Cyber Attacks, Threats, and Vulnerabilities
Panama Papers Source Offers Documents To Governments, Hints At More To Come (ICIJ) Source known only as John Doe says income inequality "one of the defining issues of our time" and calls on governments to address it
Names in Panama Papers leak to go online for public today (Chcago Tribune) The names of more than 200,000 offshore companies found in the Panama Papers leak are being made accessible to the public Monday through a searchable database
Panama Papers reveal middlemen between Canada and offshore secrets (CBC) Leaked data shows top Canadian offshore operators include Alberta fraudster, former B.C. lawyer
Panama Papers report alleges NZ prime place for rich to hide money (Reuters) Wealthy Latin Americans are using secretive, tax-free New Zealand shelf companies and trusts to help channel funds around the world, according to a report on Monday based on leaks of the so-called Panama Papers
ICIJ's release of the Panama Papers won't include personal data, emails, bank records (Sydney Morning Herald) The biggest release of more than 200,000 secret offshore entities that are part of the Panama Papers investigation will be unveiled on Tuesday
OpIcarus Finds More Targets as Banks in Panama, Bosnia and Kenya Go Offline (Hack Read) It’s been over a week since Anonymous and Ghost Squad began conducting cyber attacks on banking websites worldwide. It’s the weekend now but the hacktivists aren’t taking a break; while you were sleeping they conducted distributed denial-of-service DDoS attacks on the websites of four International banks including the central bank of Kenya, National Bank of Panama, Central Bank of Bosnia and Herzegovina and Maldives Monetary Authority
OpIcarus continues as hacktivists shut down 3 more banking websites (Hack Read) Though they have their difference, when it comes to OpIcarus it seems the Anonymous hacktivists andGhost Squad group have found mutual interests
UAE InvestBank Hack: Leaked Data showing passport and Credit Card Detail (Hack Read) A data file that shows and holds sensitive financial data has been published. The data, 10GB in size, was published online and seems to have been taken from a bank that is in the United Arab Emirates. The Zip file for first analysis shows that the financial information is from tens of thousands of customers with the InvestBank, which is based in Sharjah
India Blames ISI for Spying on Military Through Gaming and Music Apps (Hack Read) Pakistan’s intelligence agency is popular all over the world for its novel tactics and amazing abilities to stay updated about security concerns. After all, it wasn’t declared one of the world’s best intelligence agencies in 2015 for nothing
Muslim Leaders Wage Theological Battle, Stoking ISIS’ Anger (New York Times) As the military and political battle against the Islamic State escalates, Muslim imams and scholars in the West are fighting on another front — through theology
US struggles to convince Iraqis it doesn't support IS (AP) For nearly two years, U.S. airstrikes, military advisers and weapons shipments have helped Iraqi forces roll back the Islamic State group. The U.S.-led coalition has carried out more than 5,000 airstrikes against IS targets in Iraq at a total cost of $7 billion since August 2014, including operations in Syria. On Tuesday a U.S. Navy SEAL was the third serviceman to die fighting IS in Iraq. But many Iraqis still aren't convinced the Americans are on their side
Cyber in Operation Inherent Resolve? Think ‘Fight Club.’ (C4ISR & Networks) The fight against the Islamic State group, known alternately as ISIS, ISIL and Daesh, involves numerous approaches, facets, partners, tools and weapons. But if any of those involve cyber, the top spokesman for the operation isn’t saying so
Fighting the Islamic State (Defense News) Daveed Gartenstein-Ross, senior fellow at the Foundation for the Defense of Democracies, discusses the Pentagon’s strategy to combat ISIS
Islamic State's Recruitment Strategy (Defense News) Daveed Gartenstein-Ross, senior fellow at the Foundation for the Defense of Democracies, discusses the Pentagon’s strategy to combat ISIS and its recruitment strategy
Did China Just Steal $360 Billion From America? (Forbes) “The FBI has obtained information regarding multiple malicious cyber actor groups that have compromised sensitive business information from U.S. commercial and government networks through cyber espionage,” warned the law enforcement agency on the 2nd of this month. At about the same time, the Department of Homeland Security and the Defense Security Service of the Department of Defense issued similar alerts
