Cyber Attacks, Threats, and Vulnerabilities
RPT-North Korean hacking group behind recent attacks on banks -Symantec (Reuters) A North Korean hacking groupknown as Lazarus was likely behind a recent cyber campaigntargeting organizations in 31 countries, following high-profileattacks on Bangladesh Bank, Sony and South Korea, cyber securityfirm Symantec Corp said on Wednesday.
Pirate radio carries the fight to Isis (Times of London) “Simor” was murdered to the sound of his own voice phoning in to his favourite radio show. The man from Mosul, known only by his nickname, was a regular caller to Alghad FM, the pirate radio...
Millions of records leaked from huge US corporate database (ZDNet) Exclusive: The database contains more than 33 million records from government departments and large corporate clients which get sold onto marketers.
Wide Swath of Corporate America Exposed in D&B Leak (Infosecurity Magazine) About 33 million records of personal information on employees of government and Fortune 100 companies have been leaked.
Corporate database leak exposes details of DoD, IBM and AT&T staffers (Inquirer) Troy Hunt says 52GB data dump is a 'goldmine for targeted phishing'
Dutch Voting Guide Sites Offline in Apparent Cyber Attack (Reuters via US News and World Report) Two publicly-funded websites used by Dutch voters to help them decide which party to vote for in their national election were inaccessible on Wednesday, apparently victims of a cyber attack.
Swastikas all over Twitter – what you need to do (Naked Security) When Amnesty International calls Dutch people “Nazis” on Twitter, you know something went wrong. Here’s how to stop it happening to you.
Malwarebytes Researchers Hack into Soon-to-be-Launched RaaS Portal (BleepingComputer) A ransomware author's plans to launch a RaaS portal were foiled last week after security researchers from Malwarebytes managed to infiltrate the crook's command and control server, hosted on a common shared hosting provider.
Ransomware Disrupting Business Operations and Demanding Higher Payouts (SurfWatch Labs, Inc.) Malicious actors are continually fine-tuning their tactics, and one of the best examples of this is the evolution of ransomware. Ransomware has largely been an opportunistic, rather than a targeted…
SMBs Increasingly Targeted in Ransomware Attacks (Infosecurity Magazine) Financial impact and downtime are putting SMBs at risk, but many don’t bother to report attacks to the authorities
5 essential things to know about Ransomware (Geektime) The term “ransomware” denotes a type of malicious code that locks down computers or encrypts victims’ important data and demands money for recovery.
PhishMe: Ransomware Leads in Growth and Impact While Hackers Remain Committed to Data Theft (Yahoo! Finance) PhishMe Inc., the leading provider of human phishing defense solutions, today released findings showing that while Ransomware delivered the greatest impact and growth in 2016, threat actors continue to attempt data breaches and theft.
Latest phishing tactics: infected PDFs, bogus friend requests, fake HR emails (Naked Security) The bad guys have always got new tricks up their sleeves: here are some tips to help you steer clear of them
Data breaches: Playing by a new set of rules? (Help Net Security) Tell me, what’s your response when you hear that a company that was breached are now losing customers? I suppose it’s at this point the word reasonable mak
Bye bye, botnet! Kibosh put on Chamois Android fraud network (Graham Cluley) Security researchers have put the kibosh on Chamois, a fraud botnet which derived its jollies from targeting Android users.
Cyber attacks on e-wallets aim to steal data: Report (MoneyLife) As traffic to e-wallet platforms grows, there has been a significant increase in cyber attacks on online payment gateways to steal data than to disrupt operations, a new report said on Wednesday.
Online fraudsters' preferred tools and techniques revealed (Help Net Security) A new report has revealed online fraudsters' favorite tools and attack techniques for creating accounts and evading detection.
Private pictures and video of Emma Watson and other celebrities leak online (TechCrunch) Photos apparently stolen from Emma Watson, Amanda Seyfried and other female celebrities have been posted on 4Chan and Reddit, drawing comparisons to a 2014..
Security Patches, Mitigations, and Software Updates
SAP releases patches (TechEye) The software maker which makes esoteric expensive business programmes which no one is really sure what they do, has patched vulnerabilities in its latest HANA software.
March Patch Tuesday closes record number of vulnerabilities (Help Net Security) With no February Patch Tuesday, it was to be expected that Microsoft would fix a huge number of security issues in March, and they didn't disappoint.
