Cyber Attacks, Threats, and Vulnerabilities
Hackers who sabotaged the Olympic games return for more mischief (Ars Technica) Olympic Destroyer gang may be planning new destructive hacks, researchers say.
The Olympic Destroyer Hackers May Be Targeting Biochem Threat Prevention Now (WIRED) A recent spate of attacks against biological and chemical threat protection agencies bears the hallmarks of the group hacker group behind Olympic Destroyer.
Liberty: Cyber security expert says "an inside job" lead to huge data breach (The South African) Liberty, one of South Africa's biggest insurers, has suffered a massive data breach at the hands of a hacking team.
Tesla saboteur caused extensive damage and leaked highly sensitive... (HOTforSecurity) Tesla CEO Elon Musk believes that the company is the victim of deliberate sabotage perpetrated by an employee. According to CNBC, the high profile executive sent an email to Tesla employees this weekend alleging that there was a saboteur in the company's ranks who... #dataleak #insiderthreat #tesla
Musk alleges Tesla Model 3 production has been sabotaged, according to CNBC (Ars Technica) A disgruntled employee is alleged to have sabotaged the company's systems.
Elon Musk sends company email about 'extensive and damaging sabotage' by employee (CNBC) Tesla CEO Elon Musk sent an e-mail to all employees late on Sunday night alleging a saboteur within the company's ranks had tweaked code on internal products and sent company data out without authorization.
Details emerge of Russian cyber attacks on Singapore Summit (Information Age) F5 Networks witnessed a wave of Russian cyber attacks coinciding with the Singapore Summit and historic Trump-Kim meeting last week
HeroRat: The new kid on the block of Android RATs (WeLiveSecurity) ESET researchers have discovered a new type of Android RAT called HeroRat, that is abusing the Telegram protocol for command and control, and data exfiltration.
75% of Malware Uploaded on “No-Distribute” Scanners Is Unknown to Researchers (BleepingComputer) Three-quarters of malware samples uploaded to "no-distribute scanners" are never shared on "multiscanners" like VirusTotal, and hence, they remain unknown to security firms and researchers for longer periods of time.
Zacinlo malware spams Windows 10 PCs with ads and takes screenshots (HackRead) The malware is equipped with several capabilities including adware, grabbing screenshots and spy on victim's online activities.
Six Years and Counting: Inside the Complex Zacinlo Ad Fraud Operation (Bitdefender Labs) For more than a decade, adware has helped software creators earn money while bringing free applications to the masses. Headliner games and applications have become widely available to computer and mobile users the world over, with no financial strings attached... #advancedmalware #adware #rootkit
Cyber-Criminals Are On The Offensive During the World Cup: Wallchart Phishing Campaign Exploits Soccer Fans (Check Point Blog) Keeping track of the World Cup can get overwhelming. Cyber criminals are keenly aware of this pain point, seeking to use the buzz around the World Cup as cover for their sneaky attacks. Check Point researchers have identified a phishing campaign targeting soccer fans, using the email subject line of ““World_Cup_2018_Schedule_and_Scoresheet_V1.86_CB-DL-Manager.” This type…
13 Ways Cyber Criminals Spread Malware (HackRead) Here are 13 techniques used by cybercriminals for spreading malware - If you use the Internet you can be a victim any time so watch out.
Reminder: macOS still leaks secrets stored on encrypted drives (Ars Technica) Thumbnails from encrypted drives live on long after the drives are disconnected.
Multiple Zero-Day Bugs Found In 390 Axis Camera Models (Tom's Hardware) IoT security firm VDOO found multiple security flaws in the surveillance cameras from several vendors. The company disclosed that 390 camera models from Axis Communications were affected by multiple zero-day bugs.
Chicago Public Schools mistakenly emails private data of thousands of students, including names, phone numbers (Chicago Tribune) More than 3,700 families were affected by the data breach, which included names, email addresses, phone numbers and student ID numbers.
Ontario home care service provider victim of cyber attack (Global News) CarePartners said in a statement on Monday the attack breached its computer system and, as a result, both patient and employee information was inappropriately accessed.
Faked Video Will Complicate Justice by Twitter Mob (WIRED) Opinion: Videos provide transformative new avenues for justice, often summoning well-deserved Twitter mobs. Deep fakes could change all that.
Security Patches, Mitigations, and Software Updates
Google to Fix Location Data Leak in Google Home, Chromecast (KrebsOnSecurtiy) Google in the coming weeks is expected to fix a location privacy leak in two of its most popular consumer products. New research shows that Web sites can run a simple script in the background that collects precise location data on people who have a Google Home or Chromecast device installed anywhere on their local network.
