Cyber Attacks, Threats, and Vulnerabilities
Chinese hackers 'targeting South Korea ahead of US-North Korean summit' (The Independent) 'We expect this targeting to continue at an increased pace'
North Korea Relies on American Technology for Internet Operations (Recorded Future) This analysis by Recorded Future's Insikt Group reveals the overwhelming presence of American hardware and software on North Korean networks and in daily use by senior North Korean leaders.
The West Still Isn’t Prepared to Stop Russia Meddling in Our Elections (POLITICO Magazine) It’s not just the United States—European countries aren’t ready, either.
Cyberattack on banks in Mexico and the challenges to cybersecurity (WeLiveSecurity) Several days after the cyberattack on banks in Mexico, we analyzed some questions left by the incident and other issues with the aim of understanding what are some of the challenges facing the financial industry and cybersecurity.
Zero to Account Takeover: How I ‘Impersonated’ Someone Else Using Auth0 (Blog | Imperva) There’s a fine line between an unintended use and a bug; this was my conclusion after taking a look at Auth0, an identity-as-a-service offering with 2000 enterprise customers.
Zip Slip vulnerability affects thousands of projects (Help Net Security) Zip Slip, an arbitrary file overwrite vulnerability that can be exploited by attackers to write arbitrary files on a target system, affects a myriad of projects and multiple ecosystems.
Sophisticated keyloggers target the finance industry (Help Net Security) Lastline found three separate strains of keylogger malware that are currently targeting finance. The share of malware samples that display all four of the key advanced malware behaviors was 20 percent higher than the global average.
Malicious Chrome & Edge extension drops backdoor and spy on users (HackRead) A Google Chrome and Microsoft Edge browser extension that is distributing backdoor to steal information from the browser as well as a spy upon the user.
In World Cup Russia, our Wi-Fi networks will log on to you! (Register) Researchers warn of shady hotspots in host cities
Cryptocurrency Mining Botnets Are Becoming An Epidemic (CoinCentral) Cybercriminals are ingenious folk.
Cryptocurrency exchange Bitfinex briefly halts trading after cyberattack (CNBC) Cryptocurrency exchange Bitfinex shut down briefly Tuesday morning after a cyber attack on the platform.
Melbourne Microsoft partner Software Objectives hit with ransomware attack (CRN Australia) Came in by way of a suspicious hyperlink.
Malware hits HR software firm PageUp with possible data compromise (ZDNet) The company said the malware attack has potentially exposed the names and contact details of its clients, such as Telstra.
MyHeritage Genealogy Site Announces Mega Breach Affecting 92 Million Accounts (BleepingComputer) Family genealogy and DNA testing site MyHeritage announced on Monday a security breach during which an attacker made off with account details for over 92 million MyHeritage users.
Facebook Gave Device Makers Deep Access to Data on Users and Friends (New York Times) The company formed data-sharing partnerships with Apple, Samsung and dozens of other device makers, raising new concerns about its privacy protections.
Did Facebook Give Data to China's Phone Makers? (Fortune) A U.S. senator is pressing the company
Facebook Confirms Data-Sharing Deals With Chinese Tech Firms (Wall Street Journal) Facebook said it struck data partnerships with at least four Chinese electronics firms, including Huawei, which U.S. officials view as a potential tool for state-sponsored spying.
Facebook allowed Chinese firm charged as a national security threat to access user data (Washington Examiner) Facebook allowed a Chinese firm charged by the federal government as a national security threat to the U.S. to access to user information, sometimes without the consent of the individual.
Apple Requested 'Zero' Personal Data In Deals With Facebook, CEO Tim Cook Says (NPR.org) "We've never been in the data business," Cook tells NPR. He was responding to a report that Facebook struck deals giving Apple and other device makers access to Facebook users' personal information.
Explainer: why Chinese telecoms participating in Australia's 5G network could be a problem (The Conversation) Australia's willingness to include Huawei and ZTE in its 5G mobile infrastructure should be based on a rational analysis of risks. We take a look at current and past court cases brought against them.
