Cyber Attacks, Threats, and Vulnerabilities
Cyber security breach on Parliament likely a foreign government attack (ABC News) Agencies are looking into whether China is behind a security breach of Parliament House's computing network, the ABC understands.
Cyberattack Rattles Australian Parliament (Wall Street Journal) The seat of Australia’s government was hit by a cyberattack that authorities believe came from overseas, but officials said it was intercepted early and did not appear to be an attempt to influence coming national elections.
Department of Homeland Security warns of cyberattacks on third-party companies by China (Fifth Domain) Infiltrating third-party companies that store confidential details about swathes of other businesses is more efficient than targeting those firms individually, according to the Department of Homeland Security and information security analysts.
A Time To Laud In Security (Forbes) Unlike sports, cyber victories are hard to see. Everyone sees the breaches in the headlines, but what is there for those who avoided that? It's critical to take a moment and point out when a team has succeeded in the face of adversity and to learn from it, inside and out.
Qealler – a new JAR-based information stealer (Zscaler) Qealler, a new piece of malware, is written in Java and designed to silently steal credentials in infected machines. ThreatLabZ has observed a rise in the malware's activity, which was detected in the Zscaler Cloud Sandbox.
Google warns about two iOS zero-days 'exploited in the wild' (ZDNet) iOS users are advised to update to iOS 12.1.4; release which also fixes infamous FaceTime bug.
Cybercriminals bundle anti-censorship app with spyware framework (SC Media) An app that's supposed to help users access censored websites was secretly bundled with the Triout Android spyware framework last year.
Triout Android Spyware Framework Makes a Comeback, Abusing App... (Bitdefender Labs) In August 2018, Bitdefender researchers stumbled across an Android malware framework, dubbed Triout, which packed massive surveillance capabilities. Bundled with a legitimate application ripped from the official Google Play marketplace, the spyware...
Matrix Ransomware Changes The Rules Again | How Much Are You Worth? (Security Boulevard) Matrix Ransomware is now targeting the enterprise and trying to bypass security software. See what happened when we took it for a spin
Phishing by Open Graph Protocol (Security Boulevard) The Open Graph Protocol (OGP) was introduced by Facebook approximately eight years ago to give users a way to have control over the appearance of links on social media platforms.
Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions (KrebsOnSecurity) A highly targeted, malware-laced phishing campaign landed in the inboxes of multiple credit unions last week.
Social Security Scams Are a Growing Threat to Retirees (Kiplinger) As scammers get more aggressive, some types of Social Security fraud are growing exponentially. Here's what you can do to safeguard your personal data and keep fraudsters from stealing your Social Security benefits.
KeySteal could allow someone to steal your Apple Keychain passwords (Naked Security) The researcher says it works without root or administrator privileges and without password prompts. But he’s not revealing how it works to Apple because there’s no money for him in its …
Jetstar says 'no evidence' of check-in link abuse (iTnews) As researchers uncover mobile check-in link vulnerability.
'Cyber-attack' on turkey firm's workers (BBC News) Bernard Matthews says bank account details of 200 employees were "potentially compromised".
DevOps may accelerate your cloud journey, but stolen credentials could cost your business (CSO) Conventional views of credential compromise may focus on external activities such as mass credential-stuffing attacks and password-stealing malware, but new breach-compromise statistics suggest that the fast-paced adoption of cloud and associated DevOps techniques has created other vulnerabilities that CISOs still don’t fully appreciate.
Security Patches, Mitigations, and Software Updates
Apple Releases Fix for Group FaceTime Snooping Bug in iOS and macOS (BleepingComputer) Apple has released security updates for iOS and macOS that fix a severe bug in FaceTime that allowed callers to listen in, and potentially view, the people they were calling without the call being answered.
Go Update iOS Right Now to Fix That Very Bad FaceTime Bug (WIRED) Apple has just released iOS 12.1.4, which fixes a group chat FaceTime bug that let callers eavesdrop on targets.
