Cyber Attacks, Threats, and Vulnerabilities
Analysis: The Turkistan Islamic Party's jihad in Syria (FDD's Long War Journal) The Turkistan Islamic Party (TIP) in Afghanistan and Syria has long operated as part of the Taliban-al Qaeda axis. Earlier this year, however, the TIP's Syrian branch sided with Hay'at Tahrir al-Sham (HTS) during its battles with other rebel groups. This infighting and related events have complicated the picture with respect to the TIP in Syria. One TIP-affiliated outlet claimed earlier this year that the group's senior management had sent new leadership from Afghanistan to Syria.
The return of Spectre (ZDNet) Two new ways to assault computers using Spectre-style attacks have been discovered. These can be used against any operating system running on AMD, ARM, and Intel processors.
Fresh Spectre Variants Come to Light (Threatpost) The newly-discovered Spectre variants can be exploited to uncover confidential data via microarchitectural side channels in CPUs.
Speculative Buffer Overflows: Attacks and Defenses (Arxiv) Practical attacks that exploit speculative execution can leak confidential information via microarchitectural side channels.
Details on an Air Force drone? $200 on the dark web (Fifth Domain) The hacked documents represent embarrassing security vulnerabilities and raises questions about basic cyber-hygiene in the U.S. military apparatus.
Hacker Selling Pentagon’s Killer Drone Manual on Dark Web for $150, Cheap (The Daily Beast) The seller was part of a small hacking crew based in South America that specializes in low-hanging fruit—like home-filing sharing networks that have no password by default.
Year-old router bug exploited to steal sensitive DOD drone, tank documents (Ars Technica) Hacker who offered Air Force, Army docs claimed to have exploited known Netgear FTP flaw.
Default router password leads to spilled military secrets (Naked Security) The hacker tried selling the US military files for $150 on the dark web, but only undercover analysts paid any attention.
Military Reaper Drone Documents Leaked on the Dark Web (Recorded Future) See how direct threat actor interaction allowed Insikt Group to discover MQ-9 Reaper drone documents and other leaked military information on the dark web.
Hacker Offers Access to Machine at International Airport for $10 (SecurityWeek) Researchers found that access to a system associated with a major international airport can be bought for only $10—with no zero-day exploit, elaborate phishing campaign, or watering hole attack
Organizations Leave Backdoors Open to Cheap Remote Desktop Protocol Attacks (McAfee Blogs) While researching underground hacker marketplaces, the McAfee Advanced Threat Research team has discovered that access linked to security and building automation systems of a major international airport could be bought for only US$10.
Issued for Abuse: Measuring the Underground Trade in Code Signing Certificates (University of Maryland) Recent measurements of the Windows code signing certificate ecosystem have highlighted various forms of abuse that allow malware authors to produce malicious code carrying valid digital signatures. However, the underground trade that allows miscreants to acquire such certificates is not well understood.
Timehop Admits GDPR Fumble (Infosecurity Magazine) Breach implications get more serious for firm
Multiple Bugs Found in QNAP Q'Center Web Console (Threatpost) QNAP said in a security advisorythat it has fixed the issues in Q'Center Virtual Appliance, and urged customers to update to the latest version.
Hola VPN's Chrome extension hacked to target MyEtherWallet users (HackRead) Hola VPN extention was hacked for five hours and used in monitoring the activities of some of the MyEtherWallet users.
Unknown and Unsecure Domains Bother Businesses (Infosecurity Magazine) Unknown and unsecure domains continue to be a problem for businesses
Do advances in voice technology pose a threat to enterprise security? (Help Net Security) Almost half of IT professionals said that voice security was either not a priority, or a lower priority than other threats including malware, and phishing.
Who's Reading Your Gmail Messages? (HackRead) Do you know your Gmail emails can be read by third-party app developers and there is a way you can stop them?
Tech-support scammers know EVERYTHING about my computer, Dell customer says (Ars Technica) It's time for Dell to say how scammers got serial numbers and other customer data.
