Cyber Attacks, Threats, and Vulnerabilities
North Korea suspected of hacking South Korean defense contractor (CSO Online) On Tuesday, South Korean officials announced they're investigating a security incident at Hanjin Heavy Industries & Construction Co., one of the key contractors involved with building out the nation's naval fleet. North Korea is their top suspect, despite a lack of evidence.
South Korea victim of Internet Explorer zero-day vulnerability (ZDNet) Research from Symantec has revealed that the Internet Explorer Scripting Engine Remote Memory Corruption Vulnerability was used in targeted attacks in South Korea.
Internet Explorer zero-day exploit used in targeted attacks in South Korea (Symantec Security Response) Microsoft has patched an Internet Explorer zero-day vulnerability (CVE-2016-0189), which was exploited in targeted attacks in South Korea.
Microsoft and Adobe warn of separate zero-day vulnerabilities under attack (Ars Technica) Exploits exist for both bugs and allow for remote code execution.
Notes from SophosLabs: The anti-anti-virus arms race (Naked Security) The Gatak malware tries to keep track of where the world’s threat researchers are, and avoids playing ball if it thinks it’s in a sandbox.
Bucbi Ransomware Gets Makeover (The first stop for security news) Two-year-old Bucbi ransomware is making a comeback with new capabilities added, transforming the simple malware into Swiss Army Knife for cyber crime.
Exploits gone wild: Hackers target critical image-processing bug (Ars Technica) Vulnerability in ImageMagick allows attackers to execute malicious code.
Attackers are probing and exploiting the ImageTragick flaws (CSO Online) Over the past week security researchers have seen increasing attempts by hackers to find servers vulnerable to remote code execution vulnerabilities recently found in the ImageMagick Web server library.
Article 29 Working Party still not happy with Windows 10 privacy controls (SC Media) The EU privacy watchdog has told Microsoft despite changes to the install screen, there is still no clear message of how Microsoft plans to process users' data.
Why GPS is more vulnerable than ever (The Christian Science Monitor) The space-based navigation and timing system faces a growing risk of attack. But there is a simple solution.
Cyberattack shuts down Killeen's website (The Killeen Daily Herald) Update: As of 8:30 a.m., the city of Killeen was still using a 2011-2012 cached version of their website while the city's maintenance teams work to restore the website to
Anonymous Hacktivist Group Now Gunning for Powerful Pedophile Networks (Sputnik News) Hackers collective declares vigilante justice against the international "paedosadist industry."
Verizon says cable, phone lines cut in local town was sabotage (WFXT) Verizon phone and cable lines have been cut up and down the East Coast at the same time workers across the country are on strike.
Experts Comments on Data Breach at British Retailer Kiddicare (Information Security Buzz) British retailer Kiddicare has suffered a data breach in which the personal details of nearly 800,000 customers have been stolen. The company said that the data had been taken from a version of its website that had been set up for testing purposes at the end of 2015. Customers have reported suspicious text messages that …
Security Patches, Mitigations, and Software Updates
Adobe, Microsoft Push Critical Updates (KrebsOnSecurity) Adobe has issued security updates to fix weaknesses in its PDF Reader and Cold Fusion products, while pointing to an update to be released later this week for its ubiquitous Flash Player browser plugin. Microsoft meanwhile today released 16 update bundles to address dozens of security flaws in Windows, Internet Explorer and related software
May 2016 Microsoft Patch Tuesday Security Bulletins (Threatpost) Microsoft's Patch Tuesday security bulletins include a patch for a JScript and VBScript scripting engine vulnerability being publicly exploited.
May 2016 Patch Tuesday: IE zero-day patch tops the list (SearchSecurity) Microsoft's May 2016 Patch Tuesday targets an IE zero-day vulnerability as the top priority.
Dell Security Tackles ‘Everywhere’ Secure Access for Mobile Workforce (Integration Developer News) Dell Security is shipping an update to its SonicWALL Secure Mobile Access (SMA) operating system to provide remote workers using smartphones, tablets or laptop. Notably, the solution works with managed or unmanaged devices.
Microsoft says no more blocking Windows Store on Pro edition (Naked Security) You’re going to have to get the Enterprise or Education edition if you really want to block employees from downloading apps.
Cyber Trends
Business Apps Remain Corporate Security 'Blindspot' (Silicon UK) Popular business apps used across many enterprises are leaky and present security risks, warns Wandera, but it won't say which ones they are...
