Cyber Attacks, Threats, and Vulnerabilities
WikiLeaks just dropped the CIA’s secret how-to for infecting Windows (Ars Technica) Latest batch of documents details how CIA infects targets’ Windows-based computers.
Angry Shadow Brokers release password for suspected NSA hacking tools (CSO Online) Annoyed with the U.S. missile strike last week on an airfield in Syria, among other things, hacker group Shadow Brokers resurfaced on Saturday and released what they said was the password to files containing suspected National Security Agency tools they had earlier tried to sell.
They're Back: The Shadow Brokers Release More Alleged Exploits (Motherboard) In their new post, the NSA hackers pointed specifically to President Trump, and recent political events.
NSA Hacking Tools Leak Online But Are 'The Shadow Brokers' About To Be Unmasked? (Forbes) You may not know much about The Shadow Brokers - a secretive and mysterious...no-one is quite sure but let's say...group of hackers with alleged NSA data but you probably will over the coming days. While some believe the group to be a disgruntled intelligence agent, others say Russia and others say a collection of hackers.
Shadow Brokers return with new release of NSA hacking tools - and an open letter to President Trump (Computing) Russia-linked hacking group denies links to Russia.
Shadow Brokers Publish the Password for the Rest the Stolen NSA Hacking Tools (BleepingComputer) The Shadow Brokers (TSB) are back, and they've released the password for the rest of the hacking tools they claim to have stolen from the NSA last year.
US cyber attack shuts down Al-Masdar News for five hours (AMN - Al-Masdar News | المصدر نيوز) On Friday afternoon, Al-Masdar News experienced its biggest hacker attack ever, leaving the website inaccessible to its reade
How to Fight ISIS Online (Foreign Affairs) To begin countering ISIS' online threat, it is necessary to understand the external factors that have shaped the group's communications strategy.
Combating information and disinformation campaigns (C4ISRNET) Actions by ISIS and Russia have forced the West to combat efforts in the public and military information sphere.
Unit 42 Uncovers New Google Android Malware, Bit.ly And ‘Fake News’ Strategies (Information Security Buzz) Unit 42, Palo Alto Networks’ threat intelligence research arm, has uncovered evidence of links between attacks using two new malware families and two families of Google Android malware. This has been discovered as part of work on preventing and detecting targeted attacks in the Middle East. The attackers favour using URL shortening services to disguise …
Baseband Zero Day Exposes Millions of Mobile Phones to Attack (Threatpost) A previously undisclosed baseband vulnerability impacting Huawei smartphones, laptop WWAN modules and IoT components was revealed Thursday at the Infiltrate Conference
Booby-trapped Word documents in the wild exploit critical Microsoft 0day (Ars Technica) There’s currently no patch for the bug, which affects most or all versions of Word.
Hackers are attacking Word users with new Microsoft Office zero-day vulnerability (ZDNet) The bug affects all supported versions of Microsoft Word, but will be fixed this week.
Attacks Detected with New Microsoft Office Zero-Day (BleepingComputer) Cyber-security firms McAfee and FireEye have both disclosed in-the-wild attacks with a new Microsoft Office zero-day that allows attackers to silently execute code on targeted machines and secretly install malware.
Matrix Ransomware Expands to Affects Other PCs Using Malicious Shortcut (Cyware) Brad Duncan, a Threat Intelligence Analyst for Palo Alto Networks Unit 42, has recently started seeing the EITest campaign use the RIG exploit kit to distribute the Matrix ransomware. What was found is interesting as Matrix Ransomware has the worm like features that allow it to spread outside of the originally infected machine via Windows shortcuts and uploads stats about the types of files that are encrypted. According to Brad Duncan, Matrix is distributed via hacked sites that have the EITest scripts injected into them.