Security Patches, Mitigations, and Software Updates
Why Your Twitter Follower Count Might Go Down This Week (WIRED) After purging millions of fake or suspicious accounts in recent months, Twitter announced a new policy around locked profiles.
Cyber Trends
Threats financial organizations will face in 2019 (Help Net Security) What type of threats will financial organizations face in 2019? According to IntSights Cyber Intelligence: breaches and extortion attempts.
Infosec and the future: Dr. Giovanni Vigna on lessons learned over 25 years (Help Net Security) When I asked Dr. Giovanni Vigna what are some of the most important lessons he has learned during the 25+ years he spent working in computer security, his answer was simple: always learn by doing and always innovate.
White Paper: An Executive Summary on the State of Privacy and Security Awareness in Government (MediaPRO) This white paper reveals an uncomfortable truth: basic cybersecurity and privacy awareness knowledge are lacking at U.S. government organizations.
Marketplace
How the access control market has developed and should direct itself in the coming years (Help Net Security) Smart cards have become synonymous with the access control market, continuing to be used across a variety of end markets including, healthcare,
Accelerating Pathways for Young Ethical Hackers in Cybersecurity (PRWeb) The world needs more “good guys” on this side of cyber warfare, which is why Synack, Nav Talent and premier program sponsor Morgan Stanley are teaming up to equip a future ...
ZTE shares soar after clearing last hurdle to lifting of U.S. ban (Reuters) Hong Kong shares of ZTE Corp surged nearly 24 percent on Thursday after China's No. 2 telecommunications equipment maker cleared the last hurdle to lifting a U.S. ban on component supplies.
ZTE and US sign agreement to lift ban in near future (South China Morning Post) US and ZTE sign escrow agreement; when ZTE completes US$400 million in an escrow account the ban on the company will be lifted
Intel Pays $100,000 Bounty for New Spectre Variants (SecurityWeek) Researchers who discovered two new variations of the Spectre attack receive $100,000 bounty from Intel
Broadcom to Buy CA Technologies for $18.9 Billion (Wall Street Journal) Broadcom struck a deal to buy software company CA Technologies for nearly $19 billion, a surprise move that takes the chip-making giant in a new direction.
Broadcom snaps up CA Technologies for $25 billion (CRN Australia) Deal expected to close by the end of the year.
This Bethesda company is betting on quantum physics as the answer to stronger data encryption (Washington Business Journal) The company’s first network will connect Wall Street with back-office operations in New Jersey, safeguarding high-value transactions and mission-critical data for banks.
Israeli Firm Radiflow Raises $18 Million to Grow Industrial Cybersecurity Business (SecurityWeek) Industrial cybersecurity firm Radiflow has raised $18 million in venture funding through an investment round led by Singapore-based engineering company ST Engineering.
Safe-T® Announces Acquisition of CyKick Labs' Intellectual Property and Marks (Markets Insider) Safe-T® (TASE: SAFE) (OTCQB: SFTTY), a leading provider of software-defined access solutions for the hybrid ...
Netskope nabs Sift Security to enhance infrastructure cloud security (TechCrunch) Netskope, a company that focuses on security in the cloud, announced today it has acquired Sift Security, a startup launched in 2014 to help secure cloud infrastructure services like Amazon, Microsoft and Google using machine learning. The company did not share terms of the deal, but Sift’s 1…
Ex-Cambridge Analytica employees spin out new company to scour your search history (Computing) Auspex International investor says that Google history is more valuable than Facebook data
Lockheed Seeks Cyber Capabilities to Reinforce Aircraft Products, Processes Via Guardtime Federal Alliance (GovCon Wire) Lockheed Martin (NYSE: LMT) has expanded its alliance with Guardt
Good news on the jobs front, as American cyber-security firm SkOUT Secure Intelligence announces the creation of 30 jobs in Portlaoise (TheLiberal.ie) Good news for jobseekers this afternoon, as US-based cyber-security firm SkOUT Secure Intelligence has announced the creation of 30 jobs in Portlaoise. The new roles will include management, sales and business development, engineering, and technical...
