Cyber Attacks, Threats, and Vulnerabilities
Russian Army Gunner Brags, 'All Night We Pounded Ukraine' (Atlantic Council) Russian soldiers and paramilitaries post stories and pictures of their war on Ukraine
A new generation of ransomware (SecureList) Elliptic curve cryptography + Tor + Bitcoin. Ransomware is now one of the fastest growing classes of malicious software. In the last few years it has evolved from simple screen blockers demanding payments to something far more dangerous
Operation Emmental Targets Banks That Use Two-Factor Authentication (TechWeekEurope) Cyber criminal gang devises a new, complex method of hijacking SMS to steal money
Hacking virus 'Bladabindi' prowling in India, targets Microsoft Windows OS (Financial Express) Cyber security sleuths have alerted Indian Internet users against hacking attempts of a clandestine multi-identity virus
Apple confirms iOS backdoors, researcher says explanation is misleading (Help Net Security) In the wake of the discovery of undocumented features in Apple's iOS that can serve as backdoors, the company has modified a knowledge base article to enumerate and explain the three questionable services found by iOS forensics expert Jonathan Zdziarski
iOS services intended solely for diagnostics: 'I don't buy it for a minute' (The Register) Plus: 'Come on, BBC. You're not children'
Trend Micro backs off Google Play malware claims (TechRepublic) Jack Wallen tests the claims made in a Trend Micro press release that malware is running rampant in the Google Play Store
European Central Bank blackmailed in wake of data breach (Help Net Security) The European Central Bank (ECB) — the central bank for the euro — has suffered a data breach, and has only discovered it after receiving a blackmail letter from the attacker
European Central Bank hack highlights classic problems, say security experts (ComputerWeekly) The hacking of a database serving the website of the European Central Bank (ECB) highlights classic underlying problems facing modern organisations, according to security experts
Zero-day broker exploits vulnerability in I2P to de-anonymize Tails users (ComputerWorld) The one-two punch to privacy and security this week may push home the facts that even when using services that purportedly protect privacy, we are not as anonymous as we may like to think we are. Researchers at Exodus Intelligence, a company that sells zero-day vulnerabilities, found a critical hole in Tails, De-anonymizing Tails and Tor users short for "The Amnesic Incognito Live System," a privacy-orientated operating system that was pushed into the limelight after being recommended by Edward Snowden. This announcement came on the heels of a similar issue that can de-anonymize Tor users
Tails Linux Still at Risk Despite Security Fixes (eWeek) Researchers aim to prove a point "that no software is infallible" by finding bugs in a privacy Linux distribution favored by Edward Snowden
The App I Used to Break Into My Neighbor's Home (Wired) When I broke into my neighbor's home earlier this week, I didn't use any cat burglar skills. I don't know how to pick locks. I'm not even sure how to use a crowbar. It turns out all anyone needs to break into a friend's apartment is an off switch for their conscience and an iPhone
German Report: NSA Tracks Users Researching Privacy Software Online (Newsmax) A warning to those who might do a little online research about Internet privacy software: The NSA is tracking you, a report by the German public broadcasting group ARD concludes
Malcovery Security lists phished brands that slipped by your antivirus (Tweaktown) Phishing attacks bundled with malware or keyloggers are finding success slipping through traditional anti-virus software, causing problems for users
65 Percent DVDs, PCs With Pre-Installed Programs Have Malware (CRN Network) The threats include stealing of confidential data leading to huge monetary loss to the end-user besides making the installed system vulnerable to attacks
Security issues in Vanets (SecurityWeekly) Vehicular ad-hoc networks (Vanets) are an important component of intelligent transportation systems (ITSs). Vanets have no centralised authority or server
Benesse says data leak includes non-customers (Japan Times) Information leaked from Benesse Corp. includes personal data on people who never had a contract with the company, its parent company said Tuesday
Far right group launches cyber-attack against housing association (Inside Housing) Orbit Group has been bombarded with hundreds of emails accusing it of discriminating against white people, as part of an orchestrated campaign by a far right group
State's passport and visa system crashes (FCW) Passport verifications are one of several functions to be compromised by the Consular Consolidated Database crash. The colossal data warehouse that supports the State Department's worldwide visa and passport verification operations has crashed, potentially stranding thousands of people waiting for the documents around the world
Cyber Trends
Security must evolve to be 'all about the data' (CSO) Experts on panel agree that security in the future, to be effective, will not about the devices, the network or even the user, but about embedding data with its own protection
Cyber Security Threats Gain Boardroom Attention (Security Intelligence) Cyber security threats aren't just for security specialists anymore. Today, cyber security is drawing attention from the very top, with one recent study finding that it has now become the number-one concern of corporate boards
