Cyber Attacks, Threats, and Vulnerabilities
The VPNFilter Botnet Is Attempting a Comeback (BleepingComputer) The VPNFilter botnet that was built by Russian cyberspies, which infected over 500,000 routers, and was taken down last week by the FBI is attempting a comeback, according to telemetry data gathered this week.
New internet accounts are Russian ops designed to sway U.S. voters, experts say (McClatchyDC) A new Russian website in English appears to mirror activity of earlier firm that FBI says was Kremlin tool to influence the 2016 U.S. election.
Rabid squirrels, mosquito invasions: Russia’s new internet offensive (South China Morning Post) Offbeat articles on mystery website may be Moscow’s latest assault on American democracy, a US internet security firm claims
Sigrun Ransomware Author Decrypting Russian Victims for Free (BleepingComputer) The author of the Sigrun Ransomware is providing decryption for Russian victims for free, while asking for a ransom payment of $2,500 in Bitcoin or Dash for everyone else.
Satan Ransomware Spawns New Methods to Spread (AlienVault) Today, we are sharing an example of how previously known malware keeps evolving and adding new techniques to infect more systems.BleepingComputer first reported on Satan ransomware in January 2017.
How Mirai spawned the current IoT malware landscape (Help Net Security) Even before the attack against Dyn, Mirai botmasters released the malware's source code in an attempt to muddy the waters. As expected, other malicious actors took it and used it as a base for many malware variants targeting IoT devices.
Success of Mirai Variants Highlights Security Dangers (Infosecurity Magazine) Netscout Arbor report details how black hats are building on Mirai code
As banking Trojans outpace ransomware, financial-services attacks regain their currency (CSO) Banking Trojans were a more common email payload in the first quarter of this year than ransomware, according to new figures that reflect a tactical shift that has security experts warning of a resurgence of financial cybercrime.
Researchers uncover new exploits in voice-powered assistants like Amazon Alexa or Google Assistant (CRN Australia) New potential attack methods identified.
Playing nice? FireEye CEO says U.S. malware is more restrained than adversaries' (Cyberscoop) Researchers can see public policy elements when analyzing nation-state malware, and FireEye's CEO says if it's more restrained it's often from the U.S.
The US creates 'nice' malware. In other news, the sun sets in the east... (iTWire) A statement by the head of security firm FireEye that US government spooks produce "nice" malware when compared to that of other states has been repor...
IE Zero-Day Adopted by RIG Exploit Kit After Publication of PoC Code (BleepingComputer) An Internet Explorer zero-day vulnerability that came to light last month has now been incorporated in the RIG exploit kit, a web-based toolkit that malware authors use to infect a site's visitors with malware.
Researchers Warn of Microsoft Zero-Day RCE Bug (Threatpost) A Microsoft Windows vulnerability enables remote attackers to execute arbitrary code – and there’s no patch yet.
Tens of Vulnerabilities Found in Quest Appliances (SecurityWeek) A total of more than 60 vulnerabilities, including many command injection flaws, have been found by researchers in disk backup and system management appliances from Quest
SpamCannibal comes back to life, starts spam-blocking everyone (Naked Security) SpamCannibal returns from the dead to fail all spam queries sent to it – essentially telling you to “block the world”.
FUD Crypters Recycling Old Malware (SecurityWeek) The FUD crypter service industry is giving a second life to a lot of old and kind-of-old malware, which can be pulled off the shelf by just about anybody with confused ethics and a Bitcoin account.
Visa denies system crashed after cyber attack, blames hardware (International Business Times UK) Visa says computer systems now operating at 'full capacity' after major disruption inflicts payment chaos on stressed out customers.
Widespread Google Groups Misconfiguration Exposes Sensitive Information (Kenna Security) Summary A widespread misconfiguration in Google Groups for organizations utilizing G Suite was recently investigated and reported to Google by the Kenna Security Research Team. This blog post provides information about the misconfiguration, details on how to find and address it, and an overview of the impact on affected organizations.
