Cyber Attacks, Threats, and Vulnerabilities
China backed off from hacking U.S. companies. Now it is at it again. (McClatchyDC) China's state hackers return to their old ways of stealing U.S. trade secrets, disregarding a 2015 agreement not to do so. Robotics, biomedicine, space companies are among those hit.
InvisiMole cyber espionage malware detailed (SC Media US) A rarely used, but very powerful cyberespionage malware with the ability to install backdoors, remotely execute code and grab sound and audio from the affected device has been discovered and analyzed by ESET researchers.
Zero-Day Flash Exploit Targeting Middle East (Threatpost) A zero-day vulnerability is being exploited in the wild in targeted attacks against Windows users in the Middle East, researchers warned Thursday.
Flash zero-day shows up in Qatar amid geopolitical struggles - CyberScoop (Cyberscoop) A zero-day vulnerability in Adobe Flash was recently used to infect a likely diplomatic target in Qatar with malware, new research from Seattle-based cybersecurity company ICEBRG and Chinese tech firms Qihoo and Tencent shows.
Flash zero-day exploit. Act now! (Naked Security) A newly discovered flaw in the Flash Player is being exploited in the wild – update Flash, or remove it.
Triton ICS Malware Developed Using Legitimate Code (SecurityWeek) The developers of the Triton/Trisis ICS malware reverse engineered a legitimate library to understand the TriStation protocol used by Triconex SIS controllers
Cisco Says VPNFilter Attacks Bigger and Badder Than Originally Thought (SDxCentral) Russian hackers behind the VPNFilter attacks are targeting even more vendors’ networking devices, according to Cisco Talos threat researchers. And a newly d
What Companies Should Know About VPNFilter (Wall Street Journal) The revelation on Wednesday of a network of hacked routers and storage devices that could be used to launch a massive cyberattack shows how connected devices with weak security safeguards are making companies vulnerable to powerful cyberattacks, experts say.
Ticketfly Says 27 Million Accounts Compromised During 'Malicious' Attack (Billboard) Event ticketing platform Ticketfly said on its website that roughly 27 million user accounts were compromised during last week's cyber attack.
Facebook Admits Privacy Settings 'Bug' Affecting 14 Million Users (SecurityWeek) Facebook said a software glitch that changed the settings of some 14 million users, potentially making some posts public even if they were intended to be private.
Chinese phone maker Huawei says it never collected Facebook user data (The Mercury News) Huawei, a company flagged by U.S. intelligence officials as a national security threat, was the latest device maker at the center of a fresh wave of allegations over Facebook’s handling of pr…
Why Facebook tie-up with China’s Huawei is the sum of all US fears (South China Morning Post) ‘If Facebook granted Huawei special access to social data of Americans, it might as well have given it directly to the government of China’
Cryptomining malware digs into nearly 40% of organizations worldwide (Help Net Security) Check Point published its latest Global Threat Index for May 2018, revealing that the Coinhive cryptominer impacted 22% of organizations globally – upCheck Point published its latest Global Threat Index for May 2018, revealing that the Coinhive cryptominer impacted 22% of organizations globally.
$1.1 billion in cryptocurrency has been stolen this year, and it was apparently easy to do (CNBC) More than $1 billion worth of cryptocurrency was stolen in the first half of 2018, and unfortunately for those who own crypto, it's pretty easy to do, according to cybersecurity company Carbon Black.
Unsecured mobile endpoints are leaving the public sector vulnerable to cyberattacks (Fedscoop) In recent years, the public sector has fallen in line with the rest of society, taking a sharp turn toward mobility. In today’s connected environment, this trend is playing a significant role in shaping the U.S. government’s mission to better serve and protect our nation’s citizens. Mobile devices provide users with an added level of …
How your stolen data ends up on the Dark Web marketplace (TechRepublic) Terbium Labs chief research officer Munish Walther-Puri outlined the pathways that hacked data can travel, and who's involved in prevention efforts.
Criminals target public WiFi at FIFA games: Kaspersky (ITWeb) Third parties interested in financial and other sensitive information focus on such sporting events, the firm warns.
E-voting and DDoS concerns: The devil's in the details (Help Net Security) When doing DDoS mitigation (or any other security mitigation), certain issues need to be considered. Ben Herzberg from Imperva provides insight.
Atlanta officials reveal worsening effects of cyber attack (The Express Tribune) The administration has disclosed little about the financial impact or scope of the March 22 ransomware hack
CloudPets May Be Out of Business, But Security Concerns Remain (Threatpost) Amazon, Target and Walmart have pulled the bears from their online markets; but it's the installed base of the connected cuddlies that should be of greater concern.
The Risks of Shadow IT at Financial Services Firms (Finextra Research) Businesses across all verticals are dealing with the fallout from shadow IT, whether they realise it...
