Cyber Attacks, Threats, and Vulnerabilities
Cyberwar: A guide to the frightening future of online conflict (ZDNet) With cyberwarfare, the battlefield is going online. Here's everything you need to know.
Chrome Extension Developers Under a Barrage of Phishing Attacks (BleepingComputer) Google's security team has sent out warnings via email to Chrome extension developers after many of them have been the targets of phishing attacks, some of which have been successful and resulted in crooks taking over extensions.
FireEye clarifies security breach talk (CRN) Vendor says its network stood firm despite 'multiple' hacking attempts, but three documents and two customers were compromised
Threat Spotlight: KONNI – A Stealthy Remote Access Trojan (Cylance) The Threat Guidance Team opens the hood of a malicious threat called KONNI to demonstrate how it operates.
Attack on Ireland’s state-owned power provider blamed on state-sponsored hackers (HOTforSecurity) EirGrid, which provides electricity to homes and businesses across Ireland and Northern Ireland, reportedly suffered a security breach earlier this year at the hands of state-sponsored hackers. The allegation is made in a report in the Irish Independent.
Engineering firm exposes SCIF plans and power vulnerability reports (CSO Online) Chris Vickery, director of cyber risk research at UpGuard, Inc., says that a misconfigured Rsync server maintained by Power Quality Engineering, Inc. (PQE) exposed client information pertaining to critical infrastructure...
Cyber-Attack on Solar Panels Could Shut Down Power Grids via Domino Effect (BleepingComputer) New research released on Friday, August 4, reveals the existence of multiple vulnerabilities in the products of the leading provider of photovoltaic panels, which if exploited in mass by a determined attacker could lead to a shutdown of one or more countries' power grids because of a domino effect.
HBO Hackers Release a Ransom Note—And More Game of Thrones (WIRED) The hackers plaguing the premium TV network have revealed their motive—and more Game of Thrones spoilers.
Game of pwns: security lessons from latest HBO hack (Australian Business Review) HBO recently suffered a massive cyberattack, with hackers stealing 1.5 terabytes of data from inside its network, including upcoming episodes of shows such as Ballers and Room 104. But the crown jewel of the hack wasn’t even a video, it was the script to this Sunday’s episode of the wildly popular HBO series Game of Thrones.
Malicious code in the Node.js npm registry shakes open source trust model (CSO Online) Bad actors using typo-squatting place 39 malicious packages in npm that went undetected for two weeks. How should the open source community respond?
Cyberattacks on GPS leave ships sailing in dangerous waters (Naked Security) A spate of attacks on GPS tracking of ships has focused minds on a radio technology that’s been stalled for years
Cyber Threats Trigger Return to Radio for Ship Navigation (Fortune) About 90% of world trade is transported by sea and the stakes are high.
Deutsche Post DHL sees volume gains in Q3 after cyber attack hurts rivals (NASDAQ.com) Deutsche Post DHL saw no material impact from the cyber attack in Ukraine at the end of June, but is seeing increased volumes this quarter as rivals cope with the after-effects, the group's chief financial officer said on Tuesday.
How Chat App Discord Is Abused by Cybercriminals to Attack ROBLOX Players (TrendLabs Security Intelligence Blog) Cybercriminals targeting gamers are nothing new. We’ve reported many similar incidents in the past, from fake game apps to real-money laundering through online game currencies.
You Can Trick Self-Driving Cars by Defacing Street Signs (BleepingComputer) A team of eight researchers has discovered that by altering street signs, an adversary could confuse self-driving cars and cause their machine-learning systems to misclassify signs and take wrong decisions, potentially putting the lives of passengers in danger.
Europe's cyber victims racking up hundreds of millions in costs (Information Management) Global hackers have unleashed a brace of attacks in recent months, and the revenue hit to companies infected is reaching staggering heights.
The involvement of SMBs is the weakest link in the GST chain: FireEye (Moneycontrol) When these small businesses come online for the first time, they have poor awareness of security practices and are thus open to threats such as ransomware, says Kaushal Dalal
The Darknet Index-U.S. Government Edition (OWL Cybersecurity) Rankin US Government agencies using Darknet intelligence...see how the United States Government fares when its top federal agencies are ranked by darknet footprint.