Browser Side-Channel Flaw De-Anonymizes Facebook Data (Threatpost) An attacker can pick up the profile picture, username and the "likes" of unsuspecting visitors who find themselves landing on a malicious website.
Don’t Use Software to Spy on Your Spouse (Motherboard) Reason’s “To Spy on a Cheating Spouse” explains a practice that harms thousands of women who are surveilled by their partners.
Mobile users ignore shady app permissions at their own risk, warns NY State Cyber Command (SC Media US) Mobile users who download untrustworthy apps on their phone often agree to dangerous permissions requests that give attackers essentially unfettered access to their devices' data and functions -- as demonstrated yesterday by two New York State Cyber Command employees at SC Media's RiskSec NY 2018 conference.
TSB Privacy Snafu as Letters Sent to Wrong Customers (Infosecurity Magazine) Letters acknowledged recent IT incident, but leaked PII of others
Customer Data Flies Away with Ticketfly Hacker (Infosecurity Magazine) A hacker blames poor security for defacing Ticketfly homepage--and they're not sorry.
CEO lodges complaint over mysterious cyber attack on company’s server (Deccan Herald) Police suspect business rivalry or a disgruntled employee
Security Patches, Mitigations, and Software Updates
Tesla can change so much with over-the-air updates that it’s messing with some owners’ heads (The Verge) Praise for a recent software fix to the Model 3’s braking is met with worry that different update slowed some customers’ cars
RSAT Will Automatically Be Reinstalled After New Updates in Next Windows 10 Version (BleepingComputer) In Windows Insider Preview build 17682, Microsoft has made the Remote Server Administration Tools (RSAT) an on-demand software feature. What this means is that once you install RSAT in Windows 10, it will be automatically reinstalled when you install a future operating system update.
Microsoft releases new firmware update for Surface 3 to fix potential security vulnerabilities (MSPoweruser) Microsoft surprised everyone today by releasing a new firmware update for Surface 3 device which was released more than 3 years back. There’s a new firmware for Surface UEFI on devices with Windows 10 Version 1703 (Creators Update) and above that fixes potential security issues, including Microsoft security advisory 180002. For Surface 3 units with …
WordPress Disables Plugins That Expose e-Commerce Sites to Attacks (SecurityWeek) Researchers discover vulnerabilities in ten WordPress plugins made by Multidots for WooCommerce e-commerce websites. WordPress disabled many of them after the developer failed to release patches
Apple security updates, iOS and macOS now support Messages in iCloud (Help Net Security) It’s time to update your Apple devices and software again: the company has pushed out security updates for macOS, iOS, watchOS, tvOS, Safari, and iCloud and iTunes for Windows. It has also introduced Messages in iCloud in iOS and macOS.
Cyber Trends
Aussie cyber security spend surged last year (ARN) A majority of organisations in Australia and New Zealand increased their security spend by up to a third last year, new industry research suggests.
Marketplace
Exclusive: U.S. may soon claim up to $1.7 billion penalty from ZTE (Reuters) The Trump administration may soon claim as much as $1.7 billion penalty from ZTE Corp , as it looks to punish and tighten control over the Chinese telecommunications company before allowing it back into business, according to people familiar with the matter.
US and China work on ZTE rescue; Mnuchin denies quid pro quo (AP via WPXI) The United States and China are working toward an agreement that would ease U.S. sanctions that were imposed on ZTE Corp. and let the Chinese telecommunications giant stay in business.
TIA Backs FCC Banning ZTE, Huawei From USF Funds (Multichannel) Says targeted sanctions are appropriate for security risks
Current outcry over Huawei Canada’s R&D investments creates impression Chinese company's doing something sinister, but it's not - The Hill Times (The Hill Times) Attracting such R&D branch plants is Canadian policy and Prime Minister Justin Trudeau, pictured last week on the Hill, has gone out of his way to court tech companies such as Amazon, Apple, Microsoft, Alphabet/Google and Alibaba. The Hill Times photograph by Andrew Meade
Fujitsu teams up with Vault Systems to go after government cloud (ZDNet) The Protected Cloud product will offer software-, infrastructure-, backup-, and desktop-as-a-service to government users.
