Cyber Attacks, Threats, and Vulnerabilities
Analysis | An Indian nuclear power plant suffered a cyberattack. Here’s what you need to know. (Washington Post) Authorities don't seem to understand the real threat from cyberoperations.
Cyber attack hits Spanish companies including radio network (Reuters) A cyber attack has hit Spanish companies including Cadena SER radio, Spain'...
Ransomware Attacks Hit Everis and Spain's Largest Radio Network (BleepingComputer) Everis, an NTT DATA company and one of Spain's largest managed service providers (MSP), had its computer systems encrypted today in a ransomware attack, just as it happened to Spain's largest radio station Cadena SER (Sociedad Española de Radiodifusión).
India state denies WhatsApp hack amid outrage (BBC News) The names of those targeted have caused activists to accuse the government of involvement.
India’s slow churn into a surveillance society (Gulf News) Reports of snooping into WhatsApp of top rights activists, politicians has come as a shock
()
Concerns rise over possibility Chinese could use TikTok to collect troops’ data (Military Times) The Treasury Department has opened a review into whether TikTok, a Chinese-owned social media platform, is a national security threat.
Your hacked Facebook account may be bankrolling scam ad campaigns (CNET) One campaign tried to use a person's credit card to spend $10,000 a day on Facebook scam ads.
Hackers Can Use Lasers to ‘Speak’ to Your Amazon Echo (Wired) By pointing lasers tuned to a precise frequency at a smart assistant, researchers could force it to unlock cars, open garage doors, and more.
Report: Asus Router App Leaks Customer Data and Exposes Alexa Users (vpnMentor) Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a data leak in the AsusWRT, a web-based app from Asus that allows
Vendor Email Compromise is Latest Identity Deception Attack (SecurityWeek) Vendor email compromise is a troubling new trend in which fraudsters use hijacked employee email accounts to target not just one company, but entire supply chain ecosystems.
To Err is Human. To Squat is Criminal (SecurityWeek) Lookalike domain names are often used in a phishing emails, masquerading as a link to a legitimate website and encouraging the recipient to click.
Vulnerability Summary for the Week of October 28, 2019 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerability Summary for the Week of October 28, 2019 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security community tools help intruders (TechRadar) Are researchers helping criminal groups?
Security Patches, Mitigations, and Software Updates
EU patches 20-year-old open source vulnerability (ComputerWeekly.com) Ethical hackers taking part in a bug bounty programme on behalf of the European Union have uncovered a 20-year old, previously undiscovered vulnerability
Cyber Trends
Top 9 Cybersecurity Trends for 2020 (Booz Allen) Get expert insights into the cyber threats that could change the face of cybersecurity in 2020.
Security Threat Report for 2020. (Sophos) See what is ahead for cybersecurity in 2020 with the annual Sophos Security Threat Center report.
Avira CEO: Smart Devices Creating an Exponential Increase in Online Security Threats (Precise Security) Travis Witteveen, the CEO of Avira Antivirus, kindly agreed to talk to PreciseSecurity.com about the main challenges the industry is currently facing.
FireEye Research Reveals 51% of Organizations Don’t Believe They are Ready for or Would Respond Well to a Cyber Attack or Breach (FireEye) Inaugural FireEye Cyber Trendscape Report provides direct insights to help organizations benchmark their cyber security initiatives
Europol: Spear phishing the most prevalent cyber threat affecting orgs across the EU (Help Net Security) Spear phishing is the number one attack vector and enabler for the vast majority of cybercrimes, a Europol report reveals.
Risky transactions on mobile devices increase 138% since 2017 (Help Net Security) Since 2017, the percentage of suspected fraudulent transactions from mobile devices increased 138%, iovation survey reveals.
Can You Trust Security Vendor Surveys? (SecurityWeek) Given the difficulties in designing, conducting and interpreting vendor surveys, it is necessary to question the value of them, both individually and collectively.
