Cyber Attacks, Threats, and Vulnerabilities
Shadow Brokers' malware release includes Oracle Solaris administrator-access security flaw (Computing) US National Security Agency had 'skeleton keys' to any Oracle/Sun Solaris system for decades
Hacking tools in Vault 7 data dump linked to prolific cyber espionage group (Help Net Security) Symantec has tied hacking tools from WikiLeaks' Vault 7 documents to "Longhorn," a cyber espionage group whose activity they have been following for years.
Symantec claims first evidence of Vault 7 tools being used in the wild by cyber-espionage group (V3) US-based group Longhorn using spying tools in cyber attacks against targets in at least 16 countries
Security firm links CIA leaks to series of past attacks (TheHill) The security firm Symantec believes it observed one of the hacking tools described in the CIA WikiLeaks files in attacks dating back to 2011.
Suspected CIA malware references 'Star Trek,' anime (TheHill) A new report from a cybersecurity firm provides new insights into malware linked to the CIA, including an odd list of internal references to pop culture ranging from carnival foods to obscure video games.
Latest Microsoft Office Zero-day Served via Godzilla Botnet (Netskope) Netskope Threat Research Labs has discovered that the latest Microsoft Office zero-day vulnerability is linked to the Godzilla botnet loader discussed in our recent blog.
Brazilian Malware Never Sleeps: Meet EmbusteBot (Security Intelligence) IBM Research — Haifa Labs detected yet another malware campaign, dubbed EmbusteBot, designed to target dozens of financial institutions in Brazil.
Pwned at the factory: attackers think outside the box (Naked Security) There are steps you can take to avoid ending up with a device that’s been compromised even before you’ve started up your new phone, but nothing can guarantee you’ll get a clean de…
Critical Vulnerability Puts ICS Security at Risk (Security Intelligence) A new potential problem for ICS security stems from CODESYS, a hardware-independent middleware layer for programming IIoT and ICS devices.
Tired: Stealing Data. Wired: Holding a Dam for Ransom (Defense One) The spread of ransomware means government and critical infrastructure providers need to start gaming out responses, cyber watchers say.
New report examines the weaknesses of industrial environments (CSO Online) A new report from FireEye examines the attack surfaces shared by a number of industrial enterprise operations, including electric utilities, petroleum companies, and manufacturing organizations. The six weaknesses outlined by FireEye center on protocols, hardware, authentication, relationships, fine integrity, and operating systems.
Exploit revealed for remote root access vulnerability affecting many router models (Help Net Security) It's difficult to tell how many devices are still vulnerable, but users rarely update their router's firmware, so there are bound to be still many of them.
2.5 Million IoT Devices Affected by Mirai Botnet in Q4 2016: McAfee (NDTV Gadgets360.com) Two and a half million Internet of Things (IoT) devices were infected by Mirai botnet by the end of fourth quarter last year, a new report by cyber-security company McAfee said on Tuesday.
New malware gives CCTV DVRs amnesia (iTWire) Palo Alto's Unit 42 has identified a new variant of the IoT/Linux botnet "Tsunami" dubbed "Amnesia" that targets commercial...
New malware targets IoT devices running Linux (Internet of Business) IT security researchers have uncovered a new strain of malware that targets digital video recorders, turning them into part of a botnet.
Hacked Dallas sirens get extra encryption to fend off future attacks (CSO Online) Dallas city officials have added extra encryption to bolster the security of outdoor warning sirens hacked early Saturday.
How fraudsters stole millions with the help of a legitimate online tool (Help Net Security) Identity thieves have managed to steal $30 million from the US IRS by using an online tool designed to help students fill out financial aid applications.
Malspam on 2017-04-11 pushes yet another ransomware variant (SANS Internet Storm Center) I ran across some interesting malicious spam (malspam) on Tuesday morning 2017-04-11. At first, I thought it had limited distribution. Later I found several other examples, and they were distributing yet another ransomware variant. I personally haven't run across this paricular ransomware until now.
