Cyber Attacks, Threats, and Vulnerabilities
Azerbaijani Hackers Hack Twitter Account of Russian Embassy in Armenia (Hack Read) A couple of days ago we reported about the ongoing cyber war between Armenian-Turkish groups while Azerbaijani hackers missing from the action. But now they are back in the news by hacking the official Twitter account of Russian Embassy in Armenia earlier this morning
Data Protection Mishap Leaves 55M Philippine Voters at Risk (TrendLabs Security Intelligence Blog) Every registered voter in the Philippines is now susceptible to fraud and other risks after a massive data breach leaked the entire database of the Philippines’ Commission on Elections (COMELEC)
LA Times said to be compromised, shell access offered up for sale (CSO) Based on the images released, it looks as if the person responsible has full access to the newspaper’s servers
Panama law firm says data hack was external, files complaint (Reuters via Business Insurance) The Panamanian lawyer at the center of a data leak scandal that has embarrassed a clutch of world leaders said on Tuesday his firm was a victim of a hack from outside the company, and has filed a complaint with state prosecutors
Iceland government appoints new PM, to call early elections (Reuters) Iceland's government named a new prime minister and called for early elections in the autumn on Wednesday, a day after Prime Minister Sigmundur David Gunnlaugsson quit to become the first global politician brought down by the "Panama Papers" leaks
Austrian bank's CEO quits after Panama Papers reports (Reuters) The chief executive of Hypo Landesbank Vorarlberg, an Austrian lender mentioned in the massive "Panama Papers" data leak, has become one of the first top bankers to quit over reports based on those files
Will the Panama Papers change cyber practices? (CRN) Security professionals assess the wreckage
Maryland hospital: Ransomware success wasn’t IT department’s fault (Ars Technica) MedStar denies ransom payment, denies earlier JBoss bugs played role
MedStar disputes report it ignored warnings that led to attack (Baltimore Sun) MedStar Health is disputing a report that the hospital company should have known as early as 2007 about weaknesses in its system that contributed to a massive cyberattack that encrypted its files
Android malware discovered on Google Play has infected millions of users with spyware (International Business Times) Russian security researchers have discovered a Trojan for Android that contains malware and spyware features hidden in 104 Android apps on the Google Play store. It has been downloaded over 3.2 million times already onto victims' devices
Bill Gates/bot malware family used to launch DDoS attacks (SC Magazine) The Bill Gates/bot family of malware continues to be used to facilitate distributed denial of service (DDoS) attacks, allowing bad actors to seize full control of infected systems, according to a threat advisory from Akamai's Security Intelligence Research Team (SIRT), which ranked the risk factor as “high”
Ginormous POST Flood Spells BIG Trouble for Hybrid DDoS Protection (Incapsula) To work on the Incapsula team at Imperva is to be exposed to DDoS attacks all of the time
This Is What Happens in a DDOS Cyber Attack (Fortune) [Video of a DDoS attack in progress.]
Official-sounding calls about an email hack (Division of Consumer and Business Education, FTC) There’s a new twist on tech-support scams — you know, the one where crooks try to get access to your computer or sensitive information by offering to “fix” a computer problem that doesn’t actually exist. Lately, we’ve heard reports that people are getting calls from someone claiming to be from the Global Privacy Enforcement Network
IRS Warns Washington D.C., Maryland, Virginia Residents of New Phishing Scam Targeting National Capital Area (IRS) As reports of phone scams as well as email phishing schemes continue across the country, the Internal Revenue Service warned taxpayers of a new phishing scam targeting Washington D.C., Maryland and Virginia residents
FBI: $2.3 Billion Lost to CEO Email Scams (KrebsOnSecurity) The U.S. Federal Bureau of Investigation (FBI) this week warned about a “dramatic” increase in so-called “CEO fraud,” e-mail scams in which the attacker spoofs a message from the boss and tricks someone at the organization into wiring funds to the fraudsters. The FBI estimates these scams have cost organizations more than $2.3 billion in losses over the past three years
FBI’s Randall Coleman: Economic Espionage Part of ‘Hybrid Threat’ Picture (GovConWire) The FBI‘s number of investigations into possible economic espionage on U.S. businesses has increased by 53 percent within the past year, a top bureau official told the Potomac Officers Club Wednesday
DHS: Risk of destructive cyberattack on grid 'low' (The Hill) The risk that nation-state hackers will launch a destructive cyberattack on the U.S. grid is low, according to a Department of Homeland Security intelligence assessment leaked by the research project Public Intelligence
Kinder, gentler hacks: A bevy of low-stakes early computer breaches (CSO) Today, IT security is a deadly serious business. But in the early days of computing, the stakes were a bit lower
Security Patches, Mitigations, and Software Updates
Cisco Releases Security Updates (US-CERT) Cisco has released security updates to address vulnerabilities in multiple products. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system
Emergency Adobe Flash update prepped as hackers actively exploit flaw (Graham Cluley) What's that? You're still using Flash??
