Cyber Attacks, Threats, and Vulnerabilities
Army tells troops to stop using DJI drones immediately, because cyber (Ars Technica) "Halt use of all DJI products," Army Aviation commands.
Army orders the removal of DJI drones, citing cyber security concerns (Mashable) DJI drones just took a military hit, and it might ripple through the rest of the market.
Interpol and Security Firm Dox Pro-ISIS Hacktivists (BleepingComputer) In cooperation with Interpol, Group-IB, a Moscow-based cyber-security firm, has tracked down and revealed the real-world identities of five members of the United Islamic Cyber Force (UICF).
Anarchists vow attacks on British travellers (Times) British holidaymakers travelling to popular European destinations have been warned to be vigilant after a militant organisation protesting against mass tourism promised fresh attacks. The leader of...
Hackers leak info stolen from Mandiant analyst, threaten similar attacks (SC Media UK) Hackers leak info stolen from Mandiant analyst, threaten similar attacks in the future
Game of Thrones Season 7: HBO hackers threaten to leak more episodes on 6 August (Firstpost) HBO employees fear that the hackers might have gained access to their personal information in the records of the company but the channel denies the same.
HBO Hack: Reports Suggest Much Worse than Just Game of Thrones Leaks (Apps for PC Daily) HBO hackers 'stole Curb Your Enthusiasm episodes, not emails'
Spoiler Alert: Hackers Are Gunning for Hollywood (Guest Column) (Variety) The 2014 hack at Sony Pictures Entertainment was a watershed moment for the entertainment industry.
An echo of opening shots (TechCentral) As is so often the case these days, I learned of the IT incident that came to be known as the NotPetya outbreak via Twitter.
Hackers Behind WannaCry Cashed Out Bitcoin While No One Was Watching (Motherboard) Hackers behind two strains of WannaCry have moved out their bitcoin proceedings in a very similar way.
WannaCry hackers are converting bitcoins to 'totally anonymous' Monero to hide their tracks (International Business Times UK) Monero is an extremely privacy-oriented cryptocurrency and is nearly impossible to track.
New Version of Dangerous Android Malware Sold on Russian Hacking Forum (BleepingComputer) A new version of the Svpeng Android banking trojan has started making victims during the past month, and at the origin of this sudden surge in activity is a criminal selling a new and improved version of Svpeng on a Russian underground hacking forum.
Backdoor-carrying Emails Set Sights on Russian-speaking Businesses (TrendLabs Security Intelligence) A malicious email campaign against Russian-speaking enterprises is employing a combination of exploits and Windows components to deliver a new backdoor that allows attackers to take over the affected system.
FBI warns on IP addresses (FCW) The FBI issued an alert in late July advising industry, government and academic institutions about persistent cyber threats from a group with ties to Iran.
Meet Alex, the Russian Casino Hacker Who Makes Millions Targeting Slot Machines (WIRED) This Russian mathematician-turned-hacker has cracked slot machines worldwide. His secret: seeing through pseudo-random numbers.
The Rise Of The No-Frills Hacker (HuffPost UK) It looks innocent enough - a receipt from your favourite high street shop, a file to review from a colleague or an alert from your bank or gas company th...
Steganography Use on the Rise Among Cyber Espionage, Cybercrime Groups (Dark Reading) At least three cyber espionage campaigns and several malware samples in recent months have employed ancient technique, Kaspersky Lab says.
Attackers Use Typo-Squatting to Steal NPM Credentials (Threatpost) Hackers seeking developer credentials used typo-squatting to spread malicious code via libraries hosted at the online repository npm. In all, 40 npm packages were found malicious and removed from the Node.js package management registry, according to npm.
The Coolest Talk at Defcon 25 That No One is Writing About (Security Week) I’ve been attending the DEF CON hacker conference for 18 years. This year, I was starting to think “I’m too old for this stuff!” Don’t get me wrong, I still love the community-oriented DIY hacker spirit of the conference, but after all this time, I was starting to think I’d seen it all. Yeah.
