Cyber Attacks, Threats, and Vulnerabilities
North Korea hasn't stopped cyberattacks amid peace talks (Cyberscoop) As Kim Jong-un speaks publicly about nuclear disarmament, North Korea's hacker army continues to target different businesses across Europe, Asia and even the U.S.
China Hacking Taiwanese Military Hospital Websites to Obtain Military Intelligence (Epoch Times) Taiwan has been braving relentless cyberattacks by Chinese hackers in the past four years, according to the latest statistics provided by the island nation’s military. Taiwanese websites, especially those run by the military, have been attacked hundreds of millions of times by the Chinese regime’s cyber army and unknown sources, reported Taiwanese newspaper The Liberty …
Yuri Zorya: Hacked military docs reveal how the Russian 18th motorized brigade invaded Crimea (KyivPost) The investigative volunteer community InformNapalm has analyzed Russian military files hacked by hackers from the Ukrainian Cyber Alliance (UCA), the so-called “hacktivists” responsible for hacking the email accounts of Putin’s gray cardinal Vladislav Surkov, known as #SurkovLeaks. Using the data, InformNapalm has tracked down members of Russian military brigades who took part in the occupation …
Expert warns how rogue nations could use new GDPR laws as a 'weapon' in Ireland (The Irish Sun) ROGUE nations could use the EU’s new data laws as a “weapon” against companies here. The warning from Lastline intelligence threat director Andy Norton follows new GDPR laws. General Data Protectio…
New Backup Cryptomix Ransomware Variant Actively Infecting Users (BleepingComputer) A new variant of the Cryptomix Ransomware has been discovered that appends the .BACKUP extension to encrypted files, changes the contact email, and provides a different ransom note message.
Forget VPNfilter – here’s BACKLASH, a networking hack from way, way back (Naked Security) With a name like BACKLASH, you might think this hack comes from the era of mechanical devices, with gears and pulleys. You’d be right!
Emerging 5G Technology Could Compromise SIM Card-Dependent IoT Devices on Massive Scale (TrendLabs Security Intelligence Blog) Already, current cellular network technologies such as 3G and 4G allow fast wireless communication. But the next evolution, 5G, is set to afford even faster connections along with greater reliability.
Singapore Security Alert As IoT Vulnerability Impacts SingTel Routers (Information Security Buzz) It has been reported that NewSky Security has uncovered a security vulnerability across all routers from Singapore’s leading internet service provider, SingTel. The uncovered vulnerability could potentially give access to all devices connected to the affected routers. Natan Bandler, CEO & Co-Founder at Cy-oT commented below. Natan Bandler, CEO & Co-Founder at Cy-oT: “This is yet …
Honda India Left Details of 50,000 Customers Exposed on an AWS S3 Server (BleepingComputer) Honda Car India has left the personal details of over 50,000 users exposed on two public Amazon S3 buckets, according to a report published today Kromtech Security.
Government issues warning on router-hacking virus (Vietnam News)
The Ministry of Information and Telecommunications’ Authority of Information Security on Tuesday warned that routers and storages in Việt Nam have been exposed to the VPNFilter virus.
Is your fitness tracker tracking you? Kaspersky security warning over smart watch and wearables' 'behavioural profiling' (Computing) Wearables' accelerometer and gyroscope signals can be used to identify individual users, claims Kaspersky
Dozens of Vulnerabilities Discovered in DoD's Enterprise Travel System (Dark Reading) In less than one month, security researchers participating in the Pentagon's Hack the Defense Travel System program found 65 vulnerabilities.
Was a Marine Corps website hacked? (Marine Corps Times) The FBI said it neither confirms nor denies the existence of an investigation.
Roseburg Schools pay ransom to recover information following cyber attack (KPIC) Roseburg Public Schools have chosen to pay a ransom to recover data from a computer attack. The cyber attack happened earlier this month, freezing access to the district's email system, website and business and accounting software. Distric
Security Patches, Mitigations, and Software Updates
Chrome 67 Patches 34 Vulnerabilities (SecurityWeek) Google this week released Chrome 67 to the stable channel to provide various improvements, including patches for 34 vulnerabilities.
Apple’s iOS 11.4 security update arrives in an iCloud of silence (Naked Security) We updated to iOS 11.4, because that’s our habit – but Apple still isn’t saying what was fixed yet. How we wish Apple wouldn’t do that!
This month's Windows and Office security patches: Bugs and solutions (Computerworld) The good news? Those embarrassing SSD bugs in Windows 10 version 1803 seem to be fixed. The bad news? Just about everything else.
