Cyber Attacks, Threats, and Vulnerabilities
Ad-clicking, Information-stealing App Controls Over 60,000 Devices (RiskIQ) Although the app does its advertised function, it also infects victims’ devices and comes with a side of information stealing and ad-clicking.
This new Windows malware wants to add your PC to a botnet - or worse (ZDNet) The intentions of and delivery method of Mylobot are unknown - but it appears to be the work of a sophisticated attacker who could deliver trojans, ransomware and more.
Meet MyloBot - A New Highly Sophisticated Never-Seen-Before Botnet That's Out In The Wild (Deep Instinct) Everything you need to know about a new botnet that is out in the while dubbed Mylobot.
Report: Cyberattackers use Hidden Tunnels to Spy on and Steal from Financial Services Firms (PR Newswire) Vectra, the leader in AI-powered cyberattack detection and threat...
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks (Dark Reading) Hackers are using the infrastructure, meant to transmit data between applications, for command and control.
Satan ransomware raises its head again! (Quick Heal Blog) Satan ransomware first occurred in early 2017. And it has resurfaced with a new variant in 2018. We have seen it using new, innovative techniques to spread such as EternalBlue exploit to distribute over compromised networks. This variant of Satan propagates using the below techniques: Mimikatz EternalBlue – exploit...
macOS' Quick Look Cache May Leak Encrypted Data (SecurityWeek) The Quick Look mechanism on macOS, which allows users to check file contents without actually opening the files, may leak information on cached files, even if they reside on encrypted drives or if the files have been deleted.
Drupal Vulnerability (CVE-2018-7602) Exploited to Deliver Monero-Mining Malware (TrendLabs Security Intelligence Blog) We observed network attacks exploiting CVE-2018-7602, a security flaw in the Drupal, to turn affected systems into Monero-mining bots.
Traffic sign near ICE headquarters hacked with "Abolish ICE" message (HackRead) Someone hacked the reader board near ICE headquarters in SW Portland and defaced it with "Abolish ICE" message.
Security Patches, Mitigations, and Software Updates
Cisco plugs critical flaws in many switches, security appliances (Help Net Security) Cisco has released security updates for 24 critical and high-severity flaws found in its switches, next generation firewalls and security appliances.
Google secure app sharing (Help Net Security) Google will start adding security metadata to Android application packages (APKs) distributed via Google Play to ensure secure offline app distribution.
Google Play security will extend to apps shared offline (SlashGear) Issues of control aside, there are technical and practical benefits to getting your Android apps from Google Play Store instead of third-party repositories or, worse, free-floating APKs. The bigges…
Cyber Trends
The Year in Cybersecurity: The Story So Far (SIGNAL) Industry tackles an array of cyber challenges.
Summer SOTI - Web Attacks (Akamai) Continuing Changes Welcome to the second blog post for the Summer 2018 State of the Internet / Security. If you've read the SOTI / Security report before, much of what you see here should be familiar, though the time frame...
Nation-State Actions Could Negatively Impact Businesses (Infosecurity Magazine) Threats from Russia, China and the Five Eyes ranked as having potentially catastrophic impact for businesses.
Fighting Fraud in the e-Commerce Channel: A Merchant Study (Federal Reserve Bank of Minneapolis) This report presents findings from an online survey of 166 U.S. retailers with an e-commerce presence
Could an Equifax-sized data breach happen again? (Help Net Security) Global financial services organizations are targeted by cyberattackers in an attempt to steal critical data and personally-identifiable information.
Endpoint security automation a top priority for IT pros (Help Net Security) Automating endpoint detection and response processes is the top priority for IT professionals trying to put actionable controls around their endpoints.
Major trends in app development, agile/DevOps maturity, and low-code adoption (Help Net Security) Digital transformation dominates business strategy, web and mobile development demand is booming. Speed and agility are more important than ever before.
Small Businesses That Ignore Lessons from Cyber Attack Likely to Suffer Another: Hiscox (Insurance Journal) While 47 percent of small businesses suffered at least one cyber attack in the past year, only 35 percent of them took action following a cyber security
Cyber fears: Digitally active, but not digitally secure (The Financial Express) Digital consumption in India is on a rise with Indian consumers actively engaging on digital platforms—however there is a heightened risk of fraud, with approximately one in four customers falling prey to online deceit, says an Experian’s Digital Consumer Insights report.
Rapid7 CEO: Cyber exposure a massive societal issue (CNBC) Corey Thomas, Rapid7 president and CEO, discusses the latest research on state of cybersecurity in the U.S. and all over the world.
