Atlanta: concluding observations from SecurityWeek's 2018 ICS Security Conference
Consequences, models, and other notes on ICS security (The CyberWire) The value of models, some comparative numbers, and the perennial importance of paying attention to the basics.
Cyber Attacks, Threats, and Vulnerabilities
Facebook Removes Fake Accounts That Originated in Iran (BloombergQuint) Facebook removed 82 fake pages, accounts, groups originating in Iran to clean up its network ahead of U.S midterm elections.
Taking Down Coordinated Inauthentic Behavior from Iran (Facebook Newsroom) Today we removed multiple Pages, groups and accounts that originated in Iran for engaging in coordinated inauthentic behavior on Facebook and Instagram.
Russian disinformation on Facebook targeted Ukraine well before the 2016 U.S. election (Washington Post) Activists, officials and journalists from countries who reported abuses years earlier say Facebook took little or no action, according to an investigation for a new documentary.
How Russia, China and Iran spread propaganda in the US (Fifth Domain) Russia, China and Iran have taken different approaches in their disinformation campaign targeting the U.S., according to experts and American officials.
China Telecom accused of exploiting points-of-presence to conduct internet espionage (Computing) Series of BGP hijackings by China Telecom are no accident, warn authors of new Military Cyber Affairs repor
China has been 'hijacking the vital internet backbone of western countries' (ZDNet) Chinese government turned to local ISP for intelligence gathering after it signed the Obama-Xi cyber pact in late 2015, researchers say.
Bloomberg’s ‘bombshell’ (or dud) on Chinese espionage: Even if true, what’s new? (AEI) We are now three weeks past the publication of Bloomberg Businessweek’s “bombshell” story that claimed that groups associated with the Chinese military had managed to introduce malicious server chips during the manufacturing process in China. According to Bloomberg, the tiny chip corrupted thousands of servers that were subsequently used by some 30 US companies, including Apple and Amazon.
Amazon Reportedly Pulls Ads From Bloomberg Following Hacking Story (Fortune) The news comes after Bloomberg published a story alleging Amazon and Apple's products were hacked by China.
North Korea blamed for two cryptocurrency scams, five trading platform hacks (ZDNet) Two new reports support FireEye's characterization that North Korea is "the most destructive cyber threat right now."
FBI to private industry: Attribution won’t deter North Korean hacking - Cyberscoop (Cyberscoop) The FBI has told American companies that North Korean government hackers will continue to target financial institutions worldwide despite the U.S. government’s public attribution of such activity to Pyongyang.
Narwhal Spider APT group using steganography to deliver URLZone malware to Japanese victims (Cyware) The URLZone malware is currently being used by a threat group called Narwhal Spider to target victims in Japan. The campaign targeting Japan was spotted using a combination of steganography and malicious PowerShell.
The Resilient Satori Botnet (The Art of Transforming Network into Networking) In 2018, Satori was starting to add capabilities to exploit Claymore cryptocurrency miners in addition to the IoT exploits it had used in late 2017.
'Remini' App Used by Schools Left Personal Info Open to the World (Motherboard) The API exposed the profile photos of children, as well as email addresses, phone numbers, and milestones parents and educators use the app to preserve.
Fortnite Scams Are Even Worse Than You Thought (WIRED) YouTube videos with millions of views. Nearly 5,000 bogus websites. V-Bucks scammers have gotten out of control.
Same Old yet Brand-new: New File Types Emerge in Malware Spam Attachments (TrendLabs Security Intelligence Blog) Cybercriminals make use of old file types in brand-new ways in spam attachments, proving that they are regularly experimenting to evade spam filters.
BianLian - from rags to riches, the malware dropper that had a dream (ThreatFabric) BianLian, or when a threat actor realizes that he can make more money by transforming his dropper into banking malware.
Hacker creates seven new variants of the Mirai botnet (Security Boulevard) In September 2016, Twitter, CNN, Spotify, and many others were knocked offline by the biggest DDoS attack in history. Today we know it by the name Mirai, but no one would have imagined at the time that this attack was coming from a herd of Internet of Things (IoT) devices cobbled together to form a botnet.
Android device firmware cheats Chinese ad networks (Security Boulevard) After publishing our story about pre-installed malware on Android devices, we continued to analyze the firmware images of cheap Android devices. It is a rather sad endeavour, as our statistics put pre-installed malware as one of the top infection vectors. But, today we have a bit of a lighter story.