Cyber Trends
Bitglass 2018 Report: Cloud Security Adoption Trails Cloud Usage, Leaving Two Thirds of Organizations Vulnerable (GlobeNewswire News Room) Security Gap Foreshadows Breach Risks as Cloud Adoption Tops 80 Percent
Estonian cyber-security ranks best in Europe, fifth in the world (SC Media UK) The second iteration of the Global Cyber-security Index announced at Information Society Forum 2017 praises the country for its response to the 2007 attack on its infrastructure from Russia.
Nearly 15 per cent of security pros would rather take their salaries in cryptocurrency (London loves Business) Lastline has today released results from a study of over 200 infosecurity professionals and found that one in seven (14.5 percent) would rather take their salaries in cryptocurrency than traditional, government-backed currency.
Marketplace
Cyber risk still a struggle for insurers (Insurance ERM) Progress in managing cyber risk exposures is continuing, but are insurers doing enough to convince regulators that they understand what they're doing? <strong>Paul Walsh</strong> reports
Cybersecurity skills shortage: vendors step up to address workforce shortfall (Verdict) A cybersecurity skills shortage is leaving companies struggling to hire qualified workers. Can efforts by cybersecurity vendors plug the gap?
Darktrace becomes Cambridge’s 16th $Bn business and No.17 is looming (Business Weekly) Cyber defence technology specialist Darktrace has become the Cambridge UK cluster’s 16th billion dollar company and its fastest to achieve unicorn status.
Ziften enters Germany and Netherlands to disrupt cybersecurity markets (Security Brief) Ziften has expanded into European cybersecurity markets after announcing 2 major partnerships to carry its Microsoft Azure-powered endpoint solution.
Palo Alto's stock rallies toward record high after analyst boosts price target ahead of earnings (MarketWatch) Shares of Palo Alto Networks Inc. PANW, +0.86% rallied 1.1% in morning trade Wednesday, putting them on track for a record close, after a Stifel Nicolaus analyst raised the price target on the network security company less than a week before the company reports fiscal third-quarter results.
Duo Security expands operations following last year's $70M Series D raise (Silicon Prairie News) In less than eight years, Duo Security has become one of the fastest growing venture-backed cybersecurity companies in the world. Since 2010, the Ann Arbor, Michigan-based company has defended organizations against data breaches by making security easy and effective and has expanded to include offices in Detroit; Austin, Texas; San Mateo, California; and London, England....
The dark side of Israeli technology: Six takes on the sale of cyberattack firm NSO (haaretz.com) Unlike companies whose technology protects customers against cyber attack, by any measure, NSO is a weapons firm
Siemens to open cybersecurity centre in Fredericton, create up to 60 jobs (CBC) Siemens will open a cybersecurity centre in Fredericton, creating up to 60 jobs with up to $3.6 million in assistance from the provincial government, Premier Brian Gallant announced on Wednesday.
MinerEye Appoints Cylance Chief Security and Trust Officer Malcom Harkins to Its Advisory Board (PR Newswire) MinerEye, a provider of AI-powered data governance solutions...
Products, Services, and Solutions
Bromium Brings Virtualization-Based Security to the Masses With Targeted Use Cases to Address Key Organizational Pains (GlobeNewswire News Room) Bromium®, Inc., the pioneer and leader in virtualization-based endpoint security that stops advanced malware attacks via application isolation, has announced the release of Bromium Secure Platform 4.1.
NSS Labs Initiates 2019 Advanced Endpoint Protection Group Test and Invites Industry Engagement to Help Evolve its Forthcoming Test and Methodology (GlobeNewswire News Room) NSS Labs, Inc., a global leader and trusted source for independent, fact-based cybersecurity guidance, today announced that it is developing the next iteration of its Advanced Endpoint Detection (AEP) Group Test with results expected to be released in early 2019. As part of today’s announcement, the company is also issuing a call for industry engagement from both enterprises and AEP vendors to help shape and evolve its upcoming AEP Group Test and accompanying methodology.