Why nation states threaten your cybersecurity (CSO Online) CSO offers the latest information and best practices on business continuity and data protection, best practices for prevention of social engineering scams, malware and breaches, and tips and advice abut security careers and leadership.
We created cyber space – we need to protect it (iTWire) NATO’s Head of Cyber Security was very definite – “In the future Cyber threats will be considered a ‘conventional’ threat – just like terrorism, nucle...
Managing cyber risk top priority, but challenges remain (SecurityBrief New Zealand) Managing cyber risk is a top priority for businesses in the Asia Pacific region, yet vulnerability management strategies lag behind, according to new research from Tenable Network Security
Bromium invokes spirit of Turing as cyber attacks escalate (Business Weekly) Cambridge cyber security specialist Bromium has slammed the laissez faire approach of major businesses that is leaving their computer systems wide open to attack. CTO and co-founder Simon Crosby called for a radical change in attitude after the Government revealed that two-thirds of large UK businesses are being hit by cyber security attacks. Crosby said there was no
Marketplace
Putting a Digital Business Value on IT Security (Channel Insider) There's a long way to go in changing business execs' perception of security investments, yet solution providers should be pleased to see progress.
The role of cybersecurity insurance in the enterprise (SearchSecurity) Cybersecurity insurance is shaping up to be a major growth market. Here's a behind-the-scenes look at cyberinsurance.
Why Check Point Software Technologies Ltd. Stock Is Worth a Look (The Motley Fool) The data security provider doesn’t have the panache of its peers, but offers investors something the others can't: relative stability.
AurionPro sees impact of $100 million in value from Spikes Security acquisition (The Economic Times) With the deal, AurionPro has got access to "highly targeted and regulated industries such as banking, financial services, government and healthcare."
John McAfee Returns to Cybersecurity as CEO of John McAfee Global Technologies (247wallst.com) MGT Capital Investments has named John McAfee its new chairman and CEO and the company will be renamed John McAfee Global Technologies.
John McAfee’s first move as a new CEO is to rename the company after himself (TechCrunch) Some exciting news from the John McAfee camp today: America's favorite (and most entertaining) cybersecurity expert has a new gig! MGT Capital Investments, a publicly traded company that owns and operates social gaming apps, has announced the appointment of John McAfee as Executive Chairman and CEO…
Pwnie Express Raises $12.9M to Secure the Internet of Things (WSJ) As concerns grow about the security risks associated with the Internet of Things, investors are betting on companies like Pwnie Express Inc. that say they can mitigate them
Xconomy: Pwnie Express Rides Off With $12.9M to Hunt Rogue Devices (Xconomy) Warning: everything you thought you knew about corporate cybersecurity is about to change. That’s according to Paul Paget, the CEO of Pwnie Express, a
Pwnie Express Names Key Industry Veterans to Executive Team (Marketwire) Pwnie Express, the leading provider of device threat detection, today announced the appointment of Kasha Gauthier as CFO, Bo Thurmond as Vice President of Sales and Services, and Dimitri Vlachos as Vice President of Marketing. These appointments come on the heels of $12.9M...
Bayshore Networks Raises $6.6 Million From Trident Capital #Cybersecurity and Current Angel #Investors (Investor Ideas) Bayshore Networks, the cybersecurity leader for the Industrial Internet of Things (IoT), today announced that it has raised $6.6 million in Series A funding from Trident Capital Cybersecurity and its existing angel investors. Alberto Yépez, managing director of Trident Capital Cybersecurity, will join the company's board. Will Lin, vice president of Trident Capital Cybersecurity, will be a board observer
HP rolls out a new corporate venture unit (TechCrunch) There's a new corporate venture arm in town. Roughly six months after Hewlett-Packard finalized its division into two companies -- Hewlett Packard Enterprise, which focuses on servers, storage, networking, and security; and HP Inc., which continues to sell PCs and printers -- the latter is intro…
4 big and new cyber security consultancies to help business fight hackers - and 1 UK independent (Computer Business Review) List: BlackBerry, IBM, Dell, BT and BNSCyber feature on CBR's list.
