Cyber Attacks, Threats, and Vulnerabilities
Trump-Kim Summit Attracts Wave of Cyber-Attacks on Singapore (SecurityWeek) The number of cyber-attacks targeting Singapore skyrocketed from June 11 to June 12, during the meeting between U.S. President Donald Trump and North Korean President Kim Jong-un in a Singapore hotel, and most of these attacks originated from Russia
US Government warns of more North Korean malware attacks (HOTforSecurity) With Donald Trump and Kim Jong Un exchanging handshakes and smiles at the Singapore security summit earlier this month, you may have been fooled into thinking that all was cordial between the United States and North Korea. Look under the surface, however... #malwareattack #northkorea #usgovernment
US-CERT Uncovers North Korean Typeframe Malware (Infosecurity Magazine) New RAT-laden malware linked to Hidden Cobra group
Russian Troll or Clumsy Publicity Hound? (Foreign Policy) A Russian media executive says he’s come to Washington to test the limits of American freedom.
New Campaign Possibly Linked to MuddyWater (SecurityWeek) Trend Micro analyzes new campaign that appears to be linked to MuddyWater espionage
PressTV-Ex-Israeli spy chief: Iran energy sector, next cyber target (PressTV) Former Unit 8200 chief Ehud Schnerosen has referred to the energy sector as a "major pillar economy, state's cardiovascular system."
MirageFox: APT15 Resurfaces With New Tools Based On Old Ones (Intezer) Coincidentally, following the recent hack of a US Navy contractor and theft of highly sensitive data on submarine warfare, we have found evidence of very recent activity by a group referred to as APT15, known for committing cyber espionage which is believed to be affiliated with the Chinese government. The malware involved in this recent campaign, MirageFox, looks to be an upgraded version of a tool, a RAT believed to originate in 2012, known as Mirage.
Amazon, Apple and Microsoft vulnerable to ‘domain jacking’ (The Telegraph) Amazon, Microsoft and Apple have left themselves and customers vulnerable to hackers conducting a “domain jacking” attack, The Daily Telegraph can reveal.
Clipboard Hijacker Targeting Bitcoin & Ethereum Users Infects Over 300,0000 PCs (BleepingComputer) A malware campaign spreading a clipboard hijacker has infected over 300,000 computers, according to Chinese security firm Qihoo 360 Total Security. The campaign has been raging for the past week and has spread a malware which Qihoo researchers have named ClipboardWalletHijacker.
Bitcoin, Ethereum Copied Addresses Replaced by Crypto Malware to Steal Funds (CoinFrenzy | Blockchain News in Shorts) A new cryptocurrency-related malware has been found by Cybersecurity firm 360 Total Security. This malware is used to steal fund by hijacking the clipboard of the user which is then replaced with a copied Bitcoin [BTC] and Ethereum [ETH] address. Read on to know about his malware.
ClipboardWalletHijacker malware replaces address to steal cryptocurrency (HackRead) ClipboardWalletHijacker malware aims at stealing cryptocurrencies, including Bitcoin and Ethereum by monitoring clipboard activity.
Hacker Breaches Syscoin GitHub Account and Poisons Official Client (BleepingComputer) A hacker gained access to the GitHub account of the Syscoin cryptocurrency and replaced the official Windows client with a version containing malware. The poisoned Syscoin Windows client contained Arkei Stealer, a malware strain specialized in dumping and stealing passwords and wallet private keys.
Malicious JavaScript Targeting Mobile Browsers - SANS Internet Storm Center (SANS Internet Storm Center) A reader reported a suspicious piece of a Javascript code that was found on a website. In the meantime, the compromized website has been cleaned but it was running Wordpress (again, I would say![1]).
The World Cup Attracts Hackers in This One Strange Way, So Beware If You're In Town (Geek.com) With the World Cup in full force in Russia, that means hackers are also keeping an eye on the event. If that doesn’t make much sense to you, here’s the rub. In the …
Security consultants mop up after PageUp breach (CRN Australia) Melbourne's Hivint works to remediate after attack.
South Africa's Liberty Holdings suffers cyber attack (Reuters) South African insurer Liberty Holdings said on Sunday it had become the victim of a cyber attack, with an external party claiming to have seized data from the firm and demanding payment.
Liberty customers have not suffered financial losses due to cyber... (Reuters) The Chief Executive of South African insurer Liberty Holdings said its customers did not appear to have suffered any financial losses after the company reported earlier on Sunday that it had become the victim of a cyber attack.
