Cyber Attacks, Threats, and Vulnerabilities
The Hack that Caused a Crisis in the Middle East Was Easy (Motherboard) How hackers compromised “the entire“ network of TV station Qatar News Agency.
Did Russian Hackers Create Qatar’s Diplomatic Disaster? (Foreign Policy) U.S. investigators think Moscow planted fake news to start a fight, and have been on the ground in Doha.
Russia denies reports of hacking Qatar's state news agency (Fifth Domain | Cyber) Russian officials on Wednesday angrily rejected allegations that Russian hackers breached Qatar's state news agency and planted a fake news story that led to a split between Qatar and the other Arab nations.
The Gulf Widens (Foreign Affairs) As the rift among Gulf states grows, the Trump administration should avoid emboldening hard-liners in Riyadh and other Gulf capitals by arguing that Iran can’t be reasoned with.
Obama Admin Did Not Publicly Disclose Iran Cyber-Attack During 'Side-Deal' Nuclear Negotiations (Washington Free Beacon) State Dept. officials determined that Iran hacked their emails and social media accounts during a particularly sensitive week for the nuclear deal.
After WannaCry, experts fear the worst is yet to come as more cyberweapon leaks loom (International Business Times UK) New leaks from hacking team Shadow Brokers will result in a total 's**tshow'.
Super-expensive ransomware linked to online cybercrime market, say security researchers (ZDNet) Jaff ransomware operation shares servers with cybercriminal operation dealing in stolen credit cards say researchers.
Sleeping giant, botnets pose threat as ransomware attacks decline (SC Media US) While ransomware attacks are making headlines and are even on the decline, researchers warn botnets may soon pose a greater threat.
Hackers can steal large amount of data using router's LEDs (HackRead) Researchers from the University of Negvu have developed a way in which hackers can extract data from a victim’s computer using the LED lights displayed on
Internet cameras have hard-coded password that can’t be changed (Ars Technica) Cameras with multiple brand names are wide open to remote hacking.
Vulnerabilities in Foscam IP Cameras (F-Secure) F-Secure has identified 18 different vulnerabilities in the Opticam i5.
The black market for black markets-Cybercrime goes PaaS (Intsights Cyber Intelligence) IntSights Research Group (IRG) has uncovered an interesting new development: a black market for black markets - selling a black market framework (platform)
New Research from Terbium Labs Examines Dark Web Fraud Guides (Marketwired) Researchers classify content from more than 1,000 guides available for sale on the Dark Web to gain a better understanding of criminal activity and potential threats to organizations
Outdated Operating Systems, Browsers Correlate with Real Data Breaches (Dark Reading) Study shows companies running out-of-date OSes were three times more likely to suffer a data breach, and those with the outdated browsers, two times more likely.
Security Patches, Mitigations, and Software Updates
Windows 10 Mitigations Make Future EternalBlue Attacks Difficult (Threatpost) Now that researchers have built a port of EternalBlue to Windows 10, they’ve probably only now caught up to what the NSA has had for a long while.
June’s Android Security Bulletin Address Critical Vulnerabilities in Media Framework and Qualcomm Components (TrendLabs Security Intelligence Blog) Google recently released their June security bulletin for Android, which addresses critical vulnerabilities found in Media framework, as well as various critical vulnerabilities that are based on Qualcomm components. As with previous Android security updates, this month’s bulletin is available via over-the-air updates for native Android devices or via service providers and manufacturers for non-native devices.
Verizon Outs Android Security Patch For The LG V10 & LG G4 (AndroidHeadlines.com |) Verizon Wireless is launching the latest Android security patch on two of LG’s smartphones released back in 2015, specifically the LG V10 and LG G4. The so
Cyber Trends
The Race Between Security Professionals and Adversaries (Recorded Future) Our research shows more than 75% of vulnerabilities are disclosed on dark web and security sources before National Vulnerability Database publication.
Why Manufacturers Should be Mindful of Cybersecurity (Forbes) Hackers can penetrate the corporate IT network of a manufacturing company, then gain access to a robot's controller software and, by exploiting a vulnerability remotely, download a tampered configuration file. As a result, instead of a straight line, the robotic arm draws one that is 2 mm off. This minuscule defect, if left unnoticed, could lead to catastrophic effects in this hypothetical example -- this line is responsible for welding the chassis of a car that, if compromised, could result in casualties and a vehicle recall.
