Cyber Attacks, Threats, and Vulnerabilities
Russia-Linked Hackers Targeted Macron Campaign, Cyber-Researchers Say (RadioFreeEurope/RadioLiberty) French presidential front-runner Emmanuel Macron's campaign says that it was targeted by Russia-linked hackers.
Macron Victim of Cyber Attack Similar to U.S. Democratic Party’s (Bloomberg) French presidential front-runner Emmanuel Macron has been hit repeatedly in recent weeks by cyber attacks closely resembling those used to infiltrate Democratic Party organizations in the U.S. last year, according to a report by cyber-security consultant Trend Micro.
Trend Micro breaks down Pawn Storm tactics, methods and goals (SC Magazine US) An in depth look at the cyberespionage gang Pawn Storm by Trend Micro reveals an incredibly complicated and capable group that has penetrated several important political and government organization and for the most part has done so on the back of one of the most basic attack methodologies available. Phishing.
Russian hackers use OAuth, fake Google apps to phish users (ITworld) The Russian hacking group blamed for targeting U.S. and European elections has been tricking victims into handing over login credentials with fake Google security applications.
Chinese and Russian Cyber Communities Dig Into Malware From April Shadow Brokers Release (Recorded Future) As of April 15, the Chinese cyber community had begun to investigate the most recent release of malware from the Shadow Brokers group. Here's a closer look.
Flashpoint - "xDedic" Dataset Suggest Government, Corporate RDP Targets (Flashpoint) xDedic is a predominant dark web marketplace known for hosting sales of access to compromised Remote Desktop Protocol (RDP) servers.
xDedic Market Spilling Over With School Servers, PCs (Threatpost) Nearly two-thirds of servers and PCs peddled on the xDedic underground marketplace belong to schools and universities based in United States.
Symantec : Alarming Increase in Targeted Attacks Aimed at Politically Motivated Sabotage and Subversion (4-Traders) Cyber criminals revealed new levels of ambition in 2016 – a year marked by extraordinary attacks, including multi-million dollar virtual bank heists and overt attempts to disrupt the U.S. electoral process by state-sponsored groups, according to Symantec’s (Nasdaq: SYMC) Internet Security Threat Report (ISTR), Volume 22, released today
2017 Symantec Internet Security Threat Report, Vol 22 (Symantec) Learn about the latest threats and security trends covered in the 2017 Symantec Internet Security Threat Report (ISTR), a comprehensive source of Internet threat data that provides an overview and analysis of the year in global Internet threat activity.
The State of Shamoon: Same Actor, Different Lines (McAfee Blogs) Naming the recent data-wiping attacks in Saudi Arabia as a continuation of the Shamoon campaign suggests that we are dealing with identical malware and pro
'Pakistan Haxors Crew' hacks DU, AMU, IIT websites; posts pro-Pakistan messages (The Times of India) Websites of Delhi University, IIT-D and Aligarh Muslim University were hacked today, allegedly by Pakistani hackers as a response to a hack by an Indian hacker on the Pakistani Railways website and “in solidarity with the innocent Kashmiri people being killed by the Indian Army!” However the messages was removed after later access to the websites.
Dawn Media group is under cyber attack (TechJuice) Dawn Media Group, through a message posted on their website and on Facebook, has claimed that it has been under read more
FalseGuide malware victim count jumps to 2 million (ZDNet) With five additional apps found containing FalseGuide, Check Point has estimated 2 million Android users have unknowingly downloaded malware.
N-day Nvidia, Android driver security flaw details revealed (ZDNet) Zimperium has revealed the details of two N-day vulnerabilities submitted through its exploit acquisition scheme.
New IoT Botnet Rises Feeding on Vulnerable Security Cameras (BleepingComputer) A new botnet is slowly building critical mass on the back of unsecured webcams and IP cameras, currently mass-scanning the Internet for vulnerable devices.
US ISP Goes Down as Two Malware Families Go to War Over Its Modems (BleepingComputer) Two malware families battling for turf are most likely the cause of an outage suffered by Californian ISP Sierra Tel at the beginning of the month.
Healthcare CERT warns about ‘Mole’ ransomware – what you need to know (Naked Security) More ransomware: this one changes your flile extensions to .MOLE, thus the name.
Hackers explain how they "owned" FlexiSpy (Help Net Security) How did the hacker group that goes by the name Decepticons breach "stalkerware" manufacturer FlexiSpy? They say it was easy.
SquirrelMail opens users to remote code execution (Help Net Security) Users of open source webmail software SquirrelMail are open to remote code execution due to a bug (CVE-2017-7692) discovered by two researchers.
