Cyber Attacks, Threats, and Vulnerabilities
Taiwan hit by jump in cyber attacks from China (Financial Times) Rise in hacking attempts part of Beijing’s hardening approach to Taipei, experts say.
Malicious Documents from Lazarus Group Targeting South Korea (AllienVault) We took a brief look at some documents recently discussed and reviewed by researchers in South Korea over the past week. The malware is linked to Lazarus, a reportedly North Korean group of attackers. One malicious document appears to be targeting members of a recent G20 Financial Meeting, seeking coordination of the economic policies between the wealthiest countries. Another is reportedly related to the recent theft of $30 million from the
Fake news a ‘nuisance’ for Israel, not a dire threat, says country’s cyber chief (Times of Israel) While Americans sound the alarm over covert social media manipulation, Israeli expert says no sign of Russian efforts to impact politics here
“WannaCrypt” ransomware scam demands payment in advance! (Naked Security) To avoid the need for actual ransomware, just insist on payment up front…
Hundreds Report WannaCry Phishing Campaign (Infosecurity Magazine) Action Fraud warns UK users not to fall for scam
Ransomhack; a new attack blackmailing business owners using GDPR (HackRead) Hackers are threatening firms to leak stolen user data online to hurt them through GDPR regulations - In return they are demanding ransom.
Losses due to BEC scams are escalating (Help Net Security) Despite falling down on the list of most often reported Internet-facilitated crimes, BEC/EAC is still the type of crime that results in the biggest losses.
This Windows malware turns your PC into a hacker’s punching bag (TechRadar) Mylobot malware is a nasty critter
Windows malware sleeps for days then deploys additional payloads (Backend News) Security firm Deep Instinct recently uncovered a new malware that uses a more deceptive approach and then converts PCs to practically the hackers’ botnet. Mylobot …
Downloading 3rd Party OpenVPN Configs May Be Dangerous. Here’s Why. (BleepingComputer) Call me a cynic, but one thing I have learned from the using the Internet is to double-check, if not triple-check, everything you download. So many downloads have malware, adware, and scripts that perform malicious activities on your computer that it has to be a requirement to thoroughly check a download before it's used.
Microsoft Edge bug allows attackers to read emails and Facebook feed (2Spyware) Microsoft Edge is on fire - a new security feature bypass vulnerability detected. CVE-2018-8235 — the latest Microsoft Edge vulnerability detected by an independent security researcher
If you can’t steal them, mine them - Cryptocurrency threat roundup (Proofpoint) Proofpoint researchers detail the current state of cryptocurrencies in cybercrime.
Cryptojacking - The Parasitical Crime (Infosecurity Magazine) Cryptojacking doesn’t destroy data. Instead, it chews up computing resources. Have criminals have finally found a largely victimless crime?
Switch-hacking trolls reportedly loading p[...]nographic profile pictures (Ars Technica) Leaked "DevMenu" tools get around Nintendo's usual online restrictions.
Red Alert Android Trojan for Rent at $500 Per Month (SecurityWeek) The Red Alert 2.0 Android Trojan first detailed in September last year is currently available for rent on underground forums at $500 per month, Trustwave reports.
Roku TV, Sonos Speaker Devices Open to Takeover (Threatpost) The Roku streaming video device and the Sonos Wi-Fi speakers suffer from the same DNS rebinding flaw reported in Google Home and Chromecast devices earlier this week.
Someone Is Taking Over Insecure Cameras and Spying on Device Owners (BleepingComputer) Many brands of webcams, security cameras, pet and baby monitors, use a woefully insecure cloud-based remote control system that can allow hackers to take over devices by performing Internet scans, modifying the device ID parameter, and using a default password to gain control over the user's equipment and its video stream.
Researchers Warn of Hackable Baby Monitor (Infosecurity Magazine) SEC Consult confirms mother’s suspicion she was spied on
Holy Potatoes! Popular games remove “spyware” after gamers revolt (Naked Security) Whether what Red Shell does is an invasion of privacy or a harmless tool seems to depend on whether you’re a developer or a gamer.
iPhone pwned? Researcher says he can unlock iOS without running out of tries (Naked Security) A security researcher says he’s found a way to guess iPhone lock codes without getting blocked after 10 mistakes.
