Cyber Attacks, Threats, and Vulnerabilities
Inside the Site Teaching Islamic State Supporters How to Use Encryption (Motherboard) A 34-year-old man from Cardiff was arrested for creating videos offering cybersecurity tips that were then posted on an Islamic State supporter site.
The hackers beating Isis' propaganda machine (The Independent) “Owned again! Your site is ours Daesh. You have nowhere to hide. You are weak,” reads a message by hackers waging war on Isis’ online “caliphate”.
What I Learned from Reading the Islamic State’s Propaganda Instruction Manual (Lawfare) Charlie Winter takes an inside look at how the Islamic State approaches its propaganda strategy.
Anonymous hacks ISIS website; infecting users with malware (HackRead) Amaq, the official news agency of ISIS or Daesh terrorist group is informing its users about a potential compromise in the security of its website.
WikiLeaks Releases CIA Tool Used to Impede Malware Attribution (Security Week) WikiLeaks has released information and source code for a framework allegedly used by the U.S. Central Intelligence Agency (CIA) to make analysis of its tools and attribution more difficult.
Wikileaks releases code that could unmask CIA hacking operations (Ars Technica) "Marble" libraries include code used to obfuscate—and unscramble—CIA malware.
WikiLeaks’ latest release of CIA cyber-tools could blow the cover on agency hacking operations (Washington Post) The material includes the secret source code of an “obfuscation” technique used by the CIA so its malware can evade detection by antivirus systems.
Cyber Tops List of Looming National Security Threats (SIGNAL Magazine) By far, concerns emanating from the cyber domain outrank conventional conflict hazards posed by the Chinas, Irans, North Koreas or Russias of the world.
Hackers Boosting Destructive Attacks Against U.S., FireEye Says (Bloomberg.com) Cyber-criminals and terrorists are increasingly pursuing destructive attacks on U.S. government networks, and many federal agencies still fail to realize they’re an easy target, according to an executive at cybersecurity firm FireEye Inc.
Turla Group Improves Carbon Backdoor (Security Week) The Russia-linked threat group known as Turla has continued to make improvements to its Carbon second-stage backdoor, with new versions released on a regular basis, ESET reported on Thursday.
Airports and nuclear power stations on terror alert as government officials warn of 'credible' cyber threat (The Telegraph) Britain's airports and nuclear power stations have been told to tighten their defences against terrorist attacks in the face of increased threats to electronic security systems.
IAAF: IAAF victim of cyber attack (IAAF) The IAAF has been a victim of a cyber-attack which it believes has compromised athletes Therapeutic Use Exemption (TUE) applications stored on IAAF servers.
Modular Felismus RAT Emerges (Security Week) A newly discovered piece of malware features a modular design and has been used in highly targeted campaigns, Forcepoint security researchers reveal.
RedLeaves - Malware Based on Open Source RAT (JPCERT/CC Blog) Hi again, this is Shusei Tomonaga from the Analysis Center. Since around October 2016, JPCERT/CC has been confirming information leakage and other damages caused by malware ‘RedLeaves’. It is a new type of malware which has been observed since 2016...
Fake SEO plugin backdoors WordPress installations (Help Net Security) Administrators of WordPress sites, beware! A fake SEO plugin is being used by attackers to compromise WP installations worldwide.
Custom phishing attacks grow as crooks create fake flight confirmations, receipts (ZDNet) Well-researched attacks designed for cyber-espionage and malware distribution are being specificially targeted at those who regularly travel by air.
Super industry under attack from cybercrooks (Technology Decisions) The $2.2 trillion Australian super industry is increasingly coming under attack from cybercriminals, and there is little chance for victims to recover their hard-earned funds.
Fileless: Evasive Intrusion Tactics Pose Challenge for Network Defense (NJ Cybersecurity) The NJCCIC assesses with high confidence that fileless and “non-malware” intrusion tactics pose high risk to organizations, both public and private, and will be increasingly employed by capable threat actors intent on stealing data or establishing persistence on networks to support ongoing espionage objectives or to enable future acts of sabotage.