Unsecured database exposed diabetics’ sensitive data (Naked Security) Close to a million records belonging to senior citizens in the US were exposed – and since deleted – but included details such as health insurance providers and medical issues
Patient files so far okay after ECMC cyber attack (WIVB) With the medical center’s computer network still offline, ECMC is conducting business the old fashioned way, on paper—no website, no email
Report: Cyber Criminals Targeting Healthcare Industry with Off-The-Shelf Ransomware (Healthcare Informatics) Amateur cybercriminals may be shifting towards targeting the healthcare sector using an off-the-shelf ransomware, according to security researchers at Forcepoint Security Labs.
Personal info at risk as cyber crooks target school districts (Beaumont Enterprise) School districts across the country have become frequent targets of ransomware attacks. At least two Southeast Texas districts have been hit in the past year. Educational networks are often vulnerable because they have so many entry points, store large amounts of personal data and often can't afford to build a strong enough security system, said Michael Kaiser, executive director for the National Cyber Security Alliance.
Insider hacks Marriott hotel reservation system; slashes rates up to 95% (HackRead) You may have heard about the Robinhood hacker “Hack Back!” who stole $10,000 in Bitcoins and donated it to a Kurdish Group last year. He claimed he did it
Inmates hid self-built PCs in the ceiling and connected them to prison network (The State of Security) Inmates in built computers from PCs they were supposed to be dismantling for recycling, hid them in the ceiling, and connected them to the prison network.
Security Patches, Mitigations, and Software Updates
Microsoft’s New Look Patch Tuesday Fixes 46 Bugs (Infosecurity Magazine) Microsoft’s New Look Patch Tuesday Fixes 46 Bugs. Fourteen critical CVEs are patched, including two zero-days
Critical Word 0-day is only 1 of 3 Microsoft bugs under attack (Ars Technica) In-the-wild exploits bring additional urgency to this month's update routine.
Adobe Patches 59 Vulnerabilities Across Flash, Reader, Photoshop (Threatpost) Adobe patched 59 vulnerabilities across five different products, including Flash Player, Acrobat/Reader, Photoshop, Adobe Campaign, and its Adobe Creative Cloud App on Tuesday.
SAP releases 27 Security Notes with most severe security flaw rated at 9.4 (Computing) Five SAP Security Notes rated high priority by ERPScan
Goodbye Windows Vista: Microsoft's unloved operating system finally reaches the end of the road (ZDNet) It's time to move on, says Microsoft.
How to manage the computer-security threat (The Economist) The incentives for software firms to take security seriously are too weak
InfoSec pros feel less external pressure, take security more personally (CSO Online) Security professionals are feeling less pressure from management, less pressure to approve IT projects early, and are less worried about emerging technologies, according to a survey released this morning. But they are also putting more pressures on themselves.
2017 Security Pressures Report (Trustwave) Virtually all workers face some level of adversity and affliction at their jobs. But IT and security professionals experience it on a whole different level thanks to the rapidly evolving and consequential nature of their occupation.
Adoption and Validation of BRI Increases in Q1 2017 (Flashpoint) At the close of 2016, I stated that 2017 will be the Year of Business Risk Intelligence. I’m pleased that our Q1 progress has demonstrated this to be true.
Cybersecurity: To automate or not to automate? (Help Net Security) The automated processes will aid IT security functions that range from assisting security personnel to streamlining security alerts to system optimization.
Share Price Tumbles 1.8% After Serious Breach – Report (Infosecurity Magazine) Share Price Tumbles 1.8% After Serious Breach – Report. CGI claims FTSE100 firms could be down £120m on average
Why the Pentagon wants people to hack it (CNNMoney) New bug bounty programs are finding flaws in mission-critical systems.
