Cyber Attacks, Threats, and Vulnerabilities
The Clever Phishing Trick Used by Hackers Targeting the US Energy Sector (BleepingComputer) Last week, the media was abuzz with apocalyptic headlines about how Russian hackers were launching cyber-attacks on the US energy and nuclear sector.
US officials aware of possible hacking at nuclear facilities (Fifth Domain | Cyber) Nuclear and other energy providers have been advised by the Department of Homeland Security and the FBI that hackers may be trying to breach their computer systems.
US Acknowledges Cyber Attack On Kansas Nuclear Power Plant (Silicon UK) The Wolf Creek facility in Kansas was one of at least a dozen energy companies affected by the hacks, but officials say there's no risk to public safety
NUCLEAR: 'Who did it?' zeroes in on Russian hacking (E&E News) A sophisticated group of hackers has targeted U.S. nuclear plants in a wide-ranging hacking campaign since at least May, according to multiple U.S. authorities.
Russia causing mayhem in cyberspace, says former GCHQ chief (The Telegraph) Russia’s cyber subversion is a threat to Britain’s democratic process a former head of GCHQ has warned.
Foreign hackers probe European critical infrastructure networks: sources (Reuters) Cyber attackers are regularly trying to attack data networks connected to critical national infrastructure systems around Europe, according to current and former European government sources with knowledge of the issue.
Security Researchers Find Way To Recover Encrypted NotPetya Files (Silicon UK) Encryption errors mean it may be possible to manually recover files encrypted by the NotPetya malware last month, researchers say
LeakerLocker ransomware threatens to dox Android users as extortion (Graham Cluley) Mobile ransomware known as LeakerLocker threatens to dox Android users with whom it comes into contact as a means of extortion.
Spam Campaign Delivers Cross-platform Remote Access Trojan Adwind (TrendLabs Security Intelligence Blog) Adwind/jRAT, a cross-platform remote access Trojan (RAT), can be run on any machine installed with Java, including Windows, Mac OSX, Linux, and Android.
WordPress REST API flaw: How did it lead to widespread attacks? (SearchSecurity) A WordPress REST API vulnerability enabled attackers to deface over 1.5 million sites. Find out how your enterprise can secure its WordPress pages.
An Italian bank’s server was hijacked to mine bitcoin (Quartz) Employees also hid servers under the flooring to secretly mine bitcoin.
BYOD Blamed for Massive Cryptocurrency Breach (eSecurity Planet) 30,000 customers' information was exposed when an employee's home computer was hacked.
How Cryptocurrencies Really Work (Popular Mechanics) The tech behind decentralized money.
EMC products hit by multiple vulnerabilities including SQL injection (SC Media US) Multiple SQL injection flaws in EMC products could allow hackers to gain web access and take information from applications.
Basic Office maldoc analysis (SANS Internet Storm Center) Malicious Office documents come in all type of flavors, sometimes very simple: they contain just an embedded file (for example an EXE), without any script or exploit to automatically launch the embedded file. The user is persuaded through social engineering to extract and execute the embedded file.
Dark Web Hosting Service Hacked, Some Data Was Stolen (BleepingComputer) Deep Hosting — a Dark Web hosting service — admitted yesterday to suffering a major security incident during which "some sites have been exported."
Tendulkar wants your number on Twitter, what do you do? (Naked Security) Indian cricket legend Sachin Tendulkar asked 17m Twitter followers to send him their friends’ phone numbers – good intentions, bad idea!
Jayden K Smith's Facebook friendship request - not a hacker, it's a hoax (Graham Cluley) Another hoax warning spreads quickly on Facebook. Will people ever learn?
Reports: Reliance Jio deals with possible data breach (RCRWireless) Reliance Jio says posted customer data is “unauthentic”, but reports conflict
BRIEF-India's Bengal Tea and Fabrics says co faced cyber attack on June 27 (Reuters) Bengal Tea and Fabrics Ltd
West Hartford Town Website Hacked (Spamfighter) The website of West Hartford town is reported to have been attacked in the morning of July 6; however, according to the authorities, the website's user data wasn't breached. The site named www.westhartfordct.gov continues to be inaccessible; while it is broadcasting a notification stating that it's not possible to reach the site alternatively "www.westhartfordct.gov took too long to respond."
Security Patches, Mitigations, and Software Updates
Google Patches Critical Android Vulnerabilities (Security Intelligence) Google recently disclosed 138 Android vulnerabilities, including media framework issues that could enable attackers to execute arbitrary code remotely.
Kill it! Kill Windows XP now! (Computerworld) Or are you OK with leaving yourself open to something that can kill your business?
