Washington, DC: the latest from 2017's SINET Showcase
Washington DC - SINET (SINET) SINET Showcase provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity.
2017 SINET 16 Winners Announced (BusinessWire) The winners of the annual SINET 16 innovation competition were selected from a pool of over 130 applicants from nine different countries.
Cyber Attacks, Threats, and Vulnerabilities
Microsoft issues advisory to users after macro-less malware attacks (The State of Security) Hackers have been found exploiting a freshly-uncovered vulnerability in Microsoft's software to install malware on business computers.
Hacker Wannabes Fooled by Backdoored IP Scanner (BleepingComputer) Wannabe hackers looking to create their very own Reaper botnet might have gotten more than they asked when they downloaded an IP scanner over the past few weeks.
Hundreds of Millions in Digital Currency Remains Frozen (Threatpost) Between $150 million and $300 million in digital currency called ether remains inaccessible today after a user said he “accidentally” triggered a vulnerability that froze the funds in the popular Parity wallet.
£214 million in Ethereum crypto-currency virtually gone after code deletion (SC Magazine) Around one million Ethereum digital coins (approximately £214 million) have become inaccessible to users following the accidental deletion of code.
Cryptojacking craze that drains your CPU now done by 2,500 sites (Ars Technica) Android apps with millions of Google Play downloads also crash the party.
Cryptojacking Craze: Malwarebytes Says It Blocks 8 Million Requests per Day (BleepingComputer) The in-browser cryptojacking craze that has taken over the Internet is getting worse by the day and more and more sites are implementing such systems, intentionally or after getting hacked.
Boeing 757 Testing Shows Airplanes Vulnerable to Hacking, DHS Says (Avionics) A team of government, industry and academic officials successfully demonstrated that a commercial aircraft could be remotely hacked in a non-laboratory setting last year, a U.S. Department of Homeland Security (DHS) official said Wednesday at the 2017 CyberSat Summit in Tysons Corner, Virginia. “We got the airplane on Sept. 19, 2016. Two days later, I …
Did the Maersk cyber attack reveal an industry dangerously unprepared? (Ship Technology) A recent survey by Futurenautics found that shipping companies are still largely unprotected from potential cyber attacks, even after the...Read More...
Smart grids ‘at risk of cyber attack’ (Institution of Mechanical Engineers) Connected power grids will democratise electricity supply, but they could be more vulnerable to cyber attacks, according to experts.
Electricity industry on alert for ‘cyber sabotage’ (Financial Times) State-sponsored hackers are developing the capability to disable power grids
A recent event demonstrates the lack of grid resiliency and the inability to clearly identify cyber attacks (Control Global) A recent cyber incident demonstrates the inability to unambiguously identify an event as being a cyber attack while affecting grid resiliency.
He Perfected a Password-Hacking Tool—Then the Russians Came Calling (WIRED) How a program called Mimikatz became one of the world's most widespread and powerful hacking tools.
A Dark Web hacker is offering services to track anyone anywhere (HackRead) Would you not like to track the traveling patterns of your friends or foes if given a chance? Of course, you would. A majority of us would want to find out
The Emerging Threat of Cybercriminal AI (MIT Technology Review) Shuman Ghosemajumder, CTO of Shape Security and MIT Technolog Review’s Martin Giles discuss responsibilities that companies have towards protecting the sensitive personal information they hold about us.
1M People Duped By Fake WhatsApp (PYMNTS.com) Google’s app store was infiltrated by a fake WhatsApp application late last week that more than 1 million people downloaded. According to a news report in Forbes, citing security researchers who have been warning for years about the prevalence of fake apps in Google’s app store, there have been many apps that look similar to […]
Privacy Clouds Form Over Mantistek Gaming Keyboard (Threatpost) Questions brew over whether Mantistek GK2 Mechanical Gaming Keyboard is snooping on users as they type.
Widespread usage of admin rights leaving organisations vulnerable to cyber attacks (TEISS) Organisations are allowing too many employees to enjoy admin rights to promote efficiency and convenience, but are, in the process, making themselves vulnerable to insider threats, phishing attacks, and ransomware infections.