InfoSec 2017: Brexit+GDPR = business disaster? (Naked Security) GDPR is a challenge for businesses all over the world – and the UK faces a particular mountain to climb as it prepares to leave the EU
Cybersecurity Is Dead (Forbes) Well-known cybersecurity firm Crowdstrike greets travelers who arrive at San Francisco International Airport with a rather bold claim advertised throughout the terminals. The advertisements pose a pernicious yet seemingly tidy answer: "Yesterday’s Antivirus Can’t Stop Today’s Cyber Attacks. Crowdstrike Falcon Can."
Americans to Digital Platforms: Take a More Hands-On Approach to Stopping Bad Actors Who Are Undermining Consumer Trust (PRNewswire) American consumers are worried that digital platforms are being...
Websites built by freelance developers are plagued with security failures (Help Net Security) Websites developed by “budget” developers, without portfolios or references, tend to be plagued with critical security failures. Website security.
For timely vulnerability information, unofficial sources are a better bet (Help Net Security) The adversary community is actively monitoring and acting on the broad set of sources initially releasing vulnerability information.
Marketplace
Minerva Secures $7.5 Million in Series A Funding to Advance Endpoint Security (PRNewswire) Minerva, a provider of endpoint security solutions, today...
TrapX Security: Secures New Funding and Appoints New CEO (PRNewswire) TrapX Security®, a global leader in deception-based...
Illumio, a specialist in segmented security, raises $125M at $1b+ valuation (TechCrunch) Another day, another major round of funding for a security startup, underscoring just how active the area of IT protection is right now -- both in terms of..
RiskRecon Raises $12M for Third-Party Risk Management (eSecurity Planet) The startup's risk management portal enables enterprises to assess the security posture of their third-party IT providers.
Cyber-Security Firm Netskope Raises $100 Million in a Bid to go Public (News18) The Series E round was led by existing investors Lightspeed Venture Partners and Accel.
GnuPG developers start new fundraising effort (Help Net Security) Werner Koch and his team of GnuPG developers are asking for funding the continued development of the popular free email and data encryption software.
Cylance AI Guys Are Starting a New Company (Fortune) Meet Obsidian Security, which just bagged $9.5 million in funding.
Here's Why You Should Hold on to Palo Alto (PANW) Stock Now (NASDAQ.com) A successful portfolio manager understands the importance of adding well-performing stocks at the right time. Indicators of a stock's bullish run includes a rise in its share price and strong fundamentals.
Palo Alto Networks: Cramer's Top Takeaways (TheStreet) Mark McLaughlin, chairman and CEO of Palo Alto Networks, tells Jim Cramer that his sales organization restructuring is producing good results.
What Drove FireEye Stock in May 2017? (Market Realist) FEYE stock rose almost 20% in May 2017
Air Force contract will support emergency comms (C4ISRNET) General Dynamics was awarded a $53 million DIRECT contract.
Bombardier protests Compass Call crossdeck, joining Boeing in challenging the program (Defense News) This is the second protest from Bombardier since the program started.
Pentagon revamps cyber weapons acquisition strategy (Defense Systems) The Pentagon has found that its traditional methods of designing and buying cyber weapons are ill suited for this fast-changing battlefield.
Products, Services, and Solutions
Cyphort Debuts the Anti-SIEM at Infosecurity Europe (Marketwired) First open demonstration of advanced security analytics, advanced threat defense and auto mitigation platform that sharply reduces the time, cost and complexity challenges associated with legacy SIEM solutions.
SentinelOne Joins Fortinet Fabric-Ready Program to Integrate Advanced Endpoint Protection with the Fortinet Security Fabric (GlobeNewswire News Room) Fortinet and SentinelOne Deliver a Joint Security Solution to Address Today’s Most Advanced Persistent Threats
Oracle Enhances Cloud Security Service Using Machine Learning Algorithms (IT Business Edge) In much the same way that banks rely on algorithms to identify potential fraudulent transactions, Oracle today announced it is applying machine learning algorithms to a suite of Oracle Security Operation Center cloud services in a way that makes it easier to identify anomalous user behavior.
Gemalto secures remote access at Canterbury District Health Board with SafeNet Authentication Service (CIO India) Physicians and other staff members at the Canterbury District Health Board wanted to access email and other services remotely. By leveraging SafeNet Authentication Service, the security team established strong defenses against phishing and other security threats, while improving end-user convenience.