Bitcoin sites play down security threats despite Korea attack (Stuff) British MPs assured that bitcoin and other cryptocurrencies are still relatively safe.
Cryptocurrencies are ripe for plunder claims cyber security expert (IBS Intelligence) Security experts are predicting that cryptocurrencies could soon deteriorate into curruptocurrencies, thanks to the lack of standards, compliance and security disciplines.
Don’t download it! Fake Fortnite app ends in malware… (Naked Security) Epic Games is on the verge of releasing Fortnite for Android – so the crooks are jumping in to offer you “early access”… to malware!
Flight tracking service Flightradar24 hacked; 230,000 accounts affected (HackRead) One of the largest flight tracking services, Flightradar24, which shows real-time airplane locations on the map has been hacked.
Most PDQ locations victim of cyber-attack, customer credit card info, names may have been stolen (WFLA) Restaurant chain PDQ announced they were the target of a cyber-attack.
Ransom Demands and Frozen Computers: Hackers Hit Towns Across the U.S. (Wall Street Journal) Hackers are targeting small towns’ computer systems, with public-sector attacks appearing to be rising faster than those in the private sector. Online extortionists demand bitcoin ransom in return for decryption keys.
Med Associates Suffer Data Breach: 270,000 Records Left Exposed (Latest Hacking News) Cyber attacks on the health care sector have continued into this week too. The latest attack resulted in the compromise
London council asks residents to send full card details over email (Inquirer) There aren't enough palms in North London for this face plant
Tesla Sabotage Highlights Danger of Insider Threat (Security Boulevard) Electric car manufacturer Tesla is facing a nightmare insider attack scenario for which too many companies today fail to prepare.
Security Patches, Mitigations, and Software Updates
When an App is Released into the App Store, Its Security Will Be Wildly and Fiercely Tested....Instantly. Are You Prepared? (SC Media US) Most of the apps published in a public app store are at the mercy of the users who download them. Unfortunately, not everyone who downloads your app has
Cyber Trends
Has your security evolved to counter Ocean's Eleven of threat scenarios? (Help Net Security) In assessing how the cyber threat and mitigation landscape has evolved over time, I often think of the ways that “cops and robbers” movies have changed.
Time to think of cybersecurity as a customer service issue (Washington Technology) Cybersecurity professionals need to think of cybersecurity as a customer services issue but making that shift can be a challenge.
Marketplace
Herjavec: Cybersecurity investment now a priority for CEOs, boards (SearchCIO) Looming regulations, changing consumer expectations and expanding threats are forcing company leaders to pay closer attention to data protection. Robert Herjavec, CEO of the Herjavec Group and star of NBC's 'Shark Tank,' explains how the trends have changed the C-suite's view of cybersecurity investment.
Bitcoin hammered to four-month low (CRN Australia) Continuing a downtrend after more negative headlines.
Zcash: life on the crypto roller coaster (TechCrunch) Suppressed in Japan. Championed in New York. Accused of betraying the billion-dollar community he created with an arcane and byzantine ritual, while accidentally solving — maybe — a transnational clandestine mining mystery. All this while leading the rollout of some of the world’s…
Intel now faces a fight for its future (The Verge) Brian Krzanich’s surprise departure sets Intel on a race to find a new CEO
Intel CEO Brian Krzanich's exit won't affect Intel right away (CRN Australia) Krzanich's time as CEO was a mixed bag.
Intel: The 3 Failures Of Brian Krzanich, Part 1 (Seeking Alpha) Intel's golden opportunity. Failure #1: mobile devices. Investor takeaways.
ZTE Can't Fix a Broken Urinal Because It's Not Sure If It's Banned From Buying American Products (Gizmodo) The story of Chinese telecommunication firm ZTE’s death and resurrection, both at the hands of the Trump administration, has taken another bizarre turn, this time resulting in employees having to hold in their pee. The company is opting not to fix urinal that requires parts from an American manufacturer for fear of breaching a ban on buying products from the US.
This quantum computing startup has just raised a big round (Washington Business Journal) QxBranch, a software developer with a focus on quantum computing, has raised close to $8.5 million, according to Securities and Exchange Commission filings.
ZenMate Launches a Crowdfunding Campaign on CrowdCube (PR Newswire) Cross reference: Picture is available at AP Images (http://www.apimages.com)...
