Cyber Attacks, Threats, and Vulnerabilities
Researchers Find BlackEnergy APT Links in ExPetr Code (Threatpost) Researchers have found links between the BlackEnergy APT group and threat actors behind the ExPetr malware used in last month’s global attacks.
Hackers Connected to NotPetya Ransomware Surface Online, Empty Bitcoin Wallet (Motherboard) Whoever is in control of the NotPetya bitcoin wallet has moved around $10,000 of funds, and a mysterious group has offered to unlock all of the ransomed files.
Cyber-Security Experts View Petya Malware as Nation-State Attack (eWEEK) Security experts in the U.S and Europe are debating whether the Petya cyber-attack that mainly affected computers in Ukraine, was nation-state inspired and originated in the Russian Federation.
A system wiper with no recourse: Researchers discover what NotPetya attack was really after (Security Brief) ESET senior research fellow Nick FitzGerald says that NotPetya was most likely a state-sponsored attack through malware.
The day a mysterious cyber-attack crippled Ukraine (BBC) Last week, an online attack brought chaos to Ukraine’s banks, hospitals and government – its creators’ intent was apparently disguised, so what was the aim?
NotPetya Ransomware Hackers 'Took Down Ukraine Power Grid' (Forbes) Ukraine has placed the blame for last week's ransomware outbreak on Russia. The allegations came as multiple cybersecurity companies claimed there were links between the so-called NotPetya ransomware and hackers who previously targeted power providers and shut down electricity across the country, most infamously in December 2015 and then again on a smaller scale a year later.
Analysis of TeleBots’ cunning backdoor (WeLiveSecurity) Analysis of TeleBots’ cunning backdoor: This article reveals details about the initial infection vector that was used during the DiskCoder.C outbreak.
PetrWrap Technical Analysis Part II: Further Findings and Potential for MBR Recovery (CrowdStrike) This technical analysis of the PetrWrap threat yields clues regarding how the attack unfolds, and the possibility of recovering the Master Boot Record.
NotPetya Ransomware Frequently Ask[ed] Questions (FAQ) (IT Security Guru) A new outbreak of ransomware, a form of malware which encrypts your files and demands a ransom payment to recover them, has hit organisations globally. It appears to be a derivative of the previously seen Petya ransomware, but with some differences. Many researchers have cast doubt on whether this really is a variant of Petya or something just designed to look like Petya, hence it has been dubbed NotPetya.
Latest malware attack exposes cybersecurity weaknesses (TheHill) A fast-spreading computer virus that ravaged data systems in Europe and the United States earlier this week has again raised questions about whether United States businesses and organizations are prepared for cyber threats.
Cyberweapon disguised as ransomware: How NotPetya could lead to war (Moneycontrol) “If the operation could be linked to an ongoing international armed conflict, then law of armed conflict would apply, at least to the extent that injury or physical damage was caused by it, and with respect to possible direct participation in hostilities by civilian hackers, but so far there are reports of neither,” said Tomáš Minárik, researcher at NATO CCD COE Law Branch.
Opinion | When Cyberweapons Go Missing (New York Times) The National Security Agency is so shrouded in mystery that it’s not even clear whether it knows how its weapons were stolen.
It’s time for the NSA to speak up about its stolen cyber weapons (Salon) Two global attacks in six weeks using the NSA's cyber weapons. Shouldn't they be held accountable?
Maersk brings major IT systems back online after cyber attack (Reuters) Danish shipping giant A.P. Moller-Maersk (MAERSKb.CO) said it had restored its major applications, as it brings its IT systems back online after being hit by a major cyber attack last week.
As Maersk gets back to work, shipping’s dire cyber security is laid bare - (Splash 247) Maersk’s IT team worked throughout the weekend to get systems back on track for the company in the wake of last Tuesday’s cyber attack and today operations at Maersk Line and APM Terminals are largely back to normal. However, a report out yesterday warns global carriers are severely under prepared for any future attack.
Shipping must learn from Maersk cyber attack – tighten security or be next, warning (Load Star) The shipping industry must learn from last week’s cyber attack on Maersk, say analysts, and the line’s chief commercial officer, Vincent Clerc, said the line would “have to ask ourselves some tough questions”.
