Cyber Attacks, Threats, and Vulnerabilities
Ukraine power company says hit by second cyber attack Thursday (Reuters) Ukrainian state power distributor Ukrenergo was hit by another cyber attack on Thursday which used a computer virus different from one that hit Ukraine on Tuesday, said Ukrenergo's acting head said.
Ukraine Blames Russian Security Services for Recent Cyber Attack (Fortune) A Kremlin spokesman dismissed 'unfounded blanket accusations.'
Early indications point to Russian hacking group for Petya attack (Cyberscoop) The main suspect behind the recent global ransomware attack is a hacking group with suspected ties to Russia and a history of launching destructive computer viruses, according to research conducted by Czech cybersecurity firm ESET. The company has pegged the attack to a group known as Telebots or Sandworm.
Security Firms Find Thin Lines Connecting NotPetya to Ukraine Power Grid Attacks (BleepingComputer) On Friday, three cyber-security firms have come forward with reports or statements that link the NotPetya ransomware outbreak to a cyber-espionage group known for a large number of past cyber-attacks, such as the one on Ukraine's power grid in December 2015.
TeleBots are back: supply-chain attacks against Ukraine (WeLiveSecurity) This blogpost reveals many details about the Diskcoder.C (aka ExPetr or NotPetya) outbreak and related information about previously unpublished attacks.
More Security Firms Confirm NotPetya Shoddy Code Is Making Recovery Impossible (BleepingComputer) The bandwagon of cyber-security firms claiming that NotPetya was meant for destructive purposes is getting more crowded by the day, with three new additions from Cisco Talos, F-Secure, and Malwarebytes.
We thought the internet was broken by people trying to get money. The truth is much more worrying (The Independent) The cyber attack that broke many of the world's biggest companies was intent only on destruction.
Global cyberattack looks more like 'sabotage' than ransomware - experts (CNNMoney) Cybersecurity experts believe it was sabotage, not cash, that may have motivated the hackers behind this week's crippling global cyberattack.
A technical analysis of the recent Petya ransomware attack (Quick Heal Technologies Security Blog) Earlier this week, a new variant of Petya Ransomware was spotted which was creating havoc all over Europe as well as major parts of Asia including India. The major target for Petya has been Ukraine as its major banks and also the power services were hit by the attack. It’s...
U.S. warns businesses of hacking campaign against nuclear, energy firms (Reuters) The U.S government warned industrial firms this week about a hacking campaign targeting the nuclear and energy sectors, the latest event to highlight the power industry's vulnerability to cyber attacks.
U.S. trade group says no nuclear power plants have been hacked (Reuters India) No U.S. nuclear power plant has been penetrated in a cyber attack, an industry spokesman said on Saturday, when asked to comment on a U.S. government warning last week about a hacking campaign targeting the sector.
Deliveries 'in limbo' with FedEx's TNT 'significantly affected' by cyber attack (ABC News) Australians and businesses waiting on deliveries by FedEx's TNT Express say they have been left in limbo after the company is significantly affected worldwide by a cyber attack.
Maersk accepting bookings once more in the wake of devastating cyber attack as ports also reopen (Load Star) Maersk’s container operations appear to be recovering following the debilitating cyber attack on its systems earlier this week.
Cyber authority says hospital hack attack much smaller than believed (The Times of Israel) Despite previous reports, incident apparently not connected to worldwide ransomware virus
Staying humble is key to staying safe, says Israel’s cyber chief (The Times of Israel) Last week’s hospital cyber-attack was no big deal and the electoral system is secure, according to Cyber Bureau head Eviatar Matania, who’s both worried and confident
OutlawCountry Is CIA's Malware for Hacking Linux Systems (BleepingComputer) WikiLeaks dumped today a manual describing a new CIA malware strain. Called OutlawCountry, this is malware designed for Linux operating systems.
Vulnerabilities Found in German e-Government Communication Library (Dark Reading) Researchers find critical flaws in secure communications protocol used in areas including population registration, justice and public health systems.
