Cyber Attacks, Threats, and Vulnerabilities
Australian Broadcasting Corporation confirms S3 data leak (ZDNet) The government-backed broadcaster has confirmed that data from an unsecured repository was exposed.
Kaspersky defends its role in NSA breach (BBC News) The Russian anti-virus company explains why it copied files off a PC used by a cyber-spy contractor.
‘US will never retract accusations against Kaspersky - Russia must always be blamed for something’ (RT International) Without evidence, US DHS ordered agencies to remove Kaspersky programs from networks, saying it may be involved in Russian intelligence spying.
Kaspersky Lab releases report into upload of NSA documents (Fifth Domain) Moscow-based cybersecurity firm Kasperksy Lab is releasing new details about how its software uploaded classified U.S. documents several years ago.
121 Pieces of Malware Flagged on NSA Employee's Home Computer (Dark Reading) Kaspersky Lab's internal investigation found a backdoor Trojan and other malware on the personal computer of the NSA employee who took home agency hacking tools.
Report Says Dissident Under Cyber, Information Attack from China (Washington Free Beacon) China is engaged in an unprecedented campaign of cyber attacks and information operations aimed at discrediting Beijing critic Guo Wengui.
Reaper: The Next Evolution of IoT Botnets (Fortinet Blog) By now, everyone should be aware of two things related to IoT devices. The first is that these devices...
Terdot Banking Trojan Could Act as Cyber-Espionage Tool (Security Week) The Terdot banking Trojan packs information-stealing capabilities that could easily turn it into a cyber-espionage tool, Bitdefender says in a new report.
Middle East 'MuddyWater' Attacks Difficult to Clear Up (Security Week) Long-lasting targeted attacks aimed at entities in the Middle East are difficult to attribute despite being analyzed by several researchers, Palo Alto Networks said this week.
Bamboozled: How a scam website reached the top of Google search ranking (NJ.com) A look at how a fake website offering Windows Movie Maker software is trouble.
'Fake news' Becomes a Business Model: Researchers (Security Week) Cyber criminals have latched onto the notion of "fake news" and turned it into a profitable business model, with services starting at under $10, security researchers said Thursday.
Rogue couriers can enter your home by disabling the Amazon Key smart lock (Computing) Not so smart, after all
Amazon Key Flaw Could Let Rogue Deliverymen Disable Your Camera (WIRED) After hackers exposed a way to freeze the delivery service's security cameras, Amazon will push out a fix later this week.
Russia tried to attack the UK’s energy sector – what would a UK power grid hack be like? (Verdict) The next thing to worry about Russia hackers? A UK power grid hack. This is according to the head of the UK's National Cyber Security Centre
Nokia study damns Android security; Calls Google’s mobile OS the most vulnerable platform (MySmartPrice) It’s hasn’t been long since Nokia dropkicked Windows and came back from the grave to embrace Android. It looks like the Finnish smartphone maker has finally had an epiphany and now decided to tell us something we already know – that Android, isn’t all that great when it comes to security. Nokia study: Android is …
1 in 25 Black Friday Apps Fake, Finds RiskIQ, Threatening $10.8B in Projected Black Friday Online Sales (Business Insider) RiskIQ, the leader in digital threat management, today released its 2017 Black Friday E-commerce Blacklist.
Does GDPR enable identity theft? (Computing) Under GDPR you'll be able to ask organisations to hand over all the data they hold on you. But what happens when a cyber criminal is able to pass himself off as you, and force firms to tell him everything?
Deleted WhatsApp sent messages might not be gone forever (Naked Security) The first 100 characters are in the registry, and you don’t even have to bother with that if you have a backup app. How very Snapchat!
No more data breach details will be released: Deloitte (iTWire) Accountancy firm Deloitte says it will not be releasing any more details about the data breach that it suffered in March this year. In response to a q...
Security Patches, Mitigations, and Software Updates
Apple’s iOS 11.1.2 fixes the cold weather input bug on the iPhone X (Ars Technica) Apple Pay Cash is still coming in a later update.
