Cyber Attacks, Threats, and Vulnerabilities
A New Trend in Android Adware: Abusing Android Plugin Frameworks (Palo Alto Networks Blog) Unit 42 researchers uncover aggressive adware abusing third-party DroidPlugin framework on Android.
Malware 'disguised as Siemens firmware drills into 10 industrial plants' (Register) Four years of active infection, claims security biz Dragos
Project MIMICS - Stage One (Dragos) What can the community learn in terms of realistic metrics and data points around malware in modern industrial control systems (MIMICS) from completely public datasets?
DoubleAgent attack uses built-in Windows tool to hijack applications (Help Net Security) Security researchers have revealed the DoubleAgent attack technique, which can be used by attackers to take over applications and entire Windows machines.
Double Agent attack can turn antivirus into malware (Network World) An attack discovered by Cybellum called Double Agent can take over antivirus software on Windows machines and turn it into malware that encrypts files for ransom, exfiltrates data or formats the hard drives.
Windows 10: DoubleAgent zero-day hijacks Microsoft tool to turn antivirus into malware (ZDNet) Microsoft's Application Verifier tool can be used by attackers to grab control of antivirus software, researchers say.
New Attack Uses Microsoft's Application Verifier to Hijack Antivirus Software (BleepingComputer) A new technique named DoubleAgent, discovered by security researchers from Cybellum, allows an attacker to hijack security products and make them take malicious actions.
Macro-based Office Malware using Cloud Services (Netskope) Netskope Threat Research Labs recently observed new strains of Microsoft Office macro-based document malware that extensively uses cloud storage services for downloading the second-stage malware...
Sushi or pizza? Mac or Windows threat? (Help Net Security) Fortinet researchers have made an unusual find: a malicious Word file that is meant to target both OS X and Windows users.
Third-Party App Stores Delivered via the iOS App Store (TrendLabs Security Intelligence Blog) The iOS ecosystem is usually described as a closed ecosystem, under the strict control of Apple. However, there are still ways to get around this tight control. Remember the Haima app? That method relied on enterprise certificates from Apple—which are costly, since the certificates needed are changed very frequently.
Hackers demand Apple pay ransom to save user iCloud accounts (Fifth Domain | Cyber) A group of hackers claims to have breached Apple's iCloud platform and gained access to hundreds of millions of user accounts. If Apple doesn't pay a ransom, the hackers say they will remotely wipe the accounts.
Vermont Says Job Databank Compromised (US News and World Report) The Vermont Department of Labor says a job database used by the state has been compromised by malicious software.
Blank Slate Spam Campaign Spreads Cerber Ransomware (Threatpost) A spam campaign called Blank Slate is spreading Cerber ransomware and abusing hosting providers to register new domains as soon as they’re taken down.
Whoops: The DOJ May Have Confirmed Some of the Wikileaks CIA Dump (Motherboard) The US government says it wants to keep some of the now-public documents out of court because they contain classified material, suggesting that they could be authentic.
WikiLeaks Says Tech Firms Slow to Co-operate on Patching (Infosecurity Magazine) WikiLeaks Says Tech Firms Slow to Co-operate on Patching. US government contracts could be a roadblock, it claims
SAP Vulnerability Puts Business Data at Risk for Thousands of Companies (Threatpost) Researchers at ERPScan today disclosed details and a proof-of-concept exploit for a SAP GUI remote code execution vulnerability patched last week.
Can SAP Be Affected By Ransomware? (ERPScan) On 14th of March, SAP released its scheduled set of SAP Security Notes for March. It includes a fix for a Remote Command Execution vulnerability in SAP GUI, identified by ERPScan’s researchers. The security issue was rated at 8.0 by CVSS Base Score v. 3.
Rock Island cyber attack (The Journal of the San Juan Islands) Submitted by Rock Island Communications
The Expansion of IoT since Mirai. (Radware Blog) The idea of an Internet of Things (IoT) botnet is nothing new in our industry. In fact, the threat has been discussed for many years by security researchers. It has only now gained public attention due to the release and rampage of the Mirai botnet. Since Mirai broke the 1Tbps mark in late 2016 the …
Java and Flash top list of most outdated programs on users' PCs (Help Net Security) Gathered anonymously from 116 million Windows desktop and laptop users, Avast found the most outdated programs. Java and Flash top the list.
Soundwaves used to produce fake data from accelerometers (Naked Security) The attacks on a Samsung Galaxy S5 and a Fitbit are proof of concept, but they make an important point: analog devices are also vulnerable
Chinese Crooks Use Fake Cellular Telephony Towers to Spread Android Malware (BleepingComputer) Malware authors in China are using fake base transceiver stations (BTSs), which is equipment usually installed on cellular telephone towers, to send spoofed SMS messages that contain links to Android malware.
