Cyber Attacks, Threats, and Vulnerabilities
Russian hacking campaign targets G20 attendees with booby-trapped invites (ZDNet) Turla APT group is sending out invites to a real G20 event in Hamburg, targeting politicians, policy makers and other experts for the purposes of espionage.
Turla Cyberspies Use New Dropper in G20 Attacks (Security Week) The Russia-linked cyber espionage group known as Turla has been using a new malware dropper in attacks apparently aimed at entities interested in G20, security firm Proofpoint reported last week.
SBU warns about cyber-attack on Ukrainian institutes and enterprises (KyivPost) The Security Service of Ukraine warns about possible cyber-attack on the networks of the Ukrainian institutes and enterprises and asks to stick to the worked out recommendations as the press service of the department reported. Read more here. Found a spelling error? Let us know – highlight it and press Ctrl + Enter.
Ukrainian Banking Sector Braces for New Cyber-Attack, Warns Central Bank (Finance Magnates) Ukraine was the country hardest hit by the June attack that targeted thousands of machines around the world.
Russia May Have Tried Maritime GPS Spoofing (Wapack Labs) In a 22 June 2017 report, twenty (20) ships near the Russian Black Sea coast indicated their GPS location to be inland at Gelendzhyk Airpor...
Sinopec's Shengli Oilfield cuts Internet for some offices after cyber attack (Reuters) Sinopec's (600028.SS) Shengli Oilfield said it will cut its Internet connection for some of its offices after a malicious ransom software attacked of 21 of its Internet terminals, the company said on its official website on Monday.
Cyber Intrusions Linked to Global Geopolitics (SIGNAL Magazine) It took 18 years of responding to breaches before FireEye CEO Kevin Mandia made the connection, the former Air Force computer security officer revealed at a recent conference.
Hackers nab $500,000 as Enigma is compromised weeks before its ICO (TechCrunch) The ICO hackers are at it again. Enigma, a de-centralized platform that's preparing to raise money via a crypto token sale, had its website and a number of..
Third party trackers on web shops can identify users behind Bitcoin transactions (Help Net Security) Web sites increasingly accept cryptocurrencies as a method of payment, but users should be aware that these transactions can be used to deanonymize them.
Attackers turn to auto-updating links instead of macros to deliver malware (Help Net Security) Attackers are targeting companies, and their goal is to get their hands on information that will allow them to steal money from the victims' accounts.
Banking Trojan Trickbot Targeting Far More US Banks Than We Thought (Blog Easy Solutions) The Trickbot Banking Trojan recently began attacking organizations in the US at a much larger scale than was previously thought.
Two Foxit Reader RCE zero-day vulnerabilities disclosed (Help Net Security) Trend Micro's Zero Day Initiative has released details about two remote code execution zero-day flaws affecting popular freemium PDF tool Foxit Reader.
It's Not Exactly Open Season on the iOS Secure Enclave (Threatpost) Despite yesterday's leak of the Apple iOS Secure Enclave decryption key, experts are urging calm over claims of an immediate threat to user data.
Secret Chips Can Be Hidden in Replacement Parts to Spy and Take Over Smartphones (BleepingComputer) At a recently concluded security conference, experts from an Israeli university have presented new research that describes a possible attack scenario which leverages replacement parts to carry out attacks on smartphones and other smart devices.
Newly uncovered Carbon Black bug may have mistakenly sent files to VirusTotal (Cyberscoop) The bug can potentially result in files being miscategorized and mistakenly uploaded to VirusTotal where they can be seen publicly.
Carbon Emissions: Oversharing Bug Puts Security Vendor Back in Spotlight (KrebsOnSecurity) Last week, security firm DirectDefense came under fire for over-hyping claims that Cb Response, a cybersecurity product sold by competitor Carbon Black, was leaking proprietary data from customers who use it.
LeakTheAnalyst incident an attempt to damage FireEye stock (Cyberscoop) A hacker leaked stolen material in an effort designed to damage the company's stock value, people familiar with the matter told CyberScoop.
HBO hackers threaten to leak final episode of Game of Thrones Season 7 (CSO Online) The attackers responsible for hacking HBO say they are about to leak this year’s final episode of Game of Thrones.
Breaking Down HBO’s Brutal Month of Hacks (WIRED) Four separate security incidents, including Game of Thrones leaks, have turned HBO's August into a case study of hack attacks.