Marketplace
Sumo Logic acquires JASK to fill security operations gap (TechCrunch) Sumo Logic, a mature security event management startup with a valuation over $1 billion, announced today that it has acquired JASK, a security operations startup that raised almost $40 million. The companies did not share the terms of the deal. Sumo’s CEO Ramin Sayar says the combined compani…
JASK buy may boost security analytics in Sumo Logic SIEM (SearchITOperations) Consolidation between IT monitoring and security operations tools continues as Sumo Logic folds in JASK, which some customers hope will improve its SIEM security analytics and keep pace with Elastic and Splunk.
Akamai Technologies Completes Acquisition of Exceda (PR Newswire) Akamai Technologies Inc., (NASDAQ: AKAM), the intelligent edge platform for securing and delivering digital...
Thrive Expands into the Mid-Atlantic with EaseTech (PR Newswire) Thrive, a premier provider of NextGen Managed Services, is proud to announce that it has acquired EaseTech, a...
()
New DISA Contracts To Focus On Cell Phone Protection (Breaking Defense) DISA will offer industry multiple contract opportunities to provide third-party tools to defend against malware and Zero Day attacks.
What Cisco's chief information security officer says about risk (Silicon Valley Business Journal) Steve Martino describes his role as Cisco Systems’ chief information security officer as being the “voice of balance” — helping the business balance risk management with its need for revenue growth.
Mimecast opens new London headquarters in Broadgate (West) Mimecast services limited, a leading email and data security company, announced the opening of its new UK head-office in 1 Finsbury Avenue at Broadgate in London.
Products, Services, and Solutions
Qualys and Microsoft Partner to Help Customers Secure Azure (Qualys) Embedded integration provides built-in security for Azure workloads and container orchestration with no software to deploy or update
Fortinet Expands Integration of Cloud Security Offerings with Microsoft Azure to Provide Advanced Protection (West) Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, today announced the expansion of the Fortinet Security Fabric’s dynamic-cloud security offerings with Microsoft Azure, providing customers with an easier way to connect, manage and protect their cloud workloads on Microsoft Azure.
Secureworks® SaaS Application Helps Customers Detect Even More Threats with Microsoft Defender Advanced Threat Protection (Secureworks) Secureworks' cloud-native Red Cloak™ Threat Detection & Response uses Microsoft Defender Advanced Threat Protection to improve detection of advanced attacks across endpoints, networks, cloud and business systems.
IGEL’s Linux-Based Edge OS to Support Microsoft Windows Virtual Desktop (IGEL) IGEL, provider of a next-gen edge OS for cloud workspaces, today announced from Microsoft Ignite that its Linux-based IGEL OS will support Microsoft Windows Virtual Desktop customers, enabling enterprises to centrally manage, control and secure thousands of endpoint devices. As a supporting vendor for Microsoft Windows Virtual Desktop value-added partner…
WatchGuard Brings Secure Wi-Fi to the Outdoors with New Ruggedized Wi-Fi Access Point (West) The WatchGuard AP327X is a new IP67-rated Wi-Fi access point (AP) with four N-Type connectors to support a variety of external antennas.
Nets enables mobile payments for OmaSp customers (Front page) Payments carried out with smartphones are becoming more common by the day and mobile payment solutions are now expected to be part of basic service offering of banks. Nets’ Life Cycle Management services enable fluent deployment of mobile payments both for banks and their clients, at the same time freeing issuers’ resources.
RedSeal Expands Hybrid Network Modeling Capabilities to Include Google Cloud Platform (West) Organizations can see access and prioritize vulnerabilities across network environments
Rippleshot Gives Community Banks and Credit Unions Competitive Edge with AI-Driven Fraud Protection (West) Rippleshot, a fraud analytics software company, has launched Rules Assist™, an AI-driven decision rules analytics solution to empower community banks and credit unions in the fight against emerging fraud trends.
