Cyber Attacks, Threats, and Vulnerabilities
Explainer: How Vulnerable Are Undersea Cables That U.S. Says Russia Is Tracking? (RadioFreeEurope/RadioLiberty) Western powers have warned that Russia could attack deep-sea cables that form what is known as the "backbone of the global Internet," though some experts suggest the threat may be overblown.
North Korean Hackers Abuse ActiveX in Recent Attacks (SecurityWeek) ActiveX zero-day vulnerability discovered recently on the website of a South Korean think tank focused on national security has been abused by North Korea’s Lazarus group
Exclusive - U.S. counterspy warns World Cup travellers' devices could be hacked (Reuters) The top U.S. counterintelligence official is advising Americans travelling to Russia for football's World Cup beginning this week that they should not take electronic devices because they are likely to be hacked by criminals or the Russian government.
Trump and Kim USB fan raises eyebrows (BBC News) Cyber-security experts warn about a laptop-powered fan given to reporters at the summit.
The danger lurking in the Singapore summit’s freebies (Fifth Domain) Journalists at the Singapore summit received a free USB powered fan. It could be a digital death-trap.
New 'PyRoMineIoT' Malware Spreads via NSA-Linked Exploit (SecurityWeek) Cryptocurrency miner malware PyRoMineIoT uses NSA-linked exploit to spread and leverages infected machines to scan for vulnerable IoT devices
BabaYaga: The WordPress Malware That Eats Other Malware (Wordfence) Recently, Defiant’s analysts have been tracking a particularly sophisticated malware infection responsible for generating spam links and redirection, while still remaining relatively difficult for victims to detect. Dubbed “BabaYaga” by our team, this infection is notable for containing code capable of removing its competition. BabaYaga actually has the ability to remove other malware. While this …
Trik Spam Botnet Leaks 43 Million Email Addresses (BleepingComputer) Over 43 million email addresses have leaked from the command and control server of a spam botnet, a security researcher has told Bleeping Computer today.
Inspector general: 2 US dams at risk of ‘insider threats’ (Fifth Domain) An evaluation released Monday by the U.S. Department of the Interior doesn't name the two dams, and spokeswoman Nancy DiPaolo cited national security concerns. But they are among five dams operated by the U.S. Bureau of Reclamation that are considered
DHS experts warn it's a "matter of time" before hackers hit commercial airliners (CBS News) At a presentation in January, researchers warned it is "a matter of time before a cybersecurity breach on an airline occurs"
Analysis Of Banco De Chile + Continued Cyber Attacks On Banks (Information Security Buzz) As you may have heard, Banco de Chile is the latest victim in a string of cyber attacks targeting payment transfer systems and in a similar vein to the recent Mexico heist, hackers wreaked havoc on banking operations. Ofer Israeli, CEO at Illusive Networks, believes the Lazarus Group, one of the most notorious band of cybercriminals, is behind this, …
New Android malware stealing financial data from users in India: Quick Heal (Hindustan Times) The two new Android malware are said to appear in the form of notifications from WhatsApp, Facebook, and banking apps as well.
Security consultants mop up after PageUp breach (CRN Australia) Melbourne's Hivint works to remediate after attack.
Phishing theft of $93G at clean energy agency went unreported for months (Boston Herald) A cyber scammer stole nearly $94,000 in public funds from the Massachusetts Clean Energy Center last year, with news of the theft-by-email taking 8 months to reach the quasi-public agency’s board of directors, according to a state audit.
Millions of Dixons Carphone customers' details stolen in huge cyber attack (The Independent) Hackers had access to people's personal information, the retailer said
Facebook knows exactly how many times you’ve searched for your ex (Quartz) There's good news: you can delete your queries.
TechMan Texts: Microsoft didn't really detect that security error (Pittsburgh Post-Gazette) If you use a computer, chances are you’ve seen a pop-up message like this: “Microsoft detected security error. Due to suspicious activity found on your ...
County increasing security after April 23 cyber attack (Dawson News) County Manager David Headley recently released details about the ransomware attack that crippled Dawson County government computer systems earlier this year.
Another week, another bitcoin hack, another huge price drop (WIRED UK) Bitcoin is a technology solution for a financial problem, but it's undermined by poor tech infrastructure. Coinrail is the latest cryptocurrency exchange to be hacked
Around 5% of All Monero Currently in Circulation Has Been Mined Using Malware (BleepingComputer) At least 5% of all the Monero cryptocurrency currently in circulation has been mined using malware, and about 2% of the total daily hashrate comes from devices infected with cryptocurrency-mining malware.