Google bins military contract after staff unrest: source (CRN Australia) Employees sign petition in protest of drone analytics project.
Military Contracts Are the Destiny of Every Major Technology Company (Motherboard) Google said it won’t renew its Project Maven contract, but that doesn’t mean its leaving the war business.
Five defense firms in top 25 for cyber security (Military & Aerospace Electronics) Five U.S. defense contractors are among the world's top 25 cyber security and trusted computing companies, say analysts at market researcher Cybersecurity Ventures in Northport, N.Y. Among the world's top 25 cyber security companies are the Raytheon Co., Lockheed Martin Corp., BAE Systems, Booz Allen Hamilton, and Northrop Grumman Corp., Cybersecurity Ventures experts say in their Cybersecurity 500 List, 2018 Edition, released in May.
'Techsploitation' Demonstrators Blocked Google and Apple Buses With Scooters (Motherboard) Activists in San Francisco used scooters and tech buses to protest the industry’s presence in the city.
Microsoft has acquired GitHub for $7.5B in stock (TechCrunch) After a week of rumors, Microsoft today confirmed that it has acquired GitHub, the popular Git-based code sharing and collaboration service. The price of the acquisition was $7.5 billion in Microsoft stock. GitHub raised $350 million and we know that the company was valued at about $2 billion in 20…
GitHub users are already fuming about the company's sale to Microsoft (Quartz) While Microsoft has embraced open-source software since Satya Nadella took over as CEO, many GitHub users distrust the tech giant.
Cyberbit Raises $30 Million Investment From Claridge Israel (PRNewswire) Cyberbit Ltd., a subsidiary of Elbit Systems Ltd., and a world leading provider of cyber range training and simulation platforms, and provider of IT/OT threat detection and security orchestration, today announced a US $30 million investment from Claridge Israel, to accelerate growth, and accommodate the rising demand for its Cyberbit Range product and its entire security portfolio.
Former SoftBank Executive Nikesh Arora to Run Palo Alto Networks (Wall Street Journal) Palo Alto Networks is naming former SoftBank president and operating chief Nikesh Arora as its next chairman and chief executive, a surprising decision that follows years of rapid growth for the cybersecurity company.
Meet The Women Launching Europe's First All-Female Cyber Security Conference (Forbes) After the RSA conference launched featuring an astounding lack of female speakers, BAE Systems’ Kirsten Ward and Saher Naumaan are hoping to buck the norm with a new event, RESET - which they claim is the first of its kind.
Former Reuters Risk Exec Joins Crypto Compliance Startup (CoinDesk) Thomson Reuters's former head of World-Check, Greg Pinn, is the new head of product strategy for iComply.
Products, Services, and Solutions
GDPR Solutions: Cybersecurity Vendors Offer New Compliance Products (eSecurity Planet) GDPR is here, and cybersecurity vendors are responding with privacy and security compliance solutions.
Coalition Announces Cyber Insurance for Smart Buildings: Comprehensive Coverage for Real Estate Developers and Property Managers (PR Newswire) Coalition, the leading technology-enabled cyber insurance solution, today...
