Washington, DC: the latest from DCOi
DCOi 2016 (INSS) DCOI 2016 is a concerted effort of the state of Israel and the Institute for National Security Studies (INSS) of Tel-Aviv University, a non-profit organization t that aims towards enhancing collaboration between the United-States and Israel in cybersecurity. The summit is supported by Israel state agencies alongside companies and corporation across the United-States and Israel and is free of charge for registrants. DCOI 2016 will present best technological and creative skills, industry leaders and some of the most innovative entrepreneurs in the world
Cyber Attacks, Threats, and Vulnerabilities
As Scope of 2012 Breach Expands, LinkedIn to Again Reset Passwords for Some Users (KrebsOnSecurity) A 2012 data breach that was thought to have exposed 6.5 million hashed passwords for LinkedIn users instead likely impacted more than 117 million accounts, the company now says. In response, the business networking giant said today that it would once again force a password reset for individual users thought to be impacted in the expanded breach
Hacker Selling 117 million LinkedIn Login Credentials (HackRead) Social media platforms are becoming excessively and increasingly vulnerable to data leaks, hacks, and scams. Every other day we read about some or the other social networking website getting exploited, compromised, scammed or hacked resulting in exposure of profiles, email IDs, usernames, and passwords
Cyber espionage campaign targets Ukraine separatists (ComputerWeekly) Security researchers discover a surveillance operation against separatists in Eastern Ukraine using spear phishing attacks to spread previously unknown malware
Hacking Team hacker steals €10K in Bitcoin, sends it to Kurdish anticapitalists in Rojava (Ars Technica) Phineas Phisher, the hacktivist who hacked Hacking Team, says he's now planning an even bigger heist
Vietnam Bank Target Of Failed Cyberattack In December (Dark Reading) Top Vietnamese central bank official says attempt to transfer $1.36 million to Slovenian bank was an isolated incident
Slovenian bank was recipient named in failed Vietnam cyber-heist (Reuters via Euronews) Cyber-criminals unsuccessfully tried to send 1.2 million euros (937,290 pounds) from a Vietnamese bank to a Slovenian bank via the SWIFT network last December, but there have been no other cases of fraudulent transfers in Vietnam, a top central bank official said on Tuesday
Israeli Cyber Security Firm: N. Korea LIkely Behind Bangladesh Bank e-Heist (Interaksyon) North Korea is most likely behind the $81-million Bangladesh Central Bank cyber heist, said retired Israel military colonel Ram Dor in a forum on Tuesday, adding that Vietnam was similarly attacked through the SWIFT banking system recently
Did Anonymous Hack Turkish Hospitals Resulting in Massive Data Breach? (HackRead) A hacker claiming links with Anonymous hacktivist group has uploaded a Youtube video claiming to have hacked into the servers of Turkish medical institutions and leaked massive database from the systems. In the video, a figure wearing the standard Anonymous Guy Fawkes mask is heard saying that this cyber attack is an act of “revenge” against the hacking of two hospitals in the United States
Ransomware totally dominated FireEye’s malware detections in March (CSO) Security firm FireEye says that ransomware variants made up over 70 percent of all malware that its products detected in March
Ransomware the biggest immediate cyber threat, Kaspersky warns (Cyber Security Business) Ransomware has overtaken advanced persistent threat network attacks as the most frequent cyber threat, according to security firm Kaspersky Lab, and it doesn’t appear to be slowing down as authorities have had a hard time combating the viruses
Cyber Criminals Using Rio Olympics as Bait to Target Users with Phishing Scams (HackRead) Phishing attacks are definitely on a rise nowadays with email scams and spam messages doing the round across the World Wide Web incessantly
Bangladesh government exporting live phish (Netcraft) Bangladesh is one of the world's largest producers of fish; but lately, its government has also become an inadvertent exporter of phish
Nuclear center waits over a year to report cyber-attack (Asahi Shimbun) Computer hackers infiltrated a server installed at a facility that oversees handling of plutonium and other nuclear materials, but the breach was not reported for over a year because officials thought it wasn’t serious
Nigeria: Panama Papers - Cyber Security Wake-Up Call (All Africa) It was a monumental data breach
Intel chief: Presidential campaigns under cyber attack (WIBW) Cyber hackers -- possibly working for foreign governments -- are trying to infiltrate the Democratic and Republican presidential campaigns, a senior U.S. intelligence official said Wednesday
Scope of Gaping Android Security Hole Grows (Threatpost) Security researchers at Skycure are upping the ante on a vulnerability that it says now leaves 95.4 percent of Android devices vulnerable to an attack that hands over control of a phone or tablet to an attacker
