Cyber Attacks, Threats, and Vulnerabilities
CIA Implants Steal SSH Credentials From Linux & Windows Devices: WikiLeaks (HackRead) The whistleblowing platform WikiLeaks is back with another batch of Vault 7 related documents exposing the alleged hacking tools and programs used by the Agency
CIA Malware Can Steal SSH Credentials, Session Traffic (BleepingComputer) WikiLeaks dumped today the documentation of two CIA hacking tools codenamed BothanSpy and Gyrfalcon, both designed to steal SSH credentials from Windows and Linux systems, respectively.
Lasting Damage and a Search for Clues in Cyberattack (New York Times) An attack that started in Ukraine and spread throughout the world is still causing headaches for a number of big companies.
M.E.Doc Software Was Backdoored 3 Times, Servers Left Without Updates Since 2013 (BleepingComputer) Servers and infrastructure belonging to Intellect Service, the company behind the M.E.Doc accounting software, were grossly mismanaged, being left without updates since 2013, and getting backdoored on three separate occasions during the past three months.
The Petya Plague Exposes the Threat of Evil Software Updates (WIRED) Security firm Kaspersky says the ransomware was the third attack in the last year that hijacked innocent updates to spread malware.
NotPetya Cyber Attacks Point to a Need for Comprehensive Risk Management (eSecurity Planet) The malware was spread via an update to accounting software used by 80 percent of Ukrainian companies.
Everything you need to know about the latest variant of Petya (WeLiveSecurity) The latest global cyberattack, detected by ESET as Win32 / Diskcoder.C, considered a variant of Petya, once again highlights the reality outdated systems and insufficient security solutions are still widespread.
Decryption Key to Original Petya Ransomware Released (Threatpost) The key to decrypt the original Petya ransomware has been reportedly released by the ransomware’s author.
Ker-ching! NotPetya hackers cash out, demand 100 BTC for master decrypt key (Register) Plus, bonus ransomware strain found lurking in software update
In ExPetr/Petya’s shadow, FakeCry ransomware wave hits Ukraine (SecureList) While the (cyber-)world was still shaking under the destructive ExPetr/Petya attack that hit on June 27, another ransomware attack targeting Ukraine at the same time went almost unnoticed.
The maker of Durex condoms has cut its earnings forecast because of June’s cyber attack (The Independent) The maker of Durex condoms and Dettol has cut its growth forecast, citing the cost of last month’s cyber attack which it said disrupted manufacturing and distribution. Major companies, including Russia’s biggest oil company and Ukrainian banks were affected by a sweeping attack in June.
Reckitt and Mondelez warn cyber attack hit sales (Financial Times) Impact on multinationals of Petya malware proving more severe than WannaCry
Maersk warns that it's 'too early to predict' the impact of NotPetya after malware caused ports to grind to a halt for a week (Computing) Maersk and Cadbury's warn over impact of NotPetya after Reckitt Benckiser admits that malware has cost it at least £100m
Maersk says too early to predict financial impact of cyber attack (Reuters UK) Maersk said it was too early to predict the financial impact of last month's global Petya cyber attack that hit the shipping giant's computers and delayed cargoes, but added that normal operations had resumed at its ports.
Hackers Are Targeting Nuclear Facilities, Homeland Security Dept. and F.B.I. Say (New York Times) Among the companies targeted was a firm that operates a nuclear power plant in Kansas. It is not clear who was responsible.
FBI-DHS “amber” alert warns energy industry of attacks on nuke plant operators (Ars Technica) Spear-phishing e-mails with malicious fake résumés targeted plant engineers.
Hack Brief: Hackers Targeted a US Nuclear Plant (But Don't Panic Yet) (WIRED) Hackers have reportedly targeted US energy utilities, and may be laying the groundwork for blackouts. But they may yet be a long way from that goal.
Inside the rickety, vulnerable systems that run just about every power plant (CSO Online) A security expert's warning: We're using Windows XP for a lot of awfully important things and hoping for the best.