Kalaam Telecom launches disruptive SD-WAN technology (Capacity Media) Kalaam Telecom has teamed up with Versa Networks to launch Bahrain's first secured software-defined wide area network (SD-WAN) infrastructure.
Hillstone Networks Selects Lastline to Provide Advanced Malware Detection (GlobeNewswire News Room) Hillstone joins growing community of high-profile cybersecurity vendors that integrates Lastline to provide comprehensive threat protection
PhishMe Q1 Malware Review Shows Ransomware Calm Before the Storm (BusinessWire) PhishMe Inc. (www.phishme.com), the leading provider of human phishing defense solutions, today released its comprehensive malware trends analysis for
InfoArmor to Feature the Newest Version of the Award-Winning VigilanteATI® 3.0 and VigilanteATI Accomplice® Advanced Threat Intelligence Platform at Infosecurity Europe (Marketwired) InfoArmor's award-wining VigilanteATI delivers true operatively-sourced threat intelligence
What’s new in UserLock 9.5 (IS Decisions) Manage and secure access from Mac computers
Sumo Logic Delivers the Platform to Democratize Machine Data Analytics (Marketwired) Disruptive licensing model, native integrations and user experience innovations make real-time continuous intelligence accessible to millions
Symantec certificate authority aims for more delays on browser trust (Search Security) Is the Symantec certificate authority operation too big to fail?
Intercede's MyIDaaS Eliminates Workplace Passwords (BusinessWIre) Today, digital identity and credentials expert Intercede announced MyID as a Service (MyIDaaS), a convenient and affordable cloud-based &lsq
Fhoosh Showcases Fastest IoT AES256 Security Solution for Streaming Hi-Def Video at Verizon Emergency Responder Event (FHOOSH) Secure Video Demonstrations During Operation Convergent Response To Include Tactical K9s and Robots SAN DIEGO and PERRY, Ga. — June 7, 2017 — FHOOSH, Inc., a leader in high-speed cybersecurity software, today announced that it has been selected to demonstrate its advanced, Internet of Things (IoT) data protection solutions applied to streaming secure video at …
Kyushu Telecommunication Network (QTNet) Protects its Broadband Network and Enhances Reliability With Nominum DNS Security (BusinessWire) QTNet, a subsidiary of Kyushu Electric Power Company in Fukuoka, Japan, has selected Nominum DNS solutions to improve the security and performance of
CETECOM becomes a member and test center of the LNI 4.0 lab network (Presse Box) CETECOM is a new member and test center of the network LNI 4.0 and supports German SMEs in the use and development of wireless technologies in industrial environments
Kiwis - too relaxed about cybercrime? Palo Alto tech ramps up NZ cybersecurity (Security Brief) Why do many Kiwis still ignore the real repercussions of not considering business continuity?
Booz Allen Hamilton highlights the need for organisations in Oman to secure IoT alongside traditional IT,Oman (Muscat Daily News) The Internet of Things (IoT) continues to gain a strong footing in the GCC across different sectors ranging from manufacturing and transportation to energy. The vulnerability of IoT to external cyber threats remains high - in fact even higher than traditional IT, a recent Booz Allen Hamilton report has highlighted.
CensorNet Creates Unique Offering with MFA & USS Integration (PRNewswire) CensorNet, the complete cloud security company, has announced the...
Technologies, Techniques, and Standards
Army protects next generation navigation technology from cyber attacks (Defense Systems) Military leaders discussed the progress and urgency of pursuing cyber security readiness at AFCEA’s Army IT Day.
#Infosec 17 Security Teams Must Go Back to Basics: Akamai (Infosecurity Magazine) #Infosec 17 Security Teams Must Go Back to Basics: Akamai.
Firms stockpiling Bitcoins ready to pay off ransomware crooks (Naked Security) But why stockpile when you could just buy Bitcoins when you need them, right? Wrong: it’s a bit more complicated than that
Guest Post: Digital ID - Biometrics are the key to marrying security and convenience (Planet Biometrics) Only biometrics can unify the age-old opposing forces of user-experience and digital security
Security in the Cloud: Pitfalls and Potential of CASB Systems (Dark Reading) The transition to cloud has driven a demand for CASB systems, but today's systems lack the full breadth of functionality businesses need.
Complexity of developing a cyber defense strategy [Commentary] (Fifth Domain | Cyber) For decades, our adversaries have been and continue to constantly seek new ways to compete with the United States on a much more level battlefield. Cyber has much, if not all, of what they have been looking for.