Firefox fixes critical buffer overflow (Naked Security) Version 60.0.2 of the resurgent Firefox browser fixes a critical security flaw in its SVG rendering code.
“Unbreakable” Smart Lock Tapplock Issues Critical Security Patch (Threatpost) Researchers were able to discover a way to hack the device in less than an hour.
Cyber Trends
Cyber Threat Report CEE 2018 (CYBERSEC HUB) Do you know that only 35% of CEE companies have a cybersecurity strategy for customer data protection?
MPs: CNI Attacks Are Biggest Cyber-Threat. (Infosecurity Magazine) NCC Group poll seems to show growing awareness of cybersecurity
Marketplace
Huawei to Australia: We're not a security risk for 5G (CNNMoney) Huawei, one of China's top tech companies, is fighting back after reports say it may be banned from participating in Australia's 5G network.
Veriff raises $7.7M Series A to become the ‘Stripe for identity’ (TechCrunch) Veriff, the Estonian startup that wants to become something akin to the ‘Stripe for identity’, has raised $7.7 million in Series A funding. Leading the round is Mosaic Ventures, joining an impressive list of backers that include Taavet Hinrikus, Ashton Kutcher, Paul Buchheit, Elad Gil, …
Booz Allen Hamilton opens cybersecurity innovation hub in Annapolis Junction (Baltimore Sun) Booz Allen Hamilton to open its sixth innovation hub in Annapolis Junction to encourage collaboration among cyber security experts.
Booz Allen Invests in Cyber Talent and Growth with New Central Maryland Innovation Hub (BusinessWire) Newest iHub joins network of collaborative spaces across the country designed to accelerate ideation, learning and entrepreneurship
Products, Services, and Solutions
U.S. Department of Defense Information Network (DoDIN) Supports Digital Resilience by Adding RedSeal Platform to its Approved Products List (APL) (GlobeNewswire News Room) Thorough testing from Joint Interoperability Test Command (JTIC) and DoD Interoperability (IO) certifies RedSeal is secure, trusted and approved to model and monitor U.S. Army, Navy, Air Force, Marine Corps and DISA networks
ST Engineering and SafeRide Technologies Announce Strategic Partnership to Protect Connected and Autonomous Vehicles from Cyberattack (PR Newswire) T Engineering, a global technology, defense and...
NY Department of Financial Services Grants Cryptocurrency License to Square (New York Law Journal) The state’s top financial regulator said that the company founded by Twitter Inc. CEO Jack Dorsey had obtained the license giving New York residents the ability to buy and sell bitcoin through its Cash App.
Technologies, Techniques, and Standards
Early detection of compromised credentials can greatly reduce impact of attacks (Help Net Security) Increases in cybercriminal success rates suggest that the credential theft industry is growing in the European region both in innovation and scope.
Cyber X-Games 2018 focuses on critical infrastructure (DVIDS) Cyber X-Games 2018 brought 72 participants from various U. S. Army Reserve cyber and network defense units, Air Force cyber and network operations centers (squadrons), ROTC Cadets and civilian network and cyber professionals from government contractor entities June 9-18 to the University of Texas at San Antonio (UTSA).
Research and Development
Carbon Nanotube Optics Poised to Provide Pathway to Optical-Based Quantum Cryptography and Quantum C (EurekAlert!) Depiction of a carbon nanotube defect site generated by functionalization of a nanotube with a simple organic molecule. Altering the electronic structure at the defect enables room-temperature single photon emission at telecom wavelengths.
‘Gaming disorder’ is officially recognized by the World Health Organization (TechCrunch) Honestly, “gaming disorder” sounds like a phrase tossed around by irritated parents and significant others. After much back and forth, however, the term was just granted validity, as the World Health Organization opted to include it in the latest edition of its Internal Classification of Diseases. …
Legislation, Policy, and Regulation
NATO cyber team to add another teammate (Fifth Domain) Romania will join the NATO’s cyber training and research center next year, according to the country’s prime minister.
U.S. lawmakers warn Canada about Chinese telecom giant Huawei (The Globe and Mail) Senior members of U.S. intelligence committees say Huawei is a national-security threat to a network of Canada’s allies
China's Huawei rebuts Australian security concerns (Reuters) Chinese telecoms equipment maker Huawei Technologies has refuted Australian claims it poses a security risk, calling the criticism "ill-informed" in an open letter that threatens to inflame already heightened Sino-Canberra tensions. Thuy...
