Cyber Attacks, Threats, and Vulnerabilities
The Shadow Brokers Leaked Exploits Explained (Rapid 7) The Rapid7 team has been busy evaluating the threats posed by last Friday’s Shadow Broker exploit and tool release and answering questions from colleagues, customers, and family members about the release. We know that many people have questions about exactly what was released, the threat it poses, and how to respond, so we have decided to compile a list of frequently asked questions.
Five reasons to worry about the ShadowBrokers hack (TheHill) WikiLeaks is getting headlines with its CIA documents, but leaks from the ShadowBrokers on possible National Security Agency hacking tools may be far more consequential.
Shadow Brokers latest leak a gold mine for both criminals and researchers (Cyberscoop) Security researchers are learning how the NSA operates while criminals are starting to take the tools for a spin on the open web.
How Spy Agency Hackers Pose As – Anybody (The Cipher Brief) A false flag operation – pretending to be someone else while conducting spycraft or warfare – is an age-old tactic. With the advent of cyber espionage and digital warfare, those maneuvering in the virtual domain can use false flags.
BankBot Trojan found lurking on Google Play (Help Net Security) The crooks behind the BankBot Trojan are repeatedly succeeding in making Trojanized apps available for download on Google Play.
Email Tracking Pixels Used for Pre-Hack Info Gathering (BleepingComputer) A simple email marketing trick is also abused by cyber-criminals, who are employing a technique known as "pixel tracking" to gather information on possible targets or to improve the efficiency of phishing attacks.
Of Pigs and Malware: Examining a Possible Member of the Winnti Group (TrendLabs Security Intelligence Blog) In one of our previous blog entries, we covered how the threat actor known as Winnti was using GitHub to spread malware – a development that shows how the group is starting to evolve and use new attack methods beyond their previous tactics involving targeted attacks against gaming, pharmaceutical, and telecommunications companies.
Vigilante botnet infects IoT devices before blackhats can hijack them (Ars Technica) Hajime battles with Mirai for control over the Internet of poorly secured things.
Hajime IoT worm infects devices to head off Mirai (Help Net Security) Individuals who should not interfere with IoT devices have taken it upon themselves to do so, in an attempt to secure them before other malware takes hold.
Internet routing weakness could cost Bitcoin users (Naked Security) A flaw in the underlying design of the Internet could be very expensive for Bitcoin users, researchers find.
Magento Arbitrary File Upload Vulnerability (Remote Code Execution, CSRF) (Defense Code) During the security audit of Magento Community Edition high risk vulnerability was discovered that could lead to remote code execution and thus the complete system compromise including the database containing sensitive customer information such as stored credit card numbers and other payment information. The main attack vector uses an additional Cross Site Request Forgery vulnerability.
Code Tutorials Spread Application Flaws Far and Wide (The Security Ledger) In-brief: Researchers at universities in Germany, working with the security firm Trend Micro, discovered more than 100 vulnerabilities in GitHub code repositories simply by looking for re-used code…
Edge Plagued by Various Security Flaws, Not as Secure as Microsoft Boasts (BleepingComputer) Microsoft never shied away from claiming that Edge is a much more secure browser than Chrome. Even some third-party tests have sustained its claims. Nonetheless, there are currently three different issues affecting Edge, which Microsoft might not like you knowing about.
Job seekers on ZipRecruiter being targeted by scams via email and text (CSO Online) Right now, thousands of people are looking for a new job online. Some of them just want a change, but others are looking for a stable income to support themselves and their families. Scammers are targeting job seekers with precision, often making contact instantly after the victim submits and application or receives a notification from a prospective employer.
Beware bogus emails from LinkedIn asking for your CV! (HOTforSecurity) LinkedIn users are being warned to be on their guard following a rise in reports of attacks being distributed via email designed to trick job seekers into sharing their personal details. Scammers have spammed out email messages posing as communications from LinkedIn...
I'm a Victim of Tax Season Cybercrime (Motherboard) And we are all victims of our unnecessarily convoluted tax system.
Hunting for Malicious Excel Sheets (SANS Internet Storm Center) Recently, I found a malicious Excel sheet which contained a VBA macro. One particularity of this file was that useful information was stored in cells. The VBA macro read and used them to download the malicious PE file. The Excel file looked classic, asking the user to enable macros...