Russia’s Mail.ru denies mass password breach; researcher stands by findings (Indian Express) Russia's Mail.ru denies tens of millions of users were at risk after researchers found its data circulating among cyber criminals
Garbage in, garbage out: Why Ars ignored this week’s massive password breach (Ars Technica) When a script kiddie sells 272 million accounts for $1, be very, very skeptical
The Giant Email Hack That Wasn't (Fortune) And most of the data in question was “bogus"
40 million User Data from Adult Social Network Emerges on Dark Net (Hack Read) Fling.com (NSFW), an adult social network has apparently been hacked and as a result login credentials of 40,769,652 registered users have been stolen and available for sale on the Dark Web by a hacker calling himself by a vicious hacker known as “Peace of mind"
Rio Olympics Likely a Magnet for Cybercriminals (Wall Street Journal) As cybercriminals gear up for action ahead of the summer Olympic and Paralympic Games, host country Brazil and the Rio Games’ global sponsors are bracing for countless virtual showdowns
Six-year-old patched Stuxnet hole still the web's biggest killer (Register) Crusty bait makes for great phishing
Will a visit to The Pirate Bay end in malware? (Naked Security) Back in the early days of computer viruses, in the late 1980s and early 1990s, advice on how to avoid infection often started like this: Don't pirate stuff
According to Chrome, Safari and FireFox ThePirateBay is a Phishing Site (Hack Read) It was a “dark day” for all the Torrent lovers worldwide after The Pirate Bay was shunned by Google’s Chrome, Apple’s Safari and Mozilla’s Firefox browsers yesterday
Ransomware is now the biggest cybersecurity threat (ZDNet) Simple attacks plus user willingness to pay ransoms to get their files back means ransomware is on the rise, warn Kaspersky researchers
New ransomware modifications increase 14% (Help Net Security) Kaspersky Lab detected 2,896 new ransomware modifications during the first quarter, which is an increase of 14 percent on the previous quarter. In addition, the number of attempted ransomware attacks increased by 30 percent
Critical Vulnerability Discovered in 2011 Qualcomm Code (Android Headlines) There is a critical security vulnerability present in some Android devices based around a piece of Qualcomm code that has existed from at least 2011 and now referred to as CVE-2016-2060
Five-Year Old Bug Lets Attackers View SMS And Call History On Qualcomm Android Devices (Lifehacker) Millions of Android devices using Qualcomm technology are vulnerable to a critical security flaw that dates back to 2011
Hotel malware caught checking in (Enterprise Times) Less than a week after warning that hotels were being constantly targeted by hackers, Panda Security managed to catch an attack in the act. The attack came in the form of a phishing email to an employee at an unnamed hotel and was, according to a Panda Security press release, captured by its Adaptive Defence 360 security software
Power networks on high alert amid cyber threats (Sydney Morning Herald) Electricity network companies face having to further beef up their defences against cyber attacks as the rise of small-scale renewable power generation increases the vulnerability of the grid to attack
Google suffers data breach via benefits provider (CSO) Data breaches are always a horrible thing when you are on the side that has been tasked with defending the realm from invaders
Crooks Grab W-2s from Credit Bureau Equifax (KrebsOnSecurity) Identity thieves stole tax and salary data from big-three credit bureau Equifax Inc., according to a letter that grocery giant Kroger sent to all current and some former employees on Thursday
Walmart confirms police report, says card readers compromised in Virginia (CSO) Detectives suspect crooks used overlay skimmers, which can be installed in seconds
Security Patches, Mitigations, and Software Updates
Lenovo patches serious flaw in pre-installed support tool (CSO) The flaw could allow attackers to gain higher privileges on compromised computers
GitLab repairs critical flaw that lets users log in as admins (CSO) The fixes are available for all supported versions of GitLab Community Edition and GitLab Enterprise Edition
Verizon Galaxy S7 and S7 edge getting updates with latest security patches and more (Phonedog) Just two days after T-Mobile’s Galaxy S7 and Galaxy S7 edge got software updates, Verizon has started pushing updates to its own versions of the GS7 and GS7 edge
Cyber Trends
