Cyber Attacks, Threats, and Vulnerabilities
Fighting Petya at Ground Zero: An Interview with Dmytro Kyselyov of IBM Ukraine (Security Intelligence) In this exclusive podcast, Dmytro Kyselyov of IBM Ukraine describes his experience facing the June 27, 2017 Petya variant outbreak from ground zero.
FedEx Says Some Damage From NotPetya Ransomware May Be Permanent (BleepingComputer) US-based and international courier delivery service FedEx admitted on Monday that some of its systems were significantly affected by the NotPetya ransomware, and some of the damage may be permanent.
CoinDash crowdfunding hack further dents trust in crypto-trading world (Register) $7m pilfered from investors, white hats on the trail
What is GhostCtrl? Android malware 'possesses' devices to spy, steal and do its bidding (International Business Times UK) GhostCtrl is a variant of the commercially available OmniRAT malware that can target Android, Mac, Windows and Linux systems.
Coding Library Vulnerability May Trickle Down to Thousands of IoT Devices (BleepingComputer) A vulnerability codenamed Devil's Ivy is putting thousands of Internet-connected devices at risk of hacking.
Home Security System Fails at Being Secure, Opens Homes to Hacking & Burglaries (BleepingComputer) The maker of a smart home security system has failed to patch five security issues in the firmware of his product. These flaws allow an attacker to bypass authentication, take over devices, and disable alarm systems, leaving homes exposed to burglaries.
Millions of Dow Jones customers exposed on misconfigured AWS server (CRN Australia) Personal details and some credit card info made vulnerable.
What customers of Verizon need to know about the info leak (GOOD4UTAH) Verizon has confirmed that personal information of 6 million customers was recently leaked online.
Who's responsible for protecting patient data in the cloud? (Healthcare IT News) Cybersecurity experts lay out the facts, and misperceptions, about securing data in the cloud. The answer is not so simple.
Ransomware is Not the Only Ransom Attack (Panda Security Mediacenter) Ransomware is not the only form of extortion that threatens user security. We take a look at other attacks that demand a "ransom" from their victims.
Over 70,000 Memcached Servers Still Vulnerable to Remote Hacking (The Hacker News) Over 70,000 Memcached servers are still vulnerable to critical remote code execution vulnerabilities
Attackers are taking over NAS devices via SambaCry flaw (Help Net Security) A Samba remote code execution flaw patched in May is being exploited to compromise IoT devices running on different architectures. Patch for SambaCry today!
When good extensions go bad: buyer turns Particle into adware (Naked Security) The tale of what happened when the Particle extension was sold and turned by its buyer into adware is a reminder that it’s a good idea to keep an eye on what you’ve added to your browse…
90 billion: The number of times hackers have tried to infiltrate Pa. computer systems (PennLive.com) Cybersecurity measures remain in place, but hackers last year made more than 90 billion attempts to break into state databases.
Premier Health hospitals impacted by vendor’s cyber attack (Dayton Daily News) The hospital's transcription services are down.
2017 will be a very big year for iOS vulnerabilities – Skycure MTD report (iTWire) The number of new disclosed iOS (CVE) vulnerabilities in the first quarter of 2017 was greater than all of 2016, according to mobile threat defence ve...
A massive botnet was tweeting you porn for months (CNET) Researchers say Siren was one of the largest spam campaigns on social media.
Game Of Thrones season 7 TORRENT WARNING - Free downloads could have a hidden DANGER (Express) MILLIONS of Game Of Thrones fans plan on illegally downloading or streaming the first episode of season 7 in the UK tonight, research has revealed. But a virus targeted at those who download the show from The Pirate Bay should be a cautionary tale to many illegal viewers.
Security Patches, Mitigations, and Software Updates
Microsoft announces new Windows 10 security features (Tecgenix) Recognizing that the “threat landscape continues to grow increasingly more sophisticated,” Microsoft has added several new Windows 10 security features.
Windows 10 support could end early on some Intel systems (Ars Technica) It all depends on what the “supported lifetime” of a system is.
Cyber Trends
Editorial: Blame Game (Infosecurity Magazine) Eleanor Dallaway considers the difference in the way that cybercrime victims and real-world crime victims are treated
Lastline says cyber-pros have some gaps in their malware knowledge (SC Media UK) Low awareness of some common malware behaviours could decrease the effectiveness of detection and mitigation efforts, according to the company.
