Cyber Attacks, Threats, and Vulnerabilities
Pro-Daesh hackers target Wisconsin government websites (CSO) Daesh script kiddies spent the weekend posting propaganda on more than 80 domains
How hackers eavesdropped on a US Congressman using only his phone number (Ars Technica) SS7 routing protocol also exposes locations, contacts, and other sensitive data
Hackers can track your iPhone whatever security measures you take (Hack Read) After all the fuss about how the FBI was able to get a pass into an iPhone recently, 60 Minutes decided to do their own research. Unfortunately according to the results that were found, regardless of the strong encryption system that Apple puts on our devices, most users are still at risk
CryptXXX: New Ransomware From the Actors Behind Reveton, Dropping Via Angler (Proofpoint) Proofpoint researchers recently found a previously undocumented ransomware spreading since the end of March through Bedep after infection via the Angler Exploit Kit (EK)
Ransomware: Is It Ever OK to Pay? (Inforisk Today) Payoffs create 'perverse incentive' for attacks to continue
Meet the ISIS Defector Who Handed Over Stolen Personnel Files (NBC New) We've become accustomed to seeing leaked documents, stolen from governments and corporations but we never expected to get our hands on the raw intelligence treasure trove known as "The ISIS Files." The man who gave us the files was hardly a classic whistleblower
Out-of-date apps expose three million servers to crypto ransomware (Inquirer) And you thought you had problems
Threat of Mobile Malware Continues to Grow as 'HummingBad' Attacks Move Up Check Point Research Rankings (MarketWired) At the company's annual customer event, the Check Point Customer Experience (CPX), Check Point® Software Technologies Ltd. (NASDAQ: CHKP) today announced the most prevalent malware families being used to attack organizations' networks and mobile devices globally in March 2016
‘Double-Headed Beast’ Malware Steals $4 Million From US Banks In 3 Days (Money Street) In early April, cybercriminals believed to be of Eastern European origin unleashed a malware that stole $4 million from more than 24 American and Canadian banks in just a few days, security researchers at IBM said today
The POS Malware Epidemic: The Most Dangerous Vulnerabilities and Malware (IBM Security Intelligence) Point-of-sale (POS) malware is an information security ailment that, within less than seven years, reached colossal proportions and became more damaging to organizations than almost any other threat
Are Two Bank Breaches Related? (InfoRiskToday) Within the span of just a few days, customers of two public sector banks lost several lakhs of rupees from their accounts to hackers. Security experts say the modus operandi used by the hackers were strikingly similar, with likely ties to one of the world's biggest banking malware variants
Hacking Team hole still unpatched, exploit pop doc claims (Register) 'Phineas Fisher' says embedded device pwnage exposed spyware-for-states firm
Anonymous Launches Dark Web Chat Service (Hack Read) The news was announced on the popular Twitter accounts of the hacktivist group and very soon it was circulating all over social media. The post stated that Deep Web will be hosting Anonymous’ chat service through which the group members will get to strengthen their position. Another important objective that the hackers aim to achieve through this new service is to “arm the current and coming generations of internet activists with education"
CEO targeted by fraud twice a month (CSO) Every couple of weeks or so, Tom Kemp's company gets hit by ever-more-sophisticated attempts to trick them out of large sums of money
A Detailed Look at the CBS Sports App March Madness Data Leak – What Really Happened? (Awful Announcing) Last week’s story of security company Wandera accusing CBS Sports of a March Madness data leak, with CBS strongly denying it and suggesting Wandera was self-promoting, has seen some further interesting developments
Google and Microsoft’s shortened URLs make it easy to spy on people (Naked Security) Shortened URLs are convenient: they’re a whole lot easier to handle than unwieldy strings that email messes up with line breaks when you cut and paste them
A History of SQL Injection (Now With More Pirates) (Duo Security) Attackers can inject SQL commands into an SQL statement via web pages, compromising the security of a web application. The commands can potentially give attackers access to usernames and passwords, or any other kind of data available in a target database
Brits are risking employers' cyber security with illegal downloads (Information Age) New research shows that 59% of UK citizens that use personal devices to access corporate networks are using the same device to access illegal pirate content
Google Finds 800,000 Websites Breached Worldwide (Dark Reading) In the past year, the search engine giant has detected close to 800,000 sites infected with drive-by download malware and other malicious content aimed at nabbing unsuspecting visitors
Cyber criminals shift sights from whole companies to individual employees (Yahoo! Finance) Every day, government agencies and private businesses are under threat from cyber criminals. While that is nothing new two recent industry reports show the tactics being used to attach them have changed, and technology alone is insufficient to stop the threat
The Hiring Shortage Hits Black-Hat Hackers (IBM Security Intelligence) An interesting analysis in Digital Shadows recently spoke about the hiring shortage that has befallen the black-hat hacker community. While most enterprise IT managers are frustrated about getting skilled cybersecurity personnel for their own teams, there are some unexpected benefits, too
Cyber Trends
Cybersecurity checkup: New Ponemon study reveals how healthcare sector is doing (We Live Security) Health information is both super personal and mission critica
Why You Should Be Excited About Future Tech (BizCatalyst360) Sure, robotics, the Internet of Things, data analytics, and other disruptive trends are intimidating, but they will improve our lives
Cloud Stampede Is On, But Who's Watching Security? (Information Week) A survey by Intel and the Cloud Security Alliance finds that the use of cloud services is increasing, but more in-depth security measures are needed
Over 30% of Irish businesses fearful of cyber-attack (NewsTalk) A poll on the subject was run by PriceWaterhouseCooper
