Cyber Attacks, Threats, and Vulnerabilities
‘Operation Sharpshooter’ Targets Global Defense, Critical Infrastructure (McAfee Blogs) This post was written with contributions from the McAfee Advanced Threat Research team. The McAfee Advanced Threat Research team and McAfee Labs Malware
Despite Inactivity During Midterm Elections, Hackers Are Likely To Ramp Up Attacks In 2020 (Wall Street Journal) Campaigns will be vulnerable to cyber attackers as long as they lack the funding and expertise to defend systems, from increasingly sophisticated attacks, according to Judd Choate, director of the division of elections at Colorado’s department of state.
Operation Sharpshooter (McAfee) Campaign Targets Global Defense, Critical Infrastructure
The Kremlin’s Disinformation Strategy Has Run Aground in the Sea of Azov (Ukraine Elects) Based on the official statements from the US, EU, and NATO, it would seem that the disinformation operations conducted by the Kremlin after their recent aggression in the Sea of Azov were not very successful. Although there were a few alibi statements calling on “both sides” to de-escalate; it a
Russian Aggression in the Kerch Strait Is Also Aimed at Ukraine’s Democracy (Ukraine Elects) On November 25, Ukraine's National Security and Defense Council, chaired by President Petro Poroshenko, unanimously decided to introduce martial law after an emergency meeting, in accordance with the Constitution of Ukraine (Article 83). The Verkhovna Rada convened to approve the presidential decree
China’s spies are taking Britain for a ride (Times) The arrest of a Red Princess has sent relations between China and the America into a tailspin. Meng Wanzhou, daughter of the founder of the Chinese telecoms group Huawei and granddaughter of a...
China's hacking against U.S. on the rise: U.S. intelligence official (Reuters) A senior U.S. intelligence official said on Tuesday that Chinese cyber activity ...
Russian Critical Infrastructure Targeted by Profit-Driven Cybercriminals (SecurityWeek) Several critical infrastructure organizations in Russia have been targeted by hackers believed to be profit-driven cybercriminals rather than state-sponsored cyberspies.
Italian Oil Services Company Saipem Hit by Cyberattack (SecurityWeek) Italian oil and gas services company Saipem hit by a cyberattack. The firm is working on restoring affected systems while trying to determine who was behind the attack.
Cobalt Group: The 101 (Fidelis Cybersecurity) Cobalt Group - who they are, who they target and an update on their box of tricks.
Exploit Code for the Kubernetes Flaw Is Now Available (BleepingComputer) The recently disclosed critical-impact bug in Kubernetes created strong ripples in the security world of the container-orchestration system. Now, multiple demo exploits exist and come with easy-to-understand explanations.
Android Trojan steals money from victims' PayPal account (Help Net Security) A new Android Trojan tricks users into logging into PayPal, then takes over and mimics the user’s clicks to send money to the attacker’s PayPal address.
Seedworm Spy Gang Stores Malware on GitHub, Keeps Up with Infosec Advances (BleepingComputer) The relatively new espionage group Speedworm proves to be highly adaptive by using GitHub to keep their malware and by carefully observing the developments on the infosec scene via social networking services.
Emotet trojan is back with a vengeance (Security Boulevard) Emotet is back. The infamous trojan now features an all-new email harvesting module that is helping malware authors create scarily realistic malicious emails.
Researchers: Hackers increasingly able to breach cloud services (TheHill) Hackers are becoming increasingly able to access and take advantage of vulnerabilities in cloud services, according to a new report published Tuesday.
Clemson’s Cautionary Cryptomining Tale (HPCwire) In some ways, the bigger the computer, the more vulnerable it is to cryptomining as Clemson University discovered after cryptominers dug into its Palmetto
CapitalInstall hosted and served via IaaS (Netskope) Netskope Threat Research Labs detected an Adware family named, ‘CapitalInstall’ delivered from Microsoft Azure blob storage whose IP range was whitelisted by the multiple customers. The malware was identified via telemetry that recently alerted us on a high number of detections. These detections were related to multiple customers in the health and retail sector that …
Study: Burglars could hack smart sprinkler to disable alarm (Washington Post) Computer scientists at William & Mary in Virginia say burglars could potentially break into houses through smart home devices
Phones are selling location data from “trusted” apps (Naked Security) Data brokers are tracking 200 million mobile devices in the US, updating locations up to 14,000 times a day, the New York Times has found.
