Baltimore: the latest from the Cyber Security Conference for Executives at the Johns Hopkins University
Equifax breach brings renewed attention to information security vulnerabilities (The Hub) Equifax breach brings renewed attention to severe information security vulnerabilities
Cyber Attacks, Threats, and Vulnerabilities
New Group of Iranian Hackers Linked to Destructive Malware (WIRED) A suspected Iranian government hacking team known as APT33 may be planting computer-killing code in networks around the world.
Meet APT33: A Gnarly Iranian Hacker Crew Threatening Destruction (Forbes) Iran is building up its cyber capabilities and the emergence of a group of hackers, dubbed APT33, has given rise to concerns the nation's cyberwarfare units are looking to launch destructive attacks on critical infrastructure, energy and military bodies.
Cyber Assaults on Democracy’s ‘Brain-Space’ are Here to Stay (The Cipher Brief) The United States has no peer competitors in conventional military power. But its adversaries are increasingly turning to asymmetric methods for engaging in conflict. Cyber-enabled information warfare (CEIW) is a form of conflict to which the United States – and liberal democracies more generally – are particularly vulnerable. Information warfare involves the deliberate use of information to...
The Brief Life, and Looming Death, of Europe’s ‘SWAT Team for Truth’ (Foreign Policy) The Czech Republic launched the continent’s first center to combat fake news in January. It might not survive the year.
Russia’s Digital Weapons Refined on Virtual Battlefield’ of Ukraine (VOA) Digital intrusions see data deleted, networks crippled with real life consequences
SEC says hackers may have traded using stolen insider information (Reuters) The top U.S. markets regulator said on Wednesday that hackers accessed its corporate disclosure database and may have illegally profited by trading on the insider information stolen.
SEC Says It Was Hacked in 2016 (Security Week) The United States Securities and Exchange Commission (SEC) said late Wednesday that it was the victim of a cyber-attack in 2016 that may have allowed hackers to profit through trading on non-public information in its EDGAR filing system.
SEC Chairman Clayton Issues Statement on Cybersecurity (US Securities and Exchange Commission) Discloses the Commission’s cyber risk profile, discusses intrusions at the Commission, and reviews the Commission’s approach to oversight and enforcement
Statement on Cybersecurity: Chairman Jay Clayton (US Securities and Exchange Commission) Data collection, storage, analysis, availability and protection (including security, validation and recovery) have become fundamental to the function and performance of our capital markets, the individuals and entities that participate in those markets, and the U.S. Securities and Exchange Commission...
Statement on Cybersecurity: Commissioner Michael S. Piwowar (US Securities and Exchange Commission) Effective management of internal cybersecurity risk is critical to the SEC achieving its mission and to protecting the nonpublic information that is entrusted to this agency.
Media giant Viacom dodges bullet over massive security breach (BGR) Viacom, the media conglomerate that owns Paramount, Comedy Central, MTV, and hundreds of other properties, has had a giant security flaw exposed by a security firm. The good news is that hackers do…
Cut Cord: How Viacom's Master Controls Were Left Exposed (UpGuard) An internet-exposed Puppet master and secret keys left the media empire's cloud assets vulnerable to exploitation.
Equifax directed consumers to fake phishing site for weeks (Help Net Security) Equifax phishing alert! You can add another blunder to the already long list of Equifax's missteps: they've been pointing customers to a fake phishing site.
Plenty of blame to go around for Equifax breach (Software Development Times) You can blame developers, you can blame open source, but until C-level executives start considering security a first-class problem, breaches will continue.
What cybercriminals do with Stolen Social Security numbers (WTVR) The Equifax breach included names, Social Security numbers and home addresses. Those are valuable details for criminals who want to drain bank accounts or commit tax fraud.
The CCleaner Malware Fiasco Targeted at Least 20 Specific Tech Firms (WIRED) The backdooring of security software CCleaner now appears to have been more of a targeted spying operation than a mere cybercrime scheme.
Researchers Link CCleaner Hack to Cyberespionage Group (Motherboard) Experts believe a state-sponsored hacker was behind the attack, which affected 2.2 million people.
Avast takes dig at Cisco, thanks Morphisec for uncovering CCleaner compromise (Inquirer) Firm also plays down the number of users affected
New RETADUP Variants Hit South America, Turn To Cryptocurrency Mining (TrendLabs Security Intelligence Blog) Several months ago, we discovered and exposed RETADUP malware in Israeli hospitals. We also learned that an Android malware known as “GhostCtrl” was stored in their infrastructure, which might be used for cyberespionage or cybercrime.
Underground Hacking Forum Admins Having Second Thoughts About Selling Ransomware (BleepingComputer) Administrators of various underground hacking forums hosted on both the public Internet and Dark Web are having serious discussions about the "good idea" of allowing the sale of ransomware via their platforms.