Malware using Excel XLAM Excel Macro enabled addins to bypass protections (My Online Security) We have been noticing a change in the malware delivery pattern with Lokibot ( and possibly other malware) over the last few days. Instead of using the more normal Excel file extensions like XLS or…
Cobalt Group tries to slip malicious PDFs past bank employees, researchers say (Cyberscoop) A financially-motivated hacking group is targeting bank employees across the globe, according to research from cybersecurity company Palo Alto Networks.
Cymulate Finds Logical Bug in Microsoft Office Suite – Word Embedded Video Code Execution (AP NEWS) Cymulate , a leading provider of Breach & Attack Simulation (BAS) solutions and a Gartner 2018 Cool Vendor, announced today it has uncovered a security flaw in Microsoft Office Suite which may affect Word users.
These bot shoppers are every sneakerhead's nightmare (CNET) Security researchers have to contend with millions of bot attacks every day. The most persistent irritant? Shoes.
Cathay Enlists Firm Once Sued for Data Breach to Help After Hack (Bloomberg) Experian hired to track identity theft after hack at Cathay. Customers question delay in disclosing the breach of systems.
Canadian Crypto-Exchange Shutters After $6m ‘Hack’ (Infosecurity Magazine) Canadian Crypto-Exchange Shutters After $6m ‘Hack’. Commentators suggest exit scam
Cyber firm claims to have hacked into Democratic fundraising files in Maryland (ABC News) A cyber firm claimed on Wednesday to have hacked into poorly protected Democratic fundraising files in Maryland.
More than just a Data Breach: a Democratic Fundraising Firm Exposure (Hacken Blog) What happens when no proper cybersec check is performed? Confidential customer data becomes exposed to all Internet users! A Maryland-based Democratic fundraising firm didn't set a password to their database. Hopefully, Hacken's specialist found a vulnerability and prevented the catastrophe.
Foley & Lardner Faced Cyber Event, But Says Data Is Safe (Law360) Foley & Lardner LLP was hit with a cyber event that disrupted its IT systems this past week, Jill Chanen, a firm spokesperson, said in an email Friday.
Girl Scouts Alerted to Possible Data Breach (Infosecurity Magazine) Girl Scouts Alerted to Possible Data Breach. Thousands may have been affected in Orange County
Cyber Trends
Fifth of US Consumers Never Return to Breached Brands (Infosecurity Magazine) PCI Pal research highlights importance of good security
Organizations feel ready to put highly sensitive data in the cloud (Help Net Security) Many corporate employees are ready to store highly sensitive data in the cloud. However, many are still skeptical of the security posture of their own
Marketplace
China's ZTE to fall to $1bn loss after year of fines (The Telegraph) Chinese smartphone and telecoms company ZTE expects to post a $1bn (£780m) loss after a damaging year that has seen it hit by huge fines from the US over breaking economic sanctions.
IBM to acquire software company Red Hat for $34 billion (Yahoo) The transaction is by far IBM's biggest acquisition. It underscores IBM Chief Executive Ginni Rometty's efforts to expand the company's subscription-based software offerings, as it faces slowing software sales and waning demand for mainframe servers. IBM, which has a market capitalization
IBM to Acquire Red Hat for About $33 Billion (Wall Street Journal) IBM agreed to buy software-and-services company Red Hat for about $33 billion, a deal that Chief Executive Ginni Rometty hopes will boost a cloud-computing business central to an effort to revive the tech giant.
IBM swoops on Red Hat in 'game-changing' $34bn deal for cloud market (The Telegraph) Computing giant IBM has leapfrogged rivals Amazon and Microsoft to become the largest hybrid cloud provider with a $34bn deal to buy software company Red Hat.
Forget Watson, the Red Hat acquisition may be the thing that saves IBM (TechCrunch) With its latest $34 billion acquisition of Red Hat, IBM may have found something more elementary than “Watson” to save its flagging business. Though the acquisition of Red Hat is by no means a guaranteed victory for the Armonk, N.Y.-based computing company that has had more downs than …
IBM is betting the farm on Red Hat — and it better not mess up (TechCrunch) Who expects a $34 billion deal involving two enterprise powerhouses to drop on a Sunday afternoon, but IBM and Red Hat surprised us yesterday when they pulled the trigger on a historically large deal. IBM has been a poster child for a company moving through a painful transformation. As Box CEO (and…
Gab forced offline over apparent tie to Pittsburgh synagogue shooter (Ars Technica) PayPal, Medium, Joyent, and GoDaddy all denied Gab service over the weekend.
