Cyber Attacks, Threats, and Vulnerabilities
Hong Kong’s 3.7 Million Voters Exposed in Massive Breach (Infosecurity Magazine) Hong Kong’s 3.7 Million Voters Exposed in Massive Breach. Encrypted details are stolen on two laptops
45% of Israeli firms preparing for Anonymous cyber attack (Globes) People associated with the hackers' organization are threatening to attack Israel's cyber infrastructure.
IIS 6.0 Vulnerability Leads to Code Execution (TrendLabs Security Intelligence Blog) Microsoft Internet Information Services (IIS) 6.0 is vulnerable to a zero-day Buffer Overflow vulnerability (CVE-2017-7269) due to an improper validation of an ‘IF’ header in a PROPFIND request.
One of the most dangerous forms of ransomware has just evolved to be harder to spot (ZDNet) Malicious loaders delivered by self-extracting Dropbox files enable payloads to bypass detection.
Cerber Starts Evading Machine Learning (TrendLabs Security Intelligence Blog) CERBER is a ransomware family which has adopted a new technique to make itself harder to detect: it is now using a new loader which appears to be designed to evade detection by machine learning solutions. This loader is designed to hollow out a normal process where the code of CERBER is instead run.
DoubleAgent ‘vulnerability’ – just how bad is it? (Naked Security) The saga of DoubleAgent is, among other things, a good reminder that ordinary users shouldn’t have admin privileges
Adware Replaces Phone Numbers for Security Firms Returned in Search Results (BleepingComputer) A new adware family named Crusader will rewrite tech support phone numbers returned in Google search results, display ads, and show popups pushing tech support scams.
Siemens RUGGEDCOM industrial communication devices vulnerable to remote attacks (Help Net Security) Siemens RUGGEDCOM ROX I VPN endpoints and firewall devices sport flaws that can be exploited by attackers to perform actions with administrative privileges.
Microsoft Offers Analysis of Zero-Day Exploited By Zirconium Group (Threatpost) Microsoft patched a zero-day vulnerability actively used in a campaign by a hacking group known as Zirconium.
Cybercriminals Are Building an Army of Things Creating a Tipping Point for Cybersecurity (Fortinet Blog) Cybercrime is big business, and is growing at an exponential rate. British insurer Lloyd’s of London estimated the...
Stay safe - We spoke with Eset about the latest threats to mobile security (Pocket Gamer) Some of us may find ourselves guilty of taking a relaxed attitude to online security from time to time, perhaps even kidding ourselves into thinking that cyber-attacks are something that only really a...
Cybercrooks shifting to mobile malware, Nokia report (SC Magazine US) Nokia resarchers said threat actors are shifting from traditional malware to mobile malware
10 security risks of wearables (CSO Online) Fitness trackers may not present a huge security risk, but any connected device can be hacked. Here’s what you need to know to minimize those security and privacy threats.
Security flaws found in 'panic button' for Colombian activists, journalists (TheHill) The device can be reconfigured without a password and sensitive information can be accessed without much security.
Someone Left USB Keyloggers on Computers Across a University Campus in Canada (Motherboard) Carleton University fell victim to a ransomeware attack in November.
Hacker Steals Millions of Accounts from Yu-Gi-Oh Fan Project ‘Dueling Network’ (Motherboard) It appears the hacker made off with at least 6.5 million email addresses and poorly hashed passwords.
Phishers offer WoW players free in-game pets (Help Net Security) A WoW phishing email seemingly coming from Blizzard Entertainment, offering a gift of in-game pets, is targeting avid players.
6 reasons why phishing is so popular and successful (IT Governance Blog) Phishing attacks are increasing in number and evolving in variety (newer methods include spear phishing and CEO fraud), putting at risk millions of users worldwide – actually, everyone with an email...
Kaspersky: Criminals Make 95% Profit on DDoS (Infosecurity Magazine) Ordering a DDoS attack has become as easy as ordering the latest bestseller from Amazon—and can offer incredible ROI.
Russian Troll Factory Open for Business (Wapack Labs) Russian media source, RBC, is claiming English-speaking pro-Trump groups, Facebook Secured Borders, and Twitter Tea Party News are operated by a Russian “Troll Factory.”
Users of Microsoft Office 365 leaking their data onto Bing and Google after 'over sharing' (Computing) Office 365 users inadvertently sharing their documents with all and sundry
FBI warns InfraGard members of 'malicious,' copy cat website - CyberScoop (Cyberscoop) The FBI has warned members of its InfraGard program that a website is mimicking its genuine Infragard.org property, requesting login credentials for the bureau’s information sharing platform.
