Cyber Attacks, Threats, and Vulnerabilities
China responds to report on cyber attack (Xinhua) If overseas hacking organization OceanLotus is proven guilty for stealing government information, it will further evidence that China falls victim to hacker attacks, a Chinese spokeswoman said on Tuesday
Lessons from Japan Pension System Hack (TopTechNews) Hackers have hit Japan's pension system, getting away with over 1.25 million files of personally identifying information
Getting the Word Out About Fake Tech Support Scams (Blue Coat Blogs) This is a post to support the excellent work of another researcher (@malekal_morte), who posted several screenshots from his research today, focusing on Tech Support Scams
Phony Tech Support Scams Now Target Macs (Blue Coat Blogs) This is essentially Part Two of yesterday's post on phony tech support scams. (For those too lazy to click, a hat tip to @malekal_morte for his tweets yesterday about these attacks)
New Rombertik Sample has originated in Nigeria (Security Affairs) ThreatConnect has conducted further investigations on the Rombertik malware and traced a malicious sample they analyzed to a Nigeria-based man
IoT Devices Hosted On Vulnerable Clouds In 'Bad Neighborhoods' (Dark Reading) OpenDNS report finds that organizations may be more susceptible to Internet of Things devices than they realize
Insecure mobile cloud backups leave millions of credentials exposed (TechTarget) Researchers find that insecure implementation of cloud backups by mobile apps may affect hundreds of thousands of apps and leave as many as 56 million credentials exposed
Future attacks: Hiding exploit code in images (Help Net Security) Successfully hiding messages in images has already been done, but is it possible to deliver an exploit in one — and run it?
Malvertising Gets Jacked with 3 Zero-Days (Infosecurity Magazine) Cyber-criminals are turning to malvertising in ever-greater numbers, as recent huge hits on porn sites and a range of media properties illustrates. There's no end in sight though, and Malwarebytes said that it intends to use Flash to gain easy access to millions of consumers this year
Woolworths' Self-Inflicted Breach A Clear Example Of Insider Negligence (Dark Reading) Australian grocer sent master spreadsheet of customer information and redeemable codes for thousands of gift cards to hundreds of customers
Self-Driving Cars Vulnerable to Cyber-Attack, Warn Experts (AFP via NDTV Gadgets) Hackers pose a real danger to self-driving vehicles, US experts are warning, and carmakers and insurers are starting to factor in the risk
Social media gives clues to security questions (USA TODAY) What was your high school mascot?
Test shows 97% fooled in phishing test; terrorists now using popular criminal hacking trick (Bob Sullivan) Plenty of folks think they could never be outsmarted by a hacker; plenty of them are wrong. In fact, perhaps 97% are wrong
Cyber Trends
The drivers and inhibitors of cyber security evolution (ComputerWeekly) A study shows a shift in IT security spending to detection and response — but why are most organisations falling way behind the more enlightened front runners?
The Cyber Threats Hiding Beneath the Surface (PYMNTS) "The battle between the 'good guys' and the cybercriminals will continue to intensify with consumers' personally identifiable information in the wild"
Priority-based patching extending lifespan of outdated equipment: Dimension Data (CSO Online) Recent equipment refreshes have not prevented Australia's network infrastructure from being vulnerable to failure and security breaches, a new study has warned
Cyber attacks hit wide array of UK businesses, says GCHQ (ComputerWeekly) UK security agency GCHQ surprised by the extent and variety of organisations subject to cyber intrusions, says director general for cyber security
Marketplace
Sophos to raise £100m from stock market float (Telegraph) The cyber security company is targeting a premium listing, while Cairn Homes also confirms float plans
ARM Looks to Buy Sansa for IoT Security (Wireless Week) Chip maker ARM may be looking to get into the mobile security space
F-Secure acquisition bolsters firm's European position (PCR) F-Secure has announced its acquisition of nSense, Nordic's top cybersecurity provider
SpaceX's anti-hacker tech powers UK launch of security startup (Register) Spikes Security plays Night's Watch to the Wildlings beyond the firewall
Army kicks in retention bonuses for cyber warriors (Defense Systems) The Army, which is making a concerted push to recruit and retain cyber warriors, is for the first time offering selective retention bonus specifically to cyber personnel
CSG Invotas Delivers Automated Threat Response Solution to Independent U.S. Government Agency (Virtual Strategy Magazine) CSG Invotas, the leader in security orchestration and automation, today announced an independent United States government agency has implemented Invotas' flagship solution, Security Orchestrator, to increase response times to potential threats and reduce operational costs
Infoblox wins 'Emerging Security Vendor of the Year' at NME Innovation Awards (Security Mideast) Infoblox Inc., the automated network control company, has announced that it has been named Emerging Security Vendor of the Year by Network Middle East (NME), the region's leading magazine for networking industry
Cybersecurity Veteran Doug Wylie Joins NexDefense Executive Team (PRWeb) NexDefense, a leading authority on cybersecurity for industrial control systems (ICS), today announced that critical infrastructure cybersecurity veteran Doug Wylie has joined the executive team as vice president of product marketing and strategy…In addition, former U.S. Senator Sam Nunn has joined the company?s investor and advisory groups, bringing a wealth of experience in defending national critical assets
