Cyber Attacks, Threats, and Vulnerabilities
China Tests the Limits of Its US Hacking Truce (WIRED) As the Trump administration reups an anti-hacking agreement with China, security researchers say China is inching its toes up to that red line.
North Korea denies involvement in WannaCry cyber attack (The Financial Express) North Korea has slammed Britain for accusing it of being behind a global ransomware attack that hit the National Health Service, calling the allegation a "wicked attempt" to further tighten international sanctions against Pyongyang.
North Korea threat of above-ground bomb test serious, US says (Military Times) North Korea’s threat to detonate a hydrogen bomb above the Pacific Ocean is being treated as credible based on the regime’s past actions, U.S. officials here said.
Hamas-Linked 'Gaza Cybergang' Has New Tools, Targets (SecurityWeek) A threat actor believed to be linked to the Palestinian terrorist organization Hamas continues to target organizations in the Middle East and North Africa (MENA) region, and their operations now include some new tools and techniques, Kaspersky Lab reported on Monday.
Social Media: The Fifth Column in the Fifth Domain (The Cipher Brief) As representatives from Twitter, Facebook, and Google prepare to testify before Congress, we look at how these platforms fit into a larger Russian disinformation campaign.
Fakers have a free rein over political adverts (TImes) Imagine if a deluge of attractive women were to ask to be your friends on social media. Hundreds of them. All are pouting and have profile pictures of themselves in skimpy gym kits, holding coffee...
Google Bug Database Flaws Expose Severe Vulnerabilities (Dark Reading) A security researcher accessed the most critical bugs in Google products and services by spoofing a corporate email address.
Coinhive Miners Found in Android Apps, WordPress Sites (BleepingComputer) The malicious deployment of in-browser JavaScript-based cryptocurrency mining scripts has continued the past week, and we've seen them reach Android applications on the official Google Play Store, but we've also seen the first mass-deployment as part of a botnet of hacked WordPress sites.
Security Alert as USB Found Containing Heathrow Plans (Infosecurity Magazine) Security Alert as USB Found Containing Heathrow Plans. Unencrypted storage device featured highly sensitive info
Massive Identity Data Exposure Leads to Rising Tides of New Account Fraud — What's Next? (Security Intelligence) New account fraud is rising in popularity among cybercriminals due to the frequency with which users are opening new online banking accounts.
T-Mobile USA Calls Customers to Warn on SIM Hijacking (Infosecurity Magazine) A bug allowed hackers to access customers' email addresses, account numbers and phone IMSIs.
Dishwashers on the rampage: LG IoT security bug highlights risks of home automation (CIO) The discovery this week of a security vulnerability within SmartThinQ, a technology touted by LG for automating communication with its range of home appliances and devices, has reinforced the risks of remote Internet of Things (IoT) takeover as attackers progressively master new methods of attacking increasingly smart devices.
Hacking site hacked by hackers (Naked Security) It sounds funny, but remember: if hackers can be hacked, then so can you, if you aren’t careful
Dark Web Marketplace Offers Remote Access to Corporate PCs for $3-15 Each (eSecurity Planet) Ultimate Anonymity Services offers more than 35,000 RDPs for sale, including about 300 from the U.S.
Security Report: Median Price for DIY Ransomware Kit is $10.50 (MSP Mentor) The median price for a do-it-yourself (DIY) ransomware kit is just $10.50, helping to fuel a 2,502 percent year-over-year increase in the size of the ransomware marketplace on the dark web, according to new research from security vendor Carbon Black.
Report: Ransomware Authors Can Earn Double The Salary Of Legitimate Software Developers (Forbes) A recent report from cyber security firm Carbon Black says that software developers can make more money developing ransomware than at traditional software development jobs.
The Ransomware Economy (Carbon Black) How and why the Dark Web marketplace for ransomware Is growing at a rate of more than 2,500% per year
Majority of Employees Hit with Ransomware Personally Make Payment (Dark Reading) Office workers pay an average ransom of $1,400, according to a new report.
Security Patches, Mitigations, and Software Updates
Firefox takes a bite out of the canvas ‘super cookie’ (Naked Security) Finally, one of the major browsers is doing something about canvas fingerprinting
Oracle Patches Critical Flaw in Identity Manager (Security Week) Oracle informed customers on Friday that its Identity Manager product is affected by a critical vulnerability that can be easily exploited by malicious actors.
Oracle scores ten out of ten - for a critical security flaw in Oracle Identity Manager (Computing) Patch without delay, urges Oracle
Cyber Trends
A Lack of Cybersecurity Talent Is Driving Companies to Use AI against Online Attacks (MIT Technology Review) A shortage of humans to fight cybersecurity battles is causing companies to turn to machines.
