Cyber Attacks, Threats, and Vulnerabilities
Exclusive: Bangladesh Bank hackers compromised SWIFT software, warning to be issued (Reuters via Business Insider) The attackers who stole $81 million from the Bangladesh central bank probably hacked into software from the SWIFT financial platform that is at the heart of the global financial system, said security researchers at British defense contractor BAE Systems
An $80M Bank Hack Has Been Blamed on $10 Routers (Gizmodo) Sometimes it pays to spend. The central bank of Bangladesh has found that out the hard way, as police are blaming its loss of $80m during a hack on crappy $10 routers
Time Is Money: GozNym Launches Redirection Attacks in Poland (IBM Security Intelligence Blog) The GozNym banking malware, a Trojan hybrid discovered by IBM X-Force in early April, isn’t wasting any time. A week after launching an aggressive attack campaign on 24 banks in North America, GozNym’s operators are spreading a new European configuration. On the list this time: corporate, SMB, investment banking and consumer accounts held with major Polish banks; one bank in Portugal; and one American bank
New FAREIT Strain Abuses PowerShell (TrendLabs Security Intelligence Blog) In 2014, we began seeing attacks that abused the Windows PowerShell. Back then, it was uncommon for malware to use this particular feature of Windows. However, there are several good reasons for an attacker to use this particular feature
Hacking Risks Found in US Army's $12 Billion Mobile Network (Newsmax) A $12 billion mobile Internet network that the U.S. Army is using in Iraq, Afghanistan, and Africa has significant cyber-security vulnerabilities that were found in combat testing
Ransomware-as-a-service + Malicious Insiders = Deadly Threat (Imperva) Insiders with RaaSIn our recent research report, we followed the infection chain and operation of CryptoWall 3.0 ransomware, focusing on payments made by victims and how those payments eventually aggregate to a small number of Bitcoin wallets – suggesting a well-organized operation
Ransomware Poses a Rising Threat to Hospital Operations (eWeek) The malware hinders operations and threatens patient care, making health care facilities and medical centers good targets for criminals
Microsoft: Keep Calm But Vigilant About Ransomware (Dark Reading) Though a growing problem, ransomware is still nowhere as prevalent as other threats, Microsoft says
Core Windows Utility Can Be Used to Bypass AppLocker (Threatpost) A core Windows command-line utility, Regsvr32, used to register DLLs to the Windows Registry can be abused to run remote code from the Internet, bypassing whitelisting protections such as Microsoft’s AppLocker
Researcher uses Regsvr32 function to bypass AppLocker (CSO) Regsvr32 is whitelisted, seen as an essential system function
An insider's look at iOS security (Tech republic) Apple's battle with the FBI portrays them as a security hero going to great lengths to protect user privacy, but our beloved iPhones may not be as secure as many believe
Verizon Says Strikers Sabotaging Verizon Network (DSL Reports) Verizon is accusing the company's striking workers of sabotaging the Verizon network. According to Verizon, most of the instances of sabotage have involved intentionally cutting fiber lines in various locations across New York, New Jersey, Massachusetts, and Pennsylvania
Guess what's 'easily hacked'? Yes, that's right: Smart city transport infrastructure (Register) Traffic jams and altered intelligence
Two Castles Run bounces back from cyber attack (Leamington Courier) Preparations for the 4,000-strong annual Two Castles run between Warwick and Kenilworth are well under way
Cyber Trends
Insurers could hold key to managing cyber risks (Business Insurance) Could private industry provide at least a partial answer to one of the United States' most critical national security problems? The answer may well be “yes,” if the problem is cyber security and the industry in question is the insurance industry
Halvorsen: Cyber war is a culture war (Defense Systems) Security experts have often said that the key to cybersecurity is a matter of approach and attitude, an idea Defense Department CIO Terry Halvorsen reiterated this week
Cyberattacks increase against manufacturing, healthcare industries (SC Magazine) A new report that examines the shifting direction of cyberattacks noted attackers turning their attention away from the financial services sector, in favor of attacks against manufacturing and healthcare companies
Lack of Monitoring Weakens Database Security (eSecurity Planet) Nearly 40 percent of companies cannot monitor databases in real time, a survey finds. This poses a threat to database security, says the survey's sponsor
