Cyber Attacks, Threats, and Vulnerabilities
ISIS-linked hackers claim to release personal information of U.S. drone pilots (Air Force Times) Islamic State-linked hackers threatened the U.S. military once again by releasing photographs and addresses of drone pilots linked to the takedown of their members
The Cyber Threat: Cybercom’s War on ISIS (Washington Free Beacon) Cyber attacks targets command and control, finances
Anonymous Target Bank of Greece Website with Massive DDoS Attack (HackRead) The online hacktivist Anonymous recently relaunched operation OpIcarus directed towards banking sector in Europe and the United States — The first bank coming under the fire is the Bank of Greece who had their website under a series of distributed denial-of-service attacks (DDoS) forcing the servers to remain offline for more than 6 hours
Secure Web Gateways Fail to Prevent Malicious Attacks (eWeek) Of 200 billion total communications observed by Seculert, nearly five million attempted malicious outbound communications were from infected devices
Ransomware Spikes, Tries New Tricks (Dark Reading) Ransomware authors constantly upping their game, techniques, to stay ahead of security researchers
Roughly a quarter of UK cyber-attacks originate from ransomware (SC Magazine) Ransomware accounts for around a quarter of cyber-threats targeting internet users in the UK. According to research from ESET's LiveGrid, ransomware accounted for a third of threats that targeted UK computers during the third week of April
Investigation ongoing one week after BWL cyber attack (WLNS) On Monday the Lansing Board of Water and Light announced that their main customer phone line is back in service
Security tips after Better Business Bureau hit by cyber attack (KHON 2) A cyber attack that can cause headaches for Internet users and website owners has claimed the Better Business Bureau as a victim
Comment fonctionnent les Kits d’exploitation? (Global Security Mag) Ces dernières années, nous avons observé une augmentation massive de l’utilisation des kits d’exploitation de vulnérabilités. Aucun site web n’est de taille face à la puissance d’un grand nombre de ces kits, à l’image de celui d’un célèbre quotidien britannique, notoirement victime d’une campagne de publicité malveillante exposant des millions de lecteurs au ransomware CryptoWall
Researchers Hack Samsung's SmartThings Platform (CIO Today) Researchers at the University of Michigan have discovered multiple security flaws in Samsung’s SmartThings Internet of Things consumer platform, allowing them to hack into the platform's automation system and gain control over a user’s home system. The discovery casts significant doubt on the ability of IoT software to expand into broader markets where companies are more concerned security issues
Samsung Smart Home flaws let hackers make keys to front door (Ars Technica) Don't rely on SmartThings for anything security related, researchers warn
Why firewalls don’t cut it when protecting critical infrastructure (Defense Systems) Andrew Ginter is vice president of industrial security at Waterfall Security Solutions, a Tel Aviv-based company that since about 2008 has been installing its SCADA (Supervisory Control and Data Acquisition) Monitoring Enablers and Unidirectional Gateways in critical infrastructure systems such as Canada's New Brunswick Power
What would a cyber attack mean to control system recovery – is extended manual operation possible (Control) The prevailing view of SCADA/control system recovery following a cyber event/attack is having a valid stored image of the HMI will assure system integrity and result in a fairly quick turnaround (at most a few days). However, that notion needs to face reality which is entirely different
The Hidden Flaws Of Commercial Applications (Dark Reading) Open source components in commercial applications are more plentiful than organizations think -- and they're full of long-standing vulnerabilities
When security isn’t so SWIFT (CSO) There are times where I sit quietly in dumbfounded amazement at the world. When you’ve been working in the information security space for a couple decades one would think that you’ve seen it all. This has proven itself time and again as not the case
Election fraud feared as hackers target voter records (The Hill) A series of data breaches overseas are spurring concerns that hackers could manipulate elections in the United States
Alpha Payroll fires employee victimized by W-2 Phishing scam (CSO) BEC attack compromised all of the 2015 W-2 records produced by the firm for their clients
Facial recognition used to strip sex workers of anonymity (Naked Security) Need more reason to fear the privacy invasion of facial recognition? Here’s one, by way of Russia
10 Biggest Mega Breaches Of The Past 10 Years (Dark Reading) These data breaches from Dark Reading's 10-year history boggle the mind in terms of scale and fallout
Security Patches, Mitigations, and Software Updates
Google Patches More Trouble in Mediaserver (Threatpost) Google has re-branded its monthly patch release, bringing a new name and new scope to the newly renamed Android Security Bulletin. While that may be new, the content is definitely familiar