OurMine hacks PlayStation's social media accounts, claims PSN database breached (International Business Times UK) The latest attack comes just days after OurMine took over a number of HBO's social media accounts.
Insecure process sensors can create safety, security, and resilience vulnerabilities (Control Global) There are various threat scenarios which confront our entire national critical infrastructures that involve insecure process sensors. These scenarios can lead to loss of safety and resilience and to be addressed.
How likely is a ‘digital Pearl Harbor’ attack on critical infrastructure? (Naked Security) The metaphor might be hyperbole, but there’s real concern about the potential for attacks, warn two experts
America's weak cybersecurity puts our nation at risk of a modern 9/11 (TheHill) OPINION | The arcane government process puts the country at risk of a crippling cyberattack.
The Daily Stormer was back online for a quick second (TechCrunch) Neo-Nazi site The Daily Stormer is running out of options to stay online. There has been a public outcry against tech companies helping websites, such as The..
Woman targeted with 120 images on public transport via AirDrop (Naked Security) Bluejacking is back, this time via Apple’s AirDrop technology, allowing strangers to bombard women with ‘dick pics’
Police agency website copied to trick browsers of porn to pay up (The Asahi Shimbun) Browsers of online porn sites be warned: A website designed to fool surfers that the National Police
Man hacks top British News platform to get social media followers (HackRead) Some hack for fun while some do it for political reasons. But this Iraqi guy whose name is Mahmood Jumaa hacked the verified Facebook page of The Independe
Children exposed to huge rise in gambling adverts (Times) Children are being bombarded with a record number of gambling adverts as betting websites embark on an unprecedented spending spree to attract new customers. Figures show that the industry has...
The Impact of a Breach: When the Fallout Means More than Money (Infosecurity Magazine) Data breaches can mean more than just financial loss
The need to be victorious — espionage in sports (CSO Online) From the early Olympiads to today's modern sports, espionage in sports has existed. Here's a look at some modern-day incidents — hacking, spying and insider antics.
Security Patches, Mitigations, and Software Updates
How Amazon Solved The Biggest Cloud Security Threat (eSecurity Planet) New services from Amazon announced this week could help to end unintentional data leaks.
Stopping EternalBlue: Can the next Windows 10 update help? (SearchSecurity) Redstone 3, the Windows update, promises to fix the vulnerability that opens the OS to EternalBlue exploits. Here's what to do until the release.
Drone firm says it’s stepping up security after US army ban (Naked Security) DJI security patch should ease military fears – but throws up further issues for pilots
Cyber Trends
Why cybercriminals like AI as much as cyberdefenders do (American Banker) Artificial intelligence is helping detect breaches the human eye can’t. But it also gives hackers an edge.
Valerie Plame: U.S. government cyberdefense must be improved (SearchSecurity) Valerie Plame talks with SearchSecurity about the U.S. government's cyberdefense and the threat of nation-state cyberattacks.
Weekly Cyber Risk Roundup: Charlottesville Sparks Hacktivism and Controversy (SurfWatch Labs, Inc.) The politics surrounding the “Unite the Right” rally and its counter-protests in Charlottesville spilled over into the cyber world this week as hacktivists took action against websites and a debate…
Two-thirds of FTSE 350 board members lack cyber hack training (City A.M.) The majority of board members at Britain’s biggest public companies have received no training in how to handle a cyber attack despite it rapidly rising
UK Charities Exposed to Cyber-Attack, Says Government (Infosecurity Magazine) UK Charities Exposed to Cyber-Attack, Says Government. New report highlights awareness and funding challenges
Marketplace
Cyber threat creates demand for experts (Daily Telegraph) Cyber security specialists are in demand as organisations face a growing threat from online criminals.
Should Investors Care About Cybersecurity? (NASDAQ) I've got good news and bad news.
What Happens When HACK ETF Gets Hacked By Insider (NASDAQ.com) Investors in the PureFunds ISE Cyber Security ETF ( HACK ) woke up Aug. 1 to find their fund had a new name, ETFMG Prime Cyber Security ETF, and tracks a new index.
Cisco Acquires Observable Networks to Expand Its Cloud Security (Market Realist) To diversify its security (HACK) portfolio, Cisco Systems (CSCO) announced that it had completed the acquisition of Observable Networks. This acquisition extends Cisco’s Stealth Watch Solution to the cloud and provides behavioral analytics and comprehensive visibility to its customers.