Malware Creators Target IPhones In Increasing Numbers (Channel Partners) Businesses that issue iPhones and iPads to their employees – or let them connect to company networks with their own – pay heed
You are what you click: Online search security risks (Help Net Security) When it comes to the desire for the ideal body, people may be willing to sacrifice their online security if it takes them a step closer to achieving desired results, according to a Intel Security survey
Next cyberattack front could be your car (Washington Post) Finding ways into a car's network
Security Patches, Mitigations, and Software Updates
Microsoft Disables Wi-Fi Sense on Windows 10 (KrebsOnSecurity) Microsoft has disabled its controversial Wi-Fi Sense feature, a component embedded in Windows 10 devices that shares access to WiFi networks to which you connect with any contacts you may have listed in Outlook and Skype — and, with an opt-in — your Facebook friends
Google drops support for old crypto on Gmail, SMTP servers (Help Net Security) In less than a month, Google will stop supporting SSLv3 and RC4 on its SMTP and Gmail’s web servers
Cyber Trends
SEC Calls Out Financial Sector for Poor Security ( Infosecurity Magazine) The US Securities and Exchange commission has called out the major trading exchanges and financial clearinghouses for being reckless in their cybersecurity postures
SEC says cyber security biggest risk to financial system (Reuters) Cyber security is the biggest risk facing the financial system, the chair of the U.S. Securities and Exchange Commission (SEC) said on Tuesday, in one of the frankest assessments yet of the threat to Wall Street from digital attacks
87% of Mexican and 84% of Brazilian IT Decision Makers Say their Organization is Vulnerable to Data Threats (Broadway World) Vormetric, a Thales company, and a leader in enterprise data protection for physical, virtual, big data, and cloud environments, today announced the results of the Mexico and Brazil Edition of the 2016 Vormetric Data Threat Report (DTR)
Marketplace
Cisco's forecast tops Wall Street estimates; shares rise (Reuters) Network equipment maker Cisco Systems Inc reported better-than-expected results and gave an upbeat forecast for the current quarter, sending its shares up about 7 percent in extended trading
Cisco Beats Estimates on Strong Demand for Security Products (Fortune) Revenue in the company’s security business rose 17%
KEYW Signs Definitive Agreement to Sell Hexis HawkEye G Product Line Business (GlobeNewswire) The KEYW Holding Corporation (NASDAQ:KEYW) announced today it has signed a definitive agreement to sell the HawkEye G product line business of Hexis Cyber Solutions
I Feel Secure With Fortinet In My Growth Portfolio (Seeking Alpha) Fortinet highlights the only name that I have purchased this week for my growth portfolio
FireEye's Pronounced Downturn Presents A Great Opportunity (Seeking Alpha) FireEye's comprehensive platform is well-suited for the increasingly complex cyber security landscape. FireEye's major management changes should not be a great cause of concern. While FireEye is well-positioned in the long term, the company still has some daunting near-term challenges on the growth and financial front
Why Secureworks fell despite positive view from analysts (Inside Stock Trader) Secureworks Corp (NASDAQ:SCWX) was spun off by Dell and went for the initial public issue last month at $14 and raised $112 million. This was below the street expectation who were expecting the stock price between the range $15.50 and $17.50. As a result, the stock has fell over 6% till May 17th, 2016 from its listing on April 25th, 2016
30 Jahre G Data – Von der Studentenfirma zum Weltunternehmen WERBUNG (MobileGeeks) Die G DATA Software AG feierte im September 2015 ihr 30-jähriges Bestehen. Das von zwei Informatikstudenten gegründete Unternehmen aus der Ruhrgebietsstadt Bochum hat das weltweit erste Virenschutzprogramm für Computer entwickelt. Heute beschäftigt die einstige Studentenfirma mehr als 470 Mitarbeiter und verkauft seine Sicherheitslösungen in mehr als 90 Ländern weltweit
6 Hot Cybersecurity Fintechs (Bob's Guide) Over 65% of British businesses have been pinpointed by hackers in the past year, and the cyber security industry is undergoing extensive change as officials are feeling increasingly threatened by the rapid rate and scale of attacks. We take a look at the best cybersecurity fintechs out there and how they are making a difference for businesses worldwide
StarHub opens Cyber Security Centre of Excellence (Telecompaper) StarHub has launched its Cyber Security Centre of Excellence (COE). Via this facility, StarHub plans to grow the local cyber security ecosystem
'Hack the Pentagon' Payouts Coming Soon (Defense News) The Pentagon expects to pay out rewards to individuals who successfully hacked department websites under a new program by the end of the month