A Third of UK Orgs Have Sacked Employees for Data Breach Negligence (Infosecurity Magazine) Businesses recognize employee negligence as major security risk, but fail to take action with robust training programs
Marketplace
Why is the Lucrative Cybersecurity Field still Struggling to Hook Prospective Practitioners? (Infosecurity Magazine) Only 9% of millennials state they are interested in pursuing cybersecurity as a career at some point in their lives.
Holding on to the Air Force’s cyber workers (Fifth Domain) The Air Force is looking at ways to retain its cyberwarriors for the duration of their careers as to not lose personnel for whom it has already invested time and money.
How BAE's US arm plays to win the talent war (Washington Technology) Like other contractors, BAE Systems' U.S. business has made hiring and recruiting skilled workers a priority and CEO Jerry DeMuro has made it a top item.
US lawmakers call Huawei ‘security threat’, ask Google to reconsider ties (South China Morning Post) Criticism that the tech giant works with the Chinese smartphone maker but ended a research partnership with the US Defence Department
Twitter acquires anti-abuse technology provider Smyte (TechCrunch) Twitter this morning announced it has agreed to buy San Francisco-based technology company Smyte, which describes itself as “trust and safety as a service.” Founded in 2014 by former Google and Instagram engineers, Smyte offers tools to stop online abuse, harassment, and spam, and prote…
Goldman Sachs Leads $40 Million Investment in Anti-Phishing Firm Agari (Fortune) Beware that email from your "boss."
Truepic raises $8M to expose Deepfakes, verify photos for Reddit (TechCrunch) How can you be sure an image wasn’t Photoshopped? Make sure it was shot with Truepic. This startup makes a camera feature that shoots photos and adds a watermark URL leading to a copy of the image it saves, so viewers can compare them to ensure the version they’re seeing hasn’t be…
Shares Of Carbon Black Are Fully Valued, For The Moment (Seeking Alpha) The security outfit shot up belatedly after promising Q1 figures, but we think this is going a little too fast.
Accenture Expands Innovation Hub in Metro Washington, D.C. with Launch of New Cyber Fusion Center (BusinessWire) Accenture expanded its metro Washington, D.C. innovation hub with the opening of a new flagship Cyber Fusion Center in Arlington.
Cyber Fusion Center in Washington DC (Accenture) Accenture blog discusses collaborative innovation at Cyber Fusion Center in Washington DC.
Accenture creating 1,000 jobs in Greater Washington (Washington Business Journal) Accenture plans to create 1,000 jobs in Greater Washington by 2020, the company said Wednesday as it debuted a Cyber Fusion Center in Rosslyn.
4 companies start work on the Army’s cyber training platform (Fifth Domain) Contracts have been awarded on the first wave of prototypes for the Department of Defensive's Persistent Cyber Training Environment.
KoolSpan Joins Leading Global Companies in Cybersecurity Tech Accord to Fight Cyberattacks and Deliver Equal Protection for Customers Worldwide (BusinessWire) KoolSpan has joined the Cybersecurity Tech Accord, a watershed agreement to defend all customers from malicious attacks by cybercriminal enterprises a
WISekey joins the Cybersecurity Tech Accord to fight cyberattacks, promise equal protection for customers worldwide (GlobeNewswire News Room) WISeKey International Holding Ltd ("WISeKey" SIX: WIHN, OTCQX: WIKYY), a leading Swiss cybersecurity and IoT company, announced today that it has joined the Cybersecurity Tech Accord together with ten other companies that have joined the watershed agreement in the last two months to defend all customers everywhere from malicious attacks by cybercriminal enterprises and nation-states.
Exostar, The Newest Elite Silver Corporate Member Of IotCommunity® (Latest Industry News) IoT Community®, the world’s biggest community of CxOS and IoT practitioners and professionals, take a pride in announcing Exostar as a Silver Corporate Member, which is joining with other core IoT members and stakeholders in giving its share for evolution and uptake, along with overcoming the hurdles to enter in the IoT ecosystem.
King & Union Appoints Suzanne Spaulding as Board Advisor (PR Newswire) King & Union, the provider of Avalon, a threat analytics platform...
NSA Vet Debora Plunkett to Join CACI Board; Jack London Comments (GovCon Wire) Debora Plunkett, a more than three-decade veteran of the National Security Agency, has been appointe
Intel CEO Krzanich Resigns Over Relationship With Employee (Wall Street Journal) Intel Chief Executive Brian Krzanich resigned after the company determined he violated company policies during a past, consensual relationship with an Intel employee.
