Cyber Attacks, Threats, and Vulnerabilities
Another Ukrainian software maker's site compromised to spread malware (Help Net Security) The web server of Crystal Finance Millennium, a Ukraine-based accounting software firm, has been compromised and made to host different types of malware.
Ukraine Fears Second Ransomware Outbreak as Another Accounting Firm Got Hacked (BleepingComputer) Ukrainian authorities and businesses are on alert after a local security firm reported that another accounting software maker got hacked and its servers were being used to spread malware.
Navy leadership removes 7th fleet commander after 'loss of confidence' (FederalNewsRadio.com) Vice Adm. Joseph Aucoin has been relieved of command after a series of at-sea incidents including the recent USS John S. McCain collision.
Cyber suspicions floated after latest ship collision (GCN) The Navy says there is no sign of cyber intrusion, but 'all possibilities' will be investigated.
The Accidental Panama Papers – @4iQ (Medium) Panama broker accidentally exposed 52,000 financial and legal documents of wealthy individuals
ROPEMAKER Attack Turns Benign Emails Hostile Post-Delivery (Dark Reading) The intersection of email and Web technologies has given attackers a way to mess with your email after it has been delivered to your inbox, Mimecast says.
ROPEMAKER Lets Attackers Change Your Emails After Delivery (BleepingComputer) A new email attack scenario nicknamed ROPEMAKER allows a threat actor to change the content of emails received by targets via remote CSS files.
Chinese Advertising SDK Caught Stealing Data From Android Devices (BleepingComputer) An advertising software development kit (SDK) embedded in many legitimate apps has been secretly siphoning user data and sending it to the servers of a Chinese company.
Google Play Store Security Scans Tricked by ...Sigh... In-Dev Malware (BleepingComputer) Google has yet to remove two apps infected with dangerous malware that are currently still available for download via the official Google Play Store.
Free VPNs among eight hacked Chrome Extensions (VPNCompare) The Chrome extensions of two free VPN services are among eight which were hacked at the end of the last month, putting user data at risk.
Microsoft Sounds Alarm on Weaponized Virtual Machines on the Cloud (eWEEK) To prevent widespread cyber-attacks, enterprises are advised to protect their cloud credentials and tighten up their security policies.
Malware uncovered by ESET researchers aimed at gamers (WeLiveSecurity) ESET researchers have discovered a new malware that can download and install virtually any other malicious code on the victim’s the malware computer.
China Is Boosting Its Phishing Attacks — Against Vietnam (BuzzFeed) The efforts to gain access to computers in Vietnam reflects how commonplace cyberespionage has become among nations.
Android Ransomware Jumps Over 100% in 2017 (Infosecurity Magazine) Android Ransomware Jumps Over 100% in 2017. Malwarebytes stats show growing threat to mobile ecosystem
CryptoMix Variant Can Communicate Offline (Infosecurity Magazine) Error can encrypt files with no network communication
New Ransomware Strand Could Affect Government Through Phishing Attempts (MeriTalk) Comodo Threat Intelligence Labs discovered a new strand of ransomware that was used in email phishing campaigns in the beginning of August and is being used in a current hacking campaign.
BEC Campaigns Target Organizations Using Credential Phishing (Flashpoint) Flashpoint identified a BEC campaign that relied on PDFs containing links that redirected victims to credential-harvesting phishing sites.
RiskIQ Warns: Don't Bite The Phish Hook (PYMNTS.com) You there, corporate decision-maker. Are you ready to respond to a cyber threat? How confident do you feel in your ability to handle and mitigate the situation? If the answer is “not very,” you’re in good company. Recent research by San Francisco-based cyber security company RiskIQ, aggregated in the company’s 2017 State of Enterprise Digital […]
WH cyber czar warns against Kaspersky products (TheHill) "[T]hey have a lot of control and latitude over the information that goes to companies in Russia," said Cyber Czar Rob Joyce.
W.H. cybersecurity coordinator warns against using Kaspersky Lab software (CBS News) Rob Joyce says the U.S. is lacking 300,000 cybersecurity experts needed to defend the country
Vetting Code Libraries, Not Just Kaspersky, Will Improve Security (Wall Street Journal) The Trump administration removed Kaspersky Labs from the list of approved cybersecurity vendors because of alleged ties to Russian intelligence. But experts say the true risk of foreign code lies in code libraries that provide the foundation for countless apps and corporate programs.
Malware uncovered by ESET researchers aimed at gamers (WeLiveSecurity) ESET researchers have discovered a new malware that can download and install virtually any other malicious code on the victim’s the malware computer.
