Cyber Attacks, Threats, and Vulnerabilities
Massive Law Firm Hack Reveals Rich Hiding Money (eWeek) Hackers allegedly stole more than 11.5 million documents from the Panamanian law firm of Mossack Fonseca, detailing the workings of offshore accounts for many politicians and the rich, and delivered the information to journalists
Here’s What We Know About the ‘Panama Papers’ (New York TImes) On Sunday a group of global news organizations published articles based on a trove of leaked confidential documents from a law firm in Panama. They exposed how some of the world’s most powerful people were said to have used offshore bank accounts to conceal their wealth or avoid taxes
The Names in the Panama Papers (The Atlantic) Documents leaked Sunday from a Panama-based firm purport to show corruption and questionable business practices of world leaders, politicians, and others
Panama Papers Leak Exposes Tax Evasion -- And Poor Data Security, Data Integrity Practices (Dark Reading) Whether an insider leak or an outsider hack, an exposure of 11.5 million documents definitely falls under the infosec umbrella
A guide to the biggest data leak in history (Guardian) What is Mossack Fonseca, how big is it, and who uses offshore firms? Key questions about one of the biggest ever data leaks
Siemens prüft nach Enthüllungen auch mögliche Ansprüche (MIttelbayerische) Der Elektrokonzern Siemens sieht sich nach den Enthüllungen zu Briefkastenfirmen im Ausland weiterhin als potenziell Geschädigter und will auch mögliche Ansprüche prüfen
Kremlin rejects Panama leaks as ‘Putinophobia’ (Financial Times) The Kremlin dismissed a report about billions of dollars in offshore funds circulating among intimates of Vladimir Putin as a case of “Putinophobia” whipped up by the US to discredit the Russian president
The Panama Papers could cause Iceland’s government to collapse (Quartz) The release of the Panama Papers will have a huge impact around the world. But Iceland deserves some particular attention
The Panama Papers reveal some own goals by soccer’s elite—including Lionel Messi (Quartz) The Panama Papers have provided unprecedented access into the world’s elite’s tax affairs. A number of current and former heads of state, as well as celebrities have been linked with tax avoidance and money laundering—including, unsurprisingly, some of soccer’s elite
Israel Prepares for Cyberattack Aimed to ‘Punish Zionist Entity’ for ‘Crimes Against Humanity’ (Allgemeiner) Ahead of what has become an annual cyberattack against Israel by pro-Palestinian hackers, video clips have been circulating in various languages warning about Thursday’s imminent disruption of networks identified as being associated with the Jewish state, the Hebrew news site Walla reported on Sunday
Did hacktivists really just expose half of Turkey's entire population to ID theft? (Register) A trove of leaked information, purported to be the entire Turkish citizenship database, has been leaked
Vulnerabilities in visa database could put up to 290M personal records at risk (FierceGovernmentIT) A visa database with over 290 million records could be vulnerable to hackers breaching, stealing and even doctoring official visa applications, the U.S. State Department found through an internal study on the matter
The Taliban app’s publication points to holes in Google’s app review process (TechCrunch) A propaganda application developed by the Islamist fundamentalist group the Taliban was live on the Google Play store for two days before being booted, raising questions about Google’s app review process, which today includes a combination of human editors and algorithms
‘Surreptitious Sharing’ Android API Flaw Leaks Data, Private Keys (Threatpost) Researchers have identified a vulnerability in an Android API used by messaging apps such as Skype and perhaps more concerning, privacy-centric apps such as Signal, and Telegram, that could lead to privilege escalation and data loss including private keys
New ransomware with an old trick: “Petya” parties like it’s 1989 (Naked Security) Here’s a ransomware story with a difference. Petya is modern-day malware that locks you out of your data, much like TeslaCrypt or Locky, but does it the hard way