Security Patches, Mitigations, and Software Updates
Microsoft June 2018 Patch Tuesday Fixes 50 Security Issues (BleepingComputer) Microsoft has released the June 2018 Patch Tuesday security updates, and this month's release comes with fixes for 50 vulnerabilities.
Microsoft Patch Tuesday, June 2018 Edition (KrebsOnSecurity) Microsoft today pushed out a bevy of software updates to fix more than four dozen security holes in Windows and related software.
Microsoft to Windows 7, Windows 8 users: We're about to end forum tech support (ZDNet) If you have a Windows 7 or 8, Office 2013, or Surface Pro problem, you'll have to rely on the community for answers.
Google removes inline installation option for Chrome extensions (Help Net Security) Google is shutting down an often used vector for delivering malicious Chrome extensions to users by removing the inline installation option.
Crestron Patches Command Injection Flaw in DGE-100 Controller (SecurityWeek) Crestron patches critical command injection vulnerability affecting the console service on its Digital Graphics Engine 100 (DGE-100) and other controllers
DNS amplification attacks rise twofold in Q1, according to Nexusguard DDoS attack data (Business Insider Singapore) Cybersecurity researchers advise organizations seek virtual patches, secure configurations throughout device and service lifecycles
Majority of execs have paid a hacker's ransom, Radware finds (ROI-NJ) A majority of executives have paid a hacker’s ransom following a cyber attack, according to Radware’s 2018 Executive Application and Network Security Report. Radware, a provider of cybersecurity and application delivery solutions based in Mahwah, reported 53 percent of executives it surveyed have paid ransom following a breach. “A ransom payment may make the problem …
Has paying the ransom become business as usual? (Help Net Security) According to the 2018 Executive Application and Network Security Report, 53% of executives reported paying a hacker’s ransom following a cyber-attack.
Cost of lagging DevOps and microservice enablement? $34 million per year (Help Net Security) 74% believe DevOps enablement capabilities are essential, but only 33% believe their organization has the ability to deliver those capabilities.
Banks planning further integration of regulatory data (Help Net Security) Most global banks want to integrate their regulatory workflow data. But keeping up to date with the fast pace of regulatory change is hindering that move.
Investors wipe $3 billion off China's ZTE as U.S. settlement sinks in (Reuters) Investors wiped about $3 billion off embattled Chinese telecommunications giant ZTE Corp's market value as it resumed trade on Wednesday after agreeing to pay up to $1.4 billion in penalties to the U.S. government.
Commentary: How Bailing Out ZTE Damaged America’s Credibility (Fortune) Specifically toward Iran
China's Huawei set to win $120 million Perth contract despite spying concerns (Financial Review) Chinese phone company Huawei is set to emerge as the winning bidder for a major telecommunication contract in Perth, despite strict federal government conditions and strong objections from national security experts.
Huawei is still growing in Bellevue despite national security backlash (Puget Sound Business Journal) Huawei is waiting for scrutiny to pass and believes a phone deal with AT&T is more likely after regulators approved its Time Warner takeover, according to a source.
Today, the EU Will Vote on a Motion That Recommends Banning Kaspersky Products From Official EU Networks (BleepingComputer) In a plenary session of the European Parliament that will be held today in Strasbourg, France, members of the European Parliament (MEPs) will vote on a motion for resolution which includes a clause to ban the use of software programs "that have been confirmed as malicious, such as Kaspersky Lab."
Kaspersky looks to grow 25% by 2019 in India (ETtech.com) The company today detects more than 3 lakh new malwares daily, Kaspersky Lab South Asia general manager Shrenik Bhayani told ET.
'Warranty included' -the future of cybersecurity? (CRN) CrowdStrike's announcement of a cyber warranty offering has some questioning if this is the start of an industry trend
WSJ Top 25 Tech Companies to Watch 2018 (Wall Street Journal) Three industries—AI, blockchain and cybersecurity—dominate the list of companies that look like emerging tech leaders.
Siemens Selects Claroty as Strategic Partner for Advanced Anomaly Detection and Invests in Company (Claroty) Claroty, the leader in cybersecurity for industrial control networks, and Siemens, a global technology powerhouse focusing on the areas of electrification, automation, and digitalization, today announced a global partnership.
