Cyber Attacks, Threats, and Vulnerabilities
As Trump Entertains Xi Jinping, 'Operation Tradesecret' Spy Campaign (Infosecurity Magazine) Indicators show the attackers are part of the global China-backed hacking group APT10
China-Based Threat Actor APT10 Ramps Up Cyber Espionage Activity (Dark Reading) Customers of managed security service providers, website of U.S. trade lobby group targeted in separate campaigns
US trade lobbying group attacked by suspected Chinese hackers (CSO Online) A group of what appears to be Chinese hackers infiltrated a U.S. trade-focused lobbying group as the two countries wrestle with how they treat imports of each other's goods and services.
Cyber Espionage in Advance of U.S.-China Summit? Fidelis Threat Team Investigates (BusinessWIre) Fidelis Cybersecurity published findings that Chinese threat actors associated with or sponsored by the Chinese Government targeted a prominent U.S.
BrickerBot targets insecure IoT devices - and then bricks them (Computing) 'Grey hat' hacker suspected to be behind malware that seeks out and takes down insecure connected devices
Rash of in-the-wild attacks permanently destroys poorly secured IoT devices (Ars Technica UK) Ongoing "BrickerBot" attacks might be trying to kill devices before they can join a botnet.
New Malware Deliberately Destroys Unsecured IoT Devices (Dark Reading) Motive behind BrickerBot puzzles experts who think it maybe the work of a vigilante.
New Malware Intentionally Bricks IoT Devices (BleepingComputer) A new malware strain called BrickerBot is bricking Internet of Things (IoT) devices around the world by corrupting their storage capability and reconfiguring kernel parameters.
Amnesia botnet targeting DVRs, Palo Alto report (SC Magazine US) Over a quarter of a million devices used with DVRs around the globe are susceptible to a new botnet its discoverers have dubbed Amnesia.
New IoT/Linux Malware Targets DVRs, Forms Botnet (Palo Alto Networks Blog) Unit 42 researchers have identified a new variant of the IoT/Linux botnet “Tsunami”, which we are calling “Amnesia”.
Chasing Lazarus: A Hunt for the Infamous Hackers to Prevent Large Bank Robberies (PCQuest) Kaspersky Lab has published the results of its more-than-year-long investigation into the activity of Lazarus
The North Korea worry you haven't heard of: Cyber bank robbers (McClatchy DC) The scale of North Korean hacking operations against banks and casinos is “shocking,” a report by cybersecurity giant Kaspersky Lab says. Another firm, Symantec, says a North Korean hacker group is targeting banks in 31 countries.
20,000-bots-strong Sathurbot botnet grows by compromising WordPress sites (Help Net Security) A 20,000-bots-strong botnet is probing WordPress sites, trying to compromise them and spread a backdoor downloader Trojan called Sathurbot as far and as wide as possible.
Ransomware Attack on Pediatric Practice Exposes 55,447 Patients' Information (eSecurity Planet) While the company was able to avoid falling victim to the ransomware, the attackers may have been able to access patient data.
LMAOxUS Ransomware: Another Case of Weaponized Open Source Ransomware (BleepingComputer) An Indian developer is playing around with an open source ransomware builder, which in the long run may end up causing serious problems for innocent users.
Kaspersky spots spike in targeted ransomware attack on large orgs (SC Magazine UK) Kaspersky researchers have spotted a growth in targeted ransomware attacks on large companies.
Ransomware Gang Made Over $100,000 by Exploiting Apache Struts Zero-Day (BleepingComputer) For more than a month, at least ten groups of attackers have been compromising systems running applications built with Apache Struts and installing backdoors, DDoS bots, cryptocurrency miners, or ransomware, depending if the machine is running Linux or Windows.
This Ransomware Doesn't Want Cash, It Just Wants You to Play a Japanese Video Game (Motherboard) Hit a certain score on 'Undefined Fantastic Object' to unlock your files.
Why Is Ransomware The Deadliest Of All Online Threats? (CXO Today) Now, more than ever, a recent report suggests that India ranks second in ransomware attacks, this does not come as a surprise to many, especially the industry experts, considering that the country’s current state of digital security isn’t geared up to handle the emerging threats.