Does industry have a death wish – connecting actuators directly to the Internet is not a good idea (Control Global) Actuators, including motors and drives, control physical processes by monitoring sensors and adjusting pumps (motors), valves, fans, etc. When actuators don’t work as designed for malicious or unintentional reasons, equipment damage, injuries, and deaths can, and have been, a result. Consequently, connecting actuators directly to the Internet is not a good idea.
Hacking the State of the ISIS Cyber Caliphate (Dark Reading) Researchers say Islamic State's United Cyber Caliphate remains in its infancy when it comes to cyberattack expertise.
The Guerilla Journalists Defying ISIS One Video at a Time (WIRED) A new documentary goes inside the struggle to shed light on the horrors of jihadist rule in Raqqa, Syria.
SpyDealer takes control of Android phones and steals data from encrypted messaging apps (Computing) Malware is distributed via compromised wireless networks, not the Play Store
AdGholas leverages Astrum EK in latest malvertising campaign (Computing) Fake websites look almost identical to the real thing, going so far as to clone genuine adverts
CopyCat Malware Infects 14M Android Devices in Ad Fraud Attack (eWEEK) Check Point discovers an Android malware attack that is installing unauthorized apps on devices and displaying fraudulent ads.
Satellite phone communications can be decrypted in near real-time (Help Net Security) Satellite phone communications encrypted with the GMR-2 cipher can be decrypted in mere fractions of a second, two Chinese researchers have proved.
Why Kodi boxes can pose a serious malware threat (Help Net Security) The illegal streaming market is ripe for opportunists looking to make a buck. Hackers can exploit Kodi boxes to infect consumers' devices.
A Major Dark Net Market Is Down and Users Are Worried They Got Scammed (Gizmodo) AlphaBay Market, a prominent dark web marketplace that facilitates the sale of drugs and other illegal items, went down last night and users are panicking, afraid the moderators have shut down the site for good and run off with the loot.
As World's Largest Dark Web Market Vanishes, Dodgy Links Promise a Way Back In (Motherboard) When a dark web market goes down, and panicked users are desperately trying to get their coins back, scammers are going to cash in.
Dark web souk AlphaBay outage: Users fear they've been scammed (Register) It's not like you can go to the police, eh?
Exit Scam fears as Darknet Giant AlphaBay Goes Offline (Infosecurity Magazine) Exit Scam fears as Darknet Giant AlphaBay Goes Offline. World’s biggest marketplace panics customers
WWE issues statement on security breach exposing fans’ personal information (Cageside Seats) Some three million users were reportedly affected.
Security Patches, Mitigations, and Software Updates
Microsoft releases 15 Office patches for July, but some bugs remain (Computerworld) Embarrassing Office 2010 fix—KB 4011042—doesn’t make the main listing
Google Patches Critical ‘Broadpwn’ Bug in July Security Update (Threatpost) The July Android Security Bulletin patches 11 critical remote-code execution bugs including one dubbed ‘Broadpwn’ that impacts both Android and iOS devices.
July’s Android Security Bulletin Addresses Continuing Mediaserver and Qualcomm Issues (TrendLabs Security Intelligence Blog) Google has released their Android security bulletin for July in two security patch level strings: the first dated 2017-07-01 and the succeeding one dated 2017-07-05. As always, Google urges users to update and avoid any potential security issues. Owners of native Android devices should apply the latest over-the-air (OTA) updates, and non-native Android device users...
New Google Security Controls Tighten Third-Party Data Access (Dark Reading) Google adds OAuth app whitelisting to G Suite so admins can vet third-party applications before users can grant them authorized data access.
Don’t freak out about the Google Pixel’s Android update problem (BGR) Some Google Pixel phones appear to suffer from some kind of strange Android update issue. But the problem seems to be limited, and it’ll certainly be fixed in the near future. So there’s no reason …
New Black Hat Research Reveals 60% of InfoSec Professionals Say Cyber Attack on U.S.'s Critical Infrastructure to Occur in Next Two Years (PRNewswire) A majority of the cybersecurity industry's most experienced professionals...