Tenable and Siemens partner to secure critical infrastructure & reduce cybersecurity risks (Windpower Engineering & Development) Tenable, Inc., the Cyber Exposure company, announced the industry’s first solution designed to reduce cybersecurity risk across converged IT/OT environments. The company has enhanced its Tenable.io platform and Industrial Security — an asset discovery and vulnerability detection solution for Operational Technology (OT) systems. Tenable is working in partnership with Siemens to better enable organizations to…
VictorOps bought for $120M, plans to expand in Boulder (Times Call) VictorOps, a Boulder software developer and incident management solutions provider, has been bought for $120 million by San Francisco-based data platform company Splunk.
Deep Instinct Continues Momentum in North America with the Addition of a VP of Technology and Opening of New Headquarters (BusinessWire) Deep Instinct, the first company to apply deep learning to cybersecurity, announced today the appointment of Jason Mical to Vice President of Technolo
Optiv Security Announces Key Executive Appointments Aligned to Global Services Expansion and Business Growth Strategy (Financial Post) Optiv Security, the world’s leading security solutions integrator, today announced it has named Chad Holmes as chief services and operations officer and Nate Brady as chief financial offic…
Products, Services, and Solutions
Paladin Cyber Introduces Paladin Browser Protection as Google Chrome Extension, the First-Ever Comprehensive Cyber Protection Toolkit (CIO Dive) Free extension keeps hackers out of consumer’s browsers and inboxes to protect private information
Dataguise and Snowflake Join Forces to Provide Complete Compliance Readiness for Highly Regulated Organizations (GlobeNewswire News Room) Dataguise Provides Data Privacy/Compliance Wrapper for the Data Warehouse Built for the Cloud
Untangle Releases NG Firewall 14.0 with Enhanced Support for Secure SD-WAN (Untangle) Latest Update Reduces Connectivity Costs and Simplifies Management at the Network Edge SAN JOSE, Calif.– June 12, 2018 – Untangle®, Inc., a leader in comp
Seattle International Film Festival Deploys WatchGuard APs to Ensure Robust, Secure Wi-Fi for Guests and Staff (PR Newswire) WatchGuard® Technologies, a leader in advanced network security solutions,...
Telos ID to Provide Nationwide Fingerprinting Services to U.S. Census Bureau (Telos) Identity Management Leader Teams with IndraSoft to Support Census Hiring Ashburn, Va. – June 13, 2018 – Telos Identity Management Solutions, LLC (Telos ID) was awarded a subcontract under IndraSoft, Inc.’s $64 million, multi-year…
High-Tech Bridge launches VAR partnership program for ImmuniWeb® AI (CIO) High-Tech Bridge, a global provider of web and mobile application security and winner of SC Awards 2018 Europe’s “Best usage of Machine Learning / AI” category, announces a launch of an international Value Added Reseller (VAR) partnership program today.
MyShield – Cool Cousin and Neex (Blonde 2.0 PR system) The open source platform is battling online fraud in the crypto sphere through community involvement and a digital rewards ecosystem
MSPAlliance Launches GDPR Program for Service Providers (PR Newswire) The International Association of Cloud & Managed Service...
NSS Labs to Develop Its 2018 Web Browser Security Comparative Reports (GlobeNewswire News Room) The Company Invites Industry Engagement to Help Evolve Its Forthcoming Test and Methodology
Sophos Launches Email Advanced Service to Improve Security (eWEEK) Sophos expands its security portfolio with an enhanced email security service that protects against threats and helps to improve email integrity and authenticity.
Gemalto unveils new virtualized encryption platform (Security Brief) “Gemalto’s launch of a virtualised network encryption platform redefines network data security by providing the crypto-agility required."
Technologies, Techniques, and Standards
Cybersecurity Must be Both Strategic and Tactical: 7 Takeaways... (Bricata) Healthcare struggles to get complete visibility into the IT infrastructure because it’s often an eclectic mix of technologies amassed both from organic purchased and company acquisition. The additional constraints of budget limits, and the move to the... #cloudsecurity #healthcaresecurity #ids
Somebody Else's Security: Rethinking Cloud FUD (Infosecurity Magazine) The list of enterprise IT organizations who had their private data publicly exposed in 2017 because of misconfigured AWS S3 buckets is long.
