Cyber Attacks, Threats, and Vulnerabilities
North Korean hacking group Covellite abandons US targets (ZDNet) The hacking group specializes in attacks against core energy services.
What’s the frequency, Putin? 5 questions about Russia’s EW capability (C4ISRNET) To understand electronic warfare, we must first understand how Russia has adapted and trained to fight for supremacy of the electromagnetic spectrum.
Russian experts also concerned at increasing cyber-attacks on cryptocurrencies (SC Media UK) Amid widespread use of cryptocurrency globally, the number of cyber-attacks on them has significantly increased both in Russia and Western markets.
Hacker Fail: IoT botnet command and control server accessible via default credentials (NewSky Security) We observed an IoT botnet variant, Owari, which relies on default/weak credentials to hack IoT devices was itself using default…
Scammers Targeting Booking.com Users with Phishing Messages (Security Boulevard) Scammers recently targeted Booking.com customers with phishing messages designed to steal their sensitive financial information. According to The Sun, criminals sent out WhatsApp messages and text messages to customers claiming that a security breach had occurred and that recipients needed to change their passwords. The attack correspondence came with a link that, when clicked, gave … Read More The post Scammers Targeting Booking.com Users with Phishing Messages appeared first on The State of Security.
Polish banks targeted by attackers who hijack customer sessions (PaymentsSource) Rather than hooking into the browser process, BackSwap takes the place of the user and enters the same commands into the browser that a user would if they wanted to hack themselves.
The Con of Social Engineering: Law Firms are Easy Prey (New York Law Journal) A discussion of the threat that social engineering (aka the human side of hacking) poses to law firms and some tips and practical guidelines to reduce its effectiveness.
The Future of Cyber Threats: When Attacks Cause Physical Harm (New York Law Journal) The ability of cyber threats to compromise information systems is an ongoing danger to all organizations. However an emerging threat presents a new challenge—cyberattacks that may cause physical harm to systems and persons. This threat has become acute for certain sectors such as critical infrastructure.
World Cup 2018 Wi-Fi hotspots could be a major security risk (TechRadar) Security researchers warn of cybersecurity issues on a number of Russian Wi-Fi hotspots
Bizarre Chrome and Firefox flaw exposed Facebook details (Naked Security) Researchers have discovered a weakness in the way Chrome and Firefox interact with CSS3 that could have caused them to leak usernames, profile pictures and likes from sites such as Facebook.
This Veteran Became The Face Of Military Romance Scams. Now He's Fighting Back (Task & Purpose) Bryan Denny had just completed a 26-year Army career when he started hearing from women he'd never met, wondering where he'd gone with their money
Security Patches, Mitigations, and Software Updates
Apple Touts Privacy Features of New Operating Systems (SecurityWeek) Apple said new MacOS Mojave and iOS 12 software powering its mobile devices and computers would include features designed to thwart the use of secret trackers to monitor people's online activities.
Apple Just Made Safari the Good Privacy Browser (WIRED) The next version of Safari takes on ad-trackers more aggressively than ever.
Apple Is Testing a Feature That Could Kill Police iPhone Unlockers (Motherboard) Apple’s new security feature, USB Restricted Mode, is in the iOS 12 Beta, and it could kill the popular iPhone unlocking tools for cops made by Cellebrite and GrayShift.
Google Password Protects Pixel 2 Firmware (SecurityWeek) Google has made the firmware of Pixel 2 devices resistant to unauthorized attempts to upgrade it by password protecting it.
Google says fix for ‘weird’ 1975 text message bug is on the way (Naked Security) As of Monday, you could still see recent texts by searching on the string “the1975..com”.
Cyber Trends
The security state of websites of critical suppliers (Panorays) We found that despite the awareness to Web application security, more than 25% of critical suppliers still run old, outdated website content systems.
Cybersecurity: A core component of digital transformation (Help Net Security) In this podcast, Kai Grunwitz, Senior VP EMEA at NTT Security, talks about the NTT Security 2018 Risk:Value Report, and the importance of cybersecurity for a successful digital transformation. Here’s a transcript of the podcast for your convenience. Hello. My name is Kai Grunwitz, and I'm Senior VP EMEA at NTT
IDology Study Reveals Consumer Insights On Digital Identity Fraud, Points To Need For Businesses To Offer Stronger Identity Verification (PR Newswire) IDology, a leader in smart, multi-layered identity verification, today...