Using security cameras and infrared light to extract data from air-gapped networks (Help Net Security) Attackers can covertly exfiltrate data from and send data into an air-gapped network by using the infrared light capabilities of security cameras.
Cyber-attack cost TNT at least $300m (BBC News) Delivery company FedEx says a recent cyber-attack cost its TNT division about $300m (£221m).
People may lose money in fake competitions on Facebook (Slovak Spectator) The attackers often try to obtain information necessary for online transactions.
I Uncovered a Group of Scammers Posing as Apple Support Technicians (Motherboard) When I tried calling their number, a woman told me Apple has a second headquarters in Virginia. It doesn’t.
Cyber attack hits Butler Community College (KWCH) Butler Community College says it believes it's the latest institution to fall victim to a cyber attack.
Three-Quarters Of Local Government Departments 'Hit By Malware' (Silicon UK) Half of local government bodies said they've been affected by ransomware in the past year, with 76 percent hit by cyber attacks
Security Patches, Mitigations, and Software Updates
Microsoft Is Adding a Potent Security Feature to Windows 10 (Fortune) Automatic hack recovery
Cyber Trends
New Research from Intermedia Reveals a False Sense of Confidence Among Office Workers with Phishing Scams Still on the Rise (Intermedia) Part 1 of Intermedia’s new 2017 Data Vulnerability Report finds that, despite continued education and awareness, one in five office workers continue to be a victim of costly phishing emails
Survey: Careless errors still pose biggest threat to agency networks (GCN) Careless or untrained insiders pose more security risks to federal agencies than threats from foreign governments, malicious insiders or terrorists, according to a new survey.
End Users Getting Better at Identifying Phishing Attacks (THE Journal) Users today are more likely to recognize a phishing attack than they were a year ago, according to data from Wombat Security Technologies.
India's Transition To Digital Has Caused A Spike In Cyber Attacks, But They Can Be Fought (Forbes) India’s rapid transition to a cashless economy since Prime Minister Narendra Modi’s demonetization drive has exposed new avenues for virulent cyber threats across the nation.
Marketplace
DHS offers new details on Kaspersky ban (FCW) The Department of Homeland Security published the full text of its Kaspersky ban in the Federal Register just as the Senate voted to ban the company from federal networks as an amendment to the defense bill.
Notification of Issuance of Binding Operational Directive 17-01 and Establishment of Procedures for Responses (Federal Register (NPPD DHS)) In order to safeguard Federal information and information systems, DHS has issued a binding operational directive to all Federal, executive branch departments and agencies relating to information security products, solutions, and services supplied, directly or indirectly, by AO Kaspersky Lab or affiliated companies.
Cybersecurity: The Next Mega-Money Merger Game? (ValueWalk) Gen. Douglas MacArthur famously said: “Old soldiers never die, they just fade away.” Smart older companies don’t die (or fade away). When their businesses run out of steam, they just buy their way into some other, faster-growing sector. That’s what …
Symantec's Play for Splunk Ends After Review (Bloomberg.com) Symantec Corp. held talks to acquire Splunk Inc. but called them off after reviewing the analytics software company’s finances, people familiar with the matter said.
Digital Shadows raises $26M to expand its market leading digital risk management service and fuel global expansion (Digital Shadows) Led by Octopus Ventures and World Innovation Lab, this new investment will enable the company to meet increasing customer demand across all verticals and geographies
SecureAuth Raises Over $200M to Confront the New Reality of Cybersecurity (SecureAuth) Merger with Core Security brings a new approach to better detecting and responding to breaches.
Securonix Raises $29M in Series A Funding (FinSMEs) Securonix, a Redwood Shores, CA-based big data security analytics provider, raised $29M in Series A funding
Capsule8 Secures $6 Million in Series A Funding Round Led by Bessemer Venture Partners (GlobeNewswire News Room) Jay Leek of ClearSky Security Joins Capsule8 Board of Directors
inBay Technologies Closes $1+ Million Financing (PRWeb) Cybersecurity firm lands key funding from a billion-dollar equity firm Ramphastos and Ottawa-based angel investors to drive its go-to-market strategy
Rapid7 Channel Chief Looks To Hit Reset Button, Says Small Steps Made To Repair Partner Relationships (CRN) John Ryan, hired as the security vendor's director of the Americas channel in February, says he's seeing progress with a new partner program, a companywide channel mind-set and a push to re-establish trust.
Dragos Partners with The Cyberwire to Increase Industrial and Critical Infrastructure Cybersecurity Awareness (PRNewswire) Industrial control systems (ICS) cybersecurity company Dragos...
