Cyber Attacks, Threats, and Vulnerabilities
Russia steps up Syria cyber assault (Financial Times) Russia is mounting a far-reaching cyber espionage campaign against Syrian opposition groups and NGOs, as Moscow seeks to influence the flow of information on the country's humanitarian crisis and obscure the full extent of its military operations there
Israeli Security Camera Systems targeted by Pro-Hezbollah Hackers (Hack Read) In 2014, Izz al-Din al-Qassam Brigade of Hamas successfully hacked the ongoing transmission of famous Israeli Channel 10 and replaced it with images of wounded Palestinian families. Now, hackers from the Hezbollah group have claimed to hack numerous security cameras in Israel
Joomla Sites Join WordPress As TeslaCrypt Ransomware Target (Threatpost) Exploit kits infecting thousands of WordPress websites are setting their sights on the open-source content management system Joomla in a new campaign spotted by a researcher at the SANS Institute's Internet Storm Center
US hospital pays $24k ransom after cyber attack locks medical records (The Age) Not too long ago, taking the United States' wild, messy, unreliable system of medical records online seemed like a worthy goal
Ransomware threat highlighted by Los Angeles hospital payout (New Scientist) Extortion is bigger business than ever, and now it doesn't have to rely on people depositing bags stuffed with cash
Hospital Cyber-Attack All Too Familiar for Mountain Hospital (WLOS) The same type of cyber-attack that struck a California hospital struck Mission Hospital last year, said Mission Health System's chief information officer
Ransomware takes millions, baffles law enforcement (The Hill) A California hospital this week paid a $17,000 ransom to free its computers from a hacker's virus, thrusting a little-known but wildly lucrative cyber scheme into the limelight
Android device manager app vuln leaves millions at risk of pwnage (Register) AirDroid grounded. Get patching, fanbois
3-in-1 Android malware acts as ransomware, banking Trojan and infostealer (Help Net Security) Why stop at asking ransom for encrypted files when you can also steal personal info, passwords, online banking credentials and credit card details, and then sell it or use it to get even more money?
New Android Trojan "Xbot" Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom (Palo Alto Networks) We recently discovered 22 Android apps that belong to a new Trojan family we're calling "Xbot"
Android Malware About to Get Worse: GM Bot Source Code Leaked (IBM Security Intelligence Blog) IBM X-Force threat intelligence has found that the source code for Android malware GM Bot was leaked on an underground board in December 2015
As Dyre Goes Quiet, Focus Turns On Other Banking Trojans (Dark Reading) Dridex, Gozi, and Shifu are just three of the many malware tools that could replace Dyre, security researchers say
Cyber Threats Every Financial Services Firm Should Know About (SecurityWeek) The financial services industry is among the most heavily targeted sectors by cybercriminals
New backdoor for Windows has geographical restrictions (Dr. Web) Virus makers keep contriving numerous malicious programs whose purpose is to download other malware on the infected machine and execute cybercriminals? commands. Thus, yet another backdoor Trojan was detected by Doctor Web security researchers in February. Due to some key features it possesses, this Trojan stands out from its counterparts
OceanLotus OS X Malware Disguises Itself as Adobe Flash Update (Intego) Intego VirusBarrier users are protected against the OS X version of OceanLotus, a sophisticated Trojan horse that has been used to spy against businesses and government agencies
Beware of hacked ISOs if you downloaded Linux Mint on February 20th! (Linux Mint Blog) I'm sorry I have to come with bad news
World's biggest Linux distro infected with malware (Naked Security) Sadly, the headline is accurate. Fortunately, however, the outcome was not as bad as it could have been
JSF*** eBay XSS Bug Exploited in the Wild, Despite the Company's Fix (Softpedia) The JSF*** XSS bug that cyber-security firm Check Point discovered two weeks ago is being used in real world attacks on the eBay platform, in spite of eBay's best efforts at having it neutralized
Dell to Customers: Report 'Service Tag' Scams (KrebsOnSecurity) Computer maker Dell is asking for help in an ongoing probe into the source of customer information that appears to have somehow landed in the laps of fraudsters posing as Dell computer support technicians
IRS reports 400% increase in phishing & malware in the past 12 months (Naked Security) It's tax season in the US. That means it's also fraud season
Public Concerns for Zika Virus Exploited by Scammers to Spread Malware (Hack Read) Using a public health emergency for malicious purposes — there's nothing lower
The Internet's outward facing threats to enterprise security (CSO) From botnets to IP spoofing, outward facing threats on the Internet pose security risks for all
Security Patches, Mitigations, and Software Updates
AirDroid Patches Vulnerability Exposing Android Data (Threatpost) A critical vulnerability impacting 50 million Android users running the popular AirDroid application has been patched
Cyber Trends
The Apple standoff should make us rethink our surrender to the phone (Guardian) It certainly wasn't how you imagine a bank robbery to be