6.8% of the top 100,000 websites still accept old, insecure SSL versions (Help Net Security) 6.8% of the top 100,000 websites still accept old, insecure SSL versions, while more malware hits were seen in Asia Pacific than in any other region.
Text CAPTCHAs easily beaten by neural networks (Naked Security) As CAPTCHA-haters know to their frequent irritation, the death of the text-based Completely Automated Procedures for Telling Computers and Humans Apart tends to be exaggerated.
Sony's PlayStation Classic can be easily hacked thanks to weak cryptography (TheINQUIRER) It's only been days since its release but hackers gonna hack.
16,000 Redwood Eye Center Patients Impacted by MSP Breach (HIPAA Journal) A managed service provider that hosts the electronic health records of Redwood Eye Center in Vallejo, CA has experienced a security breach that has resulted in the exposure of 16,000 patients' protected health information.
Security Patches, Mitigations, and Software Updates
Zero-Day Bug Fixed by Microsoft in December Patch Tuesday (Threatpost) Microsoft patches nine critical bugs as part of December Patch Tuesday roundup.
Patch Tuesday, December 2018 Edition (KrebsOnSecurity) Adobe and Microsoft each released updates today to tackle critical security weaknesses in their software. Microsoft’s December patch batch is relatively light, addressing more than three dozen vulnerabilities in Windows and related applications. Adobe has issued security fixes for its Acrobat and PDF Reader products, and has a patch for yet another zero-day flaw in Flash Player that is already being exploited in the wild.
Samsung fixes flaws that could have let attackers hijack your account (Naked Security) Flaws in the mobile site were leaving users vulnerable to attackers who could have reset their user passwords and hijacked their accounts.
Cyber Trends
Fast & Furious IoT Botnets: Regifting Exploits (Arbor Networks Threat Intelligence) NETSCOUT Threat Intelligence honeypot data reveals that attackers are increasingly adding exploitation attempts of old vulnerabilities to their arsenals in addition to brute-forcing. Through the course of our research, we determined that the average time it takes for a new device to come online and when it first gets brute-force attempts is approximately five minutes. Within twenty-four hours, those same devices will receive exploitation attempts against known vulnerabilities.
Mac Malware Appears on the WatchGuard 'Top Ten Malware List' for First Time (PR Newswire) WatchGuard® Technologies, a leader in advanced network security solutions, today issued its quarterly Internet Security...
Internet Security Report - Q3 2018 (WatchGuard) The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Their smart, practical security advice contained in the Internet Security Report will enable you to better protect your organization in the ever-changing threat landscape.
The CrowdStrike Services Cyber Intrusion Casebook 2018 Offers Compelling Stories from the Front Lines of Incident Response (CrowdStrike) The CrowdStrike Services Cyber Intrusion Casebook 2018 offers compelling stories from the front lines of Incident response. Learn how CrowdStrike Services IR experts detected and stopped sophisticated adversaries and get recommendations that will better protect your organization.
Cyber Intrusion Services Casebook 2018 (CrowdStrike) Threat actors are continuously adopting new means to achieve their objectives. Drawn from real-life client engagements, the annual CrowdStrike® Cyber Intrusion Services Casebook 2018 provides valuable insights into ever-evolving attacker tactics, techniques and procedures (TTPs).
Netwrix announces top seven IT security trends for 2019 (Netwrix) Netwrix’s team of security analysts reveals the top IT security trends that will influence businesses in 2019.
US Payments Forum Market Snapshot: The State of Contactless Payments, Fraud and What’s Next for 2019 (GlobeNewswire News Room) The U.S. Payments Forum today released its quarterly Market Snapshot, providing a look at the state of EMV chip adoption in the U.S., fraud and what’s next for payments in 2019.
Will sophisticated attacks dominate in 2019? (Help Net Security) As we head into 2019, organizations must understand the security implications of cloud adoption, converging IT and OT, and increasing remote working.
