Cyber Attacks, Threats, and Vulnerabilities
Researchers Say More Spectre-Related CPU Flaws On Horizon (Threatpost) Yet another speculative execution side channel flaw has been disclosed in processors - and security experts warn that more may be out there.
LA County Nonprofit Exposes 3.2M PII Files via Unsecured S3 Bucket (Dark Reading) A misconfiguration accidentally compromised credentials, email addresses, and 200,000 rows of notes describing abuse and suicidal distress.
With fears of full-scale cyberwar, questions of attribution arise (CIO Dive) Script kiddies and credential stuffers aside, the increase in nation-state activity and cyberespionage threats have begun to plague organizations across sectors.
Confucius Update: New Tools and Techniques, Further Connections with Patchwork (TrendLabs Security Intelligence Blog) We look into the latest tools and techniques used by Confucius, as the threat actor seems to have a new modus operandi, setting up two new websites and new payloads with which to compromise its targets.
Mosquito campaign by Turla undergoes significant TTPs shift (WeLiveSecurity) ESET researcher have discovered that the infamous Turla Mosquito campaign, often used for espionage purposes, has undergone a significant change to its Tactics, Techniques and Procedures (TTPs).
Brain Food botnet gives website operators heartburn (Proofpoint) Proofpoint researchers detail the purpose, function, and propagation of the Brain Food botnet.
Chinese Researchers Find Vulnerabilities in BMW Cars (SecurityWeek) Chinese researchers find over a dozen locally and remotely exploitable vulnerabilities in BMW cars. The company has confirmed the flaws and started rolling out patches
Legit tools exploited in bank heists (ComputerWeekly.com) Cyber criminals attacking the finance and other industry sector are continuing to exploit legitimate administration tools to hide their activities, highlighting the need for threat hunting, a report reveals
Dashlane Uncovers Troubling Password Patterns (Dashlane Blog) Virginia Tech and Dashlane Analysis Find Risky, Lazy Passwords the Norm Dashlane analyzed over 61 million passwords and uncovered some troubling password patterns. The analysis was conducted with research provided...
Mobile Giants: Please Don’t Share the Where (KrebsOnSecurity) Your mobile phone is giving away your approximate location all day long.
Cybercriminals Battle Against Banks' Incident Response (Dark Reading) 'Filess' attacks account for more than half of successful breaches of bank networks, new data shows.
Are manufacturers ready for ransomware? (Information Age) Tony Mannion, Sales Development Manager at SolutionsPT, examines the security challenges facing manufacturers running legacy systems and looks at how they can protect themselves against potential ransomware attacks.
New Supply Chain Cybersecurity Threats Emerge (ChiefExecutive.net) Amid new cybersecurity threats from China, companies must define their mission-critical vendors and review best practices with them.
State government hacked twice in three days (Idaho Business Review) Scant months after the state of Idaho took steps to beef up its cybersecurity, state government computers fell prey to two attacks in a matter of days. First, on May 9, an employee at the Idaho Tax…
City of Winder newest city hit with cyber-attack (CBS 46) The City of Winder is the latest municipality dealing with a cyber-attack. A city spokesperson has confirmed the city was hit with a virus on Monday that is currently affecting the city’s servers.
Cyber Trends
Re-thinking Security in the Privacy Era (AlienVault) Privacy has always had a degree of overlap with security. However, in recent years the dependency each has on the other has increased in regards to protecting individual information, the use of social media, and the requirements to respond to breaches.
The 2018 Duo Trusted Access Report: Enterprise Remote Access (The Duo Security Bulletin) Newly released! The 2018 Duo Trusted Access Report analyzes user behavior and the security of over 10.7 million devices and nearly half a billion authentications per month.
New Trustwave Report Uncovers Key Drivers Steadily Increasing Cybersecurity Pressures (BusinessWire) Trustwave releases the 2018 Security Pressures Report, a report that delves deep into the causalities of pressures security professionals face.
2018 Threat Hunting Report (Alert Logic) This report confirms that threat hunting pays off with earlier detection, faster response, and denial of future exploits. Download now and uncover key findings.
Attackers Hide in Plain Sight as Threat Hunting Lags: Report (SecurityWeek) Carbon Black surveyed the CISOs of 40 major financial institutions in April 2018 to understand how the finance sector is attacked and what concerns its defenders.
Mobile Fraud Soars as Social Sites Help Scammers (Infosecurity Magazine) Mobile Fraud Soars as Social Sites Help Scammers. RSA finds legitimate social platforms are unwittingly helping fraudsters
Security Status in M-Commerce Apps (AppSolid) SEWORKS' AppSolid and AppKnox analyzed the top 50 apps in the shopping category finding that no app was without vulnerabilities. M-commerce market share is expected to be over 50% by 2021. But, despite the increasing number of transactions on m-Commerce, are those apps truly safe and secure?
