Cyber Attacks, Threats, and Vulnerabilities
Code Used in Zero Day Huawei Router Attack Made Public (Threatpost) Researchers warn of copycat type attacks as exploit code used in Mirai variant goes public.
Hacker Exploits Huawei Zero-Day Flaw to Build Mirai Botnet (GovInfo Security) Internet of things security alert: An attacker has been attempting to infect hundreds of thousands of Huawei home routers with a variant of the notorious Mirai
Magento Sites Hacked via Helpdesk Widget (BleepingComputer) Hackers are actively targeting Magento sites running a popular helpdesk extension, Dutch security researcher Willem de Groot has discovered.
Three More WordPress Plugins Found Hiding a Backdoor (BleepingComputer) The massive size of the WordPress plugins ecosystem is starting to show signs of rot, as yet another incident has been reported involving the sale of old abandoned plugins to new authors who immediately proceed to add a backdoor to the original code.
DHS: 18 of 33 First Responder Apps Affected by Security Flaws (BleepingComputer) A Department of Homeland Security (DHS) pilot program uncovered several privacy and security-related issues in Android and iOS applications used by first responders on the scene of natural disasters and other emergency situations.
Sound Waves can Help Hackers Disrupt Functions of Hard Disk Drives (HackRead) Now, hackers do not require physical access to destroy your system, researchers have discovered that sound waves can help attackers disrupt functions of hard disk drives.
EA servers down; Battlefield 1, Battlefront 2, Star Wars & FIFA 18 Affected (HackRead) You are not alone, EA servers are down for many.
Cryptojacking Has Gotten Out of Control (WIRED) The practice of using a website visitor's device to mine cryptocurrency has expanded—and evolved—at an alarming rate.
Triton: A malware that may very well be the new Stuxnet (Techgenix) Seven years after being hit by Stuxnet, parts of the Middle East are under attack from another piece of dangerous malware. Here’s what you need to know about Triton.
'Whoever controls cyberspace will control the world': Russian hackers waging cyber war on Ukraine 'training' for Western targets (The Telegraph) Ten minutes before the 2pm news broadcast on June 27, Vitaly Kovach, the editor of Ukraine's channel 24, stood up and told his staff to immediately unplug their network cables.
Russian Antivirus Tech Bad News for Everyone (Newsmax) Business and government should be proactive about selecting a solution against the ever-more sophisticated attacks. By staying current on cybersecurity trends and exploring the kind of military-grade encryption now available to the general public, we can avail ourselves of virtual bodyguards.
The KGB Playbook for Infiltrating the Middle East (The Daily Beast) In 1988, the Soviet intelligence service, the KGB, looked at its mistakes in the Middle East, where the CIA often had the upper hand. Putin has worked to change that.
Opinion | We have to understand: It’s Russia vs. everybody (Washington Post) I hope journalists across the nation and every member of Congress will read the Dec. 26 front-page article “Kremlin’s trolls beset Web as U.S. dithered” and Michael Morell and Mike Rogers’s Dec. 2...
WannaCry cyber attack lost the East and North Herts NHS Trust £700,000 (Welwyn Hatfield Times) The global cyber attack earlier this year which crippled the NHS cost the East and North Herts NHS Trust £700,000, with a national investigation concluding that the attack “could have been prevented by the NHS following basic IT security”.
NSW agencies struggle with security basics (ZDNet) Lack of privileged account monitoring, incomplete inventories of IT assets, and lack of a consistent cyber definitions leave NSW government agencies in the lurch.
Report on Internal Controls and Governance 2017 (New South Wales Auditor-General) Effective internal controls and governance systems help agencies to operate efficiently and effectively and comply with relevant laws, standards and policies. We assessed how well agencies are implementing these systems, and highlighted opportunities for improvement.
Russian space agency denies programming error bungled rocket launch (TechCrunch) A failed rocket launch from Russia's new spaceport at Vostochny last month was not in fact caused by an elementary programming error, as recent reports have..
