Cyber Attacks, Threats, and Vulnerabilities
BadRabbit Ransomware Decided to Avoid One Antivirus Vendor (PCMAG) BadRabbit will skip the encryption process when detecting the antivirus software from a Russian security firm.
Code flaws in BadRabbit aid file recovery (iTnews) Malware uses NSA exploit to spread.
Bad Rabbit malware used leaked alleged NSA tool (TheHill) The Bad Rabbit ransomware that tore through Russia and Eastern Europe this week used a leaked hacking tool known as EternalRomance, allegedly built by the NSA.
Indian Computer Emergency Response Team issues medium severity alert on 'Bad Rabbit' ransomware (Tech2) The ransomware infects a machine by pretending to be an Adobe Flash Installer and then encrypts the files and the drive.
Assessing the threat the Reaper botnet poses to the Internet—what we know now (Ars Technica) Whatever the threat posed by the new IoT botnet, a worse one has lurked for months.
Fear the Reaper, or Reaper Madness? (KrebsOnSecurity) Last week we looked at reports from China and Israel about a new “Internet of Things” malware strain called “Reaper” that researchers said infected more than a million organizations by targeting newfound security weaknesses in countless Internet routers, security cameras and digital video recorders (DVRs). Now some botnet experts are calling on people to stop the “Reaper Madness,” saying the actual number of IoT devices infected with Reaper right now is much smaller.
IoT Security is an Economic Issue (Peerlyst) IoTroop botnet from CVE-2017-8225 + Shodan demonstrate it is
UK Government Blames WannaCry on North Korea (Infosecurity Magazine) UK Government Blames WannaCry on North Korea. Security minister says London is “as sure as possible”
Malicious Chrome extension steals all data (Help Net Security) The "Catch-All" malicious Chrome extension goes after every piece of data the victim posts on any website, including login credentials.
"Catch-All" Google Chrome Malicious Extension Steals All Posted Data (SANS Internet Storm Center) It seems that malicious Google Chrome extensions are on the rise. A couple of months ago, I posted here about two of them  which stole user credentials posted on banking websites and alike. Now, while analyzing a phishing e-mail, I went through a new malware with a slight different approach: instead of monitoring specific URLs and focusing on credentials, it captures literally all data posted by the victim on any website – thus the name.
Coin Miner Mobile Malware Returns, Hits Google Play (TrendLabs Security Intelligence Blog) The efficacy of mobile devices to actually produce cryptocurrency in any meaningful amount is still doubtful.
LokiBot Banking Trojan Attacks Android Devices as Ransomware (Spyware-Technie) Although it seldom looks like it, Android devices are a lot safer than desktop computers, as they are less susceptible to malware infections.
DoubleLocker is a dangerous, yet innovative Android ransomware that changes the unlock code on your device (Tech2) The DoubleLocker malware replaces the default home button functionality. The malware is triggered when the user taps on the home button.
Matrix Ransomware Being Distributed by the RIG Exploit Kit (BleepingComputer) The Matrix Ransomware has started to be distributed through the RIG exploit kit. This article will provide information on what vulnerabilities are being targeted and how to protect yourself.
Hackers Can Steal Windows Login Credentials Without User Interaction (BleepingComputer) Microsoft has patched only recent versions Windows against a dangerous hack that could allow attackers to steal Windows NTLM password hashes without any user interaction.
Equifax Hack Hones In On Cyber Holes (CSO) With the recent news of huge conglomerates such as HBO and Equifax suffering from cyber attacks, companies are heavily arming themselves against the threat of a hack
Industrial Products of many vendors still vulnerable to KRACK attack (Security Affairs) Many industrial networking devices from various vendors are still vulnerable to the recently disclosed KRACK attack (Key Reinstallation Attack).
Researchers turn LG's Hom-Bot vacuum cleaner into a real-time spying device (Help Net Security) A vulnerability in LG’s smart home infrastructure could have allowed hackers to take control of all LG SmartThinQ home appliances.
Are Your Smart Devices Betraying You? (PRNewswire) When charged with a criminal defense, Stahl Criminal Defense Lawyers...
Mobile messaging apps new hideout of Dark Web activities: Study (CISO MAG) IntSights identified 9,046 dark web invite links sent via ‘Discord’ by criminal groups run from Brazil and one in Turkey.
Your spam is getting dangerous (Fox News) Spam, once just an annoyance, is becoming downright dangerous.