HTTP compression continues to put encrypted communications at risk (IDG via CSO) Researchers improve the BREACH attack to extract sensitive data from encrypted HTTPS connections faster
The latest version of iOS lets anyone see your contacts and photos on certain iPhones (Quartz) You might want to wait before downloading the latest version of Apple’s operating system for iPhones
Sources: Trump Hotels Breached Again (Krebs on Security) Banking industry sources tell KrebsOnSecurity that the Trump Hotel Collection — a string of luxury properties tied to business magnate and Republican presidential candidate Donald Trump — appears to be dealing with another breach of its credit card systems. If confirmed, this would be the second such breach at the Trump properties in less than a year
Finnish Defense Ministry Hit by DDoS Cyber Attack (Defense News) Finland’s Ministry of Defence (MoD) is reviewing its IT security infrastructure in the wake of a distributed denial of service (DDoS) attack on its main website
A cyber attack turned out the lights on 80,000. What can stop them? (Reuters) In the middle of the afternoon on Dec. 23, at least 80,000 Ukrainians suddenly lost access to electricity. It was, U.S. officials and other analysts believe, the most dramatic escalation in several years of the quietly growing international confrontation in cyberspace
Bulletin (SB16-095) Vulnerability Summary for the Week of March 28, 2016 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week
Security Patches, Mitigations, and Software Updates
Google’s Nexus security update for April fixes 8 critical Android bugs (TechCrunch) Google is releasing the monthly security update for its Nexus Android devices today and with it, it is also announcing a list of the security vulnerabilities it has patched in this release
Google Patches Old Flaw Exploited by Rooting Application (Threatpost) Google has patched a vulnerability being exploited in the wild to root Nexus 5 Android devices
Cyber Trends
The Next Big Thing: Who Drives the Security Agenda? (IBM Security Intelligence) “What came first, the chicken or the egg?” is a metaphysical mystery
More IoT device security woes in latest Bitdefender research (IoT Tech) New research shows that the move to smart homes is actually putting householders at risk of privacy theft after the discovery that a number of commonly used Internet of Things (IoT) consumer devices are vulnerable to cyber attack
IT Admins Just As Bad, If Not Worse, Than Employees At Changing Passwords (TechWeek Europe) Administrators change their security credentials less frequently than user passwords, survey at RSA Conference finds
Marketplace
Cyber Insurance Rates Drop With Decrease In Big Data Breaches (Dark Reading) Insurers cut cyber insurance rates during the first quarter of 2016 as high-profile hacks subsided, Reuters reports
Israeli cybersecurity grabs 8% global market share (Globes) 20% of all Israeli high-tech companies are engaged in cybersecurity, making it the country's biggest sector
Dell's SecureWorks plans April IPO (CIO Dive) SecureWorks Corp., a cybersecurity firm owned by Dell Inc., plans to launch its IPO this month, according to a report from the Wall Street Journal
Dell To End The IPO Drought, But Is SecureWorks A Buy? (Seeking Alpha) Dell’s SecureWorks is expected to go public soon. The 18-year-old cyber security company has a net loss, disappointing margins, and questionable ability to operate independently from its parent company. Even though cyber security is a great segment for the long haul, SecureWorks is not the best peak right now
IBM Layoffs Hit Canada, Europe, Australia; US Likely Next (InformationWeek) IBM layoffs are hitting employees in Canada, Europe, and Australia. Another round of US layoffs is reportedly "imminent"
Bromium Delivering on Promise of Byzantine Fault Tolerance (eWeek) In 2011, Simon Crosby helped found security vendor Bromium, with the promise of enabling what is known in computer science as Byzantine fault tolerance