Cyber Trends
Why IoT education is necessary to protect yourself from cyber attacks (TechRepublic) An expert panel at the Global Cybersecurity Summit in Kiev, Ukraine, discussed various devices that could be connected in the future, and how they might impact consumers, governments, and industries.
The future of security and the Internet of Identities (IoI) (CSO Online) IoT, mobility, cloud and pressing security needs mean that every node must have a trustworthy identity and a secure path to network services.
Australian Businesses 'Worryingly Underprepared' For Rising Ransomware Threat: Experts (CSO) In recent months the WannaCry and Petya outbreaks have caused widespread disruption and losses for businesses and public-sector bodies
Marketplace
Panel recommends chief cyber security expert for every company board (iTWire) With cyber security top-of-mind after the WannaCry and other attacks, IT governance and board expert Monica Schlesinger says that company boards can n...
Hot UK cyber security startup Darktrace has raised a huge $75m (City A.M.) One of the Uk's hottest startups has millions of pounds in fresh funding, pushing the firm's valuation surging past the half a billion dollars mark.
Exclusive: Cybersecurity Startup Darktrace Worth $825 Million After New Funding (Fortune) The company is one of Britain's top tech startups.
Darktrace Enters into Strategic Partnership with CITIC Telecom CPC (ACN) Darktrace, the leader in Enterprise Immune System technology, has today announced it has entered into a strategic partnership with industry-leading managed security services provider (MSSP) CITIC Telecom CPC, a wholly owned subsidiary of CITIC Telecom International Holdings Limited (SEHK:1883), to bring next-generation cyber defense to businesses across Asia Pacific
HyTrust raises $36M and acquires DataGravity (TechCrunch) Word spread late last week that data visibility and security startup DataGravity had been acquired. At the time, though, it was unclear by whom. Now we know...
http://www.marketwired.com/press-release/risklens-secures-5m-series-a-equity-investment-2225572.htm (Marketwired) Consistently recognized for its product innovation leadership, RiskLens helps enterprise security and risk management professionals quantify their information security risk posture
http://www.marketwired.com/press-release/risklens-secures-5m-series-a-equity-investment-2225572.htm (Marketwired) Consistently recognized for its product innovation leadership, RiskLens helps enterprise security and risk management professionals quantify their information security risk posture
Symantec Snaps Up Skycure in Mobile Security Move (Dark Reading) Acquisition fills gap in Symantec's Apple iOS mobile security strategy - and addresses the future of 'mobile first,' Symantec CEO says.
StarHub to fully acquire cybersecurity company Accel for SG$26m (ZDNet) Accel Systems & Technologies will become a wholly owned subsidiary of StarHub after the carrier acquires the remaining 49 percent stake for a maximum of SG$26.22 million.
Palo Alto Networks Inc (PANW) Stock Could Be Worth $200 (InvestorPlace) Petya ransomware has cost companies hundreds of millions of dollars, and that's big for Palo Alto (PANW) stock, which could hit $200 soon.
Jade split into two companies in major revamp (Stuff) Jade founder Sir Gil Simpson says the amount he was paid for his remaining stake "more like a lolly than the lolly jar".
Canadian Group Company Above Security Re-branded as Hitachi Systems Security (BusinessWire) The company name of Above Security Inc. will be changed to Hitachi Systems Security Inc.
Israel's Check Point Software to ramp up India operations (International Business Times, India Edition) Israel's biggest tech company is looking to push value additions to its worldwide security products and services clients.
India and Israel’s Cyber Security Partnership Could be a Game Changer (The Wire) A partnership can be critical for India to meet its goals in securing its cyber infrastructure and expanding opportunities for the country’s tech sector.
DTRA awards network survivability contract (C4ISRNET) CENTRA Technology has been awarded a $61.7 million Defense Threat Reduction Agency contract to assess vulnerabilities.
How to write an information security analyst job description (CSO Online) A thorough, clear job description will ensure that security analysts stay on the same page with management expectations.
Security Threats Create Talent Challenges, Opportunities (Hunt Scanlon Media) Cybersecurity might well might the greatest challenge facing corporate America today. The threat to reputation, private information and dollars — both from immediate theft and the cost of repairing the damage of a cyber-attack — can be staggering. Yet too few companies have taken adequate measures to protect themselves. No one can deny that it is
SIA Announces Kathleen Carroll of HID Global as Chair of Data Privacy Advisory Board, Craig Sharman of Johnson Controls as Government Relations Committee Chair (Security Industry Association) SIA Announces Kathleen Carroll of HID Global as Chair of Data Privacy Advisory Board, Craig Sharman of Johnson Controls as Government Relations Committee Chair.
