Cyber Attacks, Threats, and Vulnerabilities
Russian Hackers Can’t Beat German Democracy (Foreign Policy) Of course the Kremlin is going to try to hack Germany’s upcoming election. But it’s not going to succeed.
Chinese Telecom DDoS Attack Breaks Record (Dark Reading) A distributed denial of service siege spanning more than 11 days broke a DDoS record for the year, according to a report from Kaspersky Lab.
Bateleur, the new malware backdoor targeting restaurant chains, from the makers of Carbanak (Graham Cluley) Malware served up to take screenshots and steal passwords.
Game of Thrones unseen episode spoilers leaked (BBC News) A summary of an unseen episode of the hit show and other HBO programmes have been put online by hackers.
HBO Hack: Insiders Fear Leaked Emails as FBI Joins Investigation (The Hollywood Reporter) The company is reeling from a sophisticated cyberattack that potentially compromised seven times the amount of data stolen in the Sony hack as the FBI investigates potential culprits.
As Game of Thrones spoilers leak online, Panda Security issues a stark warning (BetaNews) This week's hack of HBO led to the release of stolen episodes of Ballers and Room 104, and the threat of Game of Thrones leaks. Now the hackers have made good on their threat and uploaded scripts and episode summaries for yet-to-be-aired episodes, and speculation is rife that it is just a matter of time before episodes hit torrent sites such as The Pirate Bay.
This is How CIA Disables Security Cameras During Hollywood-Style Operations (The Hacker News) CIA Agents Use Dumbo USB-based Hacking Tool to Disable Security Cameras And Microphones During Hollywood style Covert Operations
Researchers display “CAN do” skill in vehicle DoS (Naked Security) In the case of vehicles it’s more of a “denial of control” attack
Is mobile phishing the biggest mobile security risk? (Wandera) This report details the extent of mobile phishing and presents data on how and where it's happening with recommendations for keeping your organization safe.
Scam watch: Cyber fraudsters target property buyers and investors (Moneywise) A record number of cyber thefts from law firms – including over half relating to moving home – have been reported from January to March 2017, according to the Solicitors Regulation Authority (SRA).The regulator of law firms in England and Wales has found that the number of reports of cyber theft has tripled in the first quarter of this year compared to the same period last year, with £3.2 million stolen.
7 Everyday Objects Hackers Can Target (Mental Floss) Smart phones, home automation systems, and virtual personal assistants can make life more convenient, but all that connectivity comes at a price.
Security Patches, Mitigations, and Software Updates
Cisco Fixes DoS, Authentication Bypass Vulnerabilities, OSPF Bug (Threatpost) Cisco fixed two high severity vulnerabilities in two products this week that could have let an attacker trigger a denial of service condition or bypass local authentication.
Chrome’s built-in adblocker arrives for early adopters (Naked Security) Google wants to filter the pop-ups, prestitials and sticky ads out of your face
Cyber Trends
Government and Financial Services Most Vulnerable Industries, Warn Developers (Netsparker) Developers think governments & finance industry are the most vulnerable to cyber attacks & IoT devices will be targeted more often
Data Breach Trends (ASIS Security Management) Ransomware and cyber espionage were responsible for many of 2016’s data breaches. These experts say companies can do more to prevent these attacks.
Aussies world's worst ransomware suckers (Financial Review) Australian businesses are nearly twice as likely to pay a ransom demanded by cybercriminals as their counterparts offshore
John McAfee ranks the 10 biggest hacks ever (CSO Online) Tech pioneer John McAfee explains the most damaging and noteworthy cyber attacks of all time.
Marketplace
In defending China demands, Apple loses privacy high ground (ZDNet) Deep dive analysis: Apple says it will 'follow the law' wherever it does business. But questions remain over what happens -- and how the company will react -- when the laws fall foul of the company's privacy promises.
Cyber Security Market Is Growing, And FireEye Is Strong! (Seeking Alpha) What makes us feel that FireEye is an investment worth making. After two years of losses, FireEye posted a 40 percent gain in first quarter of 2017. Growing thr
No End in Sight to FireEye Inc (NASDAQ:FEYE) Growth Problem (Library for Smart Investors (LFSI)) FireEye Inc (NASDAQ:FEYE) surged after the company reported strong second quarter results, as Kevin Mandia’s turnaround strategy continue to work. But ther...
Symantec offloads its certs and web security biz to DigiCert (Register) Reports solid Q1 and makes spats with Google and Mozilla someone else's problem
Splunk: A Great Stock to Defend Against Ransomware (madison.com) Splunk Inc. (NASDAQ: SPLK) recently announced a new product focused on smaller organizations. Splunk Insights for Ransomware, aimed at fighting a global problem that has organizations throughout the world on
McAfee hit by layoffs just months after acquisition by TPG Capital: source (CRN Australia) Sources say cuts hit channel team.