Expert: NY breach report highlights third-party risk (CSO Online) New York reported a record high number of breaches last year, just after a new set of cybersecurity regulations went into effect in the state.
Security Patches, Mitigations, and Software Updates
Critical VMware vulnerabilities disclosed (SANS Internet Storm Center) VMware released a security bulletin[1] with moderate to critical vulnerabilities. The following products are affected...
Apple Patches Hundreds of Vulnerabilities Across Product Lines (Security Week) Apple on Monday released security patches for its macOS and macOS Server, iOS, watchOS, tvOS, Safari, and Pages, to address over 200 vulnerabilities.
Microsoft releases KB 3191855 to fix botched Excel 2010 security patch (InfoWorld) The new patch fixes KB 3178690 from March 14 that clobbers Excel 2010
Microsoft Security Update Guide Portal (The Windows Club) The new Microsoft Security Update Guide Portal outlines steps for deploying Security Updates & how to use available resources effectively to make an IT environment secure.
Here’s all the new stuff in Apple’s latest security document (TechCrunch) Hey guess what? Apple has a new security whitepaper! Apple only releases these things once every few years, and they represent the public's only window into..
Cyber Trends
Tributes Flood in as Industry Veteran Genes Passes Away (Infosecurity Magazine) Tributes Flood in as Industry Veteran Genes Passes Away. Trend Micro CTO was 54
Modern security programs: Artificial intelligence and machine learning (Help Net Security) Only 28% of researchers said they are “very confident” that their executive teams have a good handle on cybersecurity at their organization.
Carbon Black warns that artificial intelligence is not a silver bullet (SC Magazine UK) The research found that the roles of AI and ML in preventing cyber-attacks have been met with both hope and skepticism.
AI will transform information security, but it won’t happen overnight (CSO Online) Artificial Intelligence technologies are evolving quickly, but can they aid an InfoSec community still grappling with default passwords and SQLi attacks?
Cybersecurity Pros Brace for Non-Malware Attacks (eSecurity Planet) Today's IT security experts are wary about much more than dangerous viruses and other malware, finds a new survey from Carbon Black.
Traditional Defenses Can’t Keep Up With Modern Adversaries, Akamai CEO Says (MeriTalk) Due to the speed and sophistication of modern hackers along with increasing demands on government networks, traditional methods of cyber defense aren’t enough to protect agency data, according to Akamai CEO Tom Leighton.
Marketplace
Exclusive: Mach37 is striking out on its own — and raising a fund too (Washington Business Journal) Mach37, which was founded in 2013 and operates under the umbrella of Virginia’s Center for Innovative Technology, is looking for office space.
3 Hated Stocks That Could Make You Rich (The Motley Fool) JCPenney, Infinera, and Palo Alto Networks could be great rebound plays for contrarian investors.
Hewlett Packard Enterprise - A Double Spin-Off Offering At Least 50% Upside But Likely To Be Significantly More (Seeking Alpha) HPE shares are currently offering at least 50% share price upside even if management is unable to deliver on the proposed benefits of both of the spin-offs. The
Symantec Reaping the Benefits of Blue Coat Acquisition (eWEEK) Symantec Growing After Blue Coat Acquisition
Cyber-security firm ditches downtown office for suburbs (Indianapolis Business Journal) Rook Security has relocated to Carmel from downtown Indianapolis and ultimately hopes to land in Fishers.
OWL Cybersecurity Adds Two to Advisory Board (Yahoo! Finance) OWL Cybersecurity, a Denver-based cybersecurity company offering what it believes to be the world’s largest commercially available database of DARKINT, darknet intelligence, today announced D.
Products, Services, and Solutions
Virtru Receives 2016 Google Cloud Global Partner Award for Solution Innovation (BusinessWire) Virtru, a trusted provider of business privacy and data protection to more than 5,000 organizations around the world, has received the Google Cloud Gl
ESET/Eurosecure Partners With Mullvad Throughout Entire Nordic Region (PRNewswire) Mullvad is a VPN service that keeps your online activity, identity, and location private. Now Eurosecure, distributor of ESET antivirus software products in Scandinavia, has signed a partnership agreement with Mullvad.
NextLabs Releases New Entitlement Management Product for SAP S/4HANA (PRNewswire) NextLabs®, Inc. (www.nextlabs.com), an SAP partner and leading...