Adobe fixes 8 Security Vulnerabilities in Adobe Flash Player & Shockwave Player (BleepingComputer) Adobe has released updates for Adobe Flash Player and Adobe Shockwave Player that resolves a combined 8 security vulnerabilities. Of these 8 vulnerabilities, 7 of them are rated as Critical because they could lead to information disclosure or remote code execution.
Facebook and Instagram deny access to tools used for surveillance (Naked Security) Instagram and owner Facebook update terms and conditions specifically to deny access to tools used by law enforcement for gathering intelligence on protesters
Expert: Apple may have deployed unauthorized patch by mistake (CSO Online) Last month, reports came out that Apple accidentally installed a fake firmware patch on internal development servers. That's a lesson to all companies to be careful about where they get their patches.
Cyber Trends
Securing document flow: Exploring exposure and risk (Help Net Security) In a global survey of managers and information workers, 60% said they or someone they know have accidently sent out a document they shouldn't have.
Security chiefs join the chorus of concern about shoddy IoT devices (Naked Security) As security chiefs flag up their fears about vulnerable devices, we offer some tips to help you stay safe with the IoT
Marketplace
The Cyber Crystal Ball—Is There Insurance Coverage for the Top Threats of 2017? (Part I) | Lexology (Lexology) Cyber sages tell us the question is not whether your business will suffer a data breach, but when. To prepare for the inevitable, businesses want to…
The Impact of Cybersecurity Concerns on M&A Activities is Growing: eDiscovery Trends | JD Supra (JD Supra) This is the second story that I’ve covered in the past several months where cybersecurity concerns impacted merger and acquisitions. See below for...
Cyber Rule Could Quell the Urge to Merge for Government Contractors (SIGNAL Magazine) Contract streamlining and a revised NIST cybersecurity standard will lead to some big changes for firms competing for billions in federal government information technology contracts.
Trend Micro Celebrates One Year Anniversary of TippingPoint Acquisition; Announces Major Milestones Achieved in First Year of Integration (Businesswire) Trend Micro celebrates one year since the acquisition of TippingPoint from Hewlett Packard Enterprise
Okta IPO: Cautious Optimism (Seeking Alpha) Okta Inc., a tech security company which works with cloud technology, has made preliminary filings for an IPO on the NASDAQ. The company is in an important fiel
Can Gigamon, A Visibility Specialist, Restore Visibility Into Its Own Business? (Seeking Alpha) Gigamon shares, have gone from the mid $30's to over $60 and then back again in little more than 8 months. The shares fell sharply after the company missed expe
Why A10 Networks Popped 19% in February (The Motley Fool) The company reported record revenue for both the fourth quarter and full-year 2016, giving investors a lot to be happy about.
Webroot Drives Twelfth Consecutive Quarter of Double-Digit Business Growth in Q2 2017 (PRNewswire) Webroot, the market leader in next-generation endpoint security,...
whiteCryption Named Hot Company by Cyber Defense Magazine (Businesswire) whiteCryption, a provider of software application security and white-box cryptography, has been selected as a “Hot Company” in the applica
Centrify Named “Best-of-the-Best” by SPI Research (Yahoo! Finance) Centrify, the leader in securing hybrid enterprises through the power of identity services, announced today that SPI Research, the leading independent technology services research firm, has named the company a 2017 Best-of-the-Best professional services organization. Centrify was among 416 participating
Companies Face Growing Shortage of Security Personnel (Wall Street Journal) Companies will face a shortage of 1.8 million information security personnel by 2022, up 20% from 1.5 million in 2015, according to a survey released in February by Booz Allen Hamilton and ISC2, a cybersecurity education group.“There’s a whole range of skills needed,” said Bill Phelps, head of U.S. commercial business at Booz Allen.
Philip Dimitriu swaps Check Point for Palo Alto Networks (ARN) Palo Alto Networks chosen former Check Point director of systems engineering, Philip Dimitriu, to run its local systems engineering team.
Zscaler Adds Karen Blasing to its Board of Directors (Yahoo! Finance) Zscaler, Inc., the leading cloud security company, has appointed four-time CFO Karen Blasing to its board of directors as an independent director and the chair of the board's audit committee. Blasing currently ...