Storm breaks over AccuWeather phoning home without consent (Naked Security) Data-sucking service partner says it’s been misunderstood – but you might still want to double-check your settings
Pulse Wave Techniques Allow Cybercriminals to Quickly Ramp Up DDoS Attacks (Security Intelligence) The traditional slow crescendo of malicious traffic in DDoS attacks is being replaced by a technique that hits organizations in multiple places at once.
A reversal? Large-scale DDoS attacks take recent dip (Cyberscoop) Massive denial of service attacks were largely missing from the internet this summer, according to new research from Akamai.
Russian hackers expose allegedly doping footballers (ComputerWeekly) Russian hacking group Fancy Bear has exposed 150 footballers worldwide for allegedly taking banned substances, underlining the importance of protecting personal data
HBO's twitter account gets hacked - The chronological order of cyber-attacks (The FurmanPaladin) Earlier in July HBO’s security was breached. Hacker’s stole 1.5 terabytes of data from HBO’s US servers, including TV episodes and scripts.
WPP on ‘solidifying the fences’ post-cyber attack (The Drum) WPP has said that it understands the
Daily Stormer has officially retreated to the dark web (TechCrunch) The battle against the Daily Stormer has ended in retreat as the racist website has pulled back to the dark web where it is available only via Tor. Former..
Here’s What Russia’s Propaganda Network Wants You to Read (POLITICO Magazine) How a new system for tracking Kremlin influence operations reveals what Moscow is thinking.
Security Patches, Mitigations, and Software Updates
Google’s App Engine gets a firewall (TechCrunch) Google's App Engine service, one of its longest-running public cloud computing platforms, is finally getting a fully featured firewall. Until now,..
Google bakes in sweeter security for Android Oreo (Naked Security) The latest version of Android should be coming to a device near you soon – how does it stack up on the security front?
Facebook is making its Safety Check feature permanent (Naked Security) Safety Check is here to stay – is it a good thing that reassures loved ones, or a feature that causes unnecessary anxiety?
Cyber Trends
Budget and Talent Shortfalls Undermine Public-Sector Cybersecurity, Study Says (FedTech) A lack of IT security professionals means there are fewer around to investigate threats, a Cisco study finds.
Lastline Survey Finds More Than Half of Organizations Have Suffered a Cyberattack (GlobeNewswire News Room) Black Hat 2017 attendees describe how cybercrime continues unabated while enterprises remain ill prepared to defend against it
Independent Research Quantifies Growing Security Management Gap and Business Impact of External Web, Social, and Mobile Threats; Digital Transformation Emboldens Cyber Adversaries (Benzinga) RiskIQ, the leader in digital threat management, today announced that it has published its 2017 State of Enterprise Digital...
KPMG Report States That Majority Of FTSE 350 Boards Lack Cyber Incident Training (Information Security Buzz) Majority of the borad members (68%) in the FTSE 350 said they have not been trained in responding to a cyber attack, according to the research by accountants KPMG on behalf of the government.
Poor cyber security could mean fines of £17m (UKFast) Businesses risk hefty government fines as new research shows a continuing failure to prepare for cyber attacks
Marketplace
Mind the gap: Top cybersecurity vendors report 'epidemic' of staff shortages (CRN) Cybersecurity Ventures flags up worsening skills gap as it unveils its latest Cybersecurity 500 list
Security outfit Root9B on the brink after default, may de-list (Register) Listed company's creditors are circling so it's auctioning assets
ISRAEL : NSO chiefs' Founders Group invests in cybersecurity firms (Intelligence Online) The founders of NSO, the Israeli spyware leader, are also angel investors in startup computer security firms.
FireEye's Management Thinks Its New Product Rocks -- and So Do Its Customers (The Motley Fool) FireEye’s big bet on its new product to overhaul of its legacy software products, called Helix, is paying off.
Cisco Still Doesn't Have Any High-Growth Engines (Seeking Alpha) Last quarter's earnings report confirmed across-the-board tepidness. Cisco's huge cash hoard is the best thing working in its favor right now. The oddly decent
Verizon sets SD-WAN sights on small and medium business branches, adds Versa to growing product portfolio (FierceTelecom) Verizon added Versa Networks to its SD-WAN solution set, reflecting its desire to extend managed services to a broader group of small and medium businesses that are implementing consumer-grade services into their network environments.
