CEO John B. Wood on Modernizing Government Technology Act (null) Telos Corporation CEO and chairman John B. Wood issues the following statement following passage of the Modernizing Government Technology (MGT) Act
A Dare To Congress: Go Ahead, Vote A Golden Key Encryption Law! (Monday Note) With great regularity, politicians rattle their sabers at unbreakable encryption. They claim that they need a Golden Key, a backdoor that will let them fight The Bad People. But would Congress dare enact such a law? I don’t think so.
Amid feds’ Kaspersky concerns, no easy scapegoat - but some action (Fifth Domain) Most federal agencies are complying with orders to identify and remove Kaspersky Labs anti-virus software.
Litigation, Investigation, and Law Enforcement
Secret Finding: 60 Russian Payments "To Finance Election Campaign Of 2016” (BuzzFeed) The FBI is scrutinizing more than 60 money transfers sent by the Russian foreign ministry to its embassies across the globe, most of them bearing a note that said the money was to be used “to finance
Feds fight BuzzFeed demand for Trump dossier probe details (POLITICO) In February, BuzzFeed was hit with a libel suit from Russian internet entrepreneur Aleksej Gubarev.
Trump Jr.'s WikiLeaks exchange adds intrigue to Russia probe (Military Times) President Donald Trump’s oldest son released a series of private Twitter exchanges between himself and WikiLeaks during and after the 2016 election, including pleas from the website to publicize its leaks.
The tools criminals use to prepare a stolen iPhone for resale (Help Net Security) Fraudsters use a number of tools to unlock stolen Apple devices: AppleKit and MagicApp, as well as a cybercriminal version of the Find My iPhone API.
Physical Theft Meets Cybercrime: The Illicit Business of Selling Stolen Apple Devices (TrendLabs Security Intelligence Blog) Our research delved into the crossover of online scams and physical crimes, given the sizeable global market for stolen mobile phones and iCloud fraud.
Why Google should be afraid of a Missouri Republican’s Google probe (Ars Technica) Missouri Attorney General Josh Hawley is probing Google's business practices.
To better fight crime and terror in the digital era, the FBI seeks top STEM graduates (Fifth Domain) The field of opportunity for science, technology, engineering, and mathematics (STEM) graduates continues to grow thanks to the FBI’s increased recruitment efforts.
Texas National Guard secretly installed spying devices on surveillance aircrafts (HackRead) The Texas National Guard bought two DRT 1301C cell-site simulator devices for more than $373,000. The purpose of buying these devices was to intercept call
ID theft puppet master convicted of huge tax refund scam (Naked Security) His gang exploited teenagers, prison inmates and serving US soldiers amongst others
You Can Now Mine Cryptocurrency to Bail People Out of Jail (Motherboard) “The people for whom bail is set haven’t been convicted of anything.”