Routes used by the Queen and other top secret Heathrow security data found on memory stick lying in street (The Independent) Heathrow Airport’s secret security planning has been revealed in files on a memory stick found in a London street. The documents outline routes and safeguards for the Queen, foreign dignitaries and top politicians using Britain’s busiest airport. The USB drive also includes maps showing where CCTV cameras are located, and escape routes for the Heathrow Express railway serving the airport. Other files describe the ultrasound detection system for protecting the perimeter fence and the runways, and detail the ID requirements for accessing every area of the airport.
‘I Forgot My PIN’: An Epic Tale of Losing $30,000 in Bitcoin (WIRED) Veteran tech journalist Mark Frauenfelder tries everything, including hypnosis, to recover a small fortune from a locked bitcoin device.
The Dark Overlord hacks plastic surgery clinic; demands ransom (HackRead) Nude pictures never go unnoticed, and when these belong to celebrities and the mighty Royals, then people are bound to go crazy. This perhaps was in the mind...
Security Patches, Mitigations, and Software Updates
Google Patches ‘High Severity’ Browser Bug (Threatpost) Google began pushing out updates its desktop browser Friday with a patch that repairs a stack-based buffer overflow vulnerability.
Android takes aim at ISP surveillance with DNS privacy (Naked Security) Google turns its attention to your unencrypted DNS
Google to Remove Public Key Pinning (PKP) Support in Chrome (BleepingComputer) Late yesterday afternoon, Google announced plans to deprecate and eventually remove PKP support from the Chromium open-source browser, which indirectly means from Chrome.
Apache OpenOffice Update Patches Four Vulnerabilities (Threatpost) Apache OpenOffice patches four vulnerabilities tied its suite of free office applications impacting it word processing and graphics applications.
Rockwell Automation Patches Wireless Access Point against Krack (Threatpost) Rockwell Automation patched its Stratix wireless access point against the KRACK vulnerability.
It's Time to Change the Cybersecurity Conversation (Dark Reading) The IT security industry needs more balance between disclosure of threats and discussion of defense practices - and greater sharing of ideas
The cyber paradox: Reliance on new tech can quickly become a weakness (Fifth Domain) With the interconnected nature of the world, what happens if adversaries shut down networks? The Navy wants commanders to be prepared to operate if this occurs.
Top threats impacting endpoint security decisions (Help Net Security) Research shows that the majority of businesses across the globe are either currently or planning to incorporate machine learning in their endpoint defenses.
Machine vs. Machine: A War in the Offing (CSO) The rise of artificial intelligence (AI) is the great story of our time, thanks to the low cost of computing, storage, and off-the-shelf machine algorithms.
Shark Tank's Robert Herjavec: Cybersecurity at work is everyone's responsibility (TechRepublic) The investor and founder of cybersecurity firm Herjavec Group spoke with TechRepublic about the biggest threats facing businesses, and how all employees can get involved in security.
Uncle Sam Tries to Hire Hackers (Fortune) The U.S. government has a problem with hackers—but not the kind you think. The problem I refer to is Uncle Sam’s reputation of hostility towards hackers, which makes it difficult to hire the sort of people the country needs to tighten up its sprawling computer networks.
SAIC Wins $93M USCYBERCOM Task Order (WashingtonExec) SAIC has been awarded a $93 million U.S. Cyber Command task order to help secure the Department of Defense Information Network. SAIC will assist USCYBERCOM
Coinbase Offers $50,000 Hack the World Bug Bounty (Bitcoin News) Bug bounties are an increasingly used initiative by businesses to find code issues, security problems, hiccups, general mistakes through incentivized hacks.
Startup growth improves in metro Indy (Indianapolis Business Journal) The Kauffman Index of Growth Entrepreneurship says the area now ranks 10th among the 40 largest metro areas when it comes to what Kauffman calls growth entrepreneurship.
Career Briefs: RedLock Names Ankur Shah VP of Products (India West) RedLock, a cloud threat defense company, named Ankur Shah VP of products, where he will be responsible for driving the RedLock product roadmap. Shah has spent more than 15
SentryOne Names Bob Potter New Chief Executive Officer (PRNewswire) Charlotte-based SentryOne announced today the appointment of Bob...
Products, Services, and Solutions
New infosec products of the week: October 27, 2017 (Help Net Security) New infosec products of the week include products from the following vendors: AttackIQ, Blackpoint Cyber, Bomgar, Cloudera, Cygilant, Microsemi, Symantec.