Exostar grows cyber security capability (Jane's 360) A joint venture (JV) founded to manage defence supply chains is increasingly focusing on cyber security, as interactions between major primes and smaller companies open potential vulnerabilities.
Meet CrowdStrike's Dmitri Alperovitch, Cyber Spy Hunter (Fortune) Dmitri Alperovitch, CrowdStrike cofounder and tech chief, names and shames nation states—like Russia, China, and North Korea—for hacking.
Why this growing tech company has remained headquartered in Houston (Houston Business Journal) "It's a very large city, and the talent pools that we look for have good representation in Houston."
Forcepoint eyes human factor for global government cyber growth (Washington Technology) The Raytheon-backed Forcepoint venture focuses on defending the people in cybersecurity and sees that as its angle to expand in global government markets.
Forcepoint snaps up former Fortinet APAC sales VP to lead local growth (Security Brief) "George and his team will help lead the charge in delivering the most intelligent systems that facilitate business and foster productivity."
Sophos Appoints Clarissa A. Peterson as Senior Vice President and Chief Human Resources Officer (1888 Press Release) Sophos Appoints Clarissa A. Peterson as Senior Vice President and Chief Human Resources Officer
Cybersecurity Veteran Gord Boyce Joins RedSeal to Lead Commercial Business Unit (Broadway World) Cybersecurity Veteran Gord Boyce Joins RedSeal to Lead Commercial Business Unit
Motorola Solutions hires head of product cybersecurity (BusinessWire) Motorola Solutions (NYSE: MSI) today announced the leader of its new products and services cybersecurity team. Troy Mattern joins Motorola Solutions a
Palo Alto Networks Sales SVP To Retire, Will Be Replaced By Salesforce EVP (CRN) The transition comes as Palo Alto Networks looks to revamp its sales leadership for the second half of the year in the wake of sales-related challenges in early 2017.
Products, Services, and Solutions
Kensington VeriMark Fingerprint Key Honored as New Product of the Year (Top Tech News) Kensington VeriMark Fingerprint Key named Security Today 2017 New Product of the Year Award Winner -- Chosen for outstanding product development and its ability to improve security, the VeriMark Fingerprint Key offers simple, best-in-class biometric authentication for incomparable protection against cyber-thieves and unauthorized access on uncompromised devices
Elcomsoft Phone Breaker 7.0 Extracts and Decrypts iCloud Keychain (Business Insider) ElcomSoft's latest release of Elcomsoft Phone Breaker gains the ability to extract, decrypt and access passwords stored in Apple's cloud password storage, the iCloud Keychain.
Skyhigh Networks brings security features to Cisco Spark (Cloud Pro) The integration gives admins more control over the collaboration platform
SonicWall and Dell EMC Announce OEM Launch of Next-Generation Firewall and Global Management Systems Software Portfolio (BusinessWire) SonicWall announced that Dell EMC will OEM and resell its next-generation cyber security firewall solutions in the United States and Canada.
Webroot and NinjaRMM Expand Partnership to Help MSPs Implement Profitable Security Practices (PRNewswire) Webroot, the market leader in next-generation endpoint security,...
Mercury Systems Announces First Secure Intel Xeon-based Single Board Computer for VME Technology Insertions (GlobeNewswire News Room) Low-power SBC brings performance and secure technology to VME legacy systems
Telos Corporation Partners with Sequoia Holdings, Inc. to Help Software Vendors Address Intelligence Community Requirements (BusinessWire) Telos Corporation partners with Sequoia Holdings, Inc. to help software vendors address intelligence community requirements.
Google touts Titan security chip to market cloud services (REUTERS) Alphabet Inc’s (GOOGL.O) Google this week will disclose technical details of its new Titan computer chip, an elaborate security feature for its cloud computing network that the company hopes will enable it to steal a march on Amazon.com Inc (AMZN.O) and Microsoft Corp (MSFT.O).
Zerto accelerates hybrid cloud resilience with new disaster recovery tech (Channel Life) “The release of Zerto Virtual Replication 5.5 is the latest proof point of what’s possible in the cloud as we build upon our disaster recovery roots."
ZeroDown® Software joins forces with Fortinet to Deliver Always Available and Always Secure Services for the Cloud (PRWeb) ZeroDown Software announced today that it has joined Fortinet's Technology Alliance Partner program, paving the way for ZeroDown’s Multi-Cloud with Business-Continuity services to be woven into Fortinet’s Security Fabric. For organizations seeking a safe and rapid pathway to the clouds, these complementary technologies and services bring an unmatched level of business assurance and data security.