Wiretap Names Sean 'Ringo' Doran Director of Design, Jason Morgan Head of Behavioral Intelligence (Marketwired) Doran and Morgan will simplify and innovate Wiretap's product design and psychology, creating human-centered technology experiences, and building behavioral intelligence innovation into Wiretap's secure collaboration solutions
Former DHS cyber official joins Acuity (FCW) Danny Toler, who held a senior post at the National Protections and Programs, has joined the consulting firm Acuity.
Coalfire Appoints Michael Chao as Chief Financial Officer (Business Insider) Coalfire, a trusted provider of cybersecurity advisory services, today announced the appointment of Michael Chao as Chief Financial Officer.
Hiscox hires former GCHQ director to advise on cyber risk (Financial Times) Robert Hannigan will advise insurer on emerging threats and criminal techniques
Indegy Adds Renowned Cybersecurity Expert Mark Weatherford to Advisory Board (BusinessWire) Mark Weatherford, one of the most respected cybersecurity experts in the world, is the latest addition to Indegy’s influential team of advisors.
Products, Services, and Solutions
New center to fight cyber crime opens at Munich Airport (Munich Airport) The number of attacks on the IT systems of companies and public-sector organizations in Germany has rapidly increased in recent years, parallel to the rise of digitization. Munich Airport also faces all kinds of cyber attacks on a daily basis.
ThreatQuotient and Phantom Partner to Leverage Enriched Threat Intelligence Delivering Powerful, Simplified Security Operations (BusinessWire) ThreatQuotient today announced a strategic partnership with Phantom to enable defenders to work more effectively.
Evident.io Helps Enterprises Reduce Complexity of Securing Multicloud Environments with New Support for Microsoft Azure (PRNewswire) Evident.io, the leading provider of public cloud compliance and...
WatchGuard Updates Detection and Automatic Remediation Capabilities with Next-Generation Sandboxing (PRNewswire) WatchGuard® Technologies, a leader in advanced network security solutions,...
PKWARE Brings Persistent Encryption to Turnkey Key Management with Smartcrypt Appliances (PRNewswire) PKWARE, a global leader in data security, today announced the launch of...
Microsoft Embeds Hexadite's AI Tech into Windows Defender ATP (eWEEK) Microsoft is using the AI-enabled threat detection and response technologies it recentely acquired from Hexadite to strengthen Windows Defender ATP.
Radware Launches Ultimate IoT Botnet Protection With New DefensePro® Lineup (GlobeNewswire News Room) Radware® (NASDAQ:RDWR), a leading provider of cyber security and application delivery solutions, today introduced a comprehensive solution for protection from network layer attacks, including increased threats stemming from Internet-of-Things (IoT) botnets.
Code Dx Version 2.6 Supports NIST 800-53 Compliance and Application Security Testing for Mobile Apps (Business Insider) Code Dx, Inc., provider of an award-winning application security solution that automates and accelerates the discovery, prioritization, and management of software vulnerabilities, today announced version 2.6 of its flagship Application Software Vulnerability Correlation and Management solution, Code Dx Enterprise.
Owl Cyber Defense Solutions Announces ISO 9001:2015 Certification (IT Business Net) Owl Cyber Defense Solutions, LLC ("Owl"), the market leader in data diode network cybersecurity solutions, is proud to announce the company has received its official ISO 9001:2015 certification. ISO 9001 is a quality management system based on the idea of continual improvement.
Intelisecure Launches Solutions, Managed Services Offering to Help Midsize Enterprise Organizations Protect Critical Data (Marketwired) Traditionally an underserved market in the area of data protection, yet facing the same threats, regulations and mandates as larger enterprises, midsize enterprises now have an offering that meets their data protection needs at a consumable price point
Comodo Launches cWatch Web to Improve Website Performance and Security (PRNewswire) Comodo, a global innovator and developer of cybersecurity solutions and...
If Your Password Hygiene Sucks, This Password Manager Will Tell On You (Fast Company) Nearly half of surveyed employees use personal passwords for company accounts–a big no-no, says password manager maker Dashlane.
Vidder Selected by Verizon Enterprise Solutions for New Software Defined Perimeter Managed Service Offering (BusinessWire) Verizon Integrating Vidder Technology into its Software Defined Perimeter Managed Service
Palo Alto Networks Strengthens Ransomware Prevention Capabilities With New Traps Advanced Endpoint Functionality (PRNewswire) Palo Alto Networks® (NYSE: PANW), the next-generation security...
Technologies, Techniques, and Standards
Distrustful U.S. allies force spy agency to back down in encryption fight (Reuters) An international group of cryptography experts has forced the U.S. National Security Agency to back down over two data encryption techniques it wanted set as global industry standards, reflecting deep mistrust among close U.S. allies.
