Cyber Attacks, Threats, and Vulnerabilities
With $9.7 trillion of untradeable coal, North Korea turns to bitcoin (Crypto Insider) With an abundance of coal it can’t sell and a strong appetite for bitcoin, could Kim Jong-Un be experimenting with a new form of mining?
After hack, security researchers probe Deloitte's security posture (Help Net Security) We expect companies that advise other companies on information security to be better that most at protecting themselves. But is that expectation misplaced?
Deloitte Hack Reveals Email Vulnerabilities and Regulatory Gaps (New York Law Journal) The hack represents a breach of Deloitte’s ‘crown jewels,’ experts say, and large financial organizations and multinational corporations are likely among tho...
With Equifax, the Fiction about Hacking Becomes a Reality (CGMagazine) The Equifax data breach is a wakeup call to everyone that hacks that can circumvent cybersecurity are no longer a work of fiction.
Deloitte hacked, a brown trousers moment? (Diginomica) Deloitte was hacked while holding the world's leading cyber security consulting firm position as assessed by Gartner. That's quite a feat.
Op-Ed: Equifax hack reveals how absurdly at risk Americans are with their Social Security numbers (CNBC) Dumping the Equifax CEO was the easy part of dealing with the massive hack. Dumping your old Social Security number? Much harder.
Your head could roll in next cyber breach (FederalNewsRadio.com) Massive database will be the child of the Securities and Exchange Commission and contractor, Delaware LLC, and a dozen exchanges.
Sudden Rise Detected in Faceliker Malware That Manipulates Facebook "Likes" (BleepingComputer) Cyber-security firm McAfee is reporting about a sudden surge in detections for Faceliker, a malware strain that can take over browsers and manipulate Facebook "likes" on the behest of a remote party in order to promote social media trends, fake news, and other content.
Hajime IoT worm: Is it pure malware or vigilante malware? (SearchSecurity) The Hajime IoT worm posing as vigilanteware may not be entirely benevolent -- or safe. Expert Nick Lewis explained.
Internet Explorer Bug Leaks What Users Type in the URL Address Bar (BleepingComputer) Microsoft's Internet Explorer browser is affected by a serious bug that allows rogue sites to detect what the user is typing in his URL address bar.
Sonic Investigates Breach, 5 Million Cards For Sale on Cybercriminal Market (SurfWatch Labs, Inc.) The fast-food chain Sonic said yesterday that it is investigating a possible payment card breach at its stores, and security blogger Brian Krebs reported that the incident may be tied to a batch of…
Flagship Killer: USBKILL V3 Demonstrates iPhone 8 & Samsung Note 8 Vulnerable to USB Surge Attacks (Sys-Con Media) USBKill.com, the Hong-Kong based technology company that developed the "USB Killer" demonstrated this week that 2017's Flagship Phones are vulnerable to power surge attacks.
Linux Kernel Bug Reclassified as Security Issue After Two Years (BleepingComputer) Multiple Linux distros are issuing security updates for OS versions that still use an older kernel branch after it recently came to light that a mild memory bug was in reality much worse, and the bug was recently categorized as a security flaw.
Zeus is Still the Base of Many Current Trojans (Panda Security Mediacenter) When it first appeared in 2007, no one expected ZeuS to have such a brutal impact on security. But this Trojan's offshoots have become incredibly dangerous.
TfL denies misleading the public, says has no plans to sell Wi-Fi tracking data (Computing) Tracking scheme promoted service improvements, with no mention of sale of data to advertisers.
Security Patches, Mitigations, and Software Updates
WordPress 4.8.2 is out, update your website now (Naked Security) The first rule of running WordPress is always use the latest version
This month's Windows and Office security patches: Bugs and solutions (Computerworld) It’s been a rocky month, with buggy security patches and patches-of-patches that never should’ve seen light of day. Is this the new normal?
New Chrome 61 Update Takes Care of Two High-Risk Security Vulnerabilities (News4C) We have some great news for Chrome 61 users. Google started rolling out the new 61.0.3163.100 version of the browser which takes care of three major security flaws. This new version can already be downloaded by Mac, Linux and Windows OS users. Google is very adamant about how much it cares about user security and
Cyber Trends
How cyber impacts the full spectrum of terror threats (FCW) Cybersecurity still ranks near the top of threats that worry the nation's security agencies.