Anatomy of a Russian 'Troll Factory' News Site (bellingcat) When browsing through stories on the newly-established media outlet USAReally.com, you may think that you are reading a procedural-generated site that exists entirely from search engine optimization tricks, stealing articles from more established outlets and reposting them as if they were original. However, a closer inspection shows that there are no advertisements on the site...
Security Patches, Mitigations, and Software Updates
Adobe Issues Emergency Patch for Flash Zero-Day (Dark Reading) Adobe has patched four security vulnerabilities today, including a zero-day being actively exploited in the wild.
Serious Flaws Found in Philips Patient Monitoring Devices (SecurityWeek) High severity vulnerabilities found by researchers in patient monitoring devices from Philips. Vendor provides mitigations until patches are available
Cyber Trends
Seven key takeaways from Infosec 2018 (Channelnomics) Channelnomics Europe attended this year's Infosec Europe in London and asked channel partners for their key takeaways from the event
Corporate Boards More Likely to Scrutinize Cybersecurity Effectiveness Than Regulators (CPA Practice Advisor) As pressure to develop more effective corporate cybersecurity programs continues to mount, 62.7 percent of C-suite and other executives in a recent Deloitte poll expect board of director requests for reporting on cybersecurity program effectiveness to...
Two in three hit delete button on social media accounts over personal data misuse, Centrify poll (ResponseSource Press Release Wire) More than half of those polled admit they would ditch a company following a data breach With the Facebook scandal involving Cambridge Analytica still fresh in people’s minds, two-thirds of profess...
Report says America has most vulnerable web (Fifth Domain) The study is a digital call to arms for government and private security firms to secure the web.
Secure Aviation Requires a Connected Industry (Avionics) Alaska Airlines is no longer an airline. That’s according to Jessica Ferguson, Alaska’s director of security architecture. It’s now “a technology company that flies planes.” Delivering a keynote speech at this week’s Global Connected Aircraft Summit in San Diego, Ferguson was discussing company culture in the age of connectivity. Particularly for an 85-year-old company that …
Marketplace
Cyber Command Steps Up Recruiting Efforts With Special Hiring Authority (U.S. DEPARTMENT OF DEFENSE) On-the-spot job offers, using nontraditional recruitment sources and direct hiring are some of the latest options available to U.S. Cyber Command hiring managers under the new Cyber Excepted Service
#Infosec18: “Ridiculous” Problems Perpetuating Cyber-Skills Crisis (Infosecurity Magazine) New Hall of Fame inductee James Lyne says new approaches are needed
Google Won't Use Artificial Intelligence for Weapons (SecurityWeek) Google said it would not use artificial intelligence for weapons or to "cause or directly facilitate injury to people," as it unveiled a set of principles for these technologies.
What is ZTE, and why does the US think it's a national security threat? (CNNMoney) The United States has struck a deal with ZTE, a Chinese smartphone maker.
Leidos lets go of commercial cyber (Washington Technology) The number of government contractors who have tried and failed to integrate a commercial cyber business continues to grow now as Leidos announces plans to sell that business to Capgemini.
Capgemini to acquire Leidos Cyber to strengthen services in North America (The Economic Times) Leidos Cyber, which has 10 years of experience in the commercial cybersecurity business, employs a team of nearly 500 elite cybersecurity professionals.
Intertek expands in cyber security markets with purchase of network security firm NTA Monitor (Proactiveinvestors UK) Intertek Group (LON:ITRK) - The FTSE 100-listed testing, inspection and certification services provider noted that NTA employs 48 people across the UK and Malaysia and generated revenue of £3.2mln in 2017
Downtown Troy cybersecurity company acquires Rochester business (Albany Business Review) "They called us and said they wanted to talk," said Reg Harnish, CEO and founder of GreyCastle. "We saw it as an opportunity to make a partner."
Security company, former DISA director pitch DoD on 'quantum-safe' tech (Fedscoop) Quantum security company ISARA Corp., has joined forces with a consulting firm led by former DISA director Ronnie Hawkins to help make the DoD quantum-safe.
Palo Alto Networks Back In The Market's Good Graces, And Outperformance Is Getting Harder (Seeking Alpha) Helped by new product introductions, increasing subscription attach rates, and easier comps, Palo Alto has posted impressive growth re-acceleration over the las
Zscaler Stock Pops As Cloud Security Specialist Tops Expectations (Investor's Business Daily) Zscaler stock popped Thursday after the cybersecurity firm reported a narrower-than-expected fiscal third-quarter loss with revenue beating estimates.