Firefox Will Block Navigational Data URIs as Part of an Anti-Phishing Feature (BleepingComputer) Mozilla will soon block the loading of data URIs in the Firefox navigation bar as part of a crackdown on phishing sites that abuse this protocol.
Oracle rushes out 5 patches for huge vulnerabilities in PeopleSoft app server (Ars Technica) "JoltandBleed" memory leak gives attackers full access to business applications.
Cyber Trends
NSA: Cyber Attacks Are Becoming More Sophisticated, Aggressive and Disruptive (Washington Free Beacon) Cyber attacks by foreign nations and criminals against both government and private sector networks are increasing in both sophistication and scale.
Europe not ready for imminent cyber strikes, say infosec professionals (ComputerWeekly.com) Information security leaders in Europe believe a major breach of critical infrastructure is coming and that data breaches in their own organisations are imminent – yet most are not ready.
The uphill battle of beating back weaponized AI (SearchCIO) The race to exploit machine learning and other artificial intelligence technologies is not just for good guys. We live in a world of weaponized AI.
Only one-in-five major organisations confident they will be ready for GDPR (Computing) Data sprawl is a significant challenge for multi-nationals
A third of US businesses do not feel prepared for GDPR deadline (Help Net Security) 35% of US organizations don’t believe they will be fully prepared for GDPR in time for the deadline. They're apprehensive about GDPR’s impact.
Netsparker Holiday Survey: 44 Percent of Americans Fear Credit Card Information Will Be Stolen While Shopping Online (BusinessWire) Netsparker Ltd., a leading player in the web applications security industry, has today released the results of its 2017 Holiday Survey. The survey of
Poor security habits are the ideal recipe for a breach (Help Net Security) employees have more access than they should, and a large majority of them have poor security habits even when they think they don’t.
Half of consumers think that organisations don't care about their privacy (Computing) Consumers don't trust firms and are prepared to take legal action
State of Authentication: How SecureAuth Detects and Protects with Adaptive Access Control (SecureAuth) Over a twelve-month period, SecureAuth processed 617 million authentications across 500 different organizations across multiple industries.
Venafi study reveals over half of organizations do not audit SSH entitlements (Venafi) Venafi®, the leading provider of machine identity protection, today announced the results of a study on how well audits measure Secure Shell (SSH) security in their environments. Over 400 IT security professionals participated in the study, which reveals a widespread lack of SSH audits.
Lastline Reveals Predictions and Trends For the 2018 Cyberthreat Landscape (GlobeNewswire News Room) Company predicts continued rise in cybercrime will be met with advances in artificial intelligence and machine learning as emerging methods to counteract attacks
Marketplace
France invests in ventures focused on advanced defense tech (Defense News) France has launched a $59 million equity fund investing in small and medium enterprises specializing in advanced defense technology.
6 Cybersecurity Businesses that Present Opportunity. (HuffPost) If you’re on the lookout for a breakout growth opportunity, it’s important to look where others aren’t. And, in that case, it’s hard to argue against the...
Internet of So Much Stuff: Don't wanna be a security id-IoT (Register) IoT is not the same as IT... normal infosec does not pply
How Verizon is Building a Big Data and AI Culture (Forbes) Telecommunications has long been one of the most data-intensive industries, and some of the earliest analytical marketing initiatives originated at established firms like AT&T.
Optiv's latest acquisition brings tech expertise that's 'unparalleled in the industry' (Kansas City Business Journal) Optiv Security made its sixth acquisition in less than two years, furthering its global growth strategy.
The U.S. Military’s Favorite Cyber Platform (Bloomberg.com) Endgame has the Pentagon’s ear in the hottest security software market.
Tern's Device Authority Signs Three-Year Contract With Comodo (Interactive Investor) Shares in Tern PLC rose on Thursday as it said its investee company Device Authority has signed a three-year global original equipment manufacturer agreement with cybersecurity developer Comodo CA.
