Cyber Attacks, Threats, and Vulnerabilities
New cyberattack causes mass disruption in Europe (AP) A new and highly virulent outbreak of malicious data-scrambling software appears to be causing mass disruption across Europe, hitting Ukraine especially hard.
DDoS attack by a cyber hacking team may be the cause of Skype connectivity issues in the UAE (Feedbaac) From what was believed to be a ban in the UAE, it appears that the recent Skype outage may have been due to the recent cyber attack by a hacking group. The countries which were affected by the recent cyber attack include Singapore, South Africa, India, and Pakistan.
Websites of Ohio governor, Maryland county hacked, defaced with pro-ISIS message (Washington Post) The FBI has been investigating an alleged hacker group for defacing websites.
Cyberattack against Ohio government websites may not be over (The Columbus Dispatch) All 11 Ohio state-government websites hacked by a pro-Islamic State, anti-Donald Trump message were operating Monday, but officials are wary about what
Howard County government website restored after it was hacked with pro-Islamic State message (Baltimore Sun) Howard County's government website was hacked with messages supporting the Islamic State on Sunday, part of a larger attack on local government websites around the country.
A Cyberattack on Britain's House of Parliament (The Atlantic) The incident left some members unable to access their email accounts.
Cyberattack on UK parliament exploited weak email passwords (New Scientist) A hack that locked MPs out of their parliamentary email accounts over the weekend could have been easily stopped by more following basic security practices
UK parliament cyber attack highlights the shortcomings of passwords (BetaNews) As we reported over the weekend the UK parliament's email system was subject to a brute force attack using passwords stolen in the 2012 LinkedIn breach.
UK Govt Wants Encryption Backdoors but Can't Even Protect Its Email Servers From a Brute-Force Attack (BleepingComputer) A "determined" attacker has breached the email system of the UK Parliament over the weekend, according to a statement put out by the UK government on Sunday afternoon.
Who hacked the UK parliament? Russian hackers suspected to be behind attempted theft of MPs' records (International Business Times UK) Hackers reportedly breached less than 1% of parliament's 9,000 email addresses.
Russia, really? 'Any teenager' could be culprit of UK parliament cyberattack says expert (International Business Times UK) The alleged cyberattack was not sophisticated - and likely too brash for a nation state.
Mobile Menace Monday: Fake WannaCry Scanner (Malwarebytes Labs) With all the buzz around the PC ransomware WannaCry, it’s no surprise that a fake antivirus (FakeAV) has emerged on Google Play.
GhostHook Attack Targets Windows 10 Vulnerability (Infosecurity Magazine) CyberArk Labs demonstrated an attack that can enable the installation of rootkit malware under Windows 10 64-bit
AdGholas malvertisers experiment with ransomware, delivered through Astrum EK (SC Media US) The malvertising hacker group known as AdGholas launched a new campaign in May and June 2017 that used the Astrum exploit kit to infect victims with Mole r
New Shifr RaaS Lets Any Dummy Enter the Ransomware Business (BleepingComputer) Several security researchers have spotted a new Ransomware-as-a-Service (RaaS) portal over the weekend that lets anyone generate their own ransomware executable just by filling in three form fields and pressing a button.
How Spora ransomware tries to fool antivirus (Naked Security) Spora ransomware is back and it’s trying to confuse antivirus products and email filters.
$1 Million Ransomware Payment Has Spurred New DDoS-for-Bitcoin Attacks (BleepingComputer) The $1 million ransom payment paid last week by South Korean web hosting company Nayana has sparked new extortion attempts on South Korean companies.
KSN Report: Ransomware in 2016-2017 (SecueList) This report has been prepared using depersonalized data processed by Kaspersky Security Network (KSN). The metrics are based on the number of distinct users of Kaspersky Lab products with the KSN feature enabled, who encountered ransomware at least once in a given period, as well as research into the ransomware threat landscape by Kaspersky Lab experts.
Fireball Malware: Ticking Time Bomb or All Hot Air? (Security Intelligence) Depending on who you ask, the Fireball malware infected somewhere between 40 and 250 million Windows devices. The potential danger, however, is undisputed.
Another reason NOT to upgrade to Windows 10? Major leak raises security concerns (Express) MICROSOFT’S Windows 10 has suffered a significant leak with important source code posted online.