Cygilant Launches New Vulnerability, Patch Management Cloud Service (eWEEK) Cygilant VPM provides IT teams with a single-service offering that combines continuous co-managed vulnerability management with auditable patch management
NetWars: GRID NetWars (SANS Institute) GridEx NetWars is a suite of hands-on, interactive learning scenarios that enable Operational Technology security professionals to develop and master the real-world, in-depth skills they need to defend real-time systems.
Technologies, Techniques, and Standards
Can DevOps Simplify the Operational Risk of Compliance? (SIGNAL Magazine) How applying the DevOps mindset and processes to digital planning address cybersecurity.
Is Your Agency Cyber EO-ready? (SIGNAL Magazine) By prioritizing network modernization, agencies bolster cybersecurity and meet the core mission requirements.
The Blockchain Is Only as Strong as Its Weakest Link (Security Intelligence) Blockchain technology depends on mutual trust between human participants, each of whom represents a potential weakness in the chain.
Part 1 – Top Three Things Cyber Teams Should Do to Implement a Risk Based Program? (Bay Dynamics) October is National Cyber Security Awareness Month (follow #NCSAM on Twitter), and the perfect time for cyber security pros to start shifting their cyber security programs and investments so that they focus on risk management.
Part 2 – Top Three Things to Do to Overcome Vulnerability Risk Management Challenges (Bay Dynamics) Welcome to the second chapter of our video Q&A series featuring Retired Brigadier General Gregory Touhill, appointed by President Obama as America’s first federal CISO, and our newest board member.
How to focus C-Suite attention on the issue of cyber security (CSO) With large-scale cyber attacks becoming increasingly common, having an effective defence strategy in place has never been more important.
Design and Innovation
Cyber Moonshot: Taking a proactive approach to cybersecurity [Commentary] (Federal Times) With concerted leadership, sustained investment, and clear incentives that spark action, we can achieve the Cyber Moonshot.
Researchers Devise 2FA System That Relies on Taking Photos of Ordinary Objects (BleepingComputer) Scientists from Florida International University and Bloomberg have created a custom two-factor authentication (2FA) system that relies on users taking a photo of a personal object.
Research and Development
Best-Ever Algorithm Found for Huge Streams of Data (WIRED) To efficiently analyze a firehose of data, scientists first have to break big numbers into bits.
Artificial intelligence fools security (BBC News) Researchers developed an algorithm that imitates how the human brain responds to these visual clues.
'Darknet' and quantum communications could enhance grid cybersecurity, scientists tell Senate (Utility Dive) The Department of Energy's national labs are working to develop a private grid communication system called "darknet" they say could automatically detect, isolate and defend against cyber intrusions.
Two New Facilities Highlight SSC Atlantic’s Commitment to Cybersecurity (DVIDS) Space and Naval Warfare Systems Center (SSC) Atlantic Commanding Officer Capt. Scott Heller marked the opening of two new facilities on Joint Base Charleston – Naval Weapons Station for teams providing cutting edge cybersecurity capabilities to prevent and mitigate cyber-attacks for our Navy and our nation. The ribbon cutting event took place Oct. 27.
University of New Haven Hacking Team Finishes Third in Regional Competition, Advances to Nationals (University of New Haven) A group of computer science and cyber security majors defeated teams from Penn State, Drexel, the University of Buffalo, and Carnegie Mellon, which is regarded as one of the top universities worldwide in cybersecurity and technology education.
Legislation, Policy, and Regulation
Can an international cyber convention ever succeed? (Help Net Security) How can sanctions and other standard international responses be levied if the suspected perpetrator has complete deniability of their involvement?
Experts call for filtering of online content at national level (The Times of India) Thiruvananthapuram: Even as the Supreme Court has issued an interim order directing the government to check online video tapes of sexual violence and child porno, cyber security experts indicated that such material were still available online and it was not easy to remove these in one go.
AI Development in Dire Need of Cybersecurity Regulations (Infosecurity Magazine) As the AI development industry rapidly expands, hopefully regulations will emerge soon.
Debate rages over divisive US surveillance law renewal (Naked Security) The lines are drawn, with predictable players on each side
Ron Wyden urges NSA and DHS to defend Trump administration officials from hackers (The Washington Times) Sen. Ron Wyden, a Democratic member of the Senate Intelligence Committee, is demanding that national security leaders adopt a plan to protect the personal devices and internet accounts of top Trump administration officials.
Dems see opportunity on cyber (FCW) The moderate New Democrat Coalition is looking for bipartisan support for a cybersecurity agenda focused on public-private cooperation.