Breach at US nuclear plants raises concerns in wake of Petya (Naked Security) With Chernobyl among those hit by Petya and the US breach, concerns are rising about the potential effect of weaponised exploits being used against nuclear energy infrastructure
Was a Palestinian hacker behind cyberattack on Israeli hospitals? (JerusalemOnline) ESET cyber security researchers are claiming that the virus that attacked computers in two Israeli hospitals last week was released by a hacker who identifies as a Palestinian. The virus is a spy tool designed to extract information.
SLocker Mobile Ransomware Starts Mimicking WannaCry (TrendLabs Security Intelligence Blog) Early this month, a new variant of mobile ransomware SLocker (detected by Trend Micro as ANDROIDOS_SLOCKER.OPST) was detected, copying the GUI of the now-infamous WannaCry.
AV-Test: Ransomware is a “Marginal Phenomenon” (Infosecurity Magazine) AV-Test: Ransomware is a “Marginal Phenomenon”. German institute says it comprised less than 1% of malware last year
Germany big target of cyber espionage and attacks, says government report (CNBC) Germany is a big target of spying and cyber attacks by foreign governments such as Turkey, Russia and China, a government report said on Tuesday, warning of "ticking time bombs" that could sabotage critical infrastructure.
Pre-Installed Software Flaws Expose Dell Systems to Code Execution (Security Week) Flaws in pre-installed software expose Dell systems to attacks that could result in the disabling of security mechanisms, privilege escalation, and arbitrary code execution within the context of the application user.
SQL injection vulnerability found in popular WordPpress plug in, again (SC Media UK) Security researchers have found yet another SQL injection vulnerability in a WordPress plugin.
How does the Antbleed backdoor vulnerability work? (SearchSecurity) Antbleed is a backdoor vulnerability in bitcoin mining tools from Bitmain. Here's a look at how that flaw works and how to uncover this type of issue.
MPs Targeted by Vishers Following Parliament Attack (Infosecurity Magazine) MPs Targeted by Vishers Following Parliament Attack. Phone fraudsters pose as IT technicians in bid to get log-ins
Now criminals are ringing up British MPs to ask them their passwords (Graham Cluley) Passwords are supposed to be secret. However nicely someone asks you, don't tell them your password.
Fourth Largest Cryptocurrency Exchange Was Hacked. Users Lose Ethereum & Bitcoin (BleepingComputer) Bithumb, the world's fourth largest cryptocurrency exchange by volume, confirmed a security incident during which an unknown hacker was able to make off with an yet undetermined amount of funds.
Classic Ether Wallet Hacked, Users Report Massive Losses (BleepingComputer) An unknown attacker has gained control over the web domain of Classic Ether Wallet, a client-side wallet system for the Ethereum Classic (ETC) cryptocurrency.
Issues about bitcoin everyone should know (Newsedges) Like a huge wave that’s expanding with each mile, Bitcoin is gaining more and more popularity, respectively its exchange rate is increasing as well ($1800 per BTC on May 16, according to CEX.IO bitcoin exchange).
Overview of Bitcoin Alternatives (Technology.org) Bitcoin is known as ‘digital gold’ and is by far the most popular cryptocurrency. However, it is slowly losing its dominance in the market to some great alternatives. Bitcoin has seen some great success, but it has its problems, and it’s now becoming clear that it’s not suitable for every application.
Data of Google Employees Exposed in Sabre Breach (BleepingComputer) The personal details of a small number of Google staffers have been exposed, according to a notification letter Google has started sending to affected employees.
Medical devices at risk: 5 capabilities that invite danger (CSO Online) It isn't just certain connected medical devices that put patient data and physical safety at risk, it's specific capabilities and systems within which they operate that make them a broad, and vulnerable, attack surface.
'Smishing' scams target your text messages. Here's how to avoid them (USA TODAY) Marc Saltzman talks about how to curb cyber scammers and cyber-criminals who attack through your cell phone SMS messages.
