Cyber Attacks, Threats, and Vulnerabilities
Deloitte hit by cyber-attack revealing clients’ secret emails (Guardian) Exclusive: hackers may have accessed usernames, passwords and personal details of top accountancy firm’s blue-chip clients
Breaking nuclear deal could bring hacking onslaught from Iran (POLITICO) “They’re plenty good enough to cause a lot of difficulty,” said one cyber expert.
Nuclear war isn't North Korea's only threat (CNN) The country has invested heavily in cyberattack operations to target Western countries and South Korea, Eric O'Neill says.
Researchers Link CCleaner Hack to Cyberespionage Group (Motherboard) Experts believe a state-sponsored hacker was behind the attack, which affected 2.2 million people.
CCleaner malware may be from Chinese group: Avast (iTWire) Security company Avast says it has found similarities between the code injected into CCleaner and the APT17/Aurora malware created by a Chinese advanc...
This Google, Microsoft, Samsung-Targeting 'CCleaner' Attack Sets an Insidious Trend (Fortune) Hackers have learned to compromise software supply chains.
Researchers claim ISPs are 'complicit' in latest FinSpy snooping rounds (Register) Dictators' favourite spyware is working at the top, says report
Passwords to Over a Half Million Car Tracking Devices Leaked Online (Gizmodo) We’ve seen a lot of data breaches this year: some big, some small, some that are dangerous, and some that are just embarrassing. But if we were to name one as the creepiest data breach of 2017, this leak of logins for car tracking devices might take the cake.
Another Verizon leak exposed confidential data on internal systems (ZDNet) Dozens of documents reveal detailed maps and configurations of internal Verizon servers.
Chris Vickery on Amazon S3 Data Leaks (Threatpost) Mike Mimoso talks to Chris Vickery of Upguard of the recent rash of Amazon S3 data leaks.
Ransomware or Wiper? RedBoot Encrypts Files but also Modifies Partition Table (BleepingComputer) A new bootlocker ransomware called RedBoot will encrypt files on the computer, replace the MBR, or Master Boot Record, of the system drive and then appears to trash the partition table.
Multiple Spam Waves Detected Pushing New Locky Ransomware Version (BleepingComputer) Reports are coming in from multiple security researchers and security firms about increased activity from one of the groups spreading the Locky ransomware.
Remotely locked Apple devices hit by ransomware (CRN Australia) Most likely using stolen iCloud credentials.
Fair Ransomware Protocol using Bitcoin (Qiita) Ransomware is one of the malicious programs (malware), which encrypts victim's data and requests money such as Bitcoins as ransom for decrypting the data stored in their computer.
DDoS Extortion Group Sends Ransom Demand to Thousands of Companies (BleepingComputer) A group of DDoS extortionists using the name of Phantom Squad has sent out a massive spam wave to thousands of companies all over the globe, threating DDoS attacks on September 30, if victims do not pay a ransom demand.
Massive Wave of Ransom DDoS Threats Sweeps Globe (Infosecurity Magazine) A group calling themselves the Phantom Squad is threatening thousands of companies with DDoS if they don’t pay a ransom.
Popular Android Keyboard App Caught Collecting User Data, Running External Code (BleepingComputer) GO Keyboard, an insanely popular custom keyboard app for the Android OS, also available on the official Google Play Store, was caught collecting user data and downloading and running code from a third-party server.
Users plagued by iOS app security issues, according to new research (SearchSecurity) New research shows a variety of iOS app security issues are plaguing users. Plus, CCleaner malware is worse than expected, and more.
Google Project Zero Finds 17 Bugs in Safari, Far More Than Other Browsers (NDTV Gadgets360.com) Google's security team Project Zero has open sourced an automated testing tool called Domato which they have been using to find dozens of security bugs in popular Web browsers.
Microsoft finds a security flaw in Chrome and gets $7,500 as a prize (Windows Latest) Microsoft Offensive Security Team has discovered a security flaw in Chrome browser. Google Chrome has been reported to most resilient against attacks whereas Microsoft Edge was the most hacked browser at Pwn2Own 2017. Nothing is perfect and neither is Google Chrome...
Coinhive Is Rapidly Becoming a Favorite Tool Among Malware Devs (BleepingComputer) Coinhive is quickly becoming the Martin Shkreli of the Internet, going from an innovative tool that lets you mine Monero with your browser, to a technology abused by hoards of malware authors.
OptionsBleed – The Apache HTTP Server Now Bleeds (TrendLabs Security Intelligence Blog) A new vulnerability in the Apache HTTP server was found recently. Designated as CVE-2017-9798, this vulnerability lies in how Apache handles certain settings in its configuration files, resulting in memory leaks.