Al-Qaida-linked Mali Extremists Release Hostage Video (VOA) Video shows Stephen McGowan of South Africa, Elliot Kenneth Arthur of Australia, Iulian Ghergut of Romania, Beatrice Stockly of Switzerland, Gloria Cecilia Narvaez of Colombia and Sophie Petronin of France
Foreign jihadist media group rallies against West in video (FDD's Long War Journal) German jihadist Andreas Muller speaking in the video Al Muhajirun, a media organization linked to foreign jihadists in Syria, recently released a video highlighting the supposed degradation of Western society.
8tracks Hit With Breach of 18 Million Accounts (Dark Reading) Hackers attack Internet radio user database, gaining access to email addresses and encrypted passwords.
Feedback scammers attempting to extort millions from 5,000 major companies (Graham Cluley) Can you trust that .feedback site really belongs to who you think it belongs?
So You Think You Can Spot a Skimmer? (KrebsOnSecurity) This week marks the 50th anniversary of the automated teller machine — better known to most people as the ATM or cash machine.
Majority of Sites Fail Mozilla’s Comprehensive Security Review (Threatpost) A thorough review of the top 1 million websites reveals 93 percent fail Mozilla’s Observatory security review.
The Biggest Cybersecurity Disasters of 2017 So Far (WIRED) The first six months of 2017 have seen an inordinate number of cybersecurity meltdowns.
Security Patches, Mitigations, and Software Updates
Siemens Patches Critical Intel AMT Flaw in Industrial Products (Threatpost) Siemens patched a recently disclosed vulnerability pertaining to systems with specific Intel processors. If exploited, the flaw could let an attacker gain system privileges.
Cyber Trends
Hackers Find ‘Ideal Testing Ground’ for Attacks: Developing Countries (New York Times) Often the best way to see if a cyberweapon works is to try it out in a country without the best digital defenses, as recent attacks have indicated.
Opinion | A cyberattack swept across the globe last week. We should be ready for more. (Washington Post) The danger is becoming more widespread.
Another Ransomware Attack? Welcome to The New Normal (Level 3) What happens when you combine the structure and focus of organized crime with the sophistication and scale of a nation state? You have two global
Understanding the motives behind cyber attacks can help prevent them (Information Age) Exploring the motives behind the recent cyber attacks is the key to prevention, but ultimately companies must patch the root cause
Wake-up call for cyber security (Strategic Risk) Lessons to be learned from last month’s global WannaCry ransomware attack
Why Petya, Like WannaCry, Signals A New Era Of Cybercrime (Information Security Buzz) Petya and WannaCry are the tip of the iceberg in a new era of global, distributed cyberattacks that are affecting all industries and geographies.
WannaCry Outbreak: Watershed Moment (BankInfo Security) When malware comes gunning for your national health service, you're going to take it personally. And that's just one reason why the WannaCry outbreak in particular
Businesses warned that cyber attack start of all-out war on data (Irish Examiner) This week’s attack on Europe’s computer networks marked the beginning of a sinister all-out war on business data with no chance of recovery, according to one of Ireland’s top cyber security experts.
After the WannaCry ransomware campaign, why aren't people patching? (SC Media UK) A massive ransomware campaign attacked countless endpoints for the second time in just over a month, exploiting a vulnerability that had been patched months earlier. SC asks, why does this keep happening?
Tuesday's cyberattack shows why old tech is scarier than Hollywood AI (CNNMoney) While not as sexy as killer robots, pieces of bad code, unpatched software, weaponized malware and aging technology can have a real -- and detrimental -- impact.
‘A single boxer in a ring is not a winner’ (The Hindu) ‘Those protecting critical infrastructure think they are safe; that’s because hackers are busy elsewhere making money’
Marketplace
10 Reasons Your Business Needs Cyber Liability Insurance (IT News Africa) New technology means new risks. The internet asks a lot of questions of its users.
Cyber-security graduates now hot property on the job street (The Economic Times) Demand for graduates specialising in cyber security has shot up to an all time high, and universities are introducing these programmes to cater to the growing requirements.