ESET, NITDA Collaborate on Cyberspace Security (THISDAYLIVE) Emma Okonji Determined to put an end to cyber attacks and reduce online insecurity across organisations and tertiary institutions, ESET, a technology security company, has partnered the National In…
As U.S.-Russia Tensions Mount, Should IT Pros be Concerned About Kaspersky? (ITPro Windows) Why one security expert thinks the controversy is overblown
Fort Gordon to announce partnership launch for cyber district Thursday (Augusta Chronicle) The Fort Gordon Cyber District is finally official. The Alliance for Fort Gordon is announcing today the launch of a partnership among military, business and civic leaders to position the Augusta area to best distribute economic benefits expected with the area’s growing boom in cybersecurity jobs and businesses.
What leads women to cybersecurity, and what makes them stay? (Help Net Security) Caroline Wong asked over 300 women employed in the cybersecurity sector about their background, everyday work, and plans and wishes for the future
Women in Cybersecurity: Less than Half Have IT Background (Infosecurity Magazine) Women in Cybersecurity: Less than Half Have IT Background. New report aims to encourage more into the industry
Products, Services, and Solutions
New infosec products of the week: August 4, 2017 (Help Net Security) New infosec products of the week come from the following vendors: AppViewX, BeyondTrust, Forcepoint, Morphisec, XOR Data Exchange, Cato Networks and Lexumo.
Cylance Revolutionizes Consumer Security Market with First AI-Driven Next Generation Antivirus - CylancePROTECT Home Edition (BusinessWire) Cylance® Inc., the company that revolutionized traditional antivirus with AI-powered prevention that blocks everyday malware along with today&rsqu
SyferLock Announces Integration and Sales Partnership to Provide Multi-Factor Authentication for Avatier's Password Station Solution (Benzinga) SyferLock Technology Corporation ... today announced collaboration with Avatier Corporation and provides interoperability of SyferLock's GridGuard™ two-factor and multi-factor authentication solutions with Avatier's Password Station.
Vault One Leverages Ethereum Blockchain Technology To Secure Data (ETHNews.com) Vault One revealed a security solution which utilizes a private Ethereum blockchain to secure corporate data.
Kaspersky (partly) launches its 2018 security products (BetaNews) Every year, with a rather confusing release schedule, Kaspersky’s global office will launch and announce their current range, but only in a select number of territories.
ViewQwest launches suite of managed security services for SMEs (Enterprise Innovation) ViewQwest has a suite of managed services focused on four key areas - cloud access security broker (CASB), managed detection and remediation (MDR), distributed denial of service (DDoS) protection, and managed network security.
SSH Communications Security Partners with Avancer Corporation (Digital Journal) Partnership will strengthen the posture of SSH Security Key Protocol by bringing Identity and Access Management dynamics into play to help manage and control...
IBM expands security cover with IoT, automobile testing services (Business Standard) IBM Security reaches over 100 Indian customers like DHFL and BSE to mitigate cyber threat, by aiding clients in either setting up their own on-premise Security Operations Center (SOCs) or availing services and facilities from the IBM Security
The Rise And Fall Of Faster Payments Fraud (PYMNTS.com) Fraudsters are good at what they do. Payments got faster, but so did criminals. Banks built more defenses, and bad guys jumped over them with glee. But Uri Rivner, BioCatch co-founder, head of cyber strategy and vice president, said in a recent webinar with PYMNTS’ Karen Webster that things are getting better — and the U.S. […]
Morphisec Releases Endpoint Threat Prevention Version 2.0 (PRNewswire) Morphisec, leading developer of Moving Target Defense...
BitSight Provides ProcessUnity Customers Access to Data-Driven Third-Party Security Ratings (GlobeNewswire News Room) Partnership affords continuous visibility into the security of key business partners
WWPass releases free PassHub password manager to protect user credentials (Business Insider) WWPass, a global cybersecurity company that provides identity, authentication and access management (IAM) technology, today announced the immediate availability of PassHub, a free password manager.
Mozilla sets up private, encrypted file sharing service for large files (Help Net Security) Mozilla has launched an online service for private sharing of encrypted files between two users, which ensures shared files do not remain online forever.
Technologies, Techniques, and Standards
Federal cyber assistance sought by dozens of states, local election offices during 2016 race: DHS (The Washington Times) A total of 33 states and 36 local governments asked the U.S. Department of Homeland Security to assess their election systems for vulnerabilities during last year’s White House race, and a handful of others have requested federal assistance in the months since President Trump entered office, according to a newly released document.