How to Secure Your AWS Storage Buckets (Data Center Knowledge) Amazon is responsible for securing its cloud. Your security inside its cloud is on you.
Akamai Mitigates Largest DDoS Attack in Firm’s History (Meri Talk) Akamai today released an Attack Spotlight recounting how it mitigated the largest distributed denial of service (DDoS) attack in its history. Earlier this year, an Akamai client, an unnamed software company, was the target of a massive DDoS attack–one that broke the 1 terabyte per second threshold for the first time.
10 Security Projects CISOs Should Consider: Gartner Analyst (eSecurity Planet) Gartner analyst lists 10 security projects CISOs should consider this year - and 10 they should have already done.
5 simple tips to keep your business secure from cyberattacks (The Economic Times) Several experts have cited the urgent need for SMEs to secure their online premises, however, many SMEs do not go beyond installing a basic anti-virus solution.
Design and Innovation
USCYBERCOM Awards Cyber Innovation Contract to MISI (MISI) The Maryland Innovation and Security Institute (MISI) has been awarded a five-year Partnership Intermediary Agreement (PIA) by United States Cyber Command (USCYBERCOM) to innovate new technologies in an unclassified, state-of-the-art facility located in Columbia, MD.
Security Vulnerabilities: A Threat to Automotive Innovation (SecurityWeek) As automakers rush to bring more connected cars to market, it is important that they don't skip the basics of cybersecurity and compromise the safety of their vehicles.
Legislation, Policy, and Regulation
Chinese attacks on contractors ‘a phenomenon’ on the rise (Fifth Domain) China's reported hacking of a Navy defense contractor illustrates the struggle to guard secrets.
Panel: Kremlin Now Reaping Benefits From Years of Investment in Information Warfare (USNI News) The Russian strategic decision to value information dominance over cyber warfare is reaping major dividends in sowing distrust among the Western democracies, a former director of the CIA and NSA said on Monday. In the 1990s, “Russia went to door number two” in choosing information dominance, partially because many in the Kremlin then were familiar …
Feds lay out plan to boost online defences amid shortfall of cyber warriors (CTVNews) The federal government unveiled its plan to bolster Canada's defences against nefarious online attacks and crime Tuesday, even as it acknowledged a shortage of skilled cyber-warriors to meet the country's needs.
Legislators want to mandate WH cyber post (again) (Federal Times) The White House cyber coordinator post was left vacant after its most recent occupant Rob Joyce announced his return to the National Security Agency in May 2018.
DHS putting the pedal to the metal for one of its major cyber programs (FederalNewsRadio.com) Kevin Cox, the program manager for the continuous diagnostics and mitigation program, said ongoing assessments and mobile security are among the top priorities for 2018 and beyond.
OPM wants to know the most critical cyber workforce needs (Fifth Domain) And it wants to know earlier than previously requested.
US repeals net neutrality rules, what happens now? (Help Net Security) Net neutrality rules have been officially repealed in the US on Monday, as the Restoring Internet Freedom Order by the Federal Communications Commission
2018 NSA Law Day Speech (Lawfare) Remarks delivered to the 29th annual National Security Agency Law Day on June 8.
Litigation, Investigation, and Law Enforcement
Kaspersky sues Dutch newspaper for defamation (The Stack) Embattled security firm Kaspersky has taken its fight against 'fake news' to the next level by suing Dutch newspaper De Telegraaf for defamation.
Dutch hacker, big cyber-politics, and the anatomy of ‘real’ fake news. (Nota Bene) Almost 21 years ago, I embarked on a mission to make the world a safer, better place. Today, we're proud to protect with our cybersecurity solutions the digital lives of over 400 million consumers and
Two men killed over false child kidnapping claims on WhatsApp, Facebook (CNN) Twenty-seven people have been arrested after two men were beaten to death by a mob following false social media reports suggesting they were child kidnappers, police in India said.
Florida skips gun background checks for a year after employee forgets login (Naked Security) The Florida Department of Agriculture and Consumer Services stopped using the FBI’s crime database in February 2016 because an employee couldn’t log in.
Yahoo fined £250,000 over cyber-attack (BBC News) The fine relates to a data breach in 2014 which affected more than 500,000 Yahoo customers.
Feds Bust Dozens of Email Scammers, but Your Inbox Still Isn’t Safe (WIRED) The arrest of dozens of Nigerian email scammers and their associates is a small, but important, first step toward tackling an enormous problem.