Apple threatened to oust Uber from App Store for ‘fingerprinting’ iPhones (Naked Security) Questions remain over if and how Uber still tracks devices after chief exec Kalanick was summoned to Apple for a roasting
Uber Didn’t Track Users Who Deleted the App, But It Still Broke the Rules (WIRED) Uber took a known industry practice and managed to turn it into something deeply suspicious.
NoTrove threat actor delivering millions of scam ads (Help Net Security) Researchers at RiskIQ have identified NoTrove, a threat actor that is delivering millions of scam ads that threaten consumers and further undermine the dig
Chipotle Says Its Payments System Was Hacked (Fortune) It can't catch a break.
Point-of-Sale Malware Steals Driver's License Information (BleepingComputer) Malware specialized in infecting Point of Sale (PoS) software has gained the ability to search and steal driver's license information, according to a report published by US cyber-security firm Trend Micro.
Auto Lender Exposes Loan Data For Up To 1 Million Applicants (Threatpost) A trove of consumer auto loan data—some 1 million records—has been locked down after a researcher found an exposed and accessible database online.
Forcepoint Confirm AET Tool Relaunch, Say Evasions Still Matter (Infosecurity Magazine) Forcepoint say the conversation around advanced evasion techniques (AET) needs to continue “as they work
You Can Now Buy Revenge Services on Dark Web (HackRead) Usually, the dark web marketplaces are famous for selling illegal drugs, weapons or in some cases renting hacking tools. But now, we have identified a list
Just Two of These $11 Gadgets Can Steal a Car (WIRED) A technique that allows thieves to silently unlock and drive away cars is getting cheaper and easier than ever.
Security Patches, Mitigations, and Software Updates
ColdFusion Hotfix Resolves XSS, Java Deserialization Bugs (Threatpost) Adobe released an important security hotfix for several versions of Coldfusion, resolving two bugs, Tuesday morning.
Atlassian Resets HipChat Passwords Following Breach (Threatpost) Atlassian reset user passwords for its group chat service HipChat on Monday following an incident that may have resulted in unauthorized access to a server used by the service.
Motorola sends out security patch to fix Moto G5 Plus "911" bug affecting Verizon VoLTE users (Phone Arena) Last week, we told you about a potentially serious problem that was preventing Moto G5 Plus users rockin' Verizon's VoLTE service from connecting to a 911 emergency dispatcher. The problem was apparently a software related issue and has now been fixed. We received word from Motorola late Monday stating that a security patch was sent out starting this past Friday (April 21st) that exterminates the bug that caused this issue.
Users tell Microsoft to scrap 'pain in butt' Security Update Guide, bring back old bulletins (ZDNet) They're not happy that Microsoft's replaced Patch Tuesday security bulletins with the searchable Security Update Guide.
Yes, Windows patches are a mess, but you should still install them (InfoWorld) March and April patches had their share of bugs, but with a Word zero-day threatening now's the time to update your Windows PCs. Here's how to navigate the minefields
Security improvements primary reason for Windows 10 migration (Help Net Security) Between September and December of 2016, Gartner conducted a survey in six countries of 1,014 respondents who were involved in Windows 10 migration.
Symantec certificate authority issues, answered (SearchSecurity) Some answers, but still more questions as Symantec certificate authority faces Google's wrath over patterns of issues with CA practices.
Cyber Trends
Cyberwarfare and information warfare must be distinguished [Commentary] (C4ISRNET) The distinction between the two is important, and it may help uncover the root cause of the problem.
Cyber only a small component of information operations, official says (C4ISRNET) While cyber has been a main focus of the Russian meddling in the 2016 presidential election, the State Department's cyber coordinator believes it is only a small component to the larger information operations problem.
#GailForce: Has the U.S. experienced the long predicted Cyber Pearl Harbor? (Lima Charlie News) Capt. Gail Harris examines whether the U.S. is in an undeclared cyber war, and if the DNC hack was part of a Russian strategy to destabilize the West.
Are Small Business Owners Protecting Themselves from Cyber Attack? (Manta) Hackers are increasingly targeting small businesses, but less than 15% of owners protect their business from cyber attack.
Buying fraud right off the virtual rack (CSO Online) Report finds fraud running rampant, especially in the retail sector.
Cyberthreats Inevitable but can be Mitigated, Experts Say (Bloomberg BNA) Cyberthreats are inevitable and growing fast, but better coordination between the government and private sector could pay big dividends, a panel of cybersecurity professionals said April 24.