Forcepoint Warn Of Healthcare Targeting Ransomware (Information Security Buzz) Forcepoint security labs has identified a form of ransomware, first documented back in September 2016 that targets healthcare organisations. ‘Philadelphia’, believed to be a new version of ‘Stampedo’ currently shows patterns that could be the beginning of a widening targeting campaign, extending beyond US perimeters. Sold for just a few hundred dollars and promoted on …
Assessing The Ransomware Threat On IBM i (IT Jungle) How would you like to be given the choice of paying a $200,000 ransom or having your server down for a month? Those are real outcomes from two recent ransomware attacks on IBM i servers, which cybercriminals may be starting to target. “We certainly have seen a trend recently in malware and specifically ransomware, just
IoT devices under attack: Amnesia hijacks, BrickerBot destroys (Help Net Security) Every hour of every day, computer systems and IoT devices are under attack by bots trying to recruit them into growing botnets.
DDoS Attacks Increase In Profitability (PYMNTS.com) One of the main drivers in the popularity of distributed denial-of-service (DDoS) attacks among cybercriminals is the favorable cost-profit ratio. Companies that are targeted by this type of extortion can expect to lose thousands, if not millions of dollars, while the perpetrators of the attack can invest as little as $7 an hour to get […]
Irresponsible Chinese DVR Vendor Still the Target of IoT Botnets One Year Later (BleepingComputer) A Chinese company that manufactures white-labeled DVRs still hasn't patched a security flaw that's been targeted by IoT botnets for over a year.
FAFSA Tool Taken Offline After Breach Report (Dark Reading) Personal data of 100,000 taxpayers compromised after IRS' students financial aid tool hacked.
Pay day loan firm Wonga suffers data breach affecting up to 270,000 (TechCrunch) Payday loan firm Wonga has suffered a data breach affecting up to 245,000 customers in the UK. A further 25,000 customers in Poland may also be affected,..
Wonga at a Loss After Suspected Data Breach (Infosecurity Magazine) Wonga at a Loss After Suspected Data Breach. Short term loans company warns customers
GameStop Investigates a Potential Card Heist (Infosecurity Magazine) Three-digit CVV2 verification codes are thought to be part of the cache, which allow crooks to make fraudulent purchases immediately.
North Korean hackers attack banks in Nigeria, 17 other countries - Kaspersky (Premium Times Nigeria) The Central Bank said it is not aware of the attacks.
Hackers set off Dallas’ 156 emergency sirens over a dozen times (Ars Technica) Twice the normal volume of 911 calls came into the system early Saturday morning.
Malvertising campaign pushes data-collecting VPN on iOS users (Graham Cluley) A malvertising campaign is targeting iOS devices with a VPN that doesn't hide the fact it collects large quantities of users' information.
Scareware/Malvertising Campaign Targets iPhones (Infosecurity Magazine) A scareware campaign has been uncovered that pushes a ‘free’ VPN app called MyMobileSecure to iOS users via rogue ads on popular torrent sites.
Water Utility Cyberattack Rings Up Hefty Data Charges (Circle of Blue) Money is often the root of cyberattacks on water utilities, experts say. By Brett Walton, Circle of Blue Hackers that stormed the digital defenses of an American water authority and took control of its cellular routers late last year were not interested in disrupting water supply and wastewater treatment. Instead they were intent on stealing …
ClearEnergy - The "In The Wild" SCADA Ransomware Attacks That Never Existed (BleepingComputer) A mini-controversy broke out this week in the infosec community after cyber-security firm CRITIFENCE led journalists and other security experts to believe that they've detected in-the-wild attacks with a new ransomware called ClearEnergy, specialized in targeting ICS/SCADA industrial equipment.
Power grid leaders worry that a cyberattack is looming (Houston Chronicle) The Department of Energy continues to work on developing what Patricia Hoffman, acting assistant secretary at the Department of Energy's Office of Electricity Delivery and Energy Reliability, called "an ecosystem of resilience," by developing security standards and improve information sharing between government officials and the companies that operate the grid.
Researcher Warns SIEMs Are Weak Link In Network Security Chain (Threatpost) Security information and event management solutions are supposed to boost security, but researchers say the network analysis tools are ripe attack targets.
The New Shadow IT: Custom Data Center Applications (Dark Reading) If you think you've finally gotten control of unsanctioned user apps, think again. The next wave of rogue apps is on its way from your data center to the cloud.
SCAM ALERT - If you get this phone call from 'Microsoft', do NOT answer (Express.co.uk) 'EPIDEMIC' of criminals are targeting victims with a devious new phone scam, top security researcher tells Express.co.uk.