Pasadena-Based Guidance Software Founder Writes to Stockholders to Help Improve Company (Pasadena Business Now) Guidance Software Inc. founder and largest stockholder Shawn H. McCreight has written publicly to fellow stockholders of the Pasadena-based company to ask for their “help in turning this company around"
Brocade's Ruckus acquisition aims to set a standard for the Internet of things (Silicon Valley Business Journal) Brocade Communications Systems on Monday agreed to buy Wi-Fi equipment maker Ruckus Wireless in a cash and stock deal worth approximately $1.5 billion
DHS seeks vendors to support NextGen cybersecurity operations center (Federal Times) The Department of Homeland Security released the final request for proposals for its $395 million contract to support the agency’s network security services
Corero Network Security PLC wins European contract (Proactive Investors) More good news for the cyber security firm, whose shares are up almost three-fifths this year
Telesoft opens extreme cyber lab in Annapolis Junction (Telecompaper) Telesoft Technologies, a Cyber Defense and Network Visibility vendor, announced the official opening of a new extreme cyber laboratory and offices based in Annapolis Junction, Maryland
Products, Services, and Solutions
SECUDE Announces a New Release of Its SAP Data Protection Solution Halocore (Marketwired) Halocore facilitates the tracking and analyzing of all download activity from SAP applications, helping SAP customers identify sensitive data exports and prevent potential data loss
Palo Alto Networks and PwC Help Organizations Establish Breach Prevention Security Posture (PR Newswire) Palo Alto Networks® (NYSE: PANW), the next-generation security company, and PwC's Cybersecurity and Privacy practice are joining forces to help customer organizations establish security architectures, organizational structures and computing processes optimized to prevent cyber breaches
Recorded Future Announces Integration with Palo Alto Networks (PRNewswire) Customers gain real-time threat intelligence context from the Web; Live demonstration at Ignite 2016
ProtectWise Announces Integration With Palo Alto Networks (PRNewswire) Integration to provide increased visibility, threat detection and optimized incident response workflows for customers
Webroot and Cloud Harmonics Partner to Empower the Channel with Next-Generation Threat Intelligence (PRNewswire) Webroot BrightCloud Threat Intelligence for Palo Alto Networks Firewalls expands Cloud Harmonics' Enterprise Protection Product portfolio
A Day In The Life Of A Security Analyst (Dark Reading) 'The network doesn't lie' and host detection systems are also key tools for the analyst
Improving the response to cyber threats (Enterprise Times) Guidance Software has announced EnCase Endpoint Security v5.12, the latest version of its security software solution
CensorNet Offers Adaptive Multi-Factor Authentication Solution Through CenturyLink's Cloud Marketplace (Marketwired) CensorNet, the complete cloud security company, today announced its certification under the CenturyLink Cloud Marketplace Provider Program
DoD Certifies Fidelis Threat Defense Offering (ExecutiveBiz) A Fidelis Cybersecurity-designed threat defense offering has been added to the Defense Department’s list of products certified for interoperability and information assurance via an assessment stage
Calculate the cost and probability of a DDoS attack (Help Net Security) DDoS attacks are becoming increasingly larger, more complex, and perpetrated by cyber extortionist instead of hacktivists and vandals, according to a recent survey from Arbor Networks
Technologies, Techniques, and Standards
CAs Needs To Force Rules Around Trust (Dark Reading) Google Symantec flap reveals worrisome weakness in the CA system
War on Multiple Fronts: A Holistic Approach to Cybersecurity (Legaltech News) Success is adopting a holistic approach to managing threats on multiple fronts
In Search of Data Protection, Enterprises Look to Cybersecurity Frameworks: Survey (Legaltech News) Increases in industry-agnostic cyberattacks abound, with enterprises scrambling to protect their digital foundations. Does the NIST framework hold the answer?
