Cyber Attacks, Threats, and Vulnerabilities
Pro-ISIS hackers: Tactics, methodology and tools (Help Net Security) While the threat that emanates from ISIS-inspired cyber attacks is of high concern, especially in light of the formation of a new United Cyber Caliphate composed of previously disparate pro-ISIS hacking collectives, these hacking groups still operate unofficially and remain poorly organized and are likely underfunded, according to Flashpoint
ISIS cyberattack capabilities are unorganized, underfunded -- for now (IDG via CSO) Pro-ISIS hackers are largely unsophisticated, but they are looking for experts, Flashpoint says
ISIS hacking groups merge as United Cyber Caliphate, but don’t worry too much (Digital Trends via Yahoo! Tech) ISIS is organizing its cyber efforts, and might move on from amateur attacks to serious recruitment of black hat hackers
ISIS and the ‘Loser Effect’ (Atlantic) Could the Islamic State's recent failures signal its demise?
Pentagon Working to 'Take Out' Islamic State's Internet (Agence France Presse via SecurityWeek) The US military's secretive Cyber Command (CYBERCOM) is working to destroy the Islamic State group's Internet connections and leave the jihadists in a state of "virtual isolation," Pentagon chiefs said Thursday
ISIS reveals how Jihadi John evaded security en route from UK to Syria (Fox News) ISIS executioner Jihadi John easily dodged British authorities, riding in the back of a truck to exit the UK before boarding a flight in Belgium -- despite being on a terror watch list -- according to a chilling account by a jihadist who traveled with him through six countries before reaching Syria
Panama Papers: Soon searchable by everyone thanks to the cloud (Computerwoche CSO) How did journalists organize and analyze 2.6 terabytes of data?
Cisco Finds Backdoor Installed on 12 Million PCs (SecurityWeek) UPDATED. Cisco’s Talos security intelligence and research group has come across a piece of software that installed backdoors on 12 million computers around the world. The software, which exhibits adware and spyware capabilities, was developed by a French online advertising company called Tuto4PC
The "Wizzards" of Adware (Talos Blog) Talos posted a blog, September 2015, which aimed to identify how often seemingly benign software can be rightly condemned for being a piece of malware. With this in mind, this blog presents an interesting piece of “software” which we felt deserved additional information disclosure. This software exhibits several questionable behaviors including
Google Play infested with cash-stealing web apps (Register) Simple HTML scams look to be sneaking through the app inspection process
Android infostealer posing as a fake Google Chrome update (Zscaler) Our research team has recently seen a large amount of activity in our cloud related to an Android infostealer disguised as a Google Chrome update
Waze Navigation App Vulnerable, Allow Hackers to Spy on Users (HackRead) Waze is a well-known and widely used navigation app developed and owned by Google. It is in use by literally million of drivers because it helps in identifying the most appropriate, safe and fastest route to any destination. However, according to the latest research by the University of California-Santa Barbara people relying upon this app for navigational purposes might be at the risk of being stalked by malicious actors
Slack API Credentials Left in GitHub Repos Open New Door for Corporate Hacking (Softpedia) Careless developers from companies around the world have forgotten to remove sensitive API access tokens from Slack bots uploaded on GitHub, security researchers from Detectify Labs reported today
Slack bot developers were unwittingly leaking sensitive corporate data (Quartz) Developers at major businesses who build apps for the instant-messaging platform Slack have unwittingly exposed key information like chat logs, direct messages, and passwords by recklessly sharing their programs in public
Slack bot token leakage exposing business critical information (Detectify Labs) TL;DR, Developers are leaking access tokens for Slack widely on GitHub, in public repositories, support tickets and public gists. They are extremely easy to find due to their structure. It is clear that the knowledge about what these tokens can be used for with malicious intent is not on top of people’s minds…yet. The Detectify team shows the impact, with examples, and explains how this could be prevented
