Cyber Attacks, Threats, and Vulnerabilities
Swedish air controllers debunk cyber attack disruption theory (Register) Solar storms blamed for outage. Sweden's civil aviation administration (LFV) has concluded that radar disruptions that affected services in Stockholm and Malmö last November were down to the effects of a solar flare, scotching rumors reported by El Reg and others earlier this week that a hacker group linked to Russian intelligence might be to blame
Update: Swedish airports suffer potential cyber-attack (SC Magazine) Despite being initially blamed on a cosmic storm, a service outage in Sweden late last year may have been a co-ordinated attack
Researcher Identifies XSS Filter Bypass in Microsoft Edge (Softpedia) The issue is not fixed, Microsoft still working on it. Gareth Heyes, one of the security researchers working for PortSwigger, the company behind the famous Burp Suite security testing toolkit, has found a bypass for Microsoft Edge's built-in XSS filter
Cisco Researchers Discover Millions of Servers Which Can Spread Ransomware (Bitcoinist) Although some people will argue the topic of Bitcoin ransomware has been beaten around the bush one time too many, it is important to bring attention to these threats. A new Cisco Systems study shows how 3 million servers are at risk of ransomware infections. When will people and enterprises learn to take cyber security more seriously?
Millions of unpatched JBoss servers open to abuse (IT News) Security researchers at Cisco's Talos group have discovered a large number of vulnerable internet-connected systems running out-of-date JBoss installations, with thousands of servers already compromised
Schools put on high alert for JBoss ransomware exploit (CSO) More than 2,000 machines are ready to be infected, Cisco says
Rise of the malware-hunting malware (Venture Beat) Imagine this scenario: A malware operator breaks into a network and finds another malware there already at work. What happens next? Do they collaborate or attack each other?
The Vigilante Who Hacked Hacking Team Explains How He Did It (Motherboard) Back in July of last year, the controversial government spying and hacking tool seller Hacking Team was hacked itself by an outside attacker. The breach made headlines worldwide, but no one knew much about the perpetrator or how he did it
Hacker who hacked Hacking Team published DIY how-to guide (Network World) The hacker who hacked the Hacking Team published a DIY how-to guide, explaining how he did it and including tips to avoid being busted.
This Hacker's Account of How He Infiltrated Hacking Team Says a Lot About Digital Security (Gizmodo) You may remember that last year, a hacker exposed the inner workings of Hacking Team, a company that makes spyware for governments. Now that the dust has settled down, someone claiming to be the hacker has posted all the details on how he did it
Hack Back! A DIY Guide (Pastebin) The English-speaking world already has tons of books, talks, guides, and info about hacking. In that world, there's plenty of hackers better than me, but they misuse their talents working for "defense" contractors, for intelligence agencies, to protect banks and corporations, and to defend the status quo. Hacker culture was born in the US as a counterculture, but that origin only remains in its aesthetics - the rest has been assimilated. At least they can wear a t-shirt, dye their hair blue, use their hacker names, and feel like rebels while they work for the Man
New malware GozNym is stealing millions from U.S. bank account holders (Yahoo! Tech) Hiding your money under your mattress may seem like an antiquated idea, but it may be the only way to stop a new hybrid malware monster that is attacking American and Canadian bank accounts
10 whaling emails that could get by an unsuspecting CEO (CSO) Real-life whaling attempts show the intricate changes perpetrators try to make to trick a CEO
Criminals Bribe Chinese Security Firm to White-List Malware (Spamfighter) The latest about cyber-criminals is that they're bribing security companies for smuggling malicious software and incorporating it into mobile gaming applications' source-codes. Security investigators belonging to Check Point exposed the scam wherein owners of malicious software bribed the staff working at one China-based mobile games firm for embedding malware inside mobile applications
Cyber attack temporarily shut down Newark police computer systems (NJ.com) A cyber attack against the Newark Police Department computer network shut down various systems used by the department for several days last week, NJ Advance Media has learned
UBC faces cyber attack (Ubyssey) On Thursday, April 14, UBC announced that it has been the target of what they are identifying as a “brute force attack” against their identity management infrastructure
Explosion in ransomware, 0-days driven by cybercriminals' growing professionalism (CSO) Online extortionists borrowing from marketing playbook to speed payment as Australia remains world's biggest target
That man who ‘deleted his entire company’ with a line of code? It was a hoax (CSO) Stack Overflow said it was 'not particularly amused'
Security Patches, Mitigations, and Software Updates
Uninstall QuickTime for Windows: Microsoft Stops Support (N4BB) Microsoft will no longer patch security flaws in QuickTime media player and is asking users to uninstall the software to avoid being hacked
Uninstall Quicktime, US Government urges PC users (Belfast Telegraph) The US government is urging PC users to uninstall Quicktime from their computers, over fears that weaknesses in the software could leave them vulnerable to cyber-criminals
Cyber Trends
How Is EMV Transition Going? (eSecurity Planet) U.S. retailers are in no hurry to transition to EMV, surveys find. What is holding them back?