Election Officials Still Haven’t Got Clearance to View Russian Hacking Info (Motherboard) It’s August, 2017, and chief election officers across the US still haven’t obtained security clearances.
The 10 Windows group policy settings you need to get right (CSO Online) Configure these 10 group policy settings carefully, and enjoy better Windows security across the office
How do you predict cyber attacks? Listen to your Cassandras (CSO Online) Author R.P. Eddy says it is possible to anticipate and prepare for security threats. It requires listening to your data experts and empowering them with the right tools.
Don't Let a Cyber Attack Stand Between Your Company and a Successful Exit (Entrepreneur) Here are three best practices for enhancing security measures so that cyber attacks don't impede a desirable merger or acquisition.
How to select a suitable incident response program for your organization (Help Net Security) All organizations, regardless of how well they think their walls are fortified, will at some point fall victim to an attack. How they respond to the attack
Identity-in-depth and the evolution of defense (Help Net Security) Rather than be complacent, we need to realize that our approach to security simply is not working. What we need is a revolution, we need identity-in-depth.
How Financial Services Network Security Strategies Have Recently Evolved (Fortinet Blog) Network security has become increasingly complicated for financial services providers due to the popularity of the Internet...
10 tips for effective threat hunting (CSO) Attackers don’t think of their success as optional, hence the effectiveness and success of a threat hunting program is critical.
Password dos and don’ts from Keeper Security (KitGuru) In days where stories of a new hack are a dime a dozen, online security has never been more importan
Design and Innovation
Coinbase says it will support Bitcoin Cash after all — but it isn’t committed to trading yet (TechCrunch) Coinbase, one of the world's largest (if not the) largest cryptocurrency exchanges, has reversed its stance on Bitcoin Cash and said it will introduce support..
From barter to blockchain: A history of money (TechCrunch) The Big Bang brought the universe into existence 13.7 billion years ago. Life first appeared on our planet 3.8 billion years ago. Earth witnessed a hominid...
Facebook's New Security Feature Made Me Think Too Hard About Who My Real Friends Are (Motherboard) Bad opsec is other people.
Academia
Mahanakorn University of Technology and Synacor Launch Zimbra Innovation Center (Multichannel) Mahanakorn University of Technology (MUT) and Synacor (Nasdaq:SYNC) today announced a partnership to launch a Zimbra Innovation Center.
Penn State adds cyber security program (TribLIVE.com) College curriculums across the country are changing in the scramble to meet emerging workforce needs and student demands. In the category of 'what's new on ...
Kaspersky promotes cyber security awareness in schools (IT Web) Around 55% of South African children of schoolgoing age can't live without their smartphones and 30.5% admitted to having received sexual messages online.
Legislation, Policy, and Regulation
A home affaires super ministry: Australia’s new national security framework (Global Risk Insights) Australia’s security apparatus is getting a makeover but when it comes to tackling the threat of terrorism is the UK’s Home Office really the best model?
UK home secretary: ‘real people’ don’t want unbreakable encryption (Naked Security) “Real people” just want cheap & easy; they don’t care about stopping crooks and governments from reading their messages, says Amber Rudd.
Trump: we’re at dangerous low with Russia (Times (London)) US relations with Russia have hit a “very dangerous low”, President Trump said yesterday as he accused fellow Republicans on Capitol Hill of risking a new Cold War by limiting his power to make...
Senate Panels Advance Bills to Improve Cybersecurity Skills (Morning Consult) Two Senate committees on Wednesday advanced bipartisan bills designed to incentivize students and encourage small businesses to boost their cyber skills, part of an effort to combat the growing threat from cyberattacks.
Fearing hackers, US senators propose 'internet of things' security standards (RT International) A bipartisan bill proposed in the US Senate seeks to set federal security standards on internet-enabled devices and exempt researchers from federal hacking laws. Its authors and sponsors are leading voices blaming Russia for ‘hacking’ the 2016 US election.
Can US senators secure the Internet of Things? (Naked Security) The US Congress is proposing “The Internet of Things (IoT) Cybersecurity Improvement Act”. Seems like we could do with some of that.
The Security Community, Not Government, Must Fix IoT (On the Wire) The Senate is considering a bill that would force some serious changes in the way that vendors handle the security of the IoT devices they sell, but while the proposed law has strong bones, it shou…
FCC fills vacant seats as Jessica Rosenworcel and Brendan Carr are confirmed by Senate (TechCrunch) You might not think it from the amount of controversy the agency has generated recently, but the FCC has been operating on a skeleton crew of three..
