Cyber Attacks, Threats, and Vulnerabilities
The Panama Papers – could it happen to you? (Naked Security) Here’s a good guess: a month ago, you’d never heard of a company called Mossack Fonseca.
Panama Papers: Spy agencies widely used Mossack Fonseca to hide activities (Russia Today) Intelligence agencies from several countries, including CIA intermediaries, have abundantly used the services of Panamanian law firm Mossack Fonseca to "conceal" their activities, German newspaper Sueddeutsche Zeitung (SZ) says, citing leaked documents
Massive malvertising attack poisons 288 sites (Naked Security) A malvertising campaign has swamped most of the Netherlands’ most popular sites, affecting millions of users
Attackers are using Microsoft's PowerShell to cloak their activities, warns Carbon Black (FierceITSecurity) There has been a substantial increase of attackers exploiting Microsoft's PowerShell, a Windows task automation and configuration management framework, during cyberattacks, according to a study [.pdf] released Tuesday by security firm Carbon Black
‘PowerShell’ Deep Dive: A United Threat Research Report (Carbon Black) A data analysis of how PowerShell is being used for malicious intent, based on 1,100 investigations conducted by more than two dozen Carbon Black security partners
How Bad is Badlock (CVE-2016-0128/CVE-2016-2118)? (TrendLabs Security Intelligence Blog) News about Badlock vulnerability affecting Windows computers and Samba servers started showing up on Twitter and media around three weeks ago
Badlock revealed – probably not as bad as you thought (Naked Security) A few weeks ago, we wrote about an unusual sort of vulnerability called Badlock
Mac Users Attacked Again by Fake Adobe Flash Update (Intego Mac Security Blog) Mac users are once again being urged to exercise caution when installing updates to Adobe Flash Player, after a fake update was discovered infecting computers
Apple Bug Exposed Chat History with a Single Click (Intercept) In the middle of intense public debate over whether Apple should be forced to help the government decrypt iPhones for criminal investigations, the company quietly closed a six-month-old security vulnerability in its Messages app
G DATA entdeckt neue Ransomware Manamecrypt (Pressebox) Verschlüsselungstrojaner nutzt ungewöhnlichen Verbreitungsweg
Ransomware Threat Levels: Elevated. Executives, are You Listening? (Health Leaders Media) Have executives run out of excuses to postpone increasing security awareness, employee training, and overall IT security budgets? Based on events of the past two months, one could make a pretty compelling case
With few options, companies increasingly yield to ransomware demands (IDG via CSO) Attackers view stolen or encrypted data as a powerful weapon
Ransomware: Extortionist hackers borrow customer-service tactics (Reuters) When hackers set out to extort the town of Tewksbury, Massachusetts with "ransomware," they followed up with an FAQ explaining the attack and easy instructions for online payment
The Professionalisation of Cyber Criminals (INSEAD Knowledge) Opportunistic hackers are taking advantage of the maturing dark web markets and Cybercrime-as-a-Service business model to professionalise their activities
How credit card fraud in the US supports Russia's underground economy (ZDNet) HPE's deep dive into the Internet's underbelly reveals how worldwide operators cash in on your data
Political statements largely behind DDoS attacks (CSO) US has highest number of DDoS attacks in Q1, surpassing Turkey as the top target for geopolitical events
Defining the threat in the energy sector (CSO) By analyzing their motivation and procedures we gain a better understanding of who might be a target and why
Airbus boarded by 12 nation-state, crimeware 'breaches' every year (Register) State-sponsored hackers will do 'everything' to get in, says CISO
Only a third of companies know how many vendors access their systems (CSO) The average company's network is accessed by 89 different vendors every week
True Story: What I Found Out About a Person After Having Accidentally Found Their Travel Card (Heimdal Security) I was strolling on the alley that leads to the street where my home in Brussels is, and I was looking at the trash bags on the sidewalk. It was the white trash bags day (household waste), and I tend to look at it attentively, ever since a couple of glass containers saved me from taking the metro the day the Brussels terrorist attacks happened last month (because I stopped to drop them off at a glass container closer to the bus)
Security Patches, Mitigations, and Software Updates
Microsoft Unleashes 13 Bulletins, Six Critical (Threatpost) Microsoft today released a lucky 13 bulletins for April, with six rated critical and the others important. In total, Microsoft patched 29 unique CVEs for this round, with the most anticipated patch tied to Badlock