Embedded designers not paying enough attention (New Electronics) The Barr Group’s third annual survey of embedded systems safety and security has concluded there remains ‘much work to be done’ by the embedded systems design community in order to achieve a safer and more secure world.
LogRhythm report casts damning eye on enterprise security tactics (Security Brief) LogRhythm’s latest cyber resiliency report casts a damning look into the state of Asia Pacific organisations in Asia Pacific.
Legacy Cultures Inhibit Cybersecurity (SIGNAL Magazine) The evolution of cyber created ideal conditions for hackers. Now, managers must tamper with nature and reverse the consequences.
Dell: End user data security on LOB minds (Channelnomics) Dell exec discusses impact on channel partners
"Fast and Furious 8: Fate of the Furious" (Errata Security Blog) So "Fast and Furious 8" opened this weekend to world-wide box office totals of $500,000,000. I thought I'd write up some notes on the "hacking...
Marketplace
Top 10 big IT outsourcing and consulting disasters (Computing) When outsourcing goes wrong, it can go very expensively wrong...
Security-as-a-Service: How mid-market companies achieve network security (Help Net Security) Mid-tier companies are battling a black hole of time, security expertise, and budget to procure, implement, and manage a variety of security products, acco
Spotify acquires blockchain startup Mediachain to solve music’s attribution problem (TechCrunch) Spotify has acquired the Brooklyn-based blockchain startup Mediachain Labs, whose team will join the company's office in New York where they will work on..
Container-security startup Twistlock secures $17M in new funding for Portland expansion (GeekWire) New funding paves way for sales and marketing hiring in Pacific Northwest for container security experts.
SS8 Networks Achieves Record Revenues and Profitability (Businesswire) SS8 reported record revenues/profitability in its 2016 fiscal year as demand spiked for its network intelligence technology which uncovers indicators
McAfee Showcases Increased Commitment to Cyber Threat Research with Shamoon Revelations (Global Security Mag Online) A few weeks after launching as a standalone company, McAfee LLC announced it will increase investments and resources in cyber threat research. As a proof point of this commitment, McAfee released evidence that a series of Shamoon malware campaigns targeting Saudi Arabia are the work of one coordinated force of attackers, rather than that of multiple independent renegade hacker groups.
U.S. Air Force invests millions this month on cyberweapons projects (Cyberscoop) Three of the United States’ largest military contractors each won multimillion-dollar projects in the last month to boost American offensive power in the cyber domain. Raytheon, Northrop Grunman and Booz Allen Hamilton have all seen their stock prices rise 10 to 20 percent since the November 2016 U.S. election.
Defense Intelligence Agency’s ‘Shark Tank’ Helps Startups Pitch Spy Apps (Defense One) DIA analysts who like a product can launch a partnership on the spot.
General Dynamics IT unit wins $94M Indian Health Service contract -- Washington Technology (Washington Technology) General Dynamics' IT unit wins a potential five-year, $94 million contract for software and application services to the Indian Health Service.
CrowdStrike Expands into Latin America, Opens Office in Mexico City (Businesswire) CrowdStrike® Inc., the leader in cloud-delivered next-generation endpoint protection, today announced the launch of its operations in Latin America
Wynyard Focuses on Partnership With System Integrators to Expand US Operations (PRNewswire) The Wynyard Group, market leader in innovating Advanced Crime...
Contrast Security responds to OWASP Top 10 controversy (CSO Online) Contrast Security has addressed the recent backlash over section A7 of the OWASP Top 10 list for 2017. The company issued a statement on the matter after industry professionals suggested the A7 addition was an example of a vendor pushing their agenda on the OWASP Top 10 project.
MOVES-Deloitte hires former FBI agent in cyber risk services unit | 04/25/17 | Markets Insider (Business Insider) Deloitte Risk and Financial Advisory, a unit of audit and tax services firm Deloitte & Touche LLP, named former FBI agent Linda Walsh as managing director for its cyber risk services.
PhishMe CEO Rohyt Belani Selected as Finalist for the EY Entrepreneur Of The Year 2017 Award Mid-Atlantic Region (Businesswire) PhishMe today announced that EY has named CEO and co-founder Rohyt Belani as a finalist for the Entrepreneur Of The Year® 2017
Products, Services, and Solutions
Guidance Software and kCura Expand Strategic Partnership (Businesswire) New agreements build on technical integration between EnCase eDiscovery and kCura’s RelativityOne
Magnet Forensics and Passware Partner to Provide Full Disk Decryption in Magnet AXIOM (Yahoo! Finance) Magnet Forensics, a global leader in developing forensic software for smartphone and computer examinations, and Passware, a world leader in password recovery, decryption, and electronic evidence discovery software,
LockPath and SailPoint Partner to Increase Security Risk Visibility (LockPath) LockPath, a leading provider of GRC solutions, today announced a new partnership with SailPoint, a leader in identity management.