IBM names CMO for Watson division (Marketing Dive) Michael Mendenhall assumed the chief marketer title for the artificial intelligence brand as competition in the space heats up.
FireEye Chief Marketing Officer Departs For New Role Outside Security Industry (CRN) Longtime marketing executive Kara Wilson, who has been CMO at FireEye since 2013, has left the security vendor.
SafeStack snags Google, Microsoft cybersecurity experts for new advisory board (Security Brief) New Zealand-based cybersecurity firm SafeStack has signed up major talent to its advisory board to help the company achieve further growth.
Products, Services, and Solutions
Cylance Integrates AI-driven CylancePROTECT Engine into VirusTotal (BusinessWire) Cylance® Inc., the company that revolutionized the antivirus industry with AI-powered prevention that blocks everyday malware along with today&rsq
Cornet Technology, Inc. Announces a Partnership with Redwall Technologies (PRWeb) Cornet Technology, Inc. is pleased to announce that it is collaborating with Redwall Technologies to offer cyber-hardening of Cornet’s defense offerings.
SAP wants to bridge the gap between IoT and business data (TechCrunch) SAP announced a new tool today called the Leonardo IoT Bridge designed to help bridge the gap between data coming from sensors in the field and business..
Waterfall's Unidirectional Security Gateway fortifies the SCADA network (Financial News) Waterfall Security Solutions, a global leader in cybersecurity technologies for critical infrastructure and industrial control systems, has announced the deployment of its Unidirectional Security Gateway together with IBM´s QRadar® Security Intelligence solution at Dorad Energy, the company said.
Tech Billionaires Positioning Themselves for $1 Trillion Cybersecurity Boom (Sys-Con Media) Make no mistake: Your data is under attack and hacker extortionists are getting rich-but this is a war with opportunities on both sides, and for the warriors fighting cybercrime, it's a $200-billion-plus opportunity with endless market potential.
Trend Micro & VMware tie the knot around mobile threat management (Security Brief) Trend Micro has joined VMware’s Mobile Security Alliance this week, as the companies seek to tackle the growing number of mobile security threats.
MasterCard, Dell EMC fight cyberfraud with machine learning (SiliconANGLE) MasterCard, Dell EMC fight cyberfraud with machine learning - SiliconANGLE
Why Security Experts Are Pissed That ‘1Password’ Is Pushing Users to the Cloud (Motherboard) 1Password is moving away from its one-time license, local storage option, and security researchers are not happy about it.
Technologies, Techniques, and Standards
GIAC Launches New Certification for GIAC Response and Industrial Defense, GRID (IT Business Net) GIAC, the leading provider and developer of Cyber Security Certifications, has launched a new certification for GIAC Response and Industrial Defense (GRID).
How Vulnerable Are Texas Voter Rolls To Cyber Attack? | Houston Public Media (Houston Public Media) We discuss cyber security and its role in our election process and learn what one county clerk is doing to ensure that security.
Getting the most out of your SIEM investment (Help Net Security) What can you do to get the most from your SIEM investment? Innovations in security automation technologies can definitely help.
How Code Vulnerabilities Can Lead to Bad Accidents (Dark Reading) The software supply chain is broken. To prevent hackers from exploiting vulnerabilities, organizations need to know where their applications are, and whether they are built using trustworthy components.
Jim Koenig on Law Firm Hacks and How to Prevent Them (Bloomberg BNA) Jim Koenig thinks that law firms need to adopt comprehensive information security programs and train their employees to become better versed in handling the fallout of a cyber attack. Perhaps there’s no clearer reminder of this than last month’s global malware attack, which, along with a number of global companies, hit DLA Piper and forced the...
The Men Behind the Infamous Fake North Korean Twitter Account (The Daily Beast) The DPRK News Service is not actually the DPRK’s news service—but it’s the closest peek behind the curtain we may get.
Design and Innovation
The case for the software-defined battlefield (C4ISRNET) After more than 15 years of nearly constant deployments, the U.S. military’s balancing act between modernization and readiness is reaching a tipping point.
Google Is Testing A "Panic Button" in Android So Users Can Close Malicious Apps (BleepingComputer) Starting with Android 7.1, Google has added a so-called "panic button" behavior in its mobile operating system, so users can immediately shut down any app they suspect of being infected with malware.