Researcher Succesfully Hacked In-Flight Airplanes - From the Ground (Dark Reading) IOActive researcher will demonstrate at Black Hat USA how satellite equipment can be 'weaponized.'
KnowBe4 Research Finds Outdated Tools Like Spreadsheets Still in Use Posing Compliance and Financial Risks (Benzinga) One-third of organizations maintain more than 25 published policies and more than two-thirds maintain more than five policies
TAMPA BAY, Fla. (PRWEB) June 05, 2018
KnowBe4,...
Security Patches, Mitigations, and Software Updates
Medigate: Identify and Secure Connected Medical Devices (Medigate) Protect patient safety and privacy from malware, ransomware and advanced cyber-attacks targeting networked medical devices.
iOS 12 users must unlock their iPhones every hour to maintain USB connections (AppleInsider) Apple has enhanced the USB Restricted Mode feature in the first beta of iOS 12, requiring users to unlock their iPhone once an hour to allow data transfers via the Lightning port, in an attempt to protect user data stored on iOS devices from acquisition by unlocking services employed by law enforcement officials.
I'll Believe Apple Is Killing Cops' Anti-Encryption Tools When They Actually Do It (Gizmodo) Among the blizzard of news bits from Apple’s WWDC, a much-anticipated feature has returned to the beta for iOS 12: a mode for keeping the FBI and other snoopers out of your phone. The feature has come and gone in the past, but it’s looking more real and better than ever this time around. Still, I’ll believe it when it’s actually live.
Cyber Trends
Malware or non-malware attacks - which are the greatest threat? (Computing) Look at the attacker, not the tool say security experts,Threats and Risks ,Cyber security,Carbon Black,Saunderson House,Cyber Security Operations Centre
DevSecOps is maturing, 62% of organizations have a team in place (Help Net Security) DevSecOps provides the opportunity to re-work application security processes to align with the rise of cloud-native application development and a much more security-minded business culture.
Key challenges and frustrations of SOC workers (Help Net Security) Technology challenges, hiring and staffing issues, processes and pain points, as well as finance and funding difficulties have the potential to limit the ability of SOCs to tackle ever increasing volumes of security alerts and potential cyber attacks, a new Exabeam report shows.
The harsh realities of endpoint management (Help Net Security) 88 percent of IT professionals acknowledge the importance of endpoint management, yet 30 percent don’t know how many they have. LogMeIn released findings of a new global report revealing current market trends and business threats driving the need for IT professionals to make endpoint management a priority.
Most businesses still struggling with mobile working and security (Help Net Security) 95 percent of surveyed organisations in the UK recognise problems with mobile and remote working, and worryingly, 18% suggest their mobile workers don’t care about security, according to Apricorn.
American Cybercrime: The Riskiest States in 2018 (Webroot Blog) Webroot analyzed all 50 U.S. states and Washington, D.C., ranking them from the riskiest states to the least riskiest on their cyber hygiene habits. Read our findings to better understand the online behaviors that can put you at risk.
UK businesses overlook external providers when developing cyber strategies (Help Net Security) Large businesses in the UK could be falling short when it comes to assessing the cyber resilience of external providers within their supply chain network, according to new research.
Marketplace
The industry reacts to Microsoft’s acquisition of GitHub (SD Times) The industry reacts to the news of Microsoft acquiring GitHub for $7.5 billion.
What Microsoft's GitHub acquisition means for cybersecurity (Axios) The code repository holds the keys to some important censorship-defeating tech.
How Will Microsoft Handle GitHub's Controversial Code? (WIRED) The tech giant will officially acquire the legendary developer platform. The question now is what happens to some of the code it hosts.
Google bid against Microsoft for GitHub: report (CRN Australia) Microsoft won out by paying 25 times GitHub's annual revenue.
US Government Agencies Struggle to Address Cybersecurity Workforce Challenges (Security Intelligence) U.S. cybersecurity recruiting and retention practices need an overhaul.
CACI locks $407 million CDM DEFEND contract with DHS (FedScoop) CACI International will help provide cybersecurity services for the Department of Homeland Security’s next iteration of its Continuous Diagnostics and Mitigation program.
