Cyber Attacks, Threats, and Vulnerabilities
Merkel ally cites thousands of cyber attacks from Russian IP addresses (Reuters) A top leader of German Chancellor Angela Merkel's conservative party said her website had been hit by thousands of cyber attacks -- many from Russian IP addresses -- before Sunday's televised election debate.
Bitdefender links Pacifier APT to Turla Group (Enterprise Times) Bitdefender's latest analysis of Pacifier APT links it to the Turla Group of cybercriminals who have connections to Russia
KHRAT Trojan sweeps across Cambodia (ZDNet) The RAT has ramped up its technology and techniques to compromise victim PCs, but campaigns appear to have a political purpose.
Isis agent using message app told BBC reporter to attack London (Times) Islamic State recruiters used encrypted message services to encourage terrorist attacks on London Bridge and at Westminster, it has been revealed. Agents for the group gave instructions to...
Taliban mimic American commandos in latest propaganda video (Military Times) A recent Taliban propaganda video uploaded to the group’s official media site appears to show Taliban fighters mimicking the style and tactics of American commandos.
Al Qaeda-linked jihadist in Kashmir criticizes Pakistani Army (FDD's Long War Journal) On Aug. 31, Ansar Ghazwat-ul-Hind's leader, Zakir Musa, released an audio message in which he criticized the Pakistani government for supposedly betraying the jihad in Kashmir.
U.S. Takes Fight to ISIS on Cyber Battlefield (The Cipher Brief) No terrorist group has capitalized on networked technology more than ISIS, both for recruitment messaging and commanding their fighters on the ground.
Massive attack: Vulnerable MongoDB databases targeted in new wave of ransom attacks (Computing) Security shortcomings return to haunt MongoDB as it prepares for $1.6bn IPO
Princess ransomware targets hacked websites via RIG exploit kit (TechRepublic) A new cybercrime campaign uses the RIG exploit kit to infect computers with PrincessLocker ransomware, and demands at least $367 from victims.
Massive Locky ransomware campaign sends 23M messages in 24 hours (TechRepublic) Locky ransomware is making a comeback, with one of the largest attacks this year. Here's how to protect your business.
Free Cobian RAT Offered on Underground Hacking Forums Comes With a Backdoor (BleepingComputer) A remote access trojan (RAT) offered as a free download on underground hacking forums comes with a secret backdoor that grants the original author access to all the victim data.
DDoS Booter Service Suffers Security Breach (BleepingComputer) A dissatisfied customer has breached the server of TrueStresser, a DDoS-for-hire service, pilfered its database, and leaked some of the content online.
Petya-like infection attempts still active in Australia: Symantec (ZDNet) Both Petya and WannaCry highlighted that Australia is not immune to cyber threats, and the best mode of defence is educating staff and reporting malicious activity, Symantec's APJ CEO has said.
Poor security hygiene results in worm-like attacks; report (ITP) Cybercriminals are exploiting known vulnerabilities resulting in maximum impact
Banking Trojan Now Targets Coinbase Users, Not Just Banking Portals (BleepingComputer) The TrickBot banking trojan has added support for stealing funds stored in Coinbase.com accounts, according to a recent version spotted in a distribution campaign last week.
Twitter struggles to deal with the sock-puppet and bot armies (Naked Security) The latest twist sees the bot armies busily retweeting legitimate accounts in an attempt to get them banned for abuse – and it’s working. So why can’t Twitter do better?
Data Breach Exposes Thousands of Job Seekers Citing Top Secret Government Work [Updated] (Gizmodo) Thousands of files containing the personal information and expertise of Americans with classified and up to Top Secret security clearances have been exposed by an unsecured Amazon server, potentially for most of the year.
Statement on Information Breach of TalentPen, LLC’s Cloud File Hosted by Amazon Web Services (TigerSwan) On Thursday, August 31st, a press inquiry alerted TigerSwan that resume files, accessed by a cyber resilience company (Upguard Inc.) on a site hosted by Amazon Web Services and controlled by a former recruiting vendor, TalentPen, LLC, were publicly accessible.