Imperva Unveils Attack Analytics to Speed Identification of the Most Critical Attacks (BusinessWire) Imperva Attack Analytics automatically group, consolidate and analyze thousands of WAF security alerts to identify the most critical security events
Exabeam Announces Strategic Integration with Carbon Black (GlobeNewswire News Room) Data Sharing Between Platforms Will Help Security Analysts Improve Advanced Threat Detection and Reduce Incident Response Time
U.S. Department of Defense Secures the DTS With Help From Hackers on HackerOne (BusinessWire) HackerOne, the leading hacker-powered security platform, today announced the results of Hack the DTS (Defense Travel System), the fifth U.S. Departmen
Bugcrowd Elevates Standards of Security in Crowdsourced Security Market (GlobeNewswire News Room) SOC 2 Type 1 and ISO 27001 Certifications demonstrate that Bugcrowd’s Crowdcontrol(TM) Platform upholds the highest standards of security
1Password 7: A new design and added security features (Help Net Security) AgileBits has released 1Password 7 for Mac and Windows. The password manager is among the most long-lived and popular offerings of its kind out there.
6 of the best security software solutions for 2018 (Mashable) Tighten up your computer's security with these software suites.
Technologies, Techniques, and Standards
Companies Struggle to Stay On Top of Security Patches (Wall Street Journal) As companies incorporate countless internet-connected devices in their networks, the patching problem is only going to get worse.
Here are the results of the latest Hack the Pentagon (Fifth Domain) HackerOne released the latest results of the Hack the Pentagon initiative.
Special Operations Command Takes Aim At Enemies Hiding Files Inside Seized Electronics (Defense One) Terror groups are using new techniques to reduce the intel value of seized laptops and cellphones.
Considerations For Evaluating Vendor Risk Management Solutions (SecurityWeek) The Vendor Risk Management (VRM) space has quickly become a hot topic this year. It seems like everywhere you turn, new companies offering VRM solutions are popping up.
6 Security Investments You May Be Wasting (Dark Reading) Not all tools and services provide the same value. Some relatively low-cost practices have a major payoff while some of the most expensive tools make little difference
Tips for Hardening Networks Against IoT-based DDoS Attacks (SecurityWeek) Stopping DDoS attacks is not a matter of improving security of IoT devices. Enterprises need to take responsibility and be better at identifying and preventing DDoS attacks as they happen in real time.
The Human Factor In Cybersecurity: Turning A Threat Into A Resource (Forbes) In the last decade, there has been a change in the quantity and type of cyberattacks that we face as a society, especially with regard to zero-day attacks.
How digital spring cleaning can protect your personal information (WMBF News) Cleaning the house may be on your to-do list this spring, but when it comes to de-cluttering you may be overlooking a significant space: your online platforms.
Design and Innovation
'Smart' Vendors Make Splash (Forbes) At last fall’s NetEvents press/analyst/vendor confab, I called out three vendors as ‘sexy.’ This year, the three vendors that stand out are ‘smart.’
Research and Development
DHS S&T Announces Four SBIR Awards to Secure Mobile Device Firmware (Newswise) Four small technology firms were awarded Small Business Innovation Research contracts by the DHS Science and Technology Directorate (S&T) to create solutions that will automate analysis of mobile technology firmware at scale and identify vulnerabilities and prepositioned cyber-threats.
SafeBreach Awarded First Patents in Breach and Attack Simulation Market (GlobeNewswire News Room) Company Extends Leadership and Advances the State-of-the-Art with Three Initial Awards
Academia
Women to be trained on safe net use (ETTelecom.com) The pilot programme will enable trainees to differentiate between credible and questionable information, Facebook said.
Elite Designation for Cyber Ops Program From NSA (UANews) A program at the University of Arizona that began only 18 months ago has been recognized as one of the best in the country for 2018-2019.
Legislation, Policy, and Regulation
Not to Aecon, nor to Huawei: The security of Canada can never be for sale (The Globe and Mail) Ottawa must get serious about protecting the security of Canadians in the face of explicit Chinese plans to use their country’s companies to advance Beijing’s interests
Australian MP is next to call for a ban on Chinese 5G equipment (Telecom Tech News) Australian Labor MP Michael Danby has become the latest politician to call for a ban on buying 5G network equipment from Chinese firms claiming they are ‘controlled’ by the government.
Sen. Mark Warner criticizes Trump's ZTE deal as a mistake (CNET) The leading Democrat on the Senate intelligence committee says ZTE and other Chinese tech companies are closely aligned with the Chinese Communist Party.
Former President Ilves stresses need for united body to fight cyber warfare (ERR) Former Estonian president Toomas Hendrik Ilves has highlighted the need to organize a union aimed at combatting the threat of cyber warfare and in particular in defending liberal democracies worldwide.
Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats (US Department of Commerce) This report responds to the May 11, 2017, Executive Order, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” That order called for “resilience against botnets and other automated, distributed threats,” directing the Secretary of Commerce, together with the Secretary of Homeland Security, to “lead an open and transparent process to identify and promote action by appropriate stakeholders” with the goal of “dramatically reducing threats perpetrated by automated and distributed attacks (e.g., botnets).”
