Cyber Attacks, Threats, and Vulnerabilities
Security firm: North Korean cyber hacks have continued amid summit talks (TheHill) Suspected North Korean hackers have been conducting offensive cyber operations on financial institutions amid discussions between Washington and Pyongyang on a possible nuclear summit between President Trump and Kim Jong Un, a cybersecurity firm says.
North Korea-Linked Group Stops Targeting U.S. (SecurityWeek) A threat actor linked to North Korea’s Lazarus Group has stopped targeting organizations in the US, but remains active in Europe and East Asia
ActiveX Zero-Day Discovered in Recent North Korean Hacks (BleepingComputer) A North Korean cyber-espionage group has exploited an ActiveX zero-day to infect South Korean targets with malware or steal data from compromised systems, local media and security researchers have reported.
Chinese interference in New Zealand at 'critical' stage, says Canada spy report (Guardian) Jacinda Ardern says country is ‘vigilant’ and that Five Eyes membership is not being questioned
Bug In Git Opens Developer Systems Up to Attack (Threatpost) A serious vulnerability was patched by developers behind Git that closes the door on a flaw that could lead to arbitrary code execution on a developer's system.
Botnet Operators Team Up To Leverage IcedID, Trickbot Trojans (Threatpost) The botnet operators behind two infamous trojans have banded together to gouge victims in a costly scheme.
Rig Exploit Kit Now Using CVE-2018-8174 to Deliver Monero Miner (TrendLabs Security Intelligence Blog) Based on the latest activities we’ve observed from Rig, they’re now also exploiting CVE-2018-8174, a remote code execution vulnerability patched in May and reported to be actively exploited. Along with updates in code, we also observed Rig integrating a cryptocurrency-mining malware as its final payload.
HTTP Parameter Pollution Leads to reCAPTCHA Bypass (SecurityWeek) A security researcher discovered that it was possible to bypass Google’s reCAPTCHA via HTTP parameter pollution.
Open Redis Servers Infected with Malware (Infosecurity Magazine) More than two-thirds of the open Redis servers contained malicious keys.
CERT-In warns of new viruses that steal money, user data (Hindu Business Line) Virtual girlfreind and panda banker have crept into the Indian cyberspace
Banks hit as trojans displace ransomware as top malware: Proofpoint (iTWire) A new banking Trojan, dubbed “DanaBot”, targeting users in Australia via emails containing malicious URLs has been discovered, according to security f...
Is Your Google Groups Leaking Data? (KrebsOnSecurity) Google is reminding organizations to review how much of their Google Groups mailing lists should be public and indexed by Google.com.
Wide open Apache Airflow server at Universal Music Group contractor exposes FTP, SQL, AWS credentials (SC Media US) Researchers at the Kromtech Security Center, who discovered the unprotected server, said that because Airflow is wide open by default, organizations need to take steps to safeguard servers.
Chrome and Firefox leaks let sites steal visitors’ Facebook names, profile pics (Ars Technica) Cutting-edge hack exploited newly added graphics feature until it was patched.
PSA: 'mshelper' Cryptominer Malware Targets Macs (The Mac Observer) There's malware called 'mshelper' currently targeting Macs, according to security firm Intego. This malware is likely being spread by fake Flash installers, and is cryptomining malware that uses your CPU to mine Monero in the bad guy's name, which is also known as cryptojacking.
Hacker Defaces Ticketfly’s Website, Steals Customer Database (Motherboard) A hacker took control of Ticketfly's website and claims to have stolen the company's customer database.
Ransomware attacks on supply chains are on the rise (TechHQ) Last year saw the worrying increase in ransomware and other cybercrime. As these threats rise further, it seems that businesses are faced with the challenge of safeguarding their supply chains. New research from the NTT Security 2018 Global Threat intelligence Report by Dimension Data, found a significant increase in the number of ransomware attacks aimed at supply chains last year.
CSS Is So Overpowered It Can Deanonymize Facebook Users (BleepingComputer) Some of the recent additions to the Cascading Style Sheets (CSS) web standard are so powerful that a security researcher has abused them to deanonymize visitors to a demo site and reveal their Facebook usernames, avatars, and if they liked a particular web page of Facebook.
SS7 routing-protocol breach of US cellular carrier exposed customer data (Ars Technica) 40-year-old SS7 is being actively used to track user locations and communications.
Australian real estate agents a trending target for cybercrime (ZDNet) Typically Nigerian, these cybercriminals are highly organised. Their teams of mules can shift everything from iPhones to Lego, not just money. And they can smell blood in the water.
