Laurel, Maryland: news from Jailbreak
Insecurity (but not the neurotic kind) (The CyberWire) Information security is, at bottom, human conflict conducted by technical means. The discussions at Jailbreak, however deeply technical they became, all described people doing things to other people with code, with all the intensionality that implies.
Cyber Attacks, Threats, and Vulnerabilities
WikiLeaks Reveals CIA Tool ‘Scribbles’ For Document Tracking (Threatpost) The CIA is planting web beacons inside Microsoft Word documents to track whistleblowers, journalists and informants, according to WikiLeaks.
Threat of election hack puts GCHQ on high alert (Times (London)) Staff working at GCHQ were placed on high alert last week to prevent a cyber-attack during the general election, The Sunday Times can reveal. Intelligence chiefs at the National Cyber Security...
Russian Hackers Target French Presidential Campaign (eSecurity Planet) The attacks are the invisible side of a Russian campaign against Emmanuel Macron, his digital director said.
Panel to Senate: Cyber Operations Influence Political Processes Worldwide (USNI News) Russia used "useful idiots" to meddle in the U.S. presidential election and "fellow travelers" opposed to European Union and NATO to influence elections in France and Germany, while Islamic terrorists used "agent provocateurs" to topple Spain's government in 2004 and cast another pall over French voting, a cyber security expert told a congressional subcommittee Thursday.
The Weaponization of Information: The Need for Cognitive Security (RAND) Dimitry Kiselev, director general of Russia’s state-controlled Rossiya Segodnya media conglomerate, has said: “Objectivity is a myth which is proposed and imposed on us.”
Inside Russia’s Fake News Playbook (The Daily Beast) Clint Watts is testifying Thursday before the Senate’s armed services committee on how Russia became the kings of black propaganda. Here’s what he told the senators.
How the State of Russian Media Becomes the State of International Media (Foreign Policy) There’s a connection between violence against journalists and violence against journalism.
Turkey Has Blocked Wikipedia and Is Censoring Twitter (Motherboard) President Erdoğan's crackdown on voices of dissent is expanding to the internet.
Facebook admits it is being used as propaganda tool by ‘malicious actors’ (Naked Security) Facebook’s soul-searching report sets itself the challenge of knowing itself
Facebook, for the first time, acknowledges election manipulation (CBS News) Without saying the words "Russia," "Hillary Clinton," or "Donald Trump," Facebook acknowledged Thursday for the first time what others have been saying for months.
Social media giants fail to tackle hatred, say MPs (Times (London)) Google, Twitter and Facebook have shamefully failed to tackle terrorism, violence and hatred online, MPs say. The social media giants are labelled a disgrace in a report that accuses them of...
Facebook helped advertisers target teens who feel “worthless” (Ars Technica) Leaked 2017 document reveals FB Australia's intent to exploit teens' words, images.
What is an online troll? What do you need to know about it? (Panda Security Mediacenter) You’ve probably heard about online trolls – but what are they? Learn what an online troll is, and what to do if you become a victim.
PFLP launches cyber attacks against Israelis (Maan News Agency) The armed wing of the Popular Front for the Liberation of Palestine (PFLP), the Abu Ali Mustafa Brigades, said Sunday it has hacked scores of Israeli phones as part of a wider cyber attack operation in solidarity with Palestinian prisoners on hunger strike in Israeli custody.
Network management vulnerability exposes cable modems to hacking (CSO Online) Hundreds of thousands of internet gateway devices from around the world, primarily cable modems, are vulnerable to hacking because of a serious weakness in their implementation of the Simple Network Management Protocol.
Stealthy Mac malware spies on encrypted browser traffic (CSO Online) A new malware program that targets macOS users is capable of spying on encrypted browser traffic and stealing sensitive information.
Open Ports Create Backdoors in Millions of Smartphones (BleepingComputer) Mobile applications that open ports on Android smartphones are opening those phones to remote hacking, claims a team of researchers from the University of Michigan.
Millions of Android Devices Vulnerable to Network Scan Attack (HackRead) Researchers have recently discovered hundreds of vulnerable apps on Google Play Store which are allowing hackers to inject them with malicious code which,
IT service providers, many other orgs targeted in long-standing attack campaign (Help Net Security) US-CERT warns about an attack campaign using multiple malware implants and targeting organizations in the IT, Energy, Healthcare, and other sectors.