Microsoft to begin SHA-1 crypto shutoff with Windows 10's summer upgrade (Computerworld via CSO) IE11 and Edge will drop lock icon this summer, block access to sites by Feb. 14, 2017
Cyber Trends
Threat Watch: The Top 10 Hacking Techniques for 2015 (Samsung Insights) Every year, WhiteHat Security coordinates the development of the Top 10 Web Hacking Techniques list. Now in its tenth year, this year’s list was compiled from 39 submissions discovered during the year and published via papers, blogs or articles, or presented at conferences
Global Threat Intelligence report ahead of Government Cyber Security Summit (Stuff) A Wellington IT security agency report has found the retail sector had the highset number of cyber attacks last year and is warning businesses and consumers to be vigilant as global cybercrime becomes more sophisticated
Report: Third parties increasingly pose data security risk (CIO Dive) A report released Monday by the Ponemon Institute found that the risk associated with third party data sharing is growing, but the C-Suite is not adequately prioritizing the issue
ThreatMetrix Uncovers $14.9 Billion Yearly Loss Due to Consumer Friction and Fraud Attrition (Benzinga) Q1 2016 research study by First Annapolis quantifies economic impact and identifies actions to prevent friction and fraud across digital banking and commerce channels
Online Transaction Fraud to More than Double to $25bn by 2020, Finds Juniper Research (Juniper Research) Greater ‘card present’ security sees fraud activity switch to e-retail
Why Internet of Things matters (SC Magazine) Much like cloud, Big Data and mobility trends before it, the emerging Internet of Things (IoT) presents an amorphous concept. And as you'd expect in a promising yet loosely defined segment, marketers see opportunity, while security professionals get saddled with identifying murky threats and protecting against them
Blog: Connectivity Mayhem: Ensuring Data Security in an IoT World (SIGNAL) In World War I, the U.S. Army used lumbering GMC trucks for the first time in combat—revolutionary for its time. Today, these vehicles would be considered slow, cumbersome and archaic in comparison to today's fast, powerful and, most of all, constantly connected warfighting machines
Converged Security The Next Big Thing For CISOs (CXO Today) With more and more connected devices coming into play, security concerns are increasing
The Rise of Threat Intelligence Gateways (Network World) Network appliances designed to automatically block known threats, mitigate risk, and streamline security operations
Verizon Breach Report: Lessons for Asia (Inforisk Today) Ashish Thapar provides breach prevention insights
Marketplace
Educating boards (SC Magazine) C-suites and boards of directors are increasing their knowledge of IT security risks and needs – before a breach happens
What a Security Evangelist does, and why you need one (Help Net Security) Here is a simple truth: You can create the most revolutionary product ever, but if you can’t get word about it out, you’ll fail
Loss of confidential information key to understanding interactions between crime and cyber coverage: conference speaker (Canadian Underwriter) The loss of confidential information can be crucial to understanding the interactions between cyber and crime coverage, attendees to the NetDiligence Cyber Risk Summit heard on Friday
The Panama Effect: What Actions Will Law Firms Take on Cybersecurity? (Legaltech News) There is now an urgency that wasn’t there before, simply because events have called into question the very ability of law firms to protect data
Security Solution Provider Superstars: How Do The Biggest Partners Stack Up? (CRN) The security market is heating up, which inevitably means the market's largest solution providers are getting more competitive than ever, with companies such as SecureWorks, Optiv Security and Trustwave vying for the top spot in the market
Kudelski Group Acquires Milestone Systems (BusinessWire) The Kudelski Group (SIX:KUD.S) announced today the acquisition of Milestone Systems, Inc., a leading provider of cyber and network security solutions. The move expands the Kudelski Group’s focus on cybersecurity solutions and provides a springboard for further growth
Stock in Queue: Radware (NASDAQ:RDWR) (CWRU Observer) Radware Ltd. (RDWR) is expected to report Q1 earnings before market open (confirmed) on Tuesday 05/03/2016. The company operates in the Information Technology Services industry. Radware Ltd develops, manufactures and markets cyber security and application delivery solutions designed to ensure optimal service level for applications in virtual, cloud and software defined data centers
4 Reasons I Bought CyberArk Software Ltd. (Motley Fool) This little cybersecurity firm has a wide moat and solid bottom line growth