'Sundown' Rises as New Threat in Depleted Exploit Kit Landscape (Dark Reading) New exploits and obfuscation tactics have made once second-tier EK a potent threat, researchers from Cisco Talos say.
Sanctions Ransomware Makes Fun of USA Sanctions Against Russia (BleepingComputer) If you want to know what some ransomware developers think about the USA, you can get a good idea from the ransom note of the Sanctions Ransomware. Dubbed Sanctions Ransomware due to the image in the ransom note, the developer makes it fairly obvious how he feels about the USA and their attempts to sanction Russia.
Point-and-pwn tool for posers dumbs down ransomware spreading (Register) I'm Guybrush Threepwood, mighty hacker
Google: Ransomware on Android Is Exceedingly Rare (BleepingComputer) Android apps spreading ransomware aren't as common as most users and security experts think, says Jason Woloz, Sr. Program Manager for Android Security at Google.
Android under siege from malware – here’s how to protect your phone (Naked Security) Android phones are a top attack target, making up 85% of all mobile device infections in the second half of 2016
Verizon's new app launcher brings spyware to all its Android phones, says EFF (TechRepublic) Verizon's impending release of a new app launcher for Android called AppFlash has some privacy experts worried, as the launcher collects a lot of personal information for advertising.
Verizon Rebuts Critics of Data-Collecting App (Threatpost) The Electronic Frontier Foundation retracted a blog post today highly critical of Verizon and the upcoming rollout of an app called AppFlash made by Evie Labs.
Why I Always Tug on the ATM (KrebsOnSecurity) Once you understand how easy and common it is for thieves to attach “skimming” devices to ATMs and other machines that accept debit and credit cards, it’s difficult not to closely inspect and even tug on the machines before using them.
Email security not keeping up with attacks (CSO Online) With clever cybercriminals finding creative new ways to get to users, has email security lost the battle to protect.
Insiders -- the invisible threat lurking in your office (Computerworld) With all of the focus in the business world recently related to hackers, we have tended to overlook a group of potential bad actors who have already penetrated our perimeter security, and have access to our facilities – our employees and contractors.
'Distributed Cybercrime' Is Making Attackers Multi-Millionaires (CXO) Ransomware and banking Trojans dominate the cybercrime mainstream today, and their technical operations are heavily analyzed.
New internet domain is magnet for paedophiles, charities warn (Times (London)) Millions of new website addresses, including those bearing the domain name .kids, are to be sold without basic child protection safeguards, children’s charities warn today. Child-focused addresses...
Text message scam from the Motor Registry – how not to get stung (Naked Security) How harmful can an SMS be if it’s just offering advice?
Security Patches, Mitigations, and Software Updates
Schneider Electric Patches Flaws in Modicon, Wonderware Products (Security Week) Schneider Electric has released software and firmware updates to address several vulnerabilities affecting some of the company’s Wonderware and Modicon products.
Galaxy S7 edge/ S7 active on AT&T and Verizon Moto Z Play Droid get latest security update (GSMArena.com) The update is arriving as build number G935AUCS4BQC2 and G891AUCS2BQC2 for Samsung phones, and version NDNS25.137-24-1-4 for the Motorola phone.
Microsoft to end Windows Vista support this month (TWCN Tech News) Microsoft has mentioned that from April 11, 2017, onwards, it will end support to this OS, after releasing security patches for one last time on the same day
Zero-Day in Microsoft IIS 6.0 Web Server temporarily patched (TWCN Tech News) A Zero-Day Exploit on the IIS 6.0 has been unearthed. The exploit will affect any webserver running IIS 6.0 and has been temporarily patched by Security ressearchers.