South Korean Bitcoin Exchange Yapizon Hacked; $5 Million Stolen (HackRead) Yapizon, a South Korean Bitcoin exchange suffered a massive data breach earlier this week when hackers stole 3816.2028 Bitcoin (US$5 million) which is 37%
Hacker Leaks "Orange Is the New Black" Season 5 Episodes After Netflix Extortion Attempt Fails (BleepingComputer) A hacker (or hacker group) known as The Dark Overlord (TDO) has leaked the first ten episodes of season 5 of the "Orange Is The New Black" show after two failed blackmail attempts, against Larson Studios and Netflix.
TheDarkOverlord leaks upcoming episode of Orange is the New Black after Netflix doesn’t pay extortion demand (Data Breaches) After a two-month hiatus, and with pixels to spare, TheDarkOverlord let it be known today that they are still hacking and attempting to extort their victims:
Netflix Hackers Could Have Three Dozen Additional TV Shows, Films From Other Networks and Studios (Variety) The group of hackers that leaked the upcoming fifth season of “Orange Is the New Black” this weekend may have also secured access to some three dozen other shows and movies. TheDarkOverlords…
No, Netflix is not a victim of Ransomware (CSO Online) A security firm has claimed the recent issues facing Netflix and their series "Orange is the New Black" are Ransomware, and a recent report from NBC News states the same. While no company wants to be held under the threat of ransom demands, Ransomware and extortion are two different types of problems.
Americans No.1 Ransomware Target & Most Likely To Pay Up (HackRead) Symantec, an IT security and software company, has released the latest volume of Internet security threat report and some of the facts written in the repor
Bitcoin Value Rises to Over $1300 (Infosecurity Magazine) As the Bitcoin Value Rises to Over $1300, will this pay more to ransomware wielding cybercrminals?
Professor: ‘10 concerts' Facebook meme may reveal answer to security questions (WFXT) If you’ve opened your Facebook app recently, your feed has likely been flooded with statuses of your friends posting “10 Concerts I’ve Been To, One is a Lie.”
Malware Blocks Virginia State Police From Updating Sex Offender Registry (BleepingComputer) A malware infection affecting servers belonging to the Virginia State Police (VSP) has shut down the department's email system, along with its ability to update the Virginia Sex Offender and Crimes Against Children Registry (SOR).
Vt. Law School Preps Against Cyberattacks (Valley News) Vermont Law School has spent the past several weeks beefing up its digital defense system after a massive cyber-attack temporarily shut down the Internet and computer systems at the school.“We continue adapting,” Sean Lee, the general...
Winery, vineyard cyber attack risk grows with web-connected systems (The North Bay Business Journal) If a device in your winery or vineyard connects to the internet, it is vulnerable. Farella Braun + Martel attorney partner Tyler Gerking explains the risks and protections.
Additional information concerning the April 21st San Francisco outage (Control Global) The April 21, 2017, San Francisco outage should raise red flags at DOE, FERC and NERC about how they classify Critical Infrastructure and Key Resources (CIKR) and Bulk Electric System (BES) assets. This outage emphatically points out that system reliability, the definition of key facilities, and economic impact should be considered during CIKR classification. The outage also demonstrates the limitations of several key NERC reliability and cyber security standards.
Sonia disowns Rahul video virus? It's a hoax (Graham Cluley) At least ask some questions before you forward virus warnings to your friends.
Eugene Kaspersky opens up about Russia, hacking and the frontlines of cyberwar (International Business Times UK) The Kaspersky Lab expert on crime, espionage and why the best hackers speak Russian.
Cyber Trends
Industry reactions to the Verizon 2017 Data Breach Investigations Report (Help Net Security) Industry leaders offer their opinion on the Verizon 2017 Data Breach Investigations Report, which offers a global view of the modern threat landscape.
Mega Data Breaches Could Drive the Blockchain Revolution (Infosecurity Magazine) Blockchain is the ideal candidate for a variety of data security applications, and the information security world has already begun to take notice.
Forrester - Vendor Landscape: Vulnerability Management, 2017 (Tenable) This report from Forrester provides security and risk professionals an overview of the vulnerability management vendor landscape, as well as information on trends that directly affect and enable business operations.
Do you work in the financial sector? Time to step up your cybersecurity habits (TechRepublic) A report from IBM Security revealed a 937% increase in records stolen from the financial sector in 2016. Here's what you need to know and do to protect your sensitive data.
New SentinelOne Enterprise Risk Index Provides Evidence of Growing Use of In-Memory Attacks; Renders Traditional Antivirus Protection Methods Redundant (SenitnelOne) Data analysis shows attackers continuing to shift away from file-based attack techniques
10 Cybercrime Myths that Could Cost You Millions (Dark Reading) Don't let a cybersecurity fantasy stop you from building the effective countermeasures you need to protect your organization from attack.