Hackers reap rich rewards by exposing system weak spots (Times) British hackers are earning hundreds of thousands of pounds helping international companies to spot bugs in their computer systems. They are being paid to identify areas vulnerable to data breaches...
IBM expands New Collar Tech Career Training opportunities for veterans (1440 WAJR) Over 2,000 veterans will be hired by IBM for training initiative that will certify veterans in the use of IBM software widely used by law enforcement, cybersecurity, and national security agencies.
Microsoft acquires Cloudyn (Notebook Check) This new acquisition aims to help the Redmond giant improve its cloud services, more precisely Microsoft Azure. Cloudyn's technology allows enterprise customers to optimize their cloud-related spending.
IAI snaps up two foreign firms in cyber-defense push (The Times of Israel) Israeli aerospace and defense firm announces investment of millions of dollars in Dutch and Hungarian companies
‘Closer scrutiny’ by government urged in Sandvine takeover battle (Financial Post) Barry Critchley: Francisco Partners’ offer for network policy company Sandvine is raising alarm bells over the possibility of human rights abuses
Palo Alto Networks Leaks New Growth (Seeking Alpha) Stock prices rose over 17% to $139.97 towards the end of May, leading to Palo Alto Networks’ biggest gain since the company went public. Quarter 3 saw a 25% rev
How a Tiny Cybersecurity Firm Stopped a Global Ransomware Attack (We Greet You) Salim Neino had been waiting for something like WannaCry.
4 AI Cybersecurity Startups Using Predictive Analytics - Nanalyze (Nanalyze) The number of AI cybersecurity startups using predictive analytics to spot malware attacks and other intrusions before they begin are rapidly increasing.
AhnLab stock plunges as founder mired in political scandal (Korea Times) The stock price of AhnLab, the nation’s largest security software company, is hitting an all-time low this year amid a mounting political scandal surrounding the firm’s founder Ahn Cheol-soo.
DIUx taps Plurilock for AI authentication (GCN) Defense officials are adding an additional layer of security to workplace computing through an artificial-intelligence system that monitors keystrokes and mouse behavior of individual users.
Longtime cybersecurity exec to step down as BitSight CEO (Boston Business Journal) McConnon's previous three companies have been acquired for more than $1 billion total. His latest, BitSight, has been growing exponentially since its security-rating software hit the market in 2013.
FireMon strengthens European division with new Vice President (GlobeNewswire News Room) Tech veteran James Clegg to lead FireMon’s EMEA teams
Products, Services, and Solutions
GlobalPlatform simplifies management of privacy-enhanced ID documents (Security Document World) GlobalPlatform has published its Card Privacy Framework and Privacy-Enhanced ID Configuration.
Raytheon to provide Army with automatic speech recognition capability (C4ISRNET) Raytheon BBN Technologies has been awarded a $4 million Army contract for automated language translation.
5 best malware tracker maps to see security attacks happen in real-time (Windows Report) The Internet used to be a safe place when it was first launched.
Petya/NotPetya Cyber Attack Does Not Phase This SMB Owner (EIN News) Tie National provides effective cyber security to SMBs as protection from deadly cyber attacks.
Technologies, Techniques, and Standards
BCS Launches Blueprint to Prevent Another NHS WannaCry Epidemic (Infosecurity Magazine) BCS Launches Blueprint to Prevent Another NHS WannaCry Epidemic. Roadmap hopes to create a trusted, secure NHS by 2020
Basic Cybersecurity Hygiene Tips Are Ransomware Vaccine (Bloomberg BNA) Companies that follow basic cybersecurity hygiene are likely to avoid the ravages of global ransomware attacks such as the one that crippled thousands of computer systems June 27, cybersecurity pros...
Blockchain would have prevented Maersk cyber attack (Marine Electronics and Commnication) Blockchain technology would have saved shipping from this week’s Petya cyber attack that crippled the logistics IT systems of Maersk Group.