What It's Like When Pro Phishers Assail Your Inbox (WIRED) On a typical morning I have about 30 new emails in my personal inbox, and 40 in my work account. You know how it is. I archive what I don't want, scan part of a newsletter, click through to a coworker's Google Doc, and click "track my package" more often than I'd like to admit. It's all pretty standard stuff.
Security Patches, Mitigations, and Software Updates
GnuPG crypto library cracked, look for patches (Register) Boffins bust libgcrypt via side-channel
Siemen rushes to patch IoT devices against Intel AMT flaw (IT PRO) Industrial control devices vulnerable to remote attack
After Ransomware Attack, Windows XP Is Not Back From the Dead (New York Times) Microsoft recently issued an emergency patch for the operating system it retired in 2014, but the company has no plans to restore full support.
Windows 10 will use protected folders to thwart crypto ransomware (Help Net Security) Windows 10 Fall Creators Update is scheduled to be released in September, and will come with major new end-to-end security features.
Microsoft will pester you to install the Windows 10 Creators Update (pcgamer) If you're not running the Creators Update, get ready for pesky pop-ups.
Cyber Trends
Top 10 Most Hackable Countries In The World In 2017 (Fossbytes) Cyber attacks are on the rise. Rapid7's National Exposure Index throws light on how vulnerable are individual countries to attacks, like DDoS, eavesdropping, etc. According to the report featuring data for 183 countries, Zimbabwe is the most exposed.
Cyber is broken (LinkedIn) Massively complex, broken enterprise networks are driving spending on cyber security, and dragging the rest of us along for the ride.
Only half of CIOs updated security after WannaCry: report (CRN Australia) A quarter say they have experienced ransomware attacks.
Cyber attacks 'rife' in Australia (Financial Review) The Australian CEO of the world's largest cyber security firm has warned that unreported ransomware attacks are "rife" in Australia.
65% of major US banks have failed web security testing (IBS Intelligence) Websites run by some of the largest banks in the US have scored the poorest in a new security and privacy analysis audit.
Small businesses 'dying' because of cyber threat (UKFast) Secarma MD Paul Harris says half of all cyber-attacks are upon small firms, which often don’t take the threat seriously enough
Marketplace
The Cost Of A Data Breach Can Be An Expensive Headache (ARC) The prevalence of cybercrime is part of the digital economy but data breach costs can be more than just a financial outlay.
Manufacturers Buying More Cyber Insurance (EBN) Cyber attacks are no longer limited to front office interactions with individual customers. The amount of data now integrated into smart products, manufacturing equipment and other machines that keep operations running is a sweet temptation for hackers. The threat of a cyber-attack and potential fallout after a security breach poses new risks manufacturers should consider and act on.
Petya’s Role in the Recent Cybersecurity Stock Surge (Market Realist) Several prominent cybersecurity stocks rose on Wednesday, June 28, following the Petya ransomware attack. FireEye stock (FEYE) rose 1.6% to $15.66, while Barracuda Networks (CUDA) rose 1.5% to $22.94, and Check Point Technologies (CHKP) rose ~1% to $112.11.
Cyber-Security Startups Score Big Rounds of Venture Funding in June (eWEEK) Multiple security vendors raised more than $100 million in June, the most active month for cyber-security startup funding so far in 2017.
Cisco is relieved the FTC stepped in to protect it from its competitor (Business Insider) The FTC is putting a special watchdog in place when Cisco's major chip supplier, Broadcom, buys one of Cisco's competitors, Brocade.
Cisco: More Than A Touch Of Irony (Seeking Alpha) Announcement by Cisco and Apple of an effort to secure cyber security insurance discounts for customers raises many issues which negatively impact Cisco's valua
Commentary: Merits of Cisco acquisition policy (Digitimes) There have been diverse opinions about Cisco Systems' continued acquisition policy for over the past 25 years, with one of the opinion groups even arguing that the operating benefits derived from these acquisition projects have been limited, or less sucessful than expected. But for Cisco, this is simply not true.
NCI agrees to be acquired by H.I.G. Capital for about $283 million in cash (MarketWatch) NCI Inc. NCIT, -4.98% which offer IT services to federal government agencies, said Monday it has agreed to be acquired by funds managed by a unit of private-equity firm H.I.G. Capital for about $283 million in cash.