Microsoft seeks bounty hunters to secure Nano Server (TechTarget) With the release of Windows Server 2016 due sometime in the third quarter, Microsoft is crowdsourcing its efforts to smooth out any vulnerabilities with a key feature in its next major server operating release — the smaller server deployment dubbed Nano Server — by offering a financial incentive for bug hunters
Dr. Jochen Hoenicke Joins SatoshiLabs R&D Team (The Merkle) Prague-based SatoshiLabs, makers of bitcoin hardware wallet TREZOR, have welcomed ethical hacker and cryptography expert Dr Jochen Hoenicke aka johoe
Products, Services, and Solutions
Thales to Build 'Cyber Range' - A Cybersecurity Training and Testing Facility for the Dutch Defence Cyber Command (NewswireToday) In the Netherlands, the Defence Cyber Command (DCC) and Thales entered into a contract to set up a sophisticated cybersecurity training and testing facility, also referred to as “Cyber Range”
Bitly partners with Let’s Encrypt for HTTPS links (Help Net Security) Bitly processes data associated with more than 12 billion clicks per month, leading to massive troves of intelligence
Digital Shadows - new tool helps organisations peer inside data breaches (TechWorld) “We may be approaching a breach singularity where all PII is known"
Digital Shadows Improves SearchLight Security Tool (eWeek) The new update to the cyber situational awareness platform enhances the detection of typosquatting and breached credential
BeyondTrust Helps Organizations Identify Potentially Risky Accounts with the Privilege Discovery and Reporting Tool (BusinessWire) New, free tool helps to find, profile and report on privilege security gaps
Sqrrl and Anomali Announce Cybersecurity Partnership (Benzinga) Fusing threat intelligence with security analytics to power threat hunting
ThreatQuotient Joins FS-ISAC Affiliate Program (BusinessWire) A leading proponent for sharing threat intelligence across industry verticals, ThreatQuotient joins prominent financial services organization to ensure the protection of critical financial systems
Luma Makes Your Home Wi-Fi Smart, Secure, and Somehow Fun (Wired) Suddeny, everybody wants to fix Wi-Fi. It’s not because wireless networking turned crappy overnight. It’s just that reliable and robust home Wi-Fi is more important than it has ever been
Technologies, Techniques, and Standards
NIST's Paul Black discusses UL's cyber certification, 'formal methods' (FedScoop) The UL certification won't mean a system is impervious to hacking, but it helps codify cyber hygiene practices, he said
Navy's Growler jets jam Islamic State’s ability to communicate (Stars and Stripes) One of the most effective weapons in the Navy’s impressive arsenal isn’t designed to drop bombs or launch missiles. Instead, it keeps the enemy from being able to communicate
Weaponizing Humor and Ridicule Against ISIS (Overt Action) How do you fight an idea?
Science, technology, assessment bridges CEMA, kinetic effects in tactical command posts (DVIDS) Nine months of planning a new way for the U.S. Army to assess cyber and electromagnetic activities, or CEMA, in a tactical environment culminated in a two-week long event at the end of April where engineers challenged Soldiers in their brigade command post staff interactions to find better ways for the Army to operate in a modern threat environment
ESET releases new decryptor for TeslaCrypt ransomware (We Live Security) Have you been infected by one of the new variants (v3 or v4) of the notorious ransomware TeslaCrypt? If your encrypted files had the extensions .xxx, .ttt, .micro, .mp3 or were left unchanged, then ESET has good news for you: we have a decryptor for TeslaCrypt
How developers fight the rise in web application attacks (Help Net Security) Recent reports highlight the challenge faced by developers in securing code as attacks against web applications increase, while security budgets for developers remain low, according to Checkmarx
The life of a social engineer: Hacking the human (Help Net Security) A clean-cut guy with rimmed glasses and a warm smile, Jayson E. Street looks nothing like the stereotypical hacker regularly portrayed in movies (i.e. pale, grim and antisocial). But he is one – he just “hacks” humans
Collaborating to beat the bad guys (ITWeb) Today's cyber criminals are collaborating with each other, sharing ideas or compromised systems. They are collaborating more and more efficiently, reusing one another's code to breach their targets
Cyber alert overload creates new challenges for feds (FedScoop) The growing mix of threat intelligence systems, and cyber staff vacancies, complicate agency efforts to keep up with daily cyber alert overload
Can cyberspace be mapped? NGA's working on it (C4ISR & Networks) The National Geospatial-Intelligence Agency, by its very charter and pedigree, is a mapping agency: providing geographic context that informs intelligence and high-level security decisions. But how can an agency map a domain that doesn’t physically exist like any other?