A Million People Now Access Facebook on the 'Dark Web' Every Month (Nextgov) The number of people accessing Facebook via the “Dark Web” now stands at 1 million per month, the tech giant announced April 22
Q&A: Navigating the new cyber security landscape (IT Pro Portal) The cyber security landscape is changing drastically. The growth of new technologies such as drones and the Internet of Things is creating a host of new access points for hackers to target, thereby weakening companies’ defences
Identity and access management still a concern when it comes to breaches (Secure ID News) Identity and access management still a concern when it comes to breaches Enterprises are starting to take precautions to strengthen credentials
4 tech nightmares keeping IT leaders up at night (CIO via CSO) What’s keeping CIOs awake at night? From data breaches to social engineering, there’s plenty to keep tech types tossing and turning
Marketplace
Cybersecurity's big market cap club (CSO) The BVS Cyber Index tracks 29 of the largest cybersecurity companies globally
Nasdaq Welcomes SecureWorks Corp. to The Nasdaq Stock Market (Nasdaq) Nasdaq (Nasdaq:NDAQ) announced that trading of SecureWorks (Nasdaq:SCWX) commenced on The Nasdaq Stock Market on April 22, 2016
Dell SecureWorks, 2016's first tech IPO, fizzles on Wall Street (Reuters) The lackluster market debut of SecureWorks Corp, the cyber unit of Dell Inc, failed to rally the battered technology U.S. IPO market on Friday, a reminder that Wall Street does not welcome cash-burning companies without profits
Dell’s SecureWorks Has Lackluster Trading Debut (New York Times) SecureWorks is the first initial public stock offering of the technology industry this year. That may be the extent of the victory lap for the tech I.P.O. market, at least for now
What Really Happened With SecureWorks' IPO? (AustinInno) Cybersecurity has cooled and venture-backed tech is in a flop sweat
Despite the Recent Wave of Global Terrorism, Verint Has Been Foundering (Haaretz) The security and surveillance firm lost 45% of its stock value in a year, and the departure of company executives and staff layoffs have raised questions about the scope of its problems
Buying the ‘next big thing’ is off BlackBerry’s agenda, as company halts acquisition spending spree (Computer Business Review) C-level briefing: President of Global Sales Carl Wiese says that the company has a complete portfolio and doesn't need any more companies
Elixirr strikes partnership with cyber security firm CyberInt (Consultancy) Consulting firm Elixirr has agreed a strategic partnership with CyberInt, an Israeli cyber security firm. The move allows Elixirr to leverage CyberInt’s software to help organisations identify external vulnerabilities in their digital frontier, while for CyberInt, the deal sees it expand its client base
Blue Cube Security's sales top £12m (CRN) West Sussex-based security VAR doubles best-ever revenue tally but says sales with established vendors such as RSA are down
Pwnie Express CEO Riding Ahead Into the Enterprise (eSecurity Planet) Paul Paget, CEO of Pwnie Express, discusses how his company is evolving to meet the next generation of threats and what is driving the business forward
Exostar Gets Commitment From 4 Defense Contractors for Updated Risk Mgmt Service (GovConWire) Exostar has said BAE Systems, Boeing (NYSE: BA), Lockheed Martin (NYSE: LMT) and Raytheon (NYSE: RTN) have committed to deploy its updated risk management service for defense contractors
Products, Services, and Solutions
Cylance® Wins Edison Award for Innovative Security Solution (PRNewswire) CylancePROTECT® honored for groundbreaking artificial intelligence approach to endpoint security
Legal Tech Roundup: Pillsbury Announces Partnership with Mandiant FireEye (Bloomberg BNA) Pillsbury Winthrop Shaw Pittman announced this week it will begin recommending that its clients hire cybersecurity company FireEye to conduct a risk assessment as part of the due diligence phase of a merger
Bitglass Wins Cybersecurity Excellence Award for Best Cloud Security Product (Marketwired) Bitglass, the Total Data Protection company, today announced that its cloud solution has won Best Cloud Security Product of 2016 in the Cybersecurity Excellence Awards
Fortinet Debuts New Secure Fabric (Enterprise Networking Planet) New update to firmware operating system, and new hardware announced
Technologies, Techniques, and Standards
The Problem With Patching: 7 Top Complaints (Dark Reading) Is your security team suffering from patching fatigue? Check out these tips and eliminate critical vulnerabilities in your IT environment