Samba Security Updates Address Badlock Vulnerabilities (US-CERT) The Samba Team has released security updates that address vulnerabilities, collectively known as Badlock, affecting both Windows operating systems and Samba in UNIX-like platforms. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system or create a denial-of-service condition
Adobe Releases Security Updates (US-CERT) Adobe has released security updates to address vulnerabilities in Flash Player, Creative Cloud Desktop Application, and RoboHelp Server. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system
Adobe zero-day update gets top billing in April Patch Tuesday (TechTarget) An Adobe zero-day update received top billing as Microsoft released its April Patch Tuesday fixes
Verizon pushes security patch update to the Moto X 2014 (Android Central) Verizon is now rolling out an update to the Moto X (2014) that brings along the latest Android security patches
Cyber Trends
Survey: Two-thirds of security pros believe a US catastrophic cyberattack is coming within a year (FierceITSecurity) Close to two-thirds of 200 security industry execs who were surveyed at the RSA Conference by privileged account management provider Thycotic believe terrorists are capable of launching a catastrophic cyberattack on the U.S. within one year
Panama Papers Leak Signals a Shift in Mainstream Journalism (New York Times) Four years passed between The New York Times’s first article based on the Pentagon Papers and the end of the Vietnam War
Open source code is rarely patched when vulnerabilities are found (FierceCIO) Open source code is a convenient and cost-effective way for developers to build apps. However, as CIO noted in a recent article, once that code makes its way into an app, it's rarely ever updated to fix vulnerabilities that are found later. CIO offered up some tips on how to keep open source products secure
Malware is getting nastier, but that shouldn’t matter (Computerworld via CSO) Sure, cybercriminals are always improving their wares, but nothing has changed about how our machines actually get infected
Poor cybersecurity can derail corporate innovation, mission-critical initiatives (FierceITSecurity) A full 71 percent of 1,014 senior executives in 10 countries surveyed by Cisco said that concerns over cybersecurity are impeding innovation in their organizations, and close to 40 percent said that they have halted mission-critical initiatives due to cybersecurity issues
Top 10 business risks in the Americas (Property Casualty 360) For the fourth year in a row, business interruption risks (including supply chain disruption) rank as a top three global risk, according to the Allianz Risk Barometer
Risk management hinges on perspectives and observations (Business Insurance) Having the right perspective, collaborating with the right partners and being able to pick up on telltale signs of deception are critical tools for risk managers
Attacks are driving cloud security market growth (Help Net Security) The global cloud security market is expected to grow at a CAGR of over 20% until 2019, according to Technavio
PH twice likely to face cyberattacks than worldwide average (Rappler) FireEye representatives say at least 3 advanced persistent threat groups (APTs) and a number of other advanced threat actors are targeting the country
Marketplace
Cybersecurity firm Optiv (previously Accuvant and FishNet Security) has acquired IAM firm Advancive (Silicon Angle) Cybersecurity solutions provider Optiv Security, Inc. (previously Accuvant and FishNet Security) has acquired identity and access management (IAM) firm Advancive LLC for an undisclosed sum
This Is Why Shares of Juniper Networks Are Sliding (Fortune) It was a dark start to the earnings season when cybersecurity and hardware maker Juniper Networks JNPR -6.19% posted a preview to earnings Monday, cautioning investors to expect a weaker first quarter due to lower demand for its computer network for businesses
Cisco Systems, Inc (CSCO) Falls After Juniper Networks, Inc. Cuts Guidance (Bidness Etc.) Cisco stock slipped over 2% today, after peer Juniper Networks slashed its quarterly guidance based on soft demand in the enterprise space
Fortinet (FTNT) Weak On High Volume Today (TheStreet) Trade-Ideas LLC identified Fortinet ( FTNT) as a weak on high relative volume candidate. In addition to specific proprietary factors, Trade-Ideas identified Fortinet as such a stock due to the following factors
Analysts Keeping an Eye on Palo Alto Networks, Inc. (PANW) (CWRU Observer) Wall Street analysts have favorable assessment of Palo Alto Networks, Inc. (PANW), with a mean rating of 1.7. The stock is rated as buy by 19 analysts, with 21 outperform and 3 hold rating. The rating score is on a scale of 1 to 5 where 1 stands for strong buy and 5 stands for strong sell
Proofpoint’s (PFPT) Outperform Rating Reaffirmed at Wedbush (Washington News Wire) Proofpoint Inc (NASDAQ:PFPT)‘s stock had its “outperform” rating reiterated by analysts at Wedbush in a research note issued on Tuesday, AnalystRatings.NET reports
