Cyber Attacks, Threats, and Vulnerabilities
Army cyber fighters are on the offensive against ISIS (Defense Systems) Army cyber warriors will attack ISIS as long as it takes to succeed in destroying ISIS networks and communications.
FedEx Files 10-K with Additional Disclosure on Cyber-Attack Affecting TNT Express Systems (FedEx) FedEx Corp. today filed its annual report on Form 10-K for fiscal year 2017 with the Securities and Exchange Commission. The filing includes additional information regarding the June 2017 cyber-attack on the worldwide information systems of TNT Express B.V. (“TNT”), the international express transportation, small-package ground delivery and freight transportation compan
TalkTalk still feeling effects of cyber attack as revenues slip 3.2% - BelfastTelegraph.co.uk (Belfast Telegraph) Telecoms group TalkTalk has said revenues slipped in its first quarter despite adding 20,000 broadband customers as it continues to recover from a cyber attack nearly two years ago.
'Communications Breakdown' Blamed for Verizon Security Gaffe (DSL Reports) A communication breakdown and a vacationing employee are being blamed for Verizon's failure to quickly protect the data of 6 million subscribers. These customers had their names, phone numbers and account PIN numbers
Verizon Data Exposure Incident Highlights Importance of Third-Party Due Diligence (Corporate Counsel) The news that a Verizon Communications vendor exposed millions of customer records highlights the serious risks related to trusting third-party vendors with ...
"Bad Taste" Vulnerability Affects Linux Systems via Malicious Windows MSI Files (BleepingComputer) Because Windows executables haven't wreaked enough damage on Windows computers, now you can use malformed MSI files to run malicious code on Linux systems.
CyberArk finds new way of domain fronting for use in attacks (IT Wire) Researchers from the Red Team at CyberArk Labs have found a new way of domain fronting that allows an attacker to mask malware command-and-control traffic and abuse content delivery networks like Akamai.
Windows security hole – the “Orpheus’ Lyre” attack explained (Naked Security) A long-standing bug in the network authentication protocol called Kerberos led to a security hole in Windows, Linux and more.
Multiple Critical Vulnerabilities Found in Popular Motorized Hoverboards (IOActive Blog) Not that long ago, motorized hoverboards were in the news – according to widespread reports, they had a tendency to...
Hacker Uses Parity Wallet Vulnerability to Steal $30 Million Worth of Ethereum (BleepingComputer) An unknown hacker has used a vulnerability in an Ethereum wallet client to steal over 153,000 Ether, worth over $30 million dollars.
DarkHotel Perfects a New Attack Gambit for Political Targets (Infosecurity Magazine) The attack chain involves whaling, digital certificate factoring and the Inexsmar malware.
Targeted, custom ransomware menace rears its ugly head (Register) No spraying and praying here, just precise, exorbitant attacks
Beware! New Phishing Attacks Disguised as Replies to Previously Asked Questions (Small Business Trends) Cyber criminals have come up with yet another way to get you to open an email. This month’s Comodo Threat Intelligence Lab report has identified a new type of phishing email.
Avoid Phishing Emails (Comodo News and Internet Security Information) Learn more how Comodo Threat Intelligence Lab has identified the phishing emails using the new auto-containment technology and threat intelligence analysis.
Fraudsters Scoring Big – An Inside Look at the Carding Ecosystem (Digital Shadows) In season two of the Netflix series Narcos, Pablo Escobar points out that: “I’m not a rich person. I’m a poor person with money.” In real-life, Escobar’s cartel reportedly made so much money (at one point $US420 million a week) that their chief accountant, Roberto Escobar, claimed that they “would write off 10% of the money because the rats would eat it in storage or it would be damaged by water or lost.” This “poor” person certainly had a lot of money.
Digital Shadows Lifts the Lid on Credit Card Fraud Gangs Cashing in on $24 Billion a Year (Digital Shadows) Reveals step up in sophistication with Russian language e-learning courses, allowing aspiring criminals to make $12k In monthly earnings.
Cybercriminals can take a class on stealing credit cards (CNNMoney) Criminals offer structured advice for others who want to steal and use your financial data.
For $945, this six-week class teaches future cybercriminals (CNET) The class works just like other online courses, with tuition, alumni testimonials and real instructors.