Products, Services, and Solutions
KPMG and Cylance Form Alliance to Proactively Secure Enterprise Endpoints (PRNewswire) KPMG LLP, the U.S. audit, tax and advisory firm, and Cylance® Inc., the company that revolutionized endpoint security by delivering AI-powered threat prevention, today announced an alliance to protect enterprises with predictive AI-based security solutions and specialized services.
NanoLock’s Lightweight, Unbreakable Security and Management Platform Sets New Standard for IoT Security Solutions (BusinessWire) NanoLock Security today unveiled the industry’s most comprehensive lightweight, unbreakable security and management platform purpose-built for the Internet of Things (IoT) and Connected Devices ecosystem.
Hustle Becomes First and Only Peer-to-Peer Messaging Platform to Achieve SOC 2 Type II Compliance, Reaffirming Its Commitment to Keep Clients' Data Secure (PRNewswire) Hustle, the leading peer-to-peer relationship platform used by political campaigns, advocacy organizations, universities and international enterprise clients alike, announces today it has achieved SOC 2 Type II compliance.
Secure Channels Inc. Launches Patented SUBROSA© Platform to Vastly Improve Password Security with at least 65,000-Character Cryptographic Keys (PRNewswire) SUBROSA Users Select Images from Variable Grids to Develop Complex Passwords - Solution Offers Flexible Deployment through SDK or via an API Web Service
SecurityFirst™ DataKeep™ Now Delivers Most Resilient Ransomware Recovery Solution (BusinessWire) Recent additions to flagship data-centric security platform help minimize downtime with the fastest path to recovery from ransomware and other malware attacks
Infoblox Empowers Service Providers to Deliver Personalized Security Services at the Click-of-a-Button (PRnewswire) Telecommunications providers can now cost-effectively harness the value of their network intelligence
Nomadix Announces GDPR Compliance for Entire Product Line (GlobeNewswire News Room) Assures Data Protection Globally in Accordance with New Mandate
The Humble Cybersecurity Bundle offers everything you need to protect your PC for $15 (PCWorld) Humble's PC security software bundle antivirus software, a top-tier password manager, encrypted cloud backup, and more.
Waverton boosts cyber defences with Darktrace (Finextra Research) Darktrace, the world’s leading AI company for cyber defence, has today announced that Waverton, a leading investment management house, has deployed its autonomous response technology, Darktrace Antigena, to defend sensitive customer data from unpredictable cyber-threats.
RiskIQ and Precise Technologies enter into a distribution agreement for META (RealWire) RiskIQ, the leader in External Threat Management, today announced that it has signed Precise Technologies to be their distributor in the Middle East, Turkey and Africa (META) market, excluding South Africa
Technologies, Techniques, and Standards
Data Governance Best Practices in the GDPR Era (BankInfo Security) GDPR requires organizations to "have a governance model in terms of access and control and accountability," says Matt Lock of Varonis, who describes
How GDPR has changed companies' data retention policies (Cyberscoop) Vera CEO Ajay Arora talks about how data security practices have changed after GDPR has gone into effect.
Must Have Factors of a Mobile Security Policy (Infosecurity Magazine) Tips on how to build a mobile security policy.
Stronger, fitter, better (Deloitte Insights) Despite the perception that crises are becoming more frequent, a 2018 Deloitte study finds that organizations’ confidence exceeds crisis preparedness.
Keep an Eye on Your Security Technology Portion Size (SecurityWeek) Keeping an eye on our security technology portion size is an important part of maturing a security program and bringing it closer to its goals.
Ask the Experts: How to Win Cybersecurity Buy-in From the Board (Infosecurity Magazine) Ask the Experts: How to Win Cybersecurity Buy-in From the Board
How white hat hackers can tell you more than threat intelligence (SearchSecurity) With the rise of new zero-days, vulnerabilities and attack techniques comes the realization that traditional threat intelligence doesn't tell you everything. Guest expert David Geer explains how a need for white hat hackers stems from this lack of communication.
How the Army will plan cyber and electronic warfare operations (C4ISRNET) New Cyber and Electromagnetic Activities cells have been stood up in each brigade to help provide targeting options and capabilities for commanders.
Air Force eyes new cyber training facility in Florida (Fifth Domain) The demand for cyber training has increased substantially in recent years, so much so that the 39th Information Operations Squadron had to build another building.
The Air Force’s flight school, but for cyber (Fifth Domain) As the Air Force expects cyber to play a critical role in future conflicts, schools like the 39th Information Operations Squadron become increasingly important in preparing airmen for that battlespace.