Hackers want millions from Liberty, or will start releasing sensitive data – Report (My Broadband) Liberty stated late on Saturday night that it had been hit by an IT systems breach.
Liberty regains control after cyberattack (Business Day) The insurance industry holds sensitive data on millions of clients, including their banking details and medical reports
We did not pay ransom after massive hack - Liberty (IOL Business Report) Liberty has said that it had refused to pay the money demanded by hackers who infiltrated the group’s IT systems and extracted data from it.
Social media quizzes can provide hackers with personal information (WINK NEWS) Social media quizzes may seem fun, but scammers can use the answers you post to steal personal information. ‘What’s Your Royal Guest Name’ recently circulated on social media. People can leave their answers in the comment section for others to see. In order to find out, users are told to name one of his or …
'Nigerian prince' email scam 2.0: How to avoid falling victim to social engineering cyberattacks (ABA Journal) Lawyers at Owens, Schine & Nicola, a personal injury firm in Connecticut, thought they had an easy collections matter to resolve.
Cyber Trends
The President is Missing... a few finer points on how the cyber works in this novel (Ars Technica) Book review: A president and a factory novelist collaborate on a cyber-thriller. Oh. No.
Notes on "The President is Missing" (Errata Security) Former president Bill Clinton has contributed to a cyberthriller "The President is Missing", the plot of which is that the president stops a...
Is AI the New Buzz Term Du Jour, Or Is There Meat on the Bone? (TechNative) Artificial Intelligence (AI) development has gained substantial traction of late and is fast becoming the new “cyber” in generating attention, speculation, and fear Sine 2010, AI has grown at a compounded annual growth rate of almost 60 percent, according to one source. Competition among nation states to “dominate” the AI sphere is reported to be fierce, raising concern that an “intelligence arms race” has already commenced with adversarial governments jockeying for supremacy. Dating back to 1956, AI was first coined by a Stanford University researcher and defined its key mission as a sub-field of computer science. Fast forward to today,
Marketplace
Kaspersky woes grow after ‘confirmed malicious’ accusation (Fifth Domain) The Russia-based company faced a tumultuous three days after accusations its software was a sieve for authorities in Moscow.
China's Huawei is desperately trying to convince Australian politicians it can be trusted (Business Insider) Huawei has been shortlisted to provide equipment to Australia's new 5G wireless network but national security fears remain with intelligence agencies reportedly advising against granting Huawei access to the network. Chinese law states that organizations must help with "national intelligence work."
Why 5G Leader Huawei Could Get Shut Out of a Major Rollout (Wall Street Journal) Australia is looking at barring Huawei from taking part in the introduction of new 5G telecommunications infrastructure, which would deal a blow to the Chinese company’s global ambitions.
Britain's history with Huawei may help explain why Australia is so nervous (ABC News) Political editor Andrew Probyn takes a deep dive into Huawei's history to unpick the anxiety within the Australian intelligence community.
Debriefing: Cryptocurrency hacks (Korea JoongAng Daily) Coinrail, the seventh-largest cryptocurrency exchange in Korea, was hacked last week. The hackers made off with around 3.6 billion coins worth around 40 billion won ($36.9 million).
The heist sent a shockwave through the Korean cryptocurrency mark
Is The Price Of Bitcoin Becoming More Or Less Volatile After Security Breaches? (Benzinga) Bitcoin prices tumbled after news of yet another major crypto theft broke June 10. Week after week in 2018, cryptocurrency investors have been hit by a stream of negative...
F-Secure to buy MWR InfoSecurity for ~$106M+ to offer better threat hunting (TechCrunch) The ongoing shift of emphasis in the cyber security industry from defensive, reactive actions towards pro-active detection and response has fueled veteran Finnish security company F-Secure’s acquisition of MWR InfoSecurity, announced today. F-Secure is paying £80 million (€91,6M) in cash to p…
Cyber Security Company Panaseer Raises $10 Million in Series A Funding Led by Evolution Equity Partners (PR Newswire) Panaseer positioned to accelerate growth with advanced analytics...
India-based Network Intelligence Raises for $4.8 Million for Expansion (SecurityWeek) Bengaluru, India-based security services and products firm Network Intelligence Inc (NII) has raised Rs 33-crore funding (approximately $4.8 million) from private equity firm Helix Investments.
Products, Services, and Solutions
Top five security products for SMEs (Deccan Chronicle) A survey revealed that 58 per cent of attacks were targeted at SMEs, dispelling myths that only the biggies must invest in cybersecurity.