The dangers of bad cyber threat intelligence programs (Help Net Security) I love a surprise ending in a movie. Whether I’m watching drama, action, or sci-fi, there’s nothing better than a plot twist you can’t predict
Wave of Cyberattacks on Hospitals Offers IT Security Lessons for MSPs (MSP Mentor) At least 14 U.S. hospitals have become victims of cyberattacks during the past six weeks, with some paying thousands of dollars in ransoms to regain access to locked data files and crippled networks
Design and Innovation
Is the blockchain good for security? (CSO) The blockchain is now being hyped as the solution to all inefficient information processing systems
The Password In Your Eyes: Has Iris Identity Authentication Finally Arrived? (Legaltech News) More reliable than most biometrics, Iris-identity authentication solutions are catching on, with one company looking to turn the technology into an everyday utility
Research and Development
Prevent Neighbors from Stealing Your Bandwidth with This New Wi-Fi (Hack Read) We all love it totally when we hear about new WiFi routers that offer extensive range and far-reaching signals
Academia
Bossier students learning cyber security (KSLA) Cyber security is a flourishing industry, and the threat of cyber attacks is growing right along with it
Legislation, Policy, and Regulation
UK military to pony up $57M for new cybersecurity center (FierceGovernmentIT) The U.K. Ministry of Defense plans to spend more than 40 million pounds ($57 million) on a new cybersecurity operations center to safeguard the ministry's networks and systems against cyberthreats
Four cyber defense challenges for the next administration (C4ISR & Networks) A fair portion of the modern military runs on silicon. We have even begun to refer to the modern battlespace as the digital battlefield
Opinion: The NSA must adapt to survive the Digital Age (Christian Science Monitor) National Security Agency Director Adm. Mike Rogers has undertaken an incredibly important overhaul of the agency – a plan known as NSA21 – that will ensure it remains well ahead of America's adversaries
The Pentagon doesn't know who’s in charge for responding to a massive cyber attack (Navy Times) The Pentagon does not have a clear chain of command for responding to a massive cyber attack on domestic targets in the United States, according to the federal government's principal watchdog
U.S. 10th Fleet CO Tighe Likely Nominee for Top Navy Intel Job; Previous Nominee Train Withdrawn (USNI News) The Pentagon is set to nominate the head of the Navy’s operational cyber arm to lead the service’s intelligence community, a person familiar with the nomination process told USNI News on Friday
Flag Officer Assignments (US Department of Defense) The Secretary of the Navy Ray Mabus and Chief of Naval Operations Adm. John M. Richardson announced today the following assignments: Rear Adm. Sean R. Filipowski will be assigned as deputy director, Signal Intelligence Directorate, National Security Agency, Fort Meade, Maryland
Litigation, Investigation, and Law Enforcement
FBI offering iPhone cracking services to federal agencies, local law enforcement (FierceGovernmentIT) Now that the Federal Bureau of Investigation apparently has its own way to bypass the security of Apple iPhones, it is starting to offer that capability as a service to other federal agencies, including law enforcement, around the country
To dodge crypto, undercover UK cops simply asked to see terror convict’s iPhone (Ars Technica) No need for backdoors or weakened encryption when clever policing does the job
Was an Asian government reading Hillary Clinton’s emails in February 2009? (Washington Post) I continue to be fascinated by the very early chapters of the Hillary Clinton homebrew email saga. For one simple reason: the clintonemail.com server apparently didn’t have the digital certificate needed to encrypt communications until late March 2009 — more than two months after the server was up and running, and after Secretary Clinton’s swearing-in on January 22
Former DHS Official: ‘Very Real Probability’ Asian Intelligence Services Read Unsecured Clinton E-Mails (Law Newz) Former DHS Official: ‘Very Real Probability’ Asian Intelligence Services Read Unsecured Clinton E-Mails
Clinton case shines light on danger to national secrets (The Hill) The sheer volume of mobile phones, laptops and tablets used by federal officials is making it difficult to stop leaks of classified information, officials worry
Hillary's 'classified' smokescreen hides real crime: Column (USA Today) Stewart Baker, writing for The Volokh Conspiracy Blog at the Washington Post on Monday, raises some largely overlooked, yet potentially very troubling issues related to Hillary Clinton’s use of private server while serving as Secretary of State
Top Silk Road 2.0 admin “DoctorClu” pleads guilty, could face 8 years in prison (Ars Technica) Brian Farell told feds: "You're not going to find much of a bigger fish than me"
Court Lifts Stay in Finjan v. Symantec (EIN News) Trial to proceed against Symantec on eight of Finjan's U.S. patents