Unlimited crypotocurrency? Zcash fixes counterfeiting flaw (Naked Security) Privacy-focused cryptocurrency Zcash has fixed a flaw that would have allowed anyone with knowledge of it to produce counterfeit currency.
Microsoft Issues Yet Another Exchange Server Security Advisory (Redmondmag) Microsoft on Monday issued Security Advisory ADV190007 concerning an elevation-of-privilege vulnerability that's present in most Exchange Server versions.
Opera adds a free VPN to its Android browser app (TechCrunch) Opera became the first browser-maker to bundle a VPN with its service, and now that effort is expanding to mobile. The company announced today that its Android browser app will begin offering a free VPN. The feature will be rolled out to beta users on a gradual basis. The VPN is free and unlimited,…
Google makes it easier for cheap phones and smart devices to encrypt your data (TechCrunch) Encryption is an important part of the whole securing-your-data package, but it's easy to underestimate the amount of complexity it adds to any service or device. One part of that is the amount of processing encryption takes — an amount that could be impractical on small or low-end devices. Google …
Cyber Trends
Latest Quarterly Threat Report (Proofpoint) The Proofpoint Quarterly Threat Report highlights the threats, trends, and key takeaways for threats we see within our global customer base and in the broader threat landscape. Download the Q4 2018 Report to get actionable intelligence you can use to: Better combat today’s attacks Anticipate emerging threats Manage your security posture
Towards an AI Economy that Works for All (Keystone Research) This is the first report of a Keystone Research Center project on the “Future of Work.” The aim is to identify public policies that could help ensure that the application and diffusion of artificial intelligence (AI) over the next several decades fosters an economy in which Americans generally thrive.
Businesses at Work 2019 (Okta) Welcome to the fifth Businesses @ Work report, an in-depth look into how organizations and people work today — exploring workforces and customers, and the applications and services they use to be productive.
Are enterprise app users growing more security savvy? (ZDNet) With new data on its users' activity, as well as survey results, Okta shows that enterprise app users are taking steps to protect their data but fall short in some key areas.
Employees Are Accessing More and More Business Apps, Study Finds (Wall Street Journal) The number of software apps deployed by large firms across all industries world-wide has increased 68% over the past four years, reaching an average of 129 apps per company by the end of 2018, according to an analysis by Okta Inc.
Marketplace
Huawei representative defends company's integrity and safety (The Straits Times) In one of the strongest public remarks ever, a senior representative of China's tech company Huawei on Thursday night (Feb 7) rebutted fear-mongering against the company...
Post-Shutdown, Are Feds Going to RSA Conference? (Meritalk) Less than two weeks after the end of the partial Federal government shutdown and with the looming threat of another such disruption coming on Feb. 15, will Federal government IT officials in large numbers be making the trip out west to the U.S.’s preeminent cybersecurity conference next month?
Apple to compensate teenager who found Group FaceTime eavesdrop bug (TechCrunch) Apple has said it will compensate the teenager who first found a security bug in Group FaceTime that allowed users to eavesdrop before a call was picked up. The bug was initially reported to Apple by 14-year-old Grant Thompson and his mother, but the family struggled getting in contact with the com…
Carbonite To Buy Endpoint Security Stalwart Webroot For $618.5M (CRN) Carbonite’s acquisition of Webroot will create an SMB-focused company that can deliver both backup and recovery as well as cloud-based cybersecurity on the endpoint.
Exclusive: Dell explores sale of cybersecurity company SecureWorks... (Reuters) Computer maker Dell Technologies Inc is exploring a sale of SecureWorks Corp, a ...
Haven Cyber Technologies acquires Onevinn (Private Equity Wire) Haven Cyber Technologies (Haven) has acquired Onevinn, a Swedish provider of Microsoft cloud security services and solutions.