The impending death of the traditional Intranet (CSO) In medieval times castles were typically protected by a moat or something akin to it like an open ditch
CIO alert: Information technology is a $4 trillion global business (ZDNet) Research describes the size, direction, and growth of the IT market. For CIOs and other IT professionals, understanding these dynamics can help with planning company strategy and making wise personal career choices
Security the key to software-defined datacentre takeup (Cloud Pro) 94 per cent of executives think security is more important than cost savings
How Microsoft keeps the bad guys out of Azure (Network World) Microsoft releases its latest security report, includes information about its cloud services for the first time
Microsoft's latest security report finds that vulnerability disclosures are on the up (Inquirer) Well, it should know
Incoming FireEye CEO: Scale of Security Breaches Smaller (Bloomberg West) Kevin Mandia, incoming FireEye chief executive officer, discusses security breaches with Bloomberg's Ramy Inocencio on "Bloomberg West"
Internet of Fail: How modern devices expose our lives (Help Net Security) Should you sync your family’s calendar to your refrigerator or have it display photos? Samsung believes you should. They also think you need cameras that display the food inside, to help during shopping. Sure, these features can make life easier, but how would you feel about someone accessing this information? What could a stranger do if he knew you’re out of the house tomorrow night?
How small businesses approach risk mitigation and response (Help Net Security) CSID released the findings of a survey recently conducted for small businesses (under 10 employees) to determine sentiment and concerns from small business owners around cyber security and how this population is approaching risk mitigation and response
Don't Just Click, It Could be a Trick (Slam the Online Scam) According to the National Cyber Security Alliance, an astonishing one in five small businesses falls victim to cyber crime each year
UK.biz is still clueless at fending off malware attacks, says survey (Register) Security is a custom ‘more honoured in the breach’
Majority of Scots fear cyber attack while firms are more complacent (National) More than 80 per cent of Scottish consumers worry about which businesses have access to their data and whether their details are protected, research has revealed
50 Percent of North American Companies Believe They're More Secure Than a Year Ago (eSecurity Planet) Just 12 percent think they're less secure, a recent survey found
Marketplace
Software security suffers as upstarts lose access to virus data (Reuters via Yahoo! Tech) A number of young technology security companies are losing access to the largest collection of industry analysis of computer viruses, a setback industry experts say will increase exposure to hackers
Cyber investing recap for CISOs (CSO) Best of show nods for the inaugural Cyber Investing Summit
Cybersecurity stocks sell off after FireEye, Imperva, and CyberArk report (Seeking Alpha) Palo Alto Networks (PANW -3.7%), Proofpoint (PFPT -3.6%), Rapid7 (RPD -2.1%), Identiv (INVE -7.5%), and Vasco (VDSI -3.1%) are selling off after security tech peers FireEye (down 18.8%), Imperva (down 25.2%), and CyberArk (up 1.5%) delivered their Q1 reports.FireEye, likely the biggest culprit behind the selloff, posted mixed Q1 results (sales missed, EPS beat), offered light Q2 and full-year revenue guidance (full-year billings guidance was affirmed), and announced (as part of a larger management shakeup) Kevin Mandia is replacing Dave DeWalt as CEO
Cyber Insecurity Hits FireEye and Imperva as Their Stocks Get Crushed (TheStreet) Cyber security shops FireEye (FEYE - Get Report) and Imperva (IMPV - Get Report) are being rocked on Friday trading, following their first-quarter earnings reports
FEYE Stock: FireEye Inc Tumbles, But It’s Not Beat (Investor Place) FEYE stock plunges on a bad quarter and the abrupt departure of the CEO, but there are upsides to this cybersecurity firm
Mandia Replaces DeWalt as FireEye CEO (Infosecurity Magazine) FireEye has announced that CEO David DeWalt is to step down as CEO, to be replaced by Kevin Mandia
FireEye Announces New CEO, Stock Plummets, Reasons For Optimism (Forbes) FireEye, Inc. — one of the world’s largest pure-play cybersecurity firms — announced a new CEO yesterday
Ouch! Why Imperva Inc. Stock Plummeted (Motley Fool) The market doesn't seem to like the cyber-security company's guidance. Here's what investors should know
Cyberark Software Ltd (CYBR) Stock Plummets After Q1 Earnings Call (Bidness Etc.) Cyberark Software Ltd (CYBR) Stock Plummets After Q1 Earnings Call