AWS outage killed some cloudy servers, recovery time is uncertain (Register) ‘Power event’ blamed, hit subset of kit in US-EAST-1
Security Patches, Mitigations, and Software Updates
We found 1 good reason to get the iOS 11.4 update – rogue message handling (Naked Security) We’re going entirely on deduction here, but our iPhone seems to be handling “messages of death” more safely after we updated to iOS 11.4.
Valve Patches Security Bug That Existed in Steam Client for the Past Ten Years (BleepingComputer) Valve developers have recently patched a severe security flaw that affected all versions of the Steam gaming client released in the past ten years.The vulnerability would have allowed an attacker to execute malicious code on any of Steam's 15 million gaming clients.
Huawei Patches Four Server Bugs Rated High Severity (Threatpost) Huawei stamps out four high-severity bugs impacting 20 server models ranging from its XH, RH and CH lines.
Cyber Trends
Cybercrime Is Skyrocketing as the World Goes Digital (Dark Reading) If cybercrime were a country, it would have the 13th highest GDP in the world.
Are Ransomware Attacks Rising or Falling? (Security Intelligence) There are conflicting reports over whether or not ransomware attacks are growing. Many organizations state that it's the most popular malware form, but is this true?
The Bleak State of Federal Government Cybersecurity (WIRED) Nearly three out of four federal agencies are unprepared for a cyberattack, and there's no system in place to fix it.
SECURITY: White House report flags gaps in grid cyber readiness (E&E News) Federal energy officials have identified gaps in the U.S. grid's defenses against a major cyberattack, according to a highly anticipated White House report released yesterday.
US Government Botnet Report Warns About Lack of Security Tool Use (eWEEK) A report to the president from the departments of Commerce and Homeland Security outlines gaps in the fight against distributed attacks and calls on the industry to do more.
Rising number of shadow devices leaves networks vulnerable (Health Data Management) Study finds a third of organizations have more than 1,000 unauthorized IoT devices connected to their networks.
Shark Tank’s Robert Herjavec Says Complexity Will Drive More Specialization in Security (Wall Street Journal) “The level of complexity is increasing and becoming narrower,” Mr. Herjavec said in an interview with CIO Journal on Thursday. “In the past, if you knew security you could work on identity, you could work on firewalls, you could work on architecture. Because all those areas are growing and becoming much more complex, I need silos of knowledge.”
Synack Releases New Industry Report to Outline the Crowdsourced Security Testing Landscape (Benzinga) Synack releases a new industry report for CISOs and security decision makers that outlines the differences between security programs that utilize bug bounties to find...
What The Tempest Can Teach Us About Security Operations (SecurityWeek) Security teams should prioritize the value of learning from the past and experience to combat the latest cyberattacks.
Marketplace
'Techsploitation' Demonstrators Blocked Google and Apple Buses With Scooters (Motherboard) Activists in San Francisco used scooters and tech buses to protest the industry’s presence in the city.
Fraud Protection Firm Signifyd Raises $100 Million (SecurityWeek) Signifyd, a company that provides fraud protection solutions for e-commerce businesses, raised $100 million in a Series D funding round and opened its first European branch
CyberInt Completes $18m Funding Round (PR Newswire) CyberInt announces Growth Equity Investment from Viola Growth to...
Thoma Bravo to Acquire Majority Interest in LogRhythm (PR Newswire) Thoma Bravo, a leading private equity investment firm,...
Boulder cybersecurity firm LogRhythm acquired as it heads into next growth phase (The Denver Post) “We’ve had great partners to help us get from the early days when it was just three of us in Boulder to over 650 employees today,” said CEO and cofounder Andy Grolnick, adding tha…
Epiq Acquires Soliton Systems’ E-Discovery Business, Japanese Character Processing (American Lawyer) The acquisition provides a direct answer to the East Asian language barrier problems many U.S.-based e-discovery providers face.
After Funding DeferPanic Repositions to Rule the Future of Unikernel (PR Newswire) One month after closing a $1.5 million seed round, DeferPanic announces...
Dunbar Armored to be bought by The Brink’s Co. in $520M deal (Maryland Daily Record) A privately-owned cash management company in Hunt Valley has a deal to be acquired by a competitor for more than a half a billion dollars.