Illumio Raises $65M And Expands Leadership Team With New CFO And Board Director Appointment (PR Newswire) Illumio, a cybersecurity leader delivering micro-segmentation, today announced it has closed $65 million in...
Netography Emerges with $2.6M Funding from Andreessen Horowitz to Make Network Security Self Governing (Odessa American) Netography, an autonomous network security platform that serves as an enterprise security ‘Eye in the Sky,’ today launched with $2.6M in seed funding from Andreessen Horowitz. The company aims to help security and network teams work smarter, not harder, by leveraging the wealth of real-time data produced by network devices to automatically detect and block malicious traffic to defend networks.
STEALTHbits Financially Outperforms Its Public Competitors SailPoint and Varonis (AP NEWS) STEALTHbits Technologies, Inc., a cybersecurity software company focused on protecting organizations’ credentials and data, today announced it has for the eighth time in the past 10 years outperformed the “Rule of 40,” the principle that a company’s combined growth rate and profit margin should exceed 40%.
Silicon Valley Brothers Build Billion Dollar Cybersecurity Fortunes (Fortune) Spurred by high-profile data breaches and malware attacks, cybersecurity has become a growing priority for companies.
Products, Services, and Solutions
ThreatModeler Releases Cloud Edition for Amazon Web Services (AWS) - Provides AWS Developers with Automated and Continuous Threat Management (PR Newswire) ThreatModeler™, provider of the industry's #1 Automated Threat Modeling Platform, announced today the release...
IBM’s X-Force Command Cyber Tactical Operations Center rolls into Dublin (TechCentral.ie) The Cyber Tactical Operations Center (C-TOC) from IBM’s security group X-Force Command is a fully operational security operations centre (SOC) on wheels, modelled on the tactical operations centres as used by the military and first responders’ incident command posts.
Qualifying Encoders with Akamai (Security Boulevard) Introduction The encoder qualification program was created to improve the process for vendors that wish to align themselves with Akamai network specific requirements. It is also intended to , mitigate the risk of encoder issues before using in production. A...
Microsoft security chief: IE is not a browser, so stop using it as your default (ZDNet) Internet Explorer is a 'compatibility solution' and should only be used selectively, warns Microsoft exec.
The perils of using Internet Explorer as your default browser (TECHCOMMUNITY.MICROSOFT.COM) From time to time, I am asked by customers, “How do I ensure that all web traffic goes to Internet Explorer?” In fact, I was recently asked this question by someone trying to help a hospital. Now, I understand the scenario. In healthcare (as in many other industries), it’s often the case that you’re...
Netography Leverages Network Flow Software to Identify Anomalies (Security Boulevard) Netography will offer a platform that leverages network flow software to identify anomalous behavior such as scans of an IT environment.
Spotify will now suspend or terminate accounts it finds are using ad blockers (TechCrunch) Spotify will take a harder stance on ad blockers in its updated terms of service. In an email to users today, the streaming music and podcast platform said its new user guidelines “mak[e] it clear that all types of ad blockers, bots and fraudulent streaming activities are not permitted.” Accounts t…
Instagram and Facebook will start censoring ‘graphic images’ of self-harm (TechCrunch) In light of a recent tragedy, Instagram is updating the way it handles pictures depicting self-harm. Instagram and Facebook announced changes to their policies around content depicting cutting and other forms of self-harm in dual blog posts Thursday. The changes come about in light of the suicide o…
Technologies, Techniques, and Standards
Zero-day Vulnerability Highlights the Responsible Disclosure Dilemma (SecurityWeek) A zero-day vulnerability found in a video-conferencing system and responsibly disclosed led to the response from its developers that the devices have reached End of Life.
It’s time to modernize traditional threat intelligence models for cyber warfare (Military & Aerospace Electronics) When a client asked me to help build a cyber threat intelligence program recently, I jumped at the opportunity to try something new and challenging
When 911 Goes Down: Why Voice Network Security Must Be a Priority (Dark Reading) When there's a DDoS attack against your voice network, are you ready to fight against it?
