Cyber Attacks, Threats, and Vulnerabilities
Leaked NSA hacking tools are a hit on the dark web (Cyberscoop) A shadowy cast of random hackers are now sharing, promoting and working to reverse engineer the tools in the latest Shadow Brokers dump.
Is There a Russian Mole Inside the NSA? The CIA? Both? (The Daily Beast) The latest Shadow Brokers hack exposed classified intel that could only have come from within the NSA, setting the stage for a Cold War ritual—the mole hunt.
Inside The Hunt For Russia’s Hackers (BuzzFeed) Russia’s cyberwarfare operations are built on the back of their cybercriminal networks. Can the US and their allies take them down?
Is the United States Really Blowing Up North Korea’s Missiles? (Foreign Policy) There’s just no evidence to support the fantasy that Kim Jong Un’s rockets are falling prey to a super-secret U.S. cyberprogram.
SPECIAL ANALYSIS: The Dangerous Speculation Over Cyber Warfare Behind The Alleged Failures Of North Korean Missile Launches (Homeland Security Today) In recent days, there has been a lot of speculation on the Internet -- and even among the mainstream media -- over the true cause of the many failures of North Korea’s missile tests. Some people are suggesting the Trump Administration is behind the failures by somehow introducing a virus into the missile systems to make them fail.
The IoT malware that plays cat and mouse with Mirai (Naked Security) A botnet dubbed Hajime uses much the same tactics as Mirai – but to neutralise the damage done. Is this a good thing, though?
BrickerBot Author Claims He Bricked Two Million Devices (BleepingComputer) Just like Wifatch and Hajime, the BrickerBot malware is also the work of a vigilante grey-hat, who goes online by the name of Janit0r, a nickname he chose on the Hack Forums discussion boards.
Stuxnet LNK Exploits Still Widely Circulated (Threatpost) Endpoints are still encountering exploits for the LNK vulnerability, one of the principal infection mechanisms used by the Stuxnet worm.
Hackers use old Stuxnet-related bug to carry out attacks (ITworld) Users that run unpatched software beware. Hackers have been relying on an old software bug connected to the Stuxnet worm to carry out their attacks.
DressCode Android Malware Finds Apparent Successor in MilkyDoor (TrendLabs Security Intelligence Blog) We recently found 200 unique Android apps—with installs ranging between 500,000 and a million on Google Play—embedded with a backdoor: MilkyDoor.
Spyware Disguised as System Update Survived on Play Store for Almost Three Years (BleepingComputer) An Android app named "System Update" that secretly contained a spyware family named SMSVova, survived on the official Google Play Store for at least three years, since 2014, when it was updated the last time.
Microsoft shrugs off report that Edge can expose user identities from JS Fetch requests (Register) La la la nothing to patch here la la la
The History of Fileless Malware – Looking Beyond the Buzzword (Lenny Zeltser) What’s the deal with “fileless malware”? Though many security professionals cringe when they hear this term, lots of articles and product brochures mention fileless malware in the context of threats that are difficult to resist and investigate. Below is my attempt to look beyond the buzzword, tracing the origins of this term and outlining the malware samples that influenced how we use it today.
Ambient Light Sensors Can Be Used to Steal Browser Data (BleepingComputer) Sensors used to detect the level of ambient light can be used to steal browser data, according to privacy expert Lukasz Olejnik.
YouTubers Are Hawking Powerful Phone Malware to Illegally Spy on Lovers (Motherboard) Check the link in the description below!
Malwarebytes Detail The Evolving Threat And Rise Of Cerber Cyber Ransomware (FileHippo) Report details the worrying rise and continued growth of Cerber based ransomware, but the almost total disappearance of Locky…
Why are typosquats a risk to your organization? (SecurityScorecard Insights & News) Find out how to protect your organization from typosquats.
Analysis of a Maldoc with Multiple Layers of Obfuscation (SANS Internet Storm Center) Thanks to our readers, we get often interesting samples to analyze. This time, Frederick sent us a malicious Microsoft Word document called "Invoice_6083.doc" (which was delivered in a zip archive). I had a quick look at it and it was interesting enough for a quick diary.
Security Alert: Fake Delta Airlines Receipt Spreads Financial Malware - Heimdal Security Blog (Heimdal Security Blog) Scammers want to steal your financial & banking data using a fake Delta Airlines receipt. Read our security alert to learn how they do it.