Insecure: How A Private Military Contractor's Hiring Files Leaked (UpGuard) Thousands of resumes belonging to individuals applying to security firm TigerSwan were found publicly exposed in an AWS S3 bucket.
Instagram warns millions of users may have been affected by hack (The Independent) A group of hackers targeting A-list celebrities' Instagram accounts may have accessed millions of users' private data, the social media site has warned. Singer Selena Gomez appeared to be one of the stars whose accounts were compromised during a cyber attack on the picture-sharing app last week.
Instagram hack victims identified, details now for sale on darkweb (SC Magazine) The 500 A-list celebrities whose Instagram accounts have been hacked, and whose contact details are for sale on the dark web, have now been identified.
Data breach hits four million Time Warner app users (BBC News) Account and other details were exposed when the data was accidentally left unprotected online.
BroadSoft at Heart of TWC Customer Data Blunder (Light Reading) Details related to more than 4 million Time Warner Cable customer contracts were exposed online and the culprit appears to be unified comms app partner BroadSoft.
University secrets are stolen by cybergangs (Times) Criminals are launching hundreds of successful cyberattacks on British universities each year, targeting scientific, engineering and medical advances including research into missiles. Cybersecurity...
Pirate Bay and other torrent sites hit by cyber attack and temporarily taken offline, Isohunt disappears altogether (Thai Tech) Some of the world’s leading torrent sites have suffered major outages this week, while others, such as Isohunt, have mysteriously disappeared.
Hillary Clinton endorsed a startup — and then it fell victim to a cyber attack (Recode) Introducing Verrit, a new effort to organize Clinton supporters and arm them in social media fights
Copeland Borough Council falls victim to cyber attack (Mail) Copeland Borough Council fell victim to the attack, with significant internal disruption caused.
Radio Hacker Interrupts Police Chase in Australia (BleepingComputer) A pirate broadcaster posing as a police officer interfered in a police chase this week in Australia, forcing officers to call off the pursuit of two suspected armed robbers.
GPS Jammer - Exploitations used by several attackers with various motives (Spirent) Today, car thieves around the world are using GPS jammers to aid their getaways, and experts say it's only a matter of time until more ominous parties catch on.
Security Patches, Mitigations, and Software Updates
WINDOWS 10 ALERT - PC users urged to upgrade NOW or face security crisis (Express.co.uk) WINDOWS 10 doubters who are fans of Microsoft’s flagship OS series but are yet to upgrade have been warned to do so now - or they risk facing a security crisis.
Cyber Trends
Malware vulnerability high in Kingdom, report notes (Phnom Penh Post) Cambodia is among the most vulnerable countries in Asia when it comes to viruses, spam, spyware and other cyberthreats, according to a recent report from Microsoft.
Warning: Digital Malaysia growth is attracting more cyberattacks (MIS Asia) CyberSecurity Malaysia and Trend Micro reveal new data, which also suggests the type of organisations that are now most vulnerable.
How ‘Doxxing’ Became a Mainstream Tool in the Culture Wars (New York Times) Identifying extremist activists and revealing their personal information has become a bit of a sport on the internet. Some worry about mistakes and the permanent stigma of online shaming.
Marketplace
The world's top 10 largest cybersecurity | security consulting firms (Consultancy) The Big Four – Deloitte, EY, PwC and KPMG – are the globe’s largest security consulting firms, according to new data.
Beware the ever-growing reach of Google (Times) A small kerfuffle in Washington this week said a lot about power in the modern world. Barry Lynn, head of the open markets initiative at the New America Foundation, a Washington think tank partly...
A Serf on Google's Farm (Talking Points Memo) An unintended effect of Google’s heavy-handed attempt to silence Barry Lynn and his Open Markets program at New America has...
Opinion | The Russian Company That Is a Danger to Our Security (New York Times) Kaspersky Lab, the cybersecurity company, is close to Putin’s government. So why is the U.S. government using its software?