FBI briefing US companies to dump Kaspersky, claiming intelligence prove it a 'threat to national security' (Computing) Kaspersky 'extremely disappointed' at FBI actions against 'law abiding and ethical company'
Corey E. Thomas of Rapid7 on Why Companies Succeed or Fail (New York Times) The chief executive of a network security company says that corporate culture can accentuate the collective or be a distraction.
Steve Moore Joins Exabeam as Chief Security Strategist (Globe Newswire) Former Vice President of Cyber Security Analytics at Anthem brings deep experience in breach management
Products, Services, and Solutions
Got an iPhone? Here’s what we think about the security of iOS11 (Naked Security) Will your iOS device be more or less secure when iOS11 is launched? We’ve had a look beyond the cosmetic tweaks to the security features
U.S. Army NETCOM to Deploy Plurilock BioTracker--the First Continuous Identity Authentication for Enhanced Cybersecurity (PRNewswire) Plurilock Security Solutions, whose AI authentication...
WatchGuard announces partnership with UK reseller Blue Cube (PCR) Global security leader WatchGuard Technologies has strengthened its position in the UK by tying up a partnership deal with reseller Blue Cube.
Rackspace turns to RiskIQ for threat intelligence (Cloud Pro) PassiveTotal has significantly improved the time it takes for Rackspace to respons to incidents
Bledsoe Telephone improves network security with Nominum (Telecompaper) Nominum announced that Bledsoe Telephone Cooperative, which provides phone, broadband internet and IPTV services to subscribers in Tennessee, deployed the company’s Vantio CacheServe DNS software to improve speed, security and reliability of its broadband network.
Sqrrl empowers threat hunters with self-service analytics (Help Net Security) Sqrrl reduces attacker dwell time by detecting adversarial behavior with fewer resources through the use of machine learning, and enables threat hunting.
Don’t let your kids drown under the internet tide: How to limit screen-time in a connected world (Future Five) Children have countless options on how they connect to the internet, so how do parents limit screen-time?
Technologies, Techniques, and Standards
FSB partaking in developing international blockchain standard (Crime Russia) This will empower Russian authorities to use new technology in the future.
3 things to know before adopting blockchain (Business Insider) Blockchain is the trending topic in the industry today, and organizations are vying with one another to take a position on this disruptive technology, if they have not done so already.
The Password Takes its Last Breath (Infosecurity Magazine) Behavioral biometrics activities cannot be hacked or duplicated, as no one can imitate exactly how another person uses their phone.
Beyond Feeds: A Deep Dive Into Threat Intelligence Sources (Recorded Future) Many organizations assume open source threat intelligence feeds are the simplest starting point. Sadly, that couldn’t be farther from the truth.
The 5 cyber attacks you're most likely to face (CSO Online) Don't be distracted by the exploit of the week. Invest your time and money defending against the threats you're apt to confront
RSA's Angel Grant On E-Commerce Security (PYMNTS.com) Retailers are retailers, not security experts. Too often, their best efforts can create friction at the point of sale for consumers, which leads to shopping cart abandonment and lost revenue, all while feeding the illusion of “too much security.” It goes without saying that eCommerce security is paramount as cybercriminals get smarter and more creative. […]
Securing Health Data Means Going Well Beyond HIPAA (GovTechWorks) The National Health Information Sharing and Analysis Center (NH-ISAC) warns that health providers have focused on complying with the data privacy concerns embodied in the Health Insurance Portability and Accountability Act (HIPAA) – yet failed to pay enough attention to data integrity and security.
From HBO's ransomware attack to Aadhaar security, risks and solutions every netizen must know: Interview (International Business Times, India Edition) Were you hit by ransomware or hacked? McAfee's Anand Ramamoorthy explains the threats and how to overcome them.
Canadian firms: how can you ensure file sharing security as you scale? (IT Business) The storage and sharing of corporate data has come a long way in the past century. Filing cabinets and storage units full
Doing things right: Cloud and SecOps adoption (Help Net Security) There is hardly a technology-oriented organization anywhere on the small-business to-enterprise spectrum that isn’t a good candidate for SecOps.