Litigation, Investigation, and Law Enforcement
Slain activist's lawyers latest known targets of spyware sold to Mexican government (CBC News) The text messages looked innocuous enough — but they actually contained links to a specially crafted webpage designed to silently infect smartphones with powerful surveillance software.
Researcher Who Stopped WannaCry Ransomware Detained in US After Def Con (Motherboard) Marcus Hutchins, AKA MalwareTech, previously registered a specific domain included in the ransomware’s code, which stopped the malware from spreading.
WannaCry Researcher Indicted for Allegedly Creating Banking Malware (Motherboard) On Wednesday, US authorities detained Marcus Hutchins, aka MalwareTech, for his alleged role in creating and distributing the Kronos banking trojan.
British computer expert Marcus Hutchins who helped stop the cyber attack that hit the NHS is arrested by FBI (The Independent) A British computer expert who helped shut down the WannaCry cyber attack that crippled the NHS has been arrested in the US for his alleged role in an unrelated malware attack. Marcus Hutchins, also known as MalwareTech on social media, found a hidden “kill switch” in the WannaCry ransomware virus that hit more than 300,000 computers in 150 countries.
The WannaCry hacker hero was spending big in Vegas before his arrest (The Outline) Marcus Hutchins, credited with stopping a global malware attack, has been arrested by the FBI.
Kronos Indictment R (United States District Court for the Eastern District of Wisconsin) United States of America, Plaintiff, v. [redacted] and Marcus Hutchins, aka "MalwareTech," Defendants
FireEye Assisting National Police of Ukraine with EternalPetya Investigation (BW CIOWORLD) Indian News - , Security-Security firm is assisting law enforcement with forensic investigation of physical machines and data affected by the cyber attack
Reports: Mueller impanels grand jury in Russia probe (UPI) Special Counsel Robert Mueller has impaneled a grand jury to investigate whether Russia interfered in the U.S. presidential election, unnamed sources said.
New Calls for Criminal Investigation of Obama Aides in ‘Unmasking’ Scandal (The Daily Signal) “There was a gigantic uptick in unmasking after the election," says former U.S. attorney Joseph diGenova.
White House fires top security adviser said to have leaked intel (The Times of Israel) Jewish NSC aide Ezra Cohen-Watnick was allegedly involved in helping House intel committee head view classified info pertaining to Trump’s allegations on Obama wiretapping
Trump transcripts released on the eve of coming leak crackdown (Washington Examiner) The White House declined to respond to the latest leak, but President Trump has forcefully condemned previous disclosures.
The Leaks That Hurt Us All (War on the Rocks) Like most news junkies in the United States, I was mesmerized yesterday by the leaked transcripts of President Donald Trump phone conversations with Mexica
Lieff Cabraser and Carney Bates & Pulliam Announce Class Action Lawsuit Against The Walt Disney Company Alleging Violations of Child Online Privacy Protection Laws (BusinessWire) -On behalf of parents in California, the law firms of Lieff Cabraser and Carney Bates & Pulliam have filed a federal class action child privacy protection lawsuit alleging that the Walt Disney Company violates privacy protection laws by exporting children’s personal information from mobile games aimed at children to advertising networks without the parental consent required by federal and state law.
Fired employee caught by keylogger wins case (Naked Security) Spyware isn’t the preserve of foreign militaries and script kiddies
Judge gives former Air Force member 4 years for identity theft (Air Force Times) A former U.S. Air Force member from North Carolina has been sentenced by a Chicago federal judge to four years in prison in an identity theft case.
Russian Botnet Creator Receives 46-Month Prison Sentence (Dark Reading) Federal court sentences the Ebury botnet creator and operator to prison for infecting tens of thousands of servers worldwide.
Family of cyber-bullied NJ girl who killed herself to sue school district for negligence (ABC News) The family of a New Jersey girl who killed herself in June after what they said was "months of relentless" cyberbullying announced plans to sue their school district for negligence, alleging it failed to prevent the abuse, according to their attorneys.
Defendant who texted teen to commit suicide sentenced to 15 months in jail (Ars Technica) Punishment stayed to allow appeals in a novel prosecution testing 1st Amendment.
Local Woman Saved After 911 Dispatcher Tipped Off By Facebook Security (Post-Journal) It’s not every day that Chautauqua County’s 911 center in Mayville gets a call from Ireland.
FCC Imposes $82M Fine for Spoofed Pernicious Robocalls (Infosecurity Magazine) Calls targeted the elderly, the infirm and low-income families, “the dumber and more broke the better.”