Huawei Seeks to Partner Up with Korean Security Solution Providers (BusinessKorea) Huawei Technologies Co., a Chinese networking and telecommunications equipment and services company, is seeking to partner up with Korean information protection developers in order to push into Western markets.According to industry sources on May 10, Huawei is giving positive consideration to use Ko
This Popular Porn Site Just Debuted a Bug Bounty Program on Same Platform as the Pentagon (Fortune) Maximum bounty for hackers: $25,000. Pornhub, one of the world’s most popular pornography sites, unveiled a bug bounty program on Tuesday
CACI to provide electronic warfare support to U.S. Army I2WD (Military Embedded Systems) ARLINGTON, Va. U.S. Army Intelligence and Information Warfare Directorate (I2WD) will continue to receive hardware and software support from CACI in a multi-task order under the Rapid Response-Third Generation contract vehicle.
StanChart hires new cyber security chief from Symantec (Reuters) Standard Chartered has hired former Symantec Corp executive Cheri McGuire to be ...
Deep Run Security Services appoints new CTO (Washington Technology) Deep Run Security Services has appointed Scott Toth chief technology officer.
Former National Security Agency Deputy Director Chris Inglis Joins Board of Huntington Bancshares Incorporated (Marketwire) The Board of Huntington Bancshares Incorporated (NASDAQ: HBAN) (www.huntington.com) has unanimously elected as a member retired National Security Agency Deputy Director Chris Inglis.A three-decade U.S. military cybersecurity professional, Inglis served in London as the U.S. government's senior liaison to NSA's British counterpart from...
PhishMe CEO Rohyt Belani Named EY Entrepreneur Of The Year(R) Mid-Atlantic 2016 Finalist (Marketwire) PhishMe® Inc., the leading provider of human phishing defense solutions, today announced CEO and co-founder Rohyt Belani has been recognized as an EY Entrepreneur Of The Year Mid-Atlantic finalist. The EY awards program, which is celebrating its 30th year, recognizes entrepreneurs who demonstrate...
Products, Services, and Solutions
Infosec freeloaders not welcome as malware silo VirusTotal gets tough (Register) 'Cause the takers gonna take, take, take
Webroot Secures IoT Gateways with Real-Time Collective Threat Intelligence (PRNewswire) Webroot Helps Developers of Critical Infrastructure Equipment Guard against Network and Internet Based Threats
Virtustream Joins AT&T NetBond® Ecosystem (PRNewswire) Ecosystem Grows to 15 Leading Cloud Providers
Belden Delivers Groundbreaking Cyber Security Solution for Energy Sector (BusinessWire) The new Tofino™ Xenon Industrial Security Appliance solution reduces the time and resources required to protect energy power generation and transmissi
PostFinance Fights Fraud and Security Threats with Splunk Enterprise (BusinessWire) Splunk Inc. (NASDAQ:SPLK), provider of the leading software platform for real-time Operational Intelligence, today announced that PostFinance is using
NexDefense Enters Collaborative Agreement with General Dynamics Commer (PRWeb) NexDefense, the leading provider of cybersecurity for industrial control systems (ICS), today announced a new collaborative agreement with General Dynamics Commercial Cyber S
Docker Announces the General Availability of Security Scanning to Safeguard Container Content across the Software Supply Chain (BusinessWire) Docker today announced the general availability of Docker Security Scanning, an opt-in service for Docker Cloud private repo plans that provides a sec
WISeKey Reaches Agreement With CenturyLink on Cybersecurity Solutions (BusinessWire) Regulatory News: WISeKey International Holding Ltd (SIX: WIHN) (‘WISeKey’), a leading cybersecurity company, today announced a new agreement that enab
Technologies, Techniques, and Standards
Where to cut corners when the security budget gets tight (CSO Online) Whenever creating a budget, there is always the rainy day fund in case of unexpected circumstances. But what if those circumstances are bigger than you could have ever imagined? And you don’t have cyberinsurance? Sure you might be up the proverbial creek without a paddle but fear not as some security pros are willing to throw out a lifeline to help you at least get your head above the water with some sage advice.
What Makes Next-Gen Endpoint Protection Unique? (Dark Reading) Here are five critical factors you need to know about today's new breed of endpoint protection technology.
What's new with mobile application management software? (SearchMobileComputing) Learn how mobile application management software has evolved to give IT more control over apps at the device level.
Lessons from tax season: 4 tips for preventing cyberattacks on the workforce (GCN) Scams targeting employees during this recent tax season serve as a sobering reminder of the significant security risks workers unknowingly pose to their organizations.