Obscuring malicious Facebook links using the Open Graph Protocol (Help Net Security) If you though that obscuring malicious Facebook links was hard, think again. Phishers achieve the semblance of a harmless link using Open Graph tags.
Here's Why your Social Media Timeline Shows Your e-Shopping Wishlist (News18) Welcome to the digital age where everything is public. The government could be trying to read your mails, but the giant corporations are already reading them.
Continue on PC, Timeline features raise Windows 10 security concerns (SearchEnterpriseDesktop) The Windows 10 Fall Creators Update presents new security threats by syncing smartphones to PCs through the new Timeline and Continue on PC features.
Exploits Available for Siemens Molecular Imaging Vulnerabilities (Threatpost) Siemens is readying patches for a number of vulnerabilities in its molecular imaging products, including some where public exploits are available.
ESET Tries to Scare People Away From Using Torrents (TorrentFreak) IT security company ESET has published a rather curious article which portrays the use of BitTorrent as a security threat. Noting that merely downloading a torrent client could "infect your machine and irreversibly damage your files", the piece focuses on a pair of rare incidents to present an overall climate of fear. The reality is much more nuanced.
UCLA System Hacked In Cyber Attack (CBS Los Angeles) UCLA officials are notifying about 32,000 people this week about a cyberattack on a university computer server containing personal information about some students, although officials have said they do not believe the hacker actually obtained any sensitive information.
FTC must scrutinize Hotspot Shield over alleged traffic interception, group says (Ars Technica) VPN service "can intercept and redirect HTTP requests to partner websites."
Radio Station Broadcast Cold War Era Messages Despite Being Non-operational (HackRead) Now, this is one such creepy news that has all conspiracy theorists excited and enthralled. Reportedly, there is a mysterious radio station in Russia that
Security Patches, Mitigations, and Software Updates
Microsoft Will Not Patch SMBLoris Vulnerability (BleepingComputer) Microsoft has declined to patch a vulnerability in the Server Message Block (SMB) file sharing protocol that affects all versions of the Windows operating system released in the past two decades, since Windows 2000.
Samsung's 2015 Flagships Receive Update From Verizon | Androidheadlines.com (Android Headlines) American wireless carrier Verizon is rolling out a new update that will install Android security patches and fix a few bugs to several Samsung smartphones.
'Information' is playing outsize role in warfare (C4ISRNET) In 21st century warfare, war is cognitive as much as it’s kinetic, Lt. Gen. Vincent Stewart, director of the Defense Intelligence Agency, told a small group of reporters in his office this week.
Microsoft sees cyberattacks as part of the 'fabric of society' (null) Microsoft has warned that artificial intelligence could "reset" cybercrime and the techniques used to combat it. AI is being used to tackle emerging threats but is also powering a new generation of malware created by elite attackers.
Combatting cyber terrorism (Global Telecoms Business) Our homes and cities are increasingly connected via the internet of things (IoT). But while this enhanced connectivity brings vast benefits and opportunities, the vulnerability of systems and access points to hacks and cyber security threats is truly upon us, writes Jason McGee-Abe
Hackers & Hospitals: An Infographic on Medical Device Security (Medium) Of all of the connections brought about by the Internet of Things, nothing is more frightening than the notion of an unsecured medical…
Top 10 Security Startups to Watch: Don't Let Them Out of Your Sight (SDxCentral) These 10 security startups that launched before Black Hat show promise in protecting enterprise's networks, and business overall.
12 Security Startups That Raised New Funding in July 2017 (eWEEK) July was a newsworthy month for the security industry. Not only did the Black Hat and DefCon security conferences take place in July, but it was a busy month for investors pumping money into security vendors.
BlueteamGlobal: Cybersecurity Firm Launches With $125 Million Round, Deep Senior Team (PRNewswire) BlueteamGlobal, a cybersecurity services firm, today announced the launch of...