Apple v FBI: engineers would be ashamed to break their own encryption (Guardian) Among the secretive, almost religious community of expert security engineers, breaking your own encryption is seen as shameful and unholy
Vulnerabilities in healthcare devices show up woeful lack of security (SC Magazine) Healthcare sector "10 to 15 years behind" in security according to expert
Email security still an afterthought (Help Net Security) Email continues to be a critical technology in business and the threat of email hacks and data breaches loom large over IT security managers. Consequently, confidence and experience with previous data breaches and email hacks play key parts in determining a company's perceived level of preparedness against these threats and targeted email attacks
Application downtime costing enterprises $16 million each year (Help Net Security) Despite numerous high-profile incidents in the last year, enterprises are still not paying enough attention to the needs of their users, according to Veeam
How IoT can improve risk management for insurers (Memeburn) While the insurance industry has traditionally been driven by vehicle theft to embrace telemetry, the time has come to utilise the Internet of Things (IoT) for relevance in the digital age
No cyber attack response strategy at most Indian companies (Economic Times) Most top executives at Indian companies have no strategy to react to a cyberattack, cyber war games held earlier this year by consultancy EY showed
Director of 'Zero Days' to Post: 'The cyber-war era is here' (Jerusalem Post) Alex Gibney, director of the documentary 'Zero Days' talks to the 'Post' about how the US-Israel operation to target Iran's nuclear program changed cyber warfare forever
Marketplace
Cyber insurance offers companies a safety net from online hackers (Crain's Detroit Business) Most businesses and people are inextricably connected to the digital world, from desktop PCs and the servers they link with to tablets, smartphones, smartwatches and a litany of other gadgets
Software Liability: Where Consumer Fears and Business Risk Converge (Virtual Strategy Magazine) Already another in a series of watershed years for cyber-security, 2015 ended with a noisy bang when Juniper Networks revealed in late December that they had discovered unauthorized code embedded within products that could allow hackers to decrypt VPN connections and access what were thought to be secured communications
ESET jumps from 'niche player' to 'visionary' in endpoint protection (ChannelLife) ESET has been dubbed a 'visionary' in Gartner's latest endpoint protection platform magic quadrant report
US Department of Homeland Security Vows To Tackle DDoS Attacks (Hack Read) Galois and the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) have formalized a contract to develop technology for preventing and combating extensive, sophisticated DDoS (Distributed Denial of Service) attacks
Departing US-CERT boss to launch cyber venture firm (FCW) The departing leader of the Department of Homeland Security's U.S. Computer Emergency Readiness Team will launch a venture capital firm next week to fund cybersecurity technologies she said are sorely needed
Iovation CEO Greg Pierson Thrilled Over Nevada Gaming License (Cards Chat) Greg Pierson is a happy man today
Damballa to Partner with PCI Security Standards Council to Improve Payment Data Security Worldwide (BusinessWire) As Council's newest Participating Organization Damballa to contribute to the development of PCI Security Standards
Mark Maybury Named Mitre VP, Chief Security Officer, National Cybersecurity FFRDC Director (GovConExecutive) Mark Maybury, a vice president and chief technology officer at Mitre, has been named VP and chief security officer at the non-profit organization
Products, Services, and Solutions
Troll hunter: Twitter cracks down on abuse with new trust and safety group (ZDNet) After a number of high-profile defections from Twitter because of trolling, the micro-blogging service has now unveiled a new Trust and Safety Council to help guide its policies against abuse
PacketFence: Free and open source network access control (Help Net Security) PacketFence is a fully supported, free and open source network access control (NAC) solution. Its feature set includes a captive-portal for registration and remediation, centralized wired and wireless management, BYOD management options, 802.1X support, and layer-2 isolation of problematic devices
Technologies, Techniques, and Standards
DHS releases guidelines for CISA-sanctioned cybersecurity information sharing (Help Net Security) The US Department of Homeland Security has published guidelines on how the private sector and federal entities can share cyber threat indicators (CTIs) with the US federal government
Surviving Ransomware — A Few Known Cases (Akati Consulting) Most of the people who become victims to ransomware have no chances to recover the data without paying the ransom to the extortionists
The Simple Way to Stop your Business from Being Extorted by Ransomware (Bitdefender) Online extortion is on the rise
Reducing False Positives with Open Data Sources (Internet Storm Center) Today, the number of daily attacks is so important that we can?t rely on a single solution to protect us
The benefits of encryption for IP-based security systems (Security Info Watch) Physical security technology solutions such as IP surveillance and access systems, cloud storage and mobile monitoring and control are accelerating at a rapid pace and are increasingly exposed to cyber-attacks