HackerOne To Reward Nintendo Switch Security Exploit Discovery - Nintendo Insider (Nintendo Insider) It was late last year that Nintendo had first teamed up with HackerOne, a vulnerability coordination and bug bounty platform created by security leaders fr
HackerEarth raises $4.5M to bring ‘hacker culture’ into corporate companies (TechCrunch) HackerEarth, an Indian startup that grew from arranging hackthon to offering corporate innovation services, has closed a $4.5 million Series A funding round...
Cisco: More Upsides For The Right Reasons (Seeking Alpha) Gains from IoT-driven tech are set to rewrite the narrative of Cisco's long-term valuation. The Street will gain from holding on to elevated valuation multiples
Security is the holy grail for partners says Cisco exec (Computer Dealer News) Channel partners have an opportunity to see very good profits because they are needed more than ever in security, said Cisco Systems
Why Google is Tough on Symantec (Market Realist) Google has problems with the manner in which Symantec (SYMC), an Internet security provider, handles website security certifications.
Products, Services, and Solutions
NSS Labs Announces Web Application Firewall Group Test Results (NSS Labs) NSS Labs, Inc., the global leader in operationalizing cybersecurity, today announced the results of its second Web Application Firewall (WAF) Group Test. A growing segment of the security market, WAFs employ a wide range of functions to work in conjunction with perimeter firewalls and intrusion prevention system (IPS) technologies to provide protection specifically for web applications. Of the five market-leading WAF vendors whose products had results published today, four products received a Recommended rating, while one product received a Caution rating.
NSS Labs 2017 WAF Group Test (NSS Labs) NSS' 2017 Web Application Firewall (WAF) Group Test evaluated five market-leading WAF products on security effectiveness, performance, and total cost of ownership (TCO). Four of the five tested products achieved NSS Recommended ratings and one received a Caution rating.
Venafi Announces Venafi Technology Network (Venafi) The Venafi Technology Partner Network brings together the leading machine identity protection platform with security, application performance, DevOps, and cloud technologies.
SparkPost Achieves SOC 2 Type 1 Certification (PRNewswire) SparkPost, the most performant cloud email delivery service available,...
VMware's new vSAN 6.6 first to include native hyperconverged infrastructure security (CRN Australia) Increased security and performance.
RapidScale Launches Unified Security Management as Part of Its CloudSecurity Offerings (IT Business Net) RapidScale, a leader in managed cloud services, has launched a new CloudSecurity offering powered by AlienVault® Unified Security Management.
Rapid7 Defines Next-Generation Analytics Platform for Security and IT Professionals (GlobeNewswire News Room) Rapid7 Insight platform is the first cloud-based platform to combine vulnerability management, user behavior analytics-powered SIEM, IT log analytics, and application security data
Imperva PartnerSphere Channel Program Awarded 5-Star Rating in CRN’s 2017 Partner Program Guide (BusinessWire) Imperva announced that CRN has given it a 5-Star rating in the CRN 2017 Partner Program Guide while its leaders were honored as Channel Chiefs.
Hacker-Based Cyber Defense Increases Healthcare Data Security (HITInfrastructure) New investment in Synack's hacker-based security platform allows the company to expand their offering for better healthcare data security.
Fight firewall sprawl with AlgoSec, Tufin, Skybox suites (Network World) These three security policy management toolsets deliver orchestration and automation.
Connect Financial Software Solutions and SnoopWall Partner to Secure Credit Unions and Their Mobile Apps Against the Latest Threats (PRNewswire) SnoopWall, Inc., the global leader in breach prevention, in partnership...
Technologies, Techniques, and Standards
Global Regulatory Outlook 2017 (Duff & Phelps) Opinions on global financial services regulation and industry developments for the year ahead
FCA opens investigation into the potential for blockchain in financial services (Computing) FCA looking for answers over the question of blockchain and distributed ledger technology in financial services
DP17/3: Discussion Paper on distributed ledger technology (FCA) We are launching a discussion to start a dialogue on the potential for future development of distributed ledger technology (DLT) in the markets we regulate. We are particularly interested to explore where the balance of risk and opportunities may lie in relation to DLT.
