Cyber Attacks, Threats, and Vulnerabilities
Fake News on Vegas Shooter Embarrasses Google and Facebook (Infosecurity Magazine) Fake News on Vegas Shooter Embarrasses Google and Facebook. Tech platforms once again found wanting as alt-right looks to distort events
Bad Info Follows Every Tragedy. Don't Fall For It (WIRED) In the wake of the Las Vegas mass shooting, misinformation and hoaxes flooded the internet. Be careful not to fall for it—or spread it yourself.
FBI asks people for digital evidence of Las Vegas shooting (CSO Online) The Las Vegas FBI is asking for photos and videos taken during the deadliest mass shooting in U.S. history.
Terror experts want to see more evidence before believing ISIS claim in Las Vegas massacre (Washington Examiner) The FBI has said that so far there is no evidence of any connection to international terrorism.
Why Did the Islamic State Claim the Las Vegas Shooting? (The Atlantic) Assessing the group’s puzzling statement
Google and Facebook Have Failed Us (The Atlantic) The world’s most powerful information gatekeepers neglected their duties in Las Vegas. Again.
Facebook Blocks Chinese Billionaire Who Tells Tales of Corruption (New York Times) The company, which acted at a sensitive time for China, said Guo Wengui had posted personal information that violated its terms of service.
Facebook rolls out new ad policies amid Russia investigation (POLITICO) And anyone wishing to place a Facebook ad directly related to a U.S. federal election will be required to confirm their identity first.
Russian Facebook ads showed a black woman firing a rifle, amid efforts to stoke racial strife (Washington Post) More than 3,000 ads were sent to Congress on Monday, including many originally aimed at sowing discord.
U.S. Cyber Command Launched DDoS Attack Against North Korea: Report (Security Week) Non-destructive cyber attack could be considered a warning to North Korean regime
As US launches DDoS attacks, N. Korea gets more bandwidth—from Russia (Ars Technica) Fast pipe from Vladivostok gives N. Korea more Internet in face of US cyber operations.
Trump ordered strategy of pressure against North Korea (The Straits Times) Early in his administration, President Donald Trump signed a directive outlining a strategy of pressure against North Korea that involved actions across a broad spectrum of government agencies, and led to the use of military cyber capabilities, according to US officials.. Read more at straitstimes.com.
SEC now says personal info was leaked in breach (Fifth Domain) The Securities and Exchange Commission is now saying that at least two people had their personal information stolen in the breach that happened last year.
Huge Equifax Hack Is Even Bigger Than First Thought (Fortune) Total potential victims: 145.5 million.
Equifax Warned About Vulnerability, Didn't Patch It: Ex-CEO (Security Week) The security team at Equifax failed to patch a vulnerability in March after getting a warning about the flaw, opening up the credit agency to a breach affecting 143 million people, the former chief executive said Monday.
Former Equifax chairman apologizes for data breach (Fifth Domain) Richard Smith, who resigned after overseeing the company for a dozen years, says Equifax was hacked by a yet-unknown entity.
Hackers Hijack Another Ethereum ICO. Damages Unknown. (BleepingComputer) Hackers disrupted the Etherparty ICO (Initial Coin Offering) after they hijacked the platform's website on Sunday and displayed their own Ethereum address, tricking some ICO participants into sending funds to the wrong wallets.
Clapper: U.S. shelved 'hack backs' due to counterattack fears (Cyberscoop) "Unless you are very confident in your cyberdefenses, it's pointless to talk about cyberattacks," said former intelligence chief Clapper.
Abandoning Iranian Nuclear Deal Could Lead to New Wave of Cyberattacks (Foreign Policy) If Trump walks away from the pact, Tehran could see “retribution against Western targets.”