Apple Mac OS Malware Spiked in Q4 (Dark Reading) Malware samples sharply increased for Mac OS devices in Q4 2016 as threat actors expand their targets outside Windows PCs, new McAfee report says.
Security Patches, Mitigations, and Software Updates
Compared to last month's Patch Tuesday, April will be a light drizzle (Help Net Security) There is no greater threat of exposure than software that is no longer being updated. Software is like milk - it has an expiration date.
Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability (Cisco) A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device.
Broadcom fixes wi-fi exploit for Android and iOS devices (CRN Australia) Vulnerabilities could potentially allow remote code execution on devices.
Cyber Trends
NSA cyber-defense chief: ‘I have never been more busy’ (Fedscoop) This report first appeared on CyberScoop. The man responsible for leading the National Security Agency’s defensive mission says his team is fielding more calls than ever from agencies across the government. Dangerous, highly capable hackers and a desire by agencies to adopt cloud technology have increased the workload for Information Assurance chief Paul Pitelli and his …
Cybersecurity nears tipping point (CSO) As data breaches increase in size, frequency and impact, Centrify CEO Tom Kemp calls for a fundamental rethink of security to maintain our trust in current and emerging technologies.
Public vs. private blockchains: It could all prove a bit like the cloud (IDG Connect) Blockchain is one of those hot new areas which an awful lot of companies are getting interested in.
When will self-aware AI develop its own instinct? (Computing) This will be the tipping point of synthetic learning, argues Peter Cochrane.
Marketplace
Heed the warning signs: Defense and commercial cyber just don’t mix (Washington Business Journal) For decades, defense contractors have helped the government protect its most sensitive networks from the most sophisticated of adversaries. It didn't turn out so well when they tried to do the same for the private sector.
Okta goes public after successful IPO (CRN Australia) First big cybersecurity IPO of the year.
Armor Raises $89M to Bolster Secure Hosting (eSecurity Planet) Secure cloud hosting provider Armor announced on April 5 that it has raised $89 million in a new round of equity financing. The money will be used to help grow Armor's global business efforts.
TASER changes name in shift to software, services for police (Reuters) TASER International, themaker of electrical weapons for police officers, is changing itsname to Axon as it pushes further into the software business.
The Impact Of Geopolitics On Lockheed Martin (Seeking Alpha) Today the U.S. initiated air strikes in Syria. Lockheed Martin reaps 71% of its net sales from U.S. government contracts, and is profoundly impacted by geopolit
Palo Alto Networks (PANW) Board Announces Share Repurchase Program (The Cerbat Gem) Palo Alto Networks (NYSE:PANW) declared that its board has initiated a share buyback plan, which allows the company to repurchase $500 million in shares on Tuesday, February 28th, EventVestor reports. This repurchase authorization allows the company to purchase up to 3.6% of its shares through open market purchases.
Cylance Cuts Jobs (Orange County Business Journal) Cylance Inc. in Irvine has initiated a round of job cuts in a restructuring. It’s unclear if this was the first layoffs for the fast-growing, five-year-old security software maker, which declined to disclose the number of cuts.
Startup founded by FireEye alum goes after FireEye (Network World) SlashNext, a startup formed by a former FireEye engineer, uses machine learning and artificial intelligence to detect and prevent threats from causing harm.
New Lease of Life: Wynyard Prepares for Second Innings (Yahoo! Finance) Luxembourg-based investment company, Boundary Holding SARL SPF, has completed the acquisition of Wynyard Advanced Crime Analytics software from the New Zealand-based software firm, Wynyard Limited.
Software company Eset wants a Silicon Valley in Bratislava (Spectator) The Interior Ministry's stance that it's all about the money seems strange compared to the value they want to provide, says Eset.
Port S.A. launches cyber security infrastructure roots (LaPrensa) Port San Antonio announced a major new development that supports job creation and economic growth in the next century, exactly 100 years since the beginning of Kelley Air Force Base. Port S.A. staff, dignitaries and members of the cybersecurity industry broke ground on “Project Tech” on Wednesday afternoon, discussing what the plan entails. The first …
Infosec careers: There is no one true path (CSO Online) It would sure make things simple if there were one easy and obvious way to get a job or start a successful business in IT security.
