Cyber Attacks, Threats, and Vulnerabilities
Political Parties in DMARC Fail Ahead of Elections (Infosecurity Magazine) Political Parties in DMARC Fail Ahead of Elections. Agari warns that democratic process is at risk in UK, Germany and Norway
Iranian 'OilRig' expands attacks, works with Russian hackers-for-hire (SC Magazine UK) Attacks believed to be Iranian in origin were fended off for more than two weeks in April, but security experts examining the code detected something they'd never seen before: snippets of code baring similarities to a known Russian toolkit available on the underground Russian marketplace.
ISIS — From the Ground to Cyber Space (The Cipher Brief) There are two schools of thought about the nature of the threat posed by the Islamic State in Iraq and Syria (ISIS). Some experts say the group is nearly vanquished as it struggles to hold on to Mosul, Iraq, and prepares for the inevitable fight for its capital in Raqqa, Syria.
Why ISIS Is Bullet-Proof (The Cipher Brief) The Cipher Brief’s Bennett Seftel sat down with Michael W.S. Ryan, Senior Fellow at the Jamestown Foundation, to discuss ISIS’ recent battlefield losses, the group’s current level of influence, and what to expect from ISIS in coming months.
Shadow Brokers threaten to unleash more hacking tools (Guardian) Group linked to NSA cyberwarfare tools used in ransomware attack threatens to set up ‘wine of the month’-style service
Researchers discover another ongoing cyberattack using NSA hacking tools (ABC News) Cybersecurity researchers have identified a second ongoing global cyberattack that has quietly hijacked hundreds of thousands of computers around the world, including many in the United States, for a massive cryptocurrency mining operation.
Security Alert: BlueDoom Worm Caught Spreading through EternalBlue, Integrates Batch of Leaked NSA Exploits (Heimdal Security Blog) BlueDoom includes a heap of leaked NSA exploits and is preparing for widespread distribution. Could be more harmful than WannaCry ransomware.
Next NSA Exploit Payload Could be Much Worse Than WannaCry (Threatpost) Researchers urge Windows admins to apply MS17-010 before the next attack using the EternalBlue NSA exploit deploys a worse payload than WannaCry ransomware.
Second massive WannaCry-like cyber attack identified (euronews) Cyber security experts reveal they have found a second massive computer virus which has affected hundreds of thousands of computers world-wide.
Computer virus similar to WannaCry begins manufacturing digital currency (Global News) Researchers at security firm Proofpoint said the related attack installs a currency “miner” that generates digital cash.
Another Large-Scale Cyber-Attack Underway, Says Proofpoint (NDTV Gadgets360.com) Another large-scale, stealthy cyber-attack is underway on a scale that could dwarf last week's assault on computers worldwide, a global cybersecurity firm told AFP on Wednesday.
Cryptocurrency-mining malware cashes in on NSA exploit that enabled WannaCry (Naked Security) WannaCry continues to hit headlines, but it’s not the first piece of malware to make use of the NSA’s EternalBlue exploit
What we currently know about the global cyberattack (ABC News) As danger from a global cyberattack that hit some 150 nations continues to fade, analysts are starting to assess the damage. Hard-hit organizations such as the U.K.'s National Health Service appear to be bouncing back, and few people seem to have actually paid the ransom. But the attack has...
3 Security Firms Say WannaCry Ransomware Shares Code with North Korean Malware (BleepingComputer) While initially, we thought this would be a silly and unsubstantiated discovery, the number of security firms claiming they've identified and confirmed connections between the WannaCry ransomware and malware used by the Lazarus Group has now gone up to three.
WannaCry Ransomware Attack Linked to North Korea, Cybersecurity Experts Say (FedTech) Microsoft has decried the stockpiling of “zero-day” exploits by agencies, like the National Security Agency, and says such behavior led to the attack.
Link seen between groups behind ransomware, RCBC cyber heist (Philippine Star) A cybersecurity firm said that the recent WannaCry ransomware attacks may be connected to the group that orchestrated one of the biggest cyberheists in history that involved a Philippine bank.