Malvertising Attack Spreads Malicious Sponsored Content Via Taboola (Silicon UK) Attackers are now making use of 'sponsored content' networks such as Taboola to insert malicious content into trusted sites, researchers have found
Gaming Service Goes Down After Hacker Wipes Database and Holds It for Ransom (BleepingComputer) R6DB, an online service that provides statistics for Rainbow Six Siege players, went down over the weekend after an attacker wiped the company's database and asked a ransom.
Three in Four DDoS Targets Hit Multiple Times: Imperva (Security Week) Amid an increase in frequency of repeat application layer distributed denial of service (DDoS) attacks during the second quarter of the year, over 75% of targets were hit multiple times, according to statistics from Imperva.
Malspam pushing Formbook info stealer (SANS Internet Storm Center) On Monday 2017-10-02, I ran across malicious spam (malspam) pushing Formbook, an information stealer.
USPS ‘Informed Delivery’ Is Stalker’s Dream (KrebsOnSecurity) A free new service from the U.S. Postal Service that provides scanned images of incoming mail before it is slated to arrive at its destination address is raising eyebrows among security experts who worry about the service’s potential for misuse by private investigators, identity thieves, stalkers or abusive ex-partners.
The global impact of huge cyber security events (Help Net Security) The past 12 months have seen a number of unprecedented cyber-attacks in terms of their global scale, impact and rate of spread.
WannaCry and NotPetya: Who, what, when and WHY? (SC Media US) There isn't a cybersecurity professional in the world that is not sick and tired of hearing about WannaCry and NotPetya, and with good reason as the NSA's EternalBlue exploit and DoublePulsar backdoor tool were known to the cybersecurity community well before either attack was launched.
Understanding The Physical Damage Of Cyber Attacks (Infosecurity Magazine) Everyone must be prepared to prevent cyber-attacks that's meant to cause physical damage too.
Expert Skeptical 'Dark Overlord' Responsible For Flathead Cyber Attack (Montana Public Radio) “Cyber terrorism is an emerging threat that has become all too real in Montana.” That’s Senator Steve Daines talking to FBI Director Chris Wray about last
Security Patches, Mitigations, and Software Updates
Netgear Fixes 50 Vulnerabilities in Routers, Switches, NAS Devices (Threatpost) Netgear patches over a dozen vulnerabilities impacting its routers, switches and NAS devices.
DJI launches privacy mode for drone operators (Help Net Security) DJI Local Data Mode stops internet traffic to and from the Pilot app, in order to provide data privacy assurances for government and enterprise customers.
Cyber Trends
A year at the Citizen Lab (The Varsity) The lab’s major research in 2017 looks at spyware and cybersecurity around the world
Finance directors promoted to cybersecurity custodians (BDO Global Office newsroom) October Cybersecurity Awareness Month - cyber risk’s historically technological perspective is enriched with with finance directors' holistic business management - integrating risk management, ERP, compliance, reporting, valuation and business continuity.
Most companies are unprepared for DNS attacks (Help Net Security) DNS security is often overlooked when it comes to cybersecurity strategy, with most companies inadequately prepared to defend against DNS attacks.
Outdated vendor systems leaving finance industry at risk (Help Net Security) Outdated vendor systems are a big problem. Companies in the finance industry supply chain are not meeting adequate security standards.
Do UK organisations have the right skills to deal with cyber threats? (Information Age) New research has reported that almost half of UK organisations are concerned about the abilities of their staff to address cyber threats
Marketplace
ForeScout Technologies unveils security IPO filing (TechCrunch) ForeScout Technologies has unveiled its IPO filing. This puts the network security company on track for a public debut that could happen as soon as late..
Telos Corporation Wins $34M Air Force Contract to Modernize Wireless Infrastructure (Telos) NETCENTS-2 task order covers wireless networks at 196 U.S. Air Force Active, Reserve and National Guard sites.
Report: Company allowed Russia to review major Pentagon defense software (Fifth Domain) A report says Hewlett Packard Enterprise (HPE) allowed a source code review of ArcSight, a Pentagon cyber defense software, by a Russian defense agency.