McAfee mulls fresh IPO, acquisitions (CRN) Cybersecurity firm McAfee is looking at further acquisitions after buying security provider SkyHigh Networks this year and has not ruled out going public again to widen its options, its chief executive said.
SkyHigh not the limit of McAfee's ambition, IPO an option (Reuters) Cybersecurity firm McAfee is looking at further acquisitions after buying security provider SkyHigh Networks this year and has not ruled out going public again to widen its options, its chief executive said.
BAE's U.S. arm has 'no present plans to divest' services, CEO says (Washington Technology) BAE Systems' U.S. chief executive sees opportunities on the horizon in the government services market and has no plans to sell the business.
Lockheed expands to support the next-gen cyberwar (Fifth Domain) The Air Force is beginning to ramp up the competition for its cyber operations platform, and companies are responding.
Kaspersky moves core processes from Russia to Switzerland to regain trust (Rappler) The company is working toward regaining trust on the global stage after the US government banned the purchase of Kaspersky software due to reported ties with Russian intelligence firms
Products, Services, and Solutions
Comodo Cybersecurity Announces Partnership with FocusPoint Technologies, Bringing Enterprise-Class Security Solutions to SMBs (PR Newswire) Comodo Cybersecurity, the global leader in innovative cyber technology...
Palo Alto Networks opens cyber range in Australia (ComputerWeekly) The first of its kind in Asia-Pacific, the training facility will let Australian IT and security teams hone their skills through cyber security exercises
Cylance Extends Endpoint Security Deployment Options (eWEEK) Cylance brings its artificial intelligence-powered endpoint security platform to private networks.
Trustonic revolutionizes IoT security; Microchip leads adoption - Trustonic (Trustonic) Trustonic announces Microchip as the first customer to use its new Kinibi-M enhanced secure platform for microcontrollers
DRACOON and Safe-T Cooperate to Vanquish Unwanted Data Access (PR Newswire) DRACOON, an enterprise file sharing expert and leader in the...
SecZetta NE Profile Receives SailPoint Certification (PR Newswire) SecZetta, today announced that SecZetta NE Profile, a comprehensive...
Top 100 Best Technology Blogs For Developers To Follow in 2018 (Loud Programmer) If you are a seasoned software developer, then like me, you must have realized the need to keep yourself up to date with the latest technology trends, best practices as well as productivity tools in this dynamic tech environment.In so doing, you get to accomplish tasks more efficiently and beat your deadlines.Learning new technologies will …
Technologies, Techniques, and Standards
GDPR and the REAL impact on business (HackRead) The impact of the GDPR deadline will vary hugely between businesses but how to tackle this uncertain situation? Here are some steps.
An Up-to-Date Browser Should Keep Users Safe From Most Exploit Kits (BleepingComputer) The times when exploit kits (EKs) were known to be the breeding ground of new zero-days is long gone, and most EKs nowadays live off older vulnerabilities, meaning that keeping your browser, OS, and Flash Player up-to-date is enough to safeguard you from today's top web-based threats.
Facial recognition software is not ready for use by law enforcement (TechCrunch) Brian Brackeen Contributor Share on Twitter Brian Brackeen is the chief executive officer of the facial recognition software developer Kairos Recent news of Amazon’s engagement with law enforcement to provide facial recognition surveillance (branded ‘Rekognition’), along with the almost unbelievabl…
Israel Is Using Facebook And YouTube Data To Build A Huge Facial-Recognition Database (Wonderful Engineering) Facebook was under fire in the past few weeks for handling the personal data of users poorly. However, what other companies can do with that data is even scarier. Recently, another news surfaced that an
What War Games Tell Us About the Use of Cyber Weapons in a Crisis (Council on Foreign Relations) Recent U.S. war games have shown that decision makers are surprisingly reluctant to use cyber weapons during a crisis scenario that escalates into armed conflict. Why?
Estimating Cyber Risk For The Financial Sector (Seeking Alpha) By Christine Lagarde, Managing Director of the International Monetary Fund Cyber risk has emerged as a significant threat to the financial system. An IMF staff
Private sector needs a little sumthin' sumthin' to get it sharing threat intel – US security chap (Register) Sharing's caring, intone government bods
8 Security Tips for a Hassle-Free Summer Vacation (Dark Reading) It's easy to let your guard down when you're away. Hackers know that, too.