SolarWinds Files for Initial Public Offering (IPO) (ChannelE2E) SolarWinds files for potential IPO (initial public offering). It could be a bellwether event for MSP software and IT service management companies.
Ottawa firm acquisition will help Calian deliver ‘cyber resilience’ to public and private sectors (Computer Dealer News) Looking to compete with the big players nationally, Calian Group Ltd. has acquired Canadian IT and cyber security firm Secure Technologies International. Calian,
EOS Cryptocurrency Bugs Made This Hacker Richer by $120K In A Week (BC FOCUS) Security flaws and bugs are associated with some of the big names in <strong>cryptocurrency</strong> space. Finding bugs can make you richer if you have the skills.
Forcepoint looks for channel growth with Nuvias (MicroscopeUK) The security vendor has added to its distie roster choosing the pan-European player to support growth ambitions
A dozen companies are representing Maryland at a big European cybersecurity conference (Technical.ly Baltimore) The group is in London for InfoSec Europe as Maryland looks to establish more international ties in cybersecurity.
Forcepoint Appoints Kevin Isaac as Chief Revenue Officer (Data Quest) Forcepoint has announced Kevin Isaac has been appointed as Chief Revenue Officer (CRO), expanding on the company’s commitment to drive a human-centric security approach across the globe.
Products, Services, and Solutions
CrowdStrike announces $1m cyber protection warranty (CRN) 'It's clear the industry can benefit from more accountability', Crowdstrike CEO claims
Verizon expands cybersecurity services (RCR Wireless News) Verizon is expanding its managed cybersecurity offerings, dipping into threat-related data it collects across its own network to inform "cyber-situational awareness" for enterprise customers.
ERP Maestro Introduces Solutions for Complete Access Compliance from the Cloud at SAPPHIRE NOW® (PR Newswire) ERP Maestro, provider of innovative, cloud-based solutions for companies...
Panorays Emerges from Stealth Mode to Transform the Way Companies Interact with Partners and Suppliers on their Security Posture (GlobeNewswire News Room) Focused on Transparency and Collaboration, Panorays Reduces Critical Security Evaluation Process Timeline from Six Months to Less Than 72 Hours
Cofense launches new cloud security service, CloudSeeker, to address security risks around shadow IT (Cofense) Free tool gives enterprises visibility into cyber exposure caused by the proliferation of cloud services and ability to tackle the visibility gap caused by unsanctioned IT
CenturyLink selected as an authorized internet service provider by national coalition of research and education networks (PR Newswire) CenturyLink, Inc. (NYSE: CTL) announced today that it has been selected as...
STEALTHbits Introduces a New Level of Operational and Security Intelligence with the Launch of STEALTHbits Activity Monitor 3.0 (GlobeNewswire News Room) STEALTHbits Technologies Inc., a cybersecurity software company focused on protecting an organization’s sensitive data and the credentials attackers use to steal that data, today announced the release of STEALTHbits Activity Monitor 3.0.
Corelight Expands Product Portfolio With New Network Visibility Sensors (GlobeNewswire News Room) New models cover any site from branch offices to the largest data centers; company also releases software to improve manageability and threat intelligence capabilities
MediaPRO Launches Cybersecurity and Privacy Awareness Content Delivery Platform (PR Newswire) Tapping more than 25 years of experience in creating effective...
How to Secure Public Cloud and DevOps? Get Unified Visibility. (Tenable™) One of the most transformative changes in the IT industry over the last decade has been the adoption of public cloud (IaaS) services such as AWS, Azure and GCP.
Alcide Announces Its Native Integration With Amazon's EKS (PR Newswire) Alcide, provider of the full-stack cloud native security platform,...
Qualys streamlines supply chain GDPR compliance assessment with cloud app (Help Net Security) Qualys announced new functionality in its Security Assessment Questionnaire (SAQ) cloud app that allows customers to better achieve visibility of data across their own network and supply chain for compliance with the European Union’s General Data Protection Regulation (GDPR).