On the prevalence of cross-site scripting (XSS) attacks in modern web applications (Quelques digressions sous GPL...) As I attended AppSec USA in Orlando, a lot of discussions revolved around the OWASP Top 10. Setting the drama aside for a moment, there is an interesting discussion to be had on the most common vulnerabilities found in current web applications.
Linux Trojan Using Hacked IoT Devices to Send Spam Emails (The Hacker News) New Linux Trojan Using Hacked Internet of the Things (IoT) Devices to Send Spam Emails
Private, But Not Secure: HTTPS is Hiding Cybercrime (Security Week) Encrypted communications have boomed in popularity in the aftermath of the Snowden leaks in 2013, which has ironically opened up a new pathway for cybercriminals.
Spoofed IRS notice delivers RAT through link updating trick (Help Net Security) The malware delivery trick involving updating links in Word documents is apparently gaining some traction as a spoofed IRS notice delivers RAT malware.
All the Ways Equifax Epically Bungled Its Breach Response (WIRED) The Equifax breach that potentially exposed the personal information of 143 million people was bad. The company's response has almost been worse, if that's even possible.
Equifax or Equiphish? (KrebsOnSecurity) More than a week after it said most people would be eligible to enroll in a free year of its TrustedID identity theft monitoring service, big three consumer credit bureau Equifax has begun sending out email notifications to people who were able to take the company up on its offer.
Credit agency Experian says it can protect you from the 'dark Web' — sort of (Los Angeles Times) Credit agencies spook people into buying services they may not need and, in so doing, give the companies permission to share data with marketers.
When Ripples Become Waves: The Equifax Cybersecurity Incident (JD Supra) Since September 7, 2017, Equifax, one of three credit rating agencies in the United States, has been dealing with the fallout from one of the largest...
Reflecting on The Equifax Hack: 143 Million Breached Identities (Bloom) Today, news broke that an Equifax security breach exposed 143 million people to identity theft.
Adobe Private PGP Key Leak a Blunder, But It Could Have Been Worse (Threatpost) Adobe suffered at a minimum a PR black eye on Friday when one of its private PGP keys was inadvertently published to its PSIRT blog.
How 'the invisible network' poses a major security threat (BBC News) Many firms have no idea how many devices are connected to their networks - a major cyber-security risk.
The democratization of censorship: when anyone can kill as site as effectively as a government can #1yrago (Mostly signs (some portents)) On the eve of the Stuxnet attacks, half a decade ago, I found myself discussing what it all meant with William Gibson (I’d just interviewed him on stage in London), and I said, “I think the most...
Sir Martin Sorrell on the WPP cyber attack: ‘I’ve had worse weeks’ (The Drum) As summer was taking hold at the end of June, so too did one of the great modern threats in the digital age, with a global cyber attack bringing some of the world’s largest organisations to their knees.
Cyber attack ruled out as Sydney Airport attempts to clear chaos (ABC News) Authorities are expecting a backlog of delayed flights at Sydney Airport to clear this evening after a computer glitch forced the cancellation of dozens of flights earlier in the day.
Security Patches, Mitigations, and Software Updates
Verizon Releases BlueBorne Patch For The Galaxy Note Edge (Android Headlines) Verizon is now rolling out an update to the Samsung Galaxy Note Edge that fixes the BlueBorne vulnerability.
Cyber Trends
CPU Mining is Making a Comeback (But Only on Botnets) (CryptoCoinsNews) CPU mining malware increased sixfold during the first eight months of 2017, according to a new report from IBM X-Force.
Cyber-terrorism, Cyber-Crime and Data Protection (ICT) The Honorable Giulio Terzi, Former Minister of Foreign Affairs, Italy, remarks from ICTs 17th World Summit on Counter-Terrorism: Keynote address on Cyber-terrorism, Cyber-crime and Data Protection.
Asset managers must beef up cyber security defences (Financial Times) Hacks at the SEC and Equifax highlight the need for extra vigilance, writes Aliya Ram
Criminal hacking: Top technology risk to health, safety and prosperity (Help Net Security) Criminal hacking, outranks other significant hazards, including climate change, nuclear power, hazardous waste, and government surveillance.
Marketplace
Utilities Will Spend Billions On Cybersecurity As Threat Grows (Forbes) The National Institute of Standards and Technology released a report in February identifying products available to enhance the electric grid’s cybersecurity.
GDPR is coming: Is it a costly burden or marketing opportunity? (SiliconANGLE) The financial penalties for non-compliance are significant.
How Belgium deals with credit without Equifax, Experian, and TransUnion (Yahoo! Finance) Belgium has a different system of credit reporting that uses a public registry instead of private credit companies like Equifax, Experian, and TransUnion.