Forrester: Expect POS Ransomware Outages in 2018 (Infosecurity Magazine) Forrester: Expect POS Ransomware Outages in 2018. Analyst also warns firms of IoT attacks and attempts to hack midterms
Kaspersky Lab reveals number of corporate users subjected to cyber attacks in Azerbaijan (Trend.Az) During the ten months of 2017, 5,500 corporate users in Azerbaijan were subjected to cyber attacks
2017's Most Prolific Email Prankster Is Calling It Quits (BuzzFeed) The man behind @Sinon_Reborn has email pranked a who's who of 2017 notable figures including Harvey Weinstein, Anthony Scaramucci, Eric Trump, and Ann Coulter. But after some sloppy security meas
Security Patches, Mitigations, and Software Updates
Google Patches KRACK Vulnerability in Android (Threatpost | The first stop for security news) Google this week finally addressed the KRACK vulnerability in Android, three weeks after the WPA2 protocol flaw was publicly disclosed.
Chrome Will Stop Sketchy Sites From Bouncing You to Ads (WIRED) With its latest update, Chrome's going to quash the junky redirects that turn the web into a house or horror.
Google Adds New Features in Chrome to Fight Malvertising (BleepingComputer) Google announced plans today for three new Chrome security features that will block websites from sneakily redirecting users to new URLs without the user or website owner's consent. One of these features has the potential to stop malvertising attacks.
NodeSource and Sqreen Survey: Fewer Than a Quarter of Node.js Developers Use Any Form of Real-Time Protection Against Attacks (BusinessWire) NodeSource, the Node.js® company, and Sqreen, a SaaS security monitoring and protection solution, today announced the results of a joint developer
Training for Artificial Intelligence in Warfare (US News) How soon will the 'killer robots' come to life? Experts say we shouldn't worry.
Americans worry about cybercrime more than they worry about car theft (SC Media US) American's are worrying more about becoming victims of cybercrime far more than they are worrying about becoming victims of conventional crimes.
Majority of Consumers Aware of Online Phishing Scams, Yet Still May Fall Victim This Cyber Monday (Business Insider) DomainTools, the leader in domain name and DNS-based cyber threat intelligence, today released the findings of its 2017 Cyber Monday Phishing Survey.
Ponemon Study Re Breach Impacts On Consumers & Stock Price; Gallup Poll Pegs Cybercrime As America's Top Crime Worry (Information Security Buzz) A new study by the Ponemon Institute quantifies “The Impact of Data Breaches on Reputation and Share Value” and a new Gallup Poll finds that cybercrime tops America’s crime concerns. IT security experts commented below. Atiq Raza, CEO at Virsec Systems: “Far too many businesses have been marketing a “don’t worry, be happy” message about cyber security, that flies in the face …
Cryptocurrency Mania Fuels Hype and Fear at Venture Firms (WIRED) Even as VCs race to invest in cryptocurrency companies, the novelty of the field poses legal, administrative, and PR challenges.
WatchGuard Files For $75 Million U.S. IPO - First Look (Seeking Alpha) WatchGuard wants to raise $75 million in a U.S. IPO. The firm sells in-car and body-worn video recording systems to law enforcement and security providers. Watc
Cisco: What Matters Most Ahead Of Earnings (Seeking Alpha) Some might wonder if CSCO can maintain its momentum and justify the recent wave of optimism priced into the stock. I prefer to look at the company's prospects w
Risk & Repeat: Sale of Symantec Website Security completed (TechTarget) DigiCert Inc.'s acquisition of Symantec Website Security was completed last week, but concerns in the browser community still remain about Symantec's SSL certificates.
Merlin goes on a cyber win streak (Washington Technology) Merlin International has won $80 million in new cyber work at the VA during the last quarter but the success was years in the making.
Skybox Security Appoints Ron Davidson to Lead Global Research and Development for the Company’s Cybersecurity Management Platform (Globe Newswire) Skybox™ Security, a global leader in security management, announced today that Ron Davidson has joined the company as Chief Technology Officer (CTO) and Vice President of Research and Development. Davidson is a 30-year cybersecurity veteran. He will lead Skybox’s long-term technology vision, focusing on product evolution for the company’s core solution areas — attack surface visibility, vulnerability and threat management, and firewall and security policy management.