Facebook Acquires AI Startup Ozlo As Virtual Assistant Race Heats Up (StockNewsTimes) Facebook has acquired an artificial intelligence startup based in Palo Alto, California in order to improve how Messenger’s virtual assistant works. Ozlo, which was founded four years ago by Charles Jolley and Michael Hanson, has proven abilities in engaging in text-based conversations. The startup confirmed the acquisition in an online posting. “[Ozlo] has built a […]
How can MSPs evolve into cybersecurity companies? (SearchITChannel) Managed services providers at ChannelCon 2017 described their journeys of transitioning into cybersecurity companies.
A Third of Enterprises Want Managed Security From Their Carriers. Here's Why Carriers Should Listen (Wireless Week) Too many companies are woefully unprepared for a cyber-attack. A full 43 percent of companies reported they can’t handle an attack that lasts just 24 hours. Two new tipping points will only make a bad situation worse: the Internet of Things (IoT) and encryption.
You Wouldn't Believe the Size of FireEye, Inc's Subscription Sales and Operating Expenses -- The Motley Fool (The Motley Fool) The data security upstart’s revenue and earnings pleasantly surprises the Street, but pales in comparison to its cost-cutting efforts.
Tata Communications to hire 400 people to combat cyber crime and data theft (The Economic Times) The company will be investing in building capability in risk and compliance, cloud security, identity and access management, analytics to predict cyber attacks.
Teradata lands $29M deal to help handle Immigration’s data (ARN) Teradata has taken home a $28.9 million data warehouse services deal from the Department of Immigration and Border Protection.
Navy awards C4ISR contract (C4ISRNET) The technical services contract, awarded to CACI-ISS, is scheduled to be completed by December 2017.
Qualys CEO Calls WannaCry a "Godsend" for his Business (eSecurity Planet) Qualys reports second quarter fiscal 2017 revenue of $55.3 million as security events like WannaCry help to drive more business opportunity.
UK intelligence agencies turn to start-ups on cyber security (Financial Times) Private sector coders are being sought to develop fixes for virulent global crimes
Scuttlebiz: Separating Cyber from NSA could speed private-sector development in Augusta (Augusta Chronicle) When America’s enemies hide behind closed doors, the best military strategy could be stealthily picking the lock under the cover of night. Or it could be blowing the door to smithereens with an M203 in broad daylight.
Cybersecurity could be WV’s next big growth area, leaders say (WV MetroNews) An increasingly dangerous online world could be a job-creator for West Virginia. “We ought to be the cybersecurity center of the country,” West Virginia Univer…
Can Northwest Florida become Florida’s cybercoast? (Pensacola News Journal) UWF provides leadership to advance cyber defense education among colleges and universities in the Southeast.
Cybersecurity headhunter shares 10 secrets from Black Hat 2017 (CSO Online) A security industry job recruiter goes undercover at the Black Hat 2017 Conference, and lives to tell about it. Here are 10 things he learned.
Products, Services, and Solutions
Dash Employs Elite Cybersecurity Service Bugcrowd to ‘Hack’ Its Blockchain (Payment Week) Dash, the top payments-focused digital currency, has received approval from the Dash community to employ the services of Bugcrowd, the leader in crowdsourced security testing. The partnership means thousands of security researchers will be incentivized to identify critical software vulnerabilities within Dash’s code and present them to …
CyberSponse Continues to Simplify Security Operations by Announcing Interoperability & Out-of-the-Box Connectors for the RSA NetWitness® Product Suite (Benzinga) CyberSponse, a leader in case management, security orchestration and automation, announces interoperability and out of the box playbooks for the RSA NetWitness® Suite.
Technologies, Techniques, and Standards
Amazon reaches out to users with bad security before the crooks do (Naked Security) Amazon is taking proactive steps to keep its customers safe
Young Iranians Are Using These Apps to Bypass Government Oppression (Motherboard) Amid censorship and "moral police", the youth of Iran are looking to their smartphones for civil liberties.
Voting Machine Hackers Have 5 Tips to Save the Next Election (WIRED) Hey, democracy, your vulnerabilities are showing.