SAP Partners with Capgemini, Deloitte, and Accenture to Speed Customer Adoption of SAP S/4HANA Cloud (ReadITQuik) Together, the four companies plan to build innovative solutions to enable the promise of the intelligent enterprise. With SAP S/4HANA Cloud, SAP’s flagship intelligent ERP solution, will enable customers to reap benefits of differentiated industry capabilities as well as fast innovation cycles.
StrongVPN Debuts Amazon App With Fire TV Optimization (WTOL) StrongVPN, one of the most experienced and trusted VPN service providers in the industry, has released its Fire TV app.
whiteCryption’s Secure Key Box (SKB) Adds Speck Lightweight Cryptography to Protect IoT Devices From Hacks (Odessa American) whiteCryption, a subsidiary of Intertrust Technologies Corporation, the inventor of Digital Rights Management (DRM), today announced that its latest version of whiteCryption Secure Key Box™ (SKB) 5.13.0 includes the Speck lightweight block cipher. Speck is suitable for IoT devices due to its small memory and code footprint. Applications that use SKB can now exchange data with IoT devices that use Speck.
Simplify the Development of Secure Connected Nodes Using Cryptography-Enabled Microcontroller with DICE Architecture (Microchip) Easily create secure connected devices with new development kit for Microsoft Azure
Fortinet Becomes First WAF Vendor Using Machine Learning | INN (Investing News Network) According to its announcement on Tuesday (June 5) Fortinet has officially become the first major vendor to use machine learning for behavioral-based threat detection.
Beat the Odds: Why It’s Not Too Late To Start GDPR Compliance (Security Boulevard) After several years in the making and a tidal wave of press coverage, the long-awaited EU General Data Protection Regulation (GDPR) finally came into force on May 25. And we’re all still here. But even if you still haven’t got your compliance house in order, it’s not too late.
Synack offers free penetration testing for election systems ahead of 2018 midterms (Cyberscoop) Redwood City, Calif.-based Synack announced Tuesday its offering free crowdsourced remote penetration testing services to state and local governments until November.
IBM offers SaaS solution for companies on the hunt for GDPR data (ZDNet) The service aims to help the enterprise uncover where data is stored and address any issues related to GDPR compliance.
Cryptocurrency Trading Platform Blockbid Separates from the Pack to Stop Fraudsters and Money Launderers (PR Newswire) Blockbid makes its "Trade with Confidence" vision a reality by doubling down on network fortification, leveraging the...
Technologies, Techniques, and Standards
Cybersecurity Professionals Practicing Double Standard When It Comes to Reporting Incidents/Breaches (PR Newswire) Thycotic, a provider of privileged access management (PAM) solutions for...
Protect against IoT device hacking (IoT Agenda) Find out what steps enterprises can take to secure connected devices and mitigate IoT device hacking.
The Multi-Million Dollar Question: Who owns cloud security? (Bricata) The cloud is changing the way enterprises need to think about security because they don’t have the same visibility. Enterprises can go all cloud, all on-premise, or use a cloud hybrid approach and each comes with unique security challenges. #cloudsecurity #networksecurity
Move over nerds, grunts are learning signals intelligence (Marine Corps Times) Grunts are learning how to exploit the electromagnetic spectrum.
Design and Innovation
US Cyber Command is fast-tracking dedicated “cyberwarrior” training platform (OODA Loop) The U.S. Cyber Command is fast-tracking a training platform to provide “cyberwarriors” with training resources comparable to what traditional forces use to train on the ground. “According to Jim Keffer, director of cyber at Lockheed Martin, it will be more than just a cyber range” and will include scenario design
Wargaming with Athena: How to Make Militaries Smarter, Faster, and More Efficient with Artificial Intelligence (War on the Rocks) For Clausewitz, while the character of war changes, the nature is immutable. For U.S. Secretary of Defense Jim Mattis, an avid reader of military history and theory, the emergence of artificial intelligence (AI) challenges this time-tested principle. He is not alone. At a recent AI conference, former U.S. Deputy
Strategic Partnership Steering Connected Vehicle Security in the Right Direction (Irdeto) Irdeto and SafeRide to provide the only solution on the market that combines network security with software security on the ECU, allowing OEMs and Tier-1 suppliers to detect tampering and anomalies to protect against and respond to cyberattacks
Research and Development
Netskope Issued Patent for Context-Aware Data Loss Prevention (PR Newswire) Netskope, the leader in cloud security, today announced that it has...
