Cyber Attacks, Threats, and Vulnerabilities
Anonymous Muslim Group Confusing ISIS with P[0]rn and Fake News (HackRead) A couple of weeks ago, it was reported that a group of Muslim hackers hacked into the official news website of the so-called Islamic State called Amaq and
North Korean Citizens Study Cryptocurrencies at Pyongyang University (Bitcoin News) North Korean engagement with bitcoin and cryptocurrency appears to be ever growing, with recent reports indicating that university students are now able to access courses on cryptocurrency in the Hermit Kingdom.
North Korea's bitcoin crash course has experts worried (VICE News) The students at a Pyongyang university once accused of training the state’s hackers have been given a crash course in cryptocurrencies.
Imgur hack: Email addresses, passwords stolen from 1.7M accounts (CSO Online) Imgur, learning it was hacked in 2014, reacted quickly to notify the public that an attacker stole the email addresses and passwords for 1.7 million users.
Imgur Breach Exposes 1.7 Million Users (Infosecurity Magazine) Incident probably occurred back in 2014
There's Some Intense Web Scans Going on for Bitcoin and Ethereum Wallets (BleepingComputer) With both Bitcoin and Ethereum price hitting all-time highs in the past seven days, cyber-criminals have stepped up efforts to search and steal funds stored in these two cryptocurrencies.
9 Fast and Easy Ways To Lose Your Crypto Coins (SANS Internet Storm Center) Looking at the cost of cryptocurrencies this weekend, it looks like many of you will find a few bitcoins under your tree instead of a new game console.
Tether hits back after $31m cryptocurrency hack (Naked Security) The money isn’t out of reach, yet
U.K. NCSC Head Warns of Russian Cyber Threats to Critical Infrastructure (eSecurity Planet) 'Russia is seeking to undermine the international system,' Martin said.
Mirai Activity Picks up Once More After Publication of PoC Exploit Code (BleepingComputer) The publication of proof-of-concept (PoC) exploit code in a public vulnerabilities database has lead to increased activity from Mirai-based IoT botnets, Li Fengpei, a security researcher with Qihoo 360 Netlab, told Bleeping Computer today.
Newly Published Exploit Code Used to Spread Mirai Variant (Threatpost) Qihoo 360 Netlab researchers reported on Friday that they are tracking an uptick in activity associated with what it said is a variant of the Mirai botnet.
Necurs used to infect computers with Scarab ransomware (SC Media UK) A new strain of ransomware has been discovered that is being distributed by the Necurs botnet, according to security researchers.
Troldesh Nabs Top Ransomware Spot (Infosecurity Magazine) Bitdefender found that during 2017 alone, the number of new major ransomware families surpassed 160.
Ransomware surges again, as cybercrime-as-a-service becomes mainstream for crooks zdnet (Science and Technology) Purchase cybercrime-as-a-advantage apparatus championing intimidation much as malware and DDoS is no yearner upright something championing small equable or ambitious hackers digital image file. Organized crook pack are enchanting work of these help as the clandestine crook scene at to beautify another professionalised and fully fledged.
Disdain exploit kit and a side of social engineering deliver Neutrino Bot (The Programmings) Today we picked up new activity from an exploit kit that was first discovered back in August of this
SAML Post-Intrusion Attack Mirrors ‘Golden Ticket’ (Threatpost) A proof-of-concept attack demonstrates how adversaries can abuse the Security Assertion Markup Language framework to go unnoticed and assume multiple user identities.
A Hacking Group Is Already Exploiting the Office Equation Editor Bug (BleepingComputer) A week after details about a severe Microsoft Office vulnerability came to light, at least one criminal group is now using it to infect users.
Uber boss allegedly knew about hack (Computing) Uber's recently appointed CEO reportedly knew about the recent hack
Should Uber believe the hackers who say they deleted stolen data? (NBC News) Uber is confident the hackers kept their word - but security experts say it is impossible to know whether something has ever truly been deleted.
Should Uber Users be Worried About Data Hack? (Security Week) The theft of the personal data of 57 million Uber riders and drivers highlights how vulnerable we make ourselves when we install apps on our mobile phones and tablet computers.
Uber's massive security breach: Company faces probes, questions galore (SiliconBeat) Can Uber be trusted? The San Francisco company reportedly paid hackers $100,000 to delete data and keep quiet about the breach.
Devs working to stop Go math error bugging crypto software (Register) Programming language makes some fuzzy big numbers
Name+DOB+SSN=FAFSA Data Gold Mine (KrebsOnSecurity) KrebsOnSecurity has sought to call attention to online services which expose sensitive consumer data if the user knows a handful of static details about a person that are broadly for sale in the cybercrime underground, such as name, date of birth, and Social Security Number. Perhaps the most eye-opening example of this is on display at fafsa.ed.gov, the Web site set up by the U.S. Department of Education for anyone interested in applying for federal student financial aid.