Some tips for cyber security vendors looking to expand into Germany (Acumin) For many cyber security vendors who are looking to expand their operation across EMEA, Germany is a prime location in which to start.
Bringing data security to startups starts with relationships (Information Management) Finding allies in the business that support your direction will make every change going forward much easier to manage.
Microsoft Security stopped being an oxymoron with the acquisition of Hexadite (Computerworld) How Microsoft shifted from thinking security was someone else's job to making it a strategic part of their Windows platform.
Palo Alto vs. Check Point Software: Which Is the Better Cybersecurity Stock? (The Motley Fool) Pitting a fast-growing, volatile cybersecurity stock against a steady, conservative player.
The feds shouldn't blackball Kaspersky without public evidence (TheHill) The cybersecurity firm has been accused of colluding with the Russian government.
Hacken: The First Decentralized Marketplace for White Hat Hackers (WireUpdate) Hacken, an innovative cryptocurrency platform focused on creating a cybersecurity ecosystem for hat hackers, has announced that the crowdsale for its HKN tokens will open to the public on October 12, 2017.
BAE continues fight for $300M CACI intell award -- Washington Technology (Washington Technology) BAE Systems has filed a fresh protest now that CACI International has won a $300 million Army intelligence contract for the second time.
HPE to cut 5000 jobs from global workforce: reports (CRN Australia) HPE Next restructuring to hit channel veterans.
Products, Services, and Solutions
Cloudflare CEO: DDoS Attacks Will Now Be ‘Something You Only Read About In The History Books’ (Motherboard) Starting today, Cloudflare is making protection against DDoS attacks free, regardless of how bad they are.
New infosec products of the week: September 22, 2017 (Help Net Security) Cyber-defense for critical infrastructure including factories, plants, utilities & hospitals NTT Security has launched IT/OT Integrated Security Services,
Queensland govt body one-ups cyber threats through Darktrace tech (IT Brief) “Anticipating and pre-empting every security risk is practically impossible in the face of ‘unknown unknowns’ and insider threats."
Playbook Fridays: Enriching Indicators with Shodan (ThreatConnect) ThreatConnect developed the Playbooks capability to help analysts automate time consuming and repetitive tasks so they can focus on what is most important. And in many cases, to ensure the analysis process can occur consistently and in real time, without human intervention.
AFSOC receives new anti-jam GPS receiver (C4ISRNET) Air Force Special Operations Command taken delivery of next-generation Digital GPS Anti-Jam Receiver (DIGAR) technology from manufacturer Rockwell Collins.
Wipe Files with No Backdoors - Jetico BCWipe Built on Supply-Chain Security (PR.com) This week’s news opened new concerns among the global community of privacy-minded users, as recent attacks have shown how software supply-chain security...
Kaspersky unveils ‘surveillance-proof’ phone (Taipei Times) For Russians who fear that someone might be eavesdropping on their telephone conversations, leading IT entrepreneur Natalya Kaspersky says she has a solution.
Spectrecoin, A Revolution in Blockchain Privacy Technology (PRWeb) Spectre aims to disrupt the status quo of the blockchain with strong cryptography and anonymous transactions.
KoolSpan and GO-Trust Announce Strategic Partnership (Financial News) KoolSpan, Inc., the provider of interoperable secure call and messaging solutions for mobile devices, and GO-Trust, a global provider of hardware based encryption solutions, has announced their strategic global partnership, and the General Availability of TrustCall microSD, the companies said.
Technologies, Techniques, and Standards
Cyber threat analysis in complex adaptive systems (Help Net Security) A cyber threat analysis methodology must be based on the reciprocal nature of hunting units and that their real-time support of higher-level analysts.
How to tell if your computer is secretly mining cryptocurrency, and what to do about it (Quartz) Ad-blockers can help.
Air Force launching 'shadow operations center' at Nellis AFB to drive MDC2 (InsideDefense.com) The Air Force is standing up a multidomain command-and-control experimentation center, dubbed the "shadow operations center" at Nellis Air Force Base, NV, to turn ideas gleaned from this year's Enterprise Capabilities Collaboration Team into operational realities.
How Machine Learning Stopped a Brute Force Attack (insideBIGDATA) In this special guest feature, Sekhar Sarukkai, Chief Scientist at Skyhigh Networks, discusses the power of machine learning and user behavior analytics in detecting and mitigating the effects of cyberattacks before financial loss occurs.
Design and Innovation
It’s time to kill the web (Mike’s blog) Something is going on. The people are unhappy. The spectre of civil unrest stalks our programming communities.