OWASP Top 10 Update: Long Overdue Or Same-Old, Same-Old? (Dark Reading) The industry benchmark list is about to change for the first time in four years, but barring a few important changes, it looks a lot like it always has.
WhiteSpace Alliance Publishes Testing Format for Wi-FAR Certification (PRWeb) Specification defines compliance testing for TV white space interoperability
Overcoming the Rise of IoT-Based Botnets (Infosecurity Magazine) Mirai turned out to be the perfect catalyst for harnessing more CPU and bandwidth from the most unassuming devices on a massive scale.
Understanding the actor in the cyber threat landscape (Information Age) In an increasingly vulnerable world the need for a proactive approach to cyber security - focusing on the actor - is required
Detecting insider threats is easier than you think (CSO Online) Security experts weigh in on stopping the danger from your own employees. Access and security awareness training are the main themes to finding the danger that is within your own walls.
Blanket Deployment of Intelligence is Counterproductive (ThreatQuotient) The ThreatQ platform offers a two-step resolution through our new scoring feature. It starts by properly scoring intelligence for your environment, which I’ve discussed in detail in multiple blogs and in a new whitepaper.
Website owners urged to adopt new HTTPS certificate checking options (Computing) Certificate authorities and browser makers vote to make new certification checks mandator
Lockheed Holds Classified War Game To Test Multi-Domain Concepts (Breaking Defense) Lockheed Martin views the multi-domain warfare concept as so important it is funding and holding a series of classified war games to explore strategies, Concepts of Operation and weapons to see how they might perform taking on an A2/AD opponent. The second game begins today and ends Thursday.
Pasadena’s Parsons Hosts Cyber Defense Exercise Supporting the National Security Agency (Pasadena Business Now) Parsons — a major national technology-driven engineering services firm with expertise in physical and cybersecurity, intelligence, infrastructure and environment, and logistics and training based in Old Pasadena — has announced it will host a 5-day (April 10 – 14) “information assurance exercise” at its cyber center.
La. National Guard trains with local power company on cyber defense (KALB) Disaster Response Exercise includes cyber operations
Legislation, Policy, and Regulation
Johnson stung over sanctions against Russia (Times (London)) Boris Johnson was left embarrassed last night after his demands for fresh sanctions against Russia over its backing for President Assad of Syria were publicly rebuffed by European allies. The final...
US, Europe partner to counter 'fake news' and cyberattacks (ZDNet) The center will be headquartered in Finland next to neighboring Russia, which stands accused of launching so-called "hybrid" attacks, such as the spreading of fake news.
EU, NATO countries kick off center to counter 'hybrid' threats (Defense News) The center will be based in Helsinki and will form a network of experts for the participating countries.
Europe and U.S. Move to Fight Russian Hybrid Warfare (Foreign Policy) A new center to counter hybrid threats inches Finland and Sweden closer to NATO in everything but name.
Former CIA director: Don’t call Russian election hacking ‘act of war’ (TheHill) Former CIA director Michael Hayden says Democrats and others are wrong to describe Russia’s hacking campaign to influence the presidential election as an “act of war.”
Trump's intelligence doubts parroted by Russia (Military Times) President Donald Trump's frequent questioning about the integrity of his spy agencies is coming back to haunt him.
To Defeat ISIS, Cooperation Is Key (Foreign Affairs) Despite politically driven rhetoric touting the virtues of “going it alone” in foreign policy, cooperation with other nations remains essential to countering ISIS and the greater problem of terrorism.
Azerbaijan: State and Dissidents Acquire New Weapons for Cyber War (EurasiaNet.org) The Azerbaijani government appears to have taken yet another step to quash online opposition media in the country, who have responded by using a technique borrowed from Chinese dissidents in their esc
Govt cyber attack unit launched (Radio New Zealand) The government has launched its new $22 million unit to help New Zealanders who fall victim to cyber attacks.