Telegram Update Allows Users to Make Secure, AI-Powered Voice Calls (HackRead) Telegram, the secure instant messaging service has issued an update v.3.18 allowing users to make and receive end-to-end encrypted calls over WiFi, 3G, and
Enabled by Technology: the Rise of the Targeted Attack (The CyberWire) "The bar's gone down," said panelist Philip Martin (Director of Security at CoinBase). "You can Google your way to being an advanced attacker, or almost." What's interesting is the attacker's goal. The SINET ITSEF panel on the evolution of the targeted attack...
Leaks, Public Relations, Fake News, and Fake-Fake News (The CyberWire) Norman Pearlstine (Vice Chairman of Time, Inc.) delivered a keynote in which he offered a perspective on the way in which journalists get, vet, and develop their reporting, a matter of some interest given the recent prominence information operations have assumed in attempts to influence public opinion.
Fortinet study shows HTTPS traffic has yet to surpass HTTP traffic (SearchSecurity) HTTPS traffic hasn't taken off, despite expectations, according to a Fortinet study. Plus, new developments in the Apple extortion, and more.
IBM X-Force: Number of compromised healthcare records drops 88 percent in 2016 (MedCity News) The 2017 IBM X-Force Threat Intelligence Index says the number of healthcare records decreased significantly in 2016.
If 2016 was the year of the breach, what will 2017 be? (High-Tech Bridge) In 2016, hackers stole 4 million records per day, and 35% of employees across the UK, France, Germany and Italy admit to have been involved in a security breach.
Cyber resilience: A new boardroom priority (Business Inquirer) The active participation in the recent Management Association of the Philippines Forum on “Cyber Resilience: A New Boardroom Priority” shows that cyber security awareness is growing as more organizations, whether government or private, learn that their networks are vulnerable to an attack.
The likes of Deloitte, IBM and Accenture want to break up the big bang model. Can they do it? (CRN Australia) Customers are asking if big consultancies are all they're cracked up to be.
McAfee rebirth ignites branding, ease-of-business opportunities - channel chief (Channelnomics) Exec says new infrastructure allows vendor to address branding, ease of doing business
First graduates from government Cyber Retraining Academy get IT jobs in industry (V3) Graduates land interviews or jobs at the likes of Amazon, JP Morgan, Fujitsu and Huawei
PhishMe Appoints Mel Wesley as Chief Financial Officer (Digital Journal) Industry veteran to position PhishMe for continued global expansion and explosive growth
Products, Services, and Solutions
Game on Teradata 2017 EPIC Awards Open for Best Business Cases (Teradata) Call for game-changing customer or alliance partner ‘wow’ stories starts now; Winners honored at Teradata PARTNERS conference ‘orange-carpet event’
Owl Cybersecurity Dark Web Database (PYMNTS.com) Though anyone can gain access to the dark net using Tor software, the illicit and unregulated part of the internet is not for the faint of heart. Being that it’s so unstructured, the dark web is not a place where one can go without knowing exactly what they’re looking for and exactly where to find...
Cyberbit selected by Delek Pi Glilot to protect critical infrastructure against cyberattacks (Global Security Mag Online) Cyberbit, whose cybersecurity solutions protect the world’s most sensitive systems, announced that leading energy company Delek Pi Glilot Limited Partnership has selected Cyberbit’s SCADAShield solution to protect critical national assets against cyberattacks. The companies intend to expand their collaboration and leverage Cyberbit’s entire security portfolio to address Delek’s long term cybersecurity strategy.
Teradata IntelliFlex Delivers Unprecedented Jump in Performance, Storage Density and Energy Efficiency with All-memory SSD Platform (Benzinga) Upgraded Teradata IntelliFlex and new Teradata IntelliBase platforms give customers choice and flexibility to support wide-ranging workloads, budgets and technologies...
Telstra to open two new security operations centres in Sydney and Melbourne (CRN Australia) Getting serious about managed security services.
Inside Telstra's massive mission-critical cloud migration to IBM Bluemix (CRN Australia) Plans to take one in five heavy applications to IBM's cloud.