It’s Time to Get Serious About Web Application Security (CSO Online) Historically, IT teams have tended to deploy web application firewalls (WAFs) simply to comply with Payment Card Industry Data Security Standards (PCI DSS).
Rethinking what it means to win in security (CSO Online) Security leaders need to celebrate success with a better definition of winning.
Cyber attacks are prompting a boost in cybersecurity M&A, figures reveal (City A.M.) Both strategic buyers and private equity firms are showing a renewed interest in cybersecurity acquisitions, new figures from technology-focused merger
Microsoft poised to cut another 3,000 jobs this week (Computing) More jobs going in cost-cutting at Microsoft as company engineers shift in focus to the cloud
Exclusive acquires US security VAD Fine Tec (Channelnomics) Global VAD buys $230m-turnover Fortinet distributor
Original bidder for Sandvine matches rival offer (TheRecord.com) The original bidder for Waterloo tech firm Sandvine has matched an offer from a rival suitor.
Security Startup SecureAuth Raises $1 Million - NewsCenter.io (NewsCenter.io) SecureAuth announced the close of $1 million in financing from an undisclosed investor. SecureAuth Corporation, formerly MultiFactor Corporation was founded in October 2005 with a mission to help customers establish secure and simple access to every application over the Internet and via VPNs to conduct …
This startup wants to track all your cyber threats. Now it’s looking to raise millions. (Washington Business Journal) The company [NormShield], started by former Howard Hughes Medical Center CIO, faces some stiff competition.
WISeKey Wins Contract with Leading Automobile Maker to Secure Connected Cars Using Trusted Iot Technologies (BusinessWire) WISeKey International Holding Ltd (“WISeKey” SIX:WIHN), a leading Swiss cybersecurity and IoT company, announced today that it is del
Apple’s bug bounty program faltering due to low payouts to researchers, new report claims (9to5Mac) A new report from Motherboard today delves into some details regarding Apple’s bug bounty program, an intitative the company launched last year in hopes of encouraging security researching to…
Intelligence Seeks Out Innovation (SIGNAL Magazine) The DIA doesn't let convention get in the way of good solutions.
RiskIQ Appoints Three New Executives to Accelerate Growth of Award-winning Digital Threat Management Business (GlobeNewswire News Room) RiskIQ, the leader in digital threat management, today announced the expansion of its management team with three new executive appointments to fortify growth and customer service for its award-winning Digital Threat Management Platform.
Products, Services, and Solutions
CyberPoint's DarkPoint Platform Assessed at US Army Cyber Quest 2017 (CyberPoint) The US Army assessed DarkPoint, CyberPoint's automated artifact analysis platform, at its annual Cyber Quest 2017 event. The event wrapped up June 30th, and was hosted by the US Army Cyber Center of Excellence (CCoE) at Fort Gordon, Georgia. CyberPoint was one of multiple vendors selected to participate this year, and sent a team to train soldiers how to install and operate the DarkPoint platform.
Comodo and e-Safer Certificate Division TrustCert Partner to Expand Cybersecurity Solutions in Brazil (Sys-Con Media) Comodo, a global innovator and developer of cybersecurity solutions and the worldwide leader in digital certificates, and TrustCert, a Brazilian division of e-Safer specializing in TLS/SSL digital certificates, today announced a new partnership to provide Comodo digital certificates solutions and managed security services to the Brazilian market.
Virtustream expands enterprise cloud platform for SAP HANA in Asia-Pacific (Inside SAP) Virtustream has burst into the Asia-Pacific with new data centres in Sydney, Canberra and Japan. Debra Hamilton reports on the company's ambitious plans.
ZTE integrates next generation Conax security (Broadband TV News) Conax, has announced a reseller agreement with ZTE Corporation, an international provider of telecommunications, enterprise and consumer technology solutions.