How to stop hackers from rickrolling your smart speaker (Popular Science) Resolve to be smarter about network security in 2018.
4 Years After Target, the Little Guy is the Target (KrebsOnSecurity) Dec. 18 marked the fourth anniversary of this site breaking the news about a breach at Target involving some 40 million customer credit and debit cards. It has been fascinating in the years since that epic intrusion to see how organized cyber thieves have shifted from targeting big box retailers to hacking a broad swath of small to mid-sized merchants.
Cyber Trends
Autonomy Warfare - Inside Unmanned Systems (Inside Unmanned Systems) This new type of warfare is producing new types of superpowers. Just having nuclear weapons doesn’t get you into the new superpower club. ... - Inside Unmanned Systems News Magazine
Big Idea of 2017: The Internet Is Making Us Vulnerable (NOVA Next) From social media troubles to leaks and hacks, 2017 was a rough year for the internet.
Security trends 2018: biometric hacking, state-sponsored attacks, daring cyber heists (ComputerworldUK) What does 2018 have in store for cyber security, and could it possibly be worse than this year?
Security forecast: hot, with a possibility of severe storms (SiliconANGLE) It was another year of frustration for enterprise security organizations as attackers continued to penetrate high-profile organizations and steal massive amounts of personal information, headlined by the 143 million records pilfered in the Equifax Inc. breach.
Marketplace
2 Ways To Play The Cyber Security Theme (Seeking Alpha) As more and more industries (auto, financials, industrial) deploy cloud and IoT solutions in new products and services, the associated cyber risk also increases
These LA Startups Are What Stand Between Hackers and Your Medical Devices (Nextgov.com) Some of the most important cybersecurity work is happening in nondescript offices across the nation.
The Brocade Sale Concludes a Year-Long Shopping Frenzy (SDxCentral) Broadcom announced in November 2016 it was purchasing Brocade, thus beginning a year-long process of divesting Brocade assets.
With Tech M&A Seen Rebounding, Here Are Companies, Sectors To Watch (Investor's Business Daily) Telecom companies dashed the hopes of investors betting on a frenzy of mergers and acquisitions last year, but Broadcom's pursuit of Qualcomm and Walt Disney's deal with 21st Century Fox have primed the pump for 2018 M&A in semiconductors and media. Wall Street analysts say 2018 is shaping up a bigger year for mergers and acquisitions, amid slower activity since the 2015 boom.
AWS showed no signs of slowing down in 2017 (TechCrunch) AWS had a successful year by any measure. The company continued to behave like a startup with the kind of energy and momentum to invest in new areas not..
Britain’s spy agency can’t stop losing cyber talent to major tech companies (TechCrunch) The NSA isn't the only secretive national intelligence agency having trouble keeping its tech-savvy recruits. In a new document from the Intelligence and..
Army charts 30-day acquisition process for new cyber capabilities (FederalNewsRadio.com) Army plans to assemble a vendor consortium with the goal of conducting 6-24 cyber prototyping projects a year, each within 30 days.
Products, Services, and Solutions
IObit Addresses Ransomware Epidemic in Advanced SystemCare Ultimate 11 (eSecurity Planet) The company's endpoint protection and PC optimization software suite now protects users from ransomware.
Top 6 antivirus with data recovery for 2018 (Windows Report - Windows 10 and Microsoft News, How-to Tips) Data is one of the top priorities for any business in today’s digital age. When you lose your data either because of a hard drive …
Technologies, Techniques, and Standards
Campaign Planning with Cyber Operations (Georgetown Journal of International Affairs) The military not only plans for operations, it also plans to plan. Yet there is no current plan or process in place to integrate cyber initiatives into campaign planning. The US government must determine how to integrate offensive and defensive cybercapabilities into campaign planning in order to leverage these capabilities and pair them with the military’s broad array of tools.
Failed Incident Responses from 2017 Provide Important Case Studies (Infosecurity Magazine) How 2017 will provide instructors are armed with new, relevant material that can provide excellent case studies on how not to respond to an incident.