New Research Shows Cyber Criminals Increasingly Focused on Credential Theft (PRNewswire) WatchGuard® Technologies, a leader in advanced network security solutions,...
Woefully Inadequate IT Processes for Managing User Accounts and Access Continue to Create Major Security and Compliance Risks, One Identity Survey Reveals (Marketwired) Global study indicates disgruntled former employees or other threat actors still have widespread opportunity to cause harm because their IT accounts remain active
Why DDoS Attacks are on the Rise (Data Center Knowledge) Attacks are growing in size, and “everyone has a target on their back.”
Report: Assessing the Cybersecurity Performance of the Finance Supply Chain (BitSight) Download this BitSight Insight report to learn how the cybersecurity performance of financial organizations compare to companies in their supply chain.
Only 45% of organizations have a structured plan for GDPR compliance (Help Net Security) Only 45% of organizations have a structured plan in place for compliance and 58% indicate that they are not fully aware of noncompliance consequences.
Is your device part of an illegal hacking group? (Information Age) New research reveals London, Manchester and Maidenhead are the leading UK cities fuelling botnet enabled attacks
Marketplace
'Don't chase the ambulance:' Palo Alto Networks CEO speaks out on the epic Equifax breach (CNBC) Jim Cramer sits down with cybersecurity chief Mark McLaughlin to hear his take on recent high-profile hacks.
Myth busted: Contract security companies are definitely worth the money (Healthcare IT News) With staff shortages opening the door to hackers, contract security can help an organization protect its reputation and image.
3 Hot Cybersecurity Stocks to Focus on for the Rest of 2017 (NASDAQ.com) The Cybersecurity industry has been on a bullish trend, of late, thanks to the series of cyber attacks over the last few months.
Sky and Space signs Check Point for satellite cybersecurity (ZDNet) Check Point has been signed on to provide cybersecurity services for nano-satellite telecommunications provider Sky and Space Global's space and ground communication platforms.
Cisco will slash 310 San Jose headquarters jobs (The Mercury News) Cisco Systems will chop 310 jobs from its headquarters in San Jose, the tech titan confirmed Tuesday.
Leonardo eyes work on NATO cyber command (Fifth Domain) Leonardo is looking at further work if and when NATO stands up a fully fledged cyber command.
Critical Survey: Radware (NASDAQ:RDWR) and Its Competitors (Dispatch Tribunal) Radware (NASDAQ: RDWR) is one of 65 publicly-traded companies in the “Application Software” industry, but how does it weigh in compared to its competitors? We will compare Radware to related businesses based on the strength of its institutional ownership, analyst recommendations, profitability, dividends, earnings, valuation and risk. Earnings and Valuation This table compares Radware and […]
7 Startups Working to Secure Communications (Nanalyze) Secure communications are what keep us from disclosing our secrets to bad people. We look at 7 startups that are using technology to secure digital assets.
Cyber flavoured delegation to head to San Francisco (Computerworld) A delegation of Australian cyber security start-ups will be heading to San Francisco in January next year, as part of a Austrade and AustCyber backed initiative.
CyberX Strengthens Management Team to Support Explosive Demand for Industrial and Critical Infrastructure Security (PRNewswire) CyberX, provider of the most widely-deployed industrial cybersecurity platform...
Products, Services, and Solutions
Cyber Defense Network announced for Financial Services Industry (PRNewswire) NC4®, the leading company providing cyber and physical threat...
#StayCurrent: 1E announces comprehensive Windows Servicing Suite Update at Microsoft Ignite (Marketwired) Today at Microsoft Ignite and Envision 2017, 1E, which provides the only software lifecycle automation solutions that can handle both routine IT tasks and emergency actions in real time, announced four major enhancements to its Windows management solution, Windows Servicing Suite (WSS).
Why FireEye’s Helix matters to security professionals (CSO Online) Its Sandbox will be the core product for FireEye into the foreseeable future, but Helix will be an important adjacent market for the company and its customers. Here's why.
Sqrrl ferrets out network traffic anomalies to find hidden threats (CSO Online) Using a threat hunting platform like Sqrrl may take a little bit of a shift in thinking for cybersecurity teams. It’s less like being a beat cop and more like being a consulting detective, but arguably much more effective at catching the really dangerous, hidden threats before they can strike.