Marketplace
Going commercial a challenge for government contractors (Baltimore Sun) KEYW's founder was so confident in the company's cybersecurity services for the federal intelligence community that he decided in 2013 to branch out into the
The Government Wants a Thriving Cyber Insurance Market. Here’s How It’s Getting Started (Nextgov) The Homeland Security Department wants to build a massive repository of cybersecurity and breach data that insurers can learn from.
Artificial Intelligence Pushes the Antitrust Envelope (Bloomberg BNA) If machines collude when no one’s watching, would any antitrust alarm bells sound?
Appian files for $86.25 million IPO (Washington Business Journal) Reston-based software developer Appian Corp. has filed for an initial public offering and is looking to raise up to $86.25 million, according to Securities and Exchange Commission filings.
Dimension Data Australia writes off Oakton investment by $73 million (CRN Australia) Australian subsidiary has received $300m from parent company in two years.
CyberTycoons.com Acquires SEO BAM (Digital Journal) A cornerstone of Internet history, SEO BAM has been providing SEO (Search Engine Optimization) services for more than 2 decades. Because of its longevity in the market, SEO BAM has primarily operated as a referral-based, or word of mouth business for most of its existence.
Why A10 Networks Stock Plunged Today (The Motley Fool) Investors weren't impressed by first-quarter results.
2 Reasons Check Point Software Technologies Should Continue Growing (Pantagraph) Check Point Software Technologies (NASDAQ: CHKP) stock has enjoyed a terrific run this year, rising over 20%, sparked by a solid fiscal fourth-quarter earnings report in January. The cybersecurity specialist's
root9B Holdings Sells IPSA's Investigative Due Diligence Practice (PRNewswire) root9B Holdings, Inc. (Nasdaq: RTNB) ("RTNB") today announced...
Why Did Intel Spin Off Its Security Business? (Market Realist) As Intel (INTC) is becoming a data-centric company, its security has become key. Despite this, Intel recently spun off its security business by selling 51% of it to investment firm TPG for $3.1 billion. Intel acquired McAfee in 2010 for $7.7 billion, which means a 51% stake equates to $3.9 billion. It sold its stake in McAfee at a loss of $800 million. Fiscal 1Q17 is the last quarter in which Intel will report security earnings.
A Security Company Just Hacked The Marketing World (Forbes) For nine seasons, everybody loved Raymond. Now, founders and CEOs have discovered a new darling: Duo Security.
Bremerton tech firm helps businesses respond to cyber attack (Kitsap Sun) Critical Informatics poised for expansion
Mobily signs MoU with Palo Alto Networks on future security offerings (Eye of Rihadh) Mobily has signed a memorandum of understanding with Palo Alto Networks, the next-generation security company.
RSA Security Inks Cyber Threat Data Sharing Agreement With NATO (ExecutiveBiz) Dell Technologies’ RSA Security business and the NATO Communications and Information Agency have agreed to exchange cyber threat data in an effort to build up situational awareness and safeguard networks from vulnerabilities. RSA signed Tuesday the industry partnership agreement with NCI during the NITEC17 conference in Ottawa, Canada, the agency said Tuesday. “RSA is thrilled to be...
Mosaic451 Awarded Contract by the Charlotte Cooperative Purchasing Alliance to Provide Security Services (PRNewswire) Mosaic451, a bespoke cybersecurity services provider and consultancy, announced...
Gil Shwed's salary cost was $35.6m in 2016 (Globes) Almost all of the Check Point CEO's remuneration was in shares.
Microsoft appoints former FTC commissioner to lead its regulatory & privacy efforts | The Tech Portal (The Tech Portal) In her position at Microsoft, Julie Brill & her team will closely work with external stakeholders – policy makers, regulators, customers and civil society
Endace hires new VP Product Management (Yahoo! Finance) Endace, a world leader in high-speed network recording and network history playback, announced today that Cary Wright will join Endace as the company's new VP of Product Management. Wright comes to Endace from Ixia, where he held the role of
Products, Services, and Solutions
Facebook launches its bloat-free Messenger Lite app in over 100 new countries (Neowin) Facebook's 'lightweight' Messenger app - designed primarily for older, less powerful devices, in countries with slow, unstable mobile networks - is now available in over 100 new markets worldwide.
Behavioral Biometrics Offers Considerable ROI: BioCatch (Find Biometrics) Security based on behavioral biometrics can offer a considerable return on investment, BioCatch says. And to prove it, the company has launched an ROI calculator for organizations considering implementing the technology.