NCI sale to private equity firm comes at tough time for contractor (Washington Business Journal) The private equity firm has bought the Reston contractor for a discount compared with its Friday closing stock price.
Why Palo Alto Networks, Inc. Stock Climbed 12.8% in June (The Motley Fool) The network and enterprise security company popped after a strong quarterly report.
Short FireEye. Really? (Seeking Alpha) Catalysts for significant price movements are not fully hatched. FireEye will continue to trade on macro events until more data is made available on the success
Microsoft job losses feared in cloud-focused global restructure (CRN Australia) Part of cloud-focused sales reorganisation.
Defense Industry Race to Buy Hot Startups (Scout.com) In just one year, the nation’s largest defense contractor has injected close to $20 million into tech startups.
Md. cybersecurity council urges more state investment to combat attacks (Maryland Daily Record) Maryland has made progress in improving its cybersecurity environment but must do more to invest as cyberattacks increase, the first full report by the state’s cybersecurity council said.
Products, Services, and Solutions
Versasec Announces Partnership with Softshell in Europe (Versasec) Value-added distributor focuses on cybersecurity in Germany, Austria, Switzerland
Comodo and Domain Name Registrar Internet.bs Partner to Provide TLS/SSL Certificates (PRNewswire) Comodo, a global innovator and developer of cybersecurity solutions and...
How High-Tech Bridge uses machine learning (Help Net Security) The CEO at High-Tech Bridge illustrates how his company uses machine learning to reduce human time without impacting testing quality or liability.
Minerva protects endpoints with trickery and deception (CSO Online) Minerva's Anti-Evasion Platform targets the new breed of environmentally-aware malware. The idea is that most normal threats will be blocked by traditional antivirus and Minerva will stop anything that attempts to get around that protection.
Crypto SmartProtect - Cyber defence at the highest level (Presse Box) Conventional defences are not effective against highly professional cyberattacks on authorities, organisations and companies. Multi-stage security elements are required...
City of Mumbai Chooses Fortinet to Provide Wireless Internet Access to Citizens of India’s Commercial Capital and Largest City - NASDAQ.com (NASDAQ.com) Fortinet Security Fabric enables digital empowerment project and defends against threats from the Internet of things
Sure's award for security product (Manx Radio) CEO delighted Sure is recognised
Technologies, Techniques, and Standards
European cloud adoption continues despite security concerns (ComputerWeekly) Confusion reigns in European firms about security responsibility for cloud-based services, while investment in additional measures highlights ongoing concerns.
GDPR: who needs to hire a data protection officer? (Naked Security) The clock is ticking to GDPR – here’s our guide to the role of a data protection officer and whether you need to hire one
UK Councils Still Failing on GDPR Compliance Plans (Infosecurity Magazine) UK Councils Still Failing on GDPR Compliance Plans. Over half don’t have DPO, according to FOI request
The Problem with Data (Dark Reading) The sheer amount of data that organizations collect makes it both extremely valuable and dangerous. Business leaders must do everything possible to keep it safe.
HTTPS Certificate Revocation is broken, and it’s time for some new tools (Ars Technica) Certificate Transparency and OCSP Must-Staple can't get here fast enough.
Beyond public key encryption (A Few Thoughts on Cryptographic Engineering) One of the saddest and most fascinating things about applied cryptography is how little cryptography we actually use. This is not to say that cryptography isn’t widely used in industry —…
Security's blind spot: The long-term state of exception (Help Net Security) Even a fully functioning and well-integrated security system will need to be monitored and adjusted over time, you always have to keep alert.
Rising information security threats, and what to do about them (Help Net Security) The current major and, unfortunately, rising threats are ransomware, CEO email attacks (BEC scams), and the exploitation of zero-day vulnerabilities.
Cyber Flag exclusive: What goes into validating a cyber team? (C4ISRNET) C4ISRNET was provided exclusive access to U.S. Cyber Command’s premier annual training exercise, Cyber Flag, in which 12 teams were used as the capstone toward reaching full operational capability.
Cyber training and education must be continuous [Commentary] (C4ISRNET) Considering the pace with which technology is advancing and implemented, it is easy to see just how essential continuing educations has become.