Cyber Attack Drill Exposes How Unprepared City Is For Grave Threat (CBS) The exercise, led by the Department of Energy, saw oil refineries in greater Philadelphia shut down by the fictitious attack.
Holiday Inn, Crowne Plaza Part of 1,200 InterContinental Hotels Cyber Attack (Fox Business) Global hotel chain InterContinental Hotels Group Plc said 1,200 of its franchised hotels in the United States, including Holiday Inn and Crowne Plaza, were victims of a three-month cyber attack that sought to steal customer payment card data.
Dozen hotels in Eastern Carolina victims of lengthy cyber attack (WTN) InterContinental Hotels Group says customer credit card information was stolen from franchised locations that include Holiday Inn, Holiday Inn Express, Candlewood Suites and Staybridge Suites.
Five insider threat profiles to look out for. (Infosecurity Magazine) Identifying five insider threat profiles to show the complexity of the problem.
Security Pros: People Are the Biggest Problem (Infosecurity Magazine) Security Pros: People Are the Biggest Problem. IISP report warns of growing skills shortages
Security Patches, Mitigations, and Software Updates
Google Fixes Unicode Phishing Vulnerability in Chrome 58, Firefox Standing Pat (Threatpost) Google fixed a vulnerability that could’ve let an attacker carry out phishing attacks with Unicode domains in Chrome but Mozilla is holding off – for now.
Linksys Smart Wi-Fi routers full of flaws, but temporary fix is available (Help Net Security) Over 20 models of Linksys Smart Wi-Fi routers have vulnerabilities that, if exploited, could allow attackers to mess with and take over the devices.
Drupal Patches Three Vulnerabilities in Core Engine (Threatpost) Three vulnerabilities were patched Wednesday in the Drupal content management system’s core engine, two of which were rated critical.
Cyber Trends
Netskope Cloud Report (Netskope) More than half of Microsoft Office 365 usage comprised of services other than OneDrive for Business
5 Facts Every Executive Should Know About Mobile Security (Zimperium) Today, employee mobility is critical for enterprise productivity. Mobile devices, the networks they use and apps have become critical success factors for organizations who want to reach and satisfy customers, collaborate more effectively with suppliers, and keep employees productive anytime and anywhere.
Why encryption has become a boardroom issue (Computing) Thales e-Security survey shows how corporate decision-making on encryption has shifted from the IT department to the boardroom, writes John Grimm
Going digital: The changing context of cybersecurity in retail (CyberInt) As digital businesses continue to grow, the push for online channels means that retailers have something new to worry about: digital and cyber risks.
WiCyS 2017: Building a Diverse Pipeline Into Cybersecurity - Palo Alto Networks Blog (Palo Alto Networks Blog) At Palo Alto Networks, the more we can build teams of people with different educational or professional backgrounds, from different cultures, who speak different languages, the better we are equipped to build creative solutions to the toughest cybersecurity problems.
Banks say Cyber Security is Biggest Threat to Innovation (Acumin Recruitment, London) A vast percentage of the largest financial institutions and banks in the world have labelled cyber security as financial innovation's number one enemy.
A third of employees say it's common to take corporate data with them when leaving a company (Help Net Security) Many pros that work with confidential information lack understanding regarding how that data should be shared and corporate data security policies.
6 Times Hollywood Got Security Right (Dark Reading) Hollywood has struggled to portray cybersecurity in a realistic and engaging way. Here are films and TV shows where it succeeded.
Marketplace
Secure card maker Plastc Inc. considering Chapter 7 bankruptcy, halts operations (CSO Online) Early supporters of Plastc, the E-Ink and touchscreen smart card that offered a number of security features, got some bad news on Thursday. Plastc Inc. is exploring options for Chapter 7 Bankruptcy protection, and none of the pre-orders will ship.
Denver cybersecurity startup CyberGRX hits a nerve, attracts $20 million in round led by Silicon Valley VC (The Denver Post) A year after publicly launching in Denver, the fast-growing CyberGRX plans to announce Tuesday that it received $20 million in an investment round led by Silicon Valley’s Bessemer Venture Par…
IBM’s security business up 10 percent, powered by Watson (CSO Online) CSO checked in with Marc van Zadelhoff, general manager at IBM Security - one of IBM’s four strategic areas (cloud, analytics, and mobile being the other three) - for a deeper dive into its security initiatives.