I Miss the 000000ld Kanye: West Tops Dashlane's List of 2018's "Worst Password Offenders" (PR Newswire) Dashlane today announced its third annual list of the "Worst Password Offenders." The list highlights the high-profile...
Nearly 70% of UK Firms Suffered a Cyber-Attack in 2018 (Infosecurity Magazine) Financial and customer losses hit home as firms demand more government help
NSA Cyber Chief Says Companies Are Losing Ground Against Adversaries (Wall Street Journal) Rob Joyce, a specialist at the National Security Agency, said companies’ readiness for cybersecurity threats is “getting worse.”
SEC's Clayton Says Companies' Awareness of Cyber Threats Is Growing (ThinkAdvisor) Companies are looking beyond cyberattack prevention to better protection and smarter collection of data Clayton says.
Marketplace
China's Huawei fights U.S. spying allegations on crucial European... (Reuters) Even before the arrest of its CFO last week, pressure from the United States had...
How to play nice in the same sandbox (Defense News) When the Pentagon touted plans to cozy up more with Silicon Valley tech firms, the focus remained on challenges that permeated mostly from inside the building. Seemingly taken for granted was this notion that traditional defense companies and Silicon Valley-types could play nice.
Google CEO Sundar Pichai emerges ‘unscathed’ from the circus in Washington (Washington Post) After nearly four hours of rambling questions and partisan bickering, Pichai emerged on Tuesday from his first-ever testimony to Congress almost entirely untouched.
Google CEO Pichai says in Post interview the company is still figuring out China and hate speech after three-hour Hill grilling (Washington Post) Google chief executive Sundar Pichai on Tuesday stressed in his high-profile appearance on behalf of the tech giant that it operates “without political bias.”
Google boss denies plans to launch censored search engine in China (The Telegraph) Google’s boss has denied the company will launch a censored search engine in China despite admitting it had 100 engineers working on its design, during a grilling from Senators on Capitol Hill.
Air Force to release new 'fast-track' cyber approval process (Federal News Network) The Air Force believes its new streamlined ATO process will not only get systems online faster, it will deliver better security.
LINE acquires Korea-based cyber security company GrayHash (Yahoo) GrayHash will develop and optimise security solutions for LINE’s services, including messenger, fintech, AI, blockchain and the digital asset exchange LINE Plus Corporation announced today that it has acquired GrayHash, an online security research centre specialising in ‘offensive research’ and counter-hacking
Arctic Wolf Acquires Cybersecurity Vulnerability Assessment Leader RootSecure (Arctic Wolf) Arctic Wolf Acquires Cybersecurity Vulnerability Assessment Leader RootSecureSOC-as-a-Service Leader Augments Offerings with Advanced Vulnerability Management
Michael Dell handed early Christmas present as shareholders back deal to go public (CRN) Activist investors had threatened to derail the deal, but Dell is set to go public again on 28 December
Immersive Wisdom secures strategic investment from In-Q-Tel (Intelligence Community News) Immersive Wisdom Inc. of Boca Raton, FL announced on December 11 a strategic partnership with and investment from In-Q-Tel, Inc. (IQT), the not-for-profit strategic investor that identifies and acc…
Lunarline, Inc. Announces Award of a Contract to Support the National Geospatial-Intelligence Agency (NGA) (PR Newswire) Lunarline, Inc. announced that it was awarded a five-year contract to support the Cybersecurity Integration and...
Cymulate and Symantec Announce Today a Shared Research of Email-Based Attacks (BusinessWire) Cymulate, a provider of a leading Breach & Attack Simulation (BAS) platform which was recognized as a 2018 cool vendor by Gartner, announced today
Databarracks announces partnership with Rubrik to bring modern data protection to the UK (RealWire) Business continuity and IT disaster recovery specialist provider, Databarracks, has partnered with Rubrik.Rubrik is the market leader in Cloud Data Management, the world's first platform to orchestrat
Data-Centric Security Company SecurityFirst Unveils One Hour Setup for DataKeep; Announces New Executive Leadership (PR Newswire) SecurityFirst™, provider of data-centric security, announced today major enhancements to...