In war against botnets, manufacturers need to step up, report says (Cyberscoop) The problem of botnets — the legions of computers used to carry out distributed denial-of-service attacks — is exacerbated by the fact that developers do not have the cost incentives to build more security into their products, according to a new report from the departments of Commerce and Homeland Security.
5 ways government will fight against botnets (Fifth Domain) A new report from The Departments of Commerce and Homeland security listed many areas where the U.S. can improve its botnet defense, and five where government can get the ball rolling.
DOE Announces New Efforts in Energy Sector Cybersecurity (POWER Magazine) The Department of Energy released its Multiyear Plan for Energy Sector Cybersecurity, asserting DOE's place as the sector specific agency on cybersecurity.
National Assembly debates internet security law (VietNamNet) National Assembly (NA) deputies have raised concerns that the draft law on internet security will prevent Vietnamese citizens and companies from accessing information on the web.
GDPR has established Europe as leaders in data protection (Raconteur) With the introduction of GDPR, Europe has set a precedent for data protection best practice which has been witnessed all over the world. Businesses in non-EU countries wanting to trade with Europe must now comply with these regulations.
Privacy Laws: compliant? Who? Me? (Mondaq) Business collecting any information relating to a natural person are required to comply with Australian privacy laws.
U.S. Commerce Chief Warns of Disruption From EU Privacy Rules (SecurityWeek) The costs of the new GDPR law could be significant, to the point where it may "threaten public welfare on both sides of the Atlantic," according to U.S. Commerce Secretary Wilbur Ross.
The tech giants are fighting privacy regulation: what price will we pay for a free digital society? (Computing) The Developers Alliance's criticisms are self-serving and omit any mention of opportunities, argues privacy campaigner Geoff Revill
Senators Urge Bolton to Reconsider Cyber-Tsar Role (Infosecurity Magazine) Democrats want Trump administration rethink
Obama's US Digital Service Survives Trump–Quietly (WIRED) Team created in 2014 to make the government more tech-friendly soldiers on, helping agencies work more efficiently and save money.
DHS cyber shop continues to push rebrand (FCW) The National Protection and Programs Directorate wants to change its name to match its focus on cross-cutting infrastructure threats.
Cyber Mission Force at Full Power–What Now? (Meritalk) The U.S. Cyber Command is ready for its close-up. The command announced May 17 that all 133 of its Cyber Mission Teams are fully operational, capping a roughly one-month stretch that saw the arrival of a new commander, the opening of a new operations center, and the official designation of Cybercom as a full unified combatant command.
California Senate votes to restore net neutrality rules (Help Net Security) The California State Senate voted yesterday in favor of a bill aimed at restoring the net neutrality protections put in place by the Federal Communications Commission in 2015, and preventing ISPs from engaging in practices that are inconsistent with a free and fair Internet. These protections were repealed by the FCC
Litigation, Investigation, and Law Enforcement
Kaspersky attempt to overturn government ban dismissed by US courts (Computing) Doesn't have leg to stand on, suggests Judge, as she tosses out two Kaspersky lawsuits
Icann Files Suit in Germany in Bid to Clarify GDPR (Infosecurity Magazine) Oversight body’s Whois policy threatens to run foul of new law
Telegram CEO: Apple has “prevented” app updates globally since April (Ars Technica) As a result, Telegram reportedly missed the GDPR deadline in the EU.
Cybersecurity: Why It Matters In M&A Transactions - Security - Austria (Mondaq) The scope of cybersecurity due diligence needs to be assessed on a case-by-case basis.
CIA contractor secretly hoards his classified work (CSO Online) Former CIA contractor Reynaldo Regis pled guilty to keeping secret notebooks of his work within the CIA from 2006-2016 and storing the notebooks in his home.
Expert defense witness for accused leaker Reality Winner is government's former 'Classification Czar' (The Augusta Chronicle) The defense team for a former Fort Gordon contractor suspected of leaking a classified document filed its first notice of an expert witness –
Inmates pirated movies from computers they build with spare parts (HackRead) According to reports, inmates managed to assemble dozens of computers using different parts and pirated software and ran a full-fledged movie network from the prison.
Nuisance call bosses, get your wallets ready! (Naked Security) Currently, only businesses themselves are liable for the fines, so the directors declare bankruptcy and then play whack-a-mole. They may now be held personally liable to the tune of up to £500,000.…