The IBM Story, In 5 Easy Charts (Seeking Alpha) Big Blue doesn't have any growth engines. Cognitive computing presents high-margin opportunity if IBM can grow it. The stock's technical breakdown alone could j
Shlomo Kramer's Cato Networks Out To Redefine Networks And Security, Again (Forbes) When Shlomo Kramer speaks people listen--at least when it comes to networks and security. He's earned his reputation by founding two successful, publicly-traded security companies--Check Point and Imperva. Check Point, which Kramer founded in his grandmother's apartment in the early 90's, now has a market cap of more than $18 billion, with Imperva close to $1.5 billion.
SYNNEX Corporation Selected to Carry Symantec's Complete Product Portfolio (Yahoo! Finance) SYNNEX Corporation (NYSE: SNX), a leading Technology Solutions distributor, today announced that it now offers the full portfolio of Symantec enterprise ...
Oliver Rochford Joins RiskSense as Security and Product Evangelist (Yahoo! Finance) RiskSense® Inc., the pioneer and market leader in pro-active cyber risk management, today announced that Oliver Rochford, former research director at Gartner, Inc., has joined the company as security and product evangelist. The
Paul Hastings Picks Up Homeland Security’s Cyber Lawyer (Bloomberg Law: Big Law Business) Paul Hastings announced it has hired Robert Silvers, the outgoing assistant secretary for cyber policy at the U.S. Department of Homeland Security. Silvers joined the Washington, D.C. office this week as a partner in the firm’s privacy and cybersecurity group and its white collar group. It’s not Silvers’ first stint in private practice, but his specialty has shifted:...
Contact center service provider hires Stuart Clark as its first CISO (CSO Online) Serenova looks to Clark to standardize and scale security best practices as the company grows.
Products, Services, and Solutions
New infosec products of the week: April 21, 2017 (Help Net Security) ThreadFix integrates application security into DevOps pipelines Denim Group release of the latest version of ThreadFix, the company’s application vulnerabi
New WatchGuard Access Point Brings Secure, High-Performance Wi-Fi Outdoors (Yahoo! Finance) WatchGuard® Technologies , a leader in advanced network security solutions, today announced the AP322 , a new high-performance cloud-ready outdoor access point ...
CircleBack for Android is Back and Better Than Ever (CircleBack) CircleBack for Android is Back and Better Than Ever Let’s start with an apology—Android users, we’ve heard your frustration over the last few months. We’re sorry we weren’t able to get to this moment sooner. But if you’ll let us make it up to you, we’d love to try. We think we’ve created just the …
FireEye Announces General Availability of Helix – The First Intelligence-Led Platform to Simplify, Integrate, and Automate Security Operations (Yahoo! Finance) FireEye, Inc. , the intelligence-led security company, today announced that FireEye® Helix™ is now generally available around the world. Helix is a first-of-its-kind security platform built for customers and partners who want a simplified, integrated, and automated platform as the center of their security
FireEye Announces Continuous Guidance from FireEye as a Service – Managed Detection That Offers Unmatched Response Speed and Emerging Threat Protection (Yahoo! Finance) FireEye, Inc. , the intelligence-led security company, today announced Continuous Guidance™, a new service tier from FireEye as a Service™ . The FireEye® Continuous Guidance offering leverages the world-renowned expertise of FireEye analysts to detect the undetectable and respond to threats faster, minimizing
Verizon boosts security effort with new threat research advisory centre (ITWire) Giant US telco Verizon has unveiled its new Threat Research Advisory Centre which it says is designed to help customers recognise and react to more sophisticated cyber threats faster and more effectively – and ultimately stop cyber attacks.
Whitewood Introduces netRandom Free, a Cloud-Based Entropy Service to Enable True Random Number Generation (Yahoo! Finance) Whitewood, a developer of crypto-security solutions, today launched netRandom Free, a cloud-based entropy service. netRandom Free is specifically designed to supplement and strengthen security systems in traditional data centers, virtualized cloud environments and embedded systems, such as the Internet
Whitewood Introduces netRandom Free, a Cloud-Based Entropy Service to Enable True Random Number Generation (Yahoo! Finance) Whitewood, a developer of crypto-security solutions, today launched netRandom Free, a cloud-based entropy service. netRandom Free is specifically designed to supplement and strengthen security systems in traditional data centers, virtualized cloud environments and embedded systems, such as the Internet
ForgeRock Edge Security Offers Complete End-to-End Security for Internet of Things Deployments (Yahoo! Finance) ForgeRock®, the leading platform provider of digital identity management solutions, today announced ForgeRock Edge Security, offering complete end-to-end security for internet of things deployments. These ...