Private SSH Key, Weak Default Credentials Removed From ExaGrid Appliances (Threatpost) ExaGrid has removed public-private pairings and weak, hardcoded default credentials from its disk-backup appliances
WhatsApp Encryption a Good Start, but Far from a Security Cure-All (Threatpost) WhatsApp’s addition of end-to-end encryption is a good start, but does not present users with a complete solution that protects against the prying eyes of intrusive governments and nosey third-parties
Cyber Trends
Is PR Hype Adding to Vulnerability Vagueness? (Recorded Future) We’re becoming used to it. Another scary vulnerability, another catchy name, another flashy logo, and a slick website to go with it. At the beginning of March a team of researchers announced that they had discovered “DROWN,” a vulnerability in HTTPS and other services that rely on SSL and TLS
Call the doctor... no, call security. Docs' mobiles are hopelessly insecure – study (Register) Get patching. Stat
One in Two Children Hide Risky Online Behavior from Parents – Kaspersky Lab Research (Tempo) In a world where the Internet and connected devices play such a big role, a major part of children’s lives goes unseen by adults, presenting parents with a difficult question: How do you ensure children are raised in a secure and safe environment without intruding on their privacy? After all, a child left alone with the Internet may encounter harmful or inappropriate content
Marketplace
Karamba Security raises $2.5 million to keep hackers out of connected cars (TechCrunch) GPS navigation. Entertainment systems that offer streaming music. Bluetooth door locks. As vehicles are increasingly connected to the internet, they also become vulnerable to hacker attacks
IBM (IBM) Announces Completion of Resilient Systems Acquisition (Street Insider) IBM (NYSE: IBM) Security announced it has completed the acquisition of Resilient Systems Inc., a privately held provider of incident response solutions
IBM Security targets incident response marketplace with Resilient acquisition (Business Cloud News) IBM Security has completed the acquisition of Resilient, as part of the company’s expansion in the incident response marketplace. Financial terms of the agreement have not been released
Investors Are Watching Verint as Government Spy Budgets Shrink (Bloomberg) For the past three years, Verint Systems Inc. has reaped handsome profits selling spyware to developing nations
Zscaler places strong focus on Australian market (ARN) Plans to make new hires after seeing sales and demand growth in the market
NSFOCUS Continues EMEA Expansion with Appointment of Industry Veteran (BusinessWire) Aftab Afzal will oversee new business initiatives in key markets
Cryptography Pioneer Christopher Allen Joins Blockstream (The Merkle News) Blockstream, a blockchain development firm that specializes in developing distributed ledger systems with particular use cases, announced yesterday that Christopher Allen has joined the company’s ranks
Coalfire’s Dan Fritsche Named Vice Chair of ETA’s Risk, Fraud & Security Council (BusinessWire) Council taps Fritsche’s leadership and expertise with security in payments industry
Products, Services, and Solutions
Imperva Incapsula Security and Performance Service Now Included in the Symantec Complete Website Security Solution (Nasdaq) Imperva, Inc. (NYSE:IMPV), committed to protecting business-critical data and applications in the cloud and on premises, today announced that Symantec has added the Imperva Incapsula service to its Complete Website Security solution
IronScales Anti-Phishing Tech Protects Israeli Companies During #OpIsrael (Ironscales) IronScales, a leading provider of phishing mitigation technology, will be helping protect Israeli companies against ransomware and other phishing-based attacks on April 7, the day where anti-Israel foes traditionally attack the country’s businesses and government agencies
WatchGuard is Making the Internet Safer for Children Around the World (Yahoo! Finance) WatchGuard Technologies, a global leader in network security, is making the Internet safer for children around the world through its support of Friendly WiFi. Initiated by the U.K. Government and managed by the RDI Trade Organization, the Friendly WiFi initiative recognizes public places – including restaurants, shops, hotels, and transportation services – that provide secure and filtered Wi-Fi
A10 Networks' Fourth Generation of Appliances Feature the Industry's Fastest ADC in a Single Rack Unit (Marketwired) A10 Networks (NYSE: ATEN), a leader in application networking and security, today announced six new Thunder Series appliances, including the industry's fastest single rack unit ADC
XO Communications launches Site Security service to help companies protect IP connections on customer networks (BusinesWire) Offering incorporates Fortinet equipment and BAE Systems managed security services
CensorNet Launches New Unified Security Service to Provide 360 Degree Protection From Modern Threat Vectors (MarketWired) CensorNet, the complete cloud security company, today announced the availability of its Unified Security Service, CensorNet USS