NSA warned Microsoft about vulnerability connected to ‘Wanna Cry’: report (TheHill) The National Security Agency warned Microsoft about a vulnerability in Windows after a hacker group began to leak hacking tools used by the agency online, the Washington Post reported late Tuesday.
Fearing Shadow Brokers leak, NSA reported critical flaw to Microsoft (Ars Technica) WaPo confirms long-held suspicions as NSA cyberweapons crisis threatens to grow worse.
Microsoft held back free patch that could have slowed WannaCry (Financial Times) Microsoft held back from distributing a free repair for old versions of its software that could have slowed last week’s devastating ransomware attack, instead charging some customers $1,000 a year per device for protection against such threats.
Chinese state media says US should take some blame for cyberattack (CNBC) Chinese state media on Wednesday criticized the United States for hindering efforts to stop global cyber threats in the wake of the WannaCry "ransomware" attack.
Malware Case Is Major Blow for the N.S.A. (New York Times) The latest nightmare for the agency, which is responsible for eavesdropping, code breaking and cyberespionage, appears to be far from over.
The WannaCry Ransomware Pandemic: Implications for the Vulnerability Equities Process. (The CyberWire) NSA is now believed to have warned Microsoft of the possibility that EternalBlue vulnerabilities were likely to be exploited in the wild.
Shadow Brokers threaten to unleash more hacking tools (Guardian) Group linked to NSA cyberwarfare tools used in ransomware attack threatens to set up ‘wine of the month’-style service
Hackers threaten to sell WannaCry code (CRN Australia) As cyber attacks start to ease.
Shadow Brokers, Who Leaked WannaCry Exploit, Planning Release More Zero-Day Bugs (Fossbytes) Leakers of the Windows SMB exploit, the Shadow Brokers are back again to release 0-day bugs, which is a mix of good news and bad news for us
WannaCry: a throwback to the past and a vision of the future (Lookout) When WannaCry started disrupting business operations, mobile devices enabled some work to continue. However, the vast majority of business are unprepared for a similar attack on mobile.
WannaCry: the ransomware worm that didn’t arrive on a phishing hook (Naked Security) Email doesn’t seem to have been the initial vector for WannaCry, which initially took hold in south-east Asia
WannaCry ransomware continues to puzzle cyber-security researchers (The Indian Express) Researchers are still unsure exactly how WannaCry ransomware spread as despite digging through old databases they could not find any phishing mails linked to the attack.
Patch or Perish: NERC-CIP and the Lesson of the WannaCry Worm (Navigant Research) Last Friday and over the weekend, thousands of computers were infected with the Wana Decrypt0r 2.0 or WannaCry worm. The rapid spread of this malware was due to its ability to seek out other comput…
WannaCry update: The worst ransomware outbreak in history (Avast) Avast update on WannaCry: who was affected, who was targeted, how to remove it, and more.
WannaCry fallout -- the worst is yet to come, experts say (CSO Online) The massive scale of the recent WannaCry ransomware attack has exposed some significant weaknesses in global IT systems, and we're likely to see more attacks leveraging similar techniques, and doing even more damage, security experts say.
Here's how WannaCry became the most virulent malware since Conficker (Tech2 ⋆ New York city blog) WannaCry a.k.a. WannaCryptor a.k.a. WCry is wreaking havoc in the digital world, particularly in Europe. At last count, this malicious bit of code has affected over 200,000 computers worldwide. WannaCry is officially known as WanaCryptor, that’s what the malware’s developer calls it anyway. For the sake of convenience, we’ll refer to it as WCry from …
Who are we kidding? WannaCry is not a first (Help Net Security) On Friday, May 12, 2017, the world was alarmed to discover that cybercrime has reached a new record, in a widespread ransomware attack dubbed WannaCry that
Kolkata worst affected by WannaCry attack: Quick Heal (The Hindu Business Line) Over 48,000 ransomware attempts detected in India
WannaCry: Smaller businesses are at great risk (Help Net Security) 87 percent reported that their SMB clients had been targeted by ransomware in the 12 months up to September 2016, according to Datto.