Achieving 'always-on' availability in the shadow of two longstanding vulnerabilities: Malaysia cybersecurity interview (MIS Asia) 'There are two security challenges that will always continue to face the IT industry,' Veeam's Danny Allan told Computerworld Malaysia during a 'rapidfire' interview.
Kiwis, data privacy and IoT: Yeah, nah? Or only for the right reasons? (Security Brief) “People are happy to use their smartwatches to alert police to their location when they need help, but they don’t want police to freely access data."
Marketplace
Exclusive: Cyber Startup Awake Security Debuts With $31 Million in Funding (Forutne) The company has been in stealth mode for two years.
The Funded: Former Symantec CEO joins security startup board (San Jose Business Journal) Enrique Salem, the former CEO of Symantec Corp. who is now a managing director at Bain Capital Ventures, co-led a big round for Awake Security as it emerged from stealth on Monday.
ScaleFT Closes $2 Million Seed Funding Round; Launches “Zero Trust” Solution to Help Modernize Cloud Security (ScaleFT) Inspired by Google’s BeyondCorp architecture, ScaleFT Zero Trust Access Management protects corporate resources without VPNs
Rapid7 slurps security orchestration biz Komand (Register) When a problem comes along, you must whip it. Without having to get off your chair
Which cybersecurity start-ups have raised the most money in 2017? (Channelweb) CRN profiles the cybersecurity vendors with the largest funding rounds in 2017 so fa
Evolution Equity Partners Announces Final Close of New Cybersecurity Focused Fund (BusinessWire) Evolution Equity Partners announces final close of $125 million new fund to make investments in cybersecurity in North America, Europe and Israel.
Versasec Expands its German Operations with 300 Percent Growth Expected in 2017 (Versasec) Growing team supports company’s R&D efforts
Leadership In Cognitive Cybersecurity Makes IBM A Worthy Investment (Seeking Alpha) Investors should now take a good look at IBM's emergence as an early leader in cognitive cybersecurity. Watson, IBM's most famous creation for Artificial Intell
Is FireEye a Potential Turnaround Candidate? (Guru Focus) The company's transition to a subscription-based model will reap benefits
Is FireEye Inc (FEYE) Stock the Best IT Security Play? (InvestorPlace) FireEye should be among Wall Street's best security stocks over the next year. FEYE stock has the potential to hit $20 by next July.
Tenable Exec: Our 'Battle Cry' Is Enabling Channel Opportunities In IoT Security, Helping Secure Both IT And OT (CRN) Tenable Chief Revenue Officer John Negron talks about the security company's strategy around the Internet of Things and why solution providers should get on board.
Le maillon fort de la lutte cybersécuritaire (Largeur) La cryptographie constitue un élément essentiel pour sécuriser les données informatiques. À la pointe du secteur figure l’entreprise genevoise ID Quantique.
Michael Dell takes long view with 'Dell 2.0' (Mail Online) His first company became the world's largest maker of personal computers. Now Michael Dell says he is building a broader technology firm with similar...
Cellebrite’s Mobile Lifecycle Division to Rebrand as Mobilogy (EIN News) Cellebrite’s Mobile Lifecycle Division to Rebrand as Mobilogy Move enhances the division’s visibility and will accelerate growth to new segments across the
Britain's cyber security center says has never certified Kaspersky products (Reuters) Britain's National Cyber Security Centre said on Tuesday it had never certified products from Russian cyber security firm Kaspersky Lab.
Doing a Startup Involving Cryptography? Get Out of the U.S. (IEEE Spectrum: Technology, Engineering, and Science News) Singapore entrepreneurs say being able to avoid NSA requirements gives their companies a big advantage
Herndon-based IT firm names new CEO (Washington Business Journal) Herndon-based NetCentrics Corp. announced Tuesday that Cyndi Barreda, the company's current president, will take over for departing CEO and co-founder Bob Dougherty.