Products, Services, and Solutions
New Comodo Cybersecurity Services Respond to Mounting SMB Cyberattacks (GlobeNewswire News Room) Managed Solutions Bring Advanced Enterprise-grade Security to Mid-Market and SLED
Proofpoint Launches the Industry’s First People-Centric Attack Index to Easily Identify the Most Targeted Users Within an Organization (GlobeNewswire News Room) Leading cybersecurity company empowers organizations to understand the risks their users face and tailor their security strategy to address their most vulnerable employees
Corelight and Exabeam Partner to Deliver Best of Breed Security Solution to Detect Advanced Threats and Accelerate Incident Response Time (GlobeNewswire News Room) Corelight, providers of the most powerful network visibility solution for cybersecurity, and Exabeam, the next-gen SIEM company, today announced a strategic partnership that will combine proven network security monitoring (NSM) with advanced behavior analytics and automated incident response capabilities.
Claroty Announces Major Enhancements to Market-Leading Industrial Cybersecurity Platform (Claroty) Groundbreaking multispectral data acquisition and network segmentation capabilities provide deeper OT network visibility and reduce risk for industrial enterprises and critical infrastructure providers
How Enhanced Network Metadata Resolution Facilitates Network... (Bricata) We recently announced a new version of our product – Bricata Delivers Improved Threat Hunting with Enhanced Network Metadata Resolution, Scalability, and View Customization – the fourth such update we’ve made to date this year (see the list below). The... #networksecurity #threathunting
Grammarly’s Bug Bounty Program Goes Public: Q&A with VP of Engineering Joe Xavier (HackerOne) It’s been over a year since Grammarly launched its first bug bounty program on HackerOne. It’s been a private, invite-only program ever since. That is, until today! We sat down with the company’s VP of Engineering Joe Xavier to learn more about how the newly public bug bounty program fits into the team’s overall security strategy, what it’s like working with hackers, and any advice for other organizations considering the bug bounty model.
NICE announces Engage 6.12 providing capabilities for compliance and privacy (Help Net Security) With compliance automation and security capabilities, the NICE Engage 6.12 platform enables contact centers to adjust to new regulatory challenges.
Password-less security arrives on macOS with HYPR (Help Net Security) HYPR's Employee Access solution moves user authentication keys to their personal mobile devices and secures them against malicious hackers.
SendGrid Publishes Industry's First Inbox Protection Rate to Increase Cybersecurity and Privacy (WBTW) SendGrid, Inc. (NYSE: SEND), a leading digital communication platform that drives engagement and growth, is the first email service provider (ESP) to announce its Inbox Protection Rate publicly in an effort to increase cybersecurity and privacy transparency and to elevate the cause of inbox protection.
Technologies, Techniques, and Standards
Why Satellites Need Cybersecurity Just Like You (Space.com) Cybersecurity risks reach beyond Earth.
Anatomy of Twitter Bots: Amplification Bots (Duo Security) Duo Labs study on amplification bots: what they are and how they operate.
New Report: WAFs Fail to Protect Against Bot Attacks (BusinessWire) Cequence Security and Osterman Research reveal the security challenges and productivity impact of bot attacks targeting large enterprises.
Air Force to Debut Electronic Warfare Findings (Military.com) The service wants to understand where and how an attack manifests on the electromagnetic spectrum and how best to deny it.
Here’s what the Army is saying about its new electronic warfare solution (C4ISRNET) The Army has received the results of the deployment of a capability that allows electronic warfare planning and management on the move and without network connection.
Marines need to equip defensive cyber teams (Fifth Domain) New tactical cyber defense teams still require defensive cyber kits.
The Pentagon’s plan to secure sensitive systems (Fifth Domain) The Department of Defense has a year to work on a plan to establish a program that includes commercial companies to improve the security of critical DoD infrastructure.
Experts Urge Utilities to Train, Collaborate on Cybersecurity (RTO Insider) Experts in cybersecurity painted a somewhat dire picture at Infocast's Federal Energy Policy Summit when detailing the threats to the electricity industry.