Ransomware is everywhere, but even black hats make mistakes (We Live Security) Ransomware is everywhere. At least that might be the impression left by a seemingly endless stream of news reports on recent cyberattacks. Well, there were several (good) reasons why criminals have made it all the way to the front page
Spike in ransomware attacks as malicious code spreads (Charity Digital News) Security firm ESET has revealed that ransomware accounted for a quarter of the threats aimed at UK computer users over the past week
IT Security Firm ESET Issues New Survey Revealing Public's Knowledge and Attitudes About Ransomware (PRNewswire) ESET®, a global pioneer in IT security for more than two decades, released findings from a survey today that illustrates attitudes and knowledge individuals have about ransomware, a proliferating malicious software that holds files hostage until a ransom is paid
Encrypted Network Traffic Comes at a Cost (SecurityWeek) The use of encryption over the Internet is growing. Fueled by Edward Snowden's revelations on the extent of NSA and GCHQ content monitoring, encryption is now increasingly provided by the big tech companies as part of their standard product offerings. It's effectiveness can be seen in the continuing demands by different governments for these same tech companies to provide government backdoors for that encryption. Encryption works: it safeguards privacy
Vulnerability in Java Reflection Library Still Present after 30 Months (InfoQ) In 2013, security organization Security Explorations discovered a security vulnerability in Java 7u25 by which an attacker could completely escape the Java sandbox. Oracle released a patch in update 7u40, but as Security Explorations announced earlier this year, the patch only addressed the proof of concept, and a simple code modification still exposes the vulnerability. Oracle has released three new versions of Java since the vulnerability was rediscovered, but none have addressed the issue, and subsequent investigation has revealed that the vulnerability is even more severe than initially reported
Dental Assn Mails Malware to Members (KrebsOnSecurity) The American Dental Association (ADA) says it may have inadvertently mailed malware-laced USB thumb drives to thousands of dental offices nationwide
Understanding EdgeHTML’s Attack Surface and Exploit Mitigations (IBM Security Intelligence) EdgeHTML is the rendering engine of the Edge browser in Windows 10. It is a fork of the MSHTML/Trident rendering engine currently used in Internet Explorer. The forking was done to support modern Web standards and remove legacy code
What the Tech: Cybercrime Black Market (Texoma's Homepage) The place hackers go to buy stolen information is slashing prices
IBM researcher: 'Mobile malware marketplace' is heating up (FierceWireless) But just how big a threat that is to U.S. consumers is still unclear
Security pros concerned about Facebook payment expansion (CSO) Experts have concerns about Facebook's move to allow retail payments
Security Patches, Mitigations, and Software Updates
Finance bods SWIFT to update after Bangladesh hack (Register) But infosec folk say full revamp needed
NTP-4.2.8p7 (NTP Support) NTP-4.2.8p7 was released on 26 April 2016. It addresses 11 low- and medium-severity security issues, 16 bugfixes, and contains other improvements over 4.2.8p6. NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38
Cyber Trends
Verizon’s 2016 Data Breach Investigations Report finds cybercriminals are exploiting human nature (Verizon) Cybercriminals are continuing to exploit human nature as they rely on familiar attack patterns such as phishing, and increase their reliance on ransomware, where data is encrypted and a ransom is demanded, finds the Verizon 2016 Data Breach Investigations Report
Data Breaches Aren’t Just an IT Issue (Harvard Business Review) You don’t see it coming. You don’t know who’s behind it. And you probably won’t even know you’ve been affected until it’s too late to prevent significant damage to your company’s finances, operations, and reputation
The Morning After: What Happens to Data Post Breach? (Dark Reading) We need consumers and businesses to not simply shrug off data breaches but to take active measures to protect their data. We are hopeful that new insights will provide a compelling answer to the question "So what?"