The Maryland cybersecurity startup keeping devices safe, from cameras to Barbie (Technical.ly Baltimore) ReFirm Labs' platform automates the process of finding security vulnerabilities in IoT firmware. It's the latest ex-NSA team to take up residence at DataTribe in Fulton.
Tenable Will Locate Its Company Headquarters to Downtown Columbia (BusinessWire) Tenable™ Inc., officials from The Howard Hughes Corporation® (NYSE:HHC) and Maryland Governor Larry Hogan announced today that Tenable, one
Products, Services, and Solutions
New infosec products of the week: November 17, 2017 (Help Net Security) Yoti launches digital identity app The free app is available for Apple and Android phones and takes less than five minutes to set up. People take a selfie
Ntrepid Launches Timestream 2 to Capture Complexities of Investigations and Litigation (BusinessWire) Ntrepid today announced the latest release of Timestream, the company’s patented web-based timeline visualization solution.
Secure Channels Inc. Releases Peer Review Report on Security Analysis Independently Validating Patented PKMS2 Encryption Protocol (PRNewswire) Secure Channels Inc., provider of innovative data security and access...
New Netskope Capabilities Provide Industry's Most Customizable and Intuitive Enterprise Security Management for the Cloud At Scale (PRNewswire) Netskope, the leader in cloud security, today announced the release...
Uplevel Solution Right-sizes Cybersecurity for Small-to-Medium Businesses, MSPs (PRNewswire) Uplevel Systems, provider of IT infrastructure solutions to managed...
MongoDB, Townsend Security Announce Certified Encryption Key Management (PRWeb) Townsend Security, a MongoDB Technology Partner, achieves MongoDB Enterprise Certification for Alliance Key Manager.
Raytheon, MetTel establish alliance to secure government, industry communications networks (Business Insider) Raytheon and MetTel today announced a global security alliance to protect government and commercial communications networks against growing cybersecurity threats, including those that exploit the proliferating Internet of Things (IoT).
Antiscammers.org. Civic Venture Working Towards Safer Online Marketplaces. (PRNewswire) Antiscammers.org is a global civic venture established with the...
CyberArk automates and simplifies protection against privileged account exploitation (CSO) CyberArk (NASDAQ: CYBR), the global leader in privileged account security, today unveiled major advancements to accelerate adoption of the most comprehensive privileged account security solution on the market.
Free Quad9 DNS service aims to make threat intel more accessible (ZDNet) IBM Security, the Global Cyber Alliance and Packet Clearing House are offering the automated security solution for free with individuals and SMBs in mind.
Content intelligence platform, Egnyte, announces full GDPR compliance (VatorNews) GDPR goes into effect on May 25, 2018 with the goal of better protecting EU citizens' personal data
Box and Dropbox rival Egnyte is aiming to capitalise on Europe's strict new data laws (Business Insider) The storage and collaboration software business has been backed by Google Ventures, which is now known as GV.
Technologies, Techniques, and Standards
CYBERCOM working through intel side of cyber defense (Fifth Domain) While intelligence for cyber defense has been slow to come online, these capabilities are now being more integrated with defensive elements.
Inside the Army’s interim WIN-T plans (C4ISRNET) WIN-T could lose funding, but soldiers around the world still rely on system capabilities so the Army is accelerating repairs and focusing on modernization.
Voting machine makers explain what they do (and don’t do) to make sure no one hacks the vote (TechCrunch) As the House and Senate continue to examine the wave of disinformation around the 2016 presidential election, concerns around the security of voting systems..
Safeguard mobile devices: VPNs and personal firewalls are vital (Help Net Security) If you want to safeguard mobile devices, security threats from public hotspots can be dramatically reduced by utilizing a personal firewall and a VPN.
Access Denied: What you need to know to protect the network [Commentary] (Fifth Domain) This story is true in essence, if not in particulars, and it is one that has played out many times across all sectors.