USB pen-testing stick: what happens if it falls into malicious hands? (Naked Security) The latest version of a circuit-frying USB stick that can now also disable Macs is a reminder to be careful about what you plug into your devices
Developer Complains Firefox Labels His Site as Insecure, Hilarity Ensues (BleepingComputer) The developer of Oil and Gas International (OGI), a Texas-based website for petroleum industry news, has filed a complaint on the Mozilla bug tracker, accusing Firefox of wrongly labeling his website as insecure.
Hacking is so easy, even a reporter can do it [Video] (C4ISRNET) Fifth Domain Reporter Mark Pomerleau plays cyber capture the flag with the Cyber Security Forum Initiative’s demo at AUSA Global Force in Huntsville. (Daniel Woolfolk/Staff)
Scammy science: 40 journals appointed a fake person as editor (Ars Technica) Bogus, predatory journals fell for a sting operation.
Security Patches, Mitigations, and Software Updates
Good News: Android’s Huge Security Problem Is Getting Less Huge (WIRED) According to Google's own stats, only half of Android devices received a security update any time in 2016.
eBay Asks Users to Downgrade Security (KrebsOnSecurity) Last week, KrebsOnSecurity received an email from eBay. The company wanted me to switch from using a hardware key fob when logging into eBay to receiving a one-time code sent via text message.
LastPass Fixes Password Manager Zero-Day in Record Time (Infosecurity Magazine) The flaw would allow remote code execution and the ability to steal users’ passwords.
AT&T ZTE Maven Z812 March security patch rolling out (The Android Soul) AT&T has started rolling out the March security update to ZTE’s entry-level handset, the ZTE Maven (also known as the ZTE Z812). Weighing in at 18MB, the update installs the monthly security patch on the smartphone.
Cyber Trends
How technology tramples on freedom (The Christian Science Monitor Passcode) Rapid advances in biometric technology mean the public is surveilled – and their movements recorded – more than ever before. If this technology spreads without limits, it could soon impinge on basic rights.
Businesses Are 'Getting Sucker Punched' in Cyberspace (Fortune) "The CEO who caught the Chinese spies redhanded" weighs in on Russia.
Mobile Threat Intelligence Report Q4 2016 (Skycure) Instead of taking a single slice in time, this report attempts to step back a bit to identify and analyze some of the larger trends in mobile threats across the entire year of 2016.
2017 DDoS Impact Survey (Corero) Service providers, hosting providers, and the online enterprise are all impacted by DDoS attacks, which have continued to grow in size, frequency and sophistication in recent years.
'Mean blind spot' leaves organisations vulnerable to cyber attack (Phys.org) New research has identified a 'mean blind spot', which leaves organisations vulnerable to cyber attack – particularly in the months of April and October.
Will most security operations transition to the cloud? (Help Net Security) Leveraging the cloud for security applications is becoming increasingly accepted – and required – as we move into a 24/7 digital world.
Marketplace
How U.S Companies Can Play a Role in Latin America's Growing Cyber Economy (International Policy Digest) Latin America represents a huge opportunity for U.S. companies through the regions growing cyber economy.
GoDaddy Acquires Sucuri to Advance Digital Security for Customers (Yahoo! Finance) GoDaddy Inc (GDDY), the world's largest cloud platform dedicated to small, independent ventures, today announced it has entered into an agreement to purchase Sucuri, a leading provider of website security products and services. Sucuri is a security
Rise of the Twitterbots increases pressure on Twitter chief Dorsey (Naked Security) ‘Up to 15%’ of Twitter accounts are bots posting spam, propaganda and fake news and driving away advertisers and investors – but social media firms are fighting back
Acquisitions Bolster Symantec Vs. Cisco, Palo Alto: Analyst (Investor's Business Daily) Symantec[ticker symb=SYMC] is making the right moves with acquisitions, says Morgan Stanley, which upped its price target on the computer security software provider Wednesday.
Why Shares of FireEye Just Jumped (Market Realist) Shares of cybersecurity (HACK) firm FireEye (FEYE) rose ~8% on March 20, 2017, to close at $11.61, after Bank of America (BAC) analyst Tal Liani upgraded the stock from “neutral” to “buy” and increased the stock’s price target from $13.5 to $18.