Academia
NSA designates UTSA a National Center of Academic Excellence in Cyber Operations (UTSA Today) The University of Texas at San Antonio (UTSA) has been designated by the National Security Agency (NSA) as a National Center of Academic Excellence in Cyber Operations Fundamental (CAE-Cyber Operations) for 2018 through 2023.
Legislation, Policy, and Regulation
Trump warned not to bring up cyber at Korea summit (Fifth Domain) Experts and lawmakers warn that discussing cybersecurity during a planned summit with North Korea could backfire for President Donald Trump.
Does Russia Want a Cyber Agreement? Who’s Listening? (CyberDB) A recent interview of Russian President Vladimir Putin revealed insight into his – and by extension – Russia’s views concerning cyber attacks, and really the cyber domain, as a whole. Made at a joint press briefing with France’s president, when asked about alleged interference in the 2016 U.S. presidential election, Putin remarked: “Action always causes …
SIA Commends Department of Commerce and Department of Homeland Security on Botnet Report (Security Industry Association) Report follows Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure SILVER SPRING, Md. – On May 30, 2018, the U.S. Departments of Commerce and Homeland Security released an action-oriented report on how the private sector and government can collaborate to mitigate against the threat of botnets and automated distributed attacks. The…
Where are Canada’s white hat hackers? While U.S. ramps up ‘bug bounty’ cyber-defence programs, Trudeau government demurs (National Post) Some experts believe the government risks leaving security holes if it doesn’t harness the global hacker community to help solve the problem
Litigation, Investigation, and Law Enforcement
Former intel officer accused of leaking secrets to China (Fifth Domain) The information the contractor attempted to transmit to China may have included documents related to U.S. Cyber Command, according to a Department of Justice complaint.
Prominent Ukrainian Journalists Question 'Russian Hit List' (RadioFreeEurope/RadioLiberty) Ukrainian authorities claimed to have uncovered a “hit list” during the controversial operation they say was necessary to foil a real plot to assassinate Russian journalist Arkady Babchenko. But like that operation, some believe it to be a fake.
Compliance Failure Leads to Record Aussie Penalty (Wall Street Journal) Failure to properly assess the money-laundering risks of a new product led to the largest-ever civil corporate penalty imposed by Australian regulators, observers said.
Paul Manafort Learns That Encrypting Messages Doesn't Matter If the Feds Have a Warrant to Search Your iCloud Account (Gizmodo) Federal prosecutors have accused Paul Manafort of witness tampering, alleging that he used WhatsApp and Telegram in an attempt to coordinate his testimony with old business associates.
Paul Manafort’s Terrible Encrypted Messaging OPSEC Got Him Additional Charges (Motherboard) Don’t commit crimes. But if you do, don’t back up the evidence of your crimes to Apple or Google’s cloud, where it doesn’t matter that the evidence was originally end-to-end encrypted.
Dark Web Marketplaces Dissolve Post-AlphaBay, Hansa Takedown (Dark Reading) Cybercrime marketplaces reshape into smaller forums and individual chats as threat actors find new ways to evade law enforcement.
Cyber expert: Colangelo investigation like 'old-school detective work' (Sportsnet.ca) The Sixers have launched an investigation into whether Colangelo used a variety of Twitter accounts to anonymously trash some of his own players and fellow executives, including Toronto Raptors president Masai Ujiri, and defend himself against criticism from fans and the sports media.
Edward Snowden has 'no regrets' five years after NSA leaks (Inquirer) Whistleblower claims the 'world is a better place' following revelations,Security ,national security agency,Edward Snowden,GCHQ,nsa,Privacy ,Security
Years of Police Dashcam Video Lost in Atlanta Ransomware Incident (BleepingComputer) The Atlanta Police Department has lost years worth of police car dashcam videos following the March ransomware attack that affected most of the city's IT infrastructure.