Cybersecurity vendors spin up channel partner programs (SearchITChannel) Cybersecurity vendors are reaching out to channel partners such as managed service providers to promote their offerings to more customers.
Suthan Naganayagam returns to SAP after running Netlinkz for six months (CRN Australia) Suthan Naganayagam returns to SAP.
Products, Services, and Solutions
ConsentIQ Eases SME Privacy Compliance with Integrated GDPR & 'Cookie Law' Consent Management (Broadway World) ConsentIQ Eases SME Privacy Compliance with Integrated GDPR & 'Cookie Law' Consent Management
AlphaBay to Begin Accepting Ethereum as the Bitcoin Alternative Grows More Popular (SurfWatch Labs, Inc.) Beginning next month, malicious actors using the dark web marketplace AlphaBay will be able to buy and sell their goods using the growing cryptocurrency platform Ethereum. Ethereum will become the …
TrapX Security Achieves Cisco Compatible Certification, Integrates DeceptionGrid with Cisco ISE pxGrid and Threat Grid (Cisco Blogs) A core responsibility in my role at Cisco Security is guiding ecosystem partners through the Solution Partner Program, executing daily on the Open and Automated pillars of the Cisco Effective Cybersecurity strategy.
Wandera Offers Security For Mobile Enterprise Clients (Military Technologies) With the fast paced business world of today, it has become imperative that companies extend their workability to mobile devices, such as tablets and smartphones. For some professions, working in an office is just not feasible.
New weapon from Darktrace in AI arms race (Business Weekly) Cambridge cyber security firm Darktrace has broadened availability of a new weapon to fight tech terrorists in an escalating global AI arms race.
Technologies, Techniques, and Standards
Last Chance to Comment on NIST's Updated Cyber Framework (SIGNAL Magazine) The comment period deadline is Monday for changes introduced to the National Institute of Standards and Technology's draft update to its cybersecurity framework.
Mitigate threats by using Windows 10 security features (Microsoft Windows IT Center) This topic provides an overview of some of the software and firmware threats faced in the current security landscape, and the mitigations that Windows 10 offers in response to these threats.
Do Threat Intelligence Exchanges Really Work? (Security Intelligence) Threat intelligence exchanges enable companies to detect and respond to incidents more effectively, but only if they take the necessary steps to prepare.
Information sharing is complicated, even inside government (FCW) Sharing cybersecurity threat information among federal law enforcement agencies generates tension, but that's not a bad thing, say FBI, DOJ and DHS cyber officials.
Predictive analytics can stop ransomware dead in its tracks (CSO Online) Predictive analytics is a necessity because the malware of tomorrow is unknown and will surely evolve to our detriment. Find out how it finds traces of ransomware before the network goes down.
Four Key Practices for Stronger Retail Cybersecurity (SecureWorks) Marry long-term vision with short-term actions for stronger retail cybersecurity now and in the future.
How to Measure the Effectiveness of Security Programs? (Infosecurity Magazine) Organizations struggle to measure the investment in security programs and resources.
Using Deception to Hunt Cyber Attackers (Infosecurity Magazine) Deception enables the organization to thwart attacks even if it is lacking experienced hunters
Looking for value in EV Certificates (Adam Caudill) When you are looking for TLS (SSL) certificates, there are three different types available, and vary widely by price and level of effort required to acquire them. Which one you choose impacts how your certificate is treated by browsers; the question for today is, are EV certificates worth the money? To answer this, we need… Continue reading Looking for value in EV Certificates →
Design and Innovation
Microsoft's Project Sopris aims to secure low-cost IoT devices (Internet of Business) Microsoft has announced a new initiative to tackle the security risks posed by microcontrollers in low-cost connected devices.
IoT Needs Embedded Cryptography (Design And Reuse) Security is a top concern for the Internet of Things, as essential as low power consumption, affordability, and wireless connectivity. Because IoT devices ...
Anatomy of a secure internet-connected thing (Electronics Weekly) Lars Lydersen was a part of the team that broke into 'unbreakable' commercial quantum cryptographic systems. Now working as director of product security at
Pentagon tech advisers target how the military digests data (Defense News) Technology advisory group says DoD needs to store data in new ways.