Recorded Future Raises $25M From Insight Venture Partners to Further Extend Leading Position in Threat Intelligence (PRNewswire) Recorded Future, the leader in threat intelligence (TI), today announced it has...
Government cybersecurity trends and challenges (Enterprise Innovation) Joe Jarzombek was the former Director for Software and Supply Chain Assurance at the U.S. Department of Homeland Security, and former Deputy Director for Information Assurance at the U.S. Department of Defense. Mr Jarzombek shares his insights with eGov Innovation on government cybersecurity trends and the importance of building secure-quality software.
Marketplace
Grossman: Cyberinsurance market is like the 'Wild West' (SearchSecurity) SentinelOne's Jeremiah Grossman discusses cyberinsurance market growth and opportunities, as well as the prospect of software liability.
Deloitte continues enterprise technology acquisition spree with consultancy firm JKVine (CRN Australia) Four co-owners and 30 staff join Deloitte's platform engineering practice.
CenturyLink acquisition of Level 3 receives approval from Federal Communications Commission (CenturyLink) The Federal Communications Commission (FCC) has approved CenturyLink, Inc.'s (NYSE: CTL) pending acquisition of Level 3 Communications, Inc. (NYSE: LVLT). The FCC's approval follows prior...
Continental said to be in talks to buy Argus Cyber Security (Automotive News) Continental is in advanced talks to buy Israel's Argus Cyber Security, which has developed technology to protect connected cars from hacking, for about $400 million, Israeli media reported on Monday.
Moving Target Defense Startup Cryptonite Emerges From Stealth (Security Week) Cryptonite, a Rockville, Maryland-based startup that aims to prevent reconnaissance and lateral movement in the network using moving target defense and micro-segmentation technologies, has emerged from stealth mode.
Startups selected to participate in LaunchVic-backed cyber security accelerator program | OpenGovAsia (Open Gov Asia) Participants will work alongside Deakin University researchers with tech expertise and travel to Israel and the US.
World Class Cybersecurity Expert Joins WRFX As CEO Of Paranotek (TheStreet) WorldFlix, Inc. (OTC:WRFX), a mobile application and end-to-end encryption software company focused on corporate data security, today announced that international cybersecurity expert Mick Davis has been appointed as the new CEO of Paranotek, the company's wholly owned security subsidiary.
Cato Networks Expands Sales Leadership As Global Momentum Grows For Secure, Cloud-Based SD-WAN (Cato Networks) Nick Fan to serve as Vice President of Sales for Americas, Nate Grinnell to serve as Senior Director of Channel Sales
Products, Services, and Solutions
SentinelOne Announces Lateral Movement Detection Engine to Catch Unauthorized Network Movement from Malicious Actors (SentinelOne) Real life customer story highlights threat of lateral network infiltration in wake of Bad Rabbit ransomware attack
IBM Trusteer New Account Fraud (IBM) Seamlessly assessing the risk of new digital identities
Technologies, Techniques, and Standards
Full Spectrum Highlights the Publication of New Wireless Standard for the Industrial Internet of Things (GlobeNewswire News Room) IEEE 802.16s – New wireless standard lays groundwork for adoption of the industrial internet, addressing key concerns related to security, reliability and robust coverage
Lessons learned from the most impactful breach (Channel Post MEA) Post Equifax threat, Alastair Paterson, CEO and Co-Founder at Digital Shadows reflects on the lessons we can learn before, during and after discovering a bre
Navy enhancing its electronic warfare systems (C4ISRNET) Engility Corp. has been awarded a modification on a five-year contract to perform EW services for U.S. Navy and Australian aircraft.
Blockchain courts will offer effective dispute resolution in smart contracts (The Next Web) Arbitration is a fundamental aspect of human relationships be it social, professional, or business relationships. The emotional and psychological composition of humans cannot be absolutely prevented from interfering during the execution of contractual agreements and processes. Contractual disputes Disputes over contracts aren’t always caused by ulterior motives or deliberate intentions to short-change another party. Sometimes, …
Design and Innovation
Can ARM save the Internet of Things? (Naked Security) Can the IoT be saved from its breakneck growth and breathtaking insecurity?
Research and Development
Artificial intelligence beats Captcha at its own game (Inquirer) Yes, it's been cracked. Again. But this time by a machine,Boffin Watch ,Boffin Watch,AI,Security
'Instant replay' for computer systems shows cyber attack details (Science Daily) Until now, assessing the extent and impact of network or computer system attacks has been largely a time-consuming manual process.
Academia
UMD students won a cybersecurity competition that was like virtual capture-the-flag (The Diamondback) More than 500 teams took part in the competition.