Breaking: Voters’ personal data at risk in Cobb theft (Atlanta Journal-Constitution) As voters head to the polls in Georgia's special election, officials are investigating theft of voting equipment from a Cobb County precinct manager's car.
Researchers develop synthetic skeleton keys for fingerprint sensors (Naked Security) Your fingerprint doesn’t match anyone else’s but parts of it might, and that could be enough
Burger King triggers Google Home devices with TV ad (Naked Security) Inventive users took their revenge via Wikipedia
RawPOS: New Behavior Risks Identity Theft - TrendLabs Security Intelligence Blog (TrendLabs Security Intelligence Blog) Despite being one of the oldest Point-of-Sale (PoS) RAM scraper malware families out in the wild, RawPOS (detected by Trend Micro as TSPY_RAWPOS) is still very active today, with the threat actors behind it primarily focusing on the lucrative multibillion-dollar hospitality industry. While the threat actor’s tools for lateral movement, as well as RawPOS’ components, remain consistent, new behavior from the malware puts its victims at greater risk via potential identity theft. Specifically, this new behavior involves RawPOS stealing the driver’s license information from the user to aid in the threat group’s malicious activities.
IHG Confirms Second Credit Card Breach Impacting 1,000-Plus Hotels (Threatpost) InterContinental Hotels Group said on Friday that it found malware designed to access payment card data at more than 1,000 of its hotels.
Foodie social network Allrecipes warns that someone stole users' email addresses and passwords (Graham Cluley) Allrecipes, the self-described "food-focused social network", has sent an email out to some of its users warning that their email addresses and passwords may have been intercepted by an unknown third-party.
Cyber attack would leave East Coast dazed, Energy Dept. says (Washington Examiner) Power could be out for three weeks, leading to widespread problems, report says.
Nigeria not immune to cyber threat - CSEAN (The Nation Nigeria) Warns of imminent cyber-attack on banks Cyber Security Experts Association of Nigeria (CSEAN) has warned that the country is currently vulnerable to cyber-attacks. CSEAN President, Remi Afon stated in Abuja that corporate organisations and government establishments have refused to realise and prepare for imminent dangers of cyber threats. He stated that cyber-attacks were becoming moreRead More
At $175, this ransomware service is a boon to cybercriminals (CSO Online) Cybercriminals can engage in more ransomware attacks, thanks to a new variant called Karmen that hackers can buy on the black market for $175.
Advanced, Low-Cost Ransomware Tools on the Rise (Dark Reading) New offerings cost as little as $175 and come with lots of anti-detection bells and whistles.
Report: Cybercriminals prefer Skype, Jabber, and ICQ (CSO Online) The most popular instant messaging platforms with cyber criminals are Skype, Jabber and ICQ, according to a new report released this morning. Meanwhile, consumer-grade platforms like AOL Instant Messenger and Yahoo IM have fallen out of favor, while newer, more secure consumer oriented platforms like Telegram and WhatsApp are also gaining popularity.
Security Patches, Mitigations, and Software Updates
Record Oracle Patch Update Addresses ShadowBrokers, Struts 2 Vulnerabilities (Threatpost) Oracle released a record 299 patches, including a fix for a Solaris vulnerability disclosed by the ShadowBrokers, and another for the recently disclosed Apache Struts 2 flaw.
Oracle drops 299-patch security update - 25 of them rated 10 out of 10 by CVSS (Computing) Shadow Brokers, the NSA and others have kept Oracle busy this year
Facebook Delegated Account Recovery SDKs Published for Java, Ruby Apps (Threatpost) At F8 today, Facebook released SDKs and documentation for the integration of Delegated Account Recovery into Java, NodeJS and Ruby applications.
Bitdefender Mobile Security Announces End of Updates for Android 3.0 (Bitdefender) Bitdefender to focus staffing, resources on protecting newer versions
Cyber Trends
Time to Stop the Bad Cybersecurity Advice (Infosecurity Magazine) NCSC's Ian Levy took to the stage at CRESTCon & IISP Congress to discuss cybersecurity advice
SMEs Still Too Complacent About Cyber Attack (Forbes) Still not taking cyber security seriously? If you’re running a small and medium-sized enterprise, it might be tempting to think that attackers have bigger fish to fry – but you fall into this trap at your peril.