The Unfitness of Traditional Military Thinking in Cyber (IEEE Access) Comprehensive theories of conflict in the cyber world have not yet been developed, but the utilization of traditional military strategy and operational concepts in lieu of existing strategies in this realm can mislead, resulting in spurious assessments and unfavorable outcomes.
Scraping actionable intelligence from Word docs (GCN) Historical data extracted from text files helped deliver a strategy for housing and space management at detention facilities.
Design and Innovation
Data61 reports blockchain will have a profound impact on the economy (Financial Review) The much-hyped technology will enhance productivity across the agriculture, banking, healthcare, logistics and public sectors.
BAE Systems Adds Movement Intelligence to GXP (Multi-Video) (American Security Today) BAE Systems has integrated capabilities called Movement Intelligence (MOVINT), into its Geospatial eXploitation Products™ (GXP®) line of software, helping analysts to more easily identify intelligence threats using motion sensors. These new capabilities include complex multi-tracking analytics, interpret movement and activity from video, radar, and other types of motion sensors, enabling analysts to efficiently track people, …
Research and Development
DARPA exploring how to hunt for hackers on a global scale (Fifth Domain | Cyber) The Defense Advanced Research Projects Agency is looking to award multiple contracts for the Cyber-Hunting at Scale (CHASE) project, which addresses the development of strategic digital tools to dynamically process data leading to the detection and mitigation of cyberthreats across DoD networks.
Symantec Patent Protects Torrent Users Against Malware (TorrentFreak) Symantec Corporation has secured a patent that uses reputation scores to evaluate whether torrent files can be trusted or not. Through this system, the company can warn torrent users if they are about to download a fake torrent, or one that likely links to malware or other scammy content.
Academia
IST professor uses NSF CAREER Award to advance malware detection (Penn State University) Dinghao Wu, assistant professor in Penn State's College of Information Sciences and Technology, recently was awarded a CAREER Award from the National Science Foundation. Wu’s area of expertise is in software cybersecurity, a topic that has become increasingly paramount on a global scale.
You think that post is secret? Beware – it can come back and bite you (Naked Security) ‘Once posted, forever toasted’: as 10 would-be Harvard students learned, it pays to be careful about what you say online and where you say it
Legislation, Policy, and Regulation
What’s in the New Australia-Singapore Cyber Pact? (The Diplomat) The two countries recently inked an MOU on cybersecurity.
With Qatar Hack, the Kremlin May Be Opening a New Front in Its Global Information War (Defense One) A fake video slipped onto a government website may have touched off Qatar’s diplomatic isolation.
Trump eases Qatar critique, offers to mediate Gulf spat (Military Times) President Donald Trump offered Wednesday to personally broker a resolution to the Persian Gulf's escalating diplomatic crisis, as both he and Qatar looked past his pointed suggestion only a day earlier that the tiny gas-rich nation enables terrorism.
A Base is More than Buildings: The Military Implications of the Qatar Crisis (War on the Rocks) The Gulf Cooperation Council is a military alliance that aspires to be a Middle Eastern NATO, but lately it looks more like a fraternity expelling a chroni
DoD's assessment of China's information capabilities (C4ISRNET) DoD released its annual assessment of China's military capabilities.
Former DoD official: U.S. 'more and more vulnerable' to cyberattacks - Cyberscoop (Cyberscoop) Vital U.S. industries like banking and telecommunications are more vulnerable than ever to cyberattacks; the military systems that ought to deter such incursions are themselves susceptible to hackers; and in any case, not all of the actors who will soon be capable of launching such destructive online strikes can be deterred. That’s the scary takeaway from remarks Tuesday by former Pentagon cybersecurity policy chief James N. Miller.
US Must Boost War Games, Data Sharing With Allies: DIA (Breaking Defense) In a stark speech clearly intended to get people off their complacent butts, the Marine general who leads the Defense Intelligence Agency told an approving audience here that the Intelligence Community risks becoming as irrelevant as the Kodak film company became with the advent of digital photography.
Army Reviews ALL Networks — Way Beyond WIN-T: Milley & Speer (Breaking Defense) The Army is conducting a wide-ranging review of “a whole series of vulnerabilities” in its communications systems that extends far beyond the troubled WIN-T program, the Chief of Staff and acting secretary told reporters today.