Oppenheimer Sees Upside Potential In Fireye Inc (FEYE) Following Quarterly Checks (Country Caller) FireEye Inc. (NASDAQ:FEYE) is a network security company incorporated in the United States. It was founded by Mr. Ashar Aziz in year 2004 and has since gained popularity as a network security solutions provider. Oppenheimer’s recent quarterly channel checks portray a helpful environment for the network security business and FireEye seems to be rightly positioned to take advantage. Analyst Shaul Eyal believes that there is a lot of upside potential in the stock as trends continue to get better
BitSight's Customer List Grows With High-Profile Vendor Cybersecurity Fails (BostInno) What do Target, T-Mobile and Home Depot have in common? Besides the fact that they have all had data breaches within the last three years. It’s the source of those breaches: third-party vendors
Exabeam Channel Chief: Here's Why Partners Should Boost Their Security Strategy With User Behavior Analytics (CRN) The market for User Behavior Analytics (UBA) is gaining steam in the security space, expected to jump to $200 million by the end of 2017
US Cyber Challenge: Cyber Quests April 2016 (US Cyber Challenge) Cyber Quests, the online qualifying competition for US Cyber Challenge's summer cyber camps, closes registration this Thursday & the competition closes this Friday. Compete to earn an invitation to one of the USCC camps this summer. USCC is dedicated to reducing the nation's cybersecurity workforce gap
Why I Signed on with an IT Security Vendor (Digital Guardian) Here's why I jumped to the vendor side of the fence after 12 years as a Fortune 100 incident responder and threat researcher
Tenable Network Security Wins Governor’s Award at Chesapeake Regional Tech Council TechAwards 2016 (Tenable) Global provider of next-generation cybersecurity software recognized as one of Maryland’s leading tech companies
Gigamon Names Tech Industry Veteran Fred Studer as CMO (Gigamon) Top NetSuite, Microsoft and Oracle marketing executive to help a rapidly growing global marketplace leverage the expansive promise of Gigamon
Products, Services, and Solutions
CyberPoint's AKUA Secure Logistics Solution Selected for DHS Pilot (Dark Reading) Persistent cargo monitoring and tracking will facilitate and bolster border security
Versasec, PrimeKey Formalize Working Relationship (Verasec) Government customers and others requiring advanced certificate authorities to see significant benefits
Dimension Data and Blue Coat release new Cloud security service (ARN) WebSaaS to be rolled out in Australia first
Okta offers Touch ID-based multifactor authentication for iPhones (PCWorld) The company also expanded its mobility management product to encompass third-party apps
Hexis HawkEye G 4.0 Now Available, Features Network Sandbox Capabilities Powered by a Partnership with Lastline, a Cloud Offering, and Extended 24/7 Managed Services (GlobeNewswire) Hexis Cyber Solutions Inc. (Hexis), a wholly-owned subsidiary of The KEYW Holding Corporation (NASDAQ:KEYW) and provider of advanced cybersecurity solutions for commercial companies and government agencies, announced today the general availability of HawkEye G 4.0
Microsoft Wants the Surface Phone to Be the Most Secure Smartphone in the World (Softpedia) The Surface Phone is expected to launch next year
Virtustream Launches Global Hyper-scale Storage Cloud For Seamless Enterprise Storage Extensibility, Backup and Cloud-Native Object Storage (PRNewswire) Syncplicity selects Virtustream Storage Cloud to meet customer mobility and security needs
Technologies, Techniques, and Standards
Cybersecurity Professionals Are Using Misdirection To Combat Hacking (Motherboard) Cyberwarfare operates on two assumptions: hackers are clever and their targets are honest. Every attempted or successful server breach or laptop hack occurs in order for the invader to steal some data that leverages power in the real world, be it credit card numbers, state secrets, nuclear access codes, or any other collection of sensitive data
5 Must Knows – How Cloud Security Can Greatly Improve Your Business (Ground Report) Does your business use the cloud? The cloud has become incredibly useful to businesses of all sizes and in all industries for a number of reasons
Defending Advanced Persistent Threats - Be Better Prepared to Face the Worst (Infosecurity Magazine) We often hear news about emerging cyber security threats and attacks impacting every industry. With advanced malwares, zero day exploits and persistent threats, cyber-attacks are now becoming very sophisticated in nature
8 Microsoft Office 365 Security Tips To Reduce Data Loss (Dark Reading) Even with a slew of new security tools and compliance guidance, there are still things you can do to protect this critical business system
A Decade of Exploit Database Data (Offensive Security) Managing the Exploit Database is one of those ongoing tasks that ends up taking a significant amount of time and often, we don’t take the time to step back and look at the trends as they occur over time. Have there been more exploits over the years? Perhaps fewer? Is there a shift in platforms being targeted? Has the bar for exploits indeed been raised with the increase in more secure operating system protections?