Demisto Partners with CrowdStrike to Accelerate Threat Detection and Incident Investigation and Response (BusinessWire) Demisto, Inc., an innovator in Security Automation and Orchestration technology, today announced a partnership with CrowdStrike®, the leader in cl
Threatcare plants Alexalike interface atop its attack simulation service (SiliconANGLE) Threatcare plants Alexalike interface atop its attack simulation service - SiliconANGLE
Gemalto launches payment hardware security module SafeNet Luna EFT Payment HSM (Software Testing News) Gemalto announced the launch of the industry’s first payment hardware security module, SafeNet Luna EFT Payment HSM.
WISeKey partners with Sigfox to launch Secure Element (Buisness Insider) WISeKey International Holding Ltd ("WISeKey", SIX: WIHN), a leading cybersecurity and IoT company, today announced in partnership with Sigfox its new Secure Element for Sigfox-enabled connected devices at the Sigfox World IoT Expo in Prague.
Zimperium Collaborates with Oracle to Offer a Leading Mobile Threat Defense Solution Hosted on Oracle Cloud Infrastructure (Business Insider) Zimperium, a global leader in enterprise mobile threat defense (MTD) and a leading provider of real-time, on-device protection against known and unknown threats, today announced an integration with Oracle Cloud to detect and thwart advanced mobile attacks.
Technologies, Techniques, and Standards
Can Our Identities Ever be Reclaimed? (Security Week) It’s been 22 years since Sandra Bullock struggled to reclaim her identity from cyber-terrorists in The Net, a movie that opened our eyes to the risks of digital identity theft way ahead of its time.
The 'hack back' is not a defense strategy (CSO Online) The urge to strike back against bad actors is getting stronger in the wake of global attacks like Mirai, WannaCry and NotPetya. But while the hack back seems to put power back into victims' hands, it's actually not so simple.
Collaboration Will Solve Security Woes, HackerOne CEO Says (International Business Times) HackerOne CEO Marten Mickos believes its time for organizations to stop making the same mistakes and start allowing outside sources help improve security.
The Three Pillars of Hypothesis-Driven Threat Defense (Security Week) There are two possible outcomes: if the result confirms the hypothesis, then you've made a measurement. If the result is contrary to the hypothesis, then you've made a discovery. - Enrico Fermi
Not sure which ransomware has infected your PC? This free tool could help you find the right decryption package (ZDNet) A new tool analyses the ransom note and the encrypted file in order to offer the appropriate decryption tool -- if it exists.
How to Protect PC from Ransomware malware Attack (ComputerGK.com) How to Protect PC from Ransomware malware Attack You have heard about popular Ransomware attack on computers via Internet
What's on Your Cybersecurity Wish List? (SIGNAL Magazine) "I have yet to see an agency that has fully implemented a risk-based cybersecurity program."
Design and Innovation
The Four Hurdles to Blockchain Adoption (Legaltech News) Until solutions to usability, interoperability, scalability, and privacy are developed, widespread adoption will be hampered.
Research and Development
Computer Scientists Address Gap In Messaging Privacy (Fraud Net) Researchers have developed a solution to a longstanding problem in the field of end-to-end encryption, a technique that ensures that only sender and recipient can read a message.
Firewalls Don't Stop Hackers. AI Might. (WIRED) A startup founded by former spies uses machine learning to tackle the newest cybersecurity threats.
Waiting for Skynet? Don’t hold your breath (Naked Security) AI run amuck is good TV, but is it likely?
Academia
NSA Invites Students to 'Hack Us!' (VOA) Undergraduate and grad students who compete to master six tasks receive small token of appreciation for being among first 50 finishers
Thomas Nelson Community College's cybersecurity program gets national designation (Virginian-Pilot) In order to qualify for the designation, there are several criteria the college had to meet.
New Major Offered in Tech Field (The Pine Log Online) SFA’s College of Sciences and Mathematics recently re- ceived approval to offer a master’s degree in cybersecurity.
Scholarship will help two UAH students achieve goal of career in cybersecurity (The University of Alabama in Huntsville) One student each from the Colleges of Business and Engineering at UAH has been awarded a prestigious Department of Defense Information Assurance Scholarship: Jessica Eason, who is currently pursuing a Master of Science in Cybersecurity – Business Track, and Victoria Van, who is working toward her Bachelor of Science in Computer Engineering.