Building a Resilient Cyber Ecosystem to Combat Threats (InfoRisk Today) TCS' Singh on coping with the changing threat landscape
1 in 10 people have posed as someone else online (Help Net Security) Our need for ease and convenience is putting our digital identities and security at risk. A new BehavioSec report finds that 37% of us have shared our personal security data with a friend or partner. Of this group, 87% said that they trust the recipient with this information
Government Cybersecurity Performance, Confidence Bottoms Out (Dark Reading) In the wake of OPM and other big gov breaches, government cybersecurity performance scores and employee confidence ratings sink through the floor
10 Newsmakers Who Shaped Security In the Past Decade (Dark Reading) In celebration of Dark Reading's 10th anniversary, we profile ten people whose actions influenced and shaped the trajectory of the industry - for better or for worse -- in the past ten years
Latin America: The New Frontier for Cyber Attacks (Cipher Brief) Latin America and the Caribbean (LAC) is the new frontier for cyber attacks, a crime that costs the world up to $575 billion a year, according to a joint study by the Center for Strategic Studies and McAfee. In LAC alone, the cost is estimated at about $90 billion per year
Marketplace
BlackBerry's Turnaround CEO Dials Up Cybersecurity, And It Answers (Forbes) BlackBerry executive chairman and CEO John Chen took a battered smartphone brand and turned it into a hot and innovative cybersecurity company
Symantec Slashes Quarterly Guidance; CEO to Step Down (Wall Street Journal) Ajei Gopal named interim president, operating chief
Symantec CEO Mike Brown ousted after nasty numbers (Register) Board says with Veritas gone, its time for pure-play security CEO
Gigamon Reports First Quarter 2016 Financial Results (PRNewswire) Record revenue delivers 43% year-over-year growth. Results driven by strong demand for both Security and Mobility solutions
Evident.io Secures $15.7 Million in Series B Funding (MarketWired) Venrock leads the round; Doug Dooley joins board; Jeff Williams leads sale
Ridge Global and OptioLabs Partner to Offer Effective Cybersecurity Products and Solutions (OptioLabs) Tom Ridge, first U.S. Secretary of Homeland Security and former Governor of Pennsylvania joins OptioLabs Board of Advisors
Products, Services, and Solutions
Cylance shows first ever live ransomware prevention demo (ETCIO) Ransomware is one of 2016’s most challenging cyber threats and Cylance is demonstrating its anti-ransomware capabilities during the tour
Trend Micro Rated “Best Antivirus Software” by AV-TEST Institute (TechTree) Trend Micro Internet Security 2016 receives Top Product Certificate from AV-TEST Institute
Intelligent automation systems spark Accenture, Splunk pact (TechTarget) Accenture, a global professional services firm, has entered a formal alliance with Splunk to tap the company's operational intelligence products and services
MSPAlliance Names RapidFire Tools Best MSP Solution in the MSPWorld Cup Awards, Recognizing Its Support for the MSP Model (MarketWired) Network Detective Is acknowledged for its ability to help MSPs gain revenues and grow business through effective IT assessments & reporting
IBM MaaS360 bets big in revamp to “massively reimagine EMM” (Apps Tech News) Enterprise mobility management (EMM) provider IBM MaaS360 has announced a revamp of its productivity apps, enabling users to switch seamlessly between email, calendar and documents among others
Palo Alto Networks Named A Leader In Automated Malware Analysis Report (PRNewswire) Palo Alto Networks® (NYSE: PANW), the next-generation security company, today announced that its WildFire™ offering was recognized by Forrester® Research as a leader among automated malware analysis providers
Fortinet unveils 'security fabric' for distributed security in an IoT world (ChannelLife) Fortinet has unveiled its security fabric, which it says will arm global enterprises with pervasive, adaptive cybersecurity from IoT to cloud networks
Varonis to Stifle Ransomware With New Threat Models (Cybersecurity Investing News) Varonis Systems, Inc. (NASDAQ:VRNS), a leading provider of software solutions that protect data from insider threats and cyberattacks, today announced the beta availability of more than 20 new threat models and enhanced discovery capabilities from its behavior research laboratory, allowing organizations to analyze and detect attacks, insider threats, breaches and new variants of ransomware before damage can be inflicted
Microsoft's Azure ML cloud-based machine learning gets security and privacy certifications (V3) Microsoft has declared that its Azure ML service for predictive analytics with machine learning has achieved certification for security and privacy standards including ISO 27001 and the EU Model Clauses, a move designed to reassure potential enterprise users that their data will be safe
Technologies, Techniques, and Standards
Securing NPCI's Unified Payment Service Against Online Fraud (InfoRisk Today) Banking CISOs have a huge task ahead in ensuring seamless secure transactions