Design and Innovation
Who created bitcoin? The long search may not be over (Olympian) Who is Satoshi Nakamoto? For many in the tech world, the identity of bitcoin's elusive creator has been a long-running parlor game. And the speculation might not be over
Satoshi: how Craig Wright's deception worked (Errata Security) My previous post shows how anybody can verify Satoshi using a GUI. In this post, I'll do the same, with command-line tools (openssl). It's just a simple application of crypto (hashes, public-keys) to the problem
The future of smart data security is in AI and silicon, says AMD CTO (MIS Asia) Semiconductor company AMD has pointed to using a marriage between AI (artificial intelligence) and silicon as the future of smart data security strategies
Research and Development
Raytheon developing technology to make software "immortal" (Sys-Con Media) Apps could be viable for 100 years despite changes in technology
Jammers, Not Terminators: DARPA & The Future Of Robotics (Breaking Defense) Robophobes, relax. The robot revolution is not imminent. Machine brains have a lot to learn about the messy physical world, said DARPA director Arati Prabhakar
Academia
CSTA Launches Cybersecurity Professional Development Program for Teachers (THE Journal) The Computer Science Teachers Association (CSTA) has launched the Cyber Teacher Certificate professional development program designed to train teachers in cybersecurity education
UNG offering cyber security summer camp for high school students (Forsyth Couny News) The University of North Georgia is holding a free two-week residential National Cyber Warrior Academy on its Dahlonega Campus for high school students interested in cyber-related education and/or careers
Legislation, Policy, and Regulation
Is India Ready for an Email Privacy Act? (Inforisk Today) Citing Governance Issues, Leaders Cast Doubt on Prospects
Microsoft CEO Satya Nadella: Why the U.S. needs better laws to balance privacy and national security (GeekWire) Microsoft CEO Satya Nadella is calling for the U.S. government to establish a better framework of laws to create a “new equilibrium” between the privacy of personal data and the need for national security
What’s Your ‘Insider Threat Score?’ It Could Determine If You Keep Your Clearance (Defense One) The new National Background Investigation Bureau thinks screening people with classified access can determine their likelihood of going rogue
Feds Have Found ‘Unbelievable’ Amounts of Child Porn on National Security Computers. Is this the Solution? (Nextgov) A top National Security Agency official wants to keep tabs on national security personnel off-the-clock, in part by tracking their online habits at home. The aim is to spot behavior that might not be in America's best interests
How Multifactor Authentication Can Play a Role in the Cybersecurity National Action Plan (Nextgov) In February 2016, the White House announced the Cybersecurity National Action Plan, which aims to increase federal cybersecurity funding by more than a third to over $19 billion
Car hackers could get a life sentence under proposed anti-hacking law (Naked Security) Hacking a car in Michigan could become a felony with a life sentence, if proposed legislation introduced last week becomes law in the home state of the US auto industry
Litigation, Investigation, and Law Enforcement
WhatsApp blocked in Brazil again -- stupidity knows no limit (Computerworld) WhatsApp “can’t” give Brazil court drug evidence. Judge Marcel Montalvão doesn’t redeem himself
What Happens When Canadian Cops Find a Software Security Flaw? (Motherboard) When law enforcement and intelligence agencies in Canada discover flaws in computer software—say, a bug that could help hackers steal messages from a smartphone, or spy on unsuspecting victims via internet-connected webcams—do they disclose those holes to the software's creator so they can be plugged? Or do they keep such flaws secret for their own use in future investigations, with the hope that no one else will find and use them maliciously first?
LA judge forces woman to unlock iPhone with fingerprint (Naked Security) The forced use of fingerprints to unlock an iPhone is playing out again in Los Angeles
Why your iPhone-unlocking fingerprint is susceptible to FBI search warrants (Macworld via CSO) A judge is forcing a woman to unlock an iPhone with her fingerprints, but does this violate the Constitution?
Fingerprint Security Can Actually Make Data on Phone More Vulnerable to Government, Authorities (BizTek Mojo) Fingerprint security should keep data safer from everyone but the recent cases have shown that the government can actually force someone to use their own fingerprint to unlock their phone, possibly incriminating themselves in a case
Microsoft's CEO says company suing the U.S. government over privacy (IDG via CSO) The company's commitment to privacy drove it to fight gag orders, he says
Twitter suit over surveillance stats battered, but not dead (Politico) A federal judge delivered a blow Monday to Twitter's drive to release more details on surveillance orders it receives, but the tech firm won a chance to try to reformulate its case
Arsenal Consulting Reveals Sophisticated Evidence Tampering Involving Turkish Journalists (PRNewswire) Boston-based digital forensics expert describes his firm's work involving journalists accused of membership in a terrorist organization