Outages are becoming a little too normal (Computerworld) As we come to terms with the fallout from major outages that were caused by recent widespread cyberattacks, it’s time to look at areas of concern in IT infrastructure protection and what we can do to prevent serious problems.
Design and Innovation
Yesterday’s “plastics” are today’s crypto tokens (TechCrunch) What "The Graduate" can teach about today's cryptocurrencies
Making Sense of Cryptoeconomics (CoinDesk) Josh Stark argues that "cryptoeconomics" is widely misunderstood, despite being a concept crucial to understanding the blockchain industry.
Gaming the system for a better experience (Help Net Security) In the future, user experience design (UX) will become an increasingly important part of the security team, according to Dwayne Melancon.
Research and Development
New York University Abu Dhabi researchers develop 'unhackable' computer chip (The National) Chip is designed to prevent physical tampering of devices but could be extended to defend against online hackers
Academia
Dakota State University in Madison, SD Receives Transformational Gift (Dakota State University) What you find at DSU might surprise you. We offer an update on the traditional college experience that’s both rigorous and fun, with a technological twist that will prep you for a successful career in any field.
Legislation, Policy, and Regulation
President Trump announces move to elevate Cyber Command (Washington Post) Trump's move means that Cyber Command will become the 10th unified command in the U.S. military, putting it on par with the main combatant commands, such as Central Command.
Department of Defense Off-Camera Press Briefing on Elevation of Cyber (U.S. DEPARTMENT OF DEFENSE) COLONEL ROB MANNING: Good morning and thanks for coming. I am COL Rob Manning, director of press operations here at the Department of Defense. As you may be aware, this morning the President
It’s Official: President Elevates U.S. Cyber Command (SIGNAL) The command also may be separated from the NSA in the future.
The US Gives Cyber Command the Status It Deserves (WIRED) By elevating Cyber Command, the Trump administration signals just how important cyber warfare has become.
Israel spies opportunity as U.S. gives Cyber Command major upgrade (Haaretz) IDF Chief of Staff Gadi Eisenkot mulling similar move for Israel’s cybersecurity unit, making it equal to ground, air, naval and intelligence forces
Australia to Regulate Virtual Currency Exchanges Like Bitcoin (The Bull) Australia is set to regulate virtual currency exchanges such as Bitcoin and strengthen the powers of its financial intelligence agency AUSTRAC as it cracks down on money laundering and terrorism financing.
Dana Rohrabacher calls for ‘massive cyberattack’ against North Korea (The Washington Times) Rep. Dana Rohrabacher, the chairman of the House Subcommittee on Europe, Eurasia and Emerging Threats, has called for conducting a “massive cyberattack” against North Korea to prevent Pyongyang from initiating nuclear war.
North Korea believes Japan is building a cyberspace attack force under the pretext of self defence (Tech2) The Japanese Defence Ministry was mulling to have a new working group to study cyber warfare techniques to be established.
India, Japan reaffirm commitment to secure cyberspace (India.com) India and Japan have reaffirmed their commitment to a secure and accessible cyberspace during the Second India-Japan Cyber Dialogue held here on Thursday, the External Affairs Ministry said in a statement on Friday.
Joint Press Release-Second Japan-India Cyber Dialogue (Ministry of External Affairs, Government of India) The Second Japan-India Cyber Dialogue was held in New Delhi on August 17, 2017.
Government’s directive to ensure privacy of Indian smartphone users needs to be backed up by policies (Tech2) Quite a few of these manufacturers have been investigated for compromising security in India and abroad in the past.
Loss of top cyber officials spells challenge for Trump (TheHill) The Trump administration has lost a handful of individuals serving in top cybersecurity roles across the federal government in recent weeks, even as it has struggled to fill top IT positions.
The U.S. government should be making better use of the internet of things (VentureBeat) The U.S. government acknowledges that the Internet of things (IoT) has advanced past the research and development stage. However, even with this acknowledgement, there is still a gap in how the public sector is connecting to the IoT and how it should be connecting.
Ask your security clearance questions – How well do you understand the clearance process? (FederalNewsRadio.com) Lindy Kyzer, senior editor for ClearanceJobs.com, helps you get to the bottom of challenges you and others may have regarding your security clearance.
Litigation, Investigation, and Law Enforcement
Spanish police pursue link between Barcelona terror attacks and Brussels bombings (Times) The imam suspected of masterminding the Barcelona terrorist attacks often travelled to Belgium and was in the country in the three months before the Brussels bombings last year. Police are...