5 Features to Look For In A Next-Generation Firewall (Dark Reading) When it comes to NGFWs, it's the integration that counts
Divurgent and Sensato put together new medical device cybersecurity task force (Med City News) Sensato and consulting firm Divurgent have formed a new medical device cybersecurity task force. The goal is to develop best practices for healthcare organizations and device manufacturers
Threat intelligence overload (CSO) Getting through the obstacle of the big data problem
Be Prepared: How Proactivity Improves Cybersecurity Defense (Dark Reading) These five strategies will help you achieve a state of readiness in a landscape of unpredictable risk
10 Tips for Securing Your SAP Implementation (Dark Reading) Without clear ownership of security for a critical business platform like SAP, it should come as no surprise that SAP cybersecurity continues to fall through the cracks among IT, admin, security and InfoSec teams
The Facebook hacker who caught a Facebook hacker… (Naked Security) Here’s a fascinating story about a hacker who caught a hacker
How to protect your Apple ID account against hackers (Graham Cluley) Keep password-pinchers out of your Apple account with two-step verification
Ask the expert: cyber security should be top of mind for small businesses (Stuff) OPINION Q: I've been reading a lot about cyber security threats to SMEs. What are some of the most common threats to SMEs and what trends do you expect to see emerging over the next year?
Design and Innovation
Perhaps there is a cyber-point to this innovation claptrap (ZDNet) Rather than parrot out silly soundbites relentlessly, it's possible that if focused at the correct area, we could see something material from the innovation chatter
How IoT security can benefit from machine learning (TechCrunch) Computers and mobile devices running rich operating systems have a plethora of security solutions and encryption protocols that can protect them against the multitude of threats they face as soon as they become connected to the Internet. Such is not the case with IoT
Is Hybrid AI the future of cyber-security? (SC Magazine) The future of cyber-security looks part human and part machine, according to MIT's Computer Science and Artificial Intelligence Laboratory but what does the broader industry think?
Tay the Microsoft bot easy prey for humanity’s drivel (Irish Times) ‘Mark Zuckerberg, for one, has promised/threatened a new generation of chatbots operating inside the Facebook Messenger app’
Skull echoes can be a password to protect facehugger computers (Naked Security) Ahh, biometrics. In the race to replace the password, that sadly inadequate Eeyore of the authentication world, is there any part of the body that hasn’t been poked at?
Research and Development
GrammaTech Selected by DOD and DHS for Five New Cybersecurity Projects (IT News Online) GrammaTech, a leading provider of software assurance, hardening, and cyber-security solutions, has been selected by the US Government to receive five research contracts that will advance techniques and technologies in static analysis and software protection
Academia
University of Central Florida becomes winningest National Collegiate Cyber Defense champion (PRNewswire) Student team wins cybersecurity competition three years running
The Keystrokes to Victory (Raytheon) Five pro tips on winning a hacker contest
DSC awarded cybersecurity designation; Stetson honor society inducts new members (Daytona Beach New-Journal) Daytona State College is Florida’s first state college to have been deemed a National Center of Academic Excellence in Cyber Defense Education
MIT Launches Experimental Bug Bounty Program (Threatpost) The effectiveness of bug bounty programs is difficult to deny, especially after adoption of one at Uber, which announced last month it would begin paying $10,000 for critical bugs, and the Department of Defense, whose Hack the Pentagon illustrates the government’s softening stance on hackers
Legislation, Policy, and Regulation
ISIS Targeted by Cyberattacks in a New U.S. Line of Combat (New York Times) The United States has opened a new line of combat against the Islamic State, directing the military’s six-year-old Cyber Command for the first time to mount computer-network attacks that are now being used alongside more traditional weapons
Australia still doesn’t see a cyber attack as the menace our allies fear (The Conversation) Though mature and nuanced, the cyber security strategy delivered by Prime Minister Malcolm Turnbull last week matches neither the spending plan or the language of our closest cyber allies