Zingbox and Nuvolo Create Healthcare Partnership to Mitigate IoT Cyber Security Threat (GlobeNewswire News Room) Innovative capabilities to discover, secure and optimize IoT devices integrated with a modern data, workflow and orchestration platform for enhanced cyber security threat mitigation
CloudPost Networks and Nuvolo Create Healthcare Partnership to Reduce Medical Device Cyber Security Risk (GlobeNewswire News Room) Inventory identification, intelligence and protection integrated with a modern data, workflow and orchestration platform for cyber security risk reduction
Nuvolo and Asimily Launch Integrated Healthcare Platform to Address Operating Technology Cyber Security Risk (GlobeNewswire News Room) Inventory identification, cyber-risk prioritization, intelligence and protection integrated with a modern data, workflow, and orchestration platform for medical device cyber security risk mitigation
Technologies, Techniques, and Standards
After a Major Cyber Attack, Does the Public Deserve an Explanation? (Route Fifty) The ransomware that crippled Atlanta raises unanswered questions about how to communicate with citizens after a cyber-attack.
Organisations can't just flirt with their disaster plan (SC Media UK) A cyber-disaster plan must not only be designed to keep an organisation or business functioning in the wake of a cyber-attack, but also must be practiced.
Duck, cover, and reboot your router? Why the FBI’s new warning is no joke (Digital Trends) The FBI has discovered up to 500,000 home or office routers could be vulnerable to a dangerous cyberattack. According to experts, there are a couple of important factors that make this malware an unprecedented situation. But can resetting your router really prevent a major cyberattack?
5 Tips for Protecting SOHO Routers Against the VPNFilter Malware (Dark Reading) Most home office users need to simply power cycle their routers and disable remote access; enterprises with work-at-home employees should move NAS behind the firewall.
The Role of Automated Asset Management in Industrial Cybersecurity (Infosecurity Magazine) How automated asset management can aid industrial cybersecurity.
How free software tools fit into the modern cyber theater (Fifth Domain) Free tools make it possible to bring a basic level of cybersecurity to every computer network and, in the process, help feds.
Here’s how a Pentagon cybersecurity expert imagines the U.S. could respond to a North Korean cyber attack (Recode) Eric Rosenbach asks us to role-play.
An Inside Look at OpenStack Security Efforts (eSecurity Planet) OpenStack is a widely used open-source cloud platform, but isn't secure by default. OpenStack experts reveal what is needed to make your cloud secure.
Design and Innovation
Facebook Is Killing Trending Topics (WIRED) The social network announced it was getting rid of the feature, which was the source of numerous scandals.
Crime Fighting Gets High-Tech Advances (WIRED) Beyond big data, officers are increasingly turning to software and predictive analytics from companies like Palantir to anticipate when and where misdeeds are likely to occur.
Research and Development
Quantum computers and the unbreakable lattice (ZDNet) Our public/private key encryption security will one day be easily broken by quantum computers -- the lattice will protect our secrets.
On the Origins of Memes by Means of Fringe Web Communities (Arxiv.org) Internet memes are increasingly used to sway and possibly manipulate public opinion, thus prompting the need to study their propagation, evolution, and influence across the Web.
Legislation, Policy, and Regulation
NATO, EU to tackle cyber threats (New Europe) NATO has to take the necessary steps to protect the alliance from external cyber threats from other countries but also weaknesses within NATO, General John Allen told a closed on the record briefing at the GLOBSEC Forum in Bratislava. Asked by New Europe if NATO is identifying specific countries as potential threats
A war in cyberspace is already raging and could lead to 'armageddon' if banks get hit (Business Insider) A war is being fought in cyberspace with “ones and zeros” instead of bullets and too-big-to-fail banks are major targets, experts with cyber security and intelligence backgrounds have told Business Insider.
5 ways to combat international cyber threats (Fifth Domain) The Department of State in a May 2018 report pledged to pursue five goals for promoting internet freedom and establishing norms in cyberspace.
US, China should work together on a rules-based order: Ng Eng Hen (The Straits Times) Both the United States and China are deviating from global norms and acting on their own to protect their core interests, but this challenges the status quo Asia has benefited from, said Defence Minister Ng Eng Hen on Sunday (June 3) at the Shangri-La Dialogue.. Read more at straitstimes.com.