Inside Palantir, Silicon Valley’s Most Secretive Company (BuzzFeed) A cache of internal documents shows that despite growing revenue, Palantir has lost top-tier clients, is struggling to stem staff departures, and isn’t collecting most of the money it touts in high-value deals
Webroot leads cyber security market as demand continues to grow (Security Brief NZ) Webroot appears to be moving from strength to strength, experiencing significant revenue growth this year thanks to an increasing demand for cyber security solutions and a few key customer wins
TalkTalk to dial up sales despite cyber attack (Telegraph) Budget broadband provider TalkTalk is hoping to hang up on the effects of last year’s cyber-attack when unveils its annual results this week
Duo Security bolsters region's technology profile (Detroit Free Press) Dug Song first met his future business partner, Jon Oberheide, when the latter hacked into the computer system at a firm where Song was working at the time
Michael Dell announces Dell Technologies (Indian Panorama) Michael Dell revealed the new names, and yes we are talking multiple names, for the artist formerly known as the Dell-EMC deal toda
Altamira expands intelligence business with acquisition (Washington Technology) Altamira Technologies Corp. is building out its intelligence business with the acquisition of Prime Solutions LLC, a Columbia, Md., company that specializes in cyber operations
CyberPoint spins out IoT security company (Technical.ly Baltimore) AKUA will initially focus on security for the data-collecting sensors used by logistics managers
Leidos CEO Roger Krone confirms that company does 'offensive cyber' for feds (Washington Business Journal) At a time when industry is reluctant to acknowledge its role in the Pentagon’s cyber warfare operations, Leidos Holdings Inc. (NYSE: LDOS) CEO Roger Krone confirmed Thursday at an investor conference his company plays in the offensive cyber market
Kyrgyzstan state bodies invite Kaspersky licence bids (Telecompaper) The Kyrgyzstan Ministry of the Economy has announced a tender on the acquisition of an anti-virus system, reports Tazabek. The size of deal totals KGS 480,000
Hewlett Packard Enterprise Co (NYSE:HPE) identifies a role to play in the world of automated cars (Invest Correctly) Hewlett Packard Enterprise Co (NYSE:HPE) has identified a number of opportunities in the automated vehicle industry and it is going for them. The company is in the process of creating an automated vehicle ecosystem. HPE wants to take the data generated by automated cars and turn it into something more useful for drivers and other industry players
Veering Off Topic With CloudLock CEO Gil Zimmermann (Xconomy) Next up in my series of meandering conversations with tech leaders: CloudLock CEO Gil Zimmermann. Zimmermann co-founded the cloud security software company in 2007 as Aprigo and shifted it to its current name and product focus in 2011. The firm, based in Waltham, MA, has raised some $35 million from investors, and its products are now being used by more than 6 million employees of large enterprise companies, according to CloudLock’s website
iovation CEO Greg Pierson Named Entrepreneur of the Year Finalist (MarketWired) Ernst & Young Recognizes Pierson for Driving Growth, Innovation and Community Involvement
CSRA Alliance for Fort Gordon gets new director (Augusta Chronicle) The CSRA Alliance for Fort Gordon, the region’s military advocacy organization, announced Friday that retiring Executive Director Thom Tuckey will be replaced by a 32-year Army veteran whose last assignment was serving as senior enlisted adviser to Fort Gordon’s commanding general
Products, Services, and Solutions
Inmarsat plans to launch cyber security app (Marine Electronics & Communications) Inmarsat is planning to launch a cyber security service as the first application on its new Fleet Xpress satellite communications solution for shipping. The London-based company has been working with Singapore Telecommunications (Singtel) to develop a specialised application for reducing the risk of cyber attacks on ships
How to change your passwords automatically with Dashlane and LastPass (PC World) It's a pain to change your passwords manually. These two password managers make it easier by doing it for you