Creating a Doppler Effect for Information Security (Federal Blue Print) I'm back after spending a week in Boston at the 26th annual FIRST conference. As many times as I've flown into Logan for business trips over almost 20 years, this was the first time I actually got to spend time in the city of Boston proper
Passwords Be Gone! Removing 4 Barriers To Strong Authentication (Dark Reading) As biometric factors become more prevalent on mobile devices, FIDO Alliance standards will gain traction as an industry-wide authentication solution
Challenges of Covering Cybersecurity News Beat (Control) I remember some stories that got away, but I'll never forget those that were researched and written, but couldn't run. For instance, the most difficult topic we cover is cybersecurity
Marketplace
Putin: Crack Tor for me and I'll make you a MILLIONAIRE (The Register) Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
What the Apple-IBM deal means for the CIO (FierceCIO) Last week, Apple and IBM announced a deal that was widely acknowledged as a brilliant move by Apple to enter into the enterprise space. The partnership allows IBM to bring mobility into the enterprise at a faster clip than the organic pace of Bring-Your-Own-Device, or BYOD, growth
telent boosts cyber security with major investment in CNS Group (IT News Online) Pioneering technology services company, telent Technology Services Ltd, has increased its IT security capability by acquiring a 25% stake in CNS Group, the London-based information assurance and cyber security specialists
Viscount Awarded New Contracts to Secure U.S. Department of Immigration Facilities (Wall Street Journal) Viscount Systems (OTCQB:VSYS), a leading provider of IT-based security software and services, today announced that it has been awarded additional contracts to secure U.S. Federal Government facilities in Wisconsin and Vermont for the Department of Homeland Security — United States Citizenship and Immigration Services (USCIS)
ZeroFOX Appoints Dr. Shane Shook as Chief Strategy Officer (Baltimore City BizList) ZeroFOX, The Social Risk Management Company™, today announced the appointment of Dr. Shane Shook as Chief Strategy Officer. In his new roles, Dr. Shook will help to further establish ZeroFOX's West Coast presence and expand the company's strategic offerings for critical customer markets, including financial services, energy, retail and information technology. Coming to ZeroFOX with more than 25 years of technology experience particularly in investigative sciences, Dr. Shook has led teams within several Global Fortune 100 companies and is a true expert in risk and incident management
Products, Services, and Solutions
Intel unveils SSD Pro 2500 self-encrypting drives (Help Net Security) Intel announced the Intel SSD Pro 2500 Series, which offers IT departments peace of mind with advanced security features and capabilities
My Security Bulletins Dashboard (Microsoft Security Tech Center) myBulletins is an online tool that provides you with a personalized list of the Microsoft security bulletins that matter most to you
Microsoft Security Essentials waves through almost HALF of all online threats (Expert Reviews) Microsoft Security Essentials lets through almost half of all online threats according to the latest lab tests, with people once again urged to remove the dodgy bundled software. Malwarebytes Anti-Malware Free, which claims to protect computers from "new online threats that antivirus can't detect" performed almost as badly, protecting against only 63 per cent of threats
Technologies, Techniques, and Standards
How to prevent a website compromise like StubHub (CSO) Experts provide advice on stopping hackers using stolen credential on websites
aNmap - Android Network Mapper (Nmap for Android) (Kitploit) Nmap is one of the most improtant tools for every cracker (white, grey black hat "hacker"). Nmap is a legendary hack tool and probably the prevelent networt security port scanner tool over the last 10 years on all major Operating Systems. So far it was available in windows, linux and Mac OS X. But now its available at android platform too. It is compiled from real Nmap source code by some developers to provide the support for android devices
The SWAMP: A Key Resource in Improving Software Assurance Activities (Newswise) The SWAMP is open and ready for business. The Software Assurance Market Place, or SWAMP, is an online, open-source, collaborative research environment that allows software developers and researchers to test their software for security weaknesses, improve tools by testing against a wide range of software packages, and interact and exchange best practices to improve software assurance tools and techniques
SSL Blacklist a new weapon to fight malware and botnet (Security Affairs) A Security Researcher at Abuse.ch has started SSL blacklist project to create an archive of all the digital certificates used for illicit activities. In recent years security experts have discovered many cases in which bad actors have abused of digital certificates for illicit activities, from malware distribution to Internet surveillance
Dropbox advises users with privacy concerns to add their own encryption (Inquirer) Dropbox has defended its record on privacy following allegations by NSA whistleblower Edward Snowden that it is "hostile to privacy"
Sicherheitssensibilisierung am Beispiel der Passwörter (Security Insider) Security Awareness ist kein Selbstläufer, sondern muss vom Unternehmen aktiv vermittelt werden. Wie eine entsprechende Kampagne aussehen kann, lässt sich gut an einem gängigen Beispiel durchspielen: Wie bringe ich meine Mitarbeiter dazu, starke Passwörter zu wählen und diese auch nur bei einem Zugang zu nutzen?