John McAfee is preparing an "antispyware" smartphone with buttons that allow physically to disconnect the battery and Wi-Fi antennas (Startler Tech) John McAfee's personality hardly needs a separate presentation, even for those who did not use the antivirus software developed by his company.
Cloudflare Nukes IoT Security Threats from 'Orbit' (eSecurity Planet) The company's new service keeps IoT devices, even ones riddled with vulnerabilities, out of a hacker's grasp.
ERPScan Introduces First High-level SAP Cybersecurity Framework (Yahoo! Finance) EAS-SEC, a non-profit organization focused on enterprise application security, with the support of ERPScan , a leading provider of business application security ...
Technologies, Techniques, and Standards
The US Takes On the World in NATO’s Cyber War Games (WIRED) Last year, the US finished last in Locked Shields, NATO's cyber war games. This year, it had its eye on redemption.
The Air Force bolsters its Cyberspace weapons systems (Defense Systems) The Air Force’s latest cyber space weapons system increases control of cyberspace data for more versatile operational command.
CTIC Synchronizes Service (SIGNAL Magazine) A new defensive cyberspace operations facility will boost the 35th Intelligence Squadron’s ability to meet growing demands.
The Complexity of Public-Key Cryptography (IACR) We survey the computational foundations for public-key cryptography. We discuss the computational assumptions that have been used as bases for public-key encryption schemes, and the types of evidence we have for the veracity of these assumptions.
Carbon Black: How to set up a threat hunting program (Security Brief Asia) We know the attackers are out there – they are perpetually trying to break in, and many are succeeding.
A Day in the Life of a Security Avenger (Dark Reading) Behind the scenes with a security researcher as we follow her through a typical day defending the world against seemingly boundless cyberthreats and attacks
Criminals on a mission of ambition and disruption, says Symantec (Security Brief) Ransomware attackers are increasing their ransoms; more emails are containing malicious links; and disruption is the word of the day.
Knowing Versus Doing: Using Stories To Build A Culture Of IT Security Awareness (Forbes) If you were to recall past experiences in your life, one in which you were watching a movie, and another in which you were sitting through a lecture, which slice do you think you would be more likely to remember? Most people would say a movie.
10 Types of Computer Viruses Dangerous And How To Overcome them (Almaftuchin Tech) 10 Types of Computer Viruses Dangerous And How To Overcome them
Indian CIOs and CISOs need to adopt certain crucial practices: Dell EMC (DATAQUEST) Dell EMC shares his views on data protection challenges faced by Indian enterprises. He points out at Dell EMC’s role in the whole ecosystem
Design and Innovation
So many elections, so little tech (IDG Connect) While some politicians know how to use emerging technologies to get their message across – President Donald Trump’s Tweets or Jean-Luc Mélenchon’s use of holograms to appear at multiple rallies at the same time – technology policy never seems to be a strong suit or priority.
DHS Commercializes Malware Detection Technology (SIGNAL Magazine) The Department of Homeland Security’s S&T Directorate announced the transition of Hyperion, a malware detection technology, to the commercial marketplace.
With AI investments, Taser could use its body camera division for predictive policing (TechCrunch) After announcing that it would shift some of its emphasis away from non-lethal weapons to police body cameras, for a fleeting moment it felt like the company..
Imagining five retro technologies as startup pitches (TechCrunch) Silicon Valley is a bubble. Go into any SoMa coffee shop and you’ll hear founders and investors alike singing the praises of Hyperloop and flying cars —..
Academia
Master’s degree to arm future cyber security pros (Acumin Recruitment, London) If the plan is successful, we can expect to see a high-level talent pool applying for cyber security jobs in the UK for years to come.
Harford Community College shows off new cybersecurity labs (The Aegis) Harford Community College hosted a grand opening ceremony Friday for its Cybersecurity Labs in Joppa Hall. The labs allow students to experience hands-on learning in executing and defending against cyberattacks.
University of Utah hires Randall Arvay as CISO (CSO Online) Arvay brings a strong cybersecurity, military and educational background to the chief information security officer role.
Legislation, Policy, and Regulation
National Security Agency ends controversial email collection program (KSRO) The National Security Agency will cease collecting internet communications that merely mention an individual who is considered to be a “foreign intelligence target.” The move is being welcomed by privacy advocates who have
A Big Change in NSA Spying Marks a Win for American Privacy (WIRED) The NSA won't collect the emails of US citizens just because they mention a foreign target. That's a big deal.