Microsoft-Centric Innovators Gridstore and 5nine Software Showcase Advanced Security With HyperConverged Infrastructure (Marketwired) Gridstore®, the leader in hyper-converged all flash infrastructure for the Microsoft Cloud-Inspired Datacenter and 5nine Software, the leading global Hyper-V virtualization security and management provider, today announced they will be presenting their recently launched integrated solution that delivers advanced security for hyperconverged infrastructure at the upcoming Microsoft Cloud and Hosting Summit, May 10-12 at the Hyatt Regency in Bellevue, Washington
FedRAMP Authorization Given to Dell Services Federal Government’s Cloud (Washington Executive) On April 22nd Dell Services Federal Government’s (DSFG) cloud offering received the Federal Risk and Authorization Management Program (FedRAMP) authorization which means that Dell Cloud for U.S. Government (DSG), DSFG’s multi-tenant cloud platform has met the security standards and requirements of the Federal Information Security Management ACT (FISMA)
Blackberry Priv - Not a phone for the aam admi (DNA India) A high price tag and lack of features for the average consumer make the phone suitable only for enterprises
ZENEDGE Open Sources Linux Kernel Extension for Cybersecurity (PRWeb) ZENEDGE, a leading provider of cloud-based, Artificial Intelligence (AI) driven cybersecurity solutions, announced today that the Company is contributing a Linux kernel extension called Zentables-addons to open source, developed to increase the capacity to block IP addresses behind an HTTP load balancer, such as HA Proxy or Amazon ELB
Alliance Key Manager Now Supports Encryption Key Management for MongoDB Enterprise Advanced - Key Management without Application Changes (Benzinga) Townsend Security's Alliance Key Manager for MongoDB offers unparalleled security, flexibility and affordability for all users of MongoDB Enterprise Advanced
Technologies, Techniques, and Standards
PCI DSS 3.2: Making the Move to MFA (Dark Reading) PCI DSS has always required that any untrusted, remote access into the cardholder data environment use multi-factor authentication. Now version 3.2 takes it one step further
Is “Next Gen” patternless security really patternless? What the changes to VirusTotal’s Terms of Service Really Mean (Trend Micro: Simply Security) Trend Micro is a long-time supporter of VirusTotal. We support VirusTotal because we believe that keeping people around the world safe on the Internet requires partnerships
TalkTalk head of security: What we learned from the cyber attack (Computer Business Review) C-level briefing: Charles Bligh says there is "always a silver lining" to being hacked
Virtual environments make it easy to deploy deception technology (Network World) Attackers use deception to invade your network. Turn the tables and deceive them so the attack gets trapped and stopped
Banks work around the clock to thwart cyber crooks (Las Cruces Sun-News) The Department of Homeland Security in 2004 deemed October as National Cyber Security Awareness Month — a time to raise public consciousness about the ever-more-sophisticated ways in which criminals are trying to steal from working people, businesses and the financial institutions in which they put their money for safekeeping
Retailers must upgrade authentication, encryption and pen testing (CSO) The PCI Security Standards Council now requires better authentication, encryption and penetration testing
Changing Your Password Too Often Exposes You to Hackers (Biz Tech Mojo) Security experts often advise computer users to update their passwords periodically to stay safe from hackers but surprisingly, a Britain's security service claims that your online data is even safer if you avoid changing your password routinely
A look inside the Department of Homeland Security's cyberhub (Verge) The building where the Department of Homeland Security tracks every cyber attack against the US is surprisingly bland
Network visibility remains the key to safe digital transformation, says Cisco (ComputerWeekly) Accessing analytics to deal with incidents is the future of information security, according to Terry Greer-King
Design and Innovation
Prep for next-gen encryption should start yesterday (GCN) The National Institute of Standards and Technology is getting nervous about quantum computers and what they might mean for the cryptographic systems that protect both public and private data. Once seen as far off -- if not borderline science fiction -- quantum computing now seems a much closer reality
Research and Development
IARPA funding brings ideas ‘from disbelief to doubt’ (Federal Times) The Intelligence Advanced Research Projects Activity has opened up its annual broad agency announcement calling for submissions of the most bleeding-edge technologies and ideas the private sector has to offer
Academia