‘Push-to-delete’ feature improves cyber security (indiannewslink.co.nz) Supplied Content Lucerne, Switzerland August 23, 2017 Leading encrypted messaging app SafeSwiss (http://www.safeswiss.com) is doing away with email attachments being sent to the wrong person, with its
NeuVector Takes Initial Stab at Securing VMware Container Environ (SDxCentral) NeuVector said it was able to demonstrate monitoring and protecting of applications running in VMware's VIC environment.
Telos Corporation Partners with Sequoia Holdings, Inc. to Help Software Vendors Address Intelligence Community Requirements (BusinessWire) Telos Corporation partners with Sequoia Holdings, Inc. to help software vendors address intelligence community requirements.
Ironshore establishes computer emergency response team to help policyholders with cyber response (Canadian Underwriter) New York-based Ironshore Inc. is taking steps to help manage cyber claims for all in-force policies, regardless of line, with the launch of a dedicated computer response team. Comprised of cyber claims co-ordinators representing each of the insurer’s specialty lines…
Bugcrowd Launches Bug Bounty Program for eero (Benzinga) eero's bug bounty program will allow researchers to submit bugs in a visible, predictable and scalable system
Zerodium Offers $500K for Secure Messaging App Zero Days (Threatpost) Zerodium announced new $500,000 payouts for zero days in secure messaging apps such as Signal, WhatsApp and others.
InfoZen enables pre-deployment patching for DevOps coding (CSO Online) For this review, InfoZen was brought in to create a fully-end-to-end DevOps scanning solution using their InfoZen Cloud and DevOps Practice service. Even within our admittedly tiny test environment, the benefits of the InfoZen toolset and automatic processes were obvious.
Illumio Improves Security With New Visualization and Policy Features (eWEEK) The micro-segmentation security technology vendor updates its platform with new capabilities to understand and create security policies.
Technologies, Techniques, and Standards
Garrett Gross: Open-Sourcing Malware Prevention – Why Sharing is Caring (Cylance) Matt Stephenson gets the low-down from AlienVault's Garrett Gross on how much stronger we can be as a security community, rather than fighting the battles as individuals and companies.
IPs Aren't People (Anomali) If you watch a lot of CSI Cyber or hacking movies you might be lead to believe that the IP address is the missing link between an activity on the Internet and identifying who acted. In reality this is rarely the case.There are at least 4 common technologies that obscure who is tied to an IP.There are many other less transient signatures of a system than an IP address.Once a computer is identified it does not always identify who is using it.What is an IP address?IP stands for Internet
Understanding The Dark Web And How It Factors Into Cybersecurity (LookingGlass Cyber Solutions Inc.) Eric Olson, VP of Intelligence Operations at LookingGlass Cyber Solutions, talks about the dark net and how it factors into cyber security.
Small businesses should invest in cyber security (The Telegraph) Paying attention to cyber security should be a key concern for businesses of any size – and it needn’t cost the Earth
Why investing in cybersecurity is cheaper than dealing with a breach (The Nation) At the turn of this millennium, the biggest cybersecurity threats were happening at the network layer and could be easily minimized as IT had complete visibility into the network and an iron grip on access to applications and data. Today's landscape has a starker contrast.
‘Govt files, communication must be encrypted to fend off data breach’ (The Hindu Business Line) Given the large amount of data government agencies keep and confidentiality levels of various projects, they need to adopt new data encryption capabilities designed to address the global epidemic of data breaches. Has
The Changing Face & Reach of Bug Bounties (Dark Reading) HackerOne CEO Marten Mickos reflects on the impact of vulnerability disclosure on today's security landscape and leadership.
Design and Innovation
Researchers devise app to protect PINs and passwords (Help Net Security) Researchers at the NYU Tandon School of Engineering have announced an application to combat shoulder-surfing, whether in person or via a video camera.
United States Air Force Starts Artificial Intelligence Project To Analyze Flow Of Information (Forbes) In June 2017, artificial intelligence (AI) startup, SparkCognition raised $32.5 million Series B funding for its AI powered cyber-physical software (CPS). The round led by Verizon Ventures with participation by Boeing's HorizonX unit. In July 2017, the company announced an eight to 10-month project with the United States Air Force (USAF) to bring AI by the DiuX, which accelerates commercial innovation for national defense.
Here’s Why People Don’t Buy Things With Bitcoin (Motherboard) Thankfully, a potential fix is about to kick in.