Cyber attack risk creates uncertainty for unmanned vessels (Seatrade Maritime News) Read the latest maritime & shipping news from Europe. Including coverage of key shipping markets: London, Hamburg, Rotterdam, Athens, Oslo and Copenhagen
The Meetings Industry Is Not Worried Enough About Cybersecurity (Skift) When news broke in September that the credit-reporting firm Equifax was hacked, compromising the personal data of 143 million people, it was a wake-up call
YouTube Faces Fresh Backlash After Ads Appear Near Pedophile Comments (Wall Street Journal) A fresh wave of advertisers suspended commercials on YouTube after their ads showed up next to videos that appeared to attract pedophile viewers and comments.
YouTube adverts fund paedophile habits (Times) Some of the world’s biggest brands are advertising on YouTube videos showing scantily clad children that have attracted comments from hundreds of paedophiles, The Times can reveal. BT, Adidas...
City's systems to be 'online soon' following cyber attack (The Daily Herald) The city continues its work in restoring its systems after it was attacked by hackers last month, which resulted in the shut down of
Should you risk buying your child smart toys currently on offer? (Help Net Security) As the end-of-the-year holiday season approaches, many security researchers, consumer groups and even governments warn against buying specific smart toys.
Facebook flaw allowed unauthorised users to delete any photo (Graham Cluley) A security researcher found a way of deleting *any* photo on Facebook after the social network rolled out a new polling feature.
It flies, and it snoops: Norway’s pricey F-35s caught sending ‘sensitive data’ to US (RT International) Norway surprised to discover its new fleet of F-35 fighter jets relay 'sensitive data' to US-manufacturer Lockheed Martin.
Security Patches, Mitigations, and Software Updates
Firefox Will Warn Users When Visiting Sites That Suffered a Data Breach (BleepingComputer) Mozilla engineers are working on a notifications system for Firefox that shows a security warning to users visiting sites that have suffered data breaches.
Apple's Latest MacOS Security Update Contained Fix for Plug-n-Hack USB Attack (BleepingComputer) Details have emerged about one of the vulnerabilities patched by Apple in macOS on October 31, with the release of macOS High Sierra 10.13.1, Sierra 10.12.6, and El Capitan 10.11.6.
Cyber Trends
Time to Pull an Uber and Disclose your Data Breach Now (Dark Reading) There is never a good time to reveal a cyber attack. But with EU's GDPR looming, the fallout is only going to get harder and more expensive if you wait.
Australia 'fair game' when it comes to the threat of a cyber attack (ZDNet) For a country with a culture based on taking things as they come, Check Point has said Australia is taking the threat of cybersecurity seriously.
Oman on top in cyber security readiness in Arab world (GulfNews) Sultanate s focus on risks and ways to address them secures it first rank among Arab states and 4th worldwide in Global Cyber Security Index 2017
Finally, India is gearing up to face cyber security threats (The Economic Times) Almost half of IT decision makers around the world, including India, still believe that business executives are not making cybersecurity a significant enough priority or focus, according to a survey by cyber security solutions provider Fortinet.
Marketplace
McAfee Acquires Skyhigh Networks (Infosecurity Magazine) Deal comes less than eight months after McAfee's spinout from Intel
Move to Silicon Valley vital for ambitious European tech groups (Financial Times) There is no better place to find scale-up capital than the US
The Nordic Web launches an Angel fund to find the region’s under-the-radar startups (TechCrunch) The Nordic Web, a research and analysis company which specialises in covering data on tech companies emerging out of the Nordic region, has started a new..
Former Prelert execs launch a new cybersecurity startup in Boston (Boston Business Journal) The startup was born out of DARPA-backed artificial intelligence research done at Columbia University, but now it's coming to Boston to tap into the city's sales and cybersecurity talent.
Chromebook exploit earns researcher second $100k bounty (Naked Security) A year on from Google’s last $100,000 bug bounty payout, the same researcher has found a second critical persistent compromise of Chrome OS.
ESET: The security firm hoping to secure the world, one user at a time (IT Pro Portal) Security firm marks 30 years of existence with new releases and an all-new headquarters.
Tenable growth, exit could be key to building regional cyber hub (Washington Business Journal) Tenable President Jack Huffard talked possible IPO timing for his closely watched cyber company. Because timing is everything.