Why Social Media Users Should Never Lower Their Guard (Time) Never automatically accept a friend request from anyone
Hacked Aquarium Controller Used In Casino Cyber Attack! Featured, News Reef Builders | The Reef and Marine Aquarium Blog (Reef Builders | The Reef and Marine Aquarium Blog) An internet connected aquarium controller has just been confirmed as the gateway into the secure network of a casino, and it was used to steal up to 10 gig
Data of 100,000 Dutch lease drivers leaked (NL Times) A data leak at software company CarWise ICT meant that information of thousands of Dutch lease drivers was easily accessible to unauthorized parties. The leak was discovered by security company ESET, director Dave Maasland confirmed to NU.nl. Maasland estimates that at least 100 thousand customers were affected.
A New Hacker Threat: Messages Inside Images (Credit Union Times) Hackers are increasing their use of hiding messages inside images to conceal their malicious activity.
Tech Support Scammers Cast a Wider Net (Threatpost) Microsoft is warning of a wave of phishing campaigns pushing tech support scams via malicious links to phony Amazon, Alibaba and LinkedIn web pages.
Careful, that may not be your grandson (FederalNewsRadio.com) What if your grandson calls and says he's in jail on a DUI and needs you to wire the court $2,800 ASAP? Beware, it's probably a scam.
Security Patches, Mitigations, and Software Updates
Google Patches 10 Critical Bugs in August Android Security Bulletin (Threatpost) Google's August Android Security Bulletin featured patches for nearly a dozen remote code execution bugs impacting Google's Pixel and Nexus handsets.
Siemens CT scanners open to remote compromise via publicly available exploits (Help Net Security) Siemens is yet to release patches for four easily and remotely exploitable flaws affecting select PET, SPECT and CT scanners from Siemens Healthineers.
The case against Windows Automatic Update (Computerworld) If you’re moderately conversant with your Windows machine, you should consider avoiding Automatic Update. Here’s why.
Cyber Trends
Gigamon IT Survey Highlights Lack of Visibility as a Leading Obstacle to Securing Enterprise and Hybrid Cloud Networks (Gigamon) Over two thirds of IT decision-makers cite blind spots as a major obstacle to data protection
Playing Whack-a-Mole: Results of the 2017 SANS Threat Landscape Survey (Business Insider) Endpoints—and the users behind them—are on the front line in today's security battles, according to results of a new survey on the threat landscape to be released by SANS Institute on Tuesday, August 15.
CyberSecurity Report: Threat Landscape Gets More Sophisticated (Network Security Blog | Qualys, Inc.) Destruction of service. Get acquainted with this newly-minted term, and with its acronym — DeOS. It’s a particularly disturbing type of cyber attack InfoSec teams may face regularly in the not too …
Marketplace
How to Invest in Cybersecurity Stocks (The Motley Fool) Investors should know how big the market it is, and understand its risks, then find a few key players and buckle in for the long-haul.
Acquisition brings multi-factor authentication to SMBs (Computing) Move to the cloud reduces cost and complexity.
Deloitte Purchases Blab's Predictive Social Intelligence Platform to Arm Clients With Early Warning of Reputational Events (PRNewswire) Deloitte announces an agreement to acquire certain assets of Blab, including...
Rapid7 Narrows Quarterly Loss, Revenue Tops Views, Stock Jumps (Investor's Business Daily) Rapid7 reported a narrower-than-expected loss during the second quarter, and after-hours investors rewarded the company.
How MobileIron Inc. Stock Fell 25% in July (The Motley Fool) Last month's second-quarter report looked just fine, except for a disappointing lack of order billings.
IBM joins hands with TSSC to spur emerging technology skills within India’s telecom sector (ETTelecom.com) Technology major IBM has joined hands with the Telecom Sector Skill Council (TSSC) to upskill students and young professionals in the telecom industry
IBM Public Relations Become Embarrassment as Company Struggles (247 Wall Street) International Business Machines Corp. (NYSE: IBM) has had a habit of putting out large numbers of press releases that say little or nothing about the company’s prospects.
NAO wins Navy cyber contract (C4ISRNET) If all options are exercised, the contract is scheduled to be completed by August 2023.
NSW govt strikes cybersecurity deal with Data61 (Technology Decisions) The NSW government will gain access to some of the country's best data scientists under a new agreement with Data61.
America’s First Federal Chief Information Security Officer Gregory J. Touhill Joins Bay Dynamics’ Board of Directors (Bay Dynamics) Ret. Brigadier General Touhill joins Bay Dynamics to help continue mission of enabling a risk based approach to cyber security
Wiretap Names Jeff Spridgeon Vice President of Sales (markets.businessinsider.com) Wiretap, a leading innovator of solutions designed to secure and safely grow the use and corporate governance needs of Enterprise Social Networks (ESNs), today named Jeff Spridgeon Vice President of Sales.