Chain Looks to Secure Blockchain Transactions With Thales' Hardware (CryptoCoinsNews) Chain Inc., a provider of blockchain networks, has integrated a hardware security module from Thales, a provider of data protection solutions, to generate and secure keys used for blockchain transactions.
Monkton Announces Initiation of NIAP Accreditation Process (PRWeb) Monkton's NIAP Assessment process will formally validate two mobile apps, enabling customers to build NIAP compliant mobile apps.
CrowdStrike Falcon Intelligence Wins SANS Best of Award for Threat Intelligence (Yahoo! Finance) CrowdStrike® Inc., the leader in cloud-delivered endpoint protection, today announced that SANS Institute recognized CrowdStrike Falcon Intelligence™ as the winning product for the SANS Best of 2016 Awards Threat Intelligence Category.
Israeli firm to protect critical infrastructure with ‘cyber insurance’ (The Jerusalem Post) Industrial facilities around the globe have become increasingly vulnerable to cyber attacks.
Technologies, Techniques, and Standards
Insider Threat Programs: Security and Due Process (The CyberWire) This SINET ITSEF panel opened with two questions. What it would take to get people to focus on the insider threat? And why do those with government experience seem to get the magnitude of the insider threat more readily than those without such experience? The answers and consequent discussion would suggest that private enterprises have found their preparation for the insider threat moving naturally down the legal channels prepared by not only government practice, but by law, regulation, and the prospect of civil litigation.
Intelligent Use of Threat Intelligence (The CyberWIre) There's general agreement on, or at least universal lip-service paid to, the importance of threat intelligence to effective cybersecurity. But actually using it effectively has often proven problematic in practice. A panel at SINET ITSEF on March 28, 2017, put the question this way...
Crowdsourcing Confronts Cyber Challenges (SIGNAL Magazine) An offshoot of social media, crowdsourcing could hold solutions to some of the biggest cybersecurity problems the U.S. Defense Department faces.
Lessons learned from DoD's bug bounties highlight talent gap, 'security is not security' (FederalNewsRadio.com) DoD has carved a bug bounty path that civilian agencies can follow, as long as they don't try to compare their results to the same level as Defense.
Didn't we offer you enough? Google's $350,000 Project Zero prize attracts junk entries (ZDNet) Was Google's Project Zero prize too difficult or was the prize just too small?
Cryptocurrency Certification Consortium to Standardize Security across Crypto-Platforms (NEWSBTC) Cryptocurrency Certification Consortium has recently released Cryptocurrency Standard Security guidelines for the entire crypto-industry. Read more...
Encryption Is Key to a More Secure Cyber Future (SIGNAL Magazine) The increase in cyberthreats from both internal and external sources has put the onus on government agencies to implement strong cybersecurity architectures.
E-Discovery Heads In-House, and It's Not Just Because of Cost (Legaltech News) In an industrywide survey, legal technology expert Ari Kaplan found corporate e-discovery is being leveraged more toward information governance and analysis tasks.
USB Canary Sends an SMS When Someone Tinkers with Your USB Ports (BleepingComputer) A new tool released on GitHub last week can help paranoid sysadmins keep track of whenever someone plugs in or disconnects an USB-based device from high-value workstations.
How to Prevent Identity Theft in 2017 ? 100 Advanced Tips ! (Elite Personal Finance) Identity theft is one of the most alarming, yet under-discussed problems affecting American consumers.
Design and Innovation
The rise of InsurTech: How young startups influence a mature industry (Help Net Security) Artificial intelligence and the Internet of Things now account for almost half of total investment in insurance technology (insurtech) startups globally.
The Cyber IQ Challenge (The CyberWire) A common undertone throughout SINET ITSEF (as it is at most cybersecurity conferences) was concern over the shortage of qualified labor. Ways of addressing range from increased reliance on artificial intelligence to efforts to inspire elementary school students to think about careers in science, technology, engineering, and mathematics (generally) and in information security (specifically). These approaches would redress shortfalls in the labor market over the longer term.