How to Distinguish Between Advanced and Garden-Variety Attacks (Recorded Future) The following interview is with Christopher Pierson and is from our Threat Intelligence Thought Leadership Series. Christopher is currently EVP, Chief Security Officer and General Counsel for Viewpost
How To Stay Secure At The Hotel On A Business Trip (Dark Reading) As POS malware attacks on hotels increase and threat actors target executives, traveling for business puts company data at risk
6 Reasons ISPs Must Step Up Defenses Against DDoS Attacks (Dark Reading) Conducting a DDoS attack used to require a significant amount of talent. But today, a high school student with basic hacking skills can access tools that will challenge even the most experienced ISP security teams
Design and Innovation
The Security Industry Needs Its John Snow (Digital Guardian) The recently released Verizon Data Breach Investigations Report (DBIR) is one of our best sources of information on breaches and other malicious activity – it is also woefully inadequate to the task
Research and Development
Computer Scientist Earns Prestigious ACM Award for Encryption Achievement (College of Natural Sciences, University of Texas at Austin) Brent Waters of The University of Texas at Austin has been selected to receive the Grace Murray Hopper Award from the Association for Computing Machinery (ACM). This award recognizes the outstanding young computer professional of the year for a recent major technical or service contribution that was made at 35 years of age or less
NIST Kicks Off Effort to Defend Encrypted Data from Quantum Computer Threat (Imperial Valley News) If an exotic quantum computer is invented that could break the codes we depend on to protect confidential electronic information, what will we do to maintain our security and privacy? That's the overarching question posed by a new report from the National Institute of Standards and Technology (NIST), whose cryptography specialists are beginning the long journey toward effective answers
Why quantum cryptography could be a one-way street (Physics World) A curious type of nonlocal phenomenon known as one-way quantum steering has been demonstrated experimentally for the first time by two independent groups of physicists. This phenomenon is similar to quantum entanglement but applies when one of the two parties sharing a quantum state does not trust the source of quantum particles. The researchers say their work could help to broaden applications of quantum cryptography
Academia
NSA lauds The Citadel for cybersecurity training (Post and Courier) As a computer science intern at the Department of Homeland Security this spring, Citadel junior cadet Anthony Zovich said he helped make a little tweak that solved a big problem
AFA's CyberPatriot Names Lee's Summit R-7 School District CyberPatriot Center of Excellence (PRNewswire) The Air Force Association's CyberPatriot program has announced Lee's Summit R-7 School District as its eighth CyberPatriot Center of Excellence
Sandia National Laboratory looks for the next cyber warriors (KRQE News 13) Terrorism comes in many forms, one of the most destructive can be in the form of a cyber attack. Sandia National Laboratories in Albuquerque deals with those types of attacks all the time. They’re looking for the next generation of brilliant minds to protect computers, right here in New Mexico
Legislation, Policy, and Regulation
India has tremendous scope to enhance its cybersecurity readiness (Tech2) Leaders of the world today have an additional challenge to worry about – cybersecurity. With cyber attacks getting bigger, stronger and smarter, no country can afford to ignore this looming threat
IAITAM: U.S. Companies Need to Gear Up Now for New EU Data Privacy Regulations (International Association of Information Technology Asset Managers) Thousands of American companies that do business in Europe directly or online with European customers will need to start reckoning with data privacy regulations enacted this month by the European Union (EU) that are due to go into full effect in just two years, according to the International Association of Information Technology Asset Managers, Inc. (IAITAM)
Top 10 operational impacts of the GDPR (International Association of Privacy Professionals) The new General Data Protection Regulation (GDPR), put forth by the European Commission in 2012 and finally generally agreed upon by the European Parliament and Council in December, is set to replace the Data Protection Directive 95/46/ec. Although many companies have already adopted privacy processes and procedures consistent with the Directive, the GDPR contains a number of new protections for EU data subjects and threatens significant fines and penalties for non-compliant data controllers and processors once it comes into force in the spring of 2018. In this 10-part series, the IAPP outlines specific provisions of the regulation