You should start using a password manager (Popular Science) Passwords are the bane of our online existence, so please consider using a system to manage and improve them for you.
Anyone want to lay claim to the USB drive found in seal poo? (Naked Security) It still works, you know. And there are photos and videos on it.
Design and Innovation
Confidential Computing Challenge (C3) (Google Cloud) In collaboration with Intel, Google Cloud is hosting a cybersecurity contest called the Confidential Computing Challenge. If you’re a developer, security researcher, or otherwise interested in developing safe apps, this is your chance to make an impact in the growing field of confidential computing.
Twitter Still Can't Keep Up With Its Flood of Junk Accounts, Study Finds (WIRED) Meanwhile, two Iowa researchers built an AI engine they say can spot abusive apps on Twitter months before the service itself.
Serious Security: Post-Quantum Cryptography (and why we’re getting it) (Naked Security) Here’s why NIST is running a competition to find algorithms for a Post-Quantum Cryptographic world…
Opinion: Reinventing cybersecurity with deep learning (Security Brief) Business continuity and financial damage are critical challenges for cybersecurity leaders today..
Apple tells app developers to disclose or remove screen recording code (TechCrunch) Apple is telling app developers to remove or properly disclose their use of analytics code that allows them to record how a user interacts with their iPhone apps — or face removal from the app store, TechCrunch can confirm. In an email, an Apple spokesperson said: “Protecting user privacy is …
Academia
IBM, SUNY Poly creating artificial intelligence center in Albany (Times Union) IBM and SUNY Polytechnic Institute are creating an artificial intelligence development lab in Albany as part of a larger, $2 billion commitment by the company to New York state that will keep IBM in Albany for years to come.
Legislation, Policy, and Regulation
The world must work together against Chinese cyber-aggression (Washington Examiner) China has sought to exploit global cyber vulnerabilities to build its network of intelligence, trade secrets, and other data. As the latest revelations about a breach of Norwegian business software firm Visma make clear, the U.S. cannot push back on China’s nefarious hacking without cooperation…
France to Tighten 5G Security: Minister (SecurityWeek) France will soon make proposals to reinforce the security of mobile telephone networks, after the US stepped up pressure on Europe to block China's Huawei from building 5G networks.
Italy denies report of Huawei, ZTE 5G ban (RCR Wireless News) Local newspaper La Stampa had reported that the Italian government was considering to implement legislation to ban these two carriers from 5G contracts
German Competition Watchdog Demands More Control for Facebook Users (SecurityWeek) Germany's competition authority says Facebook users should be asked for consent before data collected by the group's subsidiaries Whatsapp and Instagram and on third-party websites is combined with their social network account
Time to get serious about reining in Facebook (Times) During Sir Nick Clegg’s recent visit to Europe, in his role as spin doctor for Facebook, an ungenerous thought popped into my head. Does the former Liberal Democrat leader believe the rubbish he is...
Instagram to ban all graphic self-harm images from platform (The Telegraph) Instagram is to ban all graphic self-harm images from its platform following the controversy over Molly Russell’s suicide which her father blamed on the site.
Duty of Care Campaign (The Telegraph) The internet has been a liberating revolution in communications. But it is also potentially a malign one. It allows content, images and opinions that would once have been curtailed or forbidden to be easily available at the touch of a button.
Instagram boss backs Telegraph Duty of Care campaign as he announces ban on graphic self harm images (The Telegraph) The head of Instagram has become the first tech boss to back a statutory duty of care to protect children from online harms, as he announced a ban on all graphic self harm images on his site.
'It hits you in the chest': Instagram boss reveals how Molly Russell's suicide made him finally take action on self-harm images – exclusive interview (The Telegraph) Adam Mosseri, head of Instagram, admits the moment Ian Russell blamed his company for contributing to the suicide of his teenage daughter Molly was “overwhelming.