Cybrary Hires Kathie Miley as Chief Operating Officer (PRWeb) Cybrary, the world’s first and only free, open-source IT and cyber security online learning platform, today announced that Kathie Miley has been hired as Chief Operating Officer (COO).
Mosaic451 Names Ray Ramella to Oversee Corporate Operations (PRNewswire) Mosaic451, a bespoke cybersecurity services provider and consultancy, is...
Products, Services, and Solutions
Shine a Light on the Dark Web with USM Anywhere (Alien Vault) Ask any security professional what keeps them up at night, and it won’t be long before the conversation turns to compromised user credentials.
AlienVault plug-in searches for stolen passwords on Dark Web (TechCrunch) When it comes to password breaches on public sites like Adobe, LinkedIn and Yahoo!, there are some known knowns. For instance, there's a decent chance those..
Silent Circle and Kerveros Deliver on Pledge to Secure Enterprise Communications (BusinessWire) Strategic collaboration solidifies ability to bring privacy and security across the globe
Versive and Cloudera Partner to Fill the Growing Cybersecurity Capability Gap (BusinessWire) Versive, a leader in AI-powered cybersecurity, announced a strategic partnership with Cloudera.
Darktrace Advances AI Cyber Defense with New v3 Release (Darktrace) Major productivity boost for novice & expert analysts and executives
Masergy Adds Endpoint Detection and Response to its Integrated Managed Security Solution (Masergy) MEDR Service Lets Companies Rapidly Respond to Cyber Security Threats From Compromised PCs, Servers and Mobile Devices.
Cellebrite Launches Tool for Forensically Sound Extraction of Public Domain Social Media Data (Business Insider) Cellebrite, the leading provider of digital intelligence solutions, has introduced a new UFED Cloud Analyzer solution that provides forensically sound, real-time collection, preservation and analysis of data...
Schneider Electric and Claroty partner to address safety and cybersecurity challenges in global industrial infrastructure (PRNewswire) Claroty, an innovator in Operational Technology (OT) network protection, and...
Webroot growing MSP roster (Channelnomics) Channel chief says 80 percent of business comes from MSPs
General Dynamics releases new, NSA-certified encryptor (C4ISRNET) TACLANE-FLEX is the first “multi-speed, user-customizable High Assurance Internet Protocol Encryptor (HAIPE),” according to a news release.
Mozilla’s new file-transfer service isn’t perfect, but it’s drop-dead easy (Ars Technica) For less high-stakes uses, Send offers reasonable security and privacy assurances.
As network security becomes 'irrelevant,' here's how Zscaler guards the cloud (SiliconANGLE) During a major computer security conference two years ago, Zscaler set up a booth on the tradeshow floor and spent the week destroying various security devices made by other companies with a large hammer.
Preoday makes GDPR pledge to hospitality industry (London Loves Business) Are you prepared?
ENGlobal Government Services Announces Private Sector Initiative and Added Cyber Security Expertise (Power Engineering) ENGlobal Government Services, Inc. (EGS), a subsidiary of ENGlobal Corporation (NASDAQ: ENG), a leading service provider to the U.S. Department of Defense for engineering, automation and cyber security services, announced today that it is now offering its heritage services and expertise to the private sector.
BLU makes its triumphant return to Amazon (Phandroid - Android News and Reviews) After its devices were pulled last week, BLU devices are now officially available again for purchase through Amazon, after a "false alarm".
Technologies, Techniques, and Standards
National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NIST) The National Initiative for Cybersecurity Education (NICE), led by the National Institute of Standards and Technology (NIST) of the U.S. Department of Commerce, is a partnership between government, academia, and the private sector working to energize and promote a robust network and an ecosystem of cybersecurity education, training, and workforce development.
Preparing for GDPR: Pay Attention to Third Party Services (Infosecurity Magazine) The wages of ignorance in this case are likely to be sanctions – which, as we have seen, can be substantial.
ESET provides sustainable cyberspace security (Business Day) ESET has partnered with the National Information Technology Development Agency (NITDA) to provide standard guidelines to protect Nigeria’s cyberspace and ensure that the Information Technology (IT) administrations of all federal government institutions have access to periodic cyber security trainings by ESET experts on emerging threats.