WannaCry and IoT: Vendors react (Help Net Security) Along with the security of "traditional" computers, we must also think and do more about the security of so-called Internet of Things (IoT) devices.
As WannaCry Spreads, Law Firm Reveals Separate Ransomware Cost Them $700,000 (SurfWatch Labs, Inc.) Businesses across the world are still recovering from last Friday’s outbreak of the WannaCry ransomware. On Monday, White House homeland security adviser Tom Bossert said that the ransomware had hi…
Exploit Kits Continue Attacks, While Slammer Worm Resurfaces in Check Point’s ‘Most Wanted’ Malware (GlobeNewswire News Room) Exploit Kit usage shows no sign of abating following surge in April, says Check Point
Brooks Brothers reveals theft of payment card details (Naked Security) Retailer suggests ‘unauthorized individual’ was behind the breach – and says it’s now resolved
Don't Panic: Breach at software developer shouldn’t affect its customers or its future (CSO Online) A leading independent Mac and iOS development company has chagrin, but says no customer or financial information leaked, nor was its website compromised.
Zomato Hacked; 17 Million Accounts Sold on Dark Web (HackRead) Since 2015 the Dark Web marketplaces have been flourishing. From drugs, weapons, databases, fake documents to all sorts of illegal stuff are available for
Muslim Dating Site ‘Pure Matrimony’: Reset Your Passwords (Motherboard) Motherboard obtained a list of 120,000 hashes that appear to relate to the site.
Mirai DNS Water Torture finance sector attack dominated Q1: Akamai (ZDNet) The vendor's first quarter threat report has found Mirai DNS Water Torture Attacks, a DNS query flood included in Mirai malware, targeted its customers in the financial services industry.
IOT still has vulnerabilities (PCMag India) The forecast is still a little gloomy if the Q1 2017 report is anything to go by
Security Patches, Mitigations, and Software Updates
How to Apply the Windows Update that Patches the EternalBlue SMB Exploit (Heimdal Security Blog) Here is how to apply the Windows update you need to patch the EternalBlue exploit used by WannaCry and Uiwix ransomware.
My Little CVE Bot (SANS Internet Storm Center) The massive spread of the WannaCry ransomware last Friday was another good proof that many organisations still fail to patch their systems. Everybody admits that patching is a boring task. They are many constraints that make this process very difficult to implement and... apply! That’s why any help is welcome to know what to patch and when.
Joomla users: Update immediately to kill severe SQLi vulnerability (Help Net Security) Version 3.7 of Joomla, pushed out less than a month ago, opens websites to SQL injection attacks, Sucury Security researchers have found.
Cyber Trends
Inside the Motivations Behind Modern Cyberattackers (Dark Reading) Attackers seeking money, dominance, and data are banding together and sharing infrastructure to target businesses.
WISeKey Explains What Happens When the WannaBes Move On to the Internet of Things (BusinessWire) WISeKey International Holding Ltd (“WISeKey”) (SIX:WIHN) announced today, that WannaCrypt ransomware - also known as WannaCrypt, WannaCry,
Marketplace
Wannacry Virus - Wannaprofit? Check Out Check Point Stock (ValueWalk) Wannacry Virus exploits a flaw in Windows XP, a legacy operating system that Microsoft no longer officially supports - CheckPoint Software
Cybersecurity — A big deal for contracting [Commentary] (Fifth Domain | Cyber) It is imperative that best practices be shared across disciplines and that everyone be involved — and fast!
Distil Networks Acquires Are You A Human (Marketwired) Investment expands braintrust of bot defense engineering talent, adds verified human dataset, and further positions Distil as the market leader in bad bot defense
Cisco to cut 1100 jobs (CRN Australia) Blames sales decline from service provider and public sector businesses.