Time to Face the Ransomware Crisis in U.S. Healthcare: Industry Experts Speak Out (Healthcare Informatics) Industry experts agree it’s time for healthcare IT leaders to meet the ransomware crisis head-on
Marketplace
Cyber security has become an economic imperative (BUsiness Insider) Cyber security is an economic imperative. It is key to the protection of organisations of all sizes, to the personal data of our people, and to ongoing jobs growth and wealth creation. After all, a robust and thriving digital economy is built on trust
Cisco leads IoT security market, followed by Intel and Symantec (ChannelLife) The growing number of connected devices in organisations across the globe is driving the demand for IoT security. In fact, in 2015 the number of connected devices across the globe was 10.83 billion, and by 2020, the number will reach 41.15 billion, says Amrita Choudhury, one of Technavio’s lead analysts for IT security
Magic Leap Acquires Israeli Cyber Security Company NorthBit (Bloomberg) Magic Leap Inc., a U.S. startup working on a device that simulates reality, acquired Israeli cybersecurity company NorthBit to bolster its advanced software research
Alert Logic Acquires Click Security (Marketwired) Alert Logic (www.alertlogic.com), the leading provider of Security-as-a-Service solutions for the cloud, today announced that it acquired Austin-based Click Security
Orange Closes Acquisition of Cybersecurity Specialist (Light Reading) “Orange has identified cybersecurity as one of its strategic priorities. With this acquisition, Lexsi, the Threat Intelligence Services company, bolsters our ability to detect, analyse and respond to the threat of cyber-attacks and positions us as a major player in this field in Europe,” says Michel Van Den Berghe, CEO of Orange Cyberdefense
Inside CrowdStrike: What does Google’s first cyber security investment tell us about its security plans? (Computer Business Review) C-level briefing: CrowdStrike's CTO and co-founder explains what his company is doing differently and why that attracted investment from the world's most valuable company
What’s Going on with the Verizon Strike? (Law Steet) A 10-month-long contract dispute has finally come to a head as 36,000 Verizon employees went on strike Wednesday
Channel Beat: How Verizon Strike May Harm MSPs (CRN) This week Verizon workers started the largest strike the carrier has experienced in years. About 36,000 East Coast workers went on strike after the telecom company failed to reach an agreement with unionized employees
Palo Alto, Cognizant, Bright Spots as Barclays Cuts IT Spending Forecast (Barron's) Barclays analysts Mark Moskowitz and Raimo Lenschow and colleagues today cut estimates for global IT spending, citing a “subdued” outlook for services and continued struggle for hardware products of various kinds
Why Shares of Ixia Slumped on Friday (Motley Fool) The network security company now expects revenue to decline during the first quarter, which sent investors to the exits
FireEye Inc: Can FEYE Rekindle Its Rally? (Investor Place) Upside may not come all at once, but as a long-term play, FEYE has real potential
Cisco's Merger Maven Details How It's Rebooting Its Strategy (The Street) While Cisco Systems (CSCO - Get Report) built its name on routers, switches and network hardware, the Silicon Valley icon has rebooted its strategy in recent years to focus more on software. The San Jose tech giant is learning to code, and has acquired a slate of software properties to gain footholds in strategic markets
Products, Services, and Solutions
Is free antivirus software secure enough, or is it better to buy? (Peninsula) A piece of malicious software nicknamed Locky has been encrypting personal data and demanding a ransom to unlock files since February
Lieberman Software Teams With FireEye (SoCalTech) Los Angeles-based cybersecurity software developer LIeberman Software said this week that it has partnered with FireEye, to better respond to data breaches and threats. According to the company, its new integration triggers rapid, real time credential rotation for systems, whenever a cyber threat is identified, making it more difficult for attackers to gain access to systems
Technologies, Techniques, and Standards