FireEye CEO Says that Obama-China Deal Hurt His Business (DCInno) With FireEye's braintrust in town for the company's annual D.C.-based government forum event, we got a chance to speak with CEO Dave DeWalt and President Kevin Mandia. Interestingly, FireEye (FEYE)—the cybersecurity giant and parent company of local brands Invotas and Mandiant—experienced a turbulent 2015
How Verizon finds IoT innovation outside its four walls (Network World) Verizon Ventures digs into enterprise Internet of Things to fill gaps, build for the future
CIOReview Honors LookingGlass Cyber Solutions Among The 20 Most Promising Enterprise Security Companies in 2016 (BusinessWire) LookingGlass Cyber Solutions, the leader in threat intelligence and dynamic threat defense, today announced that CIOReview has ranked LookingGlass Cyber Solutions among the 20 Most Promising Enterprise Security Companies in 2016
Cryptzone Wins Cyber Defense Magazine Awards Across Multiple Categories (Cryptzone) Cryptzone earns gold for The Cutting Edge Solution for Access Control and The Most Innovative Data Leakage Prevention Solution
Air Force awards $11.5M intranet contract (C4ISR & Networks) Cyber Defense Information Assurance has been awarded an $11.5 million Air Force contract modification for network support
How to prepare for your first infosec job hunt (Help Net Security) You’re new to the information security industry and you’re wondering what to expect during an interview. A quick online search will bring up horror stories involving large IT corporations asking absurd questions like “How much should you charge to wash all the windows in San Francisco?”
Fort Gordon Cyber Command continues growth (WRDW News 12) As Fort Gordon breaks ground on a new part of the Cyber Command Center, and add thousands of new jobs over the next few years, experts already in the cyber security field say there's even more coming
ThreatQuotient Appoints Faraz Siraj to Lead New Threat Alliance Program (Threat Quotient) Industry veteran brings over 20 years of experience and proven track record building successful sales and channel initiatives
CYBERBIT Names Cyber Security Veteran Stephen Thomas - CYBERBIT Commercial’s VP Sales, North America (CYBERBIT) CYBERBIT Ltd., a subsidiary of Elbit Systems Ltd., announced today that Stephen Thomas, formerly Vice President, Americas Channel Sales at Symantec, has joined CYBERBIT Commercial Solutions Inc. (CYBERBIT Commercial) as Vice President of Sales for North America
Don Jackson Joins Damballa as Senior Threat Researcher (BusinessWire) Damballa, the experts in network security monitoring for advanced threats, announced today that security veteran Don Jackson has joined the firm as a Senior Threat Researcher
Products, Services, and Solutions
BeyondTrust Strengthens Cybersecurity Capabilities for Customers, Joins the FireEye Cyber Security Coalition (BeyondTrust) BeyondInsight analytics for advanced cyber threat detection and response enhance FireEye’s security platform
GoPhish: Free phishing toolkit for training your employees (Help Net Security) Too many system and network breaches today start with a well-designed, persuasive phishing email, and organizations and businesses would do well to continually train their staff to spot bogus and potentially malicious emails
Netwrix Auditor 8.0: Visibility into hybrid cloud IT infrastructures (Help Net Security) Netwrix released Netwrix Auditor 8.0. The new version of the IT auditing platform simplifies detection of security threats and enables organizations to gain control over critical data across all levels of IT environment, including hybrid cloud and storage appliances
FireEye Leads the Security as a Service Transformation With Expansion of FireEye as a Service (MarketWired) The only intelligence-led platform delivered as a service expands threat coverage and adds new partner program to solve security resource challenges and prioritize response against threats
Proofpoint Stops Impostor Emails with Industry’s Only Dynamic Fraud Protection (EconoTimes) New dynamic classification ensures organizations worldwide are quickly protected from socially-engineered impostor emails, also known as business email compromise (BEC) or CEO fraud
Attivo Networks and Blue Coat Improve Incident Response Time With Automated Information Sharing (MarketWIred) Partnership enables customers to promptly block attacks and quarantine infected devices
Sumo Logic Announces Industry's First Machine Data Analytics Platform That Unifies Logs and Metrics Data (MarketWired) Powered by patented machine learning technology, structured and unstructured data is now transformed into real-time continuous intelligence for modern applications
Technologies, Techniques, and Standards
Security Think Tank: Using vulnerability management to support the patching process (ComputerWeekly) What strategies can companies adopt to deal with the huge volume of software updates they are facing?