Mara Motherway Named Govt Relations Head at Booz Allen (GovCon Wire) Mara Motherway, a principal at Booz Allen Hamilton (NYSE: BAH), has been named head of government re
Trident Capital Cybersecurity Recruits Ken Gonzalez as Managing Director to Strengthen Its Experienced Cybersecurity Investment Team (GlobeNewswire News Room) Gonzalez Brings Deep Operational Experience, Strong Go-To-Market Knowledge and Broad Network of Corporate Partners to the Early-Stage Cybersecurity Venture Firm
Colorado Cyber Founder, Tom McConnell Promoted to Managing Director at Headwaters MB (BusinessWire) Headwaters MB, a leading middle-market investment bank, announced today that Tom McConnell has been promoted to Managing Director. Tom has been at Hea
Former Cylance Executive Joins SentinelOne to Lead Product Design and Strategy (Marketwired) Raj Rajamani, former Cylance Head of Products, Joins as Vice President of Product Management
ICF Names Randy James Head of Cybersecurity and Resilience Business (BusinessWire) ICF has named Randy James SVP and division lead for the company’s enterprise cybersecurity and resilience (ECR) practice.
Products, Services, and Solutions
Prey Business Adds Anti-Theft and Mass Management Features for More Secure Mobile Environments (EconoTimes) Prey Software, provider of the cross-platform, open source anti-theft software that protects more than eight million mobile devices, today announced a new version of its enterprise...
Minerva Advances Anti-Evasion Security to Protect Against Ransomware (eWEEK) The security startup uses ransomware attacks as an opportunity to help organizations improve security by backing up data at risk.
AlienVault Unified Security Management: Threat Intelligence Product Overview and Insight (eSecurity Planet) We review AlienVault Unified Security Management, which taps AlienVault Labs and a massive crowd-sourced exchange to identify and respond to threats.
EdgeWave Announces New ThreatCheck Service Advancing Phishing Detection and Security Awareness for Customers (Marketwired) New service enables real-time threat detection to foster security awareness at the end user
Splunk and Booz Allen Hamilton Announce Cyber Intelligence Service to Manage Advanced Threats with Greater Precision and Speed (BusinessWire) To help organizations improve how they detect and defend against cyber attacks, Splunk Inc. (NASDAQ:SPLK), provider of the leading software platform f
NexDefense Unleashes Next Evolution of Award-Winning IIoT, Industrial Cybersecurity Software: Integrity 3.2 (BusinessWire) NexDefense, a global leader for industrial IoT (IIoT) environments and cybersecurity, today announced the next evolution of its flagship Sophia platfo
Ixia Brings in ProtectWise to Strengthen Cloud Visibility Product (SDxCentral) ProtectWise and Ixia partnered to provide an integrated product to help enterprises monitor their public, private, and hybrid clouds.
KnowBe4 Releases Innovative, Customizable Automated Security Awareness Program Builder: ASAP (PRWeb) No-charge ASAP tool is an industry-first that helps IT professionals and security practitioners create a human firewall: their last line of defense.
The digital afterlife: app lets friends and family unlock your accounts after death (TechRadar) Gone but not forgotten
DCCC Employs Encrypted Messaging App to Prevent Hacks (Newsmax) The Democratic Congressional Campaign Committee (DCCC) is trying to guard against future computer hacks by using an encrypted messaging program for communications between employees and the campaign teams for 20 Democrats in the 2018 midterm elections....
Fpweb Unveils Hyper Secure Cloud® (Benzinga) Trustworthy, layered defense and industry-leading, next-generation security tools for organizations needing a more secure cloud.
BeyondTrust Partners with Secure Internet Storage Solutions to offer First Privileged Access Managed Security Service in Australia (Marketwired) BeyondTrust Partners with Secure Internet Storage Solutions to offer First Privileged Access Managed Security Service in Australia
Radware Powers TierPoint’s Best-In-Class DDoS Mitigation Service (NASDAQ.com) Radware® (NASDAQ:RDWR), a leading provider of cyber security and application delivery solutions, announced that it is powering TierPoint's new Managed DDoS Defense service via Radware's Attack Mitigation Solution (AMS), ERT Premium service, and extensive support services.
IBM Launches New Encrypted Transaction System That Can Even Address Cyberattacks (Futurism) IBM has announced its new IBM Z mainframe which can run more than 12 billion encrypted transactions per day.
Wombat Security Releases Securing Your Email - Fundamental Anti-Phishing Training Series (PRNewswire) Wombat Security Technologies (Wombat), the leading provider of cyber...