EU National Data Protection Regulators Raise Privacy Shield Concerns (Squire Patton Blogs) The Article 29 Working Party (WP29) has delivered a non-binding opinion on the EU-U.S. Privacy Shield which, though critical of the proposed package, leaves open the possibility that a version of the proposed framework will be blessed by the EU Commission
Councils must prepare cyber security strategies in face of growing attack threats (Public Sector Executive) Hackers will be increasingly likely to target local government, who needs to be involved in preparing national cyber security strategies, Socitm has warned in a new policy briefing
Dem rallies opposition to new fed hacking powers (The Hill) A key senator is trying to block the Justice Department's request to expand its remote hacking powers, after the Supreme Court signed off on the proposal Thursday
Defense authorization bill would elevate Cyber Command (The Hill) A defense authorization bill that cleared a House committee early Thursday would elevate U.S. Cyber Command and launch a review into whether the agency should still be run by the National Security Agency (NSA) head
Long and Matsui Introduce Bipartisan Solution to Improve HHS Cybersecurity (US House of Representatives Energy and Commerce Committee) Legislation empowering top HHS cybersecurity officer follows Committee investigation on agency’s cyber breaches
Senate committee leaders ask OMB to update 15-year-old cyber policy (SC Magazine) In a letter to the Office of Management and Budget (OMB), Senate Homeland Security Committee Chairman Ron Johnson (R-Wis.) and ranking member Sen. Tom Carper (D-Del.) asked the agency's director Shaun Donovan to complete changes to a privacy and cyber policy framework. The current framework, called Circular A-130, which has not been updated in 15 years, has slowed federal agencies from responding effectively to cyber threats, the lawmakers said
The NSA has no idea how many Americans it’s spying on (Quartz) The National Security Agency (NSA) is watching the electronic communications of hundreds of millions people, allegedly to find foreign threats. But before Congress reauthorizes laws allowing this, it has a question: How many Americans are caught up in the government’s digital dragnets?
Litigation, Investigation, and Law Enforcement
Gamekeeper turns poacher? The ex-Tor developer who unmasked Tor users for the FBI (Naked Security) We feel a bit sorry for Matt Edman at the moment. He’s a computer scientist and security researcher currently working in the private sector
Former Tor developer created malware for the FBI to hack Tor users (Daily Dot) How does the U.S. government beat Tor, the anonymity software used by millions of people around the world? By hiring someone with experience on the inside
3 Tied to San Bernardino Gunman Are Indicted (New York Times) The investigation into the San Bernardino massacre produced criminal charges on Thursday against the brother of one of the attackers and two other people — not for contributing to the mass shooting, but for their roles in a sham marriage designed to skirt immigration laws
Arrested brother of San Bernardino shooter is decorated Navy veteran (Los Angeles Times) Syed Raheel Farook, a Navy veteran and brother of San Bernardino shooter Syed Rizwan Farook; along with his wife, Tatiana Farook; and her sister Mariya Chernykh were arrested Thursday and charged in a five-count indictment that focuses on allegations of a fraudulent marriage
Three More People Charged With Terrorism Offenses in Britain (Wall Street Journal) Suspects detained in investigation with French and Belgian authorities into possible U.K. links to recent Paris, Brussels attacks
Belgian police knew since 2014 that Abdeslam brothers planned ‘irreversible act’ (Politico) Damning report into Belgian response to Paris attacks shows sloppiness and lack of resources
Global Impact: China's ZTE Added to BIS Entity List but Granted Temporary Export License (Lexology) On March 8, 2016, the United States Commerce Department's Bureau of Industry and Security (BIS) published a notice in the Federal Register announcing that China's ZTE Corporation (ZTE), along with three of its affiliates, were added to the Entity List for attempting to circumvent US export control laws and reexporting US origin items to Iran in violation of US law
Estonian man gets over 7 years in prison for role in global DNS hijacking botnet (IDG via CSO) Vladimir Tsastsin was one of seven individuals behind a $14 million click fraud operation that used the DNSChanger botnet
Child porn suspect jailed indefinitely for refusing to decrypt hard drives (Ars Technica) Man to remain locked up "until such time that he fully complies" with court order
Cop Exploited iPhone App to Secretly Watch Mom Breastfeeding (HackRead) Baby monitors have been in trouble lately and this new incident has re-established the fact that one needs to be very careful while using these devices. — In the latest occurring, a cop has been accused of virtually sneaking into the private moments of a mother and her infant while she was busy breastfeeding her newborn