Panama Papers: A data security disaster (Help Net Security) The Panama Papers security breach is a juicy, made-for-the-Internet scandal. It has all the elements – secret off-shore accounts; involvement by international politicians, criminals, celebrities and sports stars; 11.5 million files cyber-filched from a law firm’s files and then leaked to the media
5 Critical Considerations for DLP: a Q&A with Brian Reed (Digital Guardian) The Gartner DLP research director recently participated in a Q&A to answer some of your top questions about data loss prevention. Read the interview for more
CryptoHost locks files, but you can get them back (Help Net Security) If you’re a user whose files are held for ransom by the CryptoHost (aka Manamecrypt) ransomware, despair no more about getting them back without paying for it – the ransomware has been “decrypted”!
Identify the ransomware you’ve been hit with (Help Net Security) Michael Gillespie, a coder that has created a password generator for unlocking the files stashed in a password-protected archive by the CryptoHost ransomware, has also created ID Ransomware, a free online tool for victims to identify with which particular ransomware they’ve been hit
Health organizations team up to thwart cyberattacks (FierceHealthIT) Hospitals and medical schools across the U.S. are teaming up in their quest to thwart cyberattacks
The pros and cons of common access cards (C4ISR & Networks) Traditional authentication mechanisms, such as username/password combinations, offer only a single factor of authentication: something the user knows. Common access cards, on the other hand, provide two: something the user knows (the PIN) and something the user has (the card)
Protecting against advanced attacks: Planning for successful cyber security (BAE Systems) We all know that targeted attacks are on the rise. But contrary to what you may hear, there is no silver bullet. A good cyber security program requires a well-defined strategy, talented resources and a coordinated set of security tools
Design and Innovation
The Simpsons math secret is the key to better security (CSO) A Simon Singh keynote at InfoSec World 2016 revealed an opportunity for better security by following the advice giving to the writing team
Research and Development
$20M partnership with UI, Homeland Security (Illinois Homepage) The University of Illinois is partnering with the Department of Homeland Security on a $20 million program. It's called the Critical Infrastructure Resilience Institute (CIRI)
Academia
Air Force Academy to graduate first three cyber majors (Air Force Times) The Air Force Academy's fledgling cyberspace major will graduate its first three cadets this year, superintendent Lt. Gen. Michelle Johnson said Tuesday
Stanford Unveils New, Updated Online Courses in Computer Security (Campus Technology) Stanford University has enhanced its online certificate program in advanced computer security, adding a new course in network security and updating its course in emerging threats and defenses
Legislation, Policy, and Regulation
A Breakdown of the Current Version of Brazil's Cybercrimes Bill (Global Voices) After much pressure from Internet rights advocates, proponents of new cyber crime legislation in Brazil removed some of the most controversial elements of the bill on April 11
Collaboration vital to reduce economic impact of CNI cyber attack (ComputerWeekly) The interconnected nature of critical national infrastructure (CNI) means the impact of the risk and the cost of a cyber attack grows exponentially every day
China says tech firms pledge to counter online terror activities (Reuters) Twenty-five Chinese technology companies have signed a pledge to counter images and information online that promote terrorism, the internet regulator said on Tuesday, months after China passed a controversial new anti-terrorism law
‘It Sucks To Be ISIL:’ US Deploys ‘Cyber Bombs,’ Says DepSecDef (Breaking Defense) Deputy Defense Secretary Bob Work told reporters today that ISIL is under tremendous pressure from the United States — “from every single direction, the north, the east, the west and the south” — and the terrorist group has lost every engagement with allied forces over the last six months. That apparently includes in cyberspace
Microsoft wants US-EU Privacy Shield approved (FierceCIO) U.S. software giant Microsoft announced its support of the EU-U.S. Privacy Shield Monday in a blog post by John Frank, the company's vice president of EU government affairs
Improving and Modernizing Federal Cybersecurity (The White House) Summary: Today, the Administration proposed legislation to establish a $3.1 billion Information Technology Modernization Fund to further improve our nation’s cybersecurity
DHS warns on cyber risks of open source (FCW) The Department of Homeland Security has suggested striking significant passages from a draft White House policy on open software out of concern that baring too much source code will increase the government's vulnerability to hacking