Blockchain and Cyber Security: the Equifax Episode (The Market Mogul) In sheer scale, the Equifax breach is small, impacting 143m people, when compared to other data breaches of the past year such as Yahoo’s 1bn user account violation.
Research and Development
The Dangers of the 'Brainternet' (Motherboard) Can you hack the Internet Of Brains?
Academia
Feds OK Purdue acquisition of Kaplan (Military Times) The federal government has given Purdue University the green light to continue with plans for its new online school.
Legislation, Policy, and Regulation
The right path forward for Congress on cyber deterrence (Washington Examiner) The DOD would be far better served by following the Senate language to develop a cyber-deterrence policy.
Responsible vulnerability disclosure is becoming an international norm (Cyberscoop) More and more countries are joining the United States in adopting a policy of weighing the pros and cons of responsible vulnerability disclosure, as the public calls for more clarity regarding intelligence agencies and their supposed hoarding of previously undiscovered software flaws.
Identity protection is an overdue government mission (GCN) Governments across America now need a more robust approach to provide secure digital identities for their own operations and for the citizens they serve.
Langevin Reintroduces Breach Notification Legislation (Meritalk) Rep. Jim Langevin, D-R.I., reintroduced legislation this week that would require companies that experience a breach to notify affected individuals within 30 days of the breach’s discovery and that they coordinate with the Federal Trade Commission to do so.
Could Europe teach the U.S. a lesson about cyber security regulation? (NBC News) As America grapples with the Equifax breach, Europe is already taking steps to comply strict new rules designed to make sure something like this never happens.
ICOMG Wants The Government To Stay The Hell Away From Crypto (The Merkle) Recently, a friend of mine from the United States (the land of the free), wanted to participate in an ICO for a brand new coin. He had done all the research on the team, read the white paper, and ha
Opinion | Amid the Russia probes, Trump makes an important nomination (Washington Post) A dormant board overseeing intelligence is coming back to life.
Federal employees ordered to attend anti-leaking classes (ABC News) Employees at the Environmental Protection Agency are attending mandatory training sessions this week to reinforce their compliance with laws and rules against leaking classified or sensitive government information. It is part of a broader Trump administration order for anti-leaks training...
Information domain demands major force structure changes for Marines (Defense News) The Marine Corps is taking steps to build information warfare capabilities within its maneuver forces.
Litigation, Investigation, and Law Enforcement
Ahmed Hassan ‘bought Parsons Green Tube bomb ingredients on Amazon’ (Times) The Parsons Green bomb included ingredients allegedly purchased from Amazon and was packed with shrapnel including knives and screws to inflict maximum harm, a court heard. Ahmed Hassan, 18, an...
Man who planted virus in an Army computer program cost taxpayers millions (Army Times) A defense contractor was found guilty of transmitting malicious code that affected a program used to handle pay for nearly 200,000 soldiers.
Accused NSA leaker Reality Winner seeks release from jail (Atlanta Journal-Constitution) Reality Leigh Winner should be released from jail pending her trial in the National Security Agency...
Russia targeted election systems in 21 states, successfully hacking some (TechCrunch) On Friday, the Department of Homeland Security notified nearly half of the U.S. states that their election systems were targeted by Russia-affiliated hackers..
7 signs Robert Mueller's Russia investigation is getting serious (Washington Examiner) Here's why many legal experts say that some in President Trump's orbit should be worried.
Obama tried to give Zuckerberg a wake-up call over fake news on Facebook (Washington Post) The company’s investigation at first feared a Russian hack. It then uncovered a sweeping disinformation campaign brought by shadowy accounts.
Kushner used private email to conduct White House business (POLITICO) The senior adviser set up the account after the election. Other West Wing officials have also used private email accounts for official business.
House panel delays Kaspersky testimony (TheHill) Hearing addressing software produced by Russian cybersecurity firm postponed to later date.
Tracking phones without a warrant ruled unconstitutional (Naked Security) ‘Stingray use without a warrant violates 4th Amendment’
Darkweb counterfeiters taken down in Europol coordinated joint action (SC Media UK) Criminals selling counterfeit Euro banknotes on the Darknet arrested in a joint operation by seven EU Member States, coordinated by Europol.
Russia trying to block another suspected cybercriminal's extradition to US (Fifth Domain) The lawyer for an alleged Russian hacker said Friday that authorities in Moscow are fighting his extradition from Spain to the U.S., the third time in recent months that Russia has moved to block U.S. prosecution of suspected cybercriminals.
Peraton files suit against Raytheon (InsideDefense.com) Peraton, the company created through a spin-off of the Harris IT services business, has filed a lawsuit against Raytheon, alleging Raytheon breached its contract and miappropriated its trade secrets.
