Laurel, Maryland: the latest from Jailbreak Security Summit
Jailbreak IoT Security Summit (The CyberWire) Jailbreak Brewing hosted the latest of its security summits at its home in Laurel, Maryland on May 20, 2016. The topic this time around was Internet-of-things security, and the presenters—all industry experts—addressed automotive vulnerability research, the history of industrial control system malware (and its uses in the wild), wireless vulnerabilities, the use of OSINT to inform vulnerability research, hacking security cameras, and the way forward for testing IoT systems
The Internet of Things: IoT Security Talks and Craft Beer (Jailbreak Brewery) The world's only security summit held at a production brewery. Join some of the world's best embedded system security researchers as they talk about home automation, wireless protocols, and other IoT-related security topics at the only computer security event held at a production brewery. Attendance is limited to 100 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors
Cyber Attacks, Threats, and Vulnerabilities
Islamic State group leader urges attacks in Europe and US (AP) An Islamic State group spokesman has urged sympathizers in Europe and the U.S. to launch attacks on civilians there if they are unable to travel to the group's self-declared caliphate in Syria and Iraq
The Islamic State Is Now Trying to Convince India's Muslims to Come Join the Caliphate (Vice News) In an attempt to appeal to India's Muslim minority, the Islamic State (IS) has released a video that says the group's fighters are planning to avenge the deaths of hundreds of Muslims who were killed during riots in Prime Minister Narendra Modi's home state of Gujarat in 2002
How Kosovo Was Turned Into Fertile Ground for ISIS (New York Times) Extremist clerics and secretive associations funded by Saudis and others have transformed a once-tolerant Muslim society into a font of extremism
The U.S. military is trying to psych out ISIS by letter bombing its capital in Syria (Military Times) Warning of a major attack on the Islamic State group's capital, aircraft flying over the Syrian city of Raqqa on Friday dropped thousands of leaflets urging residents to flee
Criminals stole $12.7 million from ATMs in Japan (Help Net Security) In the early morning hours of May 15, 2016, a group of over 100 people executed coordinated, fraudulent ATM withdrawals that netted them about 1.44 billion yen
Special Report: Cyber thieves exploit banks' faith in SWIFT transfer network (Reuters) Shortly after 7 p.m. on January 12, 2015, a message from a secure computer terminal at Banco del Austro (BDA) in Ecuador instructed San Francisco-based Wells Fargo to transfer money to bank accounts in Hong Kong
Second Bank Suffers Cyber-Theft via SWIFT, Third One Counters Heist Just in Time (Softpedia) Vietnamese and Ecuadorian banks see SWIFT-based attacks
Swift Banking Network Struggles With Wave of Cyberattacks (Wall Street Journal) Gaps in security standards and poor communication about breaches have exposed vulnerabilities of the global money-transfer network
SWIFT asks its customers to help it end a string of high-profile banking frauds (IDG via CSO) The company has promised an update to its security guidelines soon, following criticism of outdated practices
Operation Ke3chang Resurfaces With New TidePool Malware (Palo Alto Networks) Little has been published on the threat actors responsible for Operation Ke3chang since the report was released more than two years ago. However, Unit 42 has recently discovered the actors have continued to evolve their custom malware arsenal. We’ve discovered a new malware family we’ve named TidePool
Over half of enterprise Android users are vulnerable to QSEE flaw (Inquirer) Security Outfit Duo Security has let off a warning about the Qualcomm Secure Execution Environment (QSEE) vulnerability and its threat to enterprise users with Android phones
SS7 Vulnerability Isn’t a Flaw — It Was Designed That Way (IBM Security Intelligence Blog) A television news magazine recently ran a segment showing how German Chaos Computer Club (CCC) members could use the telephone network to access the voice data of a mobile phone, find its location and collect other information. All involved professed shock that such a thing could happen, and Democratic Rep. Ted Lieu of California even called for a congressional investigation about it
Crooks Used SQL Injections to Hack Drupal Sites and Install Fake Ransomware EXCLUSIVE (Softpedia) Drupal sites locked with new strain of Web ransomware Unknown attackers are leveraging a two-year-old vulnerability in Drupal installations to break into sites and install Web-based ransomware that hijacks the website's main page but fails to encrypt any files
Nine Days Later, Flash Zero-Day CVE-2016-4117 Already Added to Exploit Kits (Softpedia) CVE-2016-4117 spotted in Magnitude exploit kit attacks. It took crooks less than two weeks to weaponize the most recent Flash zero-day, which they're now using as a module inside the Magnitude exploit kit
Bug Hunter Found Ways to Hack Any Instagram Accounts (Hacker News) How to hack an Instagram account? The answer to this question is difficult to find, but a bug bounty hunter just did it without too many difficulties
Audit Finds 'Hostile Probes,' Breaches of Weather Satelite System (Nextgov) The nation's weather satellite program over the course of a year suffered 10 data security incidents, including unauthorized access and probes by adversaries, according to a congressional auditor
Pavlok electric shock wristband could be security risk (IT Pro) The wristband that supposedly stops over-spending could be hacked according to Kaspersky Lab
Another college website hacked, cyber cops to inquire (New Indian Express) The website of Tulasi Women’s College in Kendrapara was hacked by Vietnam hacking team on Friday
Teacher’s Email Hacked, Distributes Porn to Staff, Students and Parents (Hack Read) Dear teachers, be careful and protect your emails because you never know what your students are capable of!