"Eternal Blues" Tool Tests Computers Against NSA's ETERNALBLUE Exploit (BleepingComputer) Security researcher Elad Erez has created a tool named Eternal Blues that system administrators can use to test if computers on their network are vulnerable to exploitation via NSA's ETERNALBLUE exploit.
Using nmap to scan for MS17-010 (CVE-2017-0143 EternalBlue) (SANS Internet Storm Center) With both WannaCry and NotPetya using MS17-010 for propagation it is important to be able to detect servers which are vulnerable.
Six Things to Do to Secure Your Linux System (IT Pro) Tuesday's Petya slam dunk by the bad guys, which may or may not have been a state sponsored swipe at Ukraine, was only one of several wake-up calls during the last couple of months for the folks taking care of IT security.
What In-House Lawyers Can Learn From the Cyberattack on DLA Piper (Corporate Counsel) There are some takeaways for law departments from the recent mess at DLA Piper.
This company deliberately deleted its customer email mailing list. Maybe you should too (Graham Cluley) With much tougher data protection regulations coming into force in March 2018 in the form of GDPR, it may be a canny move to securely wipe such information sooner rather than later.
8 Things Every Security Pro Should Know About GDPR (Dark Reading) Organizations that handle personal data on EU citizens will soon need to comply with new privacy rules. Are you ready?
An exclusive peek inside Cyber Command’s premiere annual exercise (C4ISRNET) C4ISRNET got an exclusive look at Cyber Flag, a military exercise focused on training and validating the Cyber Mission Force’s capabilities and readiness.
TLS security: Past, present and future (Help Net Security) Since the early days of the SSL/TLS protocols, the security community has been struggling with various attacks that have made many press headlines.
6 ways security pros unwittingly compromise enterprise security (CSO Online) Overwhelmed and eager to please, security professionals sometimes cut corners and take risks, unwittingly compromising enterprise security.
Worried about attacks? Maybe you're not getting hacked enough, report finds (TechRepublic) A HackerOne report makes it clear that bounty programs work. So why aren't more companies using them?
How to Obfuscate (Nautilus) What misinformation on Twitter and radar have in common.
5 Ripple Effects of Cyber Crime and How B2B Firms Can Overcome Them (Entrepreneur) With the rapid growth of cyber crime, businesses must demonstrate trust to consumers, while taking steps to protect data.
Design and Innovation
Digital force fields to stop terrorist vehicles (Times (London)) Digital force fields could be installed around sensitive buildings and bridges under government plans to prevent vehicles being used in terrorist attacks. The Department for Transport is...
Security Startup Taps Blockchain to Assign Unhackable Digital IDs (SDxCentral) The security firm Block Armour is using blockchain technology based on Hyperledger software to assign unhackable digital IDs.
The Blockchain Fuels Startups—Unlike Any You've Ever Seen (WIRED) Bitcoing was hailed as the digital currency of a utopian future, but, at least in the US, few people use it
BioCatch founder Avi Turgeman on the philosophy of artificial intelligence (Financial Times) When not reading Douglas Hofstadter, the tech entrepreneur is playing bass
Is IBM Watson A 'Joke'? (Forbes) On the May 8th edition of Closing Bell on CNBC, venture capitalist Chamath Palihapitiya, founder and CEO of Social Capital, created quite a stir in enterprise artificial intelligence (AI) circles, when he took on IBM IBM -0.19% Watson, Big Blue’s AI platform.
IBM Is Clueless About AI Risks (Gizmodo) Earlier this week, David Kenny, IBM Senior Vice President for Watson and Cloud, told the US Congress that Americans have nothing to fear from artificial intelligence...
AI Will Make Forging Anything Entirely Too Easy (WIRED) “Lordy, I hope there are tapes,” said an exasperated James Comey in his testimony before the Senate Intelligence Committee on June 8.
Research and Development
Computer Scientists: Passwords Can be Acquired from Brain Waves (Infosecurity Magazine) A study by computer scientists from University of Alabama at Birmingham and University of California Riverside suggests that passwords can be acquired from brain waves.