To pay hackers' ransom demands or to invest in more security? (Help Net Security) One third of global business decision makers report that their organization would try to cut costs by paying a ransom demand from a hacker rather than invest in information security.
Marketplace
Pressure on DoD to change JEDI cloud approach increases (FederalNewsRadio.com) The General Services Administration potentially could give the Defense Department a detour around what many in industry call a huge mistake with its JEDI cloud procurement.
Another Defense Agency to Tap CIA's Commercial Cloud (Defense One) The U.S. Army’s National Ground Intelligence Agency aims to use secret and top-secret services from the Amazon-developed C2S Cloud.
Companies still finding cybersecurity problems following M&A purchases, says report (SC Media US) Fifty-eight percent out of 100 senior health care executives whose companies were involved in a recent merger or acquisition said in a new survey that their particular organization uncovered a cybersecurity problem with its newly annexed business after the deal was already consummated.
The Skills Employers Do Not Require, and Why (Infosecurity Magazine) Which skills are employers not looking for?
AIG: Data Breaches Made 2017 Worst Year Yet (PYMNTS.com) Following a series of sophisticated cyberattacks, such as WannaCry and NotPetya, AIG received a surge of cyber claims in 2017: The insurer saw as many claims notifications as the previous four years combined, RT reported. “The combination of leaked National Security Agency (NSA) tools, plus state-sponsored capabilities, triggered a systemic event,” Mark Camillo, head of cyber for […]
Booz Allen sees future rich with VR, machine learning opportunities (Washington Technology) Booz Allen might be a 104-year-old firm but its strategy is focused on being leading edge in areas such as virtual reality and machine learning.
Trying to See: Facebook: the National Security Agency with a profit motive? (Tillamook Headlight-Herald) Editor’s note: This is part one of a three-part series about technology and its impact on us: Facebook, May 30; China’s new “social credit” system, June 13 and the Artificial
Fortinet Snaps Up IoT-Focused Security Firm Bradford Networks (CRN) Bradford Networks provides an agentless assessment of all devices accessing the network – including those that are IoT-enabled – and automatically contains the non-compliant ones in real-time.
Qualys Announces Letter of Intent to Acquire Second Front Systems (PR Newswire) Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of...
Duff & Phelps Announces New Business Unit After Completing Kroll Acquisition (BusinessWire) Duff & Phelps has launched its new Governance, Risk, Investigations and Disputes practice
ClearForce Secures Strategic Investment From Centricus (PR Newswire) ClearForce LLC today announces a new round of strategic investment from...
Gigamon Appoints Art Gilliland to its Board of Directors (PR Newswire) Gigamon, Inc. ("Gigamon"), the company leading the convergence of...
Perspecta Announces Leadership Team (WashingtonExec) Perspecta Inc. has announced the formation of its leadership team to coincide with the completion of its separation from DXC Technology Company and commencing trading on the New York Stock Exchange under the ticker symbol PRSP. With 14,000 employees and pro-forma revenues of $4.2 billion, Perspecta helps U.S.
Products, Services, and Solutions
Rookout releases serverless debugging tool for AWS Lambda (TechCrunch) The beauty of serverless computing services like AWS Lambda is that they abstract away the server itself. That enables developers to create applications without worrying about the underlying infrastructure, but it also creates a set of new problems. Without a static server, how do you debug a progr…
HotShot Launches Messaging and Collaboration App for Secure, Compliant Employee Communications (PR Newswire) HotShot today announced their launch, introducing a proven solution...
Privacy Awareness Academy Launches New GDPR "Wake-Up Call" Campaign For Small Businesses (PR Newswire) The Privacy Awareness Academy, (www.PrivacySkills.com) an emerging leader...
Microsoft Launches 'Threat Tracker' in Office 365 Security Service (Redmond Channel Partner) A new 'Threat Tracker' capability is now generally available in Microsoft's Office 365 Threat Intelligence service, the company announced this week.
Recon Perimeter Defense Solution Secure Remote Command & Control (Owl Cyber Defense) For security purposes, some organizations have disconnected or “air gapped” their OT networks
Shift Cryptosecurity Announces BitBox Basecamp, a Hardware Security Platform for Crypto Exchanges (PR Newswire) Shift Cryptosecurity http://www.shiftcrypto.ch a Swiss technology firm...