Design and Innovation
Improving security means killing the password, but that battle has just begun (KSWO) (in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity.
Can industry help government make sense of artificial intelligence? (C4ISRNET) The House Emerging Threats and Capabilities Subcommittee wants to develop a private-public commission to inform applications of AI.
Why Cybersecurity is Looking to AI to Mitigate Business Risks (CTOvision.com) Malicious cyber attacks against government and private businesses have increased in frequency and severity over past years. Microsoft estimates the potential cost of cyber-crime to the global community at $500 billion and that breaches of data will cost the average company around $3.8 million. The unfortunate truth is that the cybersecurity industry is largely unprepared [...]
A Plea for AI That Serves Humanity Instead of Replacing It (WIRED) A new group formed by MIT's Media Lab and IEEE thinks artificial intelligence should complement human endeavors, not just serve the corporate bottom line
The Real 'Westworld' Villain Has Always Been Its Privacy Policy (WIRED) Those rich people really should have read the Delos terms of service.
Academia
New cybersecurity program to teach Burnaby students to foil hackers (Burnaby Now) A group of Burnaby students will soon have the skills to thwart online bad guys, thanks to a new cybersecurity program launching in the school district this fall. The Palo Alto Academy at Cariboo. . .
Government sponsors diversity cyber academy (ComputerWeekly) The UK government has awarded a grant for the establishment of a cyber academy to promote neurodiversity in the industry.
Legislation, Policy, and Regulation
Spotlight: Israel touts itself among top five cyber powers after years of fighting cyberattacks
(Zinhua) Israel has realized its goal of becoming one of the top five leading cyber powers in the world, Israeli Prime Minister Benjamin Netanyahu has touted.
DoD makes significant updates to cyber operations doctrine (Fifth Domain) The Pentagon has released an updated version of ts cyber operations doctrine for the first time in four years.
Can Congress Improve Our Cyber Deterrence Posture? (Lawfare) A close look at Section 1621 of the Senate’s proposed National Defense Authorization Act for 2019.
U.S. plans limits on Chinese investment in U.S. technology firms (Reuters) The U.S. Treasury Department is drafting curbs that would block firms with at least 25 percent Chinese ownership from buying U.S. companies with "industrially significant technology," a government official briefed on the matter said on Sunday.
Trump Plans New Curbs on Chinese Investment, Tech Exports to China (Wall Street Journal) President Trump, already embroiled in a trade battle with China, plans to ratchet commercial tensions higher by barring many Chinese firms from investing in U.S. technology and by blocking more technology exports to Beijing.
US faces 'unprecedented threat' from China on tech takeover (Business Standard) The National Intelligence Council's analysis, produced in April, described the Thousand Talents Plan as 'China's flagship talent programme and probably the largest in terms of funding.'
US says China using ‘Thousand Talents’ plan to seize expertise (South China Morning Post) Pentagon tells House Armed Services Committee programme is an aggressive, 10-part ‘toolkit for foreign technology acquisition’
Senators Cite ZTE Progress But No Deal After Trump Meeting (Bloomberg.com) Several GOP lawmakers said they and President Donald Trump made progress Wednesday toward a compromise that would let Chinese telecommunications giant ZTE Corp. stay in business while addressing lawmakers’ national security concerns.
Analysis | The Cybersecurity 202: GOP lawmakers want U.S. businesses to get out of business with Chinese telecom companies (Washington Post) They're focused on ZTE and Huawei.
Google Urged To Drop Huawei Collab Over Security Concerns (Law 360) A bipartisan group of U.S. lawmakers has asked Google to rethink its relationship with Chinese smartphone maker Huawei Technologies Co. Ltd., which some American intelligence officials have flagged as a national security threat.
Analysis | The Cybersecurity 202: Privacy advocates want Congress to fix gaps in Carpenter ruling (Washington Post) The Supreme Court sidestepped a few key issues.
Tesla's alleged rogue employee is exactly what Congress is worried about with self-driving cars (CNBC) The idea that a malicious insider could successfully tamper with software used in a manufacturing facility is fodder for worst-case scenarios.
Successfully Countering Russian Electoral Interference (Senter for Strategic and International Studies) Download the Brief The Issue The 2017 French presidential election remains the clearest failed attempt by a foreign entity to influence an electoral process in recent years.