Hacktivists Shut Down Donald Trump Hotel Collections Website (Hack Read) Remember the ruthless DDoS attackers from Ghost Squad who previously shut down websites of several banks, Loyal White Knights of the Ku Klux Klan (KKK) and Black Lives Matter (BLM) movement? They are back with yet another attack and this time the target is none other than American presidential Candidate and billionaire Donald Trump
Cyber Trends
No Silver Bullet Will Kill Cybersecurity Threats (Forunte) Time spent on compliance might be better spent actually doing something about security
Contactless payment market to reach $17.56 billion by 2021 (Help Net Security) The contactless payment market is expected to grow from USD 6.70 Billion in 2016 to USD 17.56 Billion by 2021, at a Compound Annual Growth Rate (CAGR) of 21.2%, according to new MarketsandMarkets researc
Middle East companies suffer more cyber-attacks than any other region (Step Feed) Companies in the Middle East are more likely to suffer from cyber-attacks than the rest of the world’s regions, according to a recent study conducted by the Middle East branch of Pricewaterhouse Coopers, one of the world’s four leading professional services firms
UK computers under Cyber criminals’ attacks (The Windows Club News) Microsoft’s News Center in UK recently reported the growing attacks on UK computers by the cyber criminals. As technology is advancing, cyber criminals too are getting smarter. As a result, the incidents of cyber crime is increasing across the globe. And now the activities of cyber criminals are increasing in the UK
Marketplace
Will utilities will drive IoT security market growth? (ReadWrite) Utilities will be among the sectors rushing to keep their fast-growing Internet of Things (IoT) systems safe from hackers will drive growth in the IoT security market by 55% between 2016 and 2020, according to a new study
Reimagining the Cybersecurity Profession (US News and World Report) How can policymakers and industry make cybersecurity a hot profession?
