Cyber Attacks, Threats, and Vulnerabilities
The Cyber Activists Who Want to Shut Down ISIS (The Atlantic) Somewhere in Europe, a man who goes by the name "Mikro" spends his days and nights targeting Islamic State supporters on Twitter
Cyber Attack on South Korean Subway System Could Be a Sign of Nastier Things to Come (Vice News) A South Korean legislator revealed this week that a report from the country's intelligence service suggested that the North Korean government might have been behind a hack of the Seoul Metro system last year that lasted several months
SHA-1 hashing algorithm could succumb to $75K attack, researchers say (CSO) It's time to retire the SHA-1 hashing algorithm, as it is now cheaper than ever to attack, researchers say
Practical SHA-1 Collision Months, Not Years, Away (Threatpost) When Bruce Schneier made his oft-cited and mathematically sound projections about the life expectancy of the SHA-1 cryptographic algorithm, he didn't think he was being conservative
Disclosed Netgear Router Vulnerability Under Attack (Threatpost) A vulnerability in Netgear routers, already disclosed by two sets of researchers at different security companies, has been publicly exploited
LoopPay hackers sought intellectual property, breach adds to mobile payment security challenges (FierceFinanceIT) LoopPay, the technology acquired by Samsung in its bid to differentiate itself from Apple Pay, was reportedly breached months ago by a Chinese hacking group looking to replicate its technology, Samsung has confirmed
Chinese Hackers Breached LoopPay, Whose Tech Is Central to Samsung Pay (New York Times) Months before its technology became the centerpiece of Samsung's new mobile payment system, LoopPay, a small Massachusetts subsidiary of the South Korean electronics giant, was the target of a sophisticated attack by a group of government-affiliated Chinese hackers
Too many fake apps in the Windows Phone Store? Cyber-security company Avast might know why (WinBeta) Talk about attracting the wrong people
ESET: Google's Android security is still failing to keep bad apps out (Inquirer) The tried and tested fake application threat has been felt again in the Android Play store, according to security research outfit ESET
Backdoor in Cisco's WebVPN Service Allows Hackers to Steal Corporate Passwords (Softpedia) Cisco's Web-based VPN service has been dealt a heavy blow by security researchers at Volexity which found at least two methods through which hackers installed backdoors on the service, stealing corporate accounts passwords as employees were logging into their accounts
Corporate VPNs In The Bullseye (Dark Reading) When the corporate virtual private network gets 0wned
New Microchip-Enabled Credit Cards May Still be Vulnerable to Exploitation by Fraudsters (Federal Bureau of Investigation) By October 2015, many U.S. banks will have replaced millions of traditional credit cards, which rely on data stored on magnetic strips, with new credit cards containing a microchip known as an EMV chip
Chipping Away At Credit Card Fraud With EMV (Dark Reading) As of October 1, so-called chip-and-pin technology is now the law of the land for electronic payments in the US. But it's not the silver bullet that will instantly stop all cybercrime
Amazon iPhone order email has malware attached (Graham Cluley) Watch out folks — malware has been spammed out in an email claiming to come from Amazon
Code Signing certificates becoming popular cybercrime commodity (Security Affairs) Learn what Certificates as a Service stand for, discover why Code Signing certificates are a precious commodity and find out how to protect yourself online
Security Patches, Mitigations, and Software Updates
Prenotification Security Advisory for Adobe Acrobat and Reader (Vulnerability identifier: APSB15-24) (Adobe Security Bulletin) Adobe is planning to release security updates on Tuesday, October 13, 2015 for Adobe Acrobat and Reader for Windows and Macintosh
Cisco praised for quick response to cyber attack (ComputerWeekly) Cisco has issued a security update for its networking equipment to block redirects to the Angler exploit kit's proxy servers and has published guidance for users
Apple throws in-app ad blockers out of the iOS App Store, citing security concerns (Graham Cluley) iOS 9 brought ad-blocking to mobile Safari users, which either delighted or disgusted you (depending on whether you were an online site which relied upon advertising or not)
Cyber Trends
Kaspersky says most cannot recognise a cyber-threat (ITWire) Some 74% of Internet users would download a potentially malicious file, because they lack the 'cyber-savviness' they need to spot dangers online according to Kaspersky Labs online quiz of over 18,000 users
In endpoint security, trust matters (Channelnomics) Survey finds that more than a quarter of solution providers pick vendor trustworthiness as a top priority for choosing antivirus vendor
CIOs losing confidence in Mac security: study (ITWire) The rise in high-profile malware attacks is damaging CIOs' confidence in Mac security, according to new research out of the UK from endpoint security software firm Avecto, but many still perceive Macs as safer than Windows computers
Marketplace
Cyber insurance could even the hacker-infested playing field for SMBs (Help Net Security) Though it's the large corporations that are splashed across headlines after high-profile breaches, small- to medium-sized businesses are just as frequent a target for hackers, according to a panel of experts