Citizen Lab Calls on Francisco Partners to Address Impact of Surveillance Products (CTECH - www.calcalistech.com) Nasdaq-listed business intelligence company Verint is negotiating a $1 billion merger with NSO, an Israeli cyber surveillance company controlled by the private equity firm
Cylance® New Irvine Headquarters Reflect Rapid Growth (BusinessWire) Cylance Inc., the company that revolutionized endpoint security with true AI-powered threat prevention, today announced the grand opening of its 135,0
The Chertoff Group Expands Team With Security Expert Robert Anderson (Benzinga) With more than 30 years of experience, Anderson helps The Chertoff Groups' clients tackle their most critical security challenges
Products, Services, and Solutions
New infosec products of the week: June 1, 2018 (Help Net Security) JASK transforms how SOC operators visualize cyber attacks JASK is capturing industry demand with new features centered around enterprise-wide alert linkages and analyst workflow efficiency. Enhancements include the JASK Navigator, a visually-driven, contextually-rich investigation console that provides SOC analysts a
1touch.io Launches First Privacy Management and Control Solution Purpose-Built for GDPR (PR Newswire) Technology startup 1touch.io today launched the first data and...
Interset 5.6 Zeroes in on Endpoint Security with AI-enabled Security Analytics (GlobeNewswire News Room) New and expanded analytics for the endpoint help organizations identify zero-day attacks
Dell Virtustream given permission to handle sensitive Govt data (ARN) Aussie partners tapping into Dell Virtustream’s offering may be able to step up their public sector play, with the vendor being granted authorisation to handle sensitive government data.
Network security has become irrelevant: Zscaler CEO (ETCIO.com) Jay Chaudhry, CEO, Chairman and Founder, Zscaler shares his views on how the company has redefined security, why adopting security for a non-appliance..
Edinburgh cyber security companies agree partnership (businessInsider) Assure APM links up with ZoneFox to combine its security platforms which now provide 'seamless protection' in any cloud and most end user devices
EZShield Expands Monitoring Services to Arm Financial Institution Customers with Greater Identity Protection (Virtual-Strategy Magazine) EZShield, an industry-leading provider of secure, digital identity protection and resolution services for financial institution clients and their customers, has recently made Financial Account Monitoring and Financial Transaction Monitoring services available to financial institutions.
Technologies, Techniques, and Standards
Resetting Your Router the Paranoid (=Right) Way - SANS Internet Storm Center (SANS Internet Storm Center) You probably heard the advice given earlier this week to reset your router due to some malware referred to as "VPNFilter" infecting a large number of routers. I do not want to second guess this advice, but instead, outline a couple of issues with "resetting" a router.
This Is How the Internet Crosses the Ocean (Motherboard) Many people overlook the fact that the internet relies on vast networks of cables connecting continents under the sea.
Can AI smarts replace humans in the Security Operations Centre? (SC Media UK) Newly published research suggests 27 percent of enterprise security teams see more than 1 million alerts per day.
Building Blocks for a Threat Hunting Program (Dark Reading) Guidance for businesses building threat intelligence strategies while overwhelmed by threats, lack of talent, and a healthy dose of skepticism about the market.
FIDO pushes its 'death of the password' narrative into Europe (Computing) With Google, Mozilla and Microsoft all adopting the passwordless standards, FIDO2 is a 'strong regulatory fit' with GDPR and PSD2
New vulnerabilities give cybercriminals 7 days to compromise your network (CSO) Cybercriminals have a 7-day window of opportunity to use vulnerabilities against a target Web site before their activity is likely to be detected or stopped with a patch, according to new research that suggests the rapid time to exploit is keeping defenders continually on the back foot.
Facebook Must Patch 2 Billion Human Vulnerabilities; How You Can Patch Yours (Dark Reading) The situation Facebook is in should be prompting all security teams to evaluate just how defenseless or protected the people in their organizations are.
Dealing with insider threats (Enterprise Times) Ronald Sens takes a look at how companies need to address insider threats both unintentional and intentional. He postulates that training and observation are the key to success
Design and Innovation
Air Force Cyber Strategy Conference sparks innovative ideas for cyber (Maxwell Air Force Base) Air University’s Cyber College hosted the 2018 Air Force Cyber Strategy Conference, May 22-23, here. The event welcomed cyber experts from around the nation to discuss the importance of innovating
The Real Reason Google Search Labeled the California GOP as Nazis (WIRED) No, Big Tech isn't trying to defame conservatives. But Google did make a big mistake.
Google Started a Political Sh[**]storm Because of Its Over-Reliance on Wikipedia (Motherboard) The feature that caused Google to say the ideology of the California Republican Party is "Nazism" is killing Wikipedia.