Design and Innovation
Google's Allo runs on the same encryption tech that powers WhatsApp (Verge) Earlier today at the I/O conference, Google announced a new chat app called Allo, complete with an "incognito" mode that boasts full end-to-end encryption. But the technology powering that encryption is more familiar than many Google fans may realize
FindFace app heralds the end of public anonymity and privacy? (Help Net Security) While Facebook battles in court to be allowed to use its facial recognition tech (which it already gave up using in Europe), another company – whose facial recognition offering has been indirectly put in the hands of the greater public via a mobile app – is currently in talks with businesses, police departments and city governments that are eager to use its algorithm
Research and Development
Domain Abuse Sinks ‘Anchors Of Trust’ (Dark Reading) Georgia Tech researchers create algorithm to help detect rising DNS domain abuse by cybercriminals, nation-state actors
SparkCognition Is Awarded Ground-Breaking Cognitive Fingerprinting Patent (PRWeb) SparkCognition, the world's first Cognitive Security Analytics company, was awarded United States Patent (US 9,292,675), titled “System and Method for Creating a Core Cognitive Fingerprint”
Legislation, Policy, and Regulation
Securing Cyberspace: China Leading the Way in Cyber Sovereignty (Diplomat) The recent leaks of China’s elites’ personal information will harden Beijing’s stance on cyber sovereignty
Enhancing network security: A cyber strategy for the next administration (American Enterprise Institute) Communications in cyberspace pose distinctive security challenges. Starting in 2009, the United States Military incorporated a Cyber Command on the premise that cyberspace domination could be as important in a time of conflict as traditional domains of air, sea, and land warfare. This agency’s charter covers only “specified Department of Defense information networks,” leaving the civilian Internet for other
Time To Treat Sponsors Of Ransomware Campaigns As Terrorists, Lawmaker Says (Dark Reading) Fighting ransomware at an international level will require cooperation between law enforcement and State Department, Sen. Lindsey Graham, said at a Senate hearing
Snowden and the NSA: Behind the Scenes (US News and World Report) Civil liberties and national security expert Geoffrey Stone lays out little-known facts about NSA surveillance and the pitfalls of Snowden's defense
Phone metadata can reveal sensitive info about individuals (Help Net Security) Since Snowden revealed that the NSA collects from Verizon phone records of US citizens on a daily basis, those who support that kind of collection have been repeatedly pointing out that it’s “just metadata”
Report urges government tax breaks for cyber security investment (ComputerWeekly) A report on improving cyber security in the financial industry makes several recommendations – including targeted tax breaks to stimulate investment
IBM Calls For Government To Play A Support Role For ‘Permissioned Blockchain’ (CrytpoCoin News) IBM sees blockchain technology as an essential tool for business, government, and society, and as such, its development calls for government support, according to Jerry Cuomo, the company’s vice president of blockchain technologies. He believes the technology can transform commerce as well as interactions between individuals and governments
Homeland Security’s Cyber Chief Expands Silicon Valley Footprint (Bloomberg Technology) The U.S. Department of Homeland Security plans to expand its Silicon Valley office to a staff of about 20 as the strained relationship between the government and technology companies over encryption plays out in public and in courtrooms
DOD cyber officials: Pace of threats calls for faster acquisition (Defense Systems) A panel of top naval military officials outlined the need for faster fielding of technological tools to fight at so-called cyber speed as one of the many challenges within information warfare
Manazir: Networked Systems Are The Future Of 5th-Generation Warfare, Training (USNI) Success in a future operating environment will depend on networking – sharing data among sensors and weapons, weaving together the various domains, and bringing in manned and unmanned systems into the same decision loop – the Navy’s deputy chief of naval operations for warfare systems (OPNAV N9) said Tuesday at the Navy League’s Sea-Air-Space Exposition 2016
Litigation, Investigation, and Law Enforcement
Finjan Holdings (FNJN) Receives USPTO Affirmation of '944, '633 Patentability (StreetInsider) Finjan Holdings, Inc. (Nasdaq: FNJN) and its subsidiary Finjan, Inc. ("Finjan") announces two recent, favorable decisions by the U.S. Patent and Trademark Office ("USPTO") regarding Finjan's U.S. Patent Nos. 6,154,844 ("the '844 Patent") and 7,647,633 ("the '633 Patent"), as both patents survive multiple challenges from various defendants
Beware of cyber groomers, warn police (Star) They would chat up young girls on social media websites on the pretext of befriending them
Cyber's Hot, but Low-Tech Spies Are Still a Threat (National Interest) The Edward Lin espionage case highlights America's human vulnerabilities
Air Force general fired over inappropriate emails will keep rank, pay (Air Force Times) The Air Force assistant vice chief of staff removed in March over a series of inappropriate emails will be able to keep his rank and retirement pay