With the war far from over, privacy activists cautiously celebrate a battle won (TechCrunch) After the NSA's surprise announcement that it would pull back on a contentious surveillance tactic, privacy advocates found themselves in a strange place in..
Finland launches national security initiatives defending against hybrid threats (Defense News) Finland’s military and national security agencies will receive more expansive powers to conduct intelligence gathering inside and outside Finland’s borders.
US, Argentina agree to ‘Cyber Working Group’ (Normangee Star) President Donald Trump and first lady Melania Trump greet Argentine President Mauricio Macri and his wife Juliana Awada at the White House in Washington.
The utter uselessness of banning social media in Kashmir (http://www.hindustantimes.com/) Banning social media websites such as WhatsApp, Facebook, and Twitter will not help stem discontent in the valley. By restricting access to these websites, the government is...
Getting Tough on North Korea (Foreign Affairs) A quarter-century of negotiations and sanctions have failed to change North Korea’s behavior. It’s time to crack down on Pyongyang’s foreign financial dealings—and the states that abet it.
Kim Jong Un Is a Survivor, Not a Madman (Foreign Policy) North Korea's behavior might seem irrational to outsiders, but the Kim regime is just taking logical actions to survive.
Trump’s Only Playing the Madman With North Korea (The Daily Beast) Trump’s tweeted threats may sound unhinged. But the crazy talk is carefully planned, administration officials insist.
Interest in cyber deterrence policy grows, but actual legislation will prove difficult (Washington Examiner) "We will not allow other states to hold us at risk. We must be able to sustain our infrastructures during times of stress."
Dan Geer: Cybersecurity is 'paramount national security risk' (CSO Online) Cybersecurity and the future of humanity “are conjoined now,” according to In-Q-Tel’s Dan Geer. The cybersecurity futurist, in the closing keynote at SOURCE Boston 2017, gave a sobering look at what is likely to come in a world where change and growing interdependence is happening faster than anyone’s ability to manage it
White House Cyber Chief Outlines Challenges and Next Steps for Trump Administration - Billington CyberSecurity (Billington CyberSecurity) Robert Joyce, the new Cybersecurity Coordinator and Special Assistant to the President at the White House, said the release of the Executive Order is due …
Intelligence and the Presidency (Foreign Affairs) The relationship between Trump and the intelligence community needs to be recalibrated. The president must understand that “alternative facts” have no place in the work of intelligence professionals.
Lawmaker calls on ISPs to stop customers being hit by viruses (Naked Security) Australian minister says government is considering moving towards ‘active defence … blocking or diverting malicious traffic’
FCC: net neutrality is ‘politically motivated government overreach’ (Naked Security) FCC chief signals assault on rules from the days of Ma Bell used by Obama to guarantee net neutrality
Power ministers' meet adds cyber security, digital payment to agenda (Business Standard) Move is in line with the BJP-led Centre government pushing for digitisation in several departments
Litigation, Investigation, and Law Enforcement
For Russia And U.S., Uneasy Cooperation On Cybercrime Now A Mess (RadioFreeEurope/RadioLiberty) A widening U.S. dragnet is picking up more and more Russian computer hackers. Russia's own dragnet is picking up FSB cyberofficers, including some who once helped the Americans.
Shot suspect arrested as police track two more terror plots (Times (London)) The woman shot by police in a counter terrorism raid in northwest London last week has been discharged from hospital and taken into police custody. The 21-year-old was admitted for her injuries...
Italian Botnet Operator Who Made Over $325,000 Extradited to the US (BleepingComputer) US officials successfully extradited a 30-year-old Italian man for his role in creating and running a botnet of hacked servers.
Users can withdraw if they find WhatsApp policy unacceptable: Facebook counsel in SC (The Times of India) “Those who find the new privacy policy irksome or violative of their fundamental rights, can quit. We’ve given full freedom to users to withdraw from Facebook and WhatsApp,” counsel for Facebook said during a hearing in the Supreme Court.
Facebook and Google Were Victims of $100M Payment Scam (Fortune) Mystery solved
FTC Offers ID Theft Victims Online Crime Reporting Tool (Dark Reading) ID theft victims can report their cybercrime attack to the Federal Trade Commission, without having to file a police report in most cases.
Is it ethical to do constant criminal background checks on employees? (CSO Online) Companies hire a third party to scour public databases to make sure employees are not getting into legal trouble that would impact their jobs. But is it ethical? Experts explain.
Carrie Goldberg Is Fighting Revenge Porn One Court Case at a Time (Motherboard) “I am one of my clients.”