California hospital cyber hack shows importance of digital risk management (Econsultancy) If you haven't heard about it yet, a hospital in Hollywood, California has been electronically dead in the water for over a week now
Password mistakes that increase the chance of getting hacked (ghacks.net) Selecting a secure, unique password is not science, but it can be a frustrating experience for Internet users especially if they don't use a password manager program to assist them in the task
How to keep your mobile phone safe from cyber criminals (Financial Times) Mobile malware took off in 2011
A Proactive Approach To Incident Response: 7 Benefits (Dark Reading) How implementing a digital forensic readiness program maximizes the value of digital evidence
Bridging the Gap Between Executive Cyber Awareness and Enterprise Security (Infosecurity Magazine) In many organizations today, keeping pace with the rate of emerging cyber-threats is placing a tremendous strain on IT security teams. They must keep one step ahead of motivated and sophisticated attackers, while communicating the risks and necessary response to executive leadership
Why HR should be your first line of defence against corporate hackers (Human Resources) When a cyber security crisis ensues, the management often tends to turn its attention to the information technology department, but research by IBM shows that HR does play a key role in securing an organisation's cyber-space
Are HR Chiefs The Biggest Cyber Threat? (Forbes) Chief human resource officers (CHROs) are not taking cyber threats seriously, and they are failing to train employees on how to deflect even the simplest hacks
Design and Innovation
Apple's fight with the FBI could trigger a password arms race (PC World) It's all to prevent brute force attacks
Apple vs. DOJ Doesn't Really Matter (Network World) With commercial and open source encryption tools readily available, criminals can easily bypass backdoors and vendor workarounds
Christopher Ahlberg on Tracking Hackers Through Patterns Across Forums (Threatpost) Threatpost editor Mike Mimoso talks with Christopher Ahlberg, CEO, Recorded Future about tracking cybercriminals through patterns on hacker forums
Research and Development
How the U.S. Fights Encryption — and Also Helps Develop It (Wall Street Journal) Agencies are developing encryption tools for secure communications, even as the FBI battles for access to an encrypted iPhone
Social media is a rich source for security services — if they can figure out how to use it (Baltimore Sun) Seen a flood of support for Russia's foreign policy on Twitter? Or a surge in sympathy for Islamic State terrorists?
Academia
Experts See Pitfalls Ahead for Obama's Cybersecurity Plan (US News and World Report) A White House proposal to pay student loans to information technology workers needs qualified coders to succeed
Harvard at the Cyber Battlefront (Harvard Political Review) In today's world, a computer can easily become a weapon and cyberspace a battlefield as cyber security becomes a growing national concern
Legislation, Policy, and Regulation
The Problem With John Kerry's Trip to Hollywood (Foreign Policy) Wrong movie, wrong focus group, wrong century
The Moral Hazard of the Fight Against the Islamic State (War on the Rocks) In a recent War on the Rocks podcast, Ryan Evans interviews Basam Ridha al-Hussaini, a special representative of Iraqi Prime Minister Haider al-Abadi, about the state of affairs in Iraq and, in particular, the Popular Mobilization Units — a collection of government-sanctioned militias that currently augment state security in Iraq
China Issues Broad New Rules for Web (Wall Street Journal) Regulations ban companies with foreign ownership from engaging in online publishing
Apple encryption case risks influencing Russia and China, privacy experts say (Guardian) Analysts and lawmakers warn FBI that ramifications over its demand that Apple unlock San Bernardino killer?s iPhone 'could snowball around the world'
Deadlines approaching for officers, warrants, to apply for transfer to cyber branch (United States Army) Deadlines are approaching for active Army commissioned and warrant officers interested in joining the Army Cyber Branch under two Voluntary Transfer Incentive Program efforts
CNO: Navy 'leaning in' on information warfare (C4ISR & Networks) The Navy has undergone numerous lines of effort to realign its force to operate in the cyber domain and better conduct information warfare, including strategies and service-wide assessments, and it?s better positioned the force to meet emerging threats, according to the Chief of Naval Operations
Litigation, Investigation, and Law Enforcement
FBI director makes personal, passionate plea on Apple San Bernardino controversy (Washington Post) The FBI's director has weighed in on the ongoing controversy over whether Apple should help unlock an iPhone used by one of the San Bernardino shooters, saying the nation owes the victims "a thorough and professional investigation under law"
In Employee Email, Apple CEO Tim Cook Calls For Commission On Interaction Of Technology And Intelligence Gathering (TechCrunch) Early this morning, Apple CEO Tim Cook sent an email out to employees about the FBI?s request to unlock an iPhone with the subject line 'Thank you for your support'