Fortinet, Leidos Form Managed Security Service Partnership (ExecutiveBiz) Leidos has agreed to be a managed service provider of Fortinet‘s security products to federal government and commercial customers under a partnership agreement. Leidos said Tuesday its distribution of Fortinet offerings such as FortiSIEM will expand the former’s current pool of managed security services for clients. FortiSIEM combines the capacities of security operations centers and network operations centers into a single...
Gigamon Delivers Intelligent Visibility for Securing 40Gb and 100Gb Networks (Sys-Con Media) New flagship appliance GigaVUE-HC3 delivers pervasive visibility for the highest performance networks to improve infrastructure security efficiency and effectiveness
Dragos Adds Unmatched Threat Intelligence to the Industry's Only ICS Security Ecosystem (Yahoo! Finance) Dragos, Inc., a cybersecurity company specializing in protecting industrial control systems (ICS) around the world, today announced a new threat intelligence ...
IBM to develop industrial IoT devices with ABB (Computing) Suite of products will focus on areas such as manufacturing and smart grids
Micron and Microsoft collaborate on IoT security (evertiq) Micron Technology and Microsoft collaborate to address major challenges of providing trusted computing models for IoT deployments in industrial, automotive and consumer environments.
Optensity’s >rapid response for Splunk Now Available on Carahsoft GSA Schedule (GlobeNewswire News Room) Splunk App Provides Government Users with Agile Response and Recovery Measures to Resolve Infrastructure and System Issues
Skyhigh Becomes First Cloud Access Security Broker in Cooperative Purchasing Program (Government Technology) CIS CyberMarket is now offering cloud access security brokering to its state and local government members.
Franz's Allegro Common Lisp Meets Demand for High Performance Artificial Intelligence and IoT Applications (PRWeb) Allegro CL 10.1 gains ARM processor support for IoT applications
Exclusive: NSP taking LogRhythm SIEM to SMB market with security-as-a-service offering (Channel Life) Network and system integrator NSP is gearing up to launch a new security-as-a-service offering, which takes LogRhythm's SIEM to the SMB market.
Technologies, Techniques, and Standards
Old Windows Server machines can still fend off hacks. Here's how (CSO Online) Keeping a computer up-to-date, with the latest OS and software patch, is one of the best things you can do to stay safe from cyber threats.
Carbon Black asks: So what exactly is threat hunting? (Security Brief) Information security professionals used to put all of their chips towards incident prevention. This didn’t work out very well.
5 things marketers should do today to reduce their cybersecurity risk (CMO) Marketers must not only be in the business of IT today, they need to be in the business of IT security.
Banking trojans are on the rise: here’s how to avoid being robbed | Check Point Blog (Check Point Blog) Banking trojans are helping cybercriminals to commit the perfect crime: stealing money from the accounts of unsuspecting victims, almost untraceably and at minimal risk. As such it’s no surprise that from June to December 2016, banking trojans were only fractionally behind ransomware in being the most prevalent type of malware, and in Asia-Pacific countries they …
CrowdStrike VP Q&A on cybercrime and financial services (bobsguide) Who or what currently poses the greatest threat to the digital security of a financial services company?
Protecting Your Data and Networks From Ransomware (Financial Executives International Daily) Ransomware is the fastest-growing cyber security threat targeted at businesses today, but some basic digital hygiene can help reduce your company’s risk significantly.
Behavioural profiling: Spotting the signs of cyber attacks and misuse (Help Net Security) Behavioural profiling is recognised as a new level of protection against cyber attacks and systems abuse, offering the potential to pick out new attacks.
If Malwarebytes blocks legitimate processes, do this (gHacks Technology News) If the Malwarebytes security software blocks legitimate processes or files on Windows PCs, adding those to the exclusions list may resolve the issue.
NSA backdoor detected on >55,000 Windows boxes can now be remotely removed (Ars Technica) Microsoft dismisses DoublePulsar infection estimates, but otherwise remains silent.
Research and Development
DIUx expects to transition programs in next two months (Defense News) As of the end of March, DIUx has awarded 25 agreements for a total of $48.4 million.
DARPA wants more secure hardware (C4ISRNET) The Defense Advanced Research Projects Agency wants to test the proposition that more secure software starts with more secure hardware.