PE-backed NetSPI appoints president and COO (PE Hub) Minnesota-based NetSPI, a provider of enterprise security testing and vulnerability correlation software, has named Aaron Shilts as president and chief operating officer. Prior to joining NetSPI, Shilts led worldwide services for Optiv and FishNet Security. NetSPI is backed by Sunstone Partners.
Mimecast Welcomes Gerri Elliott to Board of Directors (GlobeNewswire News Room) Mimecast Limited (NASDAQ:MIME), a leading email and data security company, today announced Geraldine (Gerri) Elliott has joined its Board of Directors.
Products, Services, and Solutions
Mocana, Xilinx, Avnet, Infineon and Microsoft Join Forces to Secure Industrial Control and IoT Devices (GlobeNewswire News Room) Industry Leaders to Introduce an Integrated, High-Assurance Industrial Edge-to-Cloud System
Point3 Security Inc. Partners with Cybrary for the Early Release and Launch of Escalate™ (PRWeb) Challenge-based online assessment available to consumers for enhanced learning experience
Avast Launches Security Pro and Cleanup Pro for Mac (BusinessWire) Avast, the global leader in digital security products, today released its 2018 Security Pro and Cleanup Pro to address the latest security and pe
Vectra and Phantom Partner to Detect, Prioritize and Stop Hidden Cyber Attacks Faster (PRNewswire) Vectra®, the leader in automating the hunt for in-progress...
Bitdefender to Deliver Cross-Platform Cyber Security to Enterprises (PRNewswire) Bitdefender, a leading global cybersecurity technology company...
Businesses switch to Gmail for ransomware, spear-phishing protection (CSO Online) Gmail's built-in phishing detection and ransomware defense lures business users to switch email platforms.
Siemens Teams Up with Tenable (Dark Reading) ICS/SCADA vendor further extends its managed security services for critical infrastructure networks.
Technologies, Techniques, and Standards
Microsoft introduces new secure firmware spec via the Open Compute Project (ZDNet) Microsoft is tackling the security piece of datacenter hardware with the latest phase of its OCP 'Project Olympus' efforts.
Spending wisely to fight cyberattacks can save your company millions (TechRepublic) An average enterprise suffers 130 successful cyberattacks annually, costing an average of $12 million. Fighting back cost-effectively requires a comprehensive policy.
Protect IoT data, not IoT devices, says Verizon (Internet of Business) Securing IoT implementations may involve concentrating on protecting data rather than devices, according to Verizon.
Report: DevOps has gone mainstream, but DevOps security hasn't followed suit (TechRepublic) DevOps may be the new paradigm in app development, but a report out from CyberArk reveals that widespread adoption of that approach has become a security nightmare.
The IoT Blindspot (Dark Reading) Confusion over whether IT staff or line of business professions are responsible for IoT management and security plays big role in a lack of visibility into those devices.
Don't Go It Alone: Sharing Threat Intelligence for the Common Good (Security Intelligence) Companies across all verticals can diminish the impact of widespread cyberthreats by forging collaborative partnerships and sharing threat intelligence.
Smart household devices may be your biggest security blindspot (ConsumerAffairs) New research from Parks Associates shows 41 percent of U.S. homes with wifi plan to purchase a smart appliance or other wifi-connected household device in
Data breached in translation (CSO Online) Online language translation software caused a data leak at Statoil. Use these best practices to keep translated information secure.
How Journalists Fought Back Against Crippling Email Bombs (WIRED) After ProPublica journalists wrote about hate groups, the trolls retaliated by signing them up for thousands of subscriptions. That was only the beginning.
Mozilla privacy guide lists holiday gifts that will spy on you (CSO Online) Mozilla's Privacy Not Included guide lists toys, gadgets and accessories that can spy on you and if those connected devices have privacy controls.
Design and Innovation
This Russian Has The Power To Turn 100,000 Android Phones Into Cryptocurrency Miners (Forbes) A "legal botnet" might seem like an oxymoronic statement. At best, it's risky phrasing. Most associate "botnets" with hordes of hacked computers controlled by a hidden botmaster with monstrous machinations, more often than not illicit profiteering.