Companies may think they are ready for GDPR, but their employees are not (ZDNet) While EU organizations have been scrambling to meet the GDPR deadline, more than half their employees are not ready, according to a UK survey from Egress Software Technologies....
New Survey Details the State of Online Privacy and Social Media in America Amidst GDPR (PR Newswire) A new survey conducted by Washington-based digital agency Rad Campaign and...
Netsparker GDPR Survey: 10 Percent of C-Level Security Execs Say GDPR Will Cost Them $1M+ (BusinessWire) Netsparker Ltd., a leading player in the web applications security industry, has today released the results of its GDPR Survey. The survey of more tha
The state of cybersecurity at financial institutions (Deloitte Insights) How do financial services firms measure success with cybersecurity? A Deloitte survey examined how firms developed and deployed best practices. While many approaches are unique to individual firms, institutions are best to scrutinize and learn from their peers’ experiences.
Marketplace
Syncsort Talks Rebranding, IBM i Product Strategy - IT Jungle (IT Jungle) Think you know Syncsort? Who the company is and what it does? Well, you might want to take a fresh peek, because the company that acquired Vision Solutions and a handful of other IBM i software firms is on the move. In fact, it used the COMMON POWERUp 18 conference in San Antonio this week
Private equity firm taps two local execs to scout for government tech services acquisitions (Washington Business Journal) Welsh, Carson, Anderson & Stowe is partnering with two ex-Omniplex World Services executives to build a government services platform.
Cavirin Launches Global Channel Partner Program (Cavirin) Cavirin Connect Partner Program Enables Resellers, System Integrators, and MSPs to Address Customer’s Critical Security Issues
Products, Services, and Solutions
Kudelski Security Introduces Secure Blueprint – Industry’s First Cyber Business Management Platform (Kudelski Security) Kudelski Security Introduces Secure Blueprint – Industry’s First Cyber Business Management Platform
SecBI Announces New Automated Threat Detection & Investigation App for the Palo Alto Networks Application Framework (PR Newswire) SecBI, a disruptive player in automated cyber threat detection and...
TraceFree - The Very First Virtual Private Browser (Kickstarter) TraceFree is a browser specifically built for privacy that runs in the cloud giving you COMPLETE online privacy and security.
Okta's New Context-Based Tech Will Keep Workers From Having To Enter Passwords All The Time (CRN) Okta's Joe Diamond said a context-based approach considering device, IP and geolocation information is a more responsible way to provide highly-secure users with password-less access.
This Chrome plug-in will warn you when hackers have your password (CNET) And yes, it does have a system to avoid leaking your password itself.
Defending Critical Infrastructure from Cyberattacks Demands Multi-Disciplinary Expertise and a Radically New Approach (GlobeNewswire News Room) An important new collaboration has been announced this week between leading cybersecurity provider Virsec, and global professional services company GHD.
Bomgar Privileged Identity Automatically Secures Credentials and Controls Access to Critical IT Resources (BusinessWire) Bomgar Privileged Identity provides real-time privileged credential protection while ensuring authorized individuals have the access they need.
OPAQ Networks and Duo Security Partner to Deliver Two-Factor Authentication as a Security Service (BusinessWire) Technology alliance enables managed security services providers to offer Duo’s Trusted Access as part of OPAQ security-as-a-service platform.
New Bricata Software Update Tackles Security Alert Deluge and... (Bricata) Latest Product Update Provides Flexibility and Customization to Nuanced Alert Thresholds, Improves Metadata Collection Speed, Enterprise Scalability and Supports Cloud Deployments May 23, 2018 – Columbia, Md. – Bricata, Inc., a developer of modern intrusion detection and prevention solutions...
Portnox Announces Portnox CLEAR App for the Palo Alto Networks - Coinish.com (Portnox.com) Portnox, a market leader for network visibility, access control and device risk management solutions, today unveiled its Portnox CLEAR app for the Palo Alto Networks® (NYSE: PANW) Application Framework. Read more here.
Telos Streamlines FedRAMP Processes and Compliance with New Xacta 360 Template (BusinessWire) Telos Streamlines FedRAMP compliance with New purpose-built Xacta 360 template
WhiteSource Launches Next-generation Software Composition Analysis Technology for Prioritizing Open Source Security Alerts (PR Newswire) WhiteSource, the leader in open source security and license compliance...