Budget woes hinder US cybersecurity buildup (TheHill) Experts and officials are warning of the negative effects that another stopgap funding bill would have.
Senate panel advances small business cybersecurity bill (TheHill) Bill would require federal institute to give cyber resources to small businesses.
"Cyber-Ninja Force" Being Developed to Protect Energy, Gas Grid (RealClearEnergy) Protecting the U.S. electrical grid and the gas pipeline system from cyberattacks has drawn increased attention from Congress as the threats to infrastructure become more prevalent...
Is it time for a U.S. (cyber) health service? (GCN) IT managers can improve data security by taking a page from how the health care community prevents, tracks down and resolves public health problems.
“Unenforceable”: How voluntary net neutrality lets ISPs call the shots (Ars Technica) Pai's plan would "tilt everything in favor of the incumbents," regulator says.
How an Airline Tragedy Brought GPS to the Masses (Motherboard) The Soviet shootdown of Korean Air Lines Flight 007 in 1983 spurred Ronald Reagan to open the US military’s satellite-based Global Positioning System for civilian use.
Litigation, Investigation, and Law Enforcement
Brexit voter registration website crash could have been a DDoS, says report (TechCrunch) A government voter registration website in the UK that crashed in the hours before the deadline for registering to vote ahead of last year's Brexit referendum..
FBI obtained FISA warrant to monitor Trump adviser Carter Page (Washington Post) The Justice Department and the FBI convinced a judge of probable cause to believe Page was suspected of acting on Russia’s behalf.
Record ZTE fine spotlights weak links in supply chain (FCW) The record $1.19 billion fine imposed on a Chinese telecommunications firm in March for violating U.S. sanctions against Iran and North Korea is worth keeping in mind as dangers to supply chain security mount, said top U.S. counterintelligence official.
U.S. Lawmakers Push to Widen Iran Sanctions Probe Beyond China's ZTE (Yahoo! Finance) A group of Republican lawmakers is pushing the Trump administration to investigate and unmask a company that may have violated Iran sanctions laws in the same way as Chinese mobile-phone maker ZTE Corp....
Spion soll Informationen an Chinesen verkauft haben (Wirtschafts Woche) Ein Siemens-Mitarbeiter soll Informationen aus der Energiesparte des Unternehmens an Chinesen verkauft haben. Den Hinweis dazu erhielt das Unternehmen über das interne Whistleblower-System.
Europol and Brazil agree co-operation on cyber crime (ComputerWeekly) Brazil, which has a significant and growing cyber crime problem both as the target of international attacks and the source of regional attacks, is set to work more closely with Europol to fight cross-border crime
Alleged Yahoo Email Hacker Denied Bail in Canada (Dark Reading) Karim Baratov awaits extradition hearing, likely on June 12.
EU to release findings of investigations into Yahoo security breaches 'soon' (Computing) Findings of investigation by data protection authorities due imminently
Fake News at Work in Spam Kingpin’s Arrest? (KrebsOnSecurity) Over the past several days, many Western news media outlets have predictably devoured thinly-sourced reporting from a Russian publication that the arrest last week of a Russian spam kingpin in Spain was related to hacking attacks linked to last year’s U.S. election.
Kelihos/Waledac: US law enforcement hits botnet with major takedown (Symantec Security Response) Alleged botnet operator arrested in Spain, faces multiple charges in the US.
How the FBI Took Down Russia’s Spam King—And His Massive Botnet (WIRED) The arrest of Peter Yuryevich Levashov notches another win for the FBI's top cyber talent.
Operation Casper Shuts Down Massive Premier League Piracy Ring (Infosecurity Magazine) Europol arrested eight people for the illegal distribution of 1,000 pay-TV channels across two ISPs.
Nigerian Citizen Arrested for Alleged Tax Fraud (Dark Reading) Olusola Luke and accomplices allegedly committed identity theft to steal over $734,000 in tax refunds.