Seven cyberintelligence insights for a more secure business (Intelligent CIO Middle East) Cyberthreat intelligence (CTI) involves the collection, evaluation, verification and distribution of information about ongoing and emerging cyberthreats and attacks against network assets and infrastructure. It is becoming increasingly difficult and costly for organisations to defend against cyberattacks on their own, with more companies reaching out to their peers and other sources for threat intelligence data. […]
How Holiday Shoppers Can Protect Their Information Against Cyberattacks (att.net) How Holiday Shoppers Can Protect Their Information Against Cyberattacks
Don't Bite That Phishing Bait: Bet On These Five Simple Safety Rules (Forbes) Phishing attacks can seriously endanger a company's information and reputation. Use these five tips to help educate and empower your employees to avoid phishing scams.
Design and Innovation
Algorithmic Justice League launches new campaign to prevent facial recognition software industry from selling or buying tech that can be weaponized (Benzinga) English police stopped a black man in London last July after facial recognition software misidentified him. Police demanded the man's ID...
Research and Development
IARPA posts new BAA for SAILS program (Intelligence Community News) On December 11, the Intelligence Advanced Research Projects Activity posted a new broad agency announcement for the Secure, Assured, Intelligent Learning Systems (SAILS) program (Solicitation Numbe…
Academia
Iranian hackers attack U.K. cybersecurity universities - EdGuards - Security for Education (EdGuards - Security for Education) To perform an attack, hackers’ foxery is not enough. And some security incidents would not ...
Legislation, Policy, and Regulation
Trump administration to condemn China over hacking and economic espionage, escalating tensions between superpowers (Washington Post) Officials are preparing to unveil sanctions, declassified intelligence and indictments as part of a coordinated multiagency announcement this week.
Analysis | The Cybersecurity 202: Trump is getting tough on Chinese hacking. Will it work? (Washington Post) The trade feud makes things more complicated.
Marriott Data Breach Is Traced to Chinese Hackers as U.S. Readies Crackdown on Beijing (New York Times) The Trump administration is expected to indict hackers and roll out import restrictions out of concern that Beijing will not easily change its trade, cyber and economic practices.
Google and Congress Botch an Opportunity (Bloomberg) Both sides are failing to make tech companies accountable.
Congress Blew Its Hearing With Google CEO Sundar Pichai (WIRED) The House Judiciary Committee spent more time on partisan squabbles than urgent questions around Google's data and privacy practices.
Google Would ‘Make the NSA Blush,’ Says Republican at Hill Grilling (Roll Call) Lawmakers bombarded Google’s CEO with questions about alleged bias against conservatives in search results and the company’s data collection practices.
Google’s ‘internal effort’ for a Chinese search engine (Fifth Domain) Google CEO Sundar Pichai told the House of Representatives that he “will be transparent” if the search giant moves forward on plans that have garnered mounting criticism.
The European Data Protection Board Issues Guidelines on GDPR’s Territorial Scope (cyber/data/privacy insights) The European Data Protection Board (“EDPB” or the “Board”) recently released new draft Guidelines 3/2018 on the territorial scope of the European Union’s (“EU”) General Data Protection Regulation (…
House Releases Cybersecurity Strategies Report (SecurityWeek) The U.S. House of Representatives’ Committee on Energy and Commerce has released a report identifying strategies for the prevention and mitigation of cybersecurity incidents.
Sen. Warner Warns China, Russia are Accelerating Cyber, Disinformation Capabilities (USNI News) The vice chairman of the Senate Select Committee on Intelligence gave a sobering assessment of the expanding ability of Russia and China to interfere with U.S. institutions through cyber and disinformation campaigns. Sen. Mark Warner (D-Va.) said the General Accountability Office “found almost all our new weapons systems are vulnerable” to cyber attacks, …
UK disarray: May to face no-confidence vote from her party (AP NEWS) British Conservative lawmakers forced a no-confidence vote in Prime Minister Theresa May for Wednesday, throwing U.K. politics deeper into crisis and Brexit further into doubt. May vowed to fight for the leadership of her party and the country "with everything I've got" after opponents who have been circling for weeks finally got the numbers they needed to spark a vote among Conservative Party lawmakers later in the day. The leadership challenge marks a violent eruption of the Conservative Party's decades-long divide over Europe.