NHS to hire hackers for £20 million cyberdefence plan (Times) The NHS is to spend £20 million on a central cybersecurity unit that will use “ethical hackers” to probe for weakness in health service defences. Health chiefs say they will monitor the internet...
BREAKING: Derry technology firm creating 69 new jobs (Derry Now) North West based technology firm Metacompliance is recruiting 69 new jobs over the next three years to help develop its worldwide sales and market presence.
Worcester IT Firm Titania takes on apprentice thanks to new funding scheme (Worcester News) A WORCESTER IT firm has been taking advantage of a new graduate grant scheme to take on apprentices.
Tech Industry Vet Andy Meister Appointed Silent Circle Engineering VP (GovCon Executive) Andy Meister, formerly vice president of engineering at OptioLabs, has been appointed to the same po
Products, Services, and Solutions
Rohde & Schwarz Cybersecurity and Radisys Partner to Bring Networking and Security Solution for European Service Providers (Pressebox) Rohde & Schwarz Cybersecurity's R&S Traffic Analytics Solution combined with Radisys' FlowEngine TDE-2000 deliver improved subscriber security and reduced network...
Rohde & Schwarz Cybersecurity and Napatech Launch Advanced Network Threat Detection Solution at Black Hat Europe 2017 (Rohde & Schwarz) The solution combines a real-time intrusion detection system and network traffic recording capabilities to detect known and unknown cyber threats early on
GlobalPlatform Standardizes Secure OS and Firmware Loading on Secure Elements (Fintech Finance) Enables OS loading post-issuance, device refurbishment & firmware transfer to new devices GlobalPlatform has published its Open Firmware Loader for Tamper Resistant Elements (OFL). The free spe…
Solve Insider Data Breach Risks With Meridian Technologies' Acceletest (PRNewswire) Enterprises work hard to protect their customers' data; however,...
Thanksgiving 101: Helping your mobile devices survive the trip (Prey Project) A few things you want to cover when securing your laptops, phones, and tablets before going on your way to celebrate Thanksgiving!
Infront's $11 million answer to government cloud sprawl, shadow IT and bill shock (CRN Australia) Wants to help spurned IT teams take back control.
Avast bundles Avast Free Antivirus with CCleaner after buying Piriform (Windows Report - Windows 10 and Microsoft News, How-to Tips) Piriform, the maker of CCleaner, was acquired by Avast back in July 2017. Avast is well-known for its line of free and commercial security products …
Calling Barracuda's WAF a firewall is seriously selling it short (CSO Online) The Barracuda Web Application Firewall (WAF) is more than a firewall, it's like the core of an independent bastion of cybersecurity, able to inspect both inbound and outgoing traffic.
There’s Now a Dark Web Version of Wikipedia (Motherboard) People living under censorious regimes can use it to surf Wikipedia.
Technologies, Techniques, and Standards
Lessons from Zapad — jamming, NATO and the future of Belarus (Defense News) Col. Kaupo Rosin, Estonia’s head of military intelligence, laid out his big takeaways from Zapad during a November interview with Defense News.
Six data security questions that every board needs to ask (Help Net Security) Boards can take the risk management concepts they already know, and apply those to cybersecurity by framing the conversation using these six questions.
Not everything is sophisticated, let's keep it simple (Help Net Security) The term sophisticated threat gets used quite a lot. Now don’t get me wrong; I love the word. But is the term perhaps overused?
50 Cyber Security Interview Question & Answers for sure shot Success (GreyCampus) Nervous about Cyber Security interview? This article covers the top 50 information security interview questions & answers, that a cybersecurity professional is likely to be asked in an interview.
Things you should know before Cyber Monday shopping (WXYZ) Cyber Monday is just two days away and people will be looking for some great deals. But there are some things to remember when you're shopping online so you don't become a victim:
Design and Innovation
What is vulnerability management? Processes and software for prioritizing threats (CSO Online) Organizations handle vulnerability management in various ways, from training and best-practice implementations to filtering out all but the most dangerous threats. Here's a look at some of today's more innovative solutions.
Fighting fake news online wins these three projects accolades (TechCrunch) There are few greater threats to democracy in the world today than the proliferation of fake news and propaganda. So it was no surprise that this..
How Russia Polices Yandex, Its Most Popular Search Engine (Motherboard) Google said it would demote Russia Today and Sputnik, but the Russian government has tried to control what news appears on Yandex for years.
Research and Development
IBM and MIT Pair up for a Ten Year Research Project into Artifical Intelligence (Interesting Engineering) MIT and IBM have teamed up to tackle AI. The two institutions have formed a lab that will research the future of AI technology.
Could the Army identify bad guys by their gait? (C4ISRNET) A team at the U.S. Army Communications-Electronics Research, Development and Engineering Center (CERDEC) wants to take biometric data — from fingerprints to how someone walks and beyond — to the battlefield.