Legislation, Policy, and Regulation
EU to Declare Cyber-Attacks “Act of War” (Infosecurity Magazine) EU to Declare Cyber-Attacks “Act of War”. Member states set to sign new diplomatic framework
EU may struggle to prove cyber attack links, warns expert (ComputerWeekly) EU governments are reportedly planning to respond to cyber attacks as an act of war, but a cyber security expert says links to nation states may be hard to prove.
Attribution is what states make of it (European Council on Foreign Relations) It is high-time for the Europeans to wake up from their hopes and dreams to build norms and rules for state behaviour in cyberspace.
Cybercom Establishes Strategic Concepts to Mitigate Cyber Threats to Natl Security - Executive Gov (Executive Gov) The U.S. Cyber Command has developed an operational approach to defensive cyber operations and strat
The Cyber Cold War (Bulletin of the Atomic Scientists) Is the Cyber Mission Force prepared?
DHS Says Most Agencies On Track To Cut Kaspersky Products (Law360) Most federal agencies are on track to timely find and remove Kaspersky Lab products from their information systems in response to concerns about potential security risks, with less than half having identified Kaspersky products on their systems so far, a U.S. Department of Homeland Security official said Friday.
Agencies complete step one of DHS cyber directive, now comes the hard part (FederalNewsRadio.com) The Homeland Security Department says agencies have 30 days to come up with a plan to remove Kaspersky Lab products from their networks.
Guide to Section 702 Value Examples (IC on the Record) Consistent with the Principles of Intelligence Transparency, the ODNI has released volumes of information to enhance public understanding of Section 702 of the Foreign Intelligence Surveillance Act (FISA).
Kemp Applying For Federal Security Clearance With US Homeland Security (90.1 FM WABE) If his application for “secret” level clearance is approved, Georgia’s top election official would be privy to intelligence from the U.S. Department of Hom
Aadhaar a threat to national security, will approach PM Modi: Subramanian Swamy (Zee News) Subramanian Swamy took to Twitter and tweeted that he will soon write a letter to PM Modi detailing how compulsory Aadhaar poses a threat to the country.
Mozilla Wants to Distrust Dutch HTTPS Provider Because of Local Dystopian Law (BleepingComputer) Mozilla engineers are discussing plans to remove support for a state-operated Dutch TLS/HTTPS provider after the Dutch government has voted a new law that grants local authorities the power to intercept Internet communications using "false keys."
Litigation, Investigation, and Law Enforcement
Robert Mueller’s Opening Salvo Is a Show of Strength (Foreign Policy) A quick and dirty analysis on the Manafort and Papadopoulos cases.
What the Papadopoulos Plea Says About Mueller's Next Moves (WIRED) With a plea agreement from Trump campaign adviser George Papadopoulos, special counsel Robert Mueller showed that he knows how to keep a secret—and that this investigation is just getting started.
Researchers Say Paul Manafort Referenced James Bond in His Adobe and Dropbox Passwords (Motherboard) The ex-Trump campaign chairman was indicted in special investigator Robert Mueller’s Russian probe Monday.
Tony Podesta stepping down from lobbying giant amid Mueller probe (POLITICO) Podesta announced his decision during a firm-wide meeting Monday morning and is alerting clients of his impending departure.
Week ahead: Tech giants to testify publicly on Russian interference (TheHill) Executives from Facebook, Twitter and Google will appear publicly before the House and Senate as lawmakers press forward with their investigations into Russian election interference.
Russian-backed content may have reached 126 million on Facebook (TechCrunch) Facebook has reportedly upped its estimate of how much content was produced by Russian-backed actors during the election and how widely that content was seen...
Tech Giants Disclose Russian Activity on Eve of Congressional Appearance (Wall Street Journal) Facebook, Google and Twitter are set to divulge new details showing that the scope of Russian-backed manipulation on their platforms before and after the U.S. presidential election was far greater than previously disclosed, reaching an estimated 126 million people on Facebook alone, according to people familiar with the matter, prepared copies of their testimonies and a company statement.
What Congress Should Ask Tech Executives About Russia (WIRED) Executives from Facebook, Google, and Twitter will testify to three congressional committees about Russia and the 2016 election.
Bulgarian official calls for integrated efforts against cybercrime (Xinhua) Bulgarian vice interior minister Milko Berner on Monday said responding to cybercrime required a comprehensive cross-border integration of efforts by public, private and non-governmental actors.
ESET research team assists FBI in Windigo case – Russian citizen sentenced to 46 months (WeLiveSecurity) Relating the collaboration between ESET experts and the FBI about the Windigo's operation, which ended with the sentencing of Maxim Senakh.
Police Probe Hack of London Plastic Surgery Clinic (Security Week) British police said Tuesday they were investigating the theft of data from a London plastic surgery clinic, with reports that sensitive images of celebrities have been stolen.