DoD beefing up missile systems’ cyber defenses (Fifth Domain) A tenant of the internet of things industry is that anything connected to the internet is connected to hackers. But when you’re talking about a trillion-dollar ballistic missile system, that possibility is unacceptable.
Smart cars need to be protected from hackers, says UK government (Verdict) The UK government has released new guidance to ensure that smart cars, and the future self-driving counterparts, are protected from hacking
Self-driving cars vs hackers: Can these eight rules stop security breaches? (ZDNet) The UK has issued a set of cyber security guidelines for vehicles.
Overview of the principles for obtaining good cyber security within the automotive sector. (Department for Transport and Centre for the Protection of National Infrastructure) As vehicles continue to become smarter, it’s crucial that we take the correct steps to make them cyber secure.
Figuring out multifactor authentication (FCW) With NIST now restricting the use of Short Message Service, what are the authentication options for federal agencies?
Navy halts access card transition, orders review (FederalNewsRadio.com) The Navy is extending the deadline for contractors and vendors to transition to the Defense Biometric Identification System.
Automating the hunt for cyber attackers (Help Net Security) In this podcast recorded at Black Hat USA 2017, Mike Banic, Vice President, Marketing, and Chris Morales, Head of Security Analytics at Vectra Networks, ta
Achieving Optimised Security (SecureWorks) Rethinking the risks associated with an immature security model can be the first step to better protecting your organisation
An Introduction to Cyber Security Risks and Responsibilities (Virtual College) Cyber security is a hugely important concern for businesses of all sizes.
Hackers are targeting your banking app, but you can fight back (NerdWallet) More and more people are using mobile banking apps — and that's quite a lure for hackers trying to steal users' personal information. If you're a bank customer, you need to be ready to protect your devices and accounts.
Threat Hunting Services Are Now a Basic Necessity (Security Intelligence) EDR solutions enable threat hunting teams to fine-tune behavioral detection rules and determine the techniques by which malware spreads through a network.
Design and Innovation
WWT Targets Drone Threats with Dedrone Partnership (Channel Partners) Dedrone, which signed an alliance with the World Wide Technology this week, helps businesses combat threats from drones. WWT will integrate Dedrone's technology into other security solutions and showcase it at WWT's Advanced Technology Center in St. Louis, Missouri.
A crypto currency that actually works arrives in Ghana (Ghana Web) Block chain based digital currencies based on cryptography have become increasingly popular...
New cryptocurrency to be operational in Ghana (Citifmonline) Block chain based digital currencies based on cryptography have become increasingly popular worldwide, despite their inherent problems. Finally, a new crypto currency that offers both price stability and merchant sales capabilities is arriving in Ghana.
Research and Development
IBM India Helps Create Breakthrough Encryption Technology That's Completely Hacker Proof (indiatimes.com) The system is the first in the industry to offer 100% encryption of this kind
First electronic warfare prototypes from Army’s Rapid Capability Office put to test (C4ISRNET) An air assault unit ― the 2nd Brigade Combat Team, 101st Airborne Division from Fort Campbell, Kentucky ― at the Network Integration Evaluation last month put the first prototypes of several of the Army Rapid Capabilities Office’s electronic warfare solutions to the test out in a hot, austere environment.
Academia
World’s Biggest Student-Led Cyber Security Games Expand to Israel (NYU Tandon School of Engineering) The world’s biggest student-run cyber security event will get even bigger this year: Cyber Security Awareness Week (CSAW), founded 14 years ago by the New York University Tandon School of Engineering...
Internet security tips for middle school and high school students (ESET) Between the ages of 10 and 11 is, on average, when kids get their first cellphone. So by the time they reach junior high and high school, they likely know more about the technology than you do.
Legislation, Policy, and Regulation
North Korea’s Not So Crazy After All (Recorded Future) In this episode we explore unique insights into how North Korean leadership and ruling elite use the internet and what that tells us about their intentions.
UN Asks Apple for More Info on Pulling VPNs in China (Infosecurity Magazine) UN Asks Apple for More Info on Pulling VPNs in China. Special rapporteur wants to know if it raised human rights issues
U.S. Has More to Lose Than Russia in Spy Expulsions (The New Yorker) Statecraft is built on expectations of proportionality. But the United States stands to lose more in the latest round of spy expulsions.
Congress may mandate 'information warfare' plan for Russia (Washington Examiner) 'Russia is not America's friend,' Rep. Eliot Engel wrote. 'While we, too, would ultimately like to see better relations with Russia, the Kre...