What SMBs can learn from WannaCry and the Vault 7 leaks (Computing) Do small businesses have anything to fear from the glut of anti-privacy tools?
‘Who is going to protect us?’ Solving one of cybersecurity’s biggest problems (Computer Business Review) Cybersecurity's skills shortage is no secret, yet there is a continuous and arguably increasing pressure to fire fight against proliferating cyber-attacks
Design and Innovation
Horcrux Is a Password Manager Designed for Security and Paranoid Users (BleepingComputer) Two researchers from the University of Virginia have developed a new password manager prototype that works quite differently from existing password manager clients.
In quest to replace Common Access Card, DoD starts testing behavior-based authentication (FederalNewsRadio.com) The Defense Department has started testing one potential technology to replace the Common Access Card.
Why are Microsoft’s chatbots all assholes? (BGR) If artificial intelligence is indeed the future, then Microsoft needs to be sent to the remedial boarding school upstate. Just one year after shuttering teen chatbot Tay because it became a racist …
Who cares about smart city security? (CSO Online) There is a fierce debate raging over smart city security, with one side fueling the hype while the other conjures nightmare scenarios. The trouble is that the debate is silent, siloed and unproductive.
Legislation, Policy, and Regulation
Explaining Australia’s sharp turn to information warfare (Interpreter) Last week the Turnbull Government announced the creation of the country's modified version of a US Cyber Command.
EXCLUSIVE: Prime Minister talks exclusively to Crikey in this exclusive on The Cyber (Crikey) It's time for a dose of reality on cybersecurity ...
Knesset Panel Clears Bill Allowing Court to Censor Internet (Haaretz) Critics say the bill gives police and prosecutors too much power and doesn't ensure a transparent process
read more: http://www.haaretz.com/israel-news/1.799335
NCSC Rolls out Active Cyber Defense Government Programs (Infosecurity Magazine) NCSC has announced the launch of four ‘Active Cyber Defencs’ programs to improve basic level of cybersecurity across UK business and government departments
Cry ‘Havoc!’, and let slip the dogs of lulz (TechCrunch) Well, why not? I mean, you know, what the hell. Dave Aitel's proposal over at The Hill for "a cyber investigatory setup funded by private industry" to react..
Pentagon demands contractors up cybersecurity (San Antonio Express-News) Changes include a requirement for contractors to use multi-factor authentication; prohibit the use of flash drives; and send reports of any attacks on computers accessing government networks.
In the wake of the cyber sprint, OMB to develop new consolidated identity management guidance (FederalNewsRadio.com) OMB's forthcoming guidance is designed to give agencies one place to view OMB's collection of identity management policies and lessons.
Is it Time to Can the CAN-SPAM Act? (KrebsOnSecurity) Regulators at the U.S. Federal Trade Commission (FTC) are asking for public comment on the effectiveness of the CAN-SPAM Act, a 14-year-old federal law that seeks to crack down on unsolicited commercial email. Judging from an unscientific survey by this author, the FTC is bound to get an earful.
Cyber Command leverages acquisition model of special operations group (C4ISRNET) With the new acquisition authorities Congress granted to U.S. Cyber Command, the nascent organization is emulating the buying model of U.S. Special Operations Command.
Opinion | Vacancies in federal cybersecurity directorate leave the U.S. more vulnerable (Washington Post) Regarding the June 28 news article “Ukraine fares worst as cyberattack sweeps Europe with ransom demands”: It should be noted that there are numerous vacancies in the Department of Homeland Security...
Interview: US Rep. Elise Stefanik (Defense News) U.S. Rep. Elise Stefanik is the chairwoman of the Armed Services Emerging Threats and Capabilities Subcommittee with jurisdiction over Pentagon cyber operations, counter-terrorism, U.S. Special Operations Command and countering weapons of mass destruction.
Don't expect Govt to protect NZ healthcare firms from cyber attacks, health expert warns (Security Brief) “None of us can pass the buck and assume that its up to the government and big corporates to protect New Zealand health organisations."