Do APAC Security Leaders Hold a Global Advantage? (InfoRisk Today) Forcepoint's Garavello says Asians' grasp of big picture is better
Marketplace
Verizon, wireline unions continue negotiations, but lock horns on healthcare, outsourcing jobs and pensions (FierceTelecom) Representatives from the Communications Workers of America (CWA) and the International Brotherhood of Electrical Workers (IBEW) continued to lock horns with Verizon (NYSE: VZ) management in Philadelphia over the wireline workforce's health care, pension and job security
IBM’s painful transition is far from over (Quartz) IBM announced its quarterly earnings today, and as many analysts expected, the technology giant posted its 16th quarter in a row of falling sales, when compared to the same quarter the year before. IBM’s revenue for the first quarter of the year was $18.7 billion, down about 5% from a year earlier, the company said in a release
8 Cybersecurity Technologies Primed for Commercialization (Washington Business Journal) CACI International Inc. opened the books on its recent acquisition, the $1.1 billion National Security Solutions spinoff of L-3 Communications Corp. (NYSE: LLL). And while the numbers revealed don’t provide a clear picture of what CACI’s size will be when the company reports a full year of earnings NSS, it is the most intimate look at the business to date
From Jerusalem shall come forth cyber-security, says cyber guru (Times of Israel) A planned Jerusalem-based Expert Center aims to help companies make themselves immune from growing threats by hackers
Malwarebytes CEO wants to 'reinvent security' (CRN) Anti-malware vendor's CEO wants to remake the way security software works
FireEye: A Stock To Keep Your Eye On (Seeking Alpha) Being a leader in a solution to a growing problem leaves it with huge upside potential. Unhealthy past finances are taking a turn toward sustainability. Negative earnings have caused investors to oversell
Quick Heal spurts after respite in Manohar Malani case (Business Standard) Quick Heal Technologies jumped 7.44% to Rs 238.30 at 14:55 IST on BSE after the company said the First Class Judicial Magistrate observed that there was nothing on the record to show the accused Manohar Malani ever held any shares of the company
Feds Prep for Cybersecurity Buying Spree (E-Commerce Times) The U.S. government's objectives for improving cybersecurity are taking shape in updated contracting procedures, contracts and projected increases in spending. Several recent developments have underscored the federal commitment to bolstering the protection of IT resources
Navy, Marines issue $26M contract for cyber training (FedScoop) The Navy and Marines are looking for a small business to build a curriculum to train their cyber command teams
Products, Services, and Solutions
Palo Alto Networks working to share threat intelligence (Network World via CSO) Goal is rapid discovery of attacks and creating defenses against them
Unisys Delivers Award-Winning Micro-Segmentation Security on Microsoft Azure (RealWire) Unisys Stealth(cloud)™ to deliver added security at a lower cost to users of Microsoft Azure, a platform used by 85 percent of Fortune 500 companies in 140 countries
Blue Coat Systems Delivers Compliance Options for the Oracle Applications Cloud (Yahoo! Finance) Blue Coat Cloud data protection enables customers to proactively address emerging data protection regulations that can complicate cloud adoption
Nessus Vulnerability Scanner Now Monitors Docker Containers (Techspective) The de facto leader when it comes to vulnerability management is Nessus from Tenable Network Security. The de facto leader when it comes to container ecosystems is Docker. Now you can combine the two because Nessus 6.6 allows you to monitor and protect Docker containers and the container environment
Technologies, Techniques, and Standards
Coping in a 'Code Yellow' World with Threat Intelligence (Infosecurity Magazine) The Cooper Colour Code was a system invented in the 1980s by a former US Marine to classify awareness to danger. Today, Jeff Cooper’s Code is taught to the military, police and private security forces worldwide, with white, yellow, orange and red used to describe four different combat mindsets
Secure fraud-prone new online payments with machine learning, social-network analysis: BAE expert (CSO) The streamlining of international payment systems may have created new opportunities for criminal fraudsters, but one financial-security specialist believes the sector is finding new ways to fight back by using social-media analytics to ferret out fraudulent activity that might otherwise go unnoticed
Insider Threat Remains a Top Concern (InfoRisk Today) India Inc. shares insights, recommendations on insider risks
Design and Innovation
Apple, Facebook, Google, and Microsoft pursue strong security, but differing notions of privacy (Macworld) Giant corporations are now swinging their power in favor of users, but each approach doesn't yield the same outcome
Unclear Sense of Ownership Hurts API Security (IT Business Edge) Application programming interfaces (APIs) are the backbone of the digital world, and as such, API security needs to be tight
Research and Development
MIT AI Researchers Make Breakthrough On Threat Detection (Dark Reading) New artificial intelligence platform offers 3x detection capabilities with 5x fewer false positives
Meet MIT's New Cyber-Attack Detection Tool (PC Magazine) Cyber crime never sleeps, but researchers from MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) and machine-learning start-up PatternEx are working to thwart the next big attack
MIT boffins build AI bot that spots '85 per cent' of hacker invasions (Register) So ... it still lets in more than one in ten attacks
Academia
NSA crowns U.S. Military Academy in 16th cyberdefense exercise (Military Embedded Systems) National Security Agency (NSA) officials announced the U.S. Military Academy at West Point as the winner of the NSA's 16th Annual Cyber Defense Exercise (CDX). NSA's CDX - sponsored by NSA's Information Assurance Directorate (IAD) - challenged service academy teams to protect networks that were designed, built, and configured at their respective schools
Legislation, Policy, and Regulation
A 'big science' approach for Australian cybersecurity research? () Australia's Cyber Security Strategy, to be released this Thursday, will include an emphasis on research and development, as well as education. How might that unfold?