Australia considers Huawei 5G ban over security concerns (Financial Times) Chairman John Lord hits back after MP claims telecoms group was controlled by Beijing
GOP lawmaker: Trump’s ZTE deal ‘put a price tag on national security' (Washington Examiner) President Trump’s decision to ease sanctions on a Chinese tech company was tantamount to putting a "price tag on national security,” according to a Republican lawmaker.
This is why the Pentagon is taking over security clearance checks (Military Times) The Defense Department is poised to take over background investigations for the federal government, using increased automation and high-tech analysis to tighten controls and tackle an enormous backlog of workers waiting for security clearances, according to U.S. officials.
Donald Trump to Name Douglas Fears as White House Homeland Security Adviser (Wall Street Journal) President Donald Trump will name Rear Adm. Douglas Fears as his new homeland security adviser, the latest reshuffling to occur within the White House National Security Council.
No one better to lead on cybersecurity than a White House coordinator (TheHill) On the same day that the White House announced that the cybersecurity coordinator position on the National Security Council (NSC) was eliminated, the Department of Homeland Security unveiled its new cybersecurity strategy.
Litigation, Investigation, and Law Enforcement
US expects fallout from Snowden leaks for years to come (The Seattle Times) Whistleblower or traitor, leaker or public hero? National Security Agency contractor Edward Snowden blew the lid off U.S. government surveillance methods five years ago, but intelligence chiefs complain that revelations from the trove of classified documents he...
When the FBI Can Help Companies Deal With a Cyber Event (New York Law Journal) Many companies neglect to reach out to the FBI following a cyber incident turning instead to law firms and cybersecurity firms alone. This might be a mistake considering the practical assistance the FBI can provide to targets of a cyber attack.
Homeland Security detected signs of cell phone spying in Washington DC (The Verge) IMSI catchers could have been used in proximity to ‘potentially sensitive facilities like the White House.’
MONEYVAL’s annual report: money laundering risks are increasing (Council of Europe) The Council of Europe anti money laundering and counter terrorist financing body MONEYVAL has just published its General Activity Report for 2017.
Leak suspect Winner reaches year in custody (The Augusta Chronicle) A year ago as President Donald Trump labeled the allegations of Russian interference in the 2016 election as fake news, a young woman working for a
Samsung doesn't have to offer updates for phones older than two years (Help Net Security) Dutch consumer protection organization Consumentenbond took Samsung Netherlands to court, arguing that the company should provide timely updates and upgrades for their telephones, "for a period of four years after the introduction to the market and/or two years after the time of the sale."
‘Putin's private foundation,’ spies, and a killer-monk (Meduza) The man who allegedly ordered Arkady Babchenko's murder says was working for Ukrainian counterintelligence all along
'Dead' Russian Journalist Arkady Babchenko Is Alive and Well. Does Faking His Murder Help or Hinder Ukraine’s Credibility? (Atlantic Council) On May 29, the media reported that Russian journalist and Putin critic Arkady Babchenko had been assassinated in Kyiv. He reportedly died in an ambulance on the way to the hospital. On May 30, Babchenko appeared at a press conference, alongside the...
Faulty Chinese spy technology may help convict former CIA officer of espionage (Washington Post) The phone the Chinese intelligence operatives gave Kevin Mallory was a specialized spy gadget. If it had worked like it was supposed to, he might be a free man today.
The Curious Case of Bryan Colangelo and the Secret Twitter Account (The Ringer) A collection of Twitter accounts that has criticized Joel Embiid and Markelle Fultz, disclosed sensitive information, and outlined team strategy shares eye-opening similarities. What does that have to do with the Philadelphia 76ers’ decision-maker?
Azerbaijan Court Rejects RFE/RL's Appeal Against Website Blockage (Radio Free Europe | Radio Liberty) A court in Baku has rejected an appeal by RFE/RL's Azerbaijani Service against the blockage of its website, azadliq.org, backing a move that has been condemned by rights groups and Western governments.