Siemens Launches New Business to Digitalize the U.S. Rail Industry (Businesswire) Siemens is launching Digital Rail Services in the U.S., a new business that will use intelligent sensors and advanced software platforms to put intell
ObserveIT Accelerates Insider Threat Detection and Prevention with New Actionable Analytics and Instant Prevention of Breaches (Yahoo! Finance) ObserveIT, the leading insider threat monitoring and analytics solution provider with more than 1,500 customers worldwide, today unveiled new actionable analytics and the ability to proactively block risky, out-of-policy activities by insiders, giving security and IT teams powerful weapons in the fight
Dimension Data to provide scalable cloud solution for Ultrafast Fibre (Digital News Asia) Dimension Data will host all of Ultrafast Fibre’s data assets and applications within their Managed Cloud Platform (MCP) in Hamilton.
Splunk Cloud Launches on AWS Marketplace (Yahoo! Finance) Splunk Inc. , provider of the leading software platform for real-time Operational Intelligence, today announced support for SaaS Contracts in AWS Marketplace.
Threatstream App for Splunk: Introducing Seamless Integration with Enterprise Security (Anomali) Splunk continues lead the way with it's powerful big data SIEM capabilities inside their Enterprise Security App.Here at Anomali we were especially excited with one initiative the company introduced last year, Adaptive Response. We liked it so much we partnered with Splunk to give security teams a powerful way to integrate Threatstream capabilities within the Enterprise Security workflow using the Adaptive Response framework.An Introduction to Adaptive ResponseSplunk's
Blue Ridge Networks announces contribution of its AppGuard® line of business to new Japanese joint venture company Blue Planet-works. (PRNewswire) An investor Group led by ANA Holdings [TYO:9202], Dentsu [TYO:4324]...
Gemini Simplifies Complexity of Big Data for Security Analysts and IT (Yahoo! Finance) Gemini Data, a provider of a security analyst platform to rapidly deploy, manage and achieve situational awareness across leading data and security solutions, today announced that it is expanding its use of Dell EMC technology, and going forward, will continue to offer the quality and reliability of
How Docker Swarm Uses Transparent Root Rotation to Improve Security (eSecurity Planet) Docker's swarmkit integrates multiple secure mechansims including one known as Transparent Root Rotation.
Technologies, Techniques, and Standards
Money spent on cyber-security wasted if firewalls don't work properly (SC Magazine UK) Most IT professionals say firewalls are a core security component and that third-party management of multi-vendor environments is crucial.
As Cyber Attacks Get Serious, IT and Security Teams Need to Break Down Siloes (Computer Business Review) Ivanti's CEO discusses the importance of IT and Security teams tasked with tackling security within the business in the IoT era.
Hospital network security: Recursive DNS lookups yield threat insight (SearchHealthIT) One health system uses recursive DNS lookups and deep insight into threat intelligence to ensure hospital network security.
Kill Chain & the Internet of Things (Dark Reading) IoT things such as security cameras, smart thermostats and wearables are particularly easy targets for kill chain intruders, but a layered approach to security can help thwart an attack.
An untold cost of ransomware: It will change how you operate (Help Net Security) Ransomware is not going away anytime soon. You need to change how your organization operates to protect the data critical for maintaining operations.
Why You Must Build Cybersecurity Into Your Applications (Forbes) One of the largest changes underway in the way we create software is that cybersecurity is no longer an afterthought, but instead is being built into every application. The challenge many companies face is how to keep up and make sure the software they create is just as safe as the products they buy. That’s what we will cover today.
Cutting through the Noise: Is It AI or Pattern Matching? (Dark Reading) Many vendors are fudging terms when trying to sell their artificial intelligence security systems. Here's what you need to know when you buy.
10 interview questions for hiring cloud-literate security staff (CSO Online) The answers will paint a picture of whether this candidate understands cloud security.
From Cultural Intelligence to Cultural Understanding: A Modest Proposal (Small Wars Journal) One of the critical areas in recent operations that has been identified as a major shortfall for the Army has been that of understanding the cultures and societies in which it has been operating. Virtually every report that has analyzed problems in Iraq and Afghanistan has noted a lack of cultural understanding, leading to difficulties in conducting operations.
Design and Innovation
Ambient noise could be your next multi-factor authentication token (TechCrunch) We're all pretty used to two-factor authentication now, and it isn't much of an inconvenience to have to type in a four-digit code when you log in from a new..