DISA unveils new streamlined security clearance application to replace e-QIP (FederalNewsRadio.com) The Defense Information Systems Agency plans to fully roll out eApp as a replacement to current Election Questionnaires for Investigations Processing (e-QIP) security clearance system toward the end of the fiscal year.
Rivetz Enhances Security for Blockchain-based Apps with Trustonic - Trustonic (Trustonic) The integration of Trustonic’s technology into the Rivetz platform means that the private keys and instructions in applications can be executed in an area protected from the device’s normal operating system.
Discover all IT assets across your global hybrid infrastructure (Help Net Security) Qualys announced Asset Inventory (AI), a new cloud app that provides customers a single source of truth for IT assets spread across hybrid environments including on-premises, endpoints, clouds and mobile, with synchronization capabilities to Configuration Management Databases (CMDBs) to keep asset data up-to-date.
Egnyte releases one-step GDPR compliance solution (TechCrunch) Egnyte has always had the goal of protecting data and files wherever they live, whether on-premises or in the cloud. Today, the company announced a new feature to help customers comply with GDPR privacy regulations that went into effect in Europe last week in a straight-forward fashion. You can sta…
Vietnam-based telco adapts German cybersecurity tech for customers (Security Brief) Vietnam-based telecommunications provider VinaPhone is offering customers a new way to protect their mobile devices through Secucloud technology.
Technologies, Techniques, and Standards
For first time, OMB can paint the governmentwide cyber risk picture (FederalNewsRadio.com) OMB said it can identify agencies in need of improved management of cybersecurity risk and will work with them to meet government standards.
Facebook defends practice of giving deep data access to device makers (Naked Security) They’re not “outsiders,” Facebook says. They’re part of Facebook, helping to make Facebook play nicely with their devices.
Why the Military Can’t Quit Windows XP (Slate Magazine) For the military, upgrading operating systems isn’t just a hassle: It’s a matter of life and death.
Design and Innovation
Microsoft Adds Post-Quantum Cryptography to an OpenVPN Fork (BleepingComputer) Microsoft has recently published an interesting open source project called "PQCrypto-VPN" that implements post-quantum cryptography (PQC) with OpenVPN. This project is being developed by the Microsoft Research Security and Cryptography group as part of their research into post-quantum cryptography.
Cyberwarriors need a training platform, and fast (Fifth Domain) Given the immense need for a cyber training platform, the military is looking to rapid acquisition vehicles to field capability faster.
Here's IBM's Blueprint for Winning the AI Race (The Motley Fool) Big Blue is laser-focused on serving its core enterprise customers.
Blockchain Immutability ... Blessing or Curse? (Finextra Research) I need to warn you right from the start. If you think that the ‘immutability’ of a blockchain is its...
Research and Development
Quantum Research Puts Expiration Date on Modern Cryptography Methods - Security Boulevard (Security Boulevard) According to many experts, a day of reckoning is coming for modern cryptography as soon as a decade from now, thanks to quantum computing.
Meet 'Norman,' a terrifying, psychopathic artificial intelligence (WFLD) Talk about a pessimistic worldview.
Academia
Forum speaker tells educators how to get children interested in cyber (The Augusta Chronicle) Getting children interested in cybersecurity doesn't require schools to radically change their curriculum or buy expensive computer hardware and software.
Legislation, Policy, and Regulation
NATO’s Most Urgent Pledge Isn’t 2%-of-GDP. It’s Better Cyber Defense. (Defense One) The alliance has made strides toward its 2016 Cyber Defense Pledge. But more must be done, and urgently.
Cyberattacks Are 'Ticking Time Bombs' for Germany (The Atlantic) Its pacifist tradition poses a dilemma for those charged with protecting the country from hackers.
Okta - Why GDPR won’t be a bloodbath (IT Pro Portal) Okta security chief tells us why GDPR will mean changes, but why your company shouldn’t be afraid.
U.S. Lawmakers Target Chinese Interference in New Bill (Foreign Policy) Bipartisan legislation would require an unclassified report on Chinese political influence operations in the United States.
ZTE may need to pay billions to overturn US ban (TechRadar) ZTE's future could soon be secured after Trump intervention
Huawei Slams FCC Efforts to Bar It From Federal Communications Program (Nextgov.com) Government officials say the Chinese telecom poses a hacking threat to national security.