Research and Development
Smart Dust: A revolution that’s blowing in the wind? (IDG Connect) ‘Smart Dust’ is a term you’d expect to hear in a Mission Impossible movie or Michael Crichton’s 2003 novel Prey.
Academia
Youth Cyber Defense National Champions Crowned in Baltimore (MarketWired) The Air Force Association's (AFA) CyberPatriot Program announced this week the winners of the CyberPatriot IX National Youth Cyber Defense Competition.
The 2016-2017 iCTF DDoS (UC Santa Barbara iCTF Competition) On March 3rd, 2017, we ran the iCTF of the 2016-2017 school year. It was one of the largest online attack/defense CTF ever run, and definitely the largest hosted one. This blog post will cover the events that brought us here, the main issue the iCTF ran into, and the in-depth analysis that we ran in order to understand what exactly went wrong.
Marquette University establishes Milwaukee area's first cyber security center (Milwaukee Journal Sentinel) The Center for Cyber Security Awareness and Cyber Defense will focus on education, community involvement and research.
Legislation, Policy, and Regulation
'Geneva Conventions for Cyberspace': IT Experts Call for an End to Cyberwars (Sputnik) The buildup of digital weapons poses a serious threat to the IT -systems of entire nations and can also damage urban systems of life support, experts warn.
The relationship between third offset strategy and multi-domain battle (C4ISRNET) What is the relationship between the Pentagon's third offset strategy and the multi-domain battle concepts being developed by the services?
Summit was not quite the meeting of equals Xi would have wanted (South China Morning Post) The two nations remain near-peers in the realm of contemporary great powers, and not absolute peers as China would will it
We’ll fight them on the internet: Germany’s first cyber general (The Irish Times) Germany has appointed its first cyber general to combat the threat of global online attack
Litigation, Investigation, and Law Enforcement
Detailed paper trail for Rice unmasking requests likely exists, according to controversial intel sharing document (Fox News) An extensive and complex paper trail for requests to the National Security Agency about the identities of people in President Trump’s transition team in sensitive intelligence surveillance probably exists, including requests made by former National Security Advisor Susan Rice, according to information sharing procedures signed into law by the outgoing Obama Administration.
Perspective | What intelligence officials really mean when they talk about ‘unmasking’ (Washington Post) Here's how to understand the debate about intelligence reports and foreign intercepts.
These Are the Questions Susan Rice Needs to Answer Under Oath (Reason) We've been incessantly assured there's nothing to this story. Perhaps.
Sorry, Democrats, The Obama Spying Scandal Isn't Going Away (The Federalist) Devin Nunes stepped away from the Russia probe. But he's still investigating the Obama administration's leak campaign against the Trump administration.
Thompson pushes to step up committee's Russia probe (The Clarion Ledger) Rep. Bennie Thompson, the top Democrat on the House Homeland Committee: At some point, we will need to do our job.
Westminster killer’s link to Luton mosque (Sunday Times) The Westminster terrorist had a key role at a mosque that urges Muslims to take up weapons to gain “victory over the Jews and the rest of the enemies of Islam”. Khalid Masood was a public contact...
Alleged Spam King Pyotr Levashov Arrested (KrebsOnSecurity) Alleged Spam King Pyotr Levashov Arrested
Questioning Plaintiffs' Privacy Expectations Could Be Viable Part of Defense Strategies in Data-Breach Cases, Attorney Writes (Yahoo! Finance) A major data-breach lawsuit highlights an intriguing question for defense teams—whether plaintiffs are attempting to hold companies to unrealistic standards of data-privacy protection, writes LeClairRyan business litigator Chad Mandell
An Impossible Standard? (Corporate Compliance Insights) Data breach defense raises an important question
NCIS: 15 active-duty troops may have broken the law in 'Marines United' case (Marine Corps Times) Separately, 29 Marines could be disciplined by their commands for non-criminal activity.
Russians may now control the trove of photos showing naked U.S. troops (Military Times) The compromising images are for sale on AlphaBay, raising serious questions about the extent to which they could be exploited by foreign entities seeking to undermine the U.S.
Teradata pays ex-prez €4.2m to close 'invalid termination' settlement (Register) German court finds against the chopping of German man