Academia
Schools Are Training Students to Be Cyber Sleuths (Education Week - Curriculum Matters) With a growing field and a dearth of skilled workers to fill available jobs, it's little wonder there's a push to get middle and high school students into cybersecurity training.
Legislation, Policy, and Regulation
Deterring Cyberattacks (Foreign Affairs) For years, the United States has failed to devise a strategy to deter or respond to cyberattacks. In the future, it must communicate what behavior is acceptable and what is not—and what Washington will do about it.
Pakistan laughingly says its fight against terrorists is 'unmatched in the world' (FDD's Long War Journal) "Pakistan's resolve, actions and successes in the fight against terrorism, terrorist violence and terrorists is unmatched in the world," the Ministry of Foreign Affairs said the day after Lashkar-e-Taiba leader Hafiz Saeed was freed from house arrest.
Enough about personal data, what about (restrictions to) the free flow of “non-personal data” ? (Lexology) As part of its Digital Single Market strategy, the European Commission published on 13 September 2017 a proposal for a Regulation “on a framework for…
Experts: Creation of Saudi cybersecurity center boosts internet user confidence (Arab News) Participants at the Information Security Conference, which concluded on Tuesday in Riyadh, strongly felt that the establishment of the National Cyber Security Center (NCSC) provided added confidence and security to internet users at all levels.
The 'huge' hole in the government's Russian software ban (POLITICO) DHS' ban on Kapersky software doesn't cover networks that contractors operate, even though employees may use them to discuss government work.
Clock ticking down on NSA surveillance powers (TheHill) "The biggest concern for us is the time crunch," a House aide told The Hill.
NSA Internet Surveillance Under Section 702 Violates the First Amendment (Electronic Frontier Foundation) The First Amendment is too often overlooked in discussions of the National Security Agency’s vast surveillance authorities. But as Congress considers whether to reauthorize Section 702 of FISA this winter, we must remember that it’s not just our Fourth Amendment rights to privacy that are in...
As DOJ calls for “responsible encryption,” expert asks “responsible to whom?” (Ars Technica) Video: At Ars Live, Riana Pfefferkorn brings us up to speed on the Crypto Wars du jour.
The time to hack-proof the 2018 election is expiring — and Congress is way behind (POLITICO) “Not a lot of time, no question,” one senator says.
States turning to insurance for cyber attacks (The Quad-City Times) Cyber attacks on government agencies — like the recent event where hackers gained access to Iowa’s public employee pension accounts, stealing hundreds of thousands of dollars —
Litigation, Investigation, and Law Enforcement
Army failings left Egyptian mosque an easy target for terror (Times) Jihadists were able to evade security checkpoints on Friday to carry out the worst terrorist attack in Egyptian history despite having issued a warning a week earlier that the Sinai mosque would be...
Former deputy defense minister released days after arrest on covert cyber political activities (Yonhap News Agency) A former deputy defense minister was released on Friday, 13 days after he was arrested for his alleged involvement in surreptitious cyberspace activities aimed at influencing public opinion in favor of a former conservative government.
Report: FBI failed to tell US officials they were targets of Russian hackers (TheHill) The FBI reportedly did not inform U.S. government officials that a Russian hacking operation was attempting to breach their personal emails.
Apple served with warrant for Texas mass killer’s iCloud data (Naked Security) Texas police are looking for any data stored by gunman Devin Patrick Kelley, who was found with an iPhone after he killed himself.
Regulators To Probe Uber After Covering Up Massive Data Breach, Says Report (The Daily Caller) Regulatory bodies in multiple countries are set to investigate Uber after the company revealed Tuesday that it was hacked last year, leaving 57 million people's personal data compromised. Uber repo
Uber in Legal Cross-Hairs Over Hack Cover-Up (The Bull) Two US states said Wednesday they are investigating Uber's cover-up of a hack at the ride-sharing giant that compromised the personal information of 57 million users and drivers.
'Winter has come' for Iranian charged with HBO hack (Sky News) The indictment claims Behzad Mesri is a former Iranian military who stole unaired episodes of several HBO series for ransom.
Inside Airbnb’s Russian Money-Laundering Problem (The Daily Beast) Russian crime forums have been using the home-sharing service to shuffle around cash under the table, sometimes with the help of legitimate Airbnb hosts.
Enigma Software Group Files Notice of Appeal Taking Case Against Malwarebytes for Predatory Unfair Practices to the 9th Circuit (PRNewswire) Enigma Software Group pressing appeal on its claims that Malwarebytes has abused the law to gain competitive...