Broadband Leaders Push Back on Proposed Ban on ZTE, Huawei Gear (Bloomberg.com) Trade groups representing the leading American broadband and wireless providers told the the Federal Communications Commission to go slow as it weighs banning the use of federal subsidies to purchase gear from Huawei Technologies Co. and ZTE Corp.
Huawei Faces Security Backlash in Australia (Light Reading) The Chinese equipment vendor is deemed a security threat by some Australian politicians.
Federal Agencies Respond to 2017 Cybersecurity Executive Order (SecurityWeek) The State Department, the Department of Homeland Security, the Department of Commerce, and the Office of Management and Budget issue reports in response to the 2017 cybersecurity executive order
Federal Agencies Face an Uphill Battle in Cyber-Preparedness (Threatpost) In the wake of the elimination of the federal cybersecurity czar position, it turns out that three-quarters of agencies are unprepared for an attack.
Trump’s lack of cyber leader may make U.S. vulnerable (POLITICO) Experts and lawmakers worry the nation is rudderless on the vital issue of cybersecurity.
Challenges of a National 72-Hour Data Breach Notification Standard (New York Law Journal) Facebook CEO Mark Zuckerberg testified before Congress last month regarding Cambridge Analytica’s unauthorized use of data of an estimated 87 million…
Is the Pentagon taking over security clearances a good idea? (Washington Business Journal) The plan calls for the Defense Department to oversee all background investigations involving its military and civilian employees and contractors and eventually have the authority to conduct security reviews for nearly all other government agencies.
The Biometric Standards: How New York Measures Up in the Face of Biometric Use Regulations (New York Law Journal) Although New York has yet to enact legislation regarding the use of biometric identifiers and information (i.e. facial recognition retinal scans etc.) a recent legislative proposal and the statutes and regulations of other jurisdictions provide valuable guidance to New York businesses regarding permissible practices.
Stephen Fogarty takes lead of Army Cyber Command (Fedscoop) The lieutenant general takes over for Paul Nakasone, who moved up to head the NSA and U.S. Cyber Command.
Litigation, Investigation, and Law Enforcement
US arrests man for trying to spy for China (BBC News) The FBI detains a former US Defense Intelligence Agency officer on his way to catch a flight to China.
The FBI calls Chinese spies in the US a 'whole of society threat' — here's how to protect yourself (Business Insider) China is a wide and diverse nation, but its leadership, the Chinese Communist Party, takes steps to secure its interests that may shock those from open societies in the West.
Did Facebook allow Chinese firms ZTE and Huawei to access user data? A lawmaker wants to know. (Washington Post) A top lawmaker in the U.S. Congress is questioning whether Facebook allowed two Chinese telecommunications firms with alleged ties to their country’s government to harness data about the social network’s users, potentially subjecting their personal information to new privacy and security risks.
Facebook/Cambridge Analytica 'the canary in the coalmine of a new Cold War', says whistleblower Wylie (Computing) Whistleblowers, journalists and the ICO addressed the European Parliament on Monday
Kaspersky is refusing to back down over the US government’s ban (NS Tech) Kaspersky Lab has pledged to "vigorously pursue" its appeal rights after a judge ruled that a ban on the use of its products by US federal agencies was constitutional. The Trump administration imposed
Cyber attack on Atlanta's network wiped out critical police evidence (Atlanta Journal Constitution) Local attorneys say they’re concerned after finding out the cyber attack on the city of Atlant...
Masterminds behind prolific CEO fraud ring arrested (Help Net Security) It took two years and a collaborative effort of French, Belgian, Romanian and Israeli law enforcement agencies to take down an organised crime group that was behind at least 24 cases of CEO fraud across Europe, Europol has announced.
When the FBI Can Help Companies Deal With a Cyber Event (New York Law Journal) Many companies neglect to reach out to the FBI following a cyber incident turning instead to law firms and cybersecurity firms alone. This might be a mistake considering the practical assistance the FBI can provide to targets of a cyber attack.
Paul Manafort Accused of Witness Tampering in New Mueller Filing (New York Law Journal) The special counsel in the Russia probe is requesting a hearing to ask federal judge to revoke or revise the former Trump campaign chairman’s pretrial release.
The Question MSNBC Won’t Answer: Did Joy Reid Lie? [VIDEO] (Daily Caller) 'And frankly it reminds me of the Anthony Weiner issue'