STEALTHbits Releases Splunk Apps for Threat Hunting, Active Directory Monitoring, File Activity Monitoring (Dark Reading) Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.
Technologies, Techniques, and Standards
Security experts from Google, Facebook, Crowdstrike want to save US elections (Ars Technica) "Defending Digital Democracy" will "generate innovative ideas" to safeguard democracy.
Former Clinton and Romney campaign chiefs join forces to fight election hacking (Washington Post) 21st century propaganda operations target all parties, former politicos say.
SIEM Complexities Increase IR Costs, Decrease IR Productivity (Marketwired) New report from Cyphort and Osterman Research puts spotlight on SIEM user challenges and how incident responders spend their time
Is cybersecurity a risk for fundraisers? The SC guide for charities (SC Media UK) Charities are being targeted by cybercriminals
Access all areas – but for how long after you’ve left the company? (Naked Security) How quickly do you push the big red Delete button on someone’s access after they leave?
The Cyber Kill Chain is making us dumber (Obsidian Tower) As soon as I read “cyber kill chain” I immediately hated it.
Analyzing Threats from Multiple Perspectives for Context (Bricata) Some point to security analytics as the answer, but the challenge remains nested in the source data being fed into the analytics tool. As the saying goes, garbage in equals garbage out.
Design and Innovation
Google wants you to bid farewell to SMS authentication (Naked Security) Google’s shift to a more secure option is welcome, but also adds to the confusion of the post-password world
Why Machine Learning will Boost Cyber Security Defenses (Infosecurity Magazine) Machine learning is our best hope for securing the exponential growth of technology. Imagine systems designed to learn the behavior of its users.
Research and Development
US Army Seeks Internet-of-Battlefield-Things, Distributed Bot Swarms (Defense One) After nearly two decades of war against technologically unsophisticated foes, the Army Research Lab is reorienting to counter China and Russia.
Advisory Group Prepping ‘Moonshot’ Plan to Fight Botnets (Defense One) DHS has commissioned two reports describing what might be done about networks of compromised computers.
Cyber security collaboration wins Health Data Provenance Challenge (University of Southampton) An innovative proposal from scientists at the University of Southampton to trace the origin of data has been named a winner of an international provenance challenge.
Academia
High School Girls Learn 'Virtuous Hacking' in Computer Science Program (THE Journal) The no-cost program is intended to woo more women into data security.
Bellingham cybersecurity organization funds new Western scholarship (Bellingham Business Journal) Computer science students studying cybersecurity at Western Washington University have the chance to get a new scholarship, thanks to a Bellingham organization.
5 University of Wisconsin Campuses Are Accepting Applications to Online Degree in Applied Computing (PRNewswire) Driven by industry demand, five University of Wisconsin...
Legislation, Policy, and Regulation
Corker: Russia sanctions could move before August recess (POLITICO) "I was a little worried about adding North Korea to it because of floor time," Corker told reporters. "But it seems we have a gap in the floor."
On Cooperating with Bad Actors in Cyberspace (Lawfare) What are the subjects, if any, on which cyber cooperation is not a bad idea?
Spying or CyberWar? How to Tell the Difference (Fortune) How the former head of the NSA sees it.
Ukraine separatist 'Little Russia' sparks concern over peace deal (Deutsche Welle) Pro-Russian separatists in Donetsk have declared all of Ukraine to be part of "Little Russia." Could the move undo the Minsk Protocol aimed at keeping the peace in the region?
Knesset passes law allowing courts to censor internet (Haaretz) The new law requires local ISPs to block access to gambling and pedophilia sites, websites that advertise prostitution or drugs, and sites that support acts of terror
How Badly Is China’s Great Firewall Hurting the Country’s Economy? (Foreign Policy) Beijing's paranoia is about to kill the country's booming live-streaming sector — and it won't be the only victim.
Dutton gets sweeping national security powers as head of new super-ministry (ABC News) Peter Dutton will be given the job of overseeing national security at the head of a new Home Affairs super-ministry, PM Malcolm Turnbull says.
Credlin slams PM’s ‘super security’ ministry (NewsComAu) SKY News political commentator Peta Credlin has weighed in on the Turnbull Government’s Home Affairs super portfolio, slamming the new ministry as “cooked up”.