Big business and key agencies are now under ‘daily’ cyber attack (The Australian) Australia’s largest companies and key government agencies are under daily cyber attack, with 90 per cent of businesses and departments having been targeted for industrial espionage, hacking or security breaches in the past year.
Marketplace
Crypto-currencies like bitcoin surge in value - threefold increase since last year (Computing) Crypto market now worth same as AirBnB - and rising
Cybersecurity companies to watch (CSO Online) CBInsights created a list of startups that its metrics showed has early-to mid-stage high-momentum companies pioneering technology with the potential to transform cybersecurity.
Oracle acquires Dutch cloud start-up Wercker (Computing) Oracle promises to keep Wercker's community edition free
IBM i Into A Broader Security Web (IT Jungle) In the on-going war between cybercriminals and everybody else, there’s no place for lone wolfs. The strength of any individual company’s security is largely dependent on the collective posture of multiple groups of actors. Luckily for IBM i shops, there are defined paths to plug into the broader shield that’s constantly evolving to keep us
HMRC refuses to reveal how much it paid Capgemini and Accenture for Aspire contract extensions (Computing) Revealing the cost could 'undermine the commercial interests of both parties', claims HMRC
Network security vendor Tenable hires IT veteran Gordon Gakovic to drive ANZ (CRN Australia) Gordon Gakovic brings 25 years of experience to role.
BAE Systems’ Peder Jungck Named President of International Cyber Threat Intelligence Sharing Organization (Yahoo! Finance) BAE Systems’ Peder Jungck has been named president of the Information Technology - Information Sharing and Analysis Center , an influential not-for-profit organization composed of member companies dedicated to enhancing cyber security by sharing threat information and collaborating on effective mitigations
RedOwl names former CIA exec Mark Kelton to board (Bankless Times) Insider risk solutions provider RedOwl has named former Central Intelligence Agency (CIA) executive Mark Kelton to its board of advisors. Mr. Kelton will assist with the detection of insider threat…
Products, Services, and Solutions
LockPath Introduces Keylight Managed Services - LockPath.com (LockPath.com) LockPath, a leading provider of GRC solutions, announced the availability of a new professional services offering, Keylight Managed Services (KMS).
NSS Labs Announces Data Center Firewall Group Test Results (GlobeNewswire News Room) No Vendor Excelled in NSS Labs-Defined Data Center Test Scenarios
Fortinet extends security fabric automation across cloud environments (ETCIO.com) Fortinet launches CASB offering and expands on-demand cloud security solutions with unmatched performance for enterprises and service providers
root9B Announces Release of ORKOS 2.0 - Credential Risk Assessment and Remediation Solution (Yahoo! Finance) root9B, a root9B Holdings Inc. (NASDAQ: RTNB) company and leading provider of advanced cybersecurity products and services, today announced the May ...
Hacker-Based Cyber Defense Increases Healthcare Data Security (HITInfrastructure) New investment in Synack's hacker-based security platform allows the company to expand their offering for better healthcare data security.
CloudCheckr and Allgress Partner to Simplify Compliance for the AWS Cloud (Yahoo! Finance) CloudCheckr, the enterprise cloud management platform, today announced a partnership and integration with Allgress, the AWS-certified compliance platform, which provides compliance controls mapping for NIST 800-53, PCI DSS, HIPAA and other standards.
Guidance Software Selects Lastline to Speed CyberAttack Response Rates (Yahoo! Finance) Lastline, a leader in advanced threat protection, and Guidance Software, the makers of EnCase®, the gold standard in forensic security, today announced a strategic partnership and integration, strengthening ...
Leading Industrial Cyber Security Firm, Red Trident Inc, Named Siemens Solution Partner for Industrial Strength Networks (EIN) Experts in critical infrastructure cyber security, Red Trident becomes one of only six U.S. Solution Partners focused on Siemens Industrial Strength Networks
ThreadFix Platform Provides Application Security at DevOps Speed (Yahoo! Finance) Denim Group, the leading independent application security firm, today announced the release of the latest version of ThreadFix, the company’s application vulnerability resolution platform for developers and security professionals.