Design and Innovation
IBM Watson Brings AI Wonders to Cybersecurity (Fortune) 8 universities will help teach the machine to stop hacks.
IBM Watson Is Now Gunning For Cybercriminals (Lifehacker Australia) IBM Watson is a cognitive computing platform that uses artificial intelligence to essentially "think" for itself. A new cloud-based version of the technology dubbed Watson for Cyber Security has just been announced -- and its coming after hackers....
Academia
UMBC partners with IBM Research for cybersecurity lab (Baltimore Business Journal) Two-hundred days: that’s how long it takes, on average, for a company to realize someone has hacked into its system and is slowly siphoning data
UNB chosen by IBM for Watson for Cyber Security project (Newsroom) UNB is one of only eight universities in North America chosen by IBM to help the global firm adapt its iconic Watson cognitive technology for use in the cybersecurity battle. “This is a tremendous opportunity for the University of New Brunswick that fits well with our proud and productive partnership with IBM,” says Eddy Campbell,… Read More »
Computer science teachers need cybersecurity education says CSTA industry group (TechRepublic) The Computer Science Teachers Association (CTSA) is working on a cybersecurity certification program for computer science educators, so they can better teach students about computer security.
Legislation, Policy, and Regulation
GDPR challenges all organizations to mask EU data by default (Help Net Security) Organizations need to re-architect operations and adopt a secure, data-first approach ahead of the introduction of the European GDPR.
U.S. officials in Belgium to promote intelligence-sharing (Military Times) A U.S. government delegation is in Belgium to promote greater intelligence-sharing by Belgian and European authorities in the wake of the March suicide bombings that killed 32 victims here, the group's members said Tuesday.
John Key's $22m cyber security announcement: Industry insider opinion (SecurityBrief) Unless you’ve been living under an incredibly large rock, there is no doubt that you’ve heard about the Panama Papers leak
WhatsApp’s Brazil blackout could be the start of an international encryption fight (MIT Technology Review) Facebook’s popular messaging app was shut down by a judge in Brazil after improved encryption irked investigators.
Why Encryption Bans Won't Work: Brazil Government's WhatsApp Block Just Sends Users To Other Encrypted Platforms (Techdirt.) The battle against encryption being fought valiantly stupidly by the FBI, a few law enforcement figureheads, and a handful of legislators is an unwinnable war. Just ask Brazil, where the government has blocked WhatsApp repeatedly in an effort to force...
Agreement on Cyberattacks Will Not Stop China's Economic Theft (Epoch Times) This news analysis was originally dispatched as part of Epoch Times China email newsletters. Subscribe to the newsletters by filling your email in the “China D-brief” box under this article. Chinese telecommunications company Huawei recently unveiled its new P9 smartphone, and as a recent Wired headline states, “Huawei just copied the iPhone—down to the last …
Privacy, security experts spar over emails, calls ‘incidentally’ caught by NSA surveillance (The Washington Times) Privacy and national security analysts sparred Tuesday over suggestions to further limit law enforcement access to Americans’ phone calls and emails that are swept up as part of the National Security Agency’s surveillance of foreigners’ communications.
Privacy advocates want protections for US residents in foreign surveillance law (CSO Online) The U.S. Congress should limit the ability of the FBI to search for information about the nation's residents in a database of foreign terrorism communications collected by the National Security Agency, some privacy advocates say.
Litigation, Investigation, and Law Enforcement
Alleged British hacker not forced to decrypt his data (CSO Online) The U.K.'s National Crime Agency (NCA) failed in its attempt to use what critics described as a legal backdoor to force a suspected hacker to provide the decryption key for his data.
John Key thrown out of Parliament over Panama Papers row (Stuff) Parliament got rowdy - then John Key was given his marching orders.
Oracle vs Google restarts (Register) Oracle's and Google's armies of lawyerbots are about to boot up, suit up, line up, and restart the tech giants' Bleak House-like lawsuit about copyright over APIs
Clinton aide Cheryl Mills leaves FBI interview briefly after being asked about emails (Washington Post) Near the beginning of a recent interview, an FBI investigator broached a topic with longtime Hillary Clinton aide Cheryl Mills that her lawyer and the Justice Department had agreed would be off limits, according to several people familiar with the matter
Man Pleads Guilty To Hacking, Stealing Information From Celebrities (Dark Reading) Bahamian to be sentenced by US court for stealing and selling copyrighted information.
()