New OPSWAT Metadefender Kiosk 4.0.0 Provides Revamped User Interface and More Customization (Benzinga) OPSWAT released Metadefender Kiosk 4.0.0 to provide customers with an updated customizable user interface that includes multi-language support.
Comma.ai launches an $88 universal car interface called Panda (TechCrunch) George Hotz, aka geohot, is fidgeting in his living room, wearing dark shades and a giant comma on his t-shirt as he shows me his company's latest product, an..
Let’s Encrypt to Offer Wildcard Certificates in 2018 (Threatpost) Certificate authority Let’s Encrypt said this week it will begin offering wildcard certificates in 2018.
Skycure Achieves EU-U.S. Privacy Shield Certification (Marketwired) Department of Commerce certification highlights Skycure's commitment to privacy
Technologies, Techniques, and Standards
Why doctors using SnapChat to send scans is not the problem (Naked Security) It’s not so much the app the doctors are using, it’s that they’re using it to sidestep the official channels
Five crucial ways to help keep a system safe from harm (Help Net Security) In order to remain steps ahead of criminal hackers you need to take a preventive approach in protecting information. Here are five crucial suggestions.
Top five questions about using quantum-safe security in financial transactions (Banking Tech) A wide range of technology-driven sectors will be affected by the advent of universal quantum computing many experts say will happen by 2026, but the financial industry has particular reason to be concerned.
Bitcoin Basics: Applying Blockchain to the Supply Chain (Supply & Demand Chain Executive) There’s a lot of uncertainty when it comes to whether or not one should invest in Bitcoin, but here’s a breakdown of the basics.
The SOC Is Dead...Long Live the SOC (Dark Reading) The traditional security operations center can't deal with present reality. We must rethink the concept in a way that prepares for the future.
The Pentagon Says It Will Start Encrypting Soldiers' Emails Next Year (Motherboard) Basic decade-old encryption technology is finally coming to Pentagon email servers next year.
Is your sandbox strategy keeping you safe? (Information Age) Here are five areas where legacy sandboxing techniques fail, and explores what is needed for your enterprise to stay ahead of APTs
Design and Innovation
The Pros and Cons of Automated Cybersecurity (BizTech) Microsoft’s recent Hexadite acquisition shows the trend is in favor of automation — but is that the best solution for your business?
Research and Development
Luxembourg Uni Researchers Join Honda to Overcome Car Key Fob Attacks (Infosecurity Magazine) Luxembourg Uni Researchers Join Honda to Overcome Car Key Fob Attacks. Car thieves can use relay attacks to commit the perfect crime
University to team up with major tech firm (South Wales Argus) Another leading international aerospace and defence company has forged links with Gwent, signing an agreement with the University of South Wales.
Internet’s invisibility cloak foments crime, pioneering cyber-shrink says (The Times of Israel) Irish cyber-psychologist Mary Aiken, who inspired TV’s ‘CSI: Cyber,’ says we must measure kids’ tech prowess and identify those at risk of becoming teen hackers
UA offers online master's degree in cybersecurity (AZ Big Media) The University of Arizona has launched a new online master’s degree program in cybersecurity just as a new report by Cybersecurity Ventures predicts that the cyber crime epidemic will triple the number of open cybersecurity positions over the next five years. The Master of Science in Cybersecurity curriculum draws from the UA’s top-ranked Eller Managementâ€¦ Read More â†’
Legislation, Policy, and Regulation
Beijing’s Views on Norms in Cyberspace and Cyber Warfare Strategy Pt. 1 (Center for International Maritime Security) Part 1 considers the centrality of information operations and information war to the PRC’s approach toward its current struggle against the U.S.
Beijing’s Views on Norms in Cyberspace and Cyber Warfare Strategy Pt. 2 (Center for International Maritime Security) Part 2 looks at the PRC’s use of international norms and institutions in cyberspace, and possible U.S. responses.