Android spyware evades anti-virus detection by using DroidPlugin sandbox (Graham Cluley) The Triada family of Android spyware is using the DroidPlugin open-source sandbox to evade detection by anti-virus software installed on infected devices.
The 'Dark RAT' (Infosecurity Magazine) In March 2017, Fujitsu Cyber Threat Intelligence uncovered a newly developed remote access tool referred to by its developer as ‘Dark RAT'
Your iPhone is not infected, and you don't need a free VPN app to clean it (Help Net Security) A scammy lunge at tech-unsavvy users is being performed by a global market research company offers MyMobileSecure - an "unlimited VPN proxy".
Fake News Site Targeting Android, Windows Users with Malware Scam (HackRead) A group of hackers is performing highly sophisticated cyber-attacks against high-profile organizations of Middle East - Cyber security firms Palo Alto Networks
I’ve Somehow Become Embroiled In a Byzantine VPN Scam (Motherboard) Does not compute.
QNAP NAS devices open to remote command execution (Help Net Security) If you're using one of the many QNAP NAS devices and you haven't yet upgraded the QTS firmware to version 4.2.4, you should do so immediately.
Bank customer details found on 'dark web' by IAG (Financial Review) Any CEO who believes they have a secure digital environment is "completely oblivious" to cyber threats, says IAG's Peter Harmer
FAFSA Tool Taken Offline After Breach Report (Dark Reading) Personal data of 100,000 taxpayers compromised after IRS' students financial aid tool hacked.
Mobile apps of 7 Indian banks compromised: FireEye (The Hindu Business Line) Names of banks not disclosed; malware has capability to steal user credentials, says US-based cyber security firm
Safaricom thwarts cyber attack attempts (Citizentv.co.ke) Safaricom thwarts cyber attack attempts
Islam critic cancels tour, citing security threats (Washington Examiner) Author Ayaan Hirsi Ali has canceled her upcoming speaking tour of Australia and New Zealand, citing security concerns as well as lapses by the tour's organizers.
Security Patches, Mitigations, and Software Updates
Windows 10 Creators Update will come with clearer privacy options (Help Net Security) Two years after Microsoft released Windows 10, the company has finally revealed what data it collects from users, and announced clearer privacy options.
Cyber Trends
Embedded Systems Designers Are Creating the Internet of Dangerous Things (Design News) A surprising 28% of embedded systems designers say the products they create are capable of causing injury or death during a malfunction. This is the third year the Barr Group has delivered a disparaging report on the safety and security of embedded systems.
Security: Losses Outpace Gains (Semiconductor Engineering) Complexity, new and highly connected technology, and more valuable data are making it harder to keep out hackers.
Teaching Hospitals at Greater Data Breach Risk (Dark Reading) John Hopkins researcher studies data breaches at hospitals between 2009 and 2016.
Cybereason Commissions 2017 Threat Hunting Report (IT Business Net) Cybereason, developers of the most effective Total Endpoint Protection Platform including EDR & Next-Gen AV, today announced the results of a undefined 2017 Threat Hunting Report of top CISO's and cyber security and IT professionals.
Marketplace
Symantec - Insurers poised to disrupt cyber-security channels (New Zealand Reseller News) A series of product partnerships with cyber insurance providers locally and globally is signalling ICT security firm Symantec is preparing for what could be a major market shift.
Akamai to acquire Soasta (Digital News Asia) The acquisition is intended to give Akamai customers greater visibility into the business impact of their website and application optimisation strategies.
KeyW builds intell footprint as Sotera buy closes (Washington Technology) KeyW has closed its $235 million acquisition of Sotera as the company positions itself as the largest firm focused primarily on intelligence customers.
There's A New $2 Billion Security Company In Town: How Will McAfee Shake Up The Competitive Landscape? (CRN) Solution providers and analyts speak to CRN about the impact on rivals and the security market overall as the new McAfee makes its debut.
Yahoo And AOL Move In Together Under 'Oath,' Verizon's New Digital Arm (WABE) There's a new brand on the Internet that's taking over some old ones — or at least old in Internet years. Yahoo and AOL are now under an umbrella
General Dynamics brings NATO to the cloud (C4ISRNET) Work on this contract will be based in Belgium and performed across many of the NATO member nations.