Why the US Government Shouldn't Ban Kaspersky Security Software (WIRED) Opinion: The US government's decision to ban promising security technology could impair free trade.
Companies should treat cybersecurity as a matter of ethics (San Francisco Chronicle) A couple of years ago, a reader took issue with a column on cybersecurity.
Hewlett Packard Enterprise to complete software spin-off (Reuters) Hewlett Packard Enterprise Co (HPE.N) completed the spin-off of much of its software business early on Friday, closing the door on the disastrous 2011 acquisition of British firm Autonomy and narrowing the company's focus to data center hardware and software.
4 Important Things about Hewlett Packard Enterprise's Multibillion Dollar Spinoff (Fortune) The company has shed its software business.
4 Risks Cisco Systems Bulls Need to Know (The Motley Fool) Generic competition, market share losses, a slowing security business, and an unclear future for its offshore cash could all spell trouble for Cisco.
You'll Be Surprised at the Size of Cisco's War Chest (The Motley Fool) The networking giant can throw a lot of cash at its problems -- but only if U.S. taxes are lowered.
Palo Alto Networks' Shares Soar 7% on Strong Customer Growth (Fortune) A good quarter for the cybersecurity firm.
How a "no a-hole" hiring policy helps Duo Security keep customers happy (Built In Austin) Duo Security has a 98 percent approval rating among customers. A big part of that comes down to culture.
Leidos wins Army intel contract (C4ISRNET) Under the contract, Leidos will provide control, communications, computers and information management services.
Lockheed Martin promotes local leader Stephanie Hill (Baltimore Sun) Defense contractor Lockheed Martin promoted Baltimore native Stephanie Hill to senior vice president for corporate strategy and development.
Products, Services, and Solutions
Rohde & Schwarz Cybersecurity’s Deep Packet Inspection Software Now Detects Bitcoin Transactions in Network Traffic (Rohde & Schwarz) The new Bitcoin protocol classification functionality enhances network analytics and security solutions to identify Bitcoin network activity. This enables enterprises to identify, control and block bitcoin transactions within a network.
PrivatizeMe Makes Effortless Privacy Protection Possible (PRNewswire) PrivatizeMe (www.privatizeme.com), has released the PrivatizeMe...
SafeNet Assured Technologies Launches New Tactical Cryptographic Key Management Platform (PRWeb) KeySecure G160 for High Assurance supports the protection of sensitive data-at-rest across traditional or virtualized data centers in mobile and disconnected tactical environments
On the Radar: Cylance Adds an Endpoint Detection and Response Capability - Research and Markets (BusinessWire) The "On the Radar: Cylance Adds an Endpoint Detection and Response Capability" company profile has been added to Research and Markets' offer
Upstream and Bitdefender Launch Security Kit for Emerging Markets (BusinessWire) Upstream, the leading mobile commerce platform in high-growth markets, today announces the launch of Security Kit, in partnership with Bitdefender.
County to improve cyber security software (Emporia Gazette) Lyon County commissioners decided a change was needed in their anti-virus software Thursday during their action session in the Lyon County Courthouse.
VMware Builds Out Its Security Story Through Cloud Services (eWEEK) VMware's cloud security product, AppDefense, is built around the concept of "least privilege"—the idea that nothing in a network is fully trusted.
Technologies, Techniques, and Standards
Find Opportunities to Introduce Network Segmentation (Palo Alto Networks Blog) Lawrence Chin examines the benefits of network segmentation for financial institutions.
Cylance CPO Rahul Kashyap Explains How AI, Algorithms Are Improving Cybersecurity (International Business Times) Cylance Chief Product Officer Rahul Kashyap talks to International Business Times about the role of AI in cybersecurity.
Open source or proprietary: how should we secure voting systems? (Naked Security) While Russian hackers were ‘probably unsuccessful’ at hacking the votes in last year’s presidential election, it doesn’t mean they won’t try again – which makes …
Hurricane Harvey: Kroll Ontrack Provides Tips to Prepare for and Deal with Data Loss (Kroll Ontrack) Kroll Ontrack gives data recovery tips to flood victims during hurricane season
Design and Innovation
Security-focused phone launches crowdfunding drive (Naked Security) Would you pay $599 for a phone with an open-source OS that puts you in control of its security?