Fingerprints - Fingerprint Cards launches plug & play biometric sensor module for the access control market (Fingerprints) Easy-to-integrate module minimizes time to market for physical and logical access
Powershell v6.2 Beginners Guide and TutorialArtificial Intelligence and Machine Learning for the fundaments of 5G Network Monitoring (PRWeb) A majority of attacks take advantage of outdated systems and third-party applications, exploiting known vulnerabilities. On May 24, 2019, threat intelligence
VMware Workspace ONE Delivers Day Zero Employee Experiences, Enabling IT and HR to Accelerate New Hire Time to Productivity (West) End-to-end Zero Trust Access Control and Privacy Guard Encourage Employee Engagement
VMware Expands Reach of VMware Cloud on AWS for Cloud Providers and MSPs with VMware Cloud Director Service (West) New SaaS Solution Brings Multi-Tenancy to VMware Cloud on AWS,
VMware and Microsoft Continue to Partner to Deliver Greater Impact to Customers Across Client, Cloud and Data Initiatives (West) VMware Introduces Workspace ONE for Microsoft Endpoint Manager to Enable Modern Management for Windows 10
VMware Unveils Project Maestro, A Telco Cloud Orchestrator, To Help CSPs Accelerate Multi-Cloud Operational Agility (West) Cloud-First Solution Will Unify Orchestration and Automation Across Any Network and Any Cloud
VMware SD-WAN Delivers a Comprehensive Secure Access Services Edge (West) VMware’s Unique Hyperscale SD-WAN Architecture Enables High Performance and More Secure Connectivity to a Network of Cloud Services Powering the Distributed Enterprise
VMware Cloud On AWS Helps Customers Across Europe Migrate and Modernize Applications (Yahoo) Today at VMworld 2019 Europe, VMware, Inc. (NYSE: VMW) announced VMware Cloud on AWS will be launching in the AWS EU (Stockholm) region,.
VMware Announces New Security Solutions to Bring Intrinsic Security to the Modern Distributed Enterprise (West) VMware Empowers Customers to Implement Security that Delivers Automated, Pervasive, and Proactive Protection to Critical Apps, Data and Users Regardless of Where They Reside
In new AI platform, Booz Allen sees alternative to the 'Black Box' (Washington Technology) Booz Allen Hamilton has pulled the cover off its new artificial intelligence platform and wants clients to know exactly what they are getting after all is revealed.
Malwarebytes 4.0 Released With New UI and Scanning Engine (BleepingComputer) Malwarebytes has released version 4.0 of their flagship antivirus product and with it comes a new scanning engine, a new user interface, threat statistics and more.
Garland Technology Provides Added Resiliency for High Speed Networks with New EdgeSafe(TM): 100G Bypass Modular Network TAP (Olean Times Herald) Garland Technology, a leading provider of network test access point (TAP), packet broker, and cloud visibility solutions, today announced the release of the
Stratejm, North America's Premier Security-As-A-Service (SECaaS) Platform Provider, Announces Partnership with CyGlass to Expand its Security Service Portfolio (PR Newswire) CyGlass Inc., a SaaS AI-driven network-centric threat detection solution, and Stratejm Inc.,...
Cybera and Apex Join Forces to Accelerate Time-to-Profit for Retailers (PRWeb) Cybera, the leader in SD-WAN application network and security services for the network edge, is partnering with Apex Supply Chain Technologies to delive
Appdome and VMware Partner to Help Customers Accelerate Digital Transformation (PR Newswire) VMworld Europe 2019 -- Appdome, the mobile industry's first no-code mobile solutions platform,...
Technologies, Techniques, and Standards
On the front line in Europe’s war against Russian election interference (The Telegraph) As another General Election looms, the battle for No 10 will fundamentally be fought and won online.
A Plan to Engage Hackers in Election Security (Nextgov.com) The Information Technology-Information Sharing and Analysis Center wants to create a coordinated vulnerability disclosure program that could alert vendors about security flaws in their voting systems.
How RackTop Systems is looking into election data security (Yahoo) As we sit just one year away from the highly anticipated 2020 Election, some tech and security experts are growing worried over how the government, political party sectors, and social media companies are working to secure election data going forward. RackTop Systems CEO Eric Bednash discusses with Yahoo Finance's Jen Rodgers and Myles Udland.