The Motherboard Guide to Not Getting Hacked (Motherboard) Do you want to stop criminals from getting into your Gmail or Facebook account? Are you worried about the cops spying on you? We have all the answers on how to protect yourself.
Hacking Blockchain with Smart Contracts to Control a Botnet (eSecurity Planet) Botract attack method revealed at SecTor security conference, could enable botnet to be as resilient and as distributed as the Ethereum blockchain itself.
SecTor: What the Story of David vs Goliath Teaches Cyber-Security (eSecurity Planet) While offensive attacks and zero-day vulnerabilities often grab headlines, understanding risk is the key to security.
Comment: How chip choice can affect your IoT security (Electronics Weekly) With price and performance dominating the choice of chip, many users are leaving themselves open to security issues, writes Ken Munro partner, Pen Test Partners.
Academia
Finding cyber talent among transitioning veterans: Engility's Cybersecurity Training Scholarships (The CyberWire) One company's approach to building the cyber workforce and helping veterans at the same time.
Cyber Discovery Aims to Encourage More Teens into Industry (Infosecurity Magazine) Cyber Discovery Aims to Encourage More Teens into Industry. Government’s latest initiative looks to plug chronic skills shortages
Legislation, Policy, and Regulation
China cyber watchdog rejects censorship critics, says internet must be 'orderly' (Reuters) China's top cyber authority on Thursday rejected a recent report ranking it last out of 65 countries for press freedom, saying the internet must be "orderly" and the international community should join it in addressing fake news and other cyber issues.
US coalition partners work out cyber defense for joint operations (Fifth Domain) The U.S. and four other nations worked through joint cyber defense of a mission partner network during a recent demonstration.
US official: If Turkey buys Russian systems, they can’t plug into NATO tech (Defense News) Also as a result of the buy, further action may be forthcoming that could affect the country’s acquisition or operation of the F-35.
Grading the New Vulnerabilities Equities Policy: Pass (Council on Foreign Relations) The new vulnerabilities equities process gets a passing grade but there is still room for improvement.
White House Decision To Increase Transparency Of Cyber Vulnerability Disclosure Process Is “Exactly The Right Policy,” Says ITIF (Public) The Information Technology and Innovation Foundation (ITIF), a leading science and tech policy think tank, today applauded a White House decision to increase transparency in the vulnerabilities equities process (VEP), the interagency process which determines when and how the federal government discloses the cybersecurity vulnerabilities it discovers.
Intelligence.gov Re-launch Marks New Era for IC Transparency (Office of the Director of National Intelligence) New site showcases everyday intel officers and improves data accessibility
Senator urges ad blocking by feds as possible remedy to malvertising scourge (Ars Technica) Block would happen in the event advertisers can’t curb malicious ads on their own.
FCC reportedly planning vote that could kill net neutrality next month (TechCrunch) The Federal Communications Commission will drive a stake through its own net neutrality rules roughly this time next month, if Chairman Ajit Pai gets his way...
Counterterrorism chief stepping down later this year (C4ISRNET) Nick Rasmussen will leave the government at the end of this year.
Litigation, Investigation, and Law Enforcement
International Law and Conflict in Cyberspace: Attribution, Consequences, and the Development of Norms (The CyberWire) Experts in international law and cyber operations discussed how the law of armed conflict is finding expression in cyberspace.
Dark Web Shops Are Leaking IPs Left and Right (BleepingComputer) The takedown of three major Dark Web markets by law enforcement officials over the summer has driven many vendors of illegal products to set up their own shops that, in many cases, are not properly configured and are leaking the underlying server's IP address.
Suspended .UK Domains Double in a Year (Infosecurity Magazine) Suspended .UK Domains Double in a Year. Nominet says it’s working closely with police and other agencies
Cybersecurity: A fiduciary duty (Ethical Boardroom) The recent WannaCry ransomware exploit brought into full view several factors that terrify many companies and their boards of directors.