Relentless Cyber Attacks Make These A Screaming Buy (Forbes) President Donald Trump’s bed-ridden, 400-pound hacker and his friends have been relentless in making 2017 a banner year for digital disruption of the worst kind. In light of the cyber attack pandemic -- Equifax breach, WannaCry, Petya -- cybersecurity companies are a screaming buy for long-term investors.
The Internet Bug Bounty offers rewards for bugs in data processing libraries (Help Net Security) The Internet Bug Bounty has announced that it will be giving out rewards for critical vulnerabilities in core infrastructure data processing libraries.
Successful big customers steer Splunk APAC growth (iTWire) Enterprise big data aggregator Splunk continues to enjoy rapid growth in the APAC region. Within Australia, the company has continued to increase its...
Delta Risk Celebrates 10 Years of Professional Cyber Security and Managed Security Services (PRNewswire) Delta Risk, a global provider of cyber security and risk management...
ENVEIL Appoints Timothy Eades to Board of Directors (BusinessWire) ENVEIL today announced the addition of Timothy Eades to their Board of Directors.
Products, Services, and Solutions
Also-Rans Catch Up in Latest Antivirus Tests (Tom's Guide) All brands, even the usual laggards, did well in latest antivirus test results. Is it a real breakthrough, or a just a statistical fluke?
M-Files conclut un partenariat avec IT Governance (Global Security Mag Online) M-Files annonce qu'elle a conclu un partenariat avec IT Governance, fournisseur de solutions informatiques de gouvernance, de gestion des risques et de mise en conformité. Ce partenariat va permettre à M-Files de proposer un cadre destiné à aider les entreprises à parfaitement respecter le Règlement Général sur la Protection des Données (RGPD).
How We Developed the IBM Security GDPR Framework (Security Intelligence) IBM Security developed a five-phase GDPR framework to help organizations achieve and maintain compliance with the upcoming privacy law.
John McAfee unveils new details about long-awaited anti-hacking system 'Sentinel' (International Business Times UK) Sentinel is set to ship on 1 November 2017 and the MSRP per unit is $2,499.
Google To Offer Online Account Security Tools (PYMNTS.com) Aiming to protect users from hackers and political operatives, Google is gearing up to enhance its online security tools. Citing two people familiar with the company’s plan, news from Bloomberg reported that starting in October, it will roll out its Advanced Protection Program, which will provide increased security tools for online accounts, such as email or …
Why Privacy Is the New Blockchain Frontier - Meet Rockchain.org (Digital Journal) The new trust economy is booming thanks to cryptographic innovation.
Deloitte tracks ship certificates using blockchain technology (My Broadband) Deloitte has implemented blockchain technology to help it track ship safety certificates.
Technologies, Techniques, and Standards
New Network Security Standards Will Protect Internet’s Routing (NIST) Download | Image info The new Border Gateway Protocol security standards will help protect Internet traffic from hijacking by data thieves. View Border Gateway Protocol Security Slideshow Credit: Hanacek/NIST Electronic messages traveling across the internet are under constant threat from data thieves, but new security standards created with the technical guidance of the
Soon, DHS Will Have Eyes on Computer Vulnerabilities Across the Government (Defense One) A governmentwide software dashboard is launching this month.
What ever happened to the Army’s EW capabilities? (C4ISRNET) The U.S. Army is playing catch-up with near-peer adversaries in the electronic warfare space. But why did the service even fall behind?
Outmatched, Army begins long road to electronic warfare rollout (C4ISRNET) The U.S. Army Rapid Capabilities Office is delivering quick-reaction electronic warfare solutions to the European theater, and these systems will help inform the development of more permanent programs of record.
Army seeks more cross-service cyber drills, experiments (Fifth Domain) Cyber is a team sport. And though the Army works through experiments and exercises to help develop internal concepts and requirements, there is recognition that the service never goes to war alone.