Terror cell that attacked Barcelona and Cambrils is destroyed (Times) Only one member of a 12-strong terrorist cell responsible for the worst attack in Spain for more than a decade remains at large. Police said last night that seven men had been killed and four...
Cambrils attack: terrorists leapt from the car then officer shot four dead (Times) An officer of the Mossos d’Esquadra, the Catalan police force, saved the day during the second assault in the Spanish region by single-handedly shooting dead four out of five terrorists.
Terrorist cell planned to attack Sagrada Familia with van of explosives (The Local) Police believe that the jihadist cell responsible for the attacks in Barcelona and Cambrils that left 14 dead and more than 100 injured were originally planning something much bigger involving Barcelona’s most emblematic tourist sites.
Isis uses companies in Wales to finance terrorist attacks against the West (Times) Isis used a network of companies operating out of an office in Cardiff to ship military-grade equipment to Spain and to finance terror plots against the West, FBI documents seen by The Sunday Times...
It’s wrong to say we can’t stop this terror tactic (Times) Like so many Times readers, I know Las Ramblas in Barcelona well. Like many of you, and with hindsight, I can now see why the jihadists chose it. As it happens, much of my family live not far away.
What We Still Don’t Know About the Islamic State’s Foreign Fighters (The Atlantic) The biggest concern is what happens when they come back home.
IS comes from modern reality, not seventh-century theology (Middle East Eye) IS is not a spectre that has come to haunt us from a distant past. The roots of its apocalyptic theatre of violence run deep into modern soil
Charlottesville Shows Us What's Gone Wrong In The Fight Against Terrorism (BuzzFeed) The belief that violent extremism is something "they" bring to "us" isn't just wrong — it's messing up our approach to fighting terrorism.
Facebook Can’t Fix Our Political Divide With an Algorithm (Motherboard) Online platforms inadvertently helped create chaos in American politics, but Harvard researchers believe the solution must come from elsewhere.
Google's Anti-Bullying AI Mistakes Civility for Decency (Motherboard) The culture of online civility is harming us all.
Can the Bitcoin Community Stop Neo-Nazis From Using the Digital Currency? (Motherboard) Decentralization is a double-edged sword.
British spy chiefs knew of FBI sting on NHS hack attack hero Marcus Hutchins (Times) GCHQ was aware that a British IT expert who stopped a cyber-attack against the NHS was under investigation by the FBI before he travelled to America and was arrested for alleged cyber-offences, The...
British authorities knew about US plans to arrest Marcus Hutchins (Computing) GCHQ allowed Hutchins to fly and be arrested to avoid extradition battle
Code chunk in Kronos malware used long before MalwareTech published it (Ars Technica) Marcus Hutchins, the researcher who stopped WCry, complained his code was lifted.
IT staffers may have compromised sensitive data to foreign intelligence (New York Post) Federal authorities are investigating whether sensitive data was stolen from congressional offices by several Pakistani-American tech staffers and sold to Pakistani or Russian intelligence, knowled…
Did a Mole-Who-Must-Not-Be-Named Leak Plot to Elect Trump? (The Daily Beast) A brave lawyer defending people the Russian government accuses of treason says the case of cyber experts charged with working for the CIA is about the toughest he’s seen.
Phone location privacy – for armed robber – headed to Supreme Court (Naked Security) Defending a convicted armed robber’s right to privacy feels distasteful, but defending rights are important – as this case seeks to do
ICE: We don’t use stingrays to locate undocumented immigrants (Ars Technica) Letter adds that, even when you’re targeted via stingray, you can still call 911.
Four charged with violating cyber laws, public morals in UAE (Khaleej Times via MSN News) Three men and a woman, who were detained for filming and publishing an offensive video on social media have been charged with violating public morality and online law.
Autistic Man Hacked Sports Direct Website To Get Employment (HackRead) The retail giant Sports Direct’s website went down for 30m minutes which cost them the loss of sales of approx. £48,000 (USD 61540) to £50,000 (USD 64105).
Couple Accused of Using Lowes Website Flaw to Steal Expensive Goods (BleepingComputer) A couple from the Brick Township in New Jersey stands accused of using a flaw in the Lowes online portal to receive goods for free at their home.