NetCentrics wins government contract to enhance federal cybersecurity (GSN) NetCentrics Corporation, a leading provider of enterprise IT services and cybersecurity for the U.S. government, announced today the deployment of a breakthrough systems management technology for one of its government customers.
Fighting cybercrime - David and Goliath style (IT Pro Portal) BAE Systems is teaming up with Cyber London to support cyber start-ups and boost the UK's economy.
Meet 3 of our Disrupt NY Startup Spotlight companies: Duo Security, Lemonade, and Tala (TechCrunch) Disrupt NY is right around the bend, and with it comes a brand new type of content: The Startup Spotlight. Each of these companies will have a total of 15..
ASA bans Kaspersky's smutty sexting ad after receiving 70 complaints (Inquirer) Watchdog says ad 'normalised' sexting for under-18s
CRN Exclusive: Tanium Names Former Cisco Exec To Lead State, Government, Health Care And Education Push (CRN) Tanium has named former Cisco executive John Maxwell to lead its business around state and local government, health care and education, the company announced Thursday.
RedOwl Announces the Appointment of John M. Jack to Board of Directors (Yahoo! Finance) RedOwl, the leader in insider risk solutions, today announced the appointment of John M. Jack to its Board of Directors. As the former CEO of HP Fortify and current advisor and board member to a number ...
Products, Services, and Solutions
New infosec products of the week: April 7, 2017 (Help Net Security) A rules engine that adapts to changing attack patterns DataVisor announced the latest addition to its full stack analytics platform, the DataVisor Automate
BitSight Delivers First Objective Measurement of National Cybersecurity Risk (IT Briefing Net) BitSight, the Standard in Security Ratings, today announced the general availability of Sovereign Security Ratings, the first objective measurement of national cybersecurity risk.
Infoblox Delivers Elastic Secure DNS for Service Providers (Global Security Mag Online) Infoblox Inc. announced Infoblox Trinzic Flex, an elastically scalable carrier-grade virtual appliance that delivers network control, security, and automation.
Bishop Fox Tests Best Known Virtual Private Networks (VPNs) for Privacy, Performance and Ease of Use (PRNewswire) With the repeal of the Federal Communications Commission's (FCC) internet...
Microsemi and Athena Announce the TeraFire Hard Cryptographic Microprocessor for PolarFire "S Class" FPGAs, Providing Advanced Security Features (PRNewswire) Microsemi Corporation (Nasdaq: MSCC), a leading provider of semiconductor solutions differentiated by power, security, reliability and performance, and ...
DB Networks and Exabeam Announce Integration Partnership to Offer Full-Spectrum Behavioral Based Analysis of Security Threats (PRNewswire) DB Networks®, a pioneer in Artificial Intelligence (AI) based database , today announced an integration partnership with Exabeam, a provider of security intelligence ...
Sucuri Introduces New Partner Program at HostingCon 2017 (El Editor) Sucuri, the most respected website security brand in the market, is proud to announce a new partnership program for the hosting industry.
Ixia delivers end-to-end visibility for public cloud (Dataquest) Ixia, a provider of network testing, visibility, and security solutions, today announced it has further extended the reach delivered by the CloudLens Platform to the public cloud. CloudLens Public provides...
Brocade's Ruckus Wireless Business Unit Collaborates with Pelco by Schneider Electric For Enhanced Physical Security (PRNewswire) ISC West—Ruckus Wireless, a part of Brocade, today announced its...
Technologies, Techniques, and Standards
The Cyber Attack Kill Chain: Where Threat Intelligence Can Help (Recorded Future) There’s a common misconception that threat intelligence is just about catching attacks before they happen. Here’s what’s wrong with that assumption.
Building a strategic threat intelligence program (SearchNetworking) Bloggers examine strategic threat intelligence, PaaS and cloud migrations and compare the capabilities of SIEM and UEBA.
McAfee report reveals five challenges to cyber threat intelligence (ComputerWeekly) McAfee Labs’ latest report details the challenges facing threat intelligence sharing efforts and reveals growing trends in malware, ransomware, mobile malware and other threats.