Spy data to help small, medium businesses fend off cyber threats (Financial Review) Small and medium-sized businesses are the big winners under a government plan to share cyber-security spy data with internet providers.
The UK government has issued new cybersecurity guidelines for smart cars (Verge) An effort to ensure that automakers pay attention to cybersecurity
Governments, Silicon Valley faces problems in combating terrorist exploitation of cyberspace, cybersecurity expert says (Homeland Preparedness News) The United Kingdom’s Home Secretary Amber Rudd is set to face an uphill battle this week as she meets with leading tech companies in Silicon Valley to discuss issues related to terrorist exploitation of information and communications technologies (ICT)...
NHS must ensure £21m cybersecurity fund is spent in the right places (Computing) The NHS needs to invest in cyber defences that can adapt to changing threats, argues Malcolm Murphy
GDPR and PSD2: a regulatory double whammy or a unique opportunity for banks? (Computing) New regulations are forcing banks to give more power to customers and competitors with respect to account data, but they may be able to turn it them to their advantage
GDPR: Should Your Organisation Purchase Cyber Insurance? (Computer Business Review) The good news is that cyber insurance firms are offering new policies to help organisations protect themselves from the financial implications of a breach.
In A Ransom DDoS Attack, It Doesn't Pay To Pay (PYMNTS.com) Cyberattacks have become so common that criminals don’t even have to launch one in order to get victims to pay up; all they have to do is threaten. The distributed denial-of-service (DDoS) attack has made a massive resurgence in Q2, particularly Ransom DDoS, or RDoS. In an RDoS attack, cybercriminals threaten to launch a DDoS […]
How cloud computing could protect firms against ransomware attacks (CNBC) Cloud computing may provide the security companies need to protect against cybercrime such as data theft, ransomware and computer hacks.
How Utilities Can Protect Themselves from Cyberattacks (BizTech) Security assessments, cloud-based tools and data protection measures can keep power and utility companies as safe as possible.
Blog: We’re Writing Checks—Money Is in Our Pockets (SIGNAL) Traditional checkbooks provide a new type of financial cybersecurity.
Design and Innovation
Google wants to track you in real life – privacy group says, ‘No way!’ (Naked Security) Google plans to use AI tool to grab details of billions of in-store credit card transaction.
Researchers Put Windows Defender in a Sandbox to Show Microsoft How It's Done (BleepingComputer) Software experts from Trail of Bits — a well-known security R&D company — have sandboxed Windows Defender, the default antivirus solution that ships with recent Windows editions.
Research and Development
IBM And Sony Has Stored 330TB Data In A Tiny Magnetic Tape (TechWorm) IBM and Sony Create Magnetic Tape That Can Store Record-Breaking 330TB Of Uncompressed Data The future of data storage is here: magnetic tapes. Scientists
Lewis University Ranks 6th For Best Online Masters In Cyber Security (Romeoville, IL Patch) The Romeoville university earned a spot among the top 20 Best Online Masters in Cyber Security.
Elementary students learn the basics of cyber in a weekly computer coding class (WRDW) High school students can choose to take cyber security classes on their own, but in Columbia County it's mandatory for elementary school students to take computer classes, which could help them in a future career in cyber.
Legislation, Policy, and Regulation
Russia Sanctions are Insufficient: Use Active Cyber Defense (The Diplomat) “A new approach is needed to shape views of the costs and benefits of cyber attacks.”
UK Writes GDPR into Law with New Data Protection Bill (Infosecurity Magazine) UK Writes GDPR into Law with New Data Protection Bill. Aims to reassure markets and support country’s digital economy post-Brexit
Sebi goes all-out to up cyber security, plans to hire advisor (Business Today) To firewall securities markets from cyber threats, Sebi is looking to further beef up policy framework on this front and plans to appoint an advisor for such security and other IT initiatives.
Germany needs tougher laws against cyber crime, top policeman tells paper (Reuters) Germany's top police official has called for tougher laws to fight cyber crime on the illegal internet - the Darknet - and other organized criminal structures, in an interview published on Saturday.