LookingGlass Cyber Solutions Inaugurates New Corporate Headquarters (LookingGlass Cyber Solutions Inc.) LookingGlass™ Cyber Solutions, a leader in threat intelligence-driven security, today announced that they have relocated their headquarters to a 20,000 sqft office in Reston, Virginia. The company formerly occupied an office at 11091 Sunset Hills Road, and is moving to its newly designed space at 10740 Parkridge Blvd to accommodate its employee growth and next generation Security Operations Center (SOC).
Products, Services, and Solutions
Gemalto Wins 2017 Cybersecurity Excellence Award for Best Encryption Product with SafeNet KeySecure (GlobeNewswire News Room) Gemalto (Euronext NL0000400653 GTO), the world leader in digital security, announces that they have been named a winner of the 2017 Cybersecurity Excellence Awards. Gemalto's SafeNet KeySecure was voted "best encryption product" by over 300,000 members of the global information security community.
GlobalSCAPE, Inc. Releases New Appliance to Better Manage Flow of Corporate Data (GlobalSCAPE) Appliance combines Hewlett Packard Enterprise and Globalscape technology
TalkTalk Enhances the Digital Subscriber Experience and Provides a Faster, More Reliable Network with Nominum DNS () Nominum Vantio CacheServe and N2 Applications deliver superior network performance and personalized services for millions of UK subscribers
Fidelis Cybersecurity and A10 Networks Deliver Deep Visibility into Encrypted Traffic to Prevent Intrusions (Yahoo! Finance) Fidelis Cybersecurity, the leader in next generation intrusion prevention, is joining forces with A10 Networks , a secure application services™ company. A10 lets customers gain visibility into encrypted traffic and Fidelis uses its deep session inspection to discover and prevent the advanced tactics
Why AVG Free Antivirus Remains a Popular Malware and Virus Protection Software (TNH Online) AVG is one of the popular free antivirus software available for users. Perhaps, the most obvious indicator for this is when it was bought for $1.3 billion
UXC Connect segregates Melbourne Water's IT and industrial networks to protect against cyber threats (CRN Australia) Seven-month project delivered ahead of time.
Microsoft Shares Interesting Secure Azure Network Design (Petri) Microsoft has shared very interesting design and JSON templates for a secure n-tier application DMZ network architecture in Azure.
Low-power ARM-based MCU adds security features (Embedded Computing Design) The growth of the IoT has propelled the growth of attacks, malicious and otherwise.
NetNordic offers firewall based in Palo Alto Networks tech (Telecompaper) Scandinavian systems integrator NetNordic said it is now offering NetNordic Office Protect, based on technology from Palo Alto Networks.
Technologies, Techniques, and Standards
Breaking down China’s electronic warfare tactics (C4ISRNET) Russia has garnered attention with its advanced electronic warfare capability, and China has upped its game in this space as well.
Expeditionary cyber forces fighting drones on the front lines (Fifth Domain | Cyber) The services are taking a broad approach to counter tactical small UAS in the field.
Cyber warfare: A new kind of army takes on China, Russia (Dayton Daily News) Cyber warfare could lead to chaos and hackers could potentially attack water treatment and chemical...
"DevSecOps is a bit weird - it's just DevOps" says Chef (Computing) There's a different solution, says infrastructure-as-code company.
DevOps: Test at every point in the lifecycle (and threaten testers with cricket bats) (Computing) Sogeti UK's Andrew Fullen: one firm gave developers cricket bats to threaten testers into getting their code into production faster.
Intrusions Without Malware: Don't Forget the Other Sixty Percent (SecurityWeek) The time has come to start paying attention to the other sixty percent.
Can you justify your security spend? (Help Net Security) Todd Bramblett talks about the importance of IT operations and cybersecurity working together, as well as the AtomicEye RQ platform.
Design and Innovation
Phone Companies Will Soon Banish Robocalls. For Real This Time (WIRED) If Democrats, Republicans, and the telecommunications industry can agree on anything, it's that robocalls are the worst.
Ethereum vs. Bitcoin: Which Crypto-Asset Will See The Best Return? (Lombardi Letter) Which Crypto-Asset Will Bring More Returns Ethereum vs BitCoin. Here are some answers.
A hacker's guide to fixing automotive cybersecurity (The Christian Science Monitor Passcode) The security researcher known for hacking a 2014 Jeep Cherokee, leading to a 1.4 million-vehicle recall, outlines how automakers can keep connected cars safe from cyberattacks.