Dean Bakeris Joins ICF International as Cybersecurity VP (GovConWire) Dean Bakeris, formerly director of business development at BAE Systems, has joined ICF International (Nasdaq: ICFI) as vice president of the cybersecurity team
Products, Services, and Solutions
Security startup finds stolen data on the 'Dark Web' (IDG via CSO) Finding stolen data on the Internet is often the first sign of a breach, and a Baltimore-based startup says it has developed a way to find that data faster and more securely
Google Creates One-Stop Privacy and Security Shop (Commerce Times) Google has launched a new hub to gather privacy and security settings in one place
Akamai and Trustwave unite to protect businesses from online threats (Help Net Security) Akamai Technologies, provider of content delivery network services, and managed security services firm Trustwave announced at Infosecurity Europe 2015 a new strategic alliance designed to help businesses more effectively fight a wide range of malicious online activities through vulnerability assessment, denial of service prevention and incident response
Lookout takes consumer mobile security expertise to the enterprise (FierceMobileIT) Whether operating in a BYOD or corporate-owned mobile device environment, companies face mobile security risks every day from existing and previously unknown threats
USMobile launches Scrambl3 mobile app that creates 'Dark Internet Tunnel' (FierceMobileIT) In an era where companies have to keep information confidential from criminals, competitors and their own governments, mobile security is uppermost in the minds of IT security execs
Airbus to launch new cyber sensor to fight advanced persistent threats (Army-Technology) Airbus Defence and Space is set to present a new cyber sensor for combating advanced persistent threats (APT) at the upcoming Infosecurity Europe exhibition in London, UK
Vectra To Demonstrate Real-Time Cyberattack Detection (CIO Today) Vectra Networks today announced that it will provide a live demonstration of its differentiated solution that delivers real-time Relevant Products/Services detection of cyber Relevant Products/Services attacks in-progress at the Gartner Relevant Products/Services Security & Risk Management Summit next week
Technologies, Techniques, and Standards
5 ways to stop a DDoS attack (FierceITSecurity) Distributed denial of service attacks continue to grow larger and more sophisticated as they claim more reputable victims, but that does not mean smaller websites are left defenseless
Bug hunting without much tech knowledge or many tools (Help Net Security) Bas Venis has been programming since he was 14 years old. After gaining some experience as a web developer, this 18-year-old self-taught security researcher got into IT security and aimed his sights at browsers. Specifically, at logic flaws that could be exploited
Legislation, Policy, and Regulation
Congress approves overhaul of NSA surveillance (Baltimore Sun) Congress gave final approval Tuesday to the most sweeping rollback of government surveillance powers in the post-Sept. 11-era, clearing the way for a new program that bans the National Security Agency from collecting and storing Americans' telephone dialing records
U.S. Surveillance in Place Since 9/11 Is Sharply Limited (New York Times) In a significant scaling back of national security policy formed after the Sept. 11, 2001, terrorist attacks, the Senate on Tuesday approved legislation curtailing the federal government's sweeping surveillance of American phone records, and President Obama signed the measure hours later
Why Americans Hate Government Surveillance but Tolerate Corporate Data Aggregators (Lawfare) When I was first elected to the Senate, I was fortunate to be appointed to the Intelligence Committee. There I saw up close the dedication and commitment of the men and women of our intelligence agencies
Why We Can't Trust the NSA (And Why That's a Crisis) (National Journal) A greater threat than Iran, ISIS, and "lone wolf" attacks: government lies
How Export Controls Can Hurt National Security (Forbes) The federal government regulates the export of items with potential military uses to assure they are not shipped to hostile countries, terrorists, or human-rights abusers
Are agencies really ready for the Internet of Things? (FCW) It's a hydra-headed opportunity and test — and it's not something agencies can afford to ignore
Litigation, Investigation, and Law Enforcement
Home Depot says to breach victims, 'You can't do it, we won't help' (FierceITSecurity) Home Depot is asking a federal court to dismiss lawsuits by consumers who claim they suffered financial harm as a result of last year's massive data breach at the home improvement retailer
Debunking the Myths over Big Data and Antitrust (Comptetition Policy International Antitrust Chronicle) What are the implications of big data on competition policy?
The Art of Cyberwarfare (Legal Tech News) As data breach liabilities escalate, general counsel must address a minefield of cybertroops, weak partnership loops and regulatory groups
Daniel Ellsberg credits Edward Snowden with catalysing US surveillance reform (Guardian) Prominent US whistleblowers applaud Snowden's Patriot Act revelation for inciting Congress to take action, though they doubt he can ever return to the US
Ex-NBA All Star Chris Gatling accused of being ID theft kingpin (Naked Security) Former NBA All-Star Chris Gatling was arrested in Scottsdale, Arizona on Saturday and charged with being the kingpin in a credit card and identity theft scam
SIS spies to Kim Dotcom: We're sorry for calling you fatty (New Zealand Herald) Security Intelligence Service chief Rebecca Kitteridge has apologised to Kim Dotcom for the behaviour of her spies, who swapped emails about the internet entrepreneur's weight and wife while mocking his chances of getting New Zealand residency