Cylance's EMEA channel boss on the vendor's hype, UK growth and channel 'hit squad' (CRN) Stuart Quinsey talks CRN through the vendor's progress in EMEA after arriving with a bang two years ago
Carbon Black forecasting $200m revenue in first year on stock exchange (CRN) Cybersecurity vendor sees revenue climb following IPO in May
Verizon CEO to Retire, Succeeded by a Newcomer (Wall Street Journal) Verizon Communications named Hans Vestberg to succeed Lowell McAdam as its next chief executive, appointing a relative newcomer to run the wireless giant at a time when its industry is being reshaped by megadeals.
Gavin Patterson to leave BT following adverse shareholder reaction to cost-cutting plan (Computing) BT CEO Patterson to remain in charge until successor is appointed
Threat Sketch CEO Rob Arnold Named to NSBA Leadership and Small Business Technology Councils (PR Newswire) Threat Sketch CEO Rob Arnold was recently named to the National...
Products, Services, and Solutions
New infosec products of the week: June 8, 2018 (Help Net Security) New infosec products of the week include releases from Symantec, RedLock and Cofense.
Cyber Protection for Real Estate Requires New Strategies: Hunt. Isolate. Protect. (PR Newswire) RYCOM Corporation and Blackpoint Cyber (Blackpoint) announced...
Palo Alto Networks Reaches FedRAMP Milestone (PR Newswire) Palo Alto Networks® (NYSE: PANW), the global cybersecurity leader,...
Symantec intros cloud-based network security platform with web isolation (Telecompaper) Symantec announced new innovations and enhancements to its Network Security for the Cloud Generation platform, designed to protect enterprise devices, anywhere their employees work or travel, across the network, the cloud, mobile and traditional endpoints.
AvePoint's Compliance Guardian Now Combines Risk Management, Data Classification and Protection Solutions (Benzinga) New components align security, privacy and IT professionals to mitigate security risks and achieve regulatory compliance for GDPR, ISO and more.
Technologies, Techniques, and Standards
Information security in a war zone: How the Red Cross protects its data (CSO Online) The International Committee of the Red Cross faces unique and extreme security threats across the globe. Technology is not always the best defense.
Privacy and the Internet of Things: Emerging Frameworks for Policy and Design (CLTC) Regulators and product makers need to do more to protect consumer data in the Internet of Things (IoT), as the rapid proliferation of web-connected devices is leading to the potentially irreversible erosion of our personal privacy. That is among the key findings of a new research report, Privacy and the...
Why Best of Breed May Not Be Best (Tanium Blog) It’s no secret that many organizations rely on numerous tools to manage technology operations and security. Purchased over the years to solve the hottest new problem, these tools combine to form layers of often-overlapping capabilities.
Understand the mobile cyber threat and how to mitigate it (FederalNewsRadio.com) Bob Stevens, Lookout’s vice president for the public sector and Kristen Todt, managing partner of Liberty Group Ventures, outline the mobile security situation and offer practical insight for getting it under control.
Defense Digital Service redesigns Army Cyber Command training (Fedscoop) The Defense Digital Service has cut down the training time for Army cyber-operations specialists from six months to just 12 weeks in a new pilot project, helping the Army Cyber Command boost its pipeline of talent. DDS, known for trying to get the military to think differently about building and buying technology, worked with the Army Cyber …
Education is as Important as Protection When It Comes to Battling... (Reuters) When you consider today’s growing volume of cyberthreats to consumers and businesses, it’s easy to feel overwhelmed.
The Internet of Things Era: 6 Ways to Stay Safe (Reuters) Cyber intruders spied on kids and parents through baby monitors. Smart locks on hundreds of homes failed after a software update.
Security Think Tank: Understand data for risk-based protection (ComputerWeekly) Why is it important to know where data flows, with whom it is shared and where it lives at rest, and what is the best way of achieving this?
Digital Guardian On The Importance Of Recognizing Unstructured Data (CRN) The ability to recognize unstrcutured data could make all the difference in your company's security measures.
Design and Innovation
Ash Carter’s pointed message to Silicon Valley; Great-power contracts; Northrop closes Orbital deal; and a bit more. (Defense One) Government news resource covering technology, performance, employment, telework, cybersecurity, and more for federal employees.
Research and Development
How lattice-based cryptography will improve encryption (SearchSecurity) Lattice-based cryptography could be the answer to quantum computing-based attacks on encryption. Here's a look at the principle of lattice cryptography and how it can improve encryption.
We Asked MIT Researchers Why They Made a ‘Psychotic AI' That Only Sees Death (Motherboard) People have begun writing letters directly to the AI, pleading with it to seek a more positive outlook on life.
Academia
NSA Names Cedarville University a National Center of Academic Excellence in Cyber Operations (Markets Insider) The National Security Agency (NSA) has named Cedarville University a National Center of Academic Excellence...