The course load for the Air Force’s cyberwarriors (Fifth Domain) The Air Force's 39th Information Operations Squadron and its detachment at Joint Base San Antonio – Lackland address the increasing need for cyber training by co-locating and integrating the training community with operators.
Design and Innovation
Disruptive technologies in fintech to watch (Help Net Security) Research found a wealth of positive changes stemming from emerging technologies in the fintech space: data mining, decentralised apps, quantum computing.
Academia
Opinion | Congress wants DeVos to investigate Chinese research partnerships on American campuses (Washington Post) Huawei has 50 research partnerships in the United States that could post a national security risk
Legislation, Policy, and Regulation
US Cyber Command outlines policy of ‘defending forward’ (Public Technology) The US Cyber Command has outlined its vision of “seizing and maintaining the tactical and operational initiative in cyberspace”.
Superiority in Cyberspace Will Remain Elusive (FAS) Military planners should not anticipate that the United States will ever dominate cyberspace, the Joint Chiefs of Staff said in a new doctrinal publication. The kind of supremacy that might be achievable in other domains is not a realistic option in cyber operations.
The EU’s Terrible, Internet-Wrecking Copyright Plan Lurches Forward (Motherboard) While not yet a law, the EU’s plan for unreliable internet filters and expensive link taxes continues to make progress.
New Bill Aims to Prevent the Next Kaspersky, ZTE (Nextgov.com) The bill would establish an interagency commission to help vet supply chain cybersecurity risks.
Congress Trying to Protect the Federal Government From ZTE (Bloomberg.com) Lawmakers are quietly taking steps to prevent cyber intrusions from the Chinese telecommunications giant ZTE and other foreign firms. So far, at least four of the Senate’s fiscal 2019 spending bills have provisions aimed at ensuring federal agencies under their jurisdiction avoid equipment that could facilitate cyber crimes. Bloomberg Government’s Nancy Ognanovich looks at the issue with Nancy Lyons in the Bloomberg 99.1 Washington newsroom.
Trump, GOP fail to agree on divisive Chinese telecom (Fifth Domain) President Donald Trump continues to meet with Senate Republicans to fight for the survival of ZTE, a Chinese telecommunications company Congress fears might threaten America's cybersecurity.
Senate rejects Trump’s plan to lift ZTE export ban (Ars Technica) Trump is seeking to lift the export ban as a "personal favor" to China.
California legislators stealthily ‘eviscerate’ state’s net neutrality bill (TechCrunch) A group of legislators in California have sneakily but comprehensively "eviscerated" the state's imminent net neutrality bill, removing a huge amount of protections in a set of last-minute amendments. State Senator Scott Wiener called the hostile rework of the bill "outrageous."
AT&T Trickery Helps Kill California’s Looming Net Neutrality Law (Motherboard) AT&T leaned heavily on California lawmakers, using procedural trickery and misleading studies to severely weaken and ultimately kill a once-promising state net neutrality law.
AT&T Is Terrified of California’s Proposed Net Neutrality Legislation (Motherboard) The bill would negate many of the competitive advantages AT&T is trying to get with its Time Warner takeover.
A Federal Policy Loophole Is Supporting the Hacking-for-Hire Market. Can It Be Closed? (Slate Magazine) Should the government be able to circumvent its own process for disclosing security vulnerabilities?
Litigation, Investigation, and Law Enforcement
Tesla Alleges Former Employee Stole Confidential Data (Wall Street Journal) In a lawsuit, car maker says former employee hacked into computer system to steal company data and send it to an unnamed third party
Tesla sues former employee for $1 million over trade secret theft (TechCrunch) Tesla is suing a former employee for $1 million, alleging the man hacked the company’s confidential and trade secret information and transferred that information to third parties, according to court documents. The lawsuit also claims the employee leaked false information to the media. The lawsuit a…
Brexit row: GCHQ chief stresses UK's role in foiling European terror plots (the Guardian) Jeremy Fleming’s comments can be seen as riposte to EU threats to end UK access to security databases
Peter Strzok escorted out of FBI building (Washington Times) FBI agent Peter Strzok has agreed to testify before the House Judiciary Committee
Massachusetts Man Pleads Guilty to ATM Hacking (SecurityWeek) Argenys Rodriguez pleaded guilty to his role in an ATM “jackpotting” operation that compromised an ATM with malware to dispense $20 bills.
TNReady issues were vendor's fault, not cyber attack, Tennessee officials say (The Tennessean) TNReady issues that Tennessee officials feared was a cyber attack this spring instead originated with an unauthorized change the state's vendor made.