Microsoft Joins Top Universities, Finance and Technology Leaders to Advance Blockchain-Based Solutions and Infrastructure (Newswise) Microsoft & IC3 are joining the Initiative for Cryptocurrencies and Contracts (IC3), which includes faculty members at Cornell University, Cornell Tech, UC Berkeley, University of Illinois at Urbana–Champaign, and the Technion, along with leading finance and technology companies.
Alibaba, EY, IBM And Microsoft Use The Blockchain To Create A Transparent Supply Chain (Forbes) Global companies are looking to deploy blockchain technologies in their supply chains to give them greater transparency. Crucially, blockchain solutions have the potential to solve visibility issues that have dogged the supply chain for decades.
Tempted to join the games in the crytpcurrency playground? (Naked Security) It’s swings and roundabouts when it comes to cryptocurrencies: they have much to offer for those seeking privacy, but there are risks to bear in mind, too
How Blockchain Technology is Taking Gambling Industry to New Level (Cointelegraph) Why using cryptocurrency has become a widely popular solution for gambling industry
Burger King launches WhopperCoin crypto-cash in Russia (BBC News) The virtual cash will be given out when people buy food in Burger King restaurants.
Платформа Waves поможет “Бургер Кинг Россия” запустить программу лояльности на блокчейне (Burgerking.ru) В рамках программы лояльности “Бургер Кинг Россия” выпустила 1 млрд Whoppercoin. Посетители ресторанов сети в России будут иметь возможность получить “вопперкоины” исходя из суммы чека: 1 рубль = 1 Whoppercoin. За 1700 “вопперкоинов” посетитель сможет получить один воппер.
Research and Development
Data61 and ANU establish research institute to tackle AI (ZDNet) The 3A Institute will bring together researchers from around the world to address the various challenges around the application of artificial intelligence.
Stanford University Researchers Create Cryptographic Technique to Protect Patient Privacy During Genome Analysis (The University Network) Researchers at Stanford University in Palo Alto, California have recently engineered a breakthrough in their work with genome analysis.
Air Force 3-star: “algorithmic warfare” needed for future ISR, combat ops (Defense Systems) Artificial intelligence and human-machine warfare will increasingly be vital for Air Force ISR operations as a way to keep pace with the speed and scale of information technology.
Academia
Software company to simulate cyberattacks for college and university IT competition (EdScoop) Symantec is debuting a higher ed cybersecurity competition to train IT staff using real-life scenarios.
MS in Cybersecurity Offered at Irvine Location (Webster University) Classes for Webster University’s acclaimed Master’s in Cybersecurity program will be offered in Irvine later this fall, it was announced this week. It will be the first classroom-based Master’s in Cybersecurity program offered in Orange County.
New grant will educate high school students on cyber security (PNW Pioneer) PNW received a $482,926 grant for a three-year project to develop course curriculum modules that will educate high school students about cyber security.
BH Consulting launches scholarship programme to address infosec skills gap (Help Net Security) BH Consulting, an information security specialist company, has launched a Masters Scholarship programme to encourage talented people to enter the cybersecu
Legislation, Policy, and Regulation
Modi calls for coordinated action on counter terrorism, cyber security (The Hindu Business Line) Suggest 10 noble commitments to be taken up by BRICS leadership for global transformation
‘Dictator’ Hun Sen forces Cambodia Daily paper to close (Times) The Cambodia Daily, a scourge of Hun Sen, the country’s authoritarian prime minister, closed yesterday in a crackdown that has prompted claims that the country is sliding into a dictatorship. The...
Germany Strengthens Its Cyber Defense (Foreign Affairs) Recent cyberattacks against Germany match the pattern of earlier attacks elsewhere in the West. In response, Germany has taken a number of steps in response, including opening a cyber command in Bonn.