Locked out of your accounts? Facebook wants to hold the key (Naked Security) Facebook’s planned password recovery process might make some uncomfortable, but the good news is that it won’t involve giving the social media giant access to everything
Quantum Cryptography Is Unbreakable. So Is Human Ingenuity (Singularity Hub) Two basic types of encryption schemes are used on the internet today. One, known as symmetric-key cryptography, follows the same pattern that people have been using to send secret messages for thousands of years. If Alice wants to send Bob a secret message, they start by getting together somewhere they can’t be overheard and agree …
Research and Development
Raytheon secures $10M computing contract for DARPA (C4ISRNET) The work is scheduled for completion in April 2021.
Cryptanalysis of Physically Unclonable Functions (Freie Universität Berlin) We study the implementation and security of Physically Unclonable Functions (PUFs) by means of cryptanalysis. To that end, we look for upper and lower bounds for attacker effort depending on the PUF design.
Guidance Software Announces Forensic Security Research Program (Yahoo! Finance) Guidance Software, the makers of EnCase®, the gold standard in forensic security, today announced the launch of its Forensic Artifact Research Program. The program was created as a forum for digital forensic security researchers to share information and be recognized for the critical work they do to investigate cybercrime and stop cyber threats.
Academia
Students Inspired By Women in Cybersecurity Conference (Southern New Hampshire University) Five women pursuing cyber security careers left Arizona, feeling exhilarated and inspired after attending the Women in Cybersecurity conference.
Legislation, Policy, and Regulation
CIA, FBI directors heading to secret spy alliance meeting in New Zealand: Report (Washington Examiner) CIA Director Mike Pompeo and FBI Director James Comey are reportedly attending a secret gathering of the Five Eyes spying alliance.
An Intro to International Oversight Bodies (Infosecurity Magazine) A panel of privacy commission representatives discussed the role of their organizations amid heightened public concern over state surveillance activities
Trump's cybersecurity review misses deadline (Military Times) After a receiving a U.S. intelligence assessment on Russian's interference in last year's elections, President Donald Trump vowed that he would have a team present him with a review of America's cybersecurity efforts within 90 days of taking office.
'Culture Shift' Driving NSA, CIA, FBI To Be More Open (Law360) The National Security Agency, Central Intelligence Agency and FBI are working to buck a longstanding culture of secrecy and are striving to share more information with the public about their data surveillance practices and accompanying privacy safeguards, agency officials said Thursday.
FBI Tightens Restrictions On Contact With Media To Clampdown On Leaks (Shadowproof) The FBI’s effort to crackdown on leaks fits a larger trend in national security agencies, since WikiLeaks, Chelsea Manning, and Edward Snowden
Litigation, Investigation, and Law Enforcement
Islamic State claims attack on French police officers that left 1 dead, 2 injured (Chicago Tribune) A gunman opened fire on police on Paris' iconic Champs-Elysees boulevard Thursday, killing one officer and wounding three people before police fatally shot him.
Arresting Julian Assange is a priority, says US attorney general Jeff Sessions (Guardian) Justice department ‘stepping up’ efforts to prosecute Wikileaks founder as CNN reports that charges have been drawn up
Confide sued over ephemerality and screenshot protection claims (TechCrunch) Confide, the encrypted chat app that's reportedly popular among Trump staffers, is facing a class action lawsuit that claims Confide misled consumers about..
Man sues Confide: I wouldn’t have spent $7/month if I’d known it was flawed (Ars Technica) Confide: "The accusations set forth in the complaint are unfounded and without merit."
Tesla owners sue: “Enhanced Autopilot Features… simply too dangerous to be used” (Ars Technica) Tesla fires back, calling lawsuit a "disingenuous attempt to secure attorney’s fees."
Nigerian Spy Chief Caught With $43 Million in Cash Is Suspended (Foreign Policy) Just slightly suspicious.
How Nigeria's Suspended Intelligence Agency Director Tried To Explain Away $43m Cash Found In Lagos Apartment (Sahara Reporters) SaharaReporters has learned that Ayodele Oke, the suspended Director-General of the National Intelligence Agency (NIA), facilitated the agency’s acquisition of the swanky Ikoyi apartment where agents of the Economic and Financial Crimes Commission (EFCC) recently discovered more than $43 million in cash.
NCA: Young Cyber-Criminals Looking for Sense of Achievement (Infosecurity Magazine) NCA: Young Cyber-Criminals Looking for Sense of Achievement. New report claims many are simply motivated by peer respect