Analysis | The Cybersecurity 202: Feds and police are war-gaming all the ways an election can be hacked (Washington Post) Voting machines aren't the main target.
As Dominion, others target 80-year nuclear plants, cybersecurity concerns complicate digital upgrades (Utility Dive) Nuclear reactors need new digital controls as part of a push to avoid retirement, but cybersecurity concerns and high costs complicate the transition from analog.
Pentagon publishes AI guidelines (Naked Security) As the specter of warrior robots looms large, the Pentagon has published a set of ethical guidelines for its use of artificial intelligence.
People are the very first element in a pragmatic cybersecurity strategy (Help Net Security) The Aventium survey findings point to the continued criticality of the human element in identifying and addressing cyber threats.
Design and Innovation
Google's quantum supremacy is real, now we urgently need quantum-safe encryption, says UKNQT's Sir Peter Knight (Computing) 'There's a lot at stake in rewiring the world in terms of encryption and we all depend on getting it right',
Legislation, Policy, and Regulation
The Zero-Day War? How Cyber is Reshaping the Future of the Most Combustible Conflicts (Nextgov.com) Recent history has shown that states often use their offensive cyber arsenals to achieve surprisingly de-escalatory effects.
US and Taiwan hold first joint cyber-war exercise (BBC News) It comes after Taiwan said it suffered millions of cyber-attacks from mainland China each month.
Russia enacts 'sovereign internet' law, free speech activists cry foul (Reuters) A law known as the "sovereign internet" bill came into force on Friday...
Hungarian minister opens door to Huawei for 5G network rollout (Reuters) Hungary's foreign minister opened the way on Tuesday for Chinese telecoms g...
FCC Freaks Out About Huawei, But Ignores The Internet Of Broken Things (Techdirt.) Despite a lack of public evidence proving Huawei spies on American citizens (the entire justifying cornerstone of the effort), the FCC this week just dramatically escalated the Trump administration's blackballing of Chinese telecom firms. In a...
Litigation, Investigation, and Law Enforcement
Russia Steps Up Efforts to Shield Its Hackers From Extradition to U.S. (Wall Street Journal) The Kremlin is resorting to prisoner swaps and coercion to keep potential cyber operatives out of U.S. hands, experts say.
Activist asks Indian court to order probe into WhatsApp over hacking scandal (Reuters) A right-wing social activist in India filed a petition asking the country's...
WhatsApp snooping row: US court issues warrants against NSO Group over spyware (India Today) The warrants have been issued in case of sending malware ‘Pegasus’ to approximately 1,400 mobile phones globally. The warrants were issue by the northern district court of California on Friday after WhatsApp filed a civil suit against the two cyber intelligence companies.
British couple who sparked Google’s £2.1bn EU fine take battle to US competition authorities (The Telegraph) US competition authorities investigating Google have taken evidence from the British company whose original complaint led to the EU’s multi-billion euro fine against the search giant.
Oregon judge ordered woman to type in her iPhone passcode so police could search it for evidence against her (Oregon Live) The Oregon Court of Appeals upheld the order for the code -- in a first-of-its-kind opinion for an appeals court in this state. It's likely to make it easier for Oregon police to gain access to contents of a suspect's cellphone.
Ocasio-Cortez Settles Twitter Blocking Case, Restoring Critic's Access but Asserting Her Right to Exclude 'Harassers' (New York Law Journal) In her statement, Ocasio-Cortez noted that she could still block other users if necessary. She has previously said she doesn’t block any constituents and had blocked fewer than 20 accounts altogether.
Tom Steyer aide resigns after stealing Kamala Harris' SC 2020 volunteer data (Post and Courier) Steyer's deputy S.C. state director Dwane Sims used his access to a voter file as a former S.C. Democratic Party staffer to export the valuable data and was promptly caught
Sit, Stay, Fight Cybercrime (The New Yorker) A yellow lab named Hannah belongs to a new group of police dogs trained to catch child pornographers by sniffing out electronics.