Singapore, Germany to work together in new areas such as cyber security: PM Lee (Today) Singapore and Germany will embark on new areas of cooperation including cyber security and financial technology said Prime Minister Lee Hsien Loong on Thursday July 6 before a meeting with German Chancellor Angela Merkel.Other areas in which the two countries could work t
Trump chides Russia, but doesn't condemn election meddling (Military Times) On the eve of his first meeting with Russian President Vladimir Putin, President Donald Trump vowed Thursday to confront "new forms of aggression" targeting the West and called for Moscow to stop fomenting unrest around the world. Yet he pointedly stopped short of condemning Russia for meddling in the U.S. election.
WannaCry, NotPetya: Worm Me Once, Shame on You; Worm Me Twice… (The Cipher Brief) The newest ransomware attack called NotPetya has re-ignited the debate ongoing since the earlier WannaCry attack. Cybersecurity experts, policymakers, and citizens affected have all asked: who is to blame for these attacks?
Lawmakers sound alarm about Russian cybersecurity firm (TheHill) Senators have moved to bar the Pentagon from using software produced by a Russian-origin cybersecurity firm, underscoring suspicions of its ties to the Russian government.
Litigation, Investigation, and Law Enforcement
Russian spies ramping up intelligence-gathering efforts: report (TheHill) Russian intelligence agents have stepped up their efforts to gather U.S. intelligence following the 2016 election, according to a new report by CNN.
Russia steps up spying efforts after election (CNN) Russian spies are ramping up their intelligence-gathering efforts in the US, according to current and former US intelligence officials who say they have noticed an increase since the election.
Republicans want answers from private firm with access to hacked DNC server (New York Post) Republicans are seeking answers about the Democratic National Committee hacked computer server and the private firm that had exclusive access to its cyber-security system.
17 intelligence agencies or 4, Russia findings still valid (PolitiFact) President Donald Trump, speaking in Poland July 6, downplayed the strength of the intelligence community’s conclusion that Russia meddled in the election to his benefit. He justified his doubt by noting that the New York Times and the Associated Press recently corrected stories to clarify that four agencies, rather than 17, were directly involved in the January intelligence assessment about Russia’s interference in the election.
Encryption thwarting investigators as federal government taps increase (Naked Security) Annual wiretap report lifts the lid on crime investigation, revealing that the cost is rising sharply – and partly funded by drugs busts
U.S. Judge Orders Twitter's Government Surveillance Lawsuit to Proceed (Fortune) The government failed to show "clear and present danger" to restrain Twitter's right to talk about surveillance requests.
Facebook fights gag prohibiting it from alerting users to search warrants (Naked Security) It’s thought that the case might stem from the arrests made during the protests at Trump’s inauguration when the profiles of some of the more than 200 people arrested were mined for inf…
The Bangladesh Bank Hacking Case Remains Unsolved (Financial Technologies Forum) The SWIFT financial messaging cooperative, the Federal Reserve Bank of New York and Bangladesh Bank quietly issued a statement this week revealing that they are still trying to resolve “the cyber fraud event that occurred in February 2016.”
Apple accused of infringing six patents in iPhone, iPad by Qualcomm (CRN Australia) Asks for ban on some iPhone, iPad imports.
Telecom Hacker Sentenced for Laundering Millions (Dark Reading) Pakistani man sentenced to prison for hacking into PBX systems and generating millions of dollars via bogus premium phone calls and laundering the money.
IAAF: IAAF statement – release of information following cyber attack| News | iaaf.org (IAAF) The IAAF offers its sincerest apologies to the athletes who believed their personal and medical information was secure with us. We will continue to work with cyber incident response (CIR) firm Context Information Security, who identified the Fancy Bear cyber-attack which we announced in April to create a safe environment. Context believes that the information published yesterday emanates from that attack.
Bad things happen to good people – but you can help stop that (Naked Security) Who gets targeted by scammers, and how can we help them? We’ve got some tips to help you help others