Interset UTM Brings Machine Learning to Network Security Policy Best Practices (Enterprise Networking Planet) Interset's UTM platform uses machine learning to identify network security threats
Mimecast guards against whaling attacks (IT Online) Mimecast has announced general availability of Impersonation Protect, the first cloud service that directly combats the growing cybersecurity threat from whaling or CEO fraud
Verint Delivers Enhanced User Experience to Security Intelligence Solutions Portfolio (BusinessWire) Verint® Systems Inc. (Nasdaq: VRNT) today introduced strategic updates to its technology portfolio that help organizations achieve greater levels of situational awareness through the delivery of robust security and business intelligence. During this week’s ISC WEST Conference and Exhibition in Las Vegas, the company is unveiling Verint Video Tracker™, and enhancements to its Verint EdgeVMS™ solution
Time For Your Checkup: Peach Fuzzer Now Finds Security Flaws In Critical Healthcare Hardware And Software Systems (PRNewswire) World's leading enterprise fuzz-testing platform helps discover zero-day vulnerabilities in sensitive health informatics and imaging files
Nest May Offer Revolv Owners Compensation On Case-By-Case Basis (Tech Times) Alphabet-owned Nest recently revealed that it will be disabling the Revolv smart home hub on May 15, which will make the $300 device worthless
DISA approves Deep Security – Federal CISOs need to be hunters, not the hunted (Trend Micro Simply Security) Governments around the world are facing an increasing challenge to contain the threat from cyberspace
Microsoft marches forward with its security plan, releasing Cloud App Security (TechCrunch) As Microsoft works its way toward implementing the security plan that CEO Satya Nadella outlined in a talk last Fall in DC, part of that has been creating tools and part buying them. Today, it announced that Adallom, a company it bought last year was becoming generally available and renamed Microsoft Cloud App Security
Microsoft boasts that Edge is the browser to use if you want security (TechRadar) Redmond's new security stats are impressive
Singtel and Inmarsat develop cyber security solution (Marine Electronics & Communications) Inmarsat and Singapore Telecommunications (Singtel) will jointly develop a maritime cyber security solution using Trustwave’s Unified Threat Management (UTM) technology. They have entered into a strategic partnership to provide UTM services with Inmarsat hardware to ships, to protect data and reduce cyber risk for maritime companies
Technologies, Techniques, and Standards
White-Box Cryptography Gains Traction (Semiconductor Engineering) A niche obfuscation methodology is becoming more popular in cost-sensitive markets. But how good is it?
Cybersecurity Standards Tackle IoT, Evolving Cyberthreats (Legaltech News) Underwriters Laboratories launched a Cybersecurity Assurance Program aimed at providing guidance to vendors in creating safe products, and confidence in technology users
Can testing outfit Underwriters Laboratories secure the Internet of Things? (Christian Science Monitor Passcode) On Tuesday, the testing lab best known as UL – and for its stamp of approval on microwaves and TV sets – rolled out standards aimed at securing the growing number of Internet connected products
15 Experts Explain Why Software Patching is Key for Your Online Security (Heimdal Security) You’ve probably noticed this too at least once in your life: people who are passionate about their work have a way of talking about it that transmits genuine enthusiasm. When talking to these people, you get a deeper, more informed perspective on the topic under discussion
Are you failing Security Basics 101? (CIO) Patching, backups, firewall configuration … when it comes to security, make sure you take care of your infrastructure before you invest in next-level tools
How to protect your Facebook account with Two-Step Verification (2SV) (Graham Cluley) Enable Login Approvals to defend your Facebook account from hackers
Design and Innovation
IBM Combines Blockchain Technology With Artificial Intelligence To Virtually Turn Back Time (International Business Times) IBM wants to combine blockchain’s distributed ledger technology with its artificial intelligence arm to make the billions of smart devices connected to the internet safer, and by doing so it would allow virtual time travel by letting regulators rewind to the point when the problem occurred and see just what happened
Research and Development
Turbo-charged quantum crypto? You'll need Cambridge laser boffins for that (Register) Pushing one laser beam inside another
WISeKey Granted Canadian Patent for the Digital Identification of Valuable Goods (BusinessWire) WISeKey International Holding Ltd (SIX: WIHN), announces that the Canadian Patent and Trademark Office has [on April 5, 2016], granted a new patent to WISeKey titled "Method and apparatus for digital authentication of valuable goods", that covers an invention related to the use of strong digital identification authentication provided by WISeKey which combined with OISTE.ORG allows valuable objects on the Internet to be authenticated using digital identification
Academia