Cyber Saturday: Roundup of Reader Reactions to Facebook's 'War Room' (Fortune) Your weekend brief on code-makers and codebreakers.
Microsoft executives remain committed to supplying tech to military - including AI (Computing) President Brad Smith explained Microsoft's controversial decision in an open letter
Products, Services, and Solutions
Netwrix unveils new Netwrix Auditor for Network Devices (Netwrix) The new Netwrix Auditor for Network Devices enables stringent control over user activity around Cisco and Fortinet infrastructures
Longview™ Partners with GlobalSign and Intrinsic ID to Deliver Robust and Comprehensive IoT Security (Global Sign) Built from the ground up with integrated security, Longview is a complete IoT solution
Mimecast provides an ‘invisible cloak of security’ for UAE law company (Intelligent CIO Middle East) With an increase in sophisticated cyberattacks against its network a leading UAE law firm realised it was time to take action. As a result, Fichte & Co. implemented Mimecast Secure Email Gateway with Targeted Threat Protection, which the company’s CIO Matthew James Peet describes as: ‘like an invisibility cloak, it is so effective.’ When […]
Sophos appoints Tech Data in regional cyber security push (Channel Asia Singapore) Sophos has entered into strategic channel partnership with distributor Tech Data across five key ASEAN markets.
Opus and Grant Thornton Team Up to Help Understaffed Risk Departments (PRWeb) Opus, a leading provider of global compliance and risk management solutions, and professional consulting services firm Grant Thornton LLP have jointly launched O
Bring visibility to shadow APIs and ensure that security standards are being met (Help Net Security) Shadow APIs are a category of backend APIs hidden from the views of traditional security tools. They often run on infrastructure in the public cloud.
Copy of Chinese Spy Chip Used in Security Training (Infosecurity Magazine) New infrastructure-security combat training offered by CYBERGYM encompasses advanced forensics analysis.
Technologies, Techniques, and Standards
How To Prevent Your Business Becoming Collateral Damage Of Geopolitical Cyber Conflict (Forbes) The democratization of cyberwarfare may have blurred the boundaries between cybercriminal and nation-state actor, but business remains firmly in the firing line. So how do you prevent your organization from becoming collateral damage during these times of increasing geopolitical cyber conflict?
What can we do to tackle today’s phishing epidemic? (Barracuda) Phishing offers a great ROI for cybercriminals, but there are some simple things you can do to protect yourself. Phil Muncaster has details in this post.
What the American Bar Association’s Formal Opinion 483 Means for Lawyers (Cooley) Last week, the American Bar Association’s (“ABA”) Standing Committee on Ethics and Professional Responsibility (the “Committee”) issued Formal Opinion 483 (the “Opinion”) that sets forth the ABA’s …
How to protect your organization from insider threats, the #1 risk for data loss (Help Net Security) If the breaches of the last 24 months have taught us anything - it’s that insider threats are a cause for equal if not greater concern.
How to Secure Your WiFi Network (The Mac Security Blog) Whether at home or at work, your wifi network is the gateway to the internet. While it lets your devices reach out into the world, it can also let hackers get into your network, potentially comprom...
Ghouls of the Internet: 6 Tips to Help Protect Your Family from the Digital Threats of Scareware and Ransomware (McAfee Blogs) Seasonally, it's a spooky time of year but our digital realities can sometimes be even more frightening. Scareware or ransomware attacks can cause individuals and businesses incredible emotional and financial distress. Here are 6 ways to help safeguard your family online.
Here's What U.S. Companies Need to do NOW for GDPR Compliance, Accordi (PRWeb) The GDPR regulation for compliance for controllers and processors has effectively passed. The deadline of May, 2018, has come and gone for thousands of North American
Design and Innovation
DeepPhish: Simulating Malicious AI to Act Like an Adversary (Dark Reading) How researchers developed an algorithm to simulate cybercriminals' use of artificial intelligence and explore the future of phishing.
Pentagon ‘Rebel Alliance’ Uses Hacking to Find Cyber Skywalkers (Bloomberg Government) The Defense Department’s digital team is launching a series of new hacking-centric initiatives in the hopes of recruiting skilled cybersecurity professionals – from both outside the Pentagon and among its active-duty members.
Legislation, Policy, and Regulation
Forget Russia: Is Finland the Hybrid Warfare Champion? (The National Interest) At the very least, Helsinki is making some progress. Here's the latest.
China’s Nightmare Homestay (Foreign Policy) In Xinjiang, unwanted Chinese guests monitor Uighur homes 24/7.