NSA recognizes Embry Riddle as a top school for cyber defense (Orlando Sentinel) The National Security Agency and the Department of Homeland Security have recognized Embry-Riddle Aeronautical University’s Daytona Beach Campus as a top school nationally for cyber defense education
EOU math students solve cryptography challenge (My Eastern Oregon) Eastern Oregon University math majors had the opportunity to test their cryptanalysis skills – deciphering coded messages, that is – for a competition this spring
Legislation, Policy, and Regulation
Microsoft to speak about ‘Digital Terror’ at Security Council Meet (Go Android Apps) Microsoft to speak about ‘Digital Terror’ at Security Council Meet: From the UN Security Council Microsoft has accepted the invitation to address a special debate next week on the counter- terrorism and confronting the ‘digital terror’, UN diplomats said
France beefs up defences against corporate espionage (Financial Times) France is boosting its fight against corporate espionage after belatedly realising that some of its largest trading partners have been extensively spying on its companies, according to the country’s corporate intelligence chief
Ireland: Survey of Recent Developments in National Cyber Security Sphere (Lexology) In this article, we consider recent policy and strategy level developments in the cyber security sphere in Ireland
Obama's Cyberdoctrine (Foreign Affairs) As the administration of U.S. President Barack Obama begins to wind down, much of Washington’s national security community is working to deliver the next president with fresh ideas on cybersecurity. No matter what these groups recommend, the next president would do well to recognize that the Obama administration has found what is likely the only workable strategy: making it a private sector responsibility
Situational Awareness Will Inform Risk Management Decision Making (SIGNAL) Cyber information sharing can emerge from existing private sector organizations
Hacking the Hackers: Should Private Companies Strike Back? (SIGNAL) Intelligence officials debate the ethics of cyber vigilantes
The Pentagon’s Intel Chief Already Has Some Advice for the Next US President (Defense One) 'The integration of intelligence of the past 15 years is a journey that is not finished,' said Marcel Lettre, undersecretary of Defense for intelligence
State's school for cyber (FCW) Training State Department Foreign Service officers on cybersecurity is expensive, time consuming, and a logistical headache. But the department's top cyber official says that it's a critical investment in overseas work
Litigation, Investigation, and Law Enforcement
Twitter Bars Intelligence Agencies From Using Analytics Service (Wall Street Journal) Social media firm cuts access to Dataminr, a service used to identify unfolding terror attacks, political unrest
Hacker Lexicon: Stingrays, the Spy Tool the Government Tried, and Failed, to Hide (Wired) Stingrays, a secretive law enforcement surveillance tool, are one of the most controversial technologies in the government’s spy kit. But prosecutors and law enforcement agencies around the country have exerted such great effort to deceive courts and the public about stingrays that learning how and when the technology is used is difficult
DOJ: Wyden misunderstanding law in fight over secret cyber memo (The Hill) The Justice Department and Sen. Ron Wyden (D-Ore.) are squaring off in an increasingly bitter legal battle over a 13-year-old legal opinion
She Spoke Up About Cooked ISIS Intel. They Booted Her—for Cursing. (Daily Beast) An employee at CENTCOM’s Joint Intelligence office says she was reassigned, supposedly for cursing at work, after speaking out about cherry-picked ISIS war intel
Trial opens Monday for three Twin Cities ISIL suspects (Minneapolis Star-Tribune) The results of a yearslong investigation will be closely watched for clues on how potential homegrown terrorists can be detected
Tajikistan Detains Four Alleged Islamic State Supporters (Radio Free Europe/Radio Liberty) Tajik authorities say they have detained four suspected supporters of the Islamic State (IS) extremist group who were allegedly planning to carry out terrorist attacks in the country during the celebrations marking Victory Day on May 9
Spearphishing attack nets hundreds of thousands from investment firm (SC Magazine) Spear-phishing attacks continue to make big profits for attackers and big losses for victims, according to a new Mimecast report
Ex-Army Contractor Sentenced for Lying on Security Form (Military.com) A former U.S. Army contractor has been sentenced for lying on his security clearance form and damaging Army computers