Cyber security growing field for University of North Georgia (Gainesville Times) Because cyber security is a growing concern for the country’s defense and for private business, the University of North Georgia is emphasizing its courses in the field and planning for more programs
Pearson and Capella University Partner to Issue Digital Badges, Demonstrating Growth of Badging and Connecting Higher Education to Employability (BusinessWire) Capella University and Pearson announced today a collaboration to issue digital badges for students completing the online university’s National Security Agency (NSA) and Department of Homeland Security designated master’s program. Capella University is one of the first online universities to leverage Pearson’s Acclaim digital badging platform to signal to employers the professional skills and competencies its students have gained through coursework and certificate programs
Top US Undergraduate Computer Science Programs Skip Cybersecurity Classes (Dark Reading) New study reveals that none of the top 10 US university computer science and engineering program degrees requires students take a cybersecurity course
Legislation, Policy, and Regulation
U.S. begins cyberwar against Islamic State (Washington Times) U.S. Secretary of Defense Ashton Carter confirmed this week that the U.S. has begun waging cyberwarfare against the tech-savvy Islamic State terrorist group
Panama Papers: Government announces creation of 'panel of experts' (BBC) Panama is creating an international panel to help improve transparency in its offshore financial industry
Edward Snowden mocks David Cameron’s call for privacy after Panama Papers leaks (Washington Post) The dramatic impact of the Panama Papers leak — involving a huge cache of documents that allegedly detail the secret offshore holdings of the world's elite — is still being measured
Security: EU strengthens response to hybrid threats (European Commission) The European Commission and the High Representative adopted today a Joint Framework to counter hybrid threats and foster the resilience of the EU, its Member States and partner countries while increasing cooperation with NATO on countering these threats
Report: “Deeply divided” White House won’t support anti-encryption legislation (Ars Technica) Obama administration offered feedback on bill but will avoid taking position
Making the nuclear point (Indian Express) The Fourth Nuclear Security Summit brought a timely focus on the link between nuclear and cyber security
Opinion: Why trade secrets bill will deter cybercrime (Christian Science Monitor Passcode) The Defend Trade Secrets Act is another sign that the US government is finally acknowledging that an active deterrence must be a key part of any successful cybersecurity plan
N.K. cyber capabilities pose serious challenges to U.S.: cyber command chief (Korea Herald) North Korea's cyber capabilities pose serious challenges to the United States, the U.S
Homeland Security Dept. Struggles to Hire Staff to Combat Cyberattacks (New York Times) At a time of increasing threats of cyberattacks on critical infrastructure, the Department of Homeland Security is having trouble recruiting much-needed computer experts because it cannot match the pay of the private sector and does not have the same allure as intelligence agencies
DIA Selects New Deputy Director (Defense Intelligence Agency) DIA Director Lieutenant General Vincent R. Stewart announced yesterday that Melissa Drisko will become the agency’s Deputy Director effective in August 2016. Drisko currently serves as DIA’s Director for Rank-in-Person Implementation
Litigation, Investigation, and Law Enforcement
FBI says hack tool only works on iPhone 5c (CSO) FBI Director James Comey said the FBI bought the tool
Will recycling the San Bernardino iPhone hack put consumers at risk? (Christian Science Monitor Passcode) Now that the FBI has unlocked the San Bernardino iPhone, there's a new public debate over how to responsibly disclose vulnerabilities the government finds. Security pros say that once a technical flaw is announced, it must be patched quickly – but law enforcement may be able to reuse them in future cases
FBI, DEA and ICE are top Cellebrite customers so far in 2016 (Computerweek) Here's a list of the government customers of Cellebrite so far in 2016
HackingTeam’s global export license revoked (Help Net Security) The Italian Ministry of Economical Progress (Il Ministero dello Sviluppo Economico – MISE) has revoked HackingTeam’s licence to export their Galileo remote control software outside of the EU
Spy Tool Ruling Inches the Stingray Debate Closer to the Supreme Court (Wired) When a Maryland appeal’s court recently ruled that police were wrong to use a secretive cell-phone tracking device known as a stingray without a warrant, civil liberties groups cheered over the clear privacy message the three-judge panel sent to law enforcement
Couple hosting Tor exit node raided by cops investigating child abuse (Naked Security) Jan Bultmann and David Robinson, a married couple from Seattle and well-known privacy activists in that city, were awakened early one morning last month by police with a search warrant for their home