Academia
UMA cybersecurity program growing to keep up with industry (Kennebec Journal & Morning Sentinel) Some experts predict there will be 1.5 million job openings in cybersecurity by 2019.
BPCC labeled 'Center of Workforce Excellence in Cyber Technology' (KTBS) Today, Bossier Parish Community College unveiled its new designation as a Center for Workforce Excellence in Cyber Technology.
Young warriors train to fight future cyberwars (Gainesville Times) About 40 high school students have spent much of past two weeks learning how to hack a car with a computer, break into computer systems ...
Legislation, Policy, and Regulation
UK government threatens to launch drone strikes against hackers (HOTforSecurity) If there's one thing that everyone seems to be talking about at the moment, it's hacking. Recent hard-hitting ransomware attacks like WannaCry have made malware a talking point for the man in the street, and allegations persist that Russian hackers may have attempted to...
NATO and Cyberwar: Will Britain Invoke Article 5? (The American Spectator) On November 19, 1919, Congress rejected the Versailles Treaty ending World War I and with it the charter of the League of Nations which was a key part of it.
Can the CIA and NSA be trusted with cyber hacking tools? (NBC News) Both the WannaCry and Petya-variant attacks were based on exploiting software vulnerabilities revealed by leaks from the NSA.
The NSA’s Inadvertent Role in the Major Cyberattack on Ukraine (Slate Magazine) The Petya attack wasn’t just about money, like WannaCry. It was far more insidious.
The types of cyber weapons Cyber Command needs in its toolbox (Fifth Domain | Cyber) The tools Cyber Command needs to conduct its war-fighting mission are distinct from those used by NSA for espionage.
Modi in Israel: Cyber-security, defence deals and investment opportunities on agenda (International Business Times, India Edition) The three-day Israel visit of Prime Minister Narendra Modi from July 4 will see discussions on issues like cyber-security, defence deals and business investments. Read to know more.
Vote to ban Kaspersky irks Russia (Boston Herald) The Russians are threatening to retaliate if U.S. lawmakers try to ban the cybersecurity company Kaspersky Labs from Pentagon software contracts.
Spies Fear Trump’s First Meeting With Putin (The Daily Beast) The Kremlin thinks Putin will eat Trump’s lunch at the G-20 summit, European intelligence agencies have learned.
Private Sector Cyber Intelligence Could Be Key to Workable Cyber Arms Control Treaties (Lawfare) The Obama-Xi cybersecurity agreement shows that the private sector can both demonstrate and encourage state compliance with such agreements.
The Palace Intrigue at the Heart of the Qatar Crisis (Foreign Policy) The Saudis don’t believe the young emir of Qatar is really running the country — and they’re looking for regime change.
The Muslim Brotherhood Is the Root of the Qatar Crisis (The Atlantic) The Saudi-led bloc has made 13 demands of Doha, but they’re mostly about resolving one issue—and time is almost up.
Senators introduce 'cyber hygiene' bill (TheHill) Legislation directs federal government to develop best practices for safeguarding against cyber intrusions.
E-Crime Bureau boss appointed Cyber Security Advisor (My Joy) The Principal Consultant of Cyber Security firm, E-Crime Bureau, Albert Antwi Boasiako has been appointed Cyber Security Advisor to the Communications Ministry.
Why We're Encouring Ethical Hackers to Try and Hack the DHS (TIME) They could help protect the Department of Homeland Security from cyber attacks
Germany passes law with huge fines for Internet companies that don’t bar hate speech (Ars Technica) German legislators want hate speech removed within 24 hours.
Theresa May’s terror plans condemned (Times) Theresa May’s plans to fine technology companies for failing to remove extremist material online have been likened to the actions of a Chinese dictator by her own counterterrorism watchdog. Max...
By Facebook's Logic, Who is Protected from Hate Speach? (WIRED) For months now, social media companies have been grappling with how to minimize or eradicate hate speech on their platforms.
Gordon to become Principal Deputy Director of National Intelligence (C4ISRNET) President Trump has nominated the next Principal Deputy Director of National Intelligence.