Increasing reports of personal information being shared on the Internet has recently lead Wiperts.com, a personal data removal company, to launch two new products to protect customer privacy. (PR Newswire) Due to the increase in personal information being shared on websites,...
Proact partners with NetApp and Cisco to improve cloud infrastructure delivery (Cision) As one of few qualified partners in Europe, Proact has partnered up with NetApp and Cisco to offer
Aussie Crypto Exchange BlockBid Partners with LexisNexis (CCN) Aussie cryptocurrency exchange Blockbid has signed a partnership agreement with risk management giant LexisNexis to improve its ID verification procedures.
Technologies, Techniques, and Standards
Cyber Matters: Understanding the Value of Threat Awareness Programs (LinkedIn) Despite investments in cybersecurity technology, attacks regularly cause damage and disruption to corporate networks. User awareness programs are essential in enlisting employees to detect, report and stop cyber attacks before data is put at risk.
2018 Security Awareness Report (SANS Security Awareness) The report summarizes and analyzes the data from over 1,700 awareness professionals like yourself. Use this report to gain key insights and valuable metrics to benchmark and grow your program.
A Year After Wannacry: Lots of Work to Do (BaknInfo Security) One year after the Wannacry attack, cybersecurity is still failing, and the likelihood of a breach has never been greater, says Carl Leonard of Forcepoint.
‘Quads for Squads’ grounded over cyber concerns (Marine Corps Times) About 600 quadcopters have already been issued to Marine rifle squads.
Justice Dept. releases new details on ‘micro-jamming’ (Fifth Domain) New technology can block cellphone service inside an area as small as a jail cell.
Can a new DISA app help solve the security clearance dilemma? (C4ISRNET) More than 4 million federal and contract jobs require some level of security clearance and the National Background Investigations Bureau currently needs to process more than 710,000 applications.
How can real-time payments be secured? (Rambus) With account-based fraud on the rise, however, the move from standard to real-time transactions is causing significant security challenges for central banks and clearing houses. So, how can real-time payments be secured?
Working through the cybersecurity skills gap (Help Net Security) With an expanding pool of threats to deal with and a shrinking pool of qualified people to address them, how do we tackle this serious problem?
Design and Innovation
The Genesis Files: If Bitcoin Had a First Draft, Wei Dai’s B-Money Was It (Nasdaq) All Cypherpunks value privacy; it's basically the founding principle of the collective of cryptographers, academics, developers and activists grouped around the 1990s mailing list by the same name
Will blockchain power the next generation of data security? (Help Net Security) No data-security technology is as battle-tested as blockchain, since it protects one of largest public vaults of economic value in human history: Bitcoin.
Research and Development
The Impact of Artificial Intelligence on R&D and Innovation (Wall Street Journal) CIO Journal Columnist Irving Wladawsky-Berger calls AI a new kind of research tool--"an invention of a method of inventing"--with the potential to open up new avenues of inquiry and enable a new approach to innovation itself.
Machines learn language better by using a deep understanding of words (TechCrunch) Computer systems are getting quite good at understanding what people say, but they also have some major weak spots. Among them is the fact that they have trouble with words that have multiple or complex meanings. A new system called ELMo adds this critical context to words, producing better underst…
Academia
New engineering center to develop scientific and engineering principles of resilient systems (Purdue University News) What causes some systems — computing, cyber physical, or large-scale engineered systems — to be resilient to disruptions of various kinds? And what causes some systems to bounce back from a failure quickly?
Cal Poly SLO hosting cyber attack contest (Pacific Coast Business Times) For the last two weeks, computer engineering undergrad Cassidy Elwell has been staging a cyber attack at Cal Poly San Luis Obispo. Starting with a cast of characters and a storyline, Elwell has bee…
UA's Cyber Operations program designated as one of the best in the nation (Daily Widlcast) The University of Arizona’s cyber operations program has joined a small group of institutions designated as a Center of Academic Excellence in Cyber Operations by the National Security Agency.
Legislation, Policy, and Regulation
Pentagon Puts Cyberwarriors on the Offensive, Increasing the Risk of Conflict (MSN) Until now, the Cyber Command has assumed a largely defensive posture, but in the spring the Defense Department opened the door to nearly daily raids on foreign networks, seeking to head off attacks.
US Cyber Command given powers to launch cyber attacks on other nations (Computing) More aggressive strategy pushed by new White House security advisor John Bolton
Why Hackers Aren’t Afraid of Us (New York Times) The United States has the most fearsome cyberweaponry on the planet, but we won’t use it for fear of what will come next.