Long favoured by Australian PM, Wickr could become his decryption Waterloo (CSO) Once lauded by prime minister Malcolm Turnbull as a paragon of secure communications, encrypted-messaging app Wickr could turn out to be one of the biggest opponents to his government’s new legislative push to force technology companies to divulge users’ encrypted communications.
Peru and Brazil Cooperate More Closely on Security and Defense (Dialogo Americas) The two countries’ armed forces agree to take action against mafias involved in organized crime.
[Open Letter to the Senior Official Performing the Duties of the Under Secretary, National Protection and Programs Directorate] (Senator Ron Wyden | Senator for Oregon) I write to ask you to take immediate steps to ensure that hackers cannot send emails that impersonate federal agencies...
What Is DMARC? (ValiMail) DMARC builds on two earlier email authentication standards, SPF and DKIM, adding validation for the address that appears in the From field of an email message.
Senator: Why Are Fed Agencies So Vulnerable to Email Fraud? (ValiMail) Senator Ron Wyden today called on DHS to enforce email authentication at all federal agencies. It's a good call.
House panel signs off on $1.8B for DHS cyber office (TheHill) Bill maintains funds for cybersecurity directorate but cuts DHS research and development.
White House 'rumoured to close State Department's only cyber security office' as top diplomat quits (The Independent) It has been reported that the cyber security office in the State Department may be closed as its top diplomat quits.
House Dems say voter data request poses serious cybersecurity concerns (FCW) Demanding that the Kris Kobach resign from the White House's election integrity commission, the legislators warn the request for state voter data could run afoul of the president’s cybersecurity executive order.
US Senate confirms Shanahan, but Democrats still slowing Trump picks (Defense News) The Senate on Tuesday confirmed the Pentagon’s new No. 2, Boeing executive Patrick Shanahan, 92-7, but Democrats say they will continue to delay Trump administration nominees.
Acquisition nominee Lord, others cruise in confirmation hearing (Defense News) Ellen Lord appears poised to become the last undersecretary of defense for acquisition, technology and logistics.
UK government wants to maintain unhindered data flows (Infosecurity Magazine) Inquiry by the Lords Select Committee explores implications for UK and EU data flows
Cybersecurity audit on radar as inspector general sets new course for watchdog agency after rough year (Richmond Times-Dispatch) July 1 was the fifth anniversary of the creation of the Office of the State Inspector General and the end of a tough year for the independent watchdog.
Litigation, Investigation, and Law Enforcement
German authorities probe identities of women found in Mosul tunnel (Deutsche Welle) German authorities are trying to find out if a 16-year-old who converted to Islam and disappeared from her home near Dresden last year is one of 20 women found in a tunnel in Iraq. She had been under investigation.
German jihadist girl Linda Wenzel was lured by internet lover to join Isis in Iraq (Times (London)) A young Isis member captured in the ruins of Mosul is believed to be a German schoolgirl who was lured into joining the jihadists a year ago by specialist recruiters who target vulnerable western...
Tory austerity leaving police officers struggling to collect terrorist intelligence – ex-Met chief (RT International) Britain’s counterterrorist strategy may be at risk as the police force is stretched to near “breaking point,” leading officers struggling to collect intelligence on terrorism, the former head of the Metropolitan Police has said.
Feinstein: Mueller won’t object to public testimony from Trump Jr., Manafort (POLITICO) Grassley last week said he planned to invite Trump Jr. and Manafort to testify before his panel as early as this week.
8th Person Identified at Trump Son's Russia Meeting (VOA) Ike Kaveladze is executive for Russian oligarch who initiated younger Trump's meeting with a Russian lawyer on promise that incriminating material about Hillary Clinton would be handed over
Elijah Cummings demands details on how Secret Service vetted Russians at Trump Tower meeting (Washington Examiner) 'It remains unclear what security protocols the Secret Service may have had in place at Trump Tower while the protectee was present.'
ACLJ Files Federal Lawsuit Against NSA – Whatever it Takes to Get to the Bottom of the Dangerous Susan Rice “Unmasking” Scandal (American Center for Law and Justice) Today, the American Center for Law and Justice (ACLJ) just filed its second lawsuit against the National Security Agency (NSA). We made lawful demands for...
Qualcomm loses antitrust appeal, faces daily fines (CRN Australia) Fails to provide regulators with necessary information.
()