£3bn warship fitted with outdated software at risk of cyberattack (Times (London)) Britain’s state-of-the-art aircraft carrier, which powered out to sea for the first time last night, has the same outdated software on board that was hit by a massive cyberattack last month.
Hackers Hit 75% of Drillers as Sketchy Monitoring Is Blamed (Bloomberg.com) Three out of four oil and natural gas companies fell victim to at least one cyber attack last year as hacking efforts against the industry become more frequent and sophisticated.
Hollywood at Risk without Better Encryption (Bloomberg BNA) The summer blockbuster season has begun with movies such as Sony Pictures Entertainment Inc.’s Spider-Man: Homecoming set to launch.
Security Patches, Mitigations, and Software Updates
How Snapchat shares your (and your kids’) location (Naked Security) Some police and child protection authorities are advising parents to turn off the new feature
Cyber Trends
Cybersecurity battleground shifting to Linux and web servers (Help Net Security) Despite an overall drop in general malware detection for the quarter, Linux malware made up more than 36 percent of the top threats identified in Q1 2017.
Cybersecurity: moving from anchor to enabler of innovation (EY) EY examines how cybersecurity can drive innovation and growth, upending its reputation as a drag on digital progress.
Global DNS Threat Survey Report from EfficientIP Estimates DNS-Based Attacks Cost Businesses more than $2M Annually (PRWeb) New research reveals global organizations gamble their business future on poorly designed network security solutions.
Global cyber-defense ‘very leaky,’ Israel expert says (The Times of Israel) Check Point Software’s Gil Shwed says more comprehensive prevention solutions are needed
Cyber Attack: Nigeria Named among World’s Highest Risk Countries (THISDAYLIVE) Obinna Chima Nigeria and four other African countries have been listed among the world’s highest risk countries in the latest Global Threat Impact Index released for May 2017, released by Check Poi…
Cyber security threat to the energy industry ‘is rising’ (Energy Live News) The cyber security threat to the energy industry is increasing year-on-year.
Marketplace
Apple, Cisco team up to push for cyber security insurance discounts (Reuters) Apple Inc (AAPL.O) is working with Cisco Systems Inc (CSCO.O) to help businesses that primarily use gear from both companies to get a discount on cyber-security insurance premiums, Apple Chief Executive Officer Tim Cook said on Monday.
The world needs more cybersecurity pros, but millennials aren't interested in the field (TechRepublic) Only 7% of cybersecurity workers are under age 29, and just 11% are women. Here's how your business can better recruit younger, more diverse cybersecurity workers.
HackerOne Report Shows Bug Bounty Industry and Bounty Rewards Are On the Rise Globally (BusinessWire) HackerOne, the leading bug bounty and vulnerability disclosure platform provider, today published “The 2017 Hacker-Powered Security Report&rdquo
Trend Micro to invest in IoT startups through new $100m venture fund (ZDNet) The fund will be used to gather insights about the IoT ecosystem that can then be used to guide Trend Micro's development roadmap.
Industry Leading AI Company SparkCognition Closes $32 Million in Series B Funding (PRNewswire) SparkCognition, one of the world's fastest growing artificial...
Austin AI Startup Raises $32.5M from Verizon and Boeing (Austin Inno) Verizon Ventures and The Boeing Company's Boeing HorizonX investment arm think Austin-based SparkCognition is at the forefront of advancements in artificial intelligence. And they're betting...
Upstream Security Raises $2M to Protect Connected and Autonomous Fleets (IT Business Net) An innovative cyber-security cloud-based platform joins the portfolios of Glilot Capital Partners and Maniv Mobility
Classified satellite deal goes to Kratos (C4ISRNET) The contract, with the company's Modular System Division, is for what a Kratos news release only described as "U.S. national security-related customers."
Harris awarded NGA software contract (C4ISRNET) The software "will allow intelligence officials to provide more timely and accurate support to warfighters and the national security community," the company said.
Leidos and AT&T to Implement Software Defined Networking for the Defense Information Systems Agency (Military Technologies) Leidos (NYSE: LDOS), a FORTUNE 500® science and technology company, will help the Defense Information Systems Agency (DISA) automate virtual private networking services in support of our nation’s defense.
Army taps Raytheon for language translation software (UPI) Raytheon BBN Technologies is licensing its foreign language translation software to the U.S. Army for one year at a cost of $4 million.