Academia
City University of London unveils new undergraduate course for budding data scientists (Computing) MSci data science course will begin in 2018
San Juan College cybercon kicks off Thursday (Albuquerque Journal) With the second edition of San Juan College's cyber security conference approaching, Lorenzo Reyes Jr., the director of the college's Center for Workforce Development, already has some lofty ideas in mind for the…
Legislation, Policy, and Regulation
New Zealand has a new defense minister (Defense News) Mark Mitchell replaces Gerry Brownlee, who will be the new foreign affairs minister.
Tokyo evasive on report of secret deal with NSA over mass surveillance program (The Japan Times) The government's top spokesman on Tuesday declined to comment on — but did not deny — a report alleging that Tokyo has secretly and closely coo
White House Wants to Bake Security Into New IT Projects (Defense One) Trump’s top cybersecurity advisor has been tapped to help son-in-law Kushner ensure security is built into any new government tools from the beginning.
Trump’s promise on cybersecurity: what’s been happening? (Naked Security) Work behind the scenes suggests that an executive order on cybersecurity could be signed by the end of the week
8 Ways Governments Can Improve Their Cybersecurity (Harvard Business Review) Ensuring greater privacy and increased trust online.
Disclosing Zero Days (The State of Security) Eric Jardine writes about the need for governments to disclose zero days and begin to collaborate to make digital disarmament more than just ‘a thing’.
Why we need the FTC to police ISP privacy practices (CSO Online) The move to scrap the FCC's rules for ISPs leaves the industry without any federal oversight and puts internet privacy at risk.
What Role Should ISPs Play in Cybersecurity? (Dark Reading) There are many actions ISPs could do to make browsing the Web safer, but one thing stands out.
Australian government plan to force ISPs to block malware (Computing) Australian government plan to push ISPs to do more to tackle cyber security
Lords drop 30Mbps minimum broadband speed demand as Tories rush Digital Economy Bill through parliament prior to general election (Computing) Enjoy your 10Mbps universal service obligation, citizens
Litigation, Investigation, and Law Enforcement
Fired acting Attorney General Sally Yates to testify before the Senate on Russian interference (Washington Examiner) Former acting Attorney General Sally Yates will testify in front of Congress next month as a part of the Senate Judiciary Committee's investigation into Russian interference in the presidential election.
Leaked Documents Reveal the NSA Spying on Scientists to Find 'Nefarious' Genetic Research (Gizmodo) A new document made public this week via Edward Snowden’s leak of NSA documents reveals a fascinating aim of signals intelligence program: The agency, it turns out, monitored international scientific developments in hopes of detecting “nefarious” genetic engineering projects more than a decade ago.
Kaspersky won’t sue Microsoft for anti-trust, for now anyway (On MSFT) Last November, David Kaspersky of cyber security suite makers Kaspersky Labs threw down the gauntlet so to speak against Microsoft. The "Goliath" of cyber security, as he called them in his blog post, is accused of making the world safer for cyber criminals by forcing out competition. The center of this anti-competitive behavior? Windows Defender.
Palantir settles U.S. lawsuit charging bias against Asians (WSAU) The data analytics and security company Palantir Technologies Inc has agreed to pay nearly $1.7 million to resolve charges it discriminated against Asian applicants for engineering jobs at its Palo Alto, California, office, the U.S. Labor Department said on Tuesday.
Teenage Hacker Arrested For Multiple Sony And Microsoft Security Breaches | SegmentNext (SegmentNext) A teenage hacker has been arrested, being responsible for multiple hacks and security breaches between 2013 and 2015 and making a business from it.
UK Man Gets Two Years in Jail for Running ‘Titanium Stresser’ Attack-for-Hire Service (KrebsOnSecurity) A 20-year-old man from the United Kingdom was sentenced to two years in prison today after admitting to operating and selling access to “Titanium Stresser,” a simple-to-use service that let paying customers launch crippling online attacks against Web sites and individual Internet users.
Northern Ireland boy held over TalkTalk cyber attack to fight identification ruling (Belfast Telegraph) A Co Antrim schoolboy arrested over the TalkTalk cyber attack is to appeal his failed High Court bid to secure legislative protection from media identification.
Former Expedia IT support worker gets prison time for hacking execs' emails, insider trading (Help Net Security) Jonathan Ly used his position to access emails of Expedia execs so that he could trade in Expedia stock and illegally profit from non-public information.
Man Fined $500 for Crime of Writing 'I Am An Engineer' in an Email to the Government (Motherboard) An electronics engineer says he found a flaw in traffic lights. The Oregon engineering board fined him for it.
Five years later, legal Megaupload data is still trapped on dead servers (Ars Technica) EFF lawyers head to appeals court to demand one man's data.