Endgame Announces San Francisco Office Expansion to Increase West Coast Presence (GlobeNewswire News Room) Endpoint protection company Endgame plans to double the number of San Francisco-based employees by the end of 2018
MobileIron appoints Scott Hill as CFO (Help Net Security) MobileIron announced that Scott Hill has been appointed chief financial officer (CFO).
Gigamon Appoints Joan Dempsey to its Board of Directors (PRNewswire) Booz Allen Hamilton Executive Vice President and Senior Partner adds broad technology and federal government experience to Gigamon Board
Products, Services, and Solutions
Cylance Unveils “Cylance Smart Antivirus;” AI-Powered Antivirus for Consumers (BusinessWire) Cylance Inc., the leading provider of AI-driven, prevention-first security solutions, today launched Cylance Smart Antivirus, AI-powered antivirus sof
Janrain Partners With Akamai To Launch Next-Generation Secure Edge Technology To Protect Companies And Customers (PRNewswire) Janrain Secure Edge Brings Industry-leading Security from Akamai to the Janrain Identity Cloud®, The World's Largest Omnichannel Identity Network
ForeScout and Carbon Black Integrate to Reduce Business Impact of Cyber Threats (GlobeNewswire News Room) New technology integration improves endpoint security hygiene and fortifies threat defenses across the enterprise
Alcide Announces New Release of its Cloud-Native Security Platform for Modern Data Center and Cloud Environments (GlobeNewswire News Room) New features include Slack integration, Serverless support and a Threat Intelligence Feed
Dell EMC launches VMware-optimised data protection appliance for midmarket (CRN Australia) VMware-optimised appliance comes in a 2U form factor.
Ex-Anonymous member Adam Bennett targets SMBs with threat management platform Crystal Eye (CRN Australia) Adam Bennett looking to help SMBs simplify cybersecurity.
Manatt expands cybersecurity practice to meet client needs (Help Net Security) This expansion with Beierly, Reid and Treviño, reflects Manatt’s strategy of combining the legal practice and consulting in order to offer solutions to meet its clients’ business needs.
Put WhatsApp, Slack, admin privileges in a blender and what do you get? Wickr (Register) But are enterprises willing to pay for this suite smoothie?
Trusona extends its Partner Network ecosystem (The Paypers) Trusona, the #NoPasswords identity authentication provider, has unveiled its Partner Network, an ecosystem of strategic partners operating within the Identity and Access Management space.
Technologies, Techniques, and Standards
The Pentagon Wants to Automate Some Classification Decisions (Nextgov.com) The proposed software would help defense officials make classification decisions and automatically enforce them.
What is the Tor Browser? How it works and how protects your identity (CSO Online) The Tor Browser is a web broswer that anonymizes your web traffic using the Tor network, making it easy to protect your identity online.
Identity eats security: How identity management is driving security (CSO Online) New intelligent identity management systems are changing the way organizations authenticate users and devices, and they’re making identity the new security perimeter.
Departing Employees Should Not Mean Departing Data (Infosecurity Magazine) With more than two-thirds of organizations experiencing data theft when employees depart, you need to protect your organization against insider threats.
Design and Innovation
Your Google phone will soon screen nuisance calls (Naked Security) Google is reportedly adding a new feature to its phone app that will breathe a sigh of relief to beleaguered phone users everywhere: Built-in screening for nuisance callers.
Catalyzing Innovation via Centers, Labs, and Foundries (Forbes) Collaboration can involve combinations of government, industry and academia working together to meet difficult challenges and cultivate new ideas. A growing trend for leading companies is creating technology specific innovation centers, labs and foundries to accelerate collaboration and invention.
Research and Development
China, Russia, and the US Are All Building Centers for Military AI (Defense One) But their burgeoning approaches to state-sponsored research are divergent as the countries themselves.
Future Quantum Computers Already Threatening Today’s Data (Nextgov.com) Large-scale quantum computing could be just five years away.