Norwich proclaims October as Cybersecurity Month, joining national effort (Vermont Business) Vermont Business Magazine Norwich University, a national leader in cybersecurity and digital forensics education, has proclaimed October as cybersecurity awareness month and has joined the National Cybersecurity Awareness Month (NSCAM) effort as an official “Champion.”
Legislation, Policy, and Regulation
SEC Launches Cybersecurity Initiatives (PYMNTS.com) The U.S. Securities and Exchange Commission (SEC) announced it is launching two enforcement initiatives to boost efforts to address cyber threats and protect retail investors. The move comes in the wake of the massive Equaifax hack, which exposed the personal data of 143 million Americans. The SEC suffered its own breach of its corporate filing […]
GSA touts anti-hacker support services (Fifth Domain) The General Services Administration has awarded Highly Adaptive Cybersecurity Services SINs to more than 70 vendors to address potential vulnerabilities of high-value assets.
Audit finds weaknesses in DOE cybersecurity (Fifth Domain) Despite longstanding federal requirements for multifactor authentication, the Department of Energy’s procedures still have weaknesses, according to the department’s Office of Inspector General.
DOJ (sort of) releases FBI insider threat audit (Fifth Domain) The Justice Department’s Office of Inspector General won't reveal how successful the FBI is at tackling leaks, but it has released recommendations for the FBI’s insider threat program.
Some in administration use personal phones, despite advice (Federal Times) The inquiries into private communication could prove uncomfortable for President Donald Trump, who relentlessly attacked Democratic opponent Hillary Clinton for her use of a private email account and server during her time as secretary of state.
ACLU Lawyer Blasts NSA Programs: 'Nothing to Do With National Security' (Newsmax) Many of the National Security Agency's surveillance programs collect vast amounts of data on Americans, data that is never used to combat the threat of terrorism, a lawyer for the American Civil Liberties Union said Wednesday.
Litigation, Investigation, and Law Enforcement
Prosecution Launches Probe into Cyber Command's Election Scandal (KBS) The prosecution has launched an investigation into allegations that the military cyberwarfare command posted illegal political comments during the 2012 Presidential election.
Woman, 65, hired by civil service is held over ‘spying’ (Times) A female contractor to a government department was arrested by counterterrorism officers yesterday on suspicion of spying for an enemy state. The 65-year-old woman was detained in north London...
House Panel Receives Classified Briefing on Kaspersky (Bloomberg) The House Science Committee received a classified briefing Tuesday related to Kaspersky Lab Inc., according to a person familiar with the matter who spoke about the Moscow-based security firm believed to have links to Russian intelligence.
House Republicans renew call for 2nd special counsel, amid fresh Comey concerns (Fox News) House Republicans on Tuesday formally renewed their call for a second special counsel to probe 2016 controversies involving Hillary Clinton and the Obama administration – following allegations that former FBI director James Comey drafted an “exoneration statement” for Clinton weeks before interviewing her.
The Entire Russian Hacking Narrative Is Invalidated In This Single Assange Tweet (Medium) WikiLeaks editor-in-chief Julian Assange has been very active on Twitter lately, even for him. Between his frequent posts about the fight…
Awan Funneling ‘Massive’ Data Off Congressional Server, Dems Claim It’s Child’s HOMEWORK (The Daily Caller) Democratic congressional aides made unauthorized access to a House server 5,400 times and funneled "massive" amounts of data off of it. But there's nothing to see here, Democrats told The Washington P
Defenders of the CFPB's Newest Financial Regulation Are Ignoring Crucial Facts (Reason) Senate Republicans could vote as soon as this week to repeal the CFPB's ban on arbitration clauses.
Lawyers Discuss 'What's Next' After China Shuts Down Cryptocurrency Exchange (Legaltech News) ‘Many industry people believe the government’s ban will effectively extinguish the hope that China becomes a global center of cryptocurrency,’ attorney Pingh...
Alleged leaker hid NSA documents in pantyhose, report says (Fox News) A former National Security Agency contractor has reportedly told federal authorities that she smuggled classified documents out of the NSA office where she worked by stuffing them in her pantyhose.
Defense seeks reduced sentence for former cyber command officer (Augusta Chronicle) The former deputy director of the Cyber Center for Excellence at Fort Gordon will ask the federal judge for a shorter prison term when he is sentenced for possession of child pornography.
Campaigner who refused to hand over passwords found guilty (Naked Security) Muhammad Rabbani was found guilty of obstructing justice after refusing to unlock his laptop and smartphone