Britain is a bystander in online privacy battle (Times) A few years ago, as a largely vexatious experiment, I asked Google to exercise my “right to be forgotten”. I planned to write about this at the time, but I forgot. Remembering yesterday, when I...
Congress looks to take the wheel on autonomous vehicles (Naked Security) With autonomous vehicles an obvious target for attack, moves by Congress to make their security a priority is a welcome start – but it’s only a start
No, the U.S. Government Should Not Disclose All Vulnerabilities in Its Possession (Lawfare) Newly revived calls for the U.S. government to release all the vulnerabilities it holds are understandable but misguided.
Good guys and bad guys race against time over disclosing vulnerabilities (Naked Security) What’s at stake when we don’t share vulnerability data?
Warrantless US Spying Is Set to Expire Soon. Let It Die (WIRED) Opinion: It's time to let the sun set on warrantless surveillance.
DHS CIO Staropoli Quits After Just Three Months (Infosecurity Magazine) DHS CIO Staropoli Quits After Just Three Months. Latest departure bad news for government cybersecurity strategy
Foster to leave as Department of Navy CIO (FederalNewsRadio.com) Rob Foster will join the National Credit Union Administration as its deputy chief information officer after stepping down as the Navy CIO.
Army gets a new, long-awaited CIO (C4ISRNET) Maj. Gen. Bruce Crawford arrives at Pentagon after months in waiting.
1st Federal CISO offers Trump administration cyber advice (Fifth Domain) Chatting live with Gen. Gregory Touhill, the first federal CISO, on the state of federal cybersecurity and his new role with Cyxtera and Bay Dynamics.
Trump Likes When C.I.A. Chief Gets Political, but Officers Are Wary (New York Times) Mike Pompeo has become a favorite of the president’s with tough talk and hawkish views at the helm of the C.I.A., which prides itself on being apolitical.
Litigation, Investigation, and Law Enforcement
Find the lost boys before the extremists do (Times) ‘Sometimes people with the worst pasts create the best futures” says a recruitment ad for the British jihadist group Rayat al-Tawheed, posted on Facebook, which shows a picture of a hooded man...
German police nab crooks with tighter anti-terror checks (Deutsche Welle) There are tighter passport controls across the EU this summer, aimed at keeping track of suspected terrorists. A side effect is that police have been able to catch up with other wanted criminals.
Rod Rosenstein: Mueller needs to come to me if he wants to chase any crime outside scope of Russia probe (Washington Examiner) 'Bob Mueller understands and I understand the specific scope of the investigation, and so no, it's not a fishing expedition.'
Duped Into Wiring $5 Million Cyber Insurance Could Cover It (New York Law Journal) In their Privacy Matters column, Richard Raysman and Peter Brown write: Courts have begun to encounter a growing number of disputes over cyber insurance coverage...
INTERPOL and Palo Alto Networks strengthen efforts in combating cybercrime (Control Engineering Asia) The accord provides a framework for threat information exchange focusing on data related to criminal trends in cyberspace, cyberthreats and cybercrime.
Internet hoax drives Haitian asylum seekers over US border to Canada (Times) It started with a WhatsApp message that read like an answer to the prayers of thousands of immigrants fearing deportation by President Trump. Canada wanted them, it promised — a revelation that...
Disney slammed with class-action complaint for unlawfully exfiltrating kids' personal data (Graham Cluley) Happiest Place on Earth owner accused of “highly offensive” privacy intrusions…
Lieff Cabraser and Carney Bates & Pulliam Announce New Class Action Lawsuit Against Viacom Alleging Violations of Child Online Privacy Protection Laws (News 9) Lieff Cabraser and Carney Bates & Pulliam announce the filing of a federal class action child privacy protection lawsuit on behalf of parents in California against Viacom and others.
Hotspot Shield VPN Accused of Breaking Privacy Promises (Infosecurity Magazine) Hotspot Shield VPN Accused of Breaking Privacy Promises. Non-profit group files FTC complaint over
Finjan Sues SonicWall for Patent Infringement (Sys-Con Media) Complaint filed in the Northern District of California
The FBI Booby-Trapped a Video to Catch a Suspected Tor Sextortionist (Motherboard) The FBI showed it uses more targeted methods to potentially deanonymize Tor users.
Top cop probed over crime intel boss' security clearance (IOL Politics) A high-ranking officer accused of fraudulently procuring a top security clearance certificate for the crime intelligence ...