Bill Aims to Retrain Industrial Workers with In-Demand Cybersecurity Skills (SHRM) Companies that offer their employees cybersecurity training and education would receive tax breaks under a new legislative proposal.
Top Dem argues to keep commission that fights election hacks (TheHill) The EAC is on Republicans' budget chopping block
Jeh Johnson worries U.S. still "vulnerable" to election meddling (CBS News) "Bad cyber actors are becoming more aggressive, more ingenious, and more tenacious," says former Homeland Security secretary
Congress (finally) sets sights on new-age cyber invasion (TheHill) Unless you’ve been hanging out at Mar-a-Lago, playing round after round of “Fake News or Not,” you probably remember the Mirai botnet attack last year. It was a distributed denial of service (DDoS) attack that exploited vulnerabilities in digital cameras and DVRs.
Despite concerns over cyber diplomacy, State works to align internal efforts (Federal News Radio) The State Department quietly launched a new Cyber and Technology Security directorate to address threats and vulnerabilities for embassies and consulates.
Navy Cyber Defense Operations Command Holds a Change of Command Celebration (DVIDS) Capt. Julia L. Slattery relieved Capt. Sean R. Heritage as Commander, Task Force 1020/Commanding Officer, Navy Cyber Defense Operations Command (NCDOC) during a change of command ceremony held at the Suffolk Center for Cultural Arts on August 2.
De Blasio signs executive order to launch city ‘cyber command’ (New York Post) Mayor de Blasio quietly signed an executive order last month creating an office known as the New York City Cyber Command — a new outfit that’s intended to protect the city against online attacks a…
The spies still among us (Post and Courier) The federal government has once again come clean. It has been spying illegally on Americans since 2012, as shown by a large number of documents recently released by the Director
Litigation, Investigation, and Law Enforcement
Jihadist cell ‘musketeers’ spread hate on YouTube (Times) The terrorists who plotted a deadly pipe-bomb and meat-cleaver attack shared scores of extremist videos hosted by YouTube that featured Islamist propaganda. The terrorist cell known as the...
Hutchins pleads not guilty to charges of writing and distributing malware - expected to be bailed today (Computing) Five-year-old IRC logs paint picture of black hat hacker, but no firm evidence of wrong-doing
Security researcher who neutralized WCry to be released on $30,000 bond (Ars Technica) Prosecutors say Marcus Hutchins admitted he wrote alleged malware. Defense disagrees.
Bail of $30,000 set for UK cyber expert Marcus Hutchins (BBC News) Prosecutors say Marcus Hutchins admitted writing and selling code designed to steal bank details.
British computer expert who stopped NHS cyber attack 'admits creating malware code' (ITV) A British computer expert who was hailed a hero after helping shut down a worldwide cyber attack that paralysed NHS computers has admitted in a police interview that he created the code of a malware that harvests bank details, a Las Vegas court has heard.
Black hat or white hat? Questions swirl around hero researcher's sudden arrest (The Verge) On Wednesday, a celebrated UK security researcher was stopped at the Las Vegas airport and taken into federal custody. According to law enforcement, Marcus Hutchins (better known as MalwareTech)...
Kronos Malware ‘Dealer’ On WannaCry Killer Charges: What Charges? (Fraud Report) Beaumont had suggested that the contact might know something about the creator of the malware, but Passworded denied they had coded it, telling Forbes in internet-speak: "To be honest am not the coder but i got the file and crack it."
Arrest shines light on shadowy community of good, bad hackers (Update) (Phys.org) Two months ago, Marcus Hutchins was an "accidental hero," a young computer whiz living with his parents in Britain who found the "kill switch" to the devastating WannaCry ransomware.
Arrest of WannaCry researcher sends chill through security community (TheHill) The Wednesday arrest of cybersecurity researcher Marcus Hutchins is sending a chilling effect through the cybersecurity community.
Opinion | The Kronos indictment: Is it a crime to create and sell malware? (Washington Post) A legal analysis of the charges against Marcus Hutchins.