Senate Rebukes Trump With Vote to Reinstate ZTE Sales Ban (Wall Street Journal) The measure was wrapped in a larger, must-pass defense bill, which will need to be reconciled with House version
Republicans and Democrats can unite—against helping this one Chinese company (Quartz) A bipartisan majority in the Senate voted for revoking a lifeline to tech giant ZTE.
Trump's ZTE deal in doubt as US Senate votes to reject the compromise (Computing) Trump vows to oppose amendment to National Defense Authorization Act that would block ZTE deal
Analysis | The Cybersecurity 202: Senate defense bill pushes Trump to get tougher on Russian hacking (Washington Post) But it may have little impact on Trump's policy.
America has reason to remember its consumer protection tradition when it comes to privacy (TheHill) The United States has a long history of consumer protection and product safety, led by government, nonprofit organizations, businesses and individuals.
Litigation, Investigation, and Law Enforcement
Ex-CIA employee charged in major leak of agency hacking tools (Washington Post) Joshua Adam Schulte was charged under the Espionage Act in connection with the leak of tools that were posted online by WikiLeaks.
Ex-CIA engineer charged with massive leak to WikiLeaks (POLITICO) Schulte the fourth person to face charges related to classified leaks since Trump took office<b>.</b>
Joshua Adam Schulte Charged with the Unauthorized Disclosure of Classified Information and Other Offenses Relating to the Theft of Classified Material from the Central Intelligence Agency (US Department of Justice) John C. Demers, Assistant Attorney General for National Security, Geoffrey S. Berman, United States Attorney for the Southern District of New York, and William F. Sweeney Jr., Assistant Director-in-Charge of the New York Field Office of the Federal Bureau of Investigation (“FBI”), announced today that Joshua Adam Schulte was charged in a 13-count Superseding Indictment (the “Indictment”) in connection with his alleged theft of classified national defense information from the Central Intelligence Agency (“CIA”) and the transmission of that material to an organization that purports to publicly disseminate classified, sensitive, and confidential information (“Organization-1”). The Indictment also charges Schulte with the receipt, possession, and transportation of child pornography, as well as criminal copyright infringement. Schulte, who is presently detained on the child pornography charges, will be arraigned by U.S. District Judge Paul A. Crotty.
Man who allegedly gave Vault 7 cache to WikiLeaks busted by poor opsec (Ars Technica) FBI used passwords used on suspect's cellphone to also get into his computer.
House lawmakers to press Justice Dept. inspector general on Clinton probe report (Washington Post) Michael Horowitz speaks to Congress in a second hearing about politicization at the FBI.
Comey refuses to testify to Congress, Grassley says McCabe pleads Fifth Amendment (The Washington Times) Fired FBI Director James Comey refused to appear before Congress on Monday to talk about his handling of the Clinton email investigation, and his fired deputy, Andrew McCabe, asserted his Fifth Amendment rights against self-incrimination.
Opinion | Yet another Russia contact with the Trump campaign team. What are they hiding? (Washington Post) Roger Stone and Michael Caputo said they never had contact with Russians. But they had.
The Man Who Saw the Dangers of Cambridge Analytica Years Ago (WIRED) Researchers at the Psychometrics Centre knew better than most how Facebook data can be manipulated, but investigations and suspensions have halted their work.
S.Africa's Information Regulator seeks meeting with Liberty over... (Reuters) South Africa's Information Regulator said on Monday it was concerned over reports of a data breach at Liberty Holdings and had requested an urgent meeting with the insurer's CEO to get more details on the cyber attack.
Audi CEO connected to diesel scandal arrested in Germany after phone taps (Ars Technica) The arrest comes a week after Rupert Stadler's home was raided.
OPM breach fraud (Help Net Security) The data breach suffered by the Office of Personnel Management (OPM) is, by now, very old news, but some of the people involved and affected are still feeling the repercussions.
Woman Guilty of Fraud Using Stolen Info from OPM Data Breach (US Department of Justice) A Maryland woman pleaded guilty today to participating in a scheme to use the stolen identification information of victims of the U.S. Office of Personnel Management (OPM) data breach to obtain fraudulent personal and vehicle loans through Langley Federal Credit Union (LFCU).
Mass. Man Pleads Guilty in ATM Jackpotting Operation (Dark Reading) Citizens Bank ATM and others targeted in the scheme.
7 Time 'Jeopardy!' Winner Pleads Guilty to Hacking Into the Email of Students and Faculty (Motherboard) I’ll take “unauthorized access to a computer system” for $500, Alex.