Why threats to break up Silicon Valley behemoths are useless (The Telegraph) At the turn of the millennium, in a chic hotel in Davos, executives from Microsoft gathered for a cocktail, to mingle and relax with others attending the World Economic Forum.
Senate passes anti-cyberbullying expansion; attention shifts to House (Daily Record) Senate passes bill to expand Maryland’s law against cyberbullying of youngsters, as mother of teenager who killed herself due to an online onslaught looked on.
Senators reintroduce rotational cyber workforce bill (FCW) A bipartisan group of senators has reintroduced legislation that would make it easier for cyber specialists in the federal government to detail at other agencies and lend their expertise.
Senate Bill Would Send DHS Back to Campus for Cyber Training Work (Meritalk) A new bill introduced by Sens. John Cornyn, R-Texas, Patrick Leahy, D-Vt., and Ted Cruz, R-Texas, would push the Department of Homeland Security (DHS) to work with the National Cybersecurity Preparedness Consortium (NCPC), an association of university-based training organizations, to improve cybersecurity training for state and local governments.
Litigation, Investigation, and Law Enforcement
Year Before Killing, Saudi Prince Told Aide He Would Use ‘a Bullet’ on Jamal Khashoggi (New York Times) Intercepted communications of Mohammed bin Salman are the most detailed evidence to date that the crown prince considered killing the journalist Jamal Khashoggi.
Jeff Bezos accuses National Enquirer of blackmailing him — and publishes the details himself (TechCrunch) Amazon CEO Jeff Bezos says he is being blackmailed with nude selfies by AMI, owner of the National Enquirer and reportedly protector of the President's reputation, over claims the publisher has acted as a political operative. The events feel almost as if they have been arranged by cosmic forces as …
Investigation launched into Jeff Bezos' 'd*** pic blackmail' allegations (The Independent) The probe follows allegations of extortion Jeff Bezos made in an explosive blog post
Jeff Bezos accuses National Enquirer publisher of blackmail over threat to release intimate photos (The Telegraph) The National Enquirer's parent company attempted to blackmail Jeff Bezos by threatening to publish his intimate photographs, the Amazon chief executive has alleged.
Amazon CEO Jeff Bezos accuses National Enquirer of extortion over intimate photos (Washington Post) The extraordinary allegations by the world’s richest man raised serious questions about whether a media company known for its loyalty to President Trump was engaged in legitimate newsgathering, or something more sinister.
No thank you, Mr. Pecker – Jeff Bezos (Medium) Something unusual happened to me yesterday. Actually, for me it wasn’t just unusual — it was a first. I was made an offer I couldn’t…
How to eviscerate your enemies with words, by Jeff Bezos (Quartz) Pity the Pecker who is the subject of Jeff Bezos' savage prose.
Senators Grill Facebook, Google, and Apple Over Invasive Apps (WIRED) Lawmakers want more information about Facebook’s Project Atlas program, which collected data from teens and sidestepped device makers’ privacy policies.
Paul Erickson, boyfriend of alleged Russian spy Maria Butina, indicted on fraud charges (USA TODAY) Paul Erickson, a Republican operative who dated a woman accused of spying on the U.S. on behalf of Russia, was indicted Wednesday on federal charges.
Roger Stone, facing gag order, launches counterattack (CNN) In the days since a federal judge warned Roger Stone that he could soon face a gag order, Stone has peddled conspiracy theories, claimed he can't get a fair trial and criticized the judge.
Booz Allen Made 'No Poach' Pact, Intelligence Worker Says (Law360) Booz Allen Hamilton Inc., CACI International Inc. and Mission Essential Personnel LLC illegally agreed not to hire each others' employees for intelligence contracting work at a U.S. military installation in England, a former employee alleged Thursday in a proposed class action in Ohio federal court.
Most people just click and accept privacy policies without reading them — that's a mistake (CNBC) Do you actually read privacy policies before you click accept? If you're like most Americans, probably not. But what is in those privacy policies may surprise you.