Cyber Blitz: Army’s military hide-and-seek tests cyber, EW tools (C4ISRNET) The Army's Cyber Blitz experimentation sought to better understand tactical cyber and electronic warfare effects.
Why Encryption Is Not A Silver Bullet (IT Jungle) While there is a temptation to view database encryption as the ultimate form of security, there are a variety reasons why the technology should not be relied upon as the main means to protect your valuable DB24i data. We talk with former IBMer Bruce Bading, who wrote the book on IBM i security assessments, to
'I don't need to understand how encryption works,' admits UK Home Secretary (Graham Cluley) Amber Rudd is fed up with "sneering" and "patronising" technology experts.
You have it wrong: Collaboration tools and security are the perfect marriage [Commentary] (Fifth Domain) Time to set the record straight. When it comes to collaboration tools and security, it is a necessary and equal partnership.
Protecting data is crucial when disposing of electronics (The Frederick News-Post) An old desktop computer sitting in a closet. The old cellphone turned on and forgotten in a desk drawer. Even an old copier or printer at a business that is
Want stronger passwords? Understand these 4 common password security myths (CSO Online) Yes, password length and complexity matter, but only if you apply those qualities to the proper security context.
Design and Innovation
The Coming Software Apocalypse (The Atlantic) A small group of programmers wants to change how we code—before catastrophe strikes.
Research and Development
Office of Naval Research awards GrammaTech $9M for Cyber-Hardening Security Research (Business Insider) GrammaTech, Inc., a leading developer of commercial embedded software assurance tools and advanced cybersecurity solutions, announced today that it has been awarded a $9M, three-year contract from the Office of Naval Research, a division of the United States Department of the Navy, to perform research and development into cutting-edge techniques for protecting software from cyber-attacks.
Academia
Las Vegas program teaches cybersecurity skills to homeless (Fifth Domain) The business incubator RedFlint partnered with a workforce development program last week to offer training in a field that’s experiencing a workforce shortage.
Legislation, Policy, and Regulation
UK to hike penalties on viewing terrorist content online (TechCrunch) In its ongoing war against online extremism the UK government has said it intends to change the law to bring in tougher sentences for people who repeat view..
Congress Considers Changes To Foreign Intelligence Surveillance Act (WVTF) Copyright 2017 NPR. To see more, visit http://www.npr.org/. DAVID GREENE, HOST: Section 702 of the Foreign Intelligence Surveillance Act is set to expire
UK to hike penalties on viewing terrorist content online (TechCrunch) In its ongoing war against online extremism the UK government has said it intends to change the law to bring in tougher sentences for people who repeat view..
NYC CISO Geoff Brown Protects the Greatest City in the World (Recorded Future) Geoff Brown, the CISO of New York City, shares how the New York City Cyber Command prevents, detects, responds to, and recovers from cyber threats.
Small Towns Confont Big Cyber-Risks (Government Technology) Small and mid-sized local governments face the same cybersecurity challenges as larger jurisdictions, but with fewer resources, their defense strategies must be creative.
Litigation, Investigation, and Law Enforcement
Did Manafort Use Trump to Curry Favor With a Putin Ally? (The Atlantic) Emails turned over to investigators detail the former campaign chair's efforts to please an oligarch tied to the Kremlin.
Robert Mueller has no comment (POLITICO) The special counsel avoids the public eye and swears others to secrecy — even as Trump allies accuse him of leaking.
Terror in the Terroir (Foreign Affairs) The roots of France’s problem with terrorism lie in a complex mixture of religion, social pressures, and alienation. But the solutions need not be so convoluted. Better policing, coordination, and community outreach can all make the jihadist threat less lethal.
NCSC Tackles Nearly Two Cyber-Incidents Per Day (Infosecurity Magazine) NCSC Tackles Nearly Two Cyber-Incidents Per Day. Government body promotes efforts in first anniversary report