Cisco earnings: Security sales continue to drive its software-as-a-service model (MarketWatch) Cisco earnings are expected to show continued growth in security, even as switching and routers decline.
Cisco’s Future Is Looking More Secure (WSJ) Cisco’s underperforming stock is due for a lift with the tech giant’s security business in focus as it reports earnings.
WannaCry attack lifts shares in cybersecurity firm Sophos to record high (Guardian) Oxfordshire-based firm inundated with calls in wake of last week’s ransomware attack on NHS and other businesses
The 3 Best Dividend Stocks in Cybersecurity (Madison) Cybersecurity stocks are usually considered growth plays instead of income plays. That's because many smaller cybersecurity firms aren't profitable, and they usually reinvest their cash back into marketing or R&D.
Why FireEye, Inc. Shareholders Have Nothing to Worry About (The Motley Fool) Though sales are slowing, the data security upstart is on the right track.
Karamba Raises $12M for Vehicle Security (eSecurity Planet) Connected and autonomous vehicles represent a growing threat vector that needs to be defended.
CACI awarded classified National Security contracts (Evertiq) CACI International has been awarded USD 349 million in previously unannounced awards on classified contracts with federal government customers.
CACI Receives $21M TO to Provide Cyber Security Support to NAVFAC (American Security Today) CACI International has been awarded a $21 million task order by the Space and Naval Warfare Systems Center (SSC) Atlantic to provide cyber security systems support to the Naval Facilities Engineering Command (NAVFAC) to enhance the security of industrial control systems important to America’s critical infrastructure. The two-year task order, awarded under the SPAWAR Integrated …
Corero feeling like a million bucks after latest order (Proactiveinvestors UK) Corero Network Security PLC (LON:CNS) - A US-based international web site hosting services provider has
WordPress announces bug bounty program (Help Net Security) WP is used by 28% of the top 10 million websites. The WordPress bug bounty program has been set up via the HackerOne platform.
PhishLabs Names Tony Prince CEO (CEO.CA) Charleston-based cybersecurity firm expands executive team with proven, experienced industry leadership
Veristor Adds Jackie Groark as Director, Security / CISO (PRNewswire) Expert in threat detection and intelligence brings real-world insights into security and risk management strategies
Products, Services, and Solutions
Distil Networks Enables Websites to Clean up Google Analytics for Free (Distil Networks) Google Analytics plugin lets users filter bot data that Google misses from reports providing deeper insights into real users and better decision making
Razberi and Cylance OEM Partnership Will Bring AI-Powered Cybersecurity to Video Surveillance Systems (BusinessWire) Razberi and Cylance® Inc. have signed an OEM agreement to embed CylancePROTECT® software in Razberi ServerSwitchIQ™ appliances, augmenti
SAP expands IoT platform (CRN Australia) Pulls additional machine learning, AI, big data analytics and blockchain.
FirstWave partners with Fortinet (NewsComAu) FirstWave Cloud Technology has signed onto the Fortinet FortiPartner Program, with leading global cyber security solutions provider Fortinet.
Not-So-Terrible Twos: IBM X-Force Exchange Celebrates Its Second Birthday (Security Intelligence) Since its inception two years ago, the IBM X-Force Exchange has grown into a comprehensive hub for industrywide threat intelligence collaboration.
Ridding Ransomware With IBM MaaS360 With Watson (Security Intelligence) MaaS360 cognitive UEM allows you to manage all endpoints from a single platform, making it easy to keep all systems current with software updates.
Technologies, Techniques, and Standards
NIST releases cybersecurity framework guidance in support of cyber EO (Fifth Domain | Cyber) The National Institute of Standards and Technology has released draft guidance to assist federal agencies in meeting the mandates of President Trump’s new executive order for strengthening the cybersecurity of federal networks and critical infrastructure.
DRAFT NISTIR 8170 The Cybersecurity Framework: Implementation Guidance for Federal Agencies (NIST) This document provides guidance on how the Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) can be used in the U.S. federal government in conjunction with the current and planned suite of NIST security and privacy risk management publications.