San Bernardino victims to oppose Apple on iPhone encryption (Reuters) Some victims of the San Bernardino attack will file a legal brief in support of the U.S. government's attempt to force Apple Inc to unlock the encrypted iPhone belonging to one of the shooters, a lawyer representing the victims said on Sunday
Apple Says the Government Bungled Its Chance to Get That iPhone's Data (Wired) A San Bernardino county worker may be responsible for a contentious battle now playing out between Apple and the government over data on an iPhone that belonged to suspected San Bernardino shooter Syed Rizwan Farook
FBI told San Bernardino County staff to tamper with gunman's Apple account (Guardian) The San Bernardino County government on Friday night said the FBI told its staff to tamper with the Apple account of Syed Farook, who with his wife, Tashfeen Malik, carried out the December shooting in which 14 people were killed
Apple says the FBI is making access demands even China hasn't asked for (Guardian) The tech company claims San Bernardino government workers botched an attempt to access gunman Syed Farook's iCloud account and reset his password
Exclusive: Common mobile software could have opened San Bernardino shooter's iPhone (Reuters) The legal showdown over U.S. demands that Apple Inc AAPL.O unlock an iPhone used by San Bernardino shooter Rizwan Farook might have been avoided if his employer, which owns the device, had equipped it with special mobile phone software it issues to many workers
FBI escalates war with Apple: 'marketing' bigger concern than terror (Guardian) Court filing from Department of Justice says Apple is more concerned with 'its marketing strategy' than helping FBI unlock San Bernardino shooter's iPhone
Arm-Twisting Not the Answer in Apple v. FBI Case, Says Colorado State University Security Expert (Newswise) On Feb. 16, a federal judge ordered Apple Inc. to help the Federal Bureau of Investigation crack the encrypted iPhone 5c of a deceased terrorist
Sophos says: #nobackdoors! (Naked Security) Forget ransomware, forget the Internet of Things, forget all the other computer security stories of recent days
Public support for Apple in FBI standoff isn't strong (USA Today) It's a split decision on the Apple-FBI standoff
Secret Memo Details U.S.'s Broader Strategy to Crack Phones (Bloomberg Business) Silicon Valley celebrated last fall when the White House revealed it would not seek legislation forcing technology makers to install "backdoors" in their software — secret listening posts where investigators could pierce the veil of secrecy on users' encrypted data, from text messages to video chats
JOHN MCAFEE: I'll decrypt the San Bernardino phone free of charge so Apple doesn't need to place a back door on its product (Business Insider) Using an obscure law, written in 1789 — the All Writs Act — the US government has ordered Apple to place a back door into its iOS software so the FBI can decrypt information on an iPhone used by one of the San Bernardino shooters
Apple is Selling You a Phone, Not Civil Liberties (Lawfare) Note to Apple: As a general matter of strategic communications, following the words "We have no sympathy for terrorists" with a "But" generally means you?ve gone badly off message — even if you wedge a few sentences in between
Is Law Enforcement Crying Wolf About the Dangers of Locked Phones? (Atlantic) If the FBI takes the position that encrypted iPhones and other secure electronic devices pose a significant impediment to law enforcement, Susan Hennessey and Benjamin Wittes write at Lawfare, it is reasonable to demand that it does "more than cry wolf"
1st U.S. trials of suspected Islamic State sympathizers begin (MIlitary Times) A U.S. Air Force veteran and former airplane mechanic charged with trying to join the Islamic State will be among the first Americans to go on trial as a result of the U.S. government's pursuit of dozens of suspected sympathizers of the militant group
Big Victory — Judge Pushes Jewel v. NSA Forward (Electronic Frontier Foundation) We won a groundbreaking legal victory late Friday in our Jewel v. NSA case, which challenges the NSA's Internet and telephone surveillance. Judge Jeffrey White has authorized EFF, on behalf of the plaintiffs, to conduct discovery against the NSA
NSA Wants 'Zero Day' Process Kept Secret (Courthouse News Service) The National Security Agency on Thursday defended hiding key details of its process for deciding whether to exploit or disclose software security flaws that make people vulnerable to hackers
15-year-old Teenage Hacker Arrested Over FBI Computer Hack (Hacker News) Another 15-year-old teenager got arrested from the land of cakes, Scotland, by British Police for breaking into the FBI Systems on 16th February
Insurer won't have to cover Five Guys' data breach (Albany Times Union) The operators of several Five Guys restaurants in the Capital Region won't be able to collect damages from their insurance company after their computer network was breached in late 2011, the state Appellate Division ruled Thursday
Would return to US with guarantee of fair trial: Snowden (The Hindu) The former National Security Agency contractor in 2013 leaked details of a secret government eavesdropping programme and left the country
Hacker Pleads Guilty to Stealing Celeb Nude Pics, Not The Fappening Author (Softpedia) Andrew Helton now faces up to 5 years in prison