Vectra introduces Cognito Recall to deliver AI-assisted threat hunting and enable conclusive incident investigations (Vectra Networks) Joins Cognito Detect as a cornerstone of the AI-powered Cognito cyberattack-detection and threat-hunting platform
Seal Network and Deloitte to Build Blockchain Anti-Counterfeiting Network With the European Commission (PR Newswire) Seal Network was selected by the European Commission to compete in the...
LogicHub Accelerates Security Operations with RSA Archer® Suite Support (PR Newswire) Intelligent security automation solution provider LogicHub today...
TrapX Security Joins Cylance to Combat Advanced Persistent Threats with Artificial Intelligence (PR Newswire) TrapX Security, the global leader in deception-based advanced...
MeasuredRisk and Exodus Intelligence Align to Automate Cyber Risk Inference at Light Speed (PR Newswire) MeasuredRisk, Inc., the pioneer of AI powered Risk Inference, has...
Many U.S. Businesses Not Prepared for May 25 Enforcement Deadline of GDPR, a European Union Regulation Requiring Protection of Customers' Personal Data (PR Newswire) CIS is ready to help decode the confusion surrounding GDPR and its implications for U.S. organizations
NorthState Technology Solutions Launches Compliance-as-a-Service for Credit Unions and Banks (PR Newswire) As part of a technology assurance strategy designed to meet the...
EQUIIS Adds New Secure Audio and Video Messaging to its Enterprise Mobile Communication Platform (PR Newswire) EQUIIS Technologies AG, a leader in secure mobile communications for the...
Akamai, Japan’s Largest Bank MUFG Announce Blockchain-Based Payment Network (CoinSpeaker) The cloud delivery platform Akamai and the financial group MUFG are developing a new blockchain-based online payment network. The technology is expected to come during the first half of 2020.
Zilliqa’s First Progress Update Event: Partnerships, Project Grants, and the Unveiling of Scilla (zilliqa) Since we first officially began work on Zilliqa, our plan has been to fix actual problems with actual solutions.
Technologies, Techniques, and Standards
Top 6 Mistakes That Will Blow Your Online Cover (SecurityWeek) Just one failure to use your misattribution tools can instantly connect your alias to your real identity.
What is Bro? And Why IDS Doesn’t Effectively Describe It [Overview... (Bricata) What is Bro? Bro is an open source software framework for analyzing network traffic that is most commonly used to detect network behavioral anomalies for cybersecurity purposes. Bro provides capabilities that are similar to network intrusion detection systems (IDS)... #bro #ids #opensource
Verifying data processing for privacy and GDPR (Help Net Security) Personal data processors and controllers will be obligated to maintain up-to-date and accurate records of identity data processing activity. Regulators will be able to request proof of compliance on demand from these organizations.
GDPR is almost here, what now? (YouTube) The GDPR goes into effect on May 25th, 2018, and even if you don't have a physical presence in the EU, you may still be subject to the regulations. Brian Vecci from Varonis will give you a quick run-down of what you need to know.
APNewsbreak: Pentagon adopts new cellphone restrictions (FederalNewsRadio.com) The Defense Department has approved new restrictions for the use of mobile phones and some other electronic devices in the Pentagon where classified information is present or discussed.
Why DoD cyber needs to be less football, more hockey (Fifth Domain) The Department of Defense is revisiting how cyber forces are trained to execute operations.
Why security suites are ousting traditional antivirus programs (Security Brief) In recent years, user privacy and security have become paramount, while criminals attempt to coerce, steal and manipulate users for their data.
Phishing is still a big problem, but users can help shrink it (GCN) If employees have an easy way to spot and report suspicious emails, security teams will get a steady stream of front-line threat intelligence.
Design and Innovation
Machine Learning Advances Can Strengthen Cyber Defense (SIGNAL) Out-of-the box thinking is needed when using machine learning to help secure systems, an expert says
Research and Development
Pakistan’s first-ever Cyber Security Centre launched (GulfNews) Aims to develop tools and technologies to protect cyberspace sensitive data and local economy from the cyber-attacks
Academia
Northrop Grumman Awards $52,500 in Scholarship Funds to Winning Teams of CyberPatriot X (Northrop Grumman Newsroom) Northrop Grumman Corporation (NYSE:NOC) awarded $52,500 in scholarships to high school students on the winning teams of the CyberPatriot X National Finals Competition held last month.
Refining STEM Education to Raise the Bar for Cyber (SIGNAL) From Head Start programs to internships and mentoring, panelists agree preparing the next generation of cyber warfighters comes down to facilitating opportunities.