Anatomy of a CVE - Anchore (Anchore) We often mention CVEs in our blogs but we usually skip over the topic, explaining that while CVE checking is important, it is just the tip of the iceberg and that you need to look deeper into the image to check configuration files, non-packaged files, software artifacts such as Ruby GEMs and Node.JS NPMs.
Can Cyber Situational Awareness Prevent the Next Black Swan Cyber Event? (Security Intelligence) Security analysts cannot predict black swan events, but they can estimate the likelihood of a damaging breach through cyber situational awareness.
Threat intelligence sharing challenges: Understand the context of cyber events (Help Net Security) The security industry faces challenges in our efforts to share threat intelligence between entities, among vendor solutions, and within vendor portfolios.
Public/private threat intelligence sharing faces roadblocks (SearchSecurity) Threat intelligence sharing between the public and private sectors face challenges in culture, according to experts and government representatives.
HackerOne CEO: The tech industry has some 'catching up to do' on software security (TechRepublic) Despite open source's promise of better security, bug bounty programs are catching fire as a way to plug security holes.
Real Hackers Reveal How to Protect Your Business From Cyber Attack (AllBusiness.com) A new report polls a group of hackers to find out what they look for when hacking into a site, and some of the answers may surprise you.
Tracking Website Defacers with HTTP Referers (SANS Internet Storm Center) In a previous diary, I explained how pictures may affect your website reputation[1]. Although a suggested recommendation was to prevent cross-linking by using the HTTP referer, this is a control that I do not implement on my personal blog, purely for research purposes. And it successfully worked!
Design and Innovation
Chrome Security Team Tackles ‘Friendly Fire’ To Keep Browser Safe (Threatpost) Justin Schuh, lead engineer of Chrome Security, said ensuring browser security for Chrome users is a balancing act juggling OEM pressures, questionable certificate authorities and quashing third-pa…
Facebook Pushes News Literacy to Combat a Crisis of Trust (WIRED) Facebook joins with the founder of Craigslist to fix a crisis of faith in the news, but questions remain about who should shoulder the blame.
Google’s fact check feature goes global and comes to Google Search (TechCrunch) We live in the age of fake news -- both the really fake news that's simply fake and the kind of news that some people like to call "fake" only because they..
Seventeen Techniques for Truth Suppression (DC Dave) Strong, credible allegations of high-level criminal activity can bring down a government. When the government lacks an effective, fact-based defense, other techniques must be employed. The success of these techniques depends heavily upon a cooperative, compliant press and a mere token opposition party.
Applying Military Protocol to Cybersecurity Best Practices (Infosecurity Magazine) The majority of protection systems rely on passwords. If a hacker manages to get hold of one via a phishing exploit the rest is history.
Research and Development
Vencore awarded DoD cellular research contract (C4ISRNET) Vencore has been awarded a $6 million Department of Defense contract for cellular communications research.
Academia
Entering Cipher-Space: Register now for the Kryptos Code-breaking Competition (Central Washington University) Sharpen your pencils and engage your brain! κρυπτοσ, or Kryptos, is the annual code-breaking contest open to any and all undergraduate students.
WGU Launches Bachelor's in Cybersecurity and Information Assurance (PRNewswire) To help meet the increasing demand for cybersecurity...
Legislation, Policy, and Regulation
Trump Hails 'Friendship' With China's Xi on First Day of Summit (Bloomberg) President Donald Trump said he forged a friendship with Chinese counterpart Xi Jinping, striking a positive tone in the early hours of the first-ever meeting between leaders of the world’s two biggest economies.
Cybersecurity Must Top Agenda as Trump Hosts Xi (The Diplomat) Trump will need to address pressing cyber threats and policies if he seeks to support American jobs and companies.
As Trump Meets China, US Worries About Beijing’s Supercomputers and Industrial Espionage (Defense One) Network breaches? NSA research director says we ain’t seen nothing yet.
Does the World Need a Geneva Convention for Cyber Warfare? (Techworld) Unlike conventional conflict, there are no rules of play for cyber attacks - is it time countries started talking about this nascent form of warfare?