Infographic: 25 years of the firewall (Help Net Security) This month the firewall turned 25, and McAfee is celebrating with an infographic that creatively depicts its lifetime. Click on the image below to download the complete version
Design and Innovation
Forget Passwords: This Startup Wants To Authenticate Your Mind (Fast Company) Biocatch detects fraud and identity theft based on your online behaviors
Academia
National University Renames School of Engineering and Computing (Digital Journal) National University's School of Engineering, Technology and Media has officially changed its name to the School of Engineering and Computing, effective July 1. The updated name is meant to reflect more clearly the School's innovative programs that prepare students for professions in technology-related fields relevant to 21st Century needs. The private, nonprofit university has expanded offerings at the School in recent years to include specialties such as Cyber Security and Information Assurance, and Data Analytics
Legislation, Policy, and Regulation
Repair spy partnership (HeraldNet) Given recent German indignation about the National Security Agency, it has been easy to overlook the fact that for decades the German government has cooperated extensively with the NSA on surveillance activities. But after a high-level meeting in Berlin this week, this long-standing but veiled cooperation may have a firmer legal and political base
Surviving on a Diet of Poisoned Fruit: Reducing the National Security Risks of America?s Cyber Dependencies (Center for a New American Security) Digital technologies, commonly referred to as cyber systems, are a security paradox: Even as they grant unprecedented powers, they also make users less secure. Their communicative capabilities enable collaboration and networking, but in so doing they open doors to intrusion. Their concentration of data and manipulative power vastly improves the efficiency and scale of operations, but this concentration in turn exponentially increases the amount that can be stolen or subverted by a successful attack
Clapper: Terror threat is growing (C4ISR & Networks) A "perfect storm" of factors has weakened the country’s ability to prevent and fight terrorism, according to Director of National Intelligence James Clapper
Why (Some) Secrecy is Good for Civil Liberties (Just Security) A few weeks back, Ben Wittes wrote a controversial post over at Lawfare on the latest Snowden disclosures, arguing that, "If you're okay with dumping in the lap of a journalist 160,000 of the most personal conversations a signals intelligence agency can collect, then stop whining to me about 'bulk' or 'mass' collection." As Ben subsequently clarified, his point was not to criticize Snowden for possibly violating the Privacy Act, but to flag what he perceived as the hypocrisy of various media outlets and privacy and civil liberties groups in not criticizing these disclosures — and in thereby appearing to endorse the view that transparency of secret government programs is an unmitigated good. After all, secrecy and privacy are, in many ways, two sides of the same coin — such that those who believe in the virtues of the latter should have a modicum of appreciation for the government's need for the former in at least some cases
The admiral sets a good course: the NSA and cyber attacks (The Lawyer) Admiral Mike Rogers, the new leader of the National Security Agency (NSA) and Cyber Command at the US Department of Defense, certainly has taken a different approach from his predecessor, General Keith Alexander. Right out of the gate, Admiral Rogers noted that the NSA had a public image issue and that it had lost some of its credibility with the US public
Litigation, Investigation, and Law Enforcement
Sony settles PSN hack lawsuit for $15 million (ZDNet) The tech giant plans to offer restitution for those affected by the 2011 PSN hack in free games, subsidies and cash payouts
Board OKs pact to protect UM security breach victims (Baltimore Sun) Experian to monitor credit activity for estimated $2.6 million. The state Board of Public Works approved a contract worth an estimated $2.6 million Wednesday for a firm to monitor the credit activity of an estimated 300,000 people whose personal information was exposed as a result of a computer security breach discovered at the University of Maryland early this year
Travel Agency Fined £150,000 for Violating Data Protection Act (Dark Reading) That'll teach them not to retain credit card data in perpetuity