Scholarship program would help Georgia rise to meet cybersecurity threat (Augusta Chronicle) In the face of ever-evolving attacks from our adversaries, we must strengthen our cyber defense capabilities.
Legislation, Policy, and Regulation
US is ready to confront North Korea, says Trump (Times (London)) President Trump delivered an ultimatum to China yesterday, insisting that if Beijing failed to use its influence on North Korea to disable the country’s nuclear programme, America would confront...
PLA Strategic Support Force: The 'Information Umbrella' for China's Military (The Diplomat) Beyond cyber and space warfare, the SSF will play a key role in conventional joint operations.
Govt adopts cyber security declaration (Daily Star) The government has adopted a cyber-security declaration 2017 asking organisations to develop actionable cyber
Britain Downplays Security Row as Brexit Wrangling Begins (The Bull) Britain sought to downplay a row over future security ties with the EU on Thursday, as London and Brussels drew up the first battle lines at the start of their two-year divorce.
Hancock unveils government push for firms to adopt Cyber Essentials (SC Magazine UK) In a speech in London today, the minister for digital and culture announced the government is ramping up pressure on organisations to adopt Cyber Essentials.
Who's Responsible for Protecting Internet Users against Cyberattack? (The CyberWire) The panel's question comes down to one of balance: what's the right balance to strike within a responsibility that's clearly shared among governments, the private sector, and individuals?
Trump Extends Obama's EO for Sanctioning Hackers (Dark Reading) EO ultimately led to sanctions against Russia for hacking and other attempts to tamper with the outcome of the US election.
Letters to DHS and MITRE Regarding Performance of Critical Cyber Database (US House of Representatives Energy and Commerce Committee) Excerpt: "We seek your assistance in evaluating the management and performance of the Common Vulnerabilities and Exposures (CVE) program, which has become an essential service for modern cybersecurity practices..." Excerpt: "The program provides a reliable, standardized mechanism for describing information technology and cybersecurity vulnerabilities. Recent reports indicate it may not be keeping up with the increasing vulnerabilities and related risks inherent in modern cybersecurity."
Trump Team Seems to Stay the Course With the Last Administration’s Cyber Efforts (Defense One) Two recent moves suggest the White House isn’t seeking a sea change in international cyber policy.
SecDef adviser: '99 percent sure we'll elevate' CYBERCOM (C4ISRNET) The Defense Department is making the elevation of Cyber Command to a full unified combatant command a key priority.
Federal inspectors general report recommends improvements for intelligence sharing (The Washington Times) U.S. federal agencies tasked with preventing terror attacks have improved their ability to share counterterrorism information, but additional steps can be taken to increase the dissemination of intelligence reports and to make information sharing more efficient, according to a new watchdog report.
"Strategic and Tactical Cyber Actions the New Administration Needs to Get Right" (The CyberWire) The topic was about advice to the current Administration, but the discussion was mostly budgets and agency equities. Chaired by Greg Touhill (former US Federal CISO), this SINET ITSEF panel included Peter Kim (CISO, US Air Force), Roopangi Kadakia (Chief Cloud Strategist, US Department of Veterans Affairs), and Chris Wlaschin (CISO, US Department of Health and Human Services).
Why you shouldn’t chip in to buy politicians’ browsing histories (Naked Security) There are a few red flags about the idea to buy the data of lawmakers and CEOs: it’s a nice idea, but you can’t
Litigation, Investigation, and Law Enforcement
The Russia “Hacking” Allegation: A Cyber-Gulf of Tonkin? (Global Research) There was no “Russian hacking” of the 2016 election
Part 3: STILL No evidence of Roger Stone’s collaboration with Russia - Artvoice (Artvoice) The US Intelligence Community has concluded with ‘high confidence’ that hacks which led ...