Products, Services, and Solutions
Trustonic device security platform achieves world's first TEE security certification from Common Criteria - Trustonic (Trustonic) Security certification supports and accelerates deployment of secure services on connected devices
LookingGlass Debuts New Partner Portal (Channel Partners) The portal grants LookingGlass partners 'round-the-clock access to sales and technical enablement with the goal of increasing partner productivity and
TruSTAR’s New Chat Feature Helps You Collaborate with Peers Faster (TruSTAR Blog) You asked and we listened. Today we’re launching a complete revamp of TruSTAR Chat, which is now equipped to let you communicate within…
Sliced Tech and Vault Systems gain ASD Certified Cloud Services' protected certification level (CRN Australia) Sliced Tech and Vault Systems granted 'Protected' level.
Microsoft Boosts Windows Defender ATP Security (eWEEK) In the forthcoming Windows 10 Creators Update, Microsoft previews some of the new capabilities coming to its threat protection product for businesses.
Advanced Phish Threat Simulator combats low security awareness among end-users (InterAksyon) Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information.
Barracuda Networks Inc.: Barracuda and Zscaler Jointly Deliver Comprehensive, Affordable Cloud-Delivered Web Security (Wall Street Transcript) Barracuda Web Security Service now powered by Zscaler to bring high-performance, scalable, cloud-delivered web security to midmarket customers
OPSWAT Announces the Release of Metadefender Threat Intelligence Feeds (Benzinga) OPSWAT released Threat Intelligence Feeds, a new feature that will provide a blacklist of malware signatures for the most prevailing and widespread threats in order to make...
Technologies, Techniques, and Standards
NEC Joins U.S. Department of Homeland Security "AIS" Initiative for Sharing Cyber Threat Indicators (ACNnewswire) NEC Corporation (TSE: 6701) today announced its participation in the "Automated Indicator Sharing" (AIS) initiative implemented by the United States Department of Homeland Security (DHS) that swiftly shares cyber threat indicators between the government and the private sectors, aligning technologies and human resources in the cyber security businesses and bolstering cyber intelligence as an important source of information.
Trust Begins With Layer 1 Encryption (Dark Reading) In today's distributed environment, cloud and communication service providers can play a key role in providing organizations with a scalable and secure platform for the connection of everything to everything. Here's how.
Hit by cyber attacks, some Singapore enterprises are fighting back with AI - Techgoondu (Techgoondu) When Phoon Huat, a baking accessories firm in Singapore, had some of its files locked by cyber attackers, it decided not to pay the ransom.
Design and Innovation
Lip reading: biometrics you can reset just like passwords (Naked Security) By combining biometrics and passwords, this lip reading security solution promises to overcome one of biometrics’ key challenges
Research and Development
NSA, DOE say China's supercomputing advances put U.S. at risk (Computerworld) China's computing efforts are a threat to U.S. national security and may undermine profitable parts of the U.S. economy, a new report warns.
Legislation, Policy, and Regulation
Turkey, Netherlands dispute deepens over sanctions (Global News) Watch Turkey, Netherlands dispute deepens over sanctions Video Online, on GlobalNews.ca
Assessing China’s Proposal for International Cooperation on Cyberspace (Canada Free Press) Assessing China’s Proposal for International Cooperation on Cyberspace, cybersecurity, protecting financial systems, commercial ports, and civilian nuclear energy systems from third-party threats
Trump’s cyber job #1: protecting federal networks and data (FCW) Protecting federal networks and data, followed by protecting critical infrastructure, are the Trump administration's cyber priorities, the homeland security advisor says.
Donald Trump taps Rob Joyce, NSA hacker, for National Security Council cyber role (The Washington Times) President Trump has picked the head of the National Security Agency’s elite hacking division to be the next White House cybersecurity coordinator, his administration said Wednesday.
You may soon have the right to know when you’ve been hacked (MarketWatch) Bipartisan support for a federal data breach disclosure law is growing
Joint Testimony...At a Hearing Entitled “Section 702 of the FISA Amendments Act” (IC on the Record) Chairman Goodlatte, Ranking Member Conyers, distinguished members of the Committee, thank you for the opportunity to brief you today about the FISA Amendments Act (“FAA”), particularly Section 702.
U.S. Marine Corps Looking to Stand Up Information Warfare MEF (SIGNAL Magazine) With a little more financial backing, the U.S. Marine Corps is primed to grow its force in three critical areas to meet the threats of the future. An increase in the number of troops will meet cyber, electronic warfare and intelligence needs in what the Corps is calling a Marine Expeditionary Force (MEF) information group.