Quantum Computers vs Bitcoin – How Worried Should We Be? (The Merkle) One of the greatest computer innovations everyone seems to be eyeing lately is Quantum Computing. In essence, quantum computing exploits quantum mechanics to perform computational tasks far quicker t
Research and Development
Galois Awarded $2.7 Million Navy Contract To Develop New Cyber Resilience Capability (PRWeb) Project award by Office of Naval Research (ONR) will focus on protecting real-time and embedded military software systems by making them resilient to attack
Global Cybersecurity Firm BioCatch Granted Breakthrough Patent for Detecting Remote Access, Among the Most Persistent Cyber Threats Today (BioCatch) Latest grant extends the company's intellectual property portfolio to 23 granted patents and 25 more pending.
Google, IBM look to mimic the human brain (Network World) Two projects—one from Google and one from IBM and the U.S. Air Force—propose building neural computers that provide more power and consume less energy than supercomputers.
Academia
UCI cybersecurity group launches initiatives to combat cyber threats (EurekAlert!) New initiatives from the Cybersecurity Policy & Research Institute at the University of California, Irvine will help combat one of our greatest security challenges: vulnerabilities and attacks in cyberspace.
Legislation, Policy, and Regulation
NATO: We're supplying new cybersecurity equipment to Ukraine (Fifth Domain | Cyber) NATO's secretary-general says the 29-member alliance is supplying hardware to the Ukrainian government to help protect its government networks from cyberattacks.
NATO Chief Calls On Russia To Remove 'Thousands Of Troops' From Ukraine (RadioFreeEurope/RadioLiberty) NATO Secretary-General Jens Stoltenberg has affirmed the alliance's "unwavering support" for Ukraine's territorial integrity and has called on Russia to remove its "thousands of soldiers from Ukraine and stop supporting the militants with command-and-control and military equipment."
Cybersecurity Debate on the Agenda at the G20 (Panda Security Mediacenter) At a time when cyberwarfare has more presence than ever in meetings like the G20, governments are still far from making broad cybersecurity agreements.
What Trump’s Cybersecurity Flip-Flop Reveals (The Atlantic) Days after announcing an agreement with Russia on cybersecurity, the president declared it dead. Meanwhile, his government has taken no action to safeguard U.S. elections.
Trump's 'Impenetrable' Cyber Unit That Never Was (NPR.org) President Trump may have saved himself and the government a lot of trouble by pulling the plug on a joint cyber unit with Russia before work got seriously underway.
In first substantive comment on talks with Putin, Trump says he 'pressed' Russian leader on meddling (Los Angeles Times) President Trump says he “strongly pressed” Russian President Vladimir Putin over interference in last year’s U.S. election, but he did ...
Trump's cyber tweets cause dismay, confusion (POLITICO) Twelve hours apart, a pair of tweets about Russia get everyone talking.
It's Time to Get Real about Russia (National Review) The U.S. should not collaborate with the Russians on cyber-security, and its interests are not identical in Syria ...
Does Trump have a point about Obama and Russia? (POLITICO) Tom Donilon, former national security adviser, says ‘no doubt about it’ Obama should have done more about Russia hacking of 2016 election.
Dem seeks to block funding for cyber effort with Russia (TheHill) Rep. Don Beyer proposed blocking the funding in a key defense policy bill.
Granting NSA permanent bulk surveillance authority would be a mistake (TheHill) OPINION | The Section 702 provision authorizing bulk surveillance will expire this year unless Congress takes action.
Intelligence Professionals Learning to Speak Trump’s Language (Foreign Policy) Spies are adapting to a president with a short attention span.
Former GCHQ chief: End-to-end encryption is an “overwhelmingly good thing” (Alphr) The former head of GCHQ has spoken about the importance of end-to-end encryption, saying backdoors are a “threat to everybody”
Government Warms to Continuous Monitoring of Personnel With Clearances (Defense One) Software that scours public records for potential red flags gains traction as officials wrestle with a serious security clearance backlog.
A new approach to federal cybersecurity, 2 years after the OPM breach (FederalNewsRadio.com) John Chirhart, the federal technical director of Tenable, argues for a fundamental change in the way agencies approach cybersecurity for the long-term.
Ukraine’s priority task is to reform security and defense field – Poroshenko (Ukrinform News) The priority task of Ukraine at the current stage of cooperation with NATO is reforming and strengthening of the country's defense capability.
China’s mobile operators are reportedly being told to ban all use of VPNs (TechCrunch) China's latest move to crackdown on VPN software that enables people to circumvent its internet censorship system appears to be a very worrying one...
Proposed Cyber Security Bill: Experts hail proposals but some concerned about cost (The Straits Times) Security vendors, lawyers and operators of essential services laud steps taken by the Singapore Government to protect the continuity of essential services such as telecommunications, banking and healthcare with the release of a draft Cyber Security Bill yesterday...