Legislation, Policy, and Regulation
Cyber Security Roles And Responsibilities Still Confused, Says Former Cyber Command Chief (Defense Daily Network) Despite protracted efforts within the federal government to divvy up roles and responsibilities of departments and agencies for defending the nation in cyberspace
NSA deputy says U.S. cyberattack responses must improve - Fedscoop (Fedscoop) This report originally appeared on CyberScoop. The way that U.S. government agencies respond to cyberattacks against the private sector from nation-state or other high-level adversaries is “fundamentally flawed” and needs to change, outgoing NSA Deputy Director Rick Ledgett said Tuesday. Ledgett, the latest addition to a growing list of cybersecurity officials and former officials who have called for …
NSA: Nation State Cyber Attack Included Virtual ‘Hand-to-Hand Combat’ (Washington Free Beacon) Foreign government hackers caught secretly breaking into a U.S. national security network waged a 24-hour battle with cyber security officials trying to counter the cyber attack, the deputy director
No Need for a Standing Order on Cyber Attacks (Digital Guardian) It has been two months since Donald Trump took office, and the president has been pretty busy. There has been quite a lot of signing and ordering and order signing and policy making. But what there has not been is much movement on the cybersecurity front.
Experts: US needs a federal CISO (CSO Online) Last week, the Trump administration announced the appointment of a White House cybersecurity coordinator. That's a good first step, security experts say, but the government also needs to have a federal CISO
How Washington evaluates software vulnerabilities (The Christian Science Monitor Passcode) The US government keeps some security flaws for itself. We take a look inside the secretive process to decide which ones to keep - and which ones to reveal to tech companies.
Illinois governor announces cybersecurity plan (Fifth Domain | Cyber) The plan outlines goals to protect state information systems, though it wouldn't have prevented incidents like the cyberattack on Illinois voter data last fall.
New York’s ‘unconstitutional’ right to be forgotten bill sparks concern (Naked Security) Opponents warn of the potential for ‘an internet riddled with memory holes’
Analysis | N.Y. bill would require people to remove ‘inaccurate,’ ‘irrelevant,’ ‘inadequate’ or ‘excessive’ statements about others (Washington Post) Speakers would have to delete speech that -- however factually correct -- might be found by a court to be "no longer material to current public debate or discourse."
Litigation, Investigation, and Law Enforcement
US May Charge North Korea in Bangladesh Bank Cybertheft (Dark Reading) The potential case accuses North Korea, and suspected Chinese middlemen, of spearheading an $81-million theft from Bangladesh Bank.
London attack: Eight held after armed police raids (BBC News) A second victim is named as a minister says the attack is linked to Islamic terrorism "in some form".
Twitter suspended 377,000 accounts for promoting terror and extremism (HackRead) Twitter announced on Tuesday (20th) that it has deleted 377,000 accounts in the second half of 2016 as part of its fight against content related to extremi
Trump team 'incidentally monitored' after election (BBC News) The president says he feels "somewhat" vindicated over his allegations of wiretapping.
Trump team communications captured by intelligence community surveillance, Nunes says (Fox News) Members of the intelligence community collected incidental communications from the Trump transition team during legal surveillance operations of foreign targets, a top Republican lawmaker said Wednesday afternoon.
Don’t Buy the Latest Trump Surveillance Hype (WIRED) Rep. Devin Nunes made some unprecedented statements today. But even if they're true, they don't prove what the White House wishes they did.
Group sues for EPA docs on employees using encrypted apps to talk Trump (Federal Times) Watchdog group the Cause of Action Institute has filed a lawsuit seeking access to agency-related correspondence in and about the use of the encrypted messaging application Signal to discuss Trump political appointees.
Lessons learned from the Russian hacking scandal and our “cyber” election (TechCrunch) Information security -- or what is commonly referred to as ‘cyber’ -- has dominated the narrative in this week’s hearings on Capitol Hill about the..
Lithuanian arrested for $100 million BEC scams (Help Net Security) Criminal charges were announced against Evaldas Rimasauskas for orchestrating a fraudulent BEC scheme that induced two U.S.-based Internet companies.
A.G. Schneiderman Announces Record Number Of Data Breach Notices For 2016 (Attorney General Eric T. Schneiderman) Hacking drives data breaches up by 60%, exposing info of 1.6 million New Yorkers
Russian Man Pleads Guilty for Role in Citadel Malware Attacks (Dark Reading) Russian national Mark Vartanyan pleads guilty in US federal court following his December 2016 extradition from Norway.
AT&T and Verizon join advertising boycott against Google over offensive YouTube videos (TechCrunch) AT&T and Verizon are the latest companies to pull advertising from Google’s display network amid concerns that company does not do enough to prevent ads..
Man who orchestrated tech-fueled kidnapping scheme given 40 years (Ars Technica) Kidnapper left his phone at the crime scene, said he still had a privacy interest in it.