Lawyer suggests tying access to encryption to verified ID (Naked Security) The lawyer leading a government review into terrorism law has suggested that we be forced to prove who we are before we’re allowed access to encrypted accounts – but it’s an idea …
Chinese Agency Linked to Cyber-Espionage Operations Will Review Source Code of Foreign Firms (BleepingComputer) According to a new law voted in 2016 and which came into effect starting June 1, 2017, foreign companies activating in China could be forced to provide access to their source code to a state agency that has been recently linked to China's nation-state cyber-espionage campaigns.
Australia reviews defence export controls, perhaps easing cryptography research (Register) Hacker, white hat or crypto boffin? This is important
Taking Stock of Trump's Cybersecurity Executive Order So Far (WIRED) After several missed deadlines, Trump's cybersecurity executive order has gotten off to a slow start.
Getting to Ground Truth on the Elevation of U.S. Cyber Command (War on the Rocks) One of my biggest frustrations during my time in the Office of the Secretary of Defense’s cyber policy office was the way elevating U.S. Cyber Command beca
Kate Charlet: Implications of changes to CYBERCOM status (FederalNewsRadio.com) Putting CYBERCOM on an even playing field with the rest of the Defense Department's combatant commands has serious implications.
How much does federal government spend on cybersecurity? (Fifth Domain) New database of agency cyber spending shows a 270 percent increase over nine years.
Litigation, Investigation, and Law Enforcement
In Unprecedented Reversal, Kenya’s Top Court Throws Out Election Result (Foreign Policy) International observers were quick to endorse the results of last month's presidential election. Now they're facing uncomfortable questions.
Russia probes kick into high gear (POLITICO) Three congressional committees are pursuing investigations, and high-ranking Trump associates are expected to testify soon.
Opinion | The Nation issues editor’s note on story questioning whether the DNC was hacked (Washington Post) Review followed internal concerns about the magazine's coverage of Russia and its role in the election of President Trump
Proof that investigating Trump is starting to backfire for Democrats (New York Post) There’s a lot going on in the Hillary Clinton/Donald Trump/Russia investigation that all the highfalutin’ newspapers that cover politics are still trying to ignore. Well, investors had better…
Trump’s Cabinet members have blown a deadline for key cybersecurity reports by two months (Newsweek) The reports are meant to respond to Russian hacking that interfered in the 2016 U.S. election.
Byron York: FBI fights public release of Trump dossier info (Washington Examiner) Just what did the FBI do? Why? And did the FBI ever use the 'salacious and unverified' information in the dossier as a basis for applying fo...
Judge Orders FBI To Make Details Of Clinton Email Probe Public (The Daily Caller) A federal judge ordered the FBI Thursday to publicly release previously unseen documents related to the investigation into former Secretary of State Hillary Clinton's use of a private email server.
In Election Interference, It’s What Reporters Didn’t Find That Matters (New York Times) When Nicole Perlroth, Michael Wines and Matthew Rosenberg set out to understand Russian hacking in the last election, the absence of good data was conspicuous.
US Justice Department: No evidence Obama wiretapped Trump Tower (i24NEWS) The Justice Department said there are 'no records related to wiretaps as described by the March 4 tweets.'
Ex-cop who won’t decrypt hard drives still in jail indefinitely (Naked Security) It’s not about the Fifth; it’s about a search warrant in a child abuse case, and there’s no maximum prison sentence for those in contempt
Yahoo hack victims can sue new owner Verizon, court rules (Inquirer) Ruling couldn't happen to a nicer cable company
Imperva Cuts $19M Deal To End Investors' Stock-Drop Row (Law360) Shareholders of data security company Imperva Inc. asked a California federal judge on Thursday to preliminarily approve a $19 million settlement that would resolve putative class claims that the company misled investors and cost them nearly half the value of their investment while letting executives sell off their shares for millions.
Police Seize Domain of Online Store That Stole User's Card Data (BleepingComputer) Canadian police have seized the domain of Fazny.ca, an online electronics store that stole users' payment card data and used it to make fraudulent purchases.