IT firm CCS signs up with top cyber company (The Royal Gazette) Bermudian IT firm CCS has teamed up with a high-tech expert in combating cyber threats.The island company has become a partner with US-based Cylance
Palo Alto Networks confident of taking security into SaaS era (ComputerWeekly) Security platforms could make it easier to take products to market and improve firms’ security posture by making innovative products easier to consume, but the biggest winners could be the platform providers.
SPAWAR Shares Thoughts on Regional Cybersecurity at San Diego Startup Week (DVIDS) Space and Naval Warfare Systems Command (SPAWAR) participated in a cybersecurity economy panel during the 5th annual San Diego Startup Week (SDSW), June 21.
New Executives Strengthen Contrast Security's Leadership in Self-Protecting Software (PRNewswire) Contrast Security, the first company to enable self-protecting...
CyberSN Expanding Cyber Security & Software Sales Staffing Services in Boston; Ryan C. Andaluz, Managing Director, Leads Expansion (PRNewswire) Today CyberSN announces their new office expansion to Boston's Back Bay...
CRN Exclusive: Tanium Names Former Salesforce Exec As Chief Revenue Officer (CRN) Tanium has appointed former Salesforce Senior Vice President of Marketing for Cloud, Mark Wayland, as its new chief revenue officer, starting on July 10.
HII Hires Davis to Lead Cyber Security Program (MarineLink) Ron A. Davis has joined Huntington Ingalls Industries (HII) as chief information systems officer (CISO). In this new role, he will…
LookingGlass CTO, Allan Thomson Receives OASIS Distinguished Contributor Award for Commitment to Open Standards in Threat Intelligence (BusinessWire) LookingGlass™ Cyber Solutions, a leader in threat intelligence-driven security, today announced that the company’s Chief Technology Office
Denver cybersecurity company adds former U.S. senator to its board (Denver Business Journal) SecureSet, a private intensive cybersecurity training course, said former U.S. Sen. Mark Udall is joining its board.
Products, Services, and Solutions
Santander Brasil Chooses GuardiCore Centra Security Platform to Protect Data Center - GuardiCore - Data Center and Cloud Security (GuardiCore - Data Center and Cloud Security) GuardiCore, a leader in internal data center security and breach detection, today announced that Santander Brasil, the largest subsidiary of Santander Group, has selected GuardiCore’s Centra Security Platform to provide advanced data center security. Santander Brasil is the fifth largest commercial bank in Brazil with about 36 million …
Trustonic and MediaTek announce co-operation in automotive sector - Trustonic (Trustonic) Trustonic today announces a collaboration with systems-on-chips (SoCs) specialist MediaTek to provide the automotive industry with highly secure telematics and in-car entertainment systems for connected vehicles.
Claroty Adds Secure Remote Access Product to the Claroty Platform and Further Enhances Company’s Industry-Leading ICS Threat Detection (Claroty) Claroty, an innovator in Operational Technology (OT) network protection, today announced the general availability of Secure Remote Access, the latest addition to the company’s award-winning OT security platform.
Little Snitch: Version 4 of macOS-Firewall Launched (PRNewswire) With new features and a whole range of improvements and enhancements, version 4...
ForeScout Extends Agentless Visibility, Classification and Control Across Campus, Data Center and Cloud (ForeScout) Expanded collaboration with VMware offers agentless visibility and control in software-defined data centers Advanced out-of-the-box device classification with new taxonomy for IoT and OT devices
ForeScout Unveils New Security Solution for VMware Software-Defined Data Center Environments (ForeScout) ForeScout expands collaboration to offer enhanced security, improved compliance and optimized data center utilization in VMware environments
GlobalSCAPE, Inc. Launches Kenetix: a Simple but Powerful Way to Integrate Cloud Data (GlobalSCAPE) Company’s first iPaaS offering provides unmatched scale, agility and ease of use
Free security solution will block malware, zero-day attacks (TechRepublic) Cybersecurity provider Comodo is offering a new endpoint detection and response solution free to enterprise users.
Google's DeepMind signs deal with Taunton and Somerset NHS Foundation Trust (Computing) Five-year deal for DeepMind's Streams app follows controversy about transfer of sensitive patient data
More Microsoft services certified to handle Australian government data (CRN Australia) Expands sensitive data storage and processing eligibility.