Litigation, Investigation, and Law Enforcement
U.S. Charges Russian FSB Officers and Their Criminal Conspirators for Hacking Yahoo and Millions of Email Accounts (US Department of Justice Office of Public Affairs) The US Department of Justice has charged four Russian-connected hackers with crimes related to the Yahoo mega-breach.
Four Men Charged With Hacking 500M Yahoo Accounts (KrebsOnSecurity) The U.S. Justice Department today unsealed indictments against four men accused of hacking into a half-billion Yahoo email accounts. Two of the men named in the indictments worked for a unit of the Russian Federal Security Service (FSB) that serves as the FBI’s point of contact in Moscow on cybercrime cases. Here’s a look at the accused, starting with a 22-year-old who apparently did not try to hide his tracks.
US charges Russian-connected Yahoo hackers over 2014 data breach (CRN Australia) Russian-connected hackers accused of 2014 data breach.
DOJ Charges Russian Intelligence in Huge Yahoo Hack (Foreign Policy) Investigators say FSB agents teamed up with criminal hackers to pull off one of the largest data breaches in history.
US charges Russian FSB officials in connection with massive Yahoo security breach (WeLiveSecurity) The United States has charged four men, including two officials of Russia's FSB intelligence agency, in connection with a hacking attack against Yahoo that saw the details of 500 million users stolen and the use of forged cookies to break into accounts.
Russian Spies Conspired With Most Wanted Cybercriminal In Yahoo Hack -- DOJ (Forbes) Prosecutors today unsealed an indictment charging four men, including two Russian intelligence officials, with a 2014 hack of Yahoo that affected 500 million accounts.
US faces limits in busting Russian agents over Yahoo breach (CSO Online) In a rare move, the U.S. has indicted two Russian government agents for their suspected involvement in a massive Yahoo data breach. But what now?
How did Yahoo get breached? Employee got spear phished, FBI suggests (Ars Technica) Unwitting sysadmin or other employee was conned out of credentials, FBI theorizes.
Inside the Russian hack of Yahoo: How they did it (CSO Online) One mistaken click. That's all it took for hackers aligned with the Russian state security service to gain access to Yahoo's network and potentially the email messages and private information of as many as 500 million people.
Yahoo hackers manipulated search results for ‘erectile dysfunction medications’ (TechCrunch) One of the hackers alleged to be responsible for a 2014 hack of Yahoo that affected half a billion users also manipulated search results in his favor to make..
Outsourcing Cyberespionage Landed Russia in Trouble (InfoRisk Today) If Yahoo's 2014 breach had been the result of an in-house Russian intelligence project, the hack probably would not have triggered a U.S. indictment. But Russia has landed in a muddy puddle after apparently tapping freelance talent with an interest in criminal gain.
Carnegie Mellon Helped the Government Access a Terror-Linked iPhone, Source Says (Motherboard) It’s not clear if this relates to the San Bernardino case.
What’s The Department Of Homeland Security Hiding? (BuzzFeed) The Department of Homeland Security knows something about the hack into the Democratic Party’s servers, but in response to a Freedom of Information Act request, the agency turned over just two page...
The Latest: Lawmakers want Americans' identities protected (ABC News) The Latest on the congressional investigation into Russian hacking during the 2016 campaign and contacts between Trump campaign associates and Russian officials (all times local): 2:50 p.m. Republican Sen. Lindsey Graham says the FBI has promised members of the Senate Judiciary...
Apple, Amazon, Microsoft and Cisco line up to support Google on emails (Naked Security) Posse of tech giants lines up with Google to resist pressure to hand over emails held on overseas servers
Op-Ed: The US just fired a $1 billion warning shot with massive fines against Chinese telecom firm (CNBC) The record $1 billion settlement the US reached with Chinese telecom ZTE over its Iran dealings sends a strong message to other international firms.
Track, Capture, Kill: Inside Communications Surveillance and Counterterrorism In Kenya (Privacy International) This investigation focuses on the techniques, tools and culture of Kenyan police and intelligence agencies’ communications surveillance practices.
The Kim Dotcom film: How to avoid a trial for 5 years and counting (Ars Technica) Dotcom's showmanship throws a small democracy for a loop.