Litigation, Investigation, and Law Enforcement
Probe finds 701 more cyber reports (Korea JoongAng Daily) Materials were sent from Cyber Command to Lee Blue House
Defense ministry to expand probe into military intelligence, cyber agents over political activities (Yonhap News Agency) A recent inquiry has found military intelligence agents were involved in a clandestine campaign to write pro-government online comments under former President Lee Myung-bak, the defense ministry said Sunday.
Watch: Trump’s top intelligence officials confirm Russia meddled in the US election (Quartz) Russia's efforts to influence the US election have been unequivocally confirmed on the record by all top US intelligence officials.
Manafort and former business partner charged with conspiracy in connection with special counsel probe (Washington Post) The charges were the first criminal allegations in the investigation into possible links between the Trump campaign and Russia.
U.S. v. Paul J. Manafort, Jr., and Richard W. Gates III (1:17-cr-201, District of Columbia) (US Department of Justice) Paul J. Manafort, Jr., of Alexandria, Va., and Richard W. Gates III, of Richmond, Va., have been indicted by a federal grand jury on Oct. 27, 2017, in the District of Columbia.
How to Interpret Mueller’s Charges Against Paul Manafort (WIRED) What to expect from the special counsel's first indictments in the Russia inquiry.
FBI Probe Of Paul Manafort Focuses On 13 “Suspicious” Wire Transfers (BuzzFeed) BuzzFeed News has learned of a series of wire transfers, made by companies linked to Donald Trump’s former campaign chairman Paul Manafort, that federal officials deemed suspicious. Many of the wires
Angus King: First charges under Robert Mueller Russia probe 'really just the beginning' (Washington Examiner) 'Like everyone else in Washington, I'll be watching tomorrow to see what comes out of the Mueller investigation, but I think it's important...
Fusion GPS, House intel reach subpoena agreement (CNN) Fusion GPS, the research firm behind the dossier containing allegations about President Donald Trump and Russia, its bank and the House intelligence committee have reached an agreement over the panel's subpoena of Fusion's financial records.
Fusion GPS and the Washington Free Beacon (Washington Free Beacon) Since its launch in February of 2012, the Washington Free Beacon has retained third party firms to conduct research on many individuals and institutions of interest to us and our readers. In that capacity, during the 2016 election cycle we retained Fusion GPS to provide research on multiple candidates in the Republican presidential primary, just as we retained other firms to assist in our research into Hillary Clinton.
FINALLY, A Definitive Timeline Showing When Clinton, DNC Started The Russian Dossier (The Daily Caller) There has been much confusion in the media -- and thereby, the public -- about who funded the infamous Trump dossier. Some outlets have incorrectly reported that Republicans began financing the dossie
Analysis | The ‘dossier’ and the uranium deal: A guide to the latest allegations (Washington Post) After a week of twists and turns in the Russia probe, here's everything you need to know to catch up.
Collins wants more testimony from DNC and Clinton campaign officials (POLITICO) “It’s difficult to imagine that a campaign chairman, that the head of the DNC would not know of an expenditure of this magnitude and significance," she said.
Facebook struggles to contain Russia narrative (POLITICO) Hearings this week will increase the pressure for the company to explain how bots and fake news exploited its network — beyond a narrow focus on political ads.
Kaspersky Says Its Hand Was in the Cookie Jar, But … (Security Boulevard) Kaspersky Lab has been bombarded with an unending stream of claims that its Russian roots equate to being part of the Russian national team when it comes to national security interests.
Lessons of Parliament's missing security manual (The Sydney Morning Herald) The far more concerning problem is the mega-theft of digital data from contractors.
Officials shut down Oklahoma Corporation Commission website after cyber attack (Oklahoma News 4) A cyber attack was detected this week at the Oklahoma Corporation Commission, causing the Office of Management and Enterprise Services to shut the network down.
Cellebrite requires trust in law enforcement (Northwest Missourian) Recent news of the three law-enforcement offices having joint control over new technology used for confiscated cell phones have left us wondering if this may be a serious violation of privacy.
Woman's ID stolen 15 times after Equifax breach (KLTV) The woman's lawyer Fleming has filed a class-action lawsuit against Equifax, saying the company was negligent when it lost private information on more than 140 million Americans.
Insider information leads to fraud scheme, arrests and conviction (CSO Online) Employees at HSBC Bank plc used insider information to their benefit, defrauding a client and generating millions of dollars for themselves.
Apple iPhone X engineer fired after daughter’s hands-on video went viral (CSO Online) It's like a double cautionary tale about NDAs and losing control of content once you post it online.