Research and Development
The 'Thanksgiving Effect' and the Creepy Power of Phone Data (WIRED) Researchers used smartphone-location data and polling results to peer into millions of people's personal lives. Could bad actors do the same?
As DHS Secretary Nielsen Maps New Cybersecurity Strategy, S&T Lends R&D Support (Newswise) The Department of Homeland Security’s Science and Technology Directorate (S&T) is working in tandem with DHS operational components by conducting research and development (R&D) in numerous areas that will help strengthen DHS’s ability to detect and defend against cyberattacks.
Academia
Queen's University invests £500k in new cyber security lab (The Irish News) QUEEN's University in Belfast in investing half a million pounds in a new state-of-the-art cyber security research lab.
UNH launches master's degree program in cybersecurity (New Hampshire Union Leader) The University of New Hampshire is offering a master's degree in cybersecurity policy and risk management to meet the demand of private and public employers.
Military Veterans and School Teachers Offered Free Cyber-Security Career Pathway & Curriculum Conference in Prince William County (BusinessWire) Free Cyber-Security Career Conference for Veterans & School Teachers to be held at George Mason University in Prince William County, Va.
Legislation, Policy, and Regulation
Threat Report 2018: Russia's Military Doctrine of Deception and Deniability (The Cipher Brief) Russia’s doctrine of deception – known as Maskirovka, Russian for “masking” or “camouflage” – is a foundational component of Russia’s strategic mindset.
German lawmakers cite NSA and Facebook scandals in rejecting US drone tech (Defense News) The debate over a new German weapons-capable drone showcases mistrust by some politicians in Berlin toward U.S.-made defense equipment.
As Trump saves ZTE, it's up to Congress to keep China tech company honest (Dallas News) Why, on this green earth, is the president of the United States stepping in to save a Chinese technology company? And why now, at a time when the...
Cruz Attempts to Stop Political Weaponization of Security Clearance Process (Washington Free Beacon) Sen. Ted Cruz (R., Texas) placed a provision in the NDAA that would require the department to report to Congress when security clearances are taken away
How the NGA App Store Put Tech Acquisition in Top Gear (Nextgov.com) The National Geospatial-Intelligence Agency can bring innovative software tools to government in as little as a few months.
Security researchers call for changes to defence exports regime (Computerworld) A group of information security researchers has called for changes to Australia’s Defence Trade Controls Act. The group argues that the current DTCA regime can act as a barrier to cryptography research.
Rwanda passes cyber crime law
(Xinhua) Rwanda's lower house, Chamber of Deputies, Thursday passed a cyber-crime law aimed at helping the government and the private sector to combat cyber crime.
An advert against online privacy (Graham Cluley) Not everyone is in favour of better privacy online.
The advertising industry, for instance, has its knickers in a twist so tightly about European privacy regulations that it made an over-the-top video.
Litigation, Investigation, and Law Enforcement
German Spy Agency Can Keep Tabs on Internet Hubs: Court (SecurityWeek) Germany's spy agency can monitor major internet hubs if Berlin deems it necessary for strategic security interests, a federal court has ruled
ICANN Launches GDPR Lawsuit to Clarify the Future of WHOIS (Threatpost) WHOIS, the searchable "phonebook" of contact data for internet domains, may violate GDPR -- or it may not. A lawsuit seeks to find out which it is.
Civil liberties groups press Trump administration on NSA call record collection (TheHill) Two-dozen civil liberties organizations are urging U.S. officials to disclose more details on the more than 500 million call records collected on Americans by the National Security Agency (NSA) last year.
Atlanta officials deny requests for records amid cyber attack (WTOC) It has been more than two months since the City of Atlanta was crippled by a massive cyber attack. While some city services have recovered, other departments have not. The city continues to pay mil...
Policing Cryptocurrencies Has Become a Game of Whack-a-Mole for Regulators (New York Times) The challenge for the government is that cryptocurrencies are so new they don’t fit well into the laws prohibiting misconduct in the securities and commodities markets.
Criminality is still a big roadblock to cryptocurrency’s legitimacy, Bruce Croxon says (Cantech Letter) Cryptocurrencies may be the way of the future but digital currencies like bitcoin and ether still have to shed their links to crime before becoming legit, says Bruce Croxon of Round 13 Capital, who…
Olympic Heights student arrested after Snapchat threat to school (Palm Beach Post) He is the second Palm Beach County teen in as many days to threaten a school, authorities said.