Sorting out the conflict between Google Chrome and Malwarebytes (Star Tribune) I frequently recommend the free Malwarebytes security program to clean PCs infected with viruses or other malicious software.
Technologies, Techniques, and Standards
Cylance denies providing fake malware samples (SC Magazine US) Security firm Cylance Tuesday disputed accusations that used fake malware that only its Protect product could detect to gain more favorable results over competitors during testing.
Time to Test for Yourself (Cylance) We believe public testing of anti-malware products is fundamentally flawed. Testing needs to change: we've been saying it for years. We are pushing for reforms that will result in fair testing methods, and true independent testing that will ultimately benefit users.
Cyber risk issues resonating in boardrooms (Help Net Security) The Cyentia Institute used surveys and interviews with corporate board members and CISOs to identify specific cyber risk issues resonating in boardrooms.
Why Brand Trumps Tech in C-Level Conversations (Dark Reading) Brand reputation, not technical tools, should be the focus of the CIO's conversations with board members about the importance of security.
CISO's, Board Members Have Widely Divergent Views on Cybersecurity (Dark Reading) Boards often want a lot more business-relevant reporting than CISOs provide, Focal Point Data Risk study shows.
How Top Security Execs are Doing More with Less (Dark Reading) Even the largest corporations aren't immune to the cybersecurity skills gap - an inside look at how they are coping and adjusting.
How Businesses Should Prepare for Australia’s New Mandatory Data Breach Notification Law (Palo Alto Networks Blog) Palo Alto Networks APAC CSO Sean Duca shares what actions your organization should be taking to prepare for Australia’s new mandatory data breach notification laws.
Venafi Study: Weak Cryptographic Security Controls Epidemic Among DevOps Teams (Venafi) According to Venafi's study, many organizations fail to enforce vital cryptographic security measures in their DevOps environments.
The Need For Agile Risk Management (Cylance) The world of cybersecurity has changed. Today’s risk management leaders need agile defenses that quickly adapt to these new demands and stay ahead of attacks. A simple yet powerful framework, the 9 Box of Controls, allows people to better assess the value and impact of information security controls on an organization.
'Intrusion Suppression:' Transforming Castles into Prisons (Dark Reading) How building cybersecurity structures that decrease adversaries' dwell time can reduce the damage from a cyberattack.
Take Immediate Action to Avoid Infamous Security Breaches (Chargebacks911) Protect your customers—and your business—against hackers with these 9 data security tips and strategies.
To See or Not to See? It Shouldn't be a Question (Security Week) In today’s world, IT professionals may find themselves asking some tough questions about network visibility: How do we see the whole network? What tools do we need? How do we stay compliant? Although not life or death questions, hats off to Hamlet, they are important to ask for an organization’s security posture. This is especially true considering the rise in data and network complexity, coupled with concerns about privacy and security.
Stressing Over Stolen and Abused User Credentials? (Security Week) We live in a world where security operations professionals often find themselves fighting logs, not threats. They constantly worry that their organization’s defenses will be overrun and valuable data stolen or lost. In honor of Stress Awareness Month, we have an opportunity to reflect on ways to lower your operational burden, the chance of a breach and your stress levels by preventing the theft and abuse of valid user credentials.
The 3 ‘B's’ of cybersecurity [Commentary] (Fifth Domain | Cyber) Professor Scott Shackelford, cybersecurity program chair at Indiana University-Bloomington, on how more companies can boost their cybersecurity preparedness without breaking the bank.
The importance of creating a cyber security culture (Information Age) Creating a culture of cyber security is just as important as implementing the latest in security technology to protect an organisation
Network Firewalls: How to Protect Your Network from Unauthorized Access (eSecurity Planet) They lack the buzz of more recent security innovations, so network firewalls can be overlooked. Yet firewalls are an essential aspect of any security strategy. We cover the basics of network firewall technology and look at the latest in next-generation firewalls.
Design and Innovation
Will blockchain liability be similar to Bitcoin liability? (Help Net Security) Bitcoin and Blockchain are not one and the same. Bitcoin is a digital asset and payment system that runs on a public distributed ledger called a blockchain.