Regulation could 'backfire' and break up the UK crypto market, MPs warned (The Telegraph) Attempts to tame the “wild west” of digital currencies will backfire and damage the UK fintech market, experts have warned.
Feds Expand Security Researchers' Ability to Hack Without Going to Jail (Motherboard) "No researcher wants to end up in jail for discovering a vulnerability."
Microsoft to honour data localisation requests from governments (News Minute) Over 1.2 billion people use Microsoft Office in 140 countries and 107 languages around the world so the task to safeguard their data is humongous.
White House Sets Deadlines for Agencies to Protect Their Digital Crown Jewels (Nextgov.com) The new guidance also requires agencies to justify buying cyber monitoring tools that aren’t vetted by Homeland Security.
Litigation, Investigation, and Law Enforcement
No evidence from UK on cyber attack allegations: Russian embassy (UNI) In a statement given to the press, the Russian embassy to the United Kingdom said that it had not received any proof from the British officials to corroborate the claims of cyber attacks allegedly carried out by Russia against the UK infrastructure.
FBI Investigation Out of NY Leads to South Florida Pipe Bomb Suspect (New York Law Journal) The FBI has arrested 56-year-old Cesar Sayoc Jr. of Aventura Florida in connection with a string of packages containing explosives that were mailed to various public figures including former U.S. President Barack Obama and former Secretary of State Hillary Clinton.
How Feds Tracked Down Mail Bomb Suspect Cesar Sayoc (WIRED) At a press conference Friday, officials detailed how they identified Cesar Sayoc, who has been arrested in connection with a series of mail bombs targeting prominent liberals and CNN.
Mail bomb suspect made numerous references on Facebook to Russian associates and echoed pro-Kremlin views (Washington Post) The now deleted Facebook account belonging to Cesar Sayoc, the man charged with sending pipe bombs to prominent Democrats this week, discussed his “Russian brothers” and posted video links aligned with Russian views on the Syrian war. Sayoc’s Russian-themed discussions began abruptly in 2015. But the meaning and motive of the posts, many of them rambling and hard to understand, are not clear. The Washington Post obtained the posts from a researcher who collected them before Facebook deleted the account.
For the record, I didn’t vote for Donald Trump, says Pittsburgh synagogue killer (Times) A social media profile of Robert Bowers, the suspect charged with 11 counts of murder, after the synagogue shooting in Pittsburgh yesterday, was removed shortly after the wounded gunman was...
Synagogue Shooting Suspect's Anti-Semitic Gab Posts Are Part of a Pattern (WIRED) It may never be entirely clear why Cesar Sayoc and Robert Bowers chose to carry out violent attacks. But their social media activity, on places like Gab and Twitter, mirrors a broader increase in anti-Semitism on the internet.
Qualcomm claims $7bn in royalties from Apple (Computing) Qualcomm's claims follow on from 2017 Apple patent demand
Microsoft's Digital Crime Unit busy catching cyber thugs in India (The Economic Times) Microsoft has a digital crime unit which is working round-the-clock to check cyber crimes.
California Will Pause Net Neutrality Law for Federal Suit (WIRED) The delay could stretch into years, while a lawsuit challenging the FCC's order repealing net neutrality rules is resolved.
Satori botnet author in jail again after breaking pretrial release conditions (ZDNet) Still unclear what Nexus Zeta has done, but he's now incarcerated in the SeaTac detention center.
Mirai botnet hacker ordered to pay $8.6 million in damages (Reuters) A 22-year-old hacker was ordered on Friday to pay $8.6 million in damages and se...
Mirai Co-Author Gets 6 Months Confinement, $8.6M in Fines for Rutgers Attacks (KrebsOnSecurity) The convicted co-author of the highly disruptive Mirai botnet malware strain has been sentenced to 2,500 hours of community service, six months home confinement, and ordered to pay $8.6 million in restitution for repeatedly using Mirai to take down Internet services at Rutgers University, his former alma mater.
Two Alleged Hackers Indicted for Lynda Breach (PYMNTS.com) Following a data breach at learning platform Lynda in 2016, two hackers were indicted in Florida this month on charges of extortion and hacking. One alleged hacker lived in Florida, while the other was a Canadian citizen who was a Toronto resident, according to reports. The two individuals allegedly were able to get a hold […]
Kilgore police arrest ex-student in school social media threats (Longview News-Journal) Longview police are investigating a new threat on Snapchat aimed at Longview High School students and planned to boost police presence at Friday night's football game.