DHS wargames included a scenario similar to WannaCry (CSO Online) In March of 2016, the Department of Homeland Security conducted a national exercise to see how the government and the private sector would react to a multi-sector cyberattack on critical infrastructure. The scenario included malware mimicking some of the traits of WannaCry. In the end, the private sector saved the day, but not without facing some serious challenges.
5 Tools That’ll Help Keep Ransomware Off Your Devices (WIRED) Some pick-ups that could help protect you from the next big ransomware wave.
Why We Need a Data-Driven Cybersecurity Market (Dark Reading) NIST should bring together industry to create a standard set of metrics and develop better ways to share information.
Security updates belong in the limelight, not in the dustbin of history (WeLiveSecurity) Without regular security updates, your endpoint will be left standing alone against an entire army of cybercriminals who see you as easy prey.
How Big Fuzzing helps find holes in open source projects (Naked Security) Google’s beta project, OSS-Fuzz, has found 264 vulnerabilities in 47 open-source projects – so is it an idea whose time has come?
How To Safely Secure IoT Devices (Business Solutions) The Internet of Things (IoT) is a powerful business tool, opening new doors to connectivity, data, and efficiency. However, as IoT grows and becomes more common, the risks also increase.
DISA vice director: Cyber training most effective when done piecemeal (C4ISRNET) DISA's Vice Director Maj. Gen. Sarah Zabel, in providing details regarding cyber protection team training, explained piecemeal training seems to be what builds expertise.
Design and Innovation
Mobey Forum Calls for Mindset Change in Financial App Development (Fintech Finance) Security must be equal to feature development if banks are to mitigate risk in mobile services, contends new report The Risk Mitigation Workgroup of Mobey Forum, the global industry association emp…
Big Data & IoT Summit 2017: Lloyds dredges the 'data lake' (Computing) Machine learning has great potential when combined with big data, says Lloyds's Nicholas Williams - but watch out for the GDPR
Samsung: Here's how we're securing your smart TV (ZDNet) Samsung wants you to know that it really does take smart TV security seriously.
‘A robot doesn’t have to shoot back,’ Rodney Brooks says of machines in the military (TechCrunch) Rethink Robotics co-founder and CTO, former CSAIL director and all-around robot luminary Rodney Brooks joined the Disrupt New York stage this afternoon to..
Research and Development
Can data be secured while it’s being worked on? (C4ISRNET) Under a contract with the Office of the Director of National Intelligence, Galois will "explore the feasibility of securing data while it is being computed on through the use of fully homomorphic encryption (FHE)," according to a company news release.
Legislation, Policy, and Regulation
Too many spies spoil the intelligence broth (Live Mint) India’s intelligence community is growing but in an ad hoc manner, without any overarching strategy
South Africa: Improved Policies to Secure Cyberspace (allAfrica.com) Government is making inroads in putting in place policy and legislative measures that will secure South Africa's cyberspace.
New US IT security bill would force NSA to report WannaCry-style zero-day flaws (Computing) But not publicly, or to the software vendor itself
Cybersecurity Bill Would Shift Power From NSA (Fortune) A bill proposed in Congress would require the NSA to inform representatives of other government agencies about security holes it finds.
‘‘Protecting Our Ability 5 to Counter Hacking Act of 2017’’ or ‘‘PATCH Act of 6 2017’’ (United States Senate) A bill to establish the Vulnerability Equities Review Board, and for other purposes.
PATCH Act Is Important Step Forward on Federal Responsible Disclosure Policy (ITIF) Every year the federal government discovers countless vulnerabilities in software and hardware products used by millions of American businesses and individuals. But instead of responsibly disclosing this information to the developers who can fix these flaws, the U.S. government will sometimes hoard these vulnerabilities to use against others.