Department of Homeland Security Scanning Utah’s Voting System For Weak Spots (KUER) Amid concerns over election hacking and other voting interference, Utah's polling systems have been put to the test by the Department of Homeland Security
Illinois finalizes its plans to prevent another Russian hack (Belleville News-Democrat) Illinois is set to receive $13.9 million in federal funds after Russian hackers breached the state's voter registration systems ahead of the 2016 election.
The Lawfare Podcast: Michael Hayden on 'The Assault on Intelligence' (Lawfare) Gen. Michael Hayden has served as the head of both the Central Intelligence Agency and National Security Agency—and he says that intelligence is under attack. In his latest book, “The Assault on Intelligence: American National Security in an Age of Lies,” Gen. Hayden argues that in what he calls a post-truth world, the United States needs its intelligence community now as much as ever. All the more reason to be concerned about the president’s repeated attacks on it.
Litigation, Investigation, and Law Enforcement
U.S. Supreme Court Rules Police Need Warrant for Most Cellphone Location Data (Wall Street Journal) The Supreme Court ruled that authorities need a search warrant before obtaining broad access to data that shows the location of cellphone users—except for emergencies—in a decision that furthers privacy protections in the digital age.
Supreme Court surveillance opinion nudges us to think nationally, act locally (Ars Technica) Op-ed: Think police have gone too far? Tell your city council. Seriously.
Whistleblower Explains How US Court Ruling to Affect NSA 'Treasure Map' Project (Sputnik) The US Supreme Court ruling upholding the right to digital privacy will destroy the National Security Agency’s "Treasure Map" project which is designed to map the entire global internet to locate all devices on earth, former NSA Technical Director and whistleblower Bill Binney told Sputnik.
US commerce secretary to assess ZTE espionage threat at senator’s urging (South China Morning Post) Ross promised Senator Ron Wyden a response ‘as promptly as possible’ while noting security issues were not his department’s area of concern
Britain Has a Russia Collusion Scandal Now. It Looks Exactly Like Trump’s. (Daily Intelligencer) Lies, secret meetings with Russians, covert financing, social-media bots. Putin did the same thing in Brexit as he did with Trump.
Silence on Russian election meddling frustrates lawmakers (POLITICO) Top Republicans and Democrats are pressing for details about allegations that Moscow aims to interfere in the midterms.
Russian hackers likely scanned election systems in all 50 states during 2016 race: Obama cyber czar (The Washington Times) Russian hackers likely probed election systems in all 50 states during to the 2016 U.S. presidential race, the Obama administration’s former cyber czar said Wednesday — more the double the number previously given by the Department of Homeland Security.
The Obama-Russia cyber-attack stand-down (American Thinker) Since the media have had almost endless coverage of supposed Russian collusion and Russian meddling in the 2016 election, shouldn't we get wall-to-wall coverage that the Obama chief cyber-official was ordered to stop investigating Russia's attack on the election months before the election?
Facing humiliation, Mueller backs away from prosecution of Russian entities (American Thinker) The Mueller special counsel investigation purportedly was instigated to discover possible illicit Russian influence on the 2016 presidential election but now is backing away from the only indictments aimed at Russian entities, leaving only alleged process crimes (such as General Flynn's alleged false statement to the FBI) and alleged crimes that occurred long before the Trump candidacy (such as Paul Manafort's Ukrainian connection).
Opinion: NSA leaker, Reality Winner, struck a plea dea (SOFREP) Reality Winner, the 26-year-old former NSA contractor and Air Force linguist who was arrested on espionage charges in 2017 is back in the news.
Crack Cyber Attack Cases ...with Terror Attack Investigation Tactics (Infosecurity Magazine) Five lessons on how to replicate terror investigations for the benefit of cyber.
Kerala Police to send civil officers for special training at Interpol (Moneycontrol) The prospective candidates for the Interpol training will be finalised by a panel headed by state police chief Loknath Behera.
Tesla fires back against alleged whistleblower: “He is nothing of the sort” (Ars Technica) Martin Tripp, who has yet to secure a lawyer, tells Ars he stands by his comments.
Ukraine: Four Arrested for Running Fake Crypto Exchanges (Cointelegraph) Ukrainian police have arrested a group of four men suspected of running six fake cryptocurrency exchanges.