Virginia House budget includes $40 million for new Virginia Tech cybersecurity program (Roanoke Times) Virginia lawmakers have backed plans to expand cybersecurity education in the state by creating a $40 million master’s degree program led by Virginia Tech.
Lawmakers discuss national security concerns and Chinese students (Inside Higher Ed) As Senate subcommittee takes on issue of international students and national security, some raise concerns about generalizations that would paint Chinese students and scholars broadly as spies.
Legislation, Policy, and Regulation
From cyber to readiness, here’s what came out of NATO’s defense ministers meeting (Fifth Domain) Thursday’s meeting of NATO defense ministers has concluded, with a number of decisions finalized.
NATO trumpets resolve over Russia, plays down divisions (Military Times) NATO defense ministers met Thursday in a fresh show of resolve against Russia and played down a series of festering trans-Atlantic disputes that threaten to undermine unity across the 29-nation military alliance.
Beijing wants cyber-sovereignty and it may be justified (China Policy Institute: Analysis) Like all things associated with “cyber,” the question of sovereignty is one of those areas that has proven divisive in the international community. Generally, western go…
Sen. Mark Warner: We'll 'absolutely' try to block 'awful, awful' deal with China's ZTE (CNBC) The Senate is virtually united against the Trump administration's deal to end sanctions with China's ZTE, says Sen. Mark Warner.
DOD Must Comply with DHS Cybersecurity Directives Under Senate Bill (Nextgov.com) Homeland Security has issued numerous binding cybersecurity directives recently, including banning Kaspersky anti-virus and mandating email security.
HHS center for cyber threat sharing comes under fire (Health Data Management) Members of Congress say there is confusion regarding the role and status of the Health Cybersecurity and Communications Integration Center.
GDPR: A Compliance Quagmire, for Now (Threatpost) Experts say the devil is in the details when it comes to complying with the swath of new privacy and cybersecurity laws enforced by the European Union’s General Data Protection Regulation.
GDPR: A Four-letter Word With Global Ramifications (SecurityWeek) The GDPR compliance deadline is the starting point for a longer journey towards protecting user data on a global scale. As the ramifications of GDPR begin to take effect, here are a few things that can be done.
Shape up US businesses: GDPR will be coming stateside (Help Net Security) One of the most important elements of GDPR that is likely to come to the US is consumer consent and education around companies’ personal data collection.
Data Breach Laws are Increasingly Common, do they make a Sufficient Difference? (Infosecurity Magazine) The idea that data security laws lack punch isn't just idle speculation.
Joondalup takes action on business cyber safety (Technology Decisions) The City of Joondalup has opened registrations for its cyber business forum, and business stakeholders are urged to participate.
Litigation, Investigation, and Law Enforcement
Google to face record EU fine over Android anti-trust issues (Computing) Reuters claims Google will be whacked with record fine in early July
US lawmakers examining Google's relationship with Chinese tech firms (CNNMoney) Google's ties to Chinese firms, including smartphone maker Huawei, are a subject of interest for several Congress members.
ZTE to pay another $1bn to US and replace its board in deal to end crippling sanctions (Computing) ZTE agrees to US-approved compliance department and big fine to avoid going down the tubes,Communications,Hardware,Leadership ,ZTE,Wilbur Ross,Commerce Department,CNBC
Former Senate Aide Charged With Lying To FBI About Contacts With Reporters (NPR.org) A grand jury indictment alleges James A. Wolfe made false statements to FBI agents about contacts with multiple reporters.
Snowden’s ex-boss: Leak was ‘worst nightmare’ (Fifth Domain) Five years after Edward Snowden's disclosures, his former boss speaks to Fifth Domain.
GOP chairman seeks Obama-era communications, docs on Russian interference (TheHill) The Republican chairman of the Senate Homeland Security Committee is pressing officials to unearth Obama-era documents used to brief Congress in September 2016 on Russian attempts to interfere in the presidential election.
Ryan undercuts Trump on Russia at fraught moment (POLITICO) The speaker’s criticism of ‘spygate’ and self-pardons, however gentle, comes as some Republicans want him out.
You Can File Complaints About Cryptojacking With the FTC (BleepingComputer) The US Federal Trade Commission (FTC) is now open to taking complaints from US users about cryptojacking —the practice of using JavaScript code to mine cryptocurrencies inside users' browsers without notifying them in advance or requesting permission.
Ajit Pai’s FCC lied about “DDoS” attack, ex-chair’s statement indicates (Ars Technica) Wheeler: There was no "coverup" of 2014 DDoS attack, because there was no DDoS.
Busted by a Facebook ‘friend’ who’s an undercover cop? It’s legal! (Naked Security) Friending somebody means assuming the risk that they’re an undercover cop or informant.