Qualys Delivers Continuous Security and Compliance to Google Cloud Platform Customers (PRNewswire) Certified Virtual Scanner Appliance available today in Google Cloud Launcher
Cyber security package unveiled for industrial networks (Marine Electronics & Communications) Waterfall Security Solutions has teamed up with insurance provider CNA Hardy and risk management group THB to create industrial cyber protection. Together they will provide cyber security packages to industrial businesses, including offshore and maritime.
Website Performance Bootcamp: Quiz-based training course (Help Net Security) The Website Performance Bootcamp is an online portal that provides quiz-based technical training for website acceleration and content optimization.
Comodo launches no-cost DNS security for businesses (BetaNews) Malicious websites provide a haven for malware and other threats to lurk, waiting for users to click links in emails or on other sites to contract an infection.
Cloud Distribution signs up AV replacement player CrowdStrike (MicroscopeUK) Cloud Distribution has extended its security coverage with the signing of endpoint protection player CrowdStrike
Sophos Intercept X Brings an End to Ransomware (eSecurity Planet) Intercept X from Sophos brings a bandolier of silver bullets to the ransomware fight, leaving cybercriminals scattering for cover.
OPSWAT Partners with Light Point Security to Offer Full Browser Isolation with Threat-Free Downloads via Content Disarm and Reconstruction (OPSWAT) OPSWAT and Light Point Security offer a joint solution that combines Light Point Security's browsing isolation solution with OPSWAT's data sanitization.
Callsign integrates its IDA technology with ForgeRock platform (Planet Biometrics) Digital authentication provider Callsign has announced it has integrated its Intelligence Driven Authentication (IDA) with the identity management firm ForgeRock’s platform.
enSilo Adds NGAV Support to Remove Redundant Security and Remediation Expenditures (Yahoo! Finance) enSilo, the company that has redefined endpoint security, today announced the release of its expanded platform, which includes a built-in next-generation antivirus (NGAV) solution. This addition gives enSilo the most effective preventative endpoint security
nuPSYS Collaborates with Bosch (Yahoo! Finance) nuPSYS—an innovation leader in Internet of Things (IoT) solutions for physical security, infrastructure, and networks—is pleased to announce its 3D-Advanced Mapping is now integrated with the Bosch Video Management System (Bosch VMS).
Technologies, Techniques, and Standards
Feds to battle cybersecurity with analytics (CSO Online) With more real-time information sharing, officials envision cyber defenses moving from 'vaccine' to 'immune system,' a big analytics project that could achieve something like automatic security.
Don't forget to pack security for the journey to the cloud (Help Net Security) The Qualys Cloud Platform provides consistent, uniform, scalable, and effective visibility of security and compliance posture for cloud IT environments.
Commercial IoT: Big Trouble in Small Devices (Dark Reading) There are endless scenarios where hackers could wreak havoc on the industrial Internet of Things. There's also a readily available solution called 'HIP.'
Europe struggles to tackle cyber attacks in aviation (EURACTIV.com) Cyber threats to the aviation sector are rapidly becoming a major issue for airlines, aircraft manufacturers and authorities. But Europe is finding legacy problems and new challenges to address cyber risks for its air transportation systems.
Is your Cloud Governance Agility Enough to Keep up with DevOps? (Infosecurity Magazine) Agility rules when it comes to DevOps, yet cloud governance models follow structured methods.
Cyberspace: An unregulated playing field (SC Magazine US) A fifth domain serving as a great force multiplier for free expression and commerce, cyberspace is also an open, unregulated playing field for criminals as well as malicious state and non-state actors.
Design and Innovation
Digital linguist translates on the spot (C4ISRNET) The Machine Foreign Language Translation System achieves basic communication between two languages.
The hackers trying to build a hack-proof operating system (The Christian Science Monitor Passcode) A team of Canadian security researchers is set to unveil a computer operating system called Subgraph designed to protect its users from the most common types of digital attacks.
Secrecy Obligation For The Digital Piggy Bank (Eurasia Review) “Do you collect bonus points?” This question is part of daily purchasing routine. More than 80% of German households participate in bonus programs. They run the risk of disclosing sensitive information
My Experience as a Cryptocurrency Developer (The Merkle) Cryptography, it’s all around us, and it's here to stay. My name is Carsen Klock, I am a developer, designer, and crypto entrepreneur. I want to share several things I've learned about developing cr
Responsibility in the IoT: Why security can’t be treated as an afterthought (Computer Business Review) Security is simply too important to be treated as an afterthought in the IoT. If security features are added on like an extra coating of paint to...