MEPs Vote for Full Review of Privacy Shield (Infosecurity Magazine) MEPs Vote for Full Review of Privacy Shield. Fears for agreement as European Commission set to investigate
Mixed messages in corporate governance code decrypts (Financial Times) How cryptanalysts might interpret industry responses to MPs’ proposals
Pentagon tech advisers target how the military digests data (Defense News) Technology advisory group says DoD needs to store data in new ways.
Chiefs: DOD cyber will suffer under a continuing resolution -- FCW (FCW) In the DOD, cyber, modernization, training, recruiting and readiness will all take a hit if Congress passes another continuing resolution rather than a full budget, say the Joint Chiefs of Staff.
Democrats Intro New Legislation to Restore FCC Privacy Rules (Infosecurity Magazine) Democrats Intro New Legislation to Restore FCC Privacy Rules. State legislatures also move to enact privacy-enhancing laws
FBI Considers Cyber Uni to Attract Coding Experts (Infosecurity Magazine) FBI Considers Cyber Uni to Attract Coding Experts. Bureau’s strict vetting isn’t helping recruitment efforts
Comey may relax FBI admissions for hacker recruits (New York Post) Aspiring federal agents who can hack a computer with ease but can’t shoot their way out of a paper bag could soon find the FBI to be more welcoming. In a series of recent…
Litigation, Investigation, and Law Enforcement
Suspect in metro attack ‘was duped’ (Times (London)) The bomb being carried by a former sushi chef on the St Petersburg Metro may have been detonated remotely without his consent, a source close to the investigation has said. Akbarzhon Dzhalilov, 22...
Russia Investigation Must Also Probe Surveillance Leaks (Bloomberg View) It's good that Nunes recused himself, but he's right that leaking details of NSA wiretaps is a serious issue.
Why it’s always ‘Russia wot dunnit’ (Spiked) Blaming Russia is a ‘get out of jail free’ card for struggling political elites.
Was Obama’s White House Politicizing Intelligence To Affect 2016? (The Federalist) The truth is that all 17 U.S. intelligence agencies did not conclude that Russia tried to interfere in the election or help Trump win. Not even close.
A Brief Timeline of Devin Nunes’ Odd White House Ties (WIRED) The House Intelligence Committee chair has had himself quite a week.
Analysis | President Trump’s claim, without evidence, that Susan Rice may have committed a crime (Washington Post) We answer key questions from readers, including whether a crime could have been committed.
Fillon vows revenge over sleaze scandal (Times (London)) François Fillon, the French centre-right election candidate, has accused President Hollande of enlisting 20 police officers to dig up dirt on him. Mr Fillon, 63, whose campaign has been damaged by...
«Scandale d'Etat» : Fillon accuse Hollande d'avoir organisé les fuites sur ses affaires (RT en Français) Lors de l'Emission Politique sur France 2, le candidat de droite a exigé une enquête concernant des révélations présumées qui mettraient en cause le chef de l'Etat. Il estime notamment que ce dernier a aidé à faire sortir des documents l'incriminant.
Twitter suing Homeland Security suggests some of those alt Twitter accounts were real after all (TechCrunch) New legal documents show that Twitter is taking the Department of Homeland Security to court to protect the true identity of an account that claims to be run..
Twitter balks at US demand to expose account condemning Trump policy (Ars Technica) Feds cited incorrect law and did not get a judge's signature for account data.
Homeland Security Will Continue to Search Electronic Devices at U.S. Airports (Skift) The Department of Homeland Security will continue searching the mobile phones and electronic devices of travelers at U.S. airports, the agency’s leader said...
Self-Proclaimed ‘Nuclear Bot’ Author Weighs U.S. Job Offer (KrebsOnSecurity) The author of a banking Trojan called Nuclear Bot — a teenager living in France — recently released the source code for his creation just months after the malware began showing up for sale in cybercrime forums. Now the young man’s father is trying to convince him not to act on a job offer in the United States, fearing it may be a trap set by law enforcement agents.
Navy says Iowa State cadets put inappropriate photos online (Navy Times) Members of a military officer training program at Iowa State University posted explicit photos on a Facebook page, an incident the Navy said Thursday was inappropriate and prompted corrective actions.