Research and Development
Ntrepid Awarded Patent for Innovative and Interactive Timeline Visualization (BusinessWire) Ntrepid Corporation today announced it has been granted US Patent 9,646,394 B2 for unique contextual display of information using digital timelines.
Microsoft's speech recognition is as good as a person (CRN Australia) The technology that powers Cortana has supposedly achieved "human parity".
Legislation, Policy, and Regulation
Sorry, Banning ‘Killer Robots’ Just Isn’t Practical (WIRED) Elon Musk and others seek restrictions on use of autonomous weapons
Banks given up to Nov 30 to present cybersecurity plans (The Star, Kenya) All commercial banks in the country have until end of November to present their elaborate cybersecurity plans. The Central Bank, in new regulations, said the move seeks to increase the industry’s stability on the back of increased application of digital technology that comes with higher risks of cyber crimes.
FG to deploy relevant technologies to curb financial crime (Vanguard News) Dr Ogbonnaya Onu, the Minister of Science and Technology, says the ministry will fabricate and deploy relevant technologies to assist in the fight against financial crime in the country.
Cyber initiatives roll on, despite political uncertainties (Washington Examiner) Positive indicators include work on an update to the cyber framework and outreach efforts to the private sector on cyber initiatives at the...
McCain slams slow pace of cyber policy (FCW) The chairman of the Senate Armed Services Committee wants to see the Trump administration move faster on implementing cybersecurity policy.
All the Ways US Government Cybersecurity Falls Flat (WIRED) A new study shows not only that federal cybersecurity is as dismal that you thought, but why.
Elevation of US Cyber Command recognizes its 'coming of age' (FederalNewsRadio.com) U.S. Cyber Command's elevation to a unified combatant command is "mostly symbolic," but the symbolism is important.
Questions surround Trump NSA director’s job (TheHill) President Trump’s decision to elevate the U.S. Cyber Command has thrust National Security Agency director Mike Rogers into the spotlight.
No US-Russia cyber unit without Trump notifying Congress, bill says (The Indian Express) The annual Intelligence Authorization Act requires approval by the full Senate and House and the president's signature before it can become law. No vote has been scheduled and the last act was passed by Congress in March.
Statement on Solomon Islands undersea cable (Huawei) Huawei Technologies rejects the baseless allegations made in the Fairfax newspapers (20/8) regarding the Solomon Islands undersea cable project.
Litigation, Investigation, and Law Enforcement
Dutch police cancel Rotterdam rock concert over terror fears (Times) Dutch police issued a terrorism alert last night after stopping a van packed with gas cylinders outside a rock concert venue in Rotterdam. The Spanish driver of the van was arrested after a tip-off...
Shout ‘Allahu akbar’ and you will be shot, warns Luigi Brugnaro, mayor of Venice (Times) The right-wing mayor of Venice has courted controversy by claiming anyone who yells “Allahu Akhbar” in the city’s St Mark’s Square will be shot. Speaking at a conference, Luigi Brugnaro said Venice...
In Barcelona and Finland, Europe's New Normal (Foreign Affairs) The frequency of Islamic State (ISIS) attacks in Europe remains exceptionally steady, with authorities struggling to respond to the scale of the threat. The incidents in Spain and Finland last week epitomized the trend.
Terror in the Terroir (Foreign Affairs) The roots of France’s problem with terrorism lie in a complex mixture of religion, social pressures, and alienation. But the solutions need not be so convoluted. Better policing, coordination, and community outreach can all make the jihadist threat less lethal.
Finjan files patent infringement suit against Bitdefender as part of campaign to protect online security IP (IPWatchdog) Finjan asserts four patents, alleging that Bitdefender marketing of antivirus, cloud and sandboxing technologies infringes the patents in suit.
Is James Damore's Law Firm Preparing a Class Action Lawsuit Against Google? (Motherboard) The firm is looking for employees who have been “defamed/slandered/smeared/blacklisted at Google for political views, or views about affirmative action at Google.”
Feds: Son teaches dad how to sell drugs on AlphaBay, they both get busted (Ars Technica) From his iPad, son allegedly searched “safest wallet to transfer tumble.”
Suspect in Yahoo Breach Pleads Not Guilty (Dark Reading) Karim Baratov enters his plea in US Courts today, after waiving his extradition hearing in Canada last week.
Man gets 25 years for hacking lottery computers and winning $2.2 million (HackRead) In April 2015, it was reported that Eddie Raymond Tipton, a lottery computer programmer from Texas was arrested for hacking Lottery computers to win $14.3