Senate Hearing to Focus on Russian Disinformation Tactics (PPP Focus) There was little chance that Thursday’s hearing would be as explosive as the House intelligence committee’s first public hearing last week, which started off with FBI Director James Comey confirming the FBI is investigating possible coordination between Trump campaign aides and Russian officials and included Trump himself fighting back during the hearing on Twitter.
Russian hacking goes far beyond 2016 pro-Trump effort (CSO Online) As the Senate Intelligence Committee begins the public phase of its investigation, experts warn of the sweeping scope of Russian hacking and disinformation efforts to advance foreign policy objectives. Cites prominent lawmakers Rubio and Ryan as recent targets.
Marco Rubio Says Hack Attempts From Russia Targeted Him, Too (WIRED) Attempted intrusions against any senator aren't surprising. But they're a reminder election hacking shouldn't be a partisan issue.
Byron York: Senate committee targets FBI No. 2 in Trump dossier probe (Washington Examiner) Sen. Charles Grassley, chairman of the Senate Judiciary Committee, has sent a letter to FBI Director James Comey demanding the story behind the FBI's reported plan to pay the author of a lurid and unsubstantiated dossier on candidate Donald Trump. In particular, Grassley appears to be zeroing in on the FBI's deputy director, Andrew McCabe...
Senator tells intel panel to 'follow the money' (Click Lancashire) Former National Security Adviser Michael Flynn is in discussions with the House and Senate intelligence committees on receiving immunity from "unfair prosecution" in exchange for agreeing to be questioned as part of ongoing probes into possible contacts between Donald Trump's presidential campaign and Russian Federation, his attorney said Thursday.
Could Michael Flynn Turn on Trump? (The New Yorker) Flynn is seeking immunity from the Justice Department and the House and Senate committees in return for his coöperation and testimony.
FBI probing whether Trump aides helped Russia a year ago (News 12 Now) CBS News has learned that U.S. investigators are looking into whether Trump campaign representatives had a role in helping Russian intelligence as it carried out cyberattacks on the Democratic National Committee and other political targets in March 2016. This new information suggests that the FBI is going back further than originally reported to determine the …
To keep classified docs from WikiLeaks secret, DOJ drops 2 child porn counts (Ars Technica) Judge: Feds relied on timestamp metadata, but withheld exploit code.
Cyber attack on Mindef's I-Net system occurred weeks before detection on Feb 1 (Today Online) A cyber attack which resulted in the theft of the personal data of about 850 national servicemen and Ministry of Defence (Mindef) employees occurred weeks before it was detected on February 1, Second Defence Minister Ong Ye Kung told Parliament on Monday (April 3).
Report: German authorities investigate high Turkish religious official (Deutsche Welle) Prosecutors in Germany are reportedly investigating one of the highest officials of the Turkish religious authority Diyanet. The inquiry comes amid worsening relations between Berlin and Ankara.
First on CNN: New terrorist laptop bombs may evade airport security, intel sources say (CNN) US intelligence and law enforcement agencies believe that ISIS and other terrorist organizations have developed innovative ways to plant explosives in electronic devices that FBI testing shows can evade some commonly used airport security screening methods, CNN has learned.
FBI Arrests Hacker Who Hacked No One (The Daily Beast) He built a piece of software. That tool was pirated and abused by hackers. Now the feds want him to pay for the computer crooks’ crimes.
Hillary Clinton Had Astonishing Access to Top Secret Documents After She Left State Department (Tennessee Star) Hillary Clinton may have resigned her secretary role at the State Department in 2013 - but her access to top secret and classified information didn't end then.
IT Admin Guilty of Hacking of Former Employer (Infosecurity Magazine) IT Admin Guilty of Hacking of Former Employer. El Paso bootmaker suffered serious downtime and extra costs after incident
Romanian Man Pleads Guilty to ATM Skimming Scheme (Dark Reading) Radu Bogdan Marin allegedly used stolen account details and fake ATM cards to withdraw tens of thousands of dollars.