Litigation, Investigation, and Law Enforcement
Kaspersky offers code to prove it's not a Russian stooge (Engadget) Kaspersky is offering source code to keep important US government security contracts.
In Worrisome Move, Kaspersky Agrees to Turn Over Source Code to US Government (Gizmodo) Over the last couple of weeks, there’s been a disturbing trend of governments demanding that private tech companies share their source code if they want to do business. Now, the US government is giving the same ultimatum and it’s getting what it wants.
Is So-called Islamic State Gaining Strength in Pakistan? (VOA) Analysts warn that while still relatively small, the extremist group is spreading swiftly in many areas where the government struggles to maintain law and order, including the restive Balochistan province
Germany gears up to defend against possible G20 cyber attacks (Reuters) Germany is girding itself for possible cyber attacks on next week's G20 summit in Hamburg, by hacker groups or cells linked to foreign governments, its top cyber official told Reuters.
Microsoft, Trump administration clash over email searches (ABC News) On the surface, the investigation was routine. Federal agents persuaded a judge to issue a warrant for a Microsoft email account they suspected was used for drug trafficking.
Trump voter-fraud panel’s data request a gold mine for hackers, experts warn (POLITICO) Cybersecurity specialists are warning that Trump’s commission on election integrity may unintentionally expose voter data to even more hacking and digital manipulation.
Cyber expert says GOP operative wanted to expose hacked Clinton emails (the Guardian) British internet security consultant Matt Tait’s allegations may shed new light on Russia’s election meddling and possible collusion by Trump aides
Warner: 'More clarity' in Russia probe 'in a couple of months' (POLITICO) The Virginia Democrat says there is still much to be sorted out.
Despite recusal, Sessions offers advice on Trump-Russia probe (POLITICO) Sessions' top aide implied that the attorney general would not field such media inquiries because of his recusal.
Feds: Mexican motorcycle club used stolen key data to fuel massive Jeep heist (Ars Technica) “Hooligans” club and its criminal “Dirty 30” wing allegedly stole across San Diego.
Feds: Mexican motorcycle club used stolen key data to fuel massive Jeep heist (Ars Technica) “Hooligans” club and its criminal “Dirty 30” wing allegedly stole across San Diego.
How Margrethe Vestager went after Google (POLITICO) Google, rival companies, even commissioner’s team kept in the dark about record-breaking fine.
Exclusive-India presses Microsoft for Windows discount in wake of cyber attacks (The Indian Express) Microsoft officials in India have "in principle agreed" to the request for a discount in prices following the recent cyber attacks, Gulshan Rai, India's cyber security coordinator, told Reuters over the phone on Friday. A spokeswoman for Microsoft in India, however, declined to comment on the matter.
Centrelink hacking into fraudster's phones with anti-terror tech (The Sydney Morning Herald) Govt departments using controversial tech to unlock suspects' phones
Protesters Physically Block HQ of Russian Web Blocking Watchdog (TorrentFreak) Russia's Internet watchdog Rozcomnadzor had a taste of its own medicine this week when activists visited its headquarters to protest against increasing web-blocking. Rozcomnadzor's St. Petersberg's offices were barricaded with a stack of boxes, each with a label demanding freedom for the 'blocked citizens of Russia.'
Nigeria: Two Years After, Niger Delta States Continue Controversial Spying Programs (allAfrica.com) Two years after PREMIUM TIMES revealed that four South-South states were running illegal surveillance programmes to intrude into privacy of their residents and target opposition, latest findings by this newspaper suggest that the states have not backed down on the controversial operation.
Man Pleads Guilty to Stealing Bitcoin From Other Dark Web Criminals (BleepingComputer) A Connecticut man pleaded guilty last week to stealing Bitcoin from users of Dark Web marketplaces, said the Department of Justice on Tuesday.
Film review: ‘Risk’ shines uncompromising spotlight on Julian Assange and Wikileaks (Naked Security) A new film about Wikileaks should please those who believe in its importance – but doesn’t please the activist group’s founder