DHS, DISA cyber chiefs: Network monitoring is still 'a challenge' (Fed Scoop) Sprawling organizations and layered networks pose hurdles to agencies attempting to be proactive about cybersecurity, federal officials told the Security Through Innovation Summit
Cryptography, information assurance, cloud and others: 5 key skills for cyber security professionals (Computer Business Review) List: Protecting data and systems in the modern business requires a range of disciplines
Research and Development
8 cyber security technologies DHS is trying to commercialize (Network World) Agency hopes to put $1 billion investment to practical use
Academia
Northrop Grumman Awards Scholarships to Cyberpatriot VIII Winners (EIN News) Northrop Grumman Corporation (NYSE:NOC) awarded $50,500 in scholarships last night to high school students on the winning teams of the CyberPatriot VIII National Finals Competition
Legislation, Policy, and Regulation
First on CNN: U.S. and Russia meet on cybersecurity (CNN) Senior cybersecurity officials from the U.S. and Russia are holding meetings this week on cybersecurity, renewing efforts to prevent the countries from mistakenly getting into a cyber war, U.S. officials say
Opinion: China's national security law significant for stability, development (New China) The national security law adopted by China will not pose a threat to others, but safeguard stability and development in the country and region as a whole
Germany Thinks Cyber (Trumpet) The German Army prepares for cyberwar
U.S. Ratchets Up Cyber Attacks on ISIS (Daily Beast) Military hackers are disrupting ISIS’s encrypted chats, implanting viruses in terrorists’ computers, and mining the machines to launch real-world strikes
DOD adds electronic attack aircraft to the fight against ISIS (Defense Systems) The Defense Department has turned to a wide array of capabilities in its fight to deal ISIS a “lasting defeat,” in the words of Defense Secretary Ashton Carter. In an announcement late this week, DOD said EA-6B Prowler aircraft from the Marine Corps Tactical Electronic Warfare Squadron 4 have deployed to Turkey to “support electronic attack requirements in Operation Inherent Resolve, the effort to counter” ISIS, also known as ISIL
Here’s What the Burr-Feinstein Anti-Crypto Bill Gets Wrong (Just Security) The latest Crypto War is being fought on multiple fronts: behind closed doors, in the courts, and now in Congress
Data security: Why there is an urgent need for universal law that will address privacy issues (Economic Times) Technology has stamped itself as the new frontier for civil liberties where the battle for tomorrow’s consumer will be fought on a trust score. Barely months after one of the world’s most valuable companies, Apple, refused to cooperate with the world’s most powerful government to hack a phone, Microsoft is taking on the United States Justice Department
House subcommittee examines preparedness for electrical grid cyberattack (SC Magazine) A House subcommittee hearing Thursday examined state and local government preparedness in case of cyberattack on the U.S. electrical grid
Undersecretary Spaulding on why NPPD needs a new name (Federal Times) The head of Homeland Security's Cyber Division explains what's in a name
Maryland National Guard steps up role in cyberspace (Baltimore Sun) Each year, the imaginary nation of Berylia is summoned into existence solely to have its simulated computer networks pummeled by an elite team of hackers
Litigation, Investigation, and Law Enforcement
Is the FBI Hiding a Firefox Zero-Day? (Softpedia) After FBiOS, get ready for Mozilla vs. the FBI. A question posed by a researcher from the International Computer Science Institute in Berkeley, California has led many to believe, even us, that the FBI may be sitting on a Firefox zero-day which it is currently fighting in US courts to keep secret
German spy chiefs on Snowden: Leaks were Russian op to drive ‘wedge’ between US & Europe (Russia Today) Edward Snowden’s leaks on the BND targeting European bodies and individuals at NSA’s request could be part of Moscow’s elaborate efforts to “drive a wedge” between the United States and Europe, German intelligence chiefs have claimed
Microsoft spells out Azure security liability (Cloud Pro) Advisory details which areas of its private cloud offerings companies need to safeguard themselves