RedSeal offers powerful, passive network protection (CSO Online) The RedSeal appliance doesn't actually fix anything on its own, but it does act as a force multiplier for every other security device within a network.
Banks' blockchain consortium picks IBM for trade finance platform (Reuters) Tech giant IBM is building a blockchain-based platform for seven big European banks, including HSBC and Deutsche Bank, that is aimed at simplifying trade finance transactions for small- and medium-sized companies.
Trustonic, MediaTek Partner to Secure Smart Car Software (Mobile ID World) Trustonic has teamed up with MediaTek, a company specializing on system-on-chip technology for consumer electronics, to offer...
Trend Micro Developing Decryption Tool to Decrypt Files Infected by MacRansom (IT Business Net) Trend Micro (TYO:4704) announces the development of a decryption tool that helps Mac users access encrypted files infected by MacRansom.
Technologies, Techniques, and Standards
GDPR Explained: What are the Security Requirements? (ERPScan) The upcoming GDPR will bring substantial changes to how organizations process personal data. Companies will learn how to be transparent and credible or face fines of up to €20 million or 4% of annual global turnover – whichever is the greatest. The key elements of GDPR will be explained here.
What GDPR Means for your Cybersecurity Strategy (SecureWorks) This white paper explores how organizations can use the requirements laid down by GDPR that affect information security to promote privacy, security, and business enablement.
New EU Privacy Laws Will Complicate B2B Data Sharing (Threatpost) Exploring the legality of the international business-to-business sharing of IP addresses within the cyber threat intelligence community.
US may forgo using EW capabilities if coalition tech isn't compatible (C4ISRNET) In a high-end fight, the U.S. might opt out of using high-tech gear if a partner's capability is not on the same level, according to the DoD's deputy director of electronic warfare.
Here's why it takes more than great technology to secure your business information (Business Insider Australia) These days the business world seems to be rocked on a daily basis by a new cybersecurity threat to be dodged. But while world-class security technology can help, there’s one big risk factor that can’t ever be controlled with software: people.
15 things to do to prevent DDOS attacks (Penetration Testing) On this post, i am going to describes the 15 things against DDoS attacks, DDoS attacks mainly to two categories: bandwidth exhaustion attacks and resource exhaustion attacks, in order to effectively curb these two...
Democratisation of data can lead to organisational problems, says expert panel (Computing) Democratising data puts power in the hands of staff instead of managers, which can bring with it a whole host of problems, warn experts at a recent Computing event
Making enterprise content management secure and scalable (Help Net Security) Organisations want to invest in systems and technology that allow them to adapt to changing markets, but traditional ECM often hinders this progress.
Cloud security: The castle vs open-ended city model (Cloud Pro) With the cloud, borders blur - so how do organisations protect data, wherever it is?
Can Frequent Security Training Help Thwart "As-A-Service" Attacks? (Windows IT Pro) Ditch the old school training for an approach that keeps employees on their toes, IT security expert says.
Design and Innovation
Lastline: Machine Learning Is The Key To Tackling Rising Cyber Security Threats (Silicon UK) INTERVIEW: Silicon discusses machine learning in cyber security with Dr Giovanni Vigna, co-founder and CTO of AI firm Lastline
Research and Development
DARPA moves to innovate cyber intel capability with real-time threat visualization (Fifth Domain | Cyber) The Defense Advanced Research Projects Agency (DARPA) has awarded a contract to five organizations in a bid to develop a real-time threat intelligence capability at a time when the amount of raw digital data continues to increase exponentially.
Academia
NTU Singapore teams with US firm to sharpen up cybersecurity research (Security Brief) NTU Singapore has partnered with US firm GrammaTech to sharpen up the university's research projects with better static and binary analysis tools.
Diverse team leads $12.23 million cyber security project (Voxy) Meena Mungro is from Mauritius, an island in the Indian Ocean. She represents one of 17 nationalities in the Cyber Security Researchers of Waikato (CROW team at the University of Waikato.
Legislation, Policy, and Regulation
Resistance growing to German government's surveillance measures (Deutsche Welle) Politicians and NGOs say that a spate of security measures go too far and are beginning to impinge on personal liberty. Angela Merkel's potential next coalition partners are demanding a "general reversal" on the issue.