Time is Money: How many threat$ can you fit in a cyberminute? (SC Media US) We all know time is money but when it comes to cybercrime even a minute of down time could cost the mightiest of firms a hefty fine.
In an Evil Internet Minute, $858,153 is Lost to Cybercrime, Reveals RiskIQ (GlobeNewswire News Room) With cybercriminals costing the global economy $454 billion last year alone1, digital threat management leader RiskIQ has examined the growing volume of malicious activity on the internet to reveal the inaugural ‘Evil Internet Minute.’ In a single evil internet minute, close to $858,153 is lost to cybercrime, and 1,080 people fall victim.
Akamai CEO warns of cybersecurity threat in 2018 midterm elections (Akamai) The CEO of the Cambridge-based tech security firm who met with President Trump last month said election hacking remains a significant threat heading into next year’s midterm elections.“I think cybersecurity is a big concern,” Akamai chief Tom Leighton told the Herald today. “The attacks are getting worse, they're large scale, they're more sophisticated, and you've got major entities out there that are very well-funded, very smart, and very motivated to cause harm.”
Security Patches, Mitigations, and Software Updates
Apple Releases macOS Sierra 10.12.6 and More with Security Fixes (The Mac Security Blog) Apple today released software updates for all of its operating systems and Safari. As we all know, there is much more to these updates than what's shown in the update description, so here are some ...
Apple hurls out patches for dozens of security holes in iOS, macOS (Register) Project Zero, GCHQ, and city of Mishawaka, Indiana among credited bug-hunters
Oracle patches 308 bugs, including high-risk arbitrary download flaw in E-Business Suite (SC Media US) Oracle has issued a critical patch update for July 2017, fixing 308 vulnerabilities across its product line.
Oracle E-Business Suite Flaw Allows Downloads of Documents (Threatpost) Oracle today in its Critical Patch Update addressed a critical vulnerability in its Oracle E-Business Suite of business applications that allows for the download of business documents.
Onapsis Identifies and Helps Oracle Secure Critical Vulnerability in E-Business Suite (EBS) (Onapsis) Onapsis, the global experts in SAP and Oracle application cybersecurity and compliance, today announced the discovery of several vulnerabilities, including one rated as high-risk, affecting Oracle E-Business Suite (EBS) platforms.
Google Beefs Up Protection against Phishing Scams (Top Tech News) Since a phishing scam perpetrated in May that may have targeted millions of Gmail and Google Docs users, Google has introduced a number of security changes aimed at preventing a repeat.
Cyber Trends
The Cybersecurity Landscape Is Changing Constantly Due To IoT Amongst Other Factors (Information Security Buzz) We all know that the cybersecurity landscape is constantly changing. Amid a backdrop of constantly evolving technology, attack methods and tools with which to protect our data, the situation has only become more complex. For all their additional complexity, businesses have accepted the reality that to remain competitive, they must embrace new technology with open …
WannaCry has pushed cyber-security into the boardroom (IT Pro Portal) More than half of businesses are expecting a similar attack soon.
Hacking Continues to Cause Majority of Reported Data Breaches (HealthITSecurity) Reported data breaches in healthcare are more transparent than other sectors, according to a recent ITRC and CyberScout report.
Survey: Majority of Americans Reuse Passwords and Millennials Are the Biggest Culprits (SecureAuth) Americans more concerned that someone will steal their online personal information than their wallet
Marketplace
Avast Anti-Virus Acquires CCleaner Maker Piriform | eTeknix (eTeknix) Avast who now owns rival AVG, also recently acquired London-based CCleaner software optimization maker Piriform.
Rapid7 Acquires Komand For Security Orchestration Technology (Seeking Alpha) Rapid7 has acquired security technology company Komand for an undisclosed 'non-material' amount. Komand has developed security automation and orchestration soft
Broadcom-Brocade deal delayed, with ‘no assurances’ (TechTarget) The $5.9 billion Broadcom-Brocade acquisition has been delayed 30 days, which may turn into a 75-day delay. That’s if the deal happens at all.
Quantum crypto upstart QuintessenceLabs hopes to cut the cord (Register) Canberra tips dollars into free-space next-gen comms development effort
Intel to Collaborate With Illusive and Team8 on Cyber Security (Monotone Critic) Intel Corp. has united with an Israeli founder of cyber security business ventures, Team8, as a tactical partner and will assist with the configuration of firms that deal with the biggest cyber security issue, Team8 claimed this week.