The Marcus Hutchins Case Could Set a Dangerous Precedent For White Hat Hackers (WIRED) The danger of the Marcus Hutchins case is the chilling effect it could have on malware research in general.
Kronos malware: What is the banking Trojan linked to WannaCry hero? (CRN Australia) Kronos malware was first spotted for sale in 2014.
IITian arrested in Bengaluru for stealing Aadhaar data (The Times of India) Bengaluru police on Thursday arrested a software engineer for hacking the server of UIDAI. The 31-year-old IIT-Kharagpur graduate is currently employed with cab aggregator Ola. He have allegedly stolen the demographic data of at least 40,000 Aadhaar cardholders.
Transparency, due process fell by the wayside in the case of Kaspersky Lab (Federal News Radio) Acquisition and cyber experts say the government’s decision to remove Kaspersky Labs from the GSA schedule is highly unusual and could create a trade war.
South Korean Spy Agency Admits to Meddling in 2012 Election (Foreign Policy) The presidency may never have been meant for Park Geun-hye after all.
"This culture of leaking must stop," Sessions says, threatening media subpoenas (CBS News) "We will not allow rogue anonymous sources with security clearances to sell out our country any longer," attorney general says
Jeff Sessions’ leaker crack down may prove tricky (The Washington Times) President Trump’s anger at his attorney general appears to have blown over, with the president offering a few kind words for Attorney General Jeff Sessions’ plan to crack down on what have been a series of embarrassing leaks for the White House.
Factbox: Long history of U.S. leakers to media facing charges (Reuters) While one focus of the leak crackdown announced on Friday by U.S. Attorney General Jeff Sessions is on journalists who receive leaked information, another is on suspected leakers.
Tipping point for anti-Trump leaks? (News-Sentinel) There have been leaks in every presidential administration. But most of them were innocuous, and many were even the result of the administration itself trying to put spin on certain issues.
Rosenstein: Special counsel Mueller can investigate any crimes he uncovers in Russia probe (Washington Post) The deputy attorney general said the Russia investigation is continuing apace, even as Trump dismissed the probe as “a total fabrication.”
Democrats fear Russia probe blowback (POLITICO) "We need to talk about what people think about when they wake up in the morning, and it’s not Russia," said one strategist.
Russian inquiry robs voters of democracy, says Trump (Times) President Trump lashed out against allegations that his path to the Oval Office was smoothed by a foreign power as his new chief of staff set about stamping discipline on a West Wing buffeted by...
We need answers in Democrats' congressional IT drama (USA TODAY) Something shady is going on and former Democratic National Committee chief Rep. Debbie Wasserman-Shultz doesn't want to talk about it.
Clandestine Isis unit training Britons to launch attacks on UK (Times) A secretive Isis unit that trained the perpetrators of the Paris and Brussels terrorist attacks has been teaching British fighters to attack targets in the UK, according to a fighter captured by...
Companies Can't Use Keyloggers to Spy on Employees, Says German Court (BleepingComputer) The German Federal Labour Court has ruled that companies can't install keyloggers to monitor employees because such an action violates personal privacy rights.
DICT, global cybersecurity firm join forces to combat online threats (Inquirer) The Philippine government and international cybersecurity firms are combining forces to address cybersecurity threats in the country as the fast growing economy lures cybercriminals.
Polish Kidnapper Tried Selling British Model on Dark Web (HackRead) We have heard about Dark Web marketplace asking for funds to assassinate Donald Trump and Mike Pence - We have also heard about criminals offering physical
Russian man sentenced in Minnesota computer fraud case (Fifth Domain) A Russian man has been sentenced in Minnesota to nearly four years in federal prison in connection with a global computer fraud case.
OPM security controls still not fully implemented, says GAO (Fifth Domain) A report detailing GAO findings on the progress made by OPM to implement 19 recommendations to secure government systems was released Thursday.
Editorial: No excuse for hiding cyber attack on city (Sarasota Herald) How does the city of Sarasota conceal from the public the scope and severity of a cyber attack that corrupted 160,000 computer files and involved a $33