Research and Development
Princeton researchers discover why AI become racist and sexist (Ars Technica) Study of language bias has implications for AI as well as human cognition.
Academia
In Afghanistan, girls break cyber walls (Deutsche Welle) In former Taliban-ruled Afghanistan, many still believe a woman's place is in the home. But two Afghan sisters want to bring a digital revolution to their country by teaching girls how to code and use computers.
Legislation, Policy, and Regulation
Criticism of Beijing’s North Korea Policy Comes From Unlikely Place: China (New York Times) A rare challenge by a well-known historian shows the renewed debate over China’s longstanding patronage of its unpredictable neighbor.
Meanwhile in China: Surveillance required on public Wi-Fi (Network World) Chinese authorities in Hebei force businesses and places that offer public Wi-Fi to install surveillance tech to record all users’ online activity or face fines and other sanctions.
Government Needs ‘Heavy Artillery’ for Cyberspace, DHS Chief Says (Nextgov) Plodding bureaucracy could leave government outgunned in cyberspace, Gen. John Kelly said in his first major address as secretary.
Trump's cybersecurity mystery: 90 days in, where's the plan? (ITworld) On Jan. 6, Donald Trump said his administration would produce a report on cybersecurity within 90 days after his inaguration. On Wednesday, President Trump marks his 90th day in office with no sign of a report or indication that one is on the way.
Armed forces looking to train more regulars, reservists and civilians in cyber security (Computing) 'We're extremely serious about cyber defence,' says head of training Brigadier Paul Buttery
Rhode Island hires first cybersecurity officer (The State) Gov. Gina Raimondo has appointed Rhode Island's first cybersecurity officer.
Litigation, Investigation, and Law Enforcement
Indonesian authorities hunt Islamic State operative’s cyber recruits (FDD's Long War Journal) On Mar. 30, the US Treasury Department designated Bahrun Naim, a senior Islamic State figure from Indonesia, as a terrorist. It was the latest in a series of US government designations targeting the self-declared caliphate's network in Southeast Asia. Naim absconded from his home and made his way to the self-declared caliphate's stronghold in northern Syria in either late 2014 or early 2015 -- just months after Abu Bakr al Baghdadi's followers declared him "Caliph Ibrahim." Naim, a computer guru who once worked at an internet café, had spent a short stint in prison after being convicted on illegal weapons charges in 2010. He developed a number of suspicious relationships with extremists, especially in his home city of Solo on the island of Java. Naim was also once a member of Hizbut Tahrir, which seeks to resurrect the Islamic caliphate, but abstains from overt acts of violence. According to Voice of America, a spokesman for Hizbut Tahrir claimed that Naim was expelled from the group
FBI Relied On Dossier To Obtain Surveillance Warrant On Trump Campaign Adviser (The Daily Caller) The FBI relied on information contained in an uncorroborated dossier compiled as part of a political opposition research campaign to obtain a federal surveillance warrant to monitor Carter Page, a for
Trump's claims about Susan Rice start to unravel (MSNBC) Donald Trump repeatedly accused Susan Rice of criminal wrongdoing. Those allegations now appear increasingly ridiculous.
Community Standards and Reporting (Facebook Newsroom) Update on April 18, 2017: Mark Zuckerberg, speaking at F8, Facebook’s developer conference said today, “We have a lot more to do here. We’re reminded of this this week by the tragedy in Cleveland. Our hearts go out to the family and friends of Robert Godwin Sr. We have a lot of work and we […]
Symantec Sues Zscaler For Seven Additional Patent Infringements Around Network Security Technologies (CRN) The lawsuit, disclosed Tuesday, alleges Zscaler infringed on seven of Symantec's patents and builds on an earlier patent infringement lawsuit the company filed in December.
The Latest: Man pleads guilty in cyberattack in Wisconsin (Star Tribune) The Latest on the change-of-plea hearing for an Arizona man accused of hacking into government websites (all times local):
Two members of ATM skimming ring plead guilty to bank fraud (Ars Technica) A total of 13 charged in PNC and Bank of America card-cloning scheme.