SEC Would Use Boost in Funds for Cybersecurity, Advisor Exams (ThinkAdvisor) SEC Chief White tells Senate Appropriations panel that cyber and advisor exams are priorities
The Obama Administration Is Struggling to Reform the Security Clearance Process (Defense One) OPM, ODNI and other agencies are failing to meet their own deadlines on a wide array of measures aimed at sniffing out internal threats
DHS, EPA fill key cyber, IT executive roles (Federal News Radio) The Homeland Security Department has filled another key cybersecurity position that had been in an acting status for about a year
NSA appoints first transparency officer (Washington Times) The National Security Agency has appointed its first transparency officer — three years after leaks made by former contractor Edward Snowden exposed the agency’s surveillance programs and led to calls for increased public disclosures. Rebecca Richards, who already serves as director of the NSA’s Civil Liberties and Privacy, will take on the dual role as the agency’s transparency officer
Litigation, Investigation, and Law Enforcement
FBI paid professional hackers one-time fee to crack San Bernardino iPhone (Washington Post) The FBI cracked a San Bernardino terrorist’s phone with the help of professional hackers who discovered and brought to the bureau at least one previously unknown software flaw, according to people familiar with the matter
Universal Credit at high risk of cyber-attack, fraud from the outset (Register) So was agile making it up as they went along?
Peru raids offices of Panama Papers firm (USA Today) Fallout from the explosive Panama Papers leaks spread to Peru in the midst of a bitter presidential election battle when authorities raided the Lima office of the Panamanian law firm Mossak Fonseca
Panama Papers: UK's Cameron fights back in parliament (Al Jazeera) David Cameron lashes out at 'deeply hurtful' allegations made against his father after the Panama Papers leak
Costa Rica to investigate whether hackers 'rigged' its 2014 election (FierceITSecurity) After scores of reports and complaints, Costa Rica has decided to investigate whether hackers rigged its 2014 election
Judicial Watch, feds negotiate fact-finding in Clinton email case (Politico) Lawyers for the State Department and a conservative group are in talks about the scope of a fact-finding process a federal judge has authorized in a lawsuit relating to former Secretary of State Hillary Clinton's private email server, according to a new court filing
Obama: The Word 'Classified' Means Whatever We Need It To Mean (TechDirt) How do we know whether information is classified? Well, because the government tells us it is. But what does that mean? It turns out it means whatever the government wants it to mean, subject to time, place, personnel involved, etc
Taiwan Denies Role in Spy Case Involving U.S. Navy Officer (New York Times) Taiwan’s military denied any involvement on Tuesday in the case of a United States naval officer under investigation on suspicion of providing secret information to Taiwan or China
Comelec to sue hackers 'in next few days' (Rappler) The Comelec says it is also open to sanctioning its own personnel who may have been responsible for the biggest leak of personal data in Philippine history
IRS security is failing taxpayers, senator says (IDG via CSO) The agency has suffered recent breaches, but Congress shares the blame, Wyden says
Australia an attractive target for cyber criminals, expert says (Australian Broadcasting Corporation) A senior analyst for the Australian Crime Commission says the country's relative wealth and high use of technology and online services makes it an attractive target for cyber crime
Uber says gave U.S. agencies data on more than 12 million users (Reuters) Uber Technologies Inc [UBER.UL] on Tuesday released its first ever transparency report detailing the information requested by not only U.S. law enforcement agencies, but also by regulators
Prosecutor suspended over fake Facebook profile used in murder prosecution (Naked Security) A US lawyer from Ohio has been suspended for a year for posing as the mistress of a murderer on Facebook to turn his girlfriend against him
6000 staff join data breach lawsuit against Morrisons (SC Magazine) Morrisons is still feeling the ramifications of a data breach two years ago as 6000 current and former staff signed up to a group lawsuit ahead of the 8 April deadline
Finjan patent lawsuit against Symantec back on track after patents escape IPR (IP Watchdog) Finjan Holdings, Inc. (NASDAQ: FNJN), the parent of wholly-owned subsidiary Finjan, Inc., announced several weeks ago that the Patent Trial and Appeal Board (PTAB) of the United States Patent & Trademark Office (USPTO) issued the final rulings on attempts by Symantec Corporation’s (NASDAQ: SYMC) to invalidate 8 different Finjan’s patents through inter partes review (“IPR”)