Real Humans Will Review the Nudes You Send Facebook as Part of Its Anti Revenge-Porn Program (Motherboard) Facebook is testing a new feature in Australia to combat revenge porn on the platform. This is how it works.
Research and Development
What is quantum encryption? It’s no silver bullet, but could improve security (CSO Online) Quantum encryption, also called quantum cryptography, applies principles of quantum mechanics to encrypt messages in a way that it is never read by anyone outside of the intended recipient. It takes advantage of quantum’s multiple states, coupled with its "no change theory," which means it cannot be unknowingly interrupted.
Legislation, Policy, and Regulation
Kim Jong Un’s North Korea is – cautiously – going online (The Republic) Kim Jong Un's North Korea, ever so cautiously, is going online
Why Trump is sticking with Obama's China hacking deal (POLITICO) There are recent signs that Beijing may be testing the limits of its 2015 promises.
NATO green lights plan to establish a new cyber command center (Stars and Stripes) The United States and its military allies in Europe agreed Wednesday to establish a new cyber command center that will allow NATO to incorporate electronic weaponry in its operational planning, the alliance’s top official said.
Government outlines cyber security plan (BBC News) Ministers say cyber attacks against public organisations "will continue to increase".
Is Vladimir Putin meddling in British politics? (Times) In America the battle against fake news is vast and pervasive. It involves a president, senators and tech companies on the stand and a creeping, growing, terrified suspicion that Russia might have...
Al Franken Just Gave the Speech Big Tech Has Been Dreading (WIRED) In talk to Washington think tank, Al Franken ties together complaints against Google, Facebook, and Amazon, and calls for more control over their market power.
Other Voices: Let's not rush to government regulation of social media (Longview News-Journal) It's clear that the government of Russia used the openness of social media giants Facebook and Twitter, as well as search engine behemoth Google, to ...
Compromise defense bill tells Trump to spell out cyberwarfare strategy (TheHill) Lawmakers have expressed frustration over lack of cyber policy from successive presidential administrations.
U.S. House panel advances bill aimed at limiting NSA spying program (Reuters) A U.S. House panel on Wednesday passed legislation seeking to overhaul some aspects of the National Security Agency's warrantless internet surveillance program, overcoming criticism from civil liberties advocates that it did not include enough safeguards to protect Americans' privacy.
Kirstjen Nielsen: US' next Homeland Security chief (Deutsche Welle) If confirmed by the Senate, Kirstjen Nielsen will oversee 240,000 employees at the Department of Homeland Security. DHS is responsible for immigration, border control and cyber-security, among other areas.
Army pushes recruiting and retaining cyber talent (Defense Systems) The Army is taking aggressive steps to strengthen its cyber workforce through a series of ongoing evaluations.
Scottish Government Launches Cyber Resilience Action Plan (Infosecurity Magazine) Scottish Government Launches Cyber Resilience Action Plan. Ambitious plan designed to promote best practice security
Litigation, Investigation, and Law Enforcement
Top former intelligence leaders dismayed over Pompeo meeting with conspiracy theorist (CNN) Two of the nation's former top intelligence officials expressed surprise and dismay Wednesday that President Donald Trump prevailed upon CIA Director Mike Pompeo to meet with a former National Security Agency employee turned whistleblower who denies Russia interfered in the US election.
He Solved The DNC Hack. Now He's Telling His Story For The First Time. (BuzzFeed) Less than a year before Marine Corps cyberwarrior Robert Johnston discovered that the Russians had hacked the Democratic National Committee, he found they had launched a similar attack at the Joint Ch
Former Yahoo!, Equifax CEOs Face Congressional Grilling Over Data Breaches (Infosecurity Magazine) “Companies that collect and store personal data on American citizens will face consequences without adequate cybersecurity.
Meet the Hacker Who Busts Child Pornographers on the Dark Net (Motherboard) Einar Otto Stangvik talks with us about online child pornography, self-developed hacking tools, the police who ran the abusive sites—and why he comes up with the best ideas while dreaming.