BeyondTrust builds on security play with Secure-ISS partnership (ARN) BeyondTrust beefs up play in Australia with appointment of Queensland's Secure-ISS as first managed security service provider partner locally.
IBM's quarterly revenue lower than expected (The Independent) IBM reported a lower-than-expected quarterly revenue on Tuesday, as growth in its higher-margin businesses that include cloud and artificial intelligence services failed to make up for declines across legacy business segments. IBM's shares fell 3 per cent to $149.15 (£114.41) in after-market trading.
Cramer: IBM is just another company that has been 'Amazoned' (CNBC) IBM's struggles are "just another Amazon story in some ways," Jim Cramer says.
QinetiQ still expects revenue growth despite slower orders (BOLSAMANIA) Defence, security and aerospace-focussed science and engineering company QinetiQ Group saw “slower than expected” orders in its EMEA Services division in the first quarter, amid a “dynamic” trading environment in the wake of the UK General Election.
BCU selects Matchlight from Terbium Labs for dark web monitoring and fraud detection (CUInsight) Terbium Labs, the premier dark web intelligence company, today announced that Baxter Credit Union (BCU), one of the nation’s top 100 credit unions, has selected Matchlight for continuous dark web data monitoring, fraud detection, and information security risk assessment. Terbium Labs will demonstrate its dark web monitoring and data loss alerting system at the Black …
Bitcoin may have reached a tipping point, now that ‘Downtown’ Josh Brown just invested (MarketWatch) When prominent financial blogger ‘Downtown’ Josh Brown announces that he is making his entree into the realm of digital currencies, it may be worth taking notice.
Proofpoint Inc. Appoints Michael Johnson to its Board of Directors - NASDAQ.com (NASDAQ.com) Proofpoint, Inc., (NASDAQ:PFPT), a leading next-generation cybersecurity company, today announced its Board of Directors has appointed Michael Johnson as a new independent director, effective July 18, 2017.
SAIC, Northrop Vet Randy James Named ICF Cyber & Resilience Business Head (GovCon Wire) Randy James, formerly vice president of cyber at Science Applications International Corp. (NYSE: SAI
Unisys Federal Executives Jennifer Napper and Susan Becker Elected to Leadership Roles with Prominent Government/Industry Groups (PRNewswire) Unisys Corporation (NYSE: UIS) announced today that two Unisys Federal...
The Lapham Group Places Cyber Risk President at Chubb (Hunt Scanlon Media) The hunt for seasoned cybersecurity talent has seen a dramatic increase in the last several years, according to executive recruiters who hunt for talent in the space. Today, the need for such leaders reaches across virtually all industries. Areas like financial services, defense and high technology have long focused on cybersecurity. But with cyber attacks continuing
MKACyber Appoints DOD Cybersecurity Veteran, Mark G. Hall, as Director, Operational Risk and Compliance (GlobeNewswire News Room) Business-focused security operations company strengthens executive team
Products, Services, and Solutions
Lastline Unveils Unprecedented Breach Protection Capabilities (BusinessWire) Lastline, Inc., the leader in advanced network-based malware protection, today introduced Lastline Breach Defender™, the industry’s only s
Checkmarx Awarded NASA SEWP V Contract to Simplify Federal Procurement Processes (BusinessWire) Checkmarx, a global leader in Application Security Testing (AST) today announced it was awarded a contract by NASA’s SEWP.
Pwnie Express to Provide IoT Security for Black Hat® 2017 (PRNewswire) Pwnie Express announced today that security teams working at Black Hat®...
Software Platform for Connected Cars Aims to Address Critical Safety and Security Issues (Electronic Design) With over 100 million lines of code in the average new car, security functions are becoming crucial to prevent hacking. In response, NHSTA seeks to require and standardize V2V communications.
FireEye Gets FedRAMP Certification for Cloud-Based Email Security Service (ExecutiveBiz) FireEye has received Federal Risk and Authorization Management Program certification to offer a cloud-based email security service offering to federal agencies. The FedRAMP moderate-impact level authorization seeks to facilitate the adoption of FireEye Government Email Threat Prevention by federal agencies to protect against email-based attacks as they move to cloud environments, the company said Tuesday. FireEye...
Monitor Your Network for NotPetya in Real Time (Security Intelligence) With the QRadar NotPetya Content Pack, security analysts can monitor their networks for indicators of NotPetya ransomware in real time.