IBM Starts Another Round of Job Cuts (Fortune) The layoffs are just the latest by the tech giant. IBM’s woes continue as it struggles to reinvent itself in a fast-changing technology industry
3 of the Most Undervalued Tech Stocks Today (Motley Fool) It's not often that tech shares sell on the cheap. Here are three great, and extremely undervalued, options
3 Things Palo Alto Networks Inc Needs to Do to Win Back Investors (Motley Fool) The data security provider is growing by leaps and bounds, but shareholder’s rollercoaster ride won’t end until a few areas improve
Should You Consider FireEye After Post-Earnings Selloff? (Guru Focus) Stock looks cheap despite lack of profitability and bad quarter
A year ago, General Dynamics sold its commercial cyber business. Here's where that company is now. (Washington Busines Journal) It’s been a little more than a year since Falls Church-based General Dynamics Corp. (NYSE: GD) shed its commercial cybersecurity division
'Everyone acting like an owner is a key part of our DNA,' James Chappell, Digital Shadows (Management Today) The booming cyber security start-up has raised more than $20m and is expanding into the US
Shift to cyber warfare will bring economic growth, other changes to Augusta area, experts say (Augusta Chronicle) Shifting national defenses to a cyber-warfare footing means some big changes, but what will be most obvious to Augustans is the increased economic activity, experts say
California’s tech industry is headed toward a new frontier (Sacramento Bee) California technology companies are poised to take the lead in developing new anti-drone and gun safety tools for the federal government – adding another layer of complexity to the West Coast industry’s relationship with East Coast intelligence agencies
Vendors experience disruption with growing cloud security market (IT Pro Portal) With increasing threats from hackers, cloud security providers are under immense pressure. Vendors as well as security teams are experiencing disruption
Corero Network Security Wins USD300,000 Order From US Mobile Firm (Alliance News via London South East) Corero Network Security PLC on Monday said it has won a USD300,000 order for its SmartWall Threat Defense System from an unnamed US mobile network operator
Duo Security expands into European data centres ahead of EU data regulations (Financial News) Duo Security has expanded into data centers in Frankfort, Germany and Dublin, Ireland to serve customers in European companies mitigate risk in advance of the GeneralData Protection Regulation (GDPR) set to go into effect in 2018, the company said
Cybersecurity firm opens headquarters in Eldersburg (Carroll County Times) Carroll County officials turned out Friday to welcome the county's latest entry in the high-tech government contracting arena, with the official ribbon cutting of the new corporate headquarters of Applied Technology Group in Eldersburg
Products, Services, and Solutions
F-Secure launches service against targeted cyber attacks (First Post Tech 2) European cyber security provider F-Secure on Friday launched a new intrusion detection and incident response service to uncover cyber attack threats in the corporate network
Why people like Edward Snowden say they will boycott Google’s newest messaging app (Washington Post) Google this week announced a new messaging app with strong encryption, meaning that your communications can’t be wiretapped. But there’s a catch: You have to turn on that feature yourself
Technologies, Techniques, and Standards
Hong Kong Monetary Authority Strengthens Cybersecurity Controls on Banks (Data Protection Report) The Hong Kong Monetary Authority (HKMA) is taking action to tackle cyber security in the banking sector in Hong Kong through the Cybersecurity Fortification Initiative (CFI) – a new comprehensive initiative announced on May 18, 2016, which aims to raise the level of cybersecurity of the banks in Hong Kong. This follows the Hong Kong Securities and Futures Commission’s (SFC) similar initiative of issuing the Circular to All Licensed Corporations on Cybersecurity (see our previous post)
TheCityUK report on cyber attack (Lexology) TheCityUK has published a report on how to make the UK financial and professional services sector more resilient to cyber attack
Making the financial sector more resilient to cyber attack (Help Net Security) Firms across the financial and related professional services industry need to take urgent action on cyber risk, according to a new report from TheCityUK and Marsh
Angry advertisers hope to seal fate of online ad fraud (IDG via CSO) The Certified Against Fraud Program hopes to put an end to online ad fraud
More options to defeat ransomware (Network World via CSO) A researcher talks about ways to cut short attacks, protect files from encryption
How to negotiate when hackers are holding you to ransom (Wired) According to online-security giant Symantec, over $4 billion in ransom money was paid to hackers in 2013
Blockchain technologies: A key tool for data management? (Help Net Security) Blockchain technologies (the technical foundation for Bitcoin) hold great potential to solve government’s long-term challenge of establishing clear rules about who has control over specific types of information
Microsoft outlines new policies for dealing with terrorist content (GeekWire) The threat of terrorism has escalated the age-old battle between national security and individual rights — and technology companies are often caught in the crosshairs
HPE Exec: How to Disrupt the Business of Hacking (eWeek) A Hewlett Packard Enterprise executive details how hacking now has an organized business model and suggests steps to make it less profitable for hackers
Where Should Security Keys be Kept in the Cloud? (eSecurity Planet) The use of cryptographic keys is a linchpin of modern security. When it comes to the cloud, there is some debate as to where those keys should exist and how their placement impacts cloud security
Companies need to deal with the enemy inside the gates: EY India's Nitin Bhatt (Economic Times) Organisations today face cyber threats that are not just external, but also internal, as attackers figure out ways to compromise sensitive data, including IP and critical infrastructure, companies need to do a lot more to protect against them, Nitin Bhatt , national leader & risk advisory partner, EY India, told ET's Neha Alawadhi in an interview
Why organisations should care about security culture (IT Pro Portal) We spoke to Kai Roer, an award-winning author and CEO & Co-Founder of CLTRe, about the concept of IT security culture and why organisations should care about its impact
Blueprint: Evolving Security for Evolving Threats in Payments (Converge! Network Digest) At this point in the history of cyber security, it seems like the eternal optimism of “it couldn’t happen to me” is the only reason consumers by the millions haven’t abandoned the digital life and gone back to cash-only transactions. Huge-scale data breaches persist, snatching more and more personal data. Retailers certainly want to protect their customers and their reputation, but are they really doing all they can?