Facebook Opens Its Private Servers to Scientists Studying Fake News (WIRED) Social Science One, an independent research commission, will give social scientists unprecedented access to Facebook's data.
Facebook doesn't want to eradicate fake news. If it did they'd kick out InfoWars (Graham Cluley) Facebook would like you to believe that it’s serious about ridding its platform of fake news. So how come InfoWars, one of the most notorious outlets of sick conspiracy theories, is allowed to maintain a page on the social network?
Academia
During Raytheon visit, Gov. Northam praises UVA’s Cyber Defense Team for winning national award (LoudounTimes.com) Powerhouse defense contractor Raytheon and students from the University of Virginia received praise from Gov. Ralph Northam Tuesday during his visit to Raytheon's offices in Dulles.
Legislation, Policy, and Regulation
Is NATO capable of modern deterrence? (Defense News) In the era of Little Green Men and propaganda, how does one deter a foe?
Israel seeks global collaboration to defend cyber attacks (ETtech.com) Israel believes a partnership with other nations and sharing information would result in stronger defence against cyber attacks.
Outdated DoD IT Jeopardizes National Security: Report (SecurityWeek) 86% of DoD IT managers said that failing to modernize legacy DoD systems is putting U.S. national security in jeopardy.
Analysis | The Cybersecurity 202: Election security legislation may be gaining steam in Congress (Washington Post) A flurry of hearings took place this week.
New Cyber HQ Completely Restructuring DoD Network Operation (MeriTalk) Paul Craft, director of operations at the Joint Force Headquarters Department of Defense Information Network (JFHQ-DoDIN), spoke today at the Defense Systems Summit about how his relatively new component of U.S. Cyber Command is now tasked with operating and securing the entirety of DoD’s sprawling IT network infrastructure and has undertaken a complete restructuring of network operations for all of DoD.
Fish Out of Water: How the Military Is an Impossible Place for Hackers, and What to Do About It (War on the Rocks) The U.S. military established Cyber Command almost a decade ago, but it fails to maximize its contributions to national mission. Struggles on all levels —
Malta Signs Cryptocurrency and Blockchain Bills into Law (CoinCentral) The government of Malta confirmed last week that it had approved three crucial bills that provide the necessary regulatory framework for the blockchain and cryptocurrency market.
Litigation, Investigation, and Law Enforcement
Senators Fear Meltdown and Spectre Disclosure Gave China an Edge (WIRED) By not informing the US government in advance of two industry-wide hardware flaws, Intel may have inadvertently given ammo to China's hackers.
The Chinese Government Likely Knew about Spectre and Meltdown Bugs Before the U.S. (Nextgov.com) Fixing hardware and software vulnerabilities requires global information sharing—and that includes U.S. cyber adversaries.
Stolen U.S. Military Drone Documents Found for Sale on Dark Web, Researchers Say (Wall Street Journal) An unidentified hacker tried to sell purported U.S. military documents containing information about combat drones, a cybersecurity research firm said, after they were allegedly stolen from an Air Force officer’s computer.
Kaspersky Makes Last Ditch Argument to Halt Congressional Ban from Being Implemented (Nextgov.com) Multiple agencies have set Monday, July 16, as the deadline for the ban to be implemented in new procurements.
Chinese Hackers Stole Large Amounts of Secret U.S. Submarine-Warfare Data, Military Says (Wall Street Journal) The Defense Department’s inspector general is investigating a security breach after Chinese hackers allegedly stole large amounts of sensitive data from a Navy contractor.
Homeland Security official "suspects" Russia targeted all 50 states in 2016 (CBS News) "I would suspect that the Russians scanned all 50 states" and territories, DHS Undersecretary Christopher Krebs tells Congress
Notorious ‘Hijack Factory’ Shunned from Web (KrebsOnSecurity) Score one for the good guys: Bitcanal, a Portuguese Web hosting firm long accused of helping spammers hijack large swaths of dormant Internet address space over the years, was summarily kicked off the Internet this week after a half-dozen of the company’s bandwidth providers chose to sever ties with the company.