Can Russian hackers be stopped? Here's why it might take 20 years (TechRepublic) Deterring hackers is almost impossible when the rewards are so great and the risks are so low. Can anything stop them?
The flawed analogy between nuclear and cyber deterrence (Bulletin of the Atomic Scientists) “If Internet security cannot be controlled, it’s not an exaggeration to say the effects could be no less than a nuclear bomb,” said General Fang Fenghui, Chief of General Staff of the People’s Liberation Army of China, in April 2013. General Fang is not alone in drawing comparisons between nuclear and cyber weapons during the past few years.
As Vote On ZTE Sanctions Looms, Some U.S. Lawmakers Focus On A Bigger Chinese Telecom (NPR) The U.S. Senate is set to vote as early as next week on whether to reinstate crippling trade sanctions against Chinese telecommunications company ZTE. With that move in sight, a number of U.S. senators are taking aim at a much bigger Chinese target: Huawei — the world's third-largest seller of smartphones, behind Samsung and Apple.
How D.C. Lobbyists Got China’s ZTE Off the Hook (The American Conservative) No surprise that a foreign influence operation is lurking behind Trump's abrupt policy shift.
Huawei face being frozen out in US and Australia (Asia Times) The latest move by Canberra government over 5G rollout triggers an open letter from Chinese telecom group, saying it is not a ‘security risk’
GAO Dings 13 Agencies for Cyber Workforce Classification Issues (Meri Talk) The Government Accountability Office (GAO) issued a report Thursday that found many Federal agencies are not entirely up to speed in classifying members of their cybersecurity workforce, although many of them have traveled well down the road toward compliance.
Litigation, Investigation, and Law Enforcement
In nearly 500 pages of answers, Facebook stonewalls some senators’ questions (Ars Technica) Written answers follow CEO Mark Zuckerberg's testimony before two Senate committees.
Authorities shut down Dark Web marketplace "Black Hand" (HackRead) One of the largest illegal dark web marketplaces "Black Hand" has been shut down while its administrator has been arrested.
Europol Disrupts Rex Mundi Cybercrime Group (Infosecurity Magazine) Latest arrest of coder comes in Thailand
French Nationals Arrested for 'Rex Mundi' Hacks (SecurityWeek) Several French nationals believed to be behind Rex Mundi, a group that hacked and extorted several major companies, were arrested in the past year
Silk Road creator's alleged ally extradited to the US (Engadget) Silk Road mastermind Ross Ulbricht's mentor, nicknamed 'Variety Jones,' has been extradited from Thailand to the US.
Ross Ulbricht’s alleged confidant “Variety Jones” extradited to US (Ars Technica) Roger Thomas Clark previously told Ars, "They don't have shit on me."
Massive Cyber Attack of UK Retailer Dixons Carphone Prompts Data Watchdog Probe (Insurance Journal) The U.K.'s data-protection watchdog said it's investigating a cyber attack at Dixons Carphone Plc that affected almost 6 million payment cards.
Paul Manafort accused of 'foldering' to hide communications (Graham Cluley) Foldering is a way of communicating without sending a message. And it’s just got Donald Trump’s former campaign chairman into an awful lot of trouble.
FBI recovers WhatsApp, Signal data stored on Michael Cohen’s BlackBerry (Ars Technica) Letter to judge reveals 731 pages of messages, call logs uncovered on one of two phones.
Jared Kushner's Growing Stench of Treason (Foreign Policy) Nobody knows yet whether the president's son-in-law broke any laws. But "traitor" is more than just a legal term.
Florida frat bros sued over Facebook revenge... (Ars Technica) Delta Sigma Phi: We've suspended the University of Central Florida chapter.
McGill music student awarded $350,000 after girlfriend stalls career (Montreal Gazette) She wrote an email posing as him, turning down a $50,000-a-year scholarship so that he wouldn’t leave
The Guy Who Robbed Someone at Gunpoint for a Domain Name Is Getting 20 Years in Jail (Motherboard) How a meme and a failed armed robbery gave a whole new meaning to 'domain hijacking.'
Judge says ‘literal but nonsensical’ Google translation isn’t consent for police search (TechCrunch) Machine translation of foreign languages is undoubtedly a very useful thing, but if you're going for anything more than directions or recommendations for lunch, its shallowness is a real barrier. And when it comes to the law and constitutional rights, a "good enough" translation doesn't cut it, a j…