Cyber attack insurance growing fast (Australian Broadcasting Corporation) Customers of David Jones and Kmart were left exposed last week after hackers stole private email addresses, home addresses and phone numbers
Embrace new roles in rapidly changing economy, insurers told (Business Insurance) Insurers and their commercial customers must adapt their strategies to keep pace with the rapidly changing global economy
IT security budgets rise for the first time in years, PwC report finds (FierceITSecurity) For the first time in a number of years, IT security budgets have increased, up a healthy 24 percent year-over-year in 2015, according to PricewaterhouseCooper's annual Global State of Information Security Survey report released on Wednesday
Cybercrime costs rising, experts say application layer needs budget (TechTarget) Two separate reports noted that cybercrime costs are significant. Some experts said reallocating budget resources to application layer security may be the answer
GE Charges Into IoT, Cloud Analytics Space (InformationWeek) GE is going full steam ahead in its efforts to become a digital company. This includes new emphasis on IoT and analytics
What is the EMC Federation? (Fortune) Here are the six units in the EMC Federation, the target of a potential acquisition by tech giant Dell
Alleged Airline Jet Hacker's Security Firm Files for Bankruptcy (Wall Street Journal) A Colorado cybersecurity firm whose founder said he hacked into more than a dozen airline flights by plugging his laptop into a passenger jet's entertainment system has filed for bankruptcy
LogMeIn buys LastPass password manager for $110 million (Ars Technica) LogMeIn promises to preserve LastPass brand, with expanded capabilities
Boston cyber companies join forces in $31 million acquisition (Beta Boston) CyberArk, an Israeli cybersecurity company with its US headquarters in Newton, will pay $30.5 million to acquire Waltham-based Viewfinity Inc
Bugcrowd Grows Revs By 400% (Infosecurity Magazine) In a testament to how security testing for software has evolved, Bugcrowd has reported a 400% growth in revenue year-over-year
Resilient Systems Sees 'Tremendous' Growth As Focus On Incident Response Rises (CRN) With what seems like a new data breach hitting the news every day, companies such as Resilient Systems that focus on incident response report seeing incredible growth
Corero Network: 'Our market is hot and only getting hotter' (Proactive Investors) The SmartWall Threat Defense System offers internet service providers and hosting companies protection against distributed denial of service, or DDoS for short
Rook Security's Brian O'Hara Named President of Indiana InfraGard Member Alliance (BusinessWire) O'Hara to lead Indiana public and private sectors in promoting security of state and national critical infrastructures
Cloudmark Engineering Director Named Leading Woman in Cybersecurity (BusinessWire) Network security leader encourages more women to join the fight against cyberattacks
UnitedLex Bolsters Its Cybersecurity Services with Two Strategic Appointments (Legaltech News) Sam Barlow and Melia Kelley bring a wealth of experience to the expanding Cyber Risk Solutions practice
Products, Services, and Solutions
AWS announcements come thick and fast at re:Invent (MicroScope) Amazon Web Services announces a range of new products and solutions at the re:Invent conference in Las Vegas
Free tool to remove YiSpecter iOS malware (Help Net Security) Zimperium has released a tool to help iOS users that have been infected with the recently spotted YiSpecter advertising malware remove the threat from their devices
Blue Turtle offers innovative solution for emerging cyber threats with Darktrace partnership (ITWeb) Blue Turtle Technologies, a leading security solutions provider, and Darktrace, the leader in Enterprise Immune System technology, have announced a strategic partnership to deliver Darktrace's award-winning cyber defence technology to the South African market
Cyber security for shipping needs unique approach (IHS Maritime 360) Specialist cyber-security product manufacturer LightCyber has told IHS Maritime that shipping needs a new approach to cyber security
Protegrity Data Security Solutions Integrated Into Teradata Cloud (MarketWatch) Protegrity technology to provide column/field-level data protection for Teradata Cloud for Analytics
Blue Coat Expands Security Industry's Largest Collaboration for Encrypted Traffic Management (CSO) Seven new security vendors join ETM ready program, increasing momentum to combat security threats hiding in encrypted traffic
Cytegic helps enterprises assess their cybersecurity maturity level (Network World) The toolset helps enterprises get an understanding of their overall security posture and make strategic decisions about their security controls
LogRhythm 7 Accelerates Cyber Threat Detection & Response via Revolutionary Search, Optimization in Processing and Indexing (BusinessWire) Extends efficiencies and effectiveness of next-gen SOCs
CSC Adds On-Demand Workload Protection to its Suite of Cloud Security Services (MarketWatch) Pay-as-you-consume security for cloud and virtual workloads is powered by CloudPassage
Technologies, Techniques, and Standards
Non-technical manager's guide to protecting energy ICS/SCADA (CSO) Sophisticated cyber-attacks known as Advanced Persistent Threats (APT) are a growing challenge to the energy sector of our nation's critical infrastructure. These attacks can largely be attributed to well-funded, dedicated nation-state actors
Unlocking Smartphones: PINs, Patterns or Fingerprints? (eSecurity Planet) PINs, patterns and fingerprints are all options for unlocking mobile devices. But which option is most secure?