Research and Development
Sandia Labs Deploys Brain-Inspired Cybersecurity System (SIGNAL Magazine) Researchers at Sandia National Laboratories helped develop a potentially game-changing cybersecurity system that mimics the human brain’s ability to analyze data.
Academia
Tech helps organize Tucson Women in Cybersecurity conferences (Herald-Citizen) Tennessee Tech will have a distinct presence in Tucson, Ariz. this week at the fourth annual Women in Cybersecurity conference.
London Students Declared Most Talented in UK for IT Security (Acumin Recruitment, London) Imperial College London students have been named the country’s IT security top cats at the Inter-ACE contest, after beating rivals from 11 top universities.
Carnegie Mellon's CyLab challenges high school students to give hacking a try (PRNewswire) Carnegie Mellon University aims to build a talent pipeline into the cyber...
#brainbabe Introduces STEAM-Con Connection Helping Fill the Need for Cybersecurity Talent (PRNewswire) New program links students and cyber job seekers with employers to staff booths at conferences
Legislation, Policy, and Regulation
SuPo 2016: National Security is a Joint Effort (Finnish Security Intelligence Service) The Republic of Finland celebrates the centenary of its independence in 2017. The theme of the celebration year is ‘together’. The Finnish security intelligence service also wants to assure national security together with Finnish people. Recent news from the world have shown that national sovereignty can no longer be taken for granted even though no physical violation of state borders takes place.
Ministry of Defence on the hunt for data scientists with expertise in AI (Computing) Four data scientists ought to be enough to keep the UK safe, believes the MoD.
Amber Rudd accused of adopting Sir Humphrey Appleby-style obfuscation in Snoopers' Charter codes consultation (Computing) Government trying to intimidate people into silence by adopting bureaucratic legalese in Investigatory Powers Act codes of conduct consultation.
India extends ‘Orwellian’ ID card scheme as critics warn of risks (Naked Security) ‘Voluntary’ ID scheme soon to be mandatory for a huge range of everyday activities, from buying a train ticket online to getting a new Sim card
DHS misses deadline to submit cyber strategy to Congress (TheHill) Department official acknowledges it failed to submit strategy by last week.
DHS cyber reorg bill coming (FCW) A top DHS cybersecurity official and a leading lawmaker are pushing a plan to reorganize federal cyber protection.
Should Trump Tackle Air-Gapped Critical Infrastructure? (Dark Reading) MIT experts issue recommendations to the president, urging him to take elements of the electric grid and gas pipeline offline - but other security experts say that ship has sailed.
US House votes to undo broadband privacy rules (CSO Online) The U.S. House of Representatives has voted to repeal privacy rules that can prevent broadband providers from selling customers’ internet-browsing histories and other data without their permission.
Here’s the Data Republicans Just Allowed ISPs to Sell Without Your Consent (Motherboard) Privacy watchdogs blasted the vote as a brazen GOP giveaway to the broadband industry.
How to Protect the Internet (Motherboard) What normal people can do to stop the concerted effort by Republicans and big telecom to destroy the open internet.
Why we should define our right to privacy now, before it’s too late (Help Net Security) What we need is a constitutional amendment that very clearly defines a right to privacy. Without one, we’ll forever be looking over our digital shoulders.
Litigation, Investigation, and Law Enforcement
UK Cops Arrest Man Potentially Linked to Apple Extortion (Motherboard) The man is suspected of blackmail and hacking offenses.
Why government plans to spy on WhatsApp will fail (Naked Security) After last week’s attack in London, the home secretary called on television for cryptographic regression – but that won’t deliver what she wants
182,000 Joblink accounts exposed in cyber attack (Brattleboro Reformer) The Vermont Department of Labor has announced that as many as 182,000 Joblink accounts dating back to 2003 may have been breached in a cyberattack.As a result of the breach, personal information such as names, addresses, dates of birth and Social
Man loses appeal over Facebook threat to kill Obama (Naked Security) The lesson from this failed appeal is that threats on social media will be taken very seriously by the authorities – so be careful when blowing off steam
Russian Hacker Pleads Guilty to Ebury Botnet Role (Infosecurity Magazine) Russian Hacker Pleads Guilty to Ebury Botnet Role. Maxim Senakh said to have benefitted from scams that made millions
Yes, Burglars Read Your Social Media to Learn When You're Away (Lifestyle) Keep your home safe when you travel.
‘Siri, please dial 999 and save Mummy’s life’ (Naked Security) Four-year-old boy used his unconscious mother’s thumb to unlock her iPhone and call the emergency services