Legislation, Policy, and Regulation
Europe's new GDPR data protection ruling will affect companies in the UAE (The National) The General Data Protection Regulation (GDPR) will come into effect on May 25 and those who fail to comply will face heavy fines
Trump proposes face-saving deal for ZTE - but Congress might oppose it (Computing) Another big fine, a management reshuffle and trade concessions could fix it for ZTE
Congressional Opposition Mounts Over White House Approach to Chinese Tech Deals (Wall Street Journal) Lawmakers are moving to thwart Trump administration efforts to ease restrictions on Chinese telecom giant ZTE and other sensitive technology, citing fears the positions would compromise national security in the latest twist in trade negotiations.
Why Congress Sees ZTE as National-Security Threat (Wall Street Journal) President Trump said he wanted to help China’s ZTE “get back into business” just one month after his administration imposed crippling penalties on the telecom company. The comment sparked backlash in Washington, forcing the president to justify his sudden interest in saving the controversial company.
Sen. Warner: ZTE poses national security threat (CNBC) Sen. Mark Warner (D-Va.) discusses the Trump administration's position on Chinese tech company ZTE and the trade negotiations between the U.S. and China.
Senators want National Guard on call for cyberattacks (Cyberscoop) A pair of Senate Democrats have introduced the Cyber Defenders Act, which would give the National Guard a bigger role in defending against cyberattacks.
Brit water firms, power plants with crap cyber security will pay up to £17m, peers told (Register) Problem: they can't pay like banks can...
Trump feels presidential smartphone security is “too inconvenient” (Ars Technica) Report: President Trump clings to his Twitter phone, reluctant to allow security checks.
Litigation, Investigation, and Law Enforcement
Mystery in Mueller probe: Where's the hacking indictment? (TheHill) In the year since the start of special counsel Robert Mueller’s investigation, one thing has been notably absent: a public indictment of any Russians for the hacking of the Democratic National Committee (DNC).
Homeland Security Chief Backtracks After Saying Russia Didn’t Try to Help Trump (New York Times) The agency’s secretary, Kirstjen Nielsen, appeared to counter conclusions by the intelligence community that Moscow sought to give President Trump an edge in the 2016 election.
FBI reportedly overestimated inaccessible encrypted phones by thousands (TechCrunch) The FBI seems to have been caught fibbing again on the topic of encrypted phones. FBI director Christopher Wray estimated in December that it had almost 7,800 phones that investigators were unable to access from 2017 alone. The real number is likely less than a quarter of that.
Zuckerberg didn’t make any friends in Europe today (TechCrunch) Speaking in front of EU lawmakers today Facebook’s founder Mark Zuckerberg namechecked the GDPR’s core principles of “control, transparency and accountability” — claiming his company will deliver on all that, come Friday, when a new European Union data protection frame…
Mark Zuckerberg Escapes Unscathed From European Parliamentary Questioning (Motherboard) Yet again, Facebook’s CEO avoided publicly answering tough questions from lawmakers.
Mark Zuckerberg's EU Parliament grilling labelled 'missed opportunity' for failing to answer questions (Computing) European Parliament criticised for letting Zuckerberg off the hook
Ninth Circuit’s Zappos Decision Is Cautionary Tale for Corporate Victims of Cyberattacks (Ropes & Gray) As the well-known proverb provides, “no good deed goes unpunished.” On March 8, 2018, the U.S. Court of Appeals for the Ninth Circuit unfortunately lent support to that theory when it reversed dismissal of a consumer data-breach class action against online retailer Zappos.com
Brazil conducts large-scale, cyber-crime operation to fight child porn (CGTN America) Brazil is doing its part to fight child pornography. Police conducted a nation-wide operation and arrested hundreds. Their message: was simple: People who harm children will be punished. CGTN’…
Georgia Votes in Primary Amid Cybersecurity Suit (Infosecurity Magazine) Voters show for primary despite lawsuit over cybersecurity of Georgia's voting machines
Manhattan Lawyer's Racist Rant, Other Events Show Social Media's Power Over Lawyers (New York Law Journal) A racist rant. Scrutiny over prolific billable hours. Controversy over arbitration pacts. All three have made news in the legal world in the past few months and all were thrust into the spotlight through social media.
The Wayback Machine is Deleting Evidence of Malware Sold to Stalkers (Motherboard) The Internet Archive's Wayback Machine is a service that preserves web pages. But the site has been deleting evidence of companies selling malware to illegally spy on spouses, highlighting the need to diversify digital archives.
GDPR Questions Answered: Are you still Covered if you Leave Europe? (Infosecurity Magazine) If you're an EU citizen, are you still protected under GDPR if you leave the EU to live in Asia?