Why Network Behavioural Analytics Should be a Critical Part of Your Security Strategy? (Information Security Buzz) Network behavioural analysis — a systematic, architectural approach to network security — involves deep packet analysis to identify advanced persistent threats (APTs) and zero-day attacks
Practical IT: How to create a culture of cybersecurity at work (Naked Security) A "security culture" is one of those intangible things that can deliver an immeasurable benefit to your business
What you sound like after a data breach (Naked Security) Hopefully you've never had anything stolen in a data breach, but if you have I hope you've been spared the salted wound of the non-apology
Treat IT security the same as workplace safety: Verizon (ZDNet) Verizon's cybersecurity arm believes the way an Australian company handles health and safety on a building site should be employed to tackle cybersecurity
Design and Innovation
Secure Computation and The Right to Privacy (Tripwire: the State of Security) In December 1890, Samuel Warren and Louis Brandeis, concerned about privacy implications of the new "instantaneous camera," penned The Right to Privacy, where they argue for protecting "all persons, whatsoever their position or station, from having matters which they may properly prefer to keep private, made public against their will"
5 Lessons From the Summer of Epic Car Hacks (Wired) Summer is the Oscar season of hacking
Research and Development
Pentagon: Human-thinking machines are the answer to cyberthreats (Washington Examiner) Machines that can reason like humans are necessary to protect the United States in the future, according to the Pentagon's head of developmental research
Egnyte Awarded U.S. Patent for Egnyte Object Store (Benzinga) Industry-first technology for optimizing storage with third-party flexibility
Academia
Cybersecurity education report aims to address student 'confusion' (FedScoop) According to the report, government can do more to explain and streamline different programs and scholarships available to students who want cyber skills
Purdue announces partnership with state, Intel for cybersecurity (WLFI) Purdue University, Intel Security and the state of Indiana announced their partnership to combat cyber terrorist attacks on Thursday
Legislation, Policy, and Regulation
Important tool in fighting terrorism (Jordan Times) The pan-Arab conference on the role of Arab media in combating terrorism, held in Amman, was a timely exercise in raising awareness and mobilising Arab media in the fight against extremism and terrorism
The Islamic State Is Failing, Say Imams and Muslim Scholars in New Online Magazine (Vice News) The Islamic State (IS) group is failing in its mission to establish a caliphate for Muslims, UK religious leaders and scholars declared today in an online magazine aimed at countering IS propaganda
NDAA would change cyber acquisition, Gross tapped for CIO post at FDIC and more (FCW) The fiscal 2016 defense policy bill that has cleared the House and Senate but faces a likely veto from President Barack Obama would make significant changes to how the Pentagon can acquire cyber technologies
FBI: 'Dozens' of Terror Suspects Have Used Encryption to Hide from Law Enforcement (National Journal) "I'm surprised if it is only a couple dozen people," says Senate Homeland Security Chairman Ron Johnson
Lawmakers: OPM shouldn't be in charge of classified data (Washington Examiner) Two congressmen are campaigning to take classified data away from the Office of Personnel Management
Intelligence community unveils state-of-the-art campus (Office of the Director of National Intelligence) James R. Clapper, director of national intelligence, participated in a ribbon-cutting ceremony today to celebrate the opening of the Intelligence Community Campus-Bethesda
California Now Has the Nation's Best Digital Privacy Law (Wired) California continued its long-standing tradition for forward-thinking privacy laws today when Governor Jerry Brown signed a sweeping law protecting digital privacy rights
Litigation, Investigation, and Law Enforcement
Exclusive: Uber checks connections between hacker and Lyft (Reuters) Eight months after disclosing a major data breach, ride service Uber [UBER.UL] is focusing its legal efforts on learning more about an internet address that it has persuaded a court could lead to identifying the hacker. That address, two sources familiar with the matter say, can be traced to the chief of technology at its main U.S. rival, Lyft
Experian hack raises doubts about security of credit database, advocates say (Guardian) Letter calls for investigation and asks 'what's the difference in security measures' that allowed supposedly limited access to database of 200 million people
Don't panic, biz bods: A guide to data in the post-Safe Harbor world (Channel Register) Sweat the details
Regulators Investigating 2nd VW Computer Program on Emissions (New York Times) Federal and California regulators have begun an investigation into a second computer program in Volkswagen's diesel cars that also affects the operation of the cars' emission controls
Volkswagen's U.S. chief blames emissions scandal on 'individuals' (Reuters) Volkswagen's (VOWG_p.DE) cheating on emissions with the use of software in diesel cars was not a corporate decision, but something that "individuals did," its U.S. chief executive told lawmakers on Thursday
Ex-Homeland Security Boss Rips Hillary Clinton on Email Scandal (Times of San Diego) The first director of the Department of Homeland Security has criticized Hillary Clinton's judgment for using a private email account, and her own server, to communicate as secretary of state
Purdue erases Pulitzer Prize winner's keynote (Lafayetter Journal & Courier) Purdue University erased a keynote speech in an "overreaction" to regulations by the U.S. Department of Defense, Pulitzer Prize-winning journalist Barton Gellman said Wednesday
Webcam hacker spent up to 12 hours a day watching his victims (Naked Security) A hacker who used the notorious Blackshades RAT malware to hijack webcams on computers, and secretly watch people engaged in sexual activity, has avoided prison