On the Brink of Cyber War? Moscow, Washington Meet Quietly in Geneva (Sputnik News) Years ago the Stuxnet virus showed the possibility of anonymous “kinetic” attacks in the cyber arena, leading many military and defense analysts to worry that World War III may be carried out with a keyboard
Intelligence and the Cyber Domain: A Canadian Perspective (The CyberWire) The Honorable Harjit Singh Sajjan, Canada's Minister of National Defense, spoke with the CyberWire shortly after he addressed SINET's ITSEF 2016. He shared his perspective on intelligence and the cyber domain, to which he brings the distinctive experience of both a military intelligence officer and a police detective who specialized in gang crime investigations. He emphasized the prime imperative of developing actionable intelligence: delivering it quickly to those on the ground who can take action
Questions In Belgium Over Security Do Little To Sway Minds Over Surveillance (NPR) Since police video revealed suspects in the Brussels airport bombing walking calmly through the city, debate's raged over security in Belgium — but there's been little about its surveillance system
Congress to US spy chief: Tell us how many Americans were ensnared by PRISM (ZDNet) The executive branch was hoping that Congress would reauthorize a number of surveillance programs without asking too many questions. Well, think again
On Encryption Battle, Apple Has Advocates in Ex-National Security Officials (New York Times) In their years together as top national security officials, Michael V. Hayden and Michael Chertoff were fierce advocates of using the government’s spying powers to pry into sensitive intelligence data
Industry Cooperation, Cybersecurity Driving DISA Success (SIGNAL) The military information agency turns toward the private sector to solve its biggest challenges
Is the Pentagon's Innovation Unit Too Cozy with Silicon Valley? (Nextgov) House lawmakers are worried the Defense Department’s new innovation unit is too Silicon Valley centric
Bye Bye QDR; Hello Stand-Alone Cyber Command: HASC Markup (Breaking Defense) The Quadrennial Defense Review is dead. Long live a unified combatant command known as Cyber Command
DOD officials push back on civil cyber support critiques (GCN) Pentagon officials pushed back Friday against criticisms levied against the Defense Department for the lack of clarity in its chain of command for domestic cyberattacks. “We know how to do it; we’re making sure that in the event that it happens we’re ready to execute,” Deputy Commander of Cyber Command Lt. Gen. James “Kevin” McLaughlin said
FDA's cyber guidance gets key congressman's support (FCW) The Food and Drug Administration's proposed cybersecurity guidance for medical device manufacturers was open for public feedback through April 21
Military Needs to Increase Cyber Collaboration (SIGNAL) The commitment is there, but the arena has become more complicated
Litigation, Investigation, and Law Enforcement
US no longer requires Apple's help to crack iPhone in New York case (IDG via CSO) The government said "an individual" had given it the passcode to the phone
Sources Doubt Anonymous Gray Hats Cracked San Bernardino Shooter's Phone. So Who Did? (Fast Company) The FBI has contracted with the SunCorp subsidiary for $338,581 in gear and services since the December 2 San Bernardino attack
Experts Weigh-In Over FBI $1.3 Million iPhone Zero-Day Payout (Threatpost) Was the Federal Bureau of Investigation justified in paying over $1.3 million for a hacking tool that opened the iPhone 5c of the San Bernardino shooter? For some in the security community the answer is a resounding yes. For others, the answer is not so clear-cut
The FBI probably didn’t overpay for that iPhone hack (Quartz) The US Federal Bureau of Investigation reportedly paid more than $1.3 million for the hack it used to access the San Bernardino iPhone–and that’s probably about right
Cyber ruling opens door to CGL claims () Records 'published' without being viewed
Chinese firm at center of cyber fears (Washington Post via Astro Awani ) Ever since Chinese computer maker Lenovo spent billions of dollars to acquire IBM's personal-computer and server businesses, some lawmakers have called on federal agencies to stop using the company's equipment out of concerns over Chinese spying
China Punishes Apple by Shutting Down iTunes and Movies (Breitbart) Despite years of Apple Inc. succeeding in gaining huge market share by apparently granting China state security authorities “backdoors” into its product encryption, communist regulators shut down Apple’s iBook Store and iTunes on April 22