Public Knowledge Welcomes Cybersecurity PATCH Act (Public Knowledge) Today, Senators Brian Schatz (D-HI), Ron Johnson (R-WI) and Cory Gardner (R-CO), along with Representatives Ted Lieu (D-CA) and Blake Farenthold (R-TX), introduced the Protecting Our Ability to Counter Hacking (“PATCH”) Act.
IT modernization bill passes House (TheHill) New IT equipment is more secure and costs less in the long run than out of date systems currently in place.
Executive Order focuses on cyber-threats, agency responses (Compliance Week) With coincidental timing amid a global cyber-security attack by the WannaCry virus, President Donald J. Trump has issued an Executive Order on “Strengthening the Cyber-security of Federal Networks and Critical Infrastructure.”
The Cyber Workforce Gap: A National Security Liability? (War on the Rocks) In a remarkable confluence of events, the White House released their much-awaited cybersecurity executive order less than a day before the outbreak of a ma
House IT chair eyes 'cyber national guard’ as next legislative push (TheHill) Concept would boost "cross pollination of ideas" between government, private sector.
Lawmakers Ask For Hearings On Ransomware Attacks On Healthcare Sector (Homeland Security Today) Tuesday, two lawmakers sent a letter to the majority staff of the House Committee on Homeland Security requesting hearings on the cybersecurity posture of the nation’s healthcare and lifeline sectors in the wake of the recent worldwide ransomware attacks that brought many hospitals in Europe, especially in the UK, virtually to their knees, endangering lives of patients either in surgery or preparing to go into surgery.
Acquisition reform panel: Cut restrictions so DoD can take 'mission first' approach (Defense News) Ignore the noise and focus on what gets the job done the best, the panel says.
Litigation, Investigation, and Law Enforcement
Special counsel Mueller named to probe Trump-Russia ties (Military Times) The Justice Department on Wednesday appointed former FBI Director Robert Mueller as a special counsel to oversee a federal investigation into potential coordination between Russia and the Trump campaign during the 2016 presidential election.
Opinion | Rod Rosenstein saves the Republican Party from itself (Washington Post) The deputy attorney general poured some water onto a raging political inferno by appointing a special counsel to handle the Russia probe.
Exclusive - Trump campaign had at least 18 undisclosed contacts with Russians: sources (Reuters) Michael Flynn and other advisers to Donald Trump’s campaign were in contact with Russian officials and others with Kremlin ties in at least 18 calls and emails during the last seven months of the 2016 presidential race, current and former U.S. officials familiar with the exchanges told Reuters.
David Ignatius: The bull in the intelligence china shop (St. Louis Post-Dispatch) Think of the intelligence community and its fragile array of secret relationships as a china shop. Think of President Donald Trump as a bull, restless and undisciplined. For months, we’ve
Political Data Mining During Brexit Is Under Investigation in the UK (Motherboard) "What is happening now is just a fraction of what will become possible in the future."
A ‘Hacker’ Exposed a Mexican Drug Lord, Now He's Trying to Save His Own Life (Motherboard) The computer engineer secretly shot video of the purported heir to Sinaloa cartel boss Joaquín “Chapo” Guzmán and was reported to be living in the US under government protection. In fact, he’s stuck in Mexico.
Facebook fined $122 million for misleading EU over WhatsApp deal (Ars Technica) Facebook says it couldn't automatically match WhatsApp accounts; EC disagrees.
ATM Black Box attacks: 27 arrested all over Europe (Help Net Security) The efforts of a number of EU Member States and Norway, culminated in the arrest of 27 individuals linked with ATM Black Box attacks across Europe.
UK airport authorities arrest human rights activist for not sharing his passwords (HackRead) The director of CAGE human rights organization, Muhammad Rabbani was returning from a trip abroad last year when he was stopped at the UK airport for not r
Security Guard Hacks and Trashes Company Servers After Quitting His Job (BleepingComputer) A California judge has found Yovan Garcia, a former security guard, guilty for hacking his former employer, stealing proprietary software, and trashing the company network after he resigned and left his job.