Forcepoint's Carl Leonard on IoT and its implementation in the business world (Business Chief) Carl Leonard, Principal Security Analyst at Forcepoint, talks about the Internet of Things and its implementation in the workplace.
Please Do Not Feed the Phish (ThreatConnect) How to avoid and detect phishing attacks early on
Opinion | Confessions of a Digital Nazi Hunter (New York Times) In the wake of Trump’s victory, I built a bot to expose bigots. Then Twitter suspended it — and kept the bigots.
The 'worst job' in Silicon Valley is also a low-paying one with little job security (Business Insider) Working for Facebook, Google, Microsoft can be a dream job. But it's the stuff of nightmares for the people paid to view violent and depraved images all day.
Is “Big Data” racist? Why policing by data isn’t necessarily objective (Ars Technica) "Concerns with predictive big data technologies appear in most big data policing models."
Making A Shift To Human-Centric Security (CXO) It is impossible to overstate the importance of information security, privacy and risk management in organizations.
The Most Important Part of Least Privilege Tactics (Infosecurity Magazine) If a cyber-criminal gets their hands on an employee’s limited login credentials, their ability to do any damage is greatly reduced.
Holiday Fun #2: Relove some old software… (Naked Security) Why look to the past when you can look to the future? Because, with a half-decent digital archive, you can!
Design and Innovation
Still living under the tyranny of the password in 2017 (TechCrunch) When I lost access to my Google account recently, it left a gaping hole in my digital life and showed me just how tenuous the link to our online world can be...
Microsoft Campaign to Make Passwords Obsolete Starts at Headquarters (eWEEK) The software giant is using biometrics and the FIDO Alliance's tough new authentication standards to wean the industry off troublesome passwords.
When AI goes rogue: Moral debates could kill the hype (SiliconANGLE) Venture capitalists lavished $10.8 billion on artificial intelligence and machine learning technology companies in 2017, according to PitchBook Data Inc.
Research and Development
China Unveils Cybersecurity Innovation Center (Defense World) China on Tuesday unveiled a Cybersecurity Innovation Center (CIC) to develop cyber defense systems ‘to help win future cyber wars.'
Japan Plans to Use Quantum Cryptography to Secure Private Communications (Interesting Engineering) The Japanese government have requested a budget to develop a space-based quantum cryptography system that they hope will be in operation by 2027.
Legislation, Policy, and Regulation
Crypto prices suffer as Korean government announces new regs, potential ban (TechCrunch) The South Korean government announced new legislation today that would put increasingly tough regulations on the country’s burgeoning cryptocurrency..
South Korea Considers Shuttering Bitcoin Exchanges (Wall Street Journal) Investor frenzy has worried the country’s authorities, who are concerned about growing speculation—and the risk investors could lose money from sharp price declines or from cyber attacks on digital currency exchanges.
Is The NCSC Doing Enough to Protect us from Today’s Cyber Threats? (Infosecurity Magazine) How successful has the NCSC been to date? What else can be done to safeguard the UK against a relentless cybersecurity onslaught?
Litigation, Investigation, and Law Enforcement
Russian hacker claims he can prove he hacked DNC (TheHill) Jailed hacker says Russian intelligence ordered him to hack into DNC networks in written interview.
Kaspersky Lab sues Trump administration over software ban: 4 things to know (Becker's Hospital Review) Kaspersky Lab, a Moscow-based cybersecurity company, filed a lawsuit against the Trump administration in the U.S. District Court for the District of Columbia Dec. 18 over the decision to ban Kaspersky Lab's software at government agencies, NPR reports.
FCC tries to make Miami pirate radio station walk the plank (Ars Technica) $144,000 fine for ignoring all requests to stop.
New Jersey State Police spent $850,000 on Harris Corp. stingray devices (SC Media US) Information obtained via right-to-know request revealed The New Jersey State Police spent at least $850,000 on stingray devices from Harris Corp.