Brexit: May puts on brave face as Tories prepare fatal blow (Times) Theresa May will be put under pressure at her cabinet meeting today to start planning for a no-deal Brexit, with ministers around the table expecting a vote on her future to be called within hours.
The Yellow Vest Protests and the Tragedy of Emmanuel Macron (Foreign Affairs) The Gilets Jaunes have brought the French president low.
It’s Macron’s Destiny to Be Hated (Foreign Policy) The French president can make all the concessions he wants, but he can’t make the public like him.
It just got a little easier to join the Army’s counterintel community (Army Times) The Army is loosening some requirements to attend MOS school for counterintelligence agents.
OMB expands definition of high-value assets (FCW) The Office of Management and Budget is making sure all agencies develop plans to protect their most sensitive, most valuable cybersecurity assets, and designate an agency-level office or team to secure them.
Litigation, Investigation, and Law Enforcement
Russian official offers to unveil correspondence with US (AP NEWS) A top official at Russia's cybersecurity agency has offered to publish its communications with American counterparts during the 2016 U.S. election campaign. Nikolai Murashov, a deputy head of the Russian National Coordinating Center for Computer Incidents, said Tuesday that the first U.S. official request regarding the hacking into the Democratic National Committee came on Oct. 31, 2016. He said his agency provided specific answers in response to the U.S. query and subsequent requests. Murashov added that his agency was ready to release its correspondence with U.S. authorities if Washington agrees.
U.S. investigators point to China in Marriott hack affecting 500 million guests (Washington Post) U.S. government investigators increasingly believe that Chinese state hackers were most likely responsible for the massive intrusion reported last month into Marriott’s Starwood chain hotel reservation system, a breach that exposed the private information and travel details of as many as 500 million people, according to two people briefed on the government investigation.
Marriott hack linked to Chinese spying efforts (Washington Examiner) A hack that collected the information of 500 million Marriott hotel guests is now thought to be part of Chinese intelligence-gathering.
China’s judgment on Huawei case: Anger, patriotism and iPhone boycotts (Washington Post) The U.S.-ordered arrest of Meng Wanzhou is widely viewed in China as part of Washington’s attempts to thwart the country’s race toward next-generation technologies.
China holds ex-diplomat Michael Kovrig as row with Canada deepens (Times) China has detained a former Canadian diplomat at a time of growing tension between the two countries over the arrest of a Chinese executive accused of violating sanctions. Michael Kovrig, who had...
Huawei's CFO's bail was set at $7.5 million and she will pay for her own surveillance (Quartz) Meng Wanzhou, the arrested executive, will also wear an ankle bracelet and have a curfew.
Huawei executive Meng Wanzhou released on bail in Canada as tensions rise with China (The Telegraph) The Chinese executive accused of violating US sanctions against Iran has been granted bail while she awaits an extradition hearing to the US following her arrest in Canada.
Trump says would intervene in arrest of Chinese executive (Reuters) U.S. President Donald Trump said on Tuesday he would intervene with the U.S. Jus...
Equifax accused of 34 control and process failures in official report into 2017 data breach (Computing) Equifax accusing of failing to implement adequate security by US Congressional committee
Bomb Threat Forces Evacuation at Facebook Facility (NBC Bay Area) A building on Facebook's campus in Menlo Park was evacuated Tuesday evening after a bomb threat, police said.
Facebook fined $11m for misleading users about how data will be used (Naked Security) They said Facebook emphasizes the service being free, not that it’s making big bucks off users’ data. They ordered the company to apologize.
Maria Butina set to plead guilty to conspiring to act as agent of Kremlin, documents shows (Washington Post) Her “Diplomacy Project” was aimed at subtly swaying U.S. foreign policy to Russia’s interests.
Senate Intelligence Committee leaders seek probation for former aide who lied in FBI leak probe (Washington Post) U.S. prosecutors are asking instead for a two-year prison term for James A. Wolfe, citing significant danger to national security.
Alleged ISIS supporter and woman accused of planning terror attack arrested (NBC News) The alleged ISIS supporter, a man, is accused of targeting a synagogue, while the woman, faces charges of buying bomb-making materials.