Design and Innovation
Behavior is the new authentication: A look into the future (Help Net Security) In the next few years organizations will face extreme IT security challenges. Hackers are targeting humans instead of machines. All the most costly cyber attacks (APTs, ransomware) are a result of employees or third party providers’ privilege misuse, and executing a social engineering attack is easier than finding zero days
IBM Looks To Watson To Fight Online Criminals And Filter The Flood Of Security Data (Fast Company) The company will be teaching the AI tool to read security advisories and advise system administrators on keeping out hackers
Academia
Raytheon awards Women's Cybersecurity Scholarships (PRNewswire) Partnership with Center for Cyber Safety and Education seeks to close the gender gap in cybersecurity workforce
Augusta University Cyber Institute recognized by NSA and DHD (News Channel 6) The Augusta University Cyber Institute is just shy of a year old, but it’s already gaining national attention
Legislation, Policy, and Regulation
What Europe Tells Us About The Future Of Data Privacy (Dark Reading) Recent initiatives offer new strategies for balancing technology, security, and organizational policy goals. Here are three approaches worth considering
Japan Set to Develop Elite White Hat Agency (Infosecurity Magazine) The Japanese government is set to create a new agency tasked with recruiting a crack team of white hats and conducting cybersecurity R&D ahead of the 2020 Olympics, it has been revealed.
National Cyber Agency to Begin Operations Next Monthi (Jakarta Globe) The government will soon officiate a national body aimed at protecting all of its institutions from wiretappings, a senior minister has said
Insurers push for creation of cyber attack database (Fiancial Times) The head of the Association of British Insurers has called on the government to create a database where companies would have to record details of cyber attacks
Startups to Congress: Strong data security keeps us competitive (TechCrunch) Twilio recently had the opportunity to meet with members of Congress and their staff who have taken on the difficult task of balancing security and privacy. We were struck by the sincere desire to understand how actions proposed by those in Washington impact smaller technology businesses
Senators take aim at ‘armies of zombie computers’ (Cybersecurity Dojo) A group of senators this week introduced reworked legislation to combat botnets, which transmit computer viruses, after the measure failed to make it into the major cybersecurity bill passed late last year. The reintroduced bill, from Sens. Lindsey Graham (R-S.C.), Sheldon Whitehouse (D-R.I.) and Richard Blumenthal (D-Conn.), would expand the authority of law enforcement and the courts to crack down on botnets
Lawmakers push to make U.S. Cyber Command a top military command (Baltimore Sun) Officials and business leaders in Maryland are backing a proposal to elevate U.S. Cyber Command to a unified combatant command — one of 10 charged with carrying out missions around the world — a move they hope will bring prestige and more jobs to the state
Marine cyber warriors will mess with their enemies' heads (Marine Corps Times) Psyching out their adversaries will be one of the best ways Marines will dominate future battlefields, the general in charge of the Marine Corps’ cyber warfare command says
Litigation, Investigation, and Law Enforcement
It's Not ‘Malware’ When We Have a Warrant, FBI Says (Motherboard) The FBI has been in the hacking business for a long time, famously using malware to log suspects' keystrokes as early as the 1990s. But in the high-profile case surrounding a dark web child abuse site called Playpen, the Bureau is arguing that because it was authorized by a warrant, its computer intrusion code shouldn't be called “malware” at all
Snowden: NBN leaker raids a 'misuse' of Australian Federal Police (Register) NSA nemesis says Australia's surveillance state is even nastier than the USA's