Strategies to Tackle New Age Cybercrime (InfoRiskToday) India needs at least $4 billion in public-private partnership mode by 2019 to address cybercrime-related challenges at individual and organizational levels, estimates a new study by Associated Chambers of Commerce and Industry of India and Mahindra Special Services Group
DoD taking multi-pronged mobility approach (C4ISR & Networks) Security is top priority as the Defense Department continues to embrace mobility, and officials are looking at multiple paths toward an end goal that empowers troops and personnel
Obama Cybersecurity Panel May Not Be Effective (Bloomberg BNA) President Barack Obama's chosen candidates for a new commission may not have the appropriate experience to provide effective recommendations for improving U.S. cybersecurity, an industry insider told Bloomberg BNA
CrowdStrike General Counsel and Chief Risk Officer Appointed to the White House Commission on Enhancing National Cybersecurity (BusinessWire) Steven Chabinsky to work with a panel of renowned experts to bolster the nation’s cybersecurity
Familiar face returns to Cyber Command (FCW) After two years as commanding general of the Army's Intelligence and Security Command, Maj. Gen. George J. Franz III is heading back to Cyber Command, where he will be director of operations, the Pentagon announced
Telangana Plans CyberSec Framework for 2016 (InfoRisk Today) Emphasis on skill development and collaboration to address future threats
Litigation, Investigation, and Law Enforcement
Microsoft cites new EU personal data rules in support of email dispute (IDG via CSO) Microsoft has refused to provide to the U.S. government emails stored in Ireland
Apple rebuts DOJ's appeal in N.Y. meth dealer's iPhone case (Computerworld via CSO) 'Government has utterly failed to ... demonstrate that Apple's assistance is necessary' to crack security, company argues
Bangladesh says 20 foreigners involved in theft from NY Fed (AP) Bangladesh investigators have determined that at least 20 foreigners were involved in the cybertheft of $101 million from the Bangladesh central bank's account in the Federal Reserve Bank of New York, a senior investigator said Monday
Barletta chairs hearing on protecting the U.S. electrical grid (Homeland Preparedness News) The Subcommittee on Economic Development, Public Buildings and Emergency Management, chaired by U.S. Rep. Lou Barletta (R-PA), held a hearing entitled “Blackout! Are We Prepared to Manage the Aftermath of a Cyber-Attack or Other Failure of the Electrical Grid?” on Thursday to examine the potential consequences of a massive cyber attack on the U.S
BlackBerry Won't Confirm or Deny it Gave Encryption Keys to Law Enforcement (Motherboard) Last week, a joint investigation by Motherboard and VICE News revealed that Canada’s federal police are in possession of the “global encryption key” that unlocks every non-corporate BlackBerry user’s encrypted BBM messages. But we didn’t know how they got it
How 'Britain's FBI' hacks into computers to catch criminals and cyber-gangs (International Business Times) In a rare glimpse into the scope of its active surveillance operations, the UK's National Crime Agency (NCA), also dubbed the 'British FBI', has outlined some examples of the computer hacking and snooping techniques it uses to help catch crooks involved in everything from financial cybercrime to sextortion schemes
Risk of Exposing Navy Secrets Could Complicate Edward Lin Prosecution, Former Military Lawyers Say (USNI) Risk of Exposing Navy Secrets Could Complicate Edward Lin Prosecution, Former Military Lawyers Say
9 Years Prison, $1.7 Million Fine For Malicious Insider (Dark Reading) Former IT engineer stung for destructive attack on law firm