Former Pentagon Money Man to Oversee Defense of NATO Computer Networks (Defense One) Kevin Scheid returns to the alliance as members eye spending increases to pay for cyber projects and traditional weapons.
Litigation, Investigation, and Law Enforcement
ME Doc's servers seized in NotPetya investigation in Ukraine as attackers remove $10,000 in bitcoin from 'ransomware' wallet (Computing) Attack on ME Doc - used by four-fifths of companies in Ukraine - a nation-state attack intended to disrupt the country, claim authorities
Ukrainian software company will face charges over cyber attack, police suggest (Australian Broadcasting Corporation News) The Ukrainian tax software company that is accused of being the patient zero of a damaging global cyber epidemic is under investigation and will face charges, Ukraine's CyberPolice suggest.
Family firm in Ukraine says it was not responsible for cyber attack (Reuters) Ukrainian company Intellect Service was not responsible for last week's international cyber attack that brought down the computer systems of several major companies, the father and daughter team told Reuters on Monday.
Kaspersky Lab row: Russian minister warns of blowback (ITWire) A senior Russian official has escalated the war of words over products from Kaspersky Lab by saying that any "unilateral political sanctions" by the US against Russian companies could prompt a response from Moscow.
Documents could link Russian cybersecurity firm Kaspersky to FSB spy agency (Chicago Tribune) Kaspersky's certifications, issued by the spy agency known as the FSB, include a military intelligence unit number matching that of an FSB program.
How close is Russian cyber firm to Russia’s spies? (Charlotte Observer) Kaspersky Lab, the Russian company that strongly denies allegations it is tied to the Kremlin’s intelligence arm, could face new questions. McClatchy found that government certifications issued to the company contain a military intelligence number, prompting some experts to suggest it may be hard evidence.
United States Of Paranoia: Why The Specter Of Russian Meddling Won't Go Away (Talking Points Memo) As experts try to determine the depth of foreign espionage operations during the 2016 race, everything is starting to look...
Foisting Blame for Cyber-hacking on Russia (Consortium News) Cyber-criminal efforts to hack into U.S. government databases are epidemic, but this ugly reality is now being exploited to foist blame on Russia and fuel the New Cold War hysteria, reports Gareth Porter.
Medicare information spotted for sale on dark web (CRN Australia) Minister calls in AFP.
No 10 ‘buried terror report to protect Saudi Arabians’ (Times (London)) Theresa May has been accused of burying a report into the funding of Islamist extremism in the UK for fear it will embarrass Saudi Arabia. It has emerged that the report, which was originally...
ISIS Hits Iran (Foreign Affairs) After three years of trying to strike Iran, the Islamic State (ISIS) finally succeeded in June
Liberty Wins Right to Challenge Parts of Snoopers’ Charter (Infosecurity Magazine) Liberty Wins Right to Challenge Parts of Snoopers’ Charter. Bulk surveillance has already been ruled illegal by European Court
Health trust rapped on illegal use of patient data in Google AI deal (Naked Security) A deal between a healthcare trust and Google’s DeepMind project to be much smarter about diagnosis and prevention could have been a good thing – so what went wrong?
When is public information not public? When LinkedIn says so (Naked Security) A start-up is challenging LinkedIn on access to users’ public profiles – how do you feel about your public data being used in this way?
Collaboration is key to combating cyber crime (ComputerWeekly) Interpol has called for speedy and effective information-sharing between law enforcement agencies, governments, businesses and cyber security companies to counter growing cyber threats.
UK Teen Charged with Running DDoS Booter Service (BleepingComputer) UK authorities have charged an eighteen-year-old with running a DDoS booter service that was used to launch DDoS attacks on legitimate businesses across the world.
Who is the GovRAT Author and Mirai Botmaster ‘Bestbuy’? (KrebsOnSecurity) In February 2017, authorities in the United Kingdom arrested a 29-year-old U.K. man on suspicion of knocking more than 900,000 Germans offline in an attack tied to Mirai...
Pakistani man jailed for 4 years over $19.6M hacking scheme (HackRead) Muhammad Sohail Qasmani, a 49-year-old Pakistan was sentenced to four years of imprisonment after he was discovered to have hacked into the internal phones