Setting the standard for a blockchain protocol for IoT (Help Net Security) The Trusted IoT Alliance aims to bring companies together to develop and set the standard for an open source blockchain protocol to support IoT technology.
After Equifax Breach, Companies Advised to Review Open-Source Software Code (Wall Street Journal) It doesn’t make much sense: At a time when high-powered automated trading systems can execute stock sales in real time, many large corporations that rely on open-source software to run their businesses track their open-source use on spread sheets on paper.
Following Equifax, Focus On Database Encryption (IT Jungle) In the wake of the massive data breach at Equifax that has impacted millions of Americans, suspicions are arising that the company did not even encrypt its data. As hard as it is to believe that one of the big three credit agencies neglected to use encryption, a survey suggests that storing data in plaintext
5 tips for enterprises to ensure their SMB partners don't cause a data breach (TechRepublic) SMBs are valued partners for many firms, but they often lack resources and expertise to develop comprehensive security policies. Here's how enterprises can ensure their partners are cybersecure.
Darktrace: Security teams are too busy battling internal complexity to fight off hackers (Computing) Dave Palmer, director of technology at Darktrace, explains how machine learning can help complex enterprises combat threats before they do serious damage
Research and Development
Army turns to Plan X to defend against cyber threats (Defense Systems) Plan X software and hardware uses traditional warfare tactics to protect the Army from cyber attacks.
Legislation, Policy, and Regulation
Working to Preserve the Stability of Cyberspace (The Diplomat) What can we do to encourage responsible nation-state behavior and restraint in cyberspace?
State of the Union 2017: The Commission scales up its response to cyber-attacks (Europa) Why does the EU need to take action on cybersecurity? Since 2013, the technological and security landscape in the European Union has changed at a very fast pace. Digital technologies are now an integral part of our daily life and the backbone of our economy.
The NDAA Is Fatally Flawed And Threatens National Security (The Daily Caller) Looking at some of the early Christmas gifts buried deep on the National Defense Authorization Act for both liberals like Elizabeth Warren and our enemies like North Korea and Iran, it’s almost hard
Air Force Mulls Merging Cyber, ISR Troops (Breaking Defense) The senior leadership of the Air Force will decide at the late October Corona meeting at the Air Force Academy whether to take the cyber force from Air Force Space Command and merge it with Air Combat Command‘s ISR force.
Is Trump Mulling Peter Thiel for a Top Intelligence Advisory Post? (The Hive) Venture capitalist Peter Thiel has been quietly advising the Trump administration for months. Now—as sources say he could be in line for a top intelligence oversight role—Steve Bannon, White House officials, friends, and foes gauge the billionaire’s motivations, and his Washington mojo.
Lawyers Say More Regulation Is Likely to Follow Equifax Breach (New York Law Journal) Following the Equifax data breach, legal experts are considering what new regulations may result from the massive hack affecting 143 million Americans, and s...
Litigation, Investigation, and Law Enforcement
Equifax Breach Class Action Lawsuit Filed On Behalf Of Nation's 28 Million Small Businesses (PRNewswire) The estimated 28 million small business operators in the U.S. face special...
Trusted insider at the federal level raises concerns (CSO Online) Charged with bank fraud, Imran Awan provided IT services to the U.S. House of Representatives for 14 years. Is he a white-collar criminal or something more sinister?
Facebook and Senate Panel Scuffle Over Russia Investigation (Foreign Policy) Even fake Russian accounts may have some legal protection.
Tucker Breaks Down New Trump Wiretap Report: 'Rogue' Intel Agencies or DC 'Collusion' (Fox News Insider) Tucker Carlson discussed a new CNN report that appeared to give credence to President Trump's much-maligned suspicions that his New York City skyscraper was wiretapped during the 2016 campaign.
Legal experts bat down Fox News claims Trump vindicated on wiretapping accusations (Newsweek) The president's claims that Obama wiretapped Trump Tower aren't true even after Manafort disclosure, say legal experts.
All Mr. Comey’s Wiretaps (Wall Street Journal) Congress needs to learn how the FBI meddled in the 2016 campaign.
Samantha Power sought to unmask Americans on almost daily basis, sources say (Fox News) Samantha Power, the former U.S. ambassador to the United Nations, was 'unmasking' at such a rapid pace in the final months of the Obama administration that she averaged more than one request for every working day in 2016...
Stingray surveillance ends with cop shooter getting 33 years in prison (Ars Technica) “As I get older, I think more about what's going to happen to my soul when I die.”
Prosecutors Say Weiner Deserves Jail Time in Sexting Case (New York Law Journal) Former U.S. Rep. Anthony Weiner 'deserves time in prison' for his conviction of sending obscene material to a minor, prosecutors argued in papers filed Wedne...