Willis Towers Watson launches cyber work diagnostic tool (NASDAQ.com) Cyber readiness tool uses sophisticated work model to recruit, lead and engage a more cyber-savvy workforce
Palo Alto Networks AutoFocus: Threat Intelligence Product Overview and Insight (eSecurity Planet) We review Palo Alto Networks AutoFocus, a contextual threat intelligence service that makes threat analytics available to organizations of all sizes.
FireEye iSIGHT: Threat Intelligence Product Overview and Insight (eSecurity Planet) We review FireEye iSIGHT Threat Intelligence, which adds context and priority to global threats before, during and after an attack.
LookingGlass Cyber Solutions: Threat Intelligence Product Overview and Insight (eSecurity Planet) We review LookingGlass Cyber Solutions, an open source-based threat intelligence platform that offers unified threat protection against sophisticated cyberattacks.
IBM X-Force: Threat Intelligence Product Overview and Insight (eSecurity Planet) We review IBM X-Force Exchange, a collaborative threat intelligence platform that helps security analysts research threat indicators to speed time to action.
AlienVault Unified Security Management: Threat Intelligence Product Overview and Insight (eSecurity Planet) We review AlienVault Unified Security Management, which taps AlienVault Labs and a massive crowd-sourced exchange to identify and respond to threats.
KnowBe4 Releases Innovative, Customizable Automated Security Awareness Program Builder: ASAP (PRWeb) No-charge ASAP tool is an industry-first that helps IT professionals and security practitioners create a human firewall: their last line of defense.
Check Point Teams with Microsoft Intune to Secure Enterprise Mobility - NASDAQ.com (NASDAQ.com) Check Point® Software Technologies Ltd. (NASDAQ:CHKP) today announced its product integration of Check Point SandBlast Mobile with Microsoft Enterprise Mobility + Security (EMS) to secure mobile devices in the enterprise.
Verint’s Industry-Leading Knowledge Management Now Available for Companies of All Sizes (Sys-Con Media) Verint® Systems Inc. (Nasdaq: VRNT) today announced its new Knowledge Management Professional™ solution for organizations that span 90 to 90,000 users.
Technologies, Techniques, and Standards
Data Recovery in the Age of Ransomware (Barracuda) Earlier this year, the world recognized World Backup Day (WBD) as a reminder to everyone that data is important and has to be protected. As part of the WBD recognition, Barracuda ran a series of blog posts on the reasons why companies lose data even when they do almost everything right. As a follow up to our WBD activities, Barracuda conducted a survey of general technologists whose responsibilities include data protection and recovery. To be blunt, some of these results are alarming. In this article, we are going to run through the results, explain what they mean, and take a
A brief history of Alice & Bob, cryptography's first couple (Boing Boing) A brief history of Alice & Bob, cryptography's first couple
Banks must educate customers on cyber hygiene (Finextra Research) Jacky Fox, Director, Cyber Risk, Deloitte, talks about the large attack surface banks present to cybercriminals, the challenges of protecting legacy systems, the strong progress banks are making with better-tuned policies and procedures, and the need to educate customers and to concentrate cyber security spend on the interfaces those customers are using most often.
Lt. Gen. Paul Nakasone: Research, Analysis Key to Deter Military Network Breaches - Executive Gov (Executive Gov) Lt. Gen. Paul Nakasone, head of the Cyber Command, has said he believes cybersecurity analysis and research
Design and Innovation
Is that really you typing? New DoD tech will know (Nextgov) The Pentagon could soon do away with authentication cards if a new approach takes off: using a person's typing behavior to verify their identity.
Quantum Computing Is Coming for Your Data | Backchannel (WIRED) Tomorrow's computers will be able to expose the data we encrypt today—and hackers are counting on it.
Research and Development
Research center’s cybersecurity leader earns kudos (The Redstone Rocket) An engineer at the Aviation and Missile Research, Development and Engineering Center has been recognized for his efforts in cybersecurity.
Academia
CSU, MCSD partner to earn NSA cybersecurity grant (WBRC Fox 6 News) In what may be a first for Georgia, Columbus State University is partnering with the Muscogee County School District on a National Security Agency (NSA) grant to develop and implement a course in c...