Russia threatening to ban Telegram encrypted messaging app (Help Net Security) Roskomnadzor, Russia's communications regulator, is threatening to ban the use of popular encrypted messaging app Telegram.
Vladimir Wants To See Your Source Code (ExportLawBlog) According to this Reuters report, the Russians are demanding from U.S. companies the right to view source code of software that these companies wish to sell in Russia. The software at issue include…
Trump eager for big meeting with Putin; some advisers wary (Military Times) President Donald Trump is eager to meet Russian President Vladimir Putin with full diplomatic bells and whistles when the two are in Germany for a multinational summit next month. But the idea is exposing deep divisions within the administration on the best way to approach Moscow in the midst of an ongoing investigation into Russian meddling in the U.S. elections.
Trump admin unveils cyber pact with Israel (TheHill) U.S.-Israeli partnership kicks of this week with meetings.
US official announces cyber pact with Israel (Fifth Domain | Cyber) Tom Bossert says the new working group will focus on key cyber issues and encourage international cooperation.
U.S. and Israel Team Up to Fight 'Bad Actors' in Cyberspace (Bloomberg.com) Israel and the U.S. are starting a high-level partnership to create a bulwark against increasingly sophisticated cyber attackers who target critical national infrastructure.
Qatar accused of "military escalation" as inter-Arab rift deepens (Defense News) Bahrain chides tiny Qatar for "bringing in foreign armies" as standoff between U.S. allies grows increasingly testy
Corker vows to block US arms sales to GCC (Defense News) Powerful Senate Foreign Relations Committee Chairman Bob Corker announced he is blocking U.S. arms sales to Gulf Cooperation Council member states to pressure a resolution to the escalating row over Qatar.
Beijing’s Views on Norms in Cyberspace and Cyber Warfare Strategy Pt. 1 (Center for International Maritime Security) By LCDR Jake Bebber USN The following is a two-part series looking at PRC use of cyberspace operations in pursuit of its national strategies and the establ
NSA Director Gave Senator Private Tour During Debate Over Foreign intelligence Collection (Foreign Policy) Admiral Michael Rogers appears to be stepping up his efforts to preserve the intelligence community’s “crown jewels.”
There Is Now Proof the NSA Overindulges in Data Collection (Observer) Politicians of both parties are complacent in agency’s abuse of power.
Litigation, Investigation, and Law Enforcement
CIA director says intelligence leaks have 'accelerated' (POLITICO) Pompeo said he's "counting on" leakers being stopped and punished soon.
CIA chief: Intel leaks on the rise, cites leaker 'worship' (Military Times) CIA Director Mike Pompeo says he thinks disclosure of America's secret intelligence is on the rise, fueled partly by the "worship" of leakers like Edward Snowden.
Firm that created 'Russian dossier' on Trump facing increased scrutiny (Washington Examiner) The FBI won't confirm it has a relationship with Fusion GPS.
Why Rep. Adam Kinzinger Is Raising ‘Holy Hell’ Over Russia (POLITICO) The up-and-coming member of the House Foreign Affairs Committee is prepared to wage a GOP rebellion.
Obama admin cautious when dealing with Russia’s election meddling (Fifth Domain | Cyber) The Washington Post reveals a shocking look into the Obama administration’s struggle to deal with Russia’s meddling in the democratic process.
Adam Schiff thinks Obama 'should have done a lot more' to alert public about Russian meddling (Washington Examiner) He said Trump shouldn't be criticizing Obama for not doing more.
How Moscow's Spies Keep Duping America—Over and Over Again (The Daily Beast) The White House wants to warm up to Moscow, eventually. But CIA veterans say we tried that.
Analysis: 2 US cases provide unique window into Iran’s global terror network (FDD's Long War Journal) On June 8, the Department of Justice (DOJ) made an announcement that deserves more attention.
Former State Department special agent charged with espionage (Federal Times) A Virginia man caught with $16,500 in cash in his carry-on luggage was charged Thursday with transmitting top-secret documents to an apparent Chinese agent.
FBI's Cyber Most Wanted, part I [Slideshow] (Fifth Domain | Cyber) Rundown on the top cyber criminals the FBI is seeking worldwide. Part I of II.
Europe versus Google: EC applies record-breaking £2.1 billion anti-trust fine (Computing) European Commission says that Google promoted its own services in search results, denying competitors opportunities