Big changes coming for Air Force Cyber Command (Fifth Domain | Cyber) Changes are afoot for Air Force Cyber.
Air Force to get new CIO (C4ISRNET) Changes afoot for Air Force Cyber.
InfoSec 2017: ‘One disaster away from governments doing something’ on IoT (Naked Security) IoT is ‘eating the world’, warned Bruce Schneier at InfoSec 2017 – and it’s up to us to make sure that the inevitable regulation is smart, not stupid
Politicians Call for Reforms in Security, Intelligence Sectors (TOLOnews) They also called on the Afghan people to protect unity among themselves to thwart negative propaganda by the enemies.
HHS Plans to Stand Up Its Own Cyber Command Center by the End of June (FedTech) The Health Cybersecurity and Communications Integration Center will share health-specific cybersecurity threats with agencies and deliver best practices to providers.
What Christopher Wray Learned from the Last Two FBI Directors (WIRED) With a tweet Wednesday morning, President Trump announced his pick to replace James Comey as FBI director.
Litigation, Investigation, and Law Enforcement
London Bridge terror: midnight meeting five days before Borough Market stabbing - video (Times (London)) The London Bridge terrorists were filmed laughing, joking and hugging as they plotted their murderous rampage five days before the atrocity. The Times has obtained images of the Islamist fanatics...
British Intelligence Fails Again (Foreign Affairs) Far too many European governments and police forces, including the British, were happy to see the backs of militants when they left to join ISIS. But people can come back, and even if they don’t, they leave sympathizers and admirers behind.
Alleged Russian hack reveals a deeply flawed US election system (Fifth Domain | Cyber) Security experts have long contended that the highly decentralized, often ramshackle U.S. election system is its own best defense against trickery or sabotage. New evidence from a leaked intelligence document suggests that foreign adversaries are exploring ways to attack it anyway.
Reality Winner, N.S.A. Contractor Accused of Leak, Was Undone by Trail of Clues (New York Times) Reality Leigh Winner expressed outraged political views on social media after President Trump was elected, suggesting a possible motive for leaking classified material.
The latest NSA leak is a reminder that your bosses can see your every move (Washington Post) The case of Reality Winner, the 25-year-old woman arrested and accused of linking classified information, shows the limits of your privacy at work.
US Charges NSA Contractor Over Leak of Russia Hacking Report (BleepingComputer) The US Department of Justice (DOJ) has filed official charges against a 25-year-old woman, Reality Leigh Winner, of Augusta, Georgia, for leaking classified material to the press.
The arrest of Reality Winner highlights US intelligence vulnerability (the Guardian) Years after Edward Snowden’s NSA revelations, leaks continue as about 35% of those with top secret clearances – 428,000 people – are contractors
Accused Leaker Reality Winner Worked at NSA Listening Post (The Daily Beast) The woman arrested for spilling secrets likely put her foreign-language skills to use translating intercepted communications at the “Sweet Tea” center in Georgia.
Reality Winner: NSA contractor and environmentalist repulsed by Trump (the Guardian) Friend describes Winner, first person charged by Trump administration with violating Espionage Act, as ‘obsessed’ with fight against Isis
NSA Director Michael Rogers says he never felt "pressured" by White House to influence Russia investigation (Newsweek) The NSA director and National Intelligence Director Dan Coats responded to media reports that Trump had tried to interfere with the FBI's Russia investigation.
US intelligence chiefs decline to discuss Trump contacts (Military Times) Lawmakers verbally sparred with top intelligence chiefs on Wednesday after they staunchly refused to answer questions about conversations they had with President Donald Trump regarding probes into Russian activities during the election.
Would You Trust These Men With a Massive Surveillance Dragnet? (Motherboard) America's top intelligence officials had a shady day in Congress.
Preview of Comey's planned remarks to Congress (Federal Times) Comey is set to testify Thursday before the Senate intelligence committee.
Comey: Trump Denied He Was Involved With ‘Hookers’ in Russia (Foreign Policy) The former FBI director’s prepared testimony is a reality TV preview of what’s to come.
How did Russia get good at cyber warfare? Expert blames Snowden (WNYW) United States intelligence agencies -- including the Department of Homeland Security, the FBI and others -- agree that Russian spies interfered with the election of a United States president.
Apple Employees in China Detained for Selling User Data (Dark Reading) Chinese authorities in Beijing detained twenty-two Apple employees suspected of illegally obtaining personal data.