Belligerent Saudis made the wrong choice in sidelining Qatar (Alaraby) Comment: Bullying Qatar with the rhetoric of anti-terrorism is...
Trump picks low-key director to lead FBI through tumultuous times (Federal Times) The attorney selected to replace James Comey as FBI director is described by those close to him as admirably low-key, yet he'd be taking over the law enforcement agency at a moment that's anything but tranquil.
The Marine Corps starts its first cyberwarfare expeditionary group (Marine Corps Times) The Marines Corps takes cyberspace.
Litigation, Investigation, and Law Enforcement
FBI: US soldier pledged allegiance to Islamic State group (Army Times) An active duty soldier based in Hawaii pledged his allegiance to the Islamic State group, helped purchase a drone for it to use against American forces and said he wanted to use his rifle to "kill a bunch of people," according to an FBI affidavit.
Interview: Its 'Aura' Dented By Lost Foothold, Islamic State Still Poses Threat (RadioFreeEurope/RadioLiberty) Some three years after its fighters stunned the world by seizing vast swaths of territory in Syria and Iraq, IS is on the run. But experts warn that the radical Sunni group is decidedly not defeated.
Ex-CIA officer accused of spying for China denied bail (South China Morning Post) Kevin Mallory was in possession of documents that could have compromised human intelligence sources, court hears
Spyware Sold to Mexican Government Targeted International Officials (New York Times) Investigators looking for 43 students who vanished after clashing with the police say the spying took place during a campaign to block them from solving the case.
Spyware Sold to Mexican Government Was Used to Target Experts Investigating Missing Students (Foreign Policy) The spyware is meant to track terrorists, but Mexico apparently turned it on journalists, activists and others.
Reckless III: Investigation Into Mexican Mass Disappearance Targeted with NSO Spyware (The Citizen Lab) The international investigation into the 2014 Iguala Mass Disappearance was targeted with infection attempts using spyware developed by the NSO group
Senators want answers on risk of nuclear power plant hacks (CNET) Sen. Ed Markey is one of the lawmakers pressing agencies for info on potential cyberattacks.
Congress Unnerved by Energy Grid Hack (Roll Call) The recent hack of the energy grid is attracting the attention of Congress, including members who have been warning about such an event.
Comey’s private memos on Trump conversations contained classified material (TheHill) More than half of the memos former FBI Director James Comey wrote as personal recollections of his conversations with President Trump about the Russia investigation have been determined to contain classified information, according to interviews with officials familiar with the documents.
Rachel Maddow’s Exclusive “Scoop” About a Fake NSA Document Raises Several Key Questions (The Intercept) There is no reason to believe someone obtained The Intercept’s NSA document prior to publication, and every reason to believe they did not.
Trump Jr. Was Told in Email of Russian Effort to Aid Campaign (New York Times) The president’s son was told in an email that the Russian government wanted to help Donald J. Trump’s election bid last year.
AT&T, Verizon, Other Telco Providers Lag Behind Tech Industry in Protecting Users from Government Overreach, EFF Annual Survey Shows (Common Dreams) While many technology companies continue to step up their privacy game by adopting best practices to protect sensitive customer information when the government demands user data, telecommunications companies are failing to prioritize user privacy when the government comes knocking, an EFF annual survey shows. Even tech giants such as Apple, Facebook, and Google can do more to fully stand behind their users.
FTC slaps $104m judgment on loan application firm (Naked Security) Blue Global wasn’t a loan company, didn’t safeguard data and sold leads to third parties for $200 each
When ex-workers attack (again): man used Trojan to cause havoc (Naked Security) Former staffer used a remote Trojan to trash client databases, steal credit cards and masquerade as another employee to make allegations about the company
Volunteers Are Helping Europol Geo-Locate Child Abuse Images (Motherboard) In June, the European Union's law enforcement agency launched a crowdsourcing project to identify items in child abuse images. Online sleuths have already matched plenty of localized objects.
Elderly Aussie Man Charged for Part in Ransomware Tech Support Scam (Infosecurity Magazine) Elderly Aussie Man Charged for Part in Ransomware Tech Support Scam. The 75-year-old is alleged to have set up three fake companies to launder money
Smart home device calls cops during domestic dispute (CSO Online) A smart device is being credited for potentially saving a life when it misheard what was said, took it as a command and called the cops.
The Former CEO of Mt. Gox Is Going to Trial for Allegedly Embezzling Bitcoins (Motherboard) The trial may close a notorious chapter in bitcoin’s history.