Mount Offers New Cybersecurity Concentration for IT Majors (Hudson Valley News Network) Mount Saint Mary College’s Division of Mathematics and Information Technology now offers a cyber security concentration for undergraduate IT majors.
7 States Partner with SANS Institute to Offer Free Training, Grow Cybersecurity Workforce (GovTech) A free online aptitude course called CyberStart offers scholarships to onboard students into the cybersecurity sector.
Delaware turns to high schoolers to bolster cybersecurity workforce (State Scoop) A new scholarship platform is designed to take advantage of a booming industry and boost the state's cybersecurity talent pool.
Legislation, Policy, and Regulation
Tallinn Manual author: Petya malware attack likely war crime (Cyberscoop) Two prominent international law experts think the recent malware worm, if actually tied to Russia, constitutes a violation of the Geneva convention.
Meet the scholar challenging the cyber deterrence paradigm (Fifth Domain | Cyber) Fifth Domain recently caught up with that scholar, Dr. Richard J. Harknett, professor and head of the political science department at the University of Cincinnati and scholar in residence at U.S. Cyber Command through the end of 2016.
Qatari websites hacked: As cyber warfare gains prominence, countries may be at risk without even realising it (Firstpost) Though cyber warfare has allowed countries to carry out their operations at a faster pace and in larger areas using deceit as weapon, like every technology it has also gotten out of hand
US: Iran still top state terror sponsor; global attacks down (Military Times) Iran continues to be the world's leading state sponsor of terrorism, the Trump administration said Wednesday in a new report that also noted a decline in the number of terrorist attacks globally between 2015 and 2016.
Tillerson to Shut Cyber Office in State Department Reorganization (Bloomberg) Secretary of State Rex Tillerson is shutting down an office that coordinates cyber issues with other countries, according to two people familiar with the plan, in a move that critics said will diminish the U.S. voice in confronting hackers.
State Department Official Who Backs Russian Cyber Engagement Leaving (BankInfo Security) Christopher Painter, who has advocated for diplomatic engagement with cyber friends and foes alike, is leaving his post as coordinator of cyber issues at the State Department, a job he has held since early 2011.
Want porn? Prove your age (or get a VPN) (Naked Security) The UK government plans to put age verification in front of pornographic websites from April 2018
NDAA would fully approve cyber funding for DOD (Bloomberg Government) The House Armed Services Committee’s NDAA for fiscal 2018 recommends additional cybersecurity funding and assessments for the Defense Department, which would help address cybersecurity concerns and offer opportunities to federal information technology vendors.
Trump taps Raytheon VP as Army secretary (POLITICO) Mark Esper would be Trump's third pick for the Army's top civilian job after the first two candidates withdrew.
Colorado's National Cybersecurity Center Plans to Serve and Protect (Westword) The National Cybersecurity Center has its origins in an economic development trip that Governor John Hickenlooper took in 2015, when he visited Tel Aviv and learned about an Israeli cybersecurity center that brings together government officials, university researchers and private businesses to trade knowledge about preventing cyberattacks.
Litigation, Investigation, and Law Enforcement
Senators ask Trump nominees to aid in Russia probe even if it damages president (USA TODAY) The Senate Intelligence Committee asked nominees for high-level intelligence jobs to pledge support for its Russia investigation.
The Seven Circles of Donald Trump’s Russia Inferno (Foreign Policy) We now know that the president wasn’t ignorant of his campaign’s contacts with Moscow’s intelligence agents. But, on a scale, how complicit was he?
Report: Fmr. Obama Official's Involvement in "Unmasking" Individuals Raising Red Flags (Washington Free Beacon) Samantha Power's involvement in the unmasking by former Obama administration officials of sensitive national security information is raising red flags.
Electronics Ban Lifted Worldwide as New Screening Begins - The Voyage Report (The Voyage Report) WASHINGTON (TVR) - The controversial electronics ban on some flights into the United States is nearly gone, with only one airline yet to comply with
Police bodycams get tech that can identify “faces and people” (Naked Security) Bodycams aimed at law enforcement will soon be able to identify stolen bicycles, missing children and other “objects of interest”.
Employee allegedly threw away and stole computers from LULAC lawyer after taking $3,000 from client (San Antonio Express-News) A 37-year-old employee for a local lawyer was arrested Monday after she allegedly took $3,000 from a client, threw away several of the firm's computers and stole one for herself.