Cyber Attacks, Threats, and Vulnerabilities
More Americans Evacuated From China Over Mysterious Ailments (NYTimes) At least 11 Americans have been moved out of the country after “abnormal” sounds were reported by consulate employees in Guangzhou.
Brain injury, sound-attack fears spread in China as more Americans evacuated (Ars Technica) Officials are still baffled amid new cases and reports of abnormal sounds, sensations.
Russia to keep using cyber attacks for geopolitical influence, - Ukraine's SBU (112 UA) The first conference of leaders of counter-terrorism agencies of UN member states took place in New York
Russian hacking could affect U.S. agriculture systems, says Auburn professor (The Auburn Plainsman) Norton added that Russia is not the only country of concern and not necessarily the most substantial. There are four foreign adversaries that the U.S. is concerned about: Russia, China, Iran and North Korea.
Huawei Products’ Security Performance Called into Question (BusinessKorea) The security vulnerabilities of Huawei products have been rapidly increasing every year. Huawei recently said that there was no security problem with its products, reassuring Korean mobile operators who have to select equipment suppliers to build their 5G networks. But analysts are saying that Huawe
Typeform data breach exposes users of many websites (Graham Cluley) You may have never heard of Typeform, but they may have just lost some of your personal data.
Customer Bids Farewell to Typeform Post-Breach (Infosecurity Magazine) Data breach shows signs of impacting brand reputation
iOS 12 2FA Feature May Carry Bank Fraud Risk (Dark Reading) Making two-factor authentication faster could also make it less secure.
Facebook bug temporarily unblocked people from 800,000+ block lists (TechCrunch) If you block someone on Facebook, you probably want them to… you know, stay blocked. At least until you say otherwise. Facebook has just disclosed that around 800,000 users were impacted by a bug that silently unblocked “some” people they had blocked. The bug was live from May 29 …
Some Samsung users say their phones randomly sent photos to contacts (TechCrunch) Some Samsung users are complaining that their smartphones randomly sent photos and scheduled texts to contacts. According to posts on Reddit and Samsung’s official support boards first spotted by Gizmodo, the devices affected include the Galaxy S9 and Galaxy Note 8. Their owners say that Samsung Me…
Android devices since 2012 vulnerable to RAMpage vulnerability (HackRead) Dubbed RAMpage by researchers, the vulnerability can allow hackers to steal sensitive data including photies and documents.
Down but Not Out: A Look Into Recent Exploit Kit Activities (TrendLabs Security Intelligence Blog) Exploit kits may be down, but they’re not out. Their latest activity: roping in relatively recent vulnerabilities to deliver a plethora of malware.
Hackers Implant Digital Grenades in Industrial Networks (Military.com) Cyber experts see foreign hackers probing U.S. networks that control power grids and other industrial facilities.
How to protect yourself from risks surrounding public WiFi network (HackRead) Research has revealed that public a WiFi network is more dangerous than one might realize - Here's how to protect against this threat.
Cryptocurrency users on Discord & Slack hit by MacOS malware (HackRead) Hackers are using a new MacOS malware aimed at cryptocurrency investors on Discord and Slack group chat communities.
Hackers steal millions of customers' data from Adidas US website (HackRead) Hackers have targeted Adidas US website and stole personal details of millions of customers including contact details.
New LTE attacks can reveal accessed websites, direct victims to malicious sites (Help Net Security) Three new LTE 4G target the technology's data link layer protocols and impair the confidentiality and/or privacy of LTE communication.
ProtonMail CEO: ‘The attacks are continuing’ (Fifth Domain) The popular encrypted email messaging service says it is “under heavy” distributed denial-of-service attacks and “there may be intermittent connection problems.”
Whitbread Sounds Breach Alarm After PageUp Incident (Infosecurity Magazine) Costa Coffee owner claims recruitment data may have been compromised
Costa Coffee job applicants' details exposed in cyber attack on recruitment website (The Telegraph) Whitbread, the parent company of businesses including Costa Coffee and Premier Inn, has suffered a data breach which exposed the personal information of people who had applied for jobs at its portfolio companies.
Fortnum & Mason: 23,000 Affected by Data Hack (Infosecurity Magazine) Luxury retailer the latest big brand to be involved in a significant data breach
Let’s Steal a Coin (Infosecurity Magazine) How can a cryptocurrency coin be stolen, first you must identify certain types of Blockchain developer.
When ‘The World’s Most Famous Hacker’ Hacked a McDonald’s Restaurant Drive-In (Motherboard) When he was only 16, Kevin Mitnick hacked the drive-up windows of a local McDonald’s. To this day, he says this is his favorite hack ever.
Security Patches, Mitigations, and Software Updates
Azure IoT Edge Exits Preview with Security Updates (Dark Reading) Microsoft rolls out its cloud-based IoT service to the general public, while upping data protection with new categories including device management and security.
Cyber Trends
Consumers still happy to exchange data with businesses if there's a benefit (Help Net Security) Globally, more than half of consumers are still happy to exchange their data with businesses, as long as there is a clear benefit for doing so.
6 Drivers of Mental and Emotional Stress in Infosec (Dark Reading) Pressure comes in many forms but often with the same impact: stress and burnout within the security community.
US ‘most vulnerable in the world’ to cyberattacks (Fifth Domain) A former Obama administration official said that the U.S. is vulnerable to cyberattacks because
Over a Third of UK CEOs See Cyber-Attacks as Inevitable (Infosecurity Magazine) KPMG survey finds UK business leaders more optimistic than global average
Marketplace
Kansas wireless carrier: A ban on Huawei could put us out of business (Fierce Wireless) United TelCom said that the FCC’s proposed action against Huawei could force the operator to shut off its wireless service.
The Navy’s new acquisition tool speeds up tech prototyping (C4ISRNET) The Space and Naval Warfare Systems Center Atlantic is using an other transaction authority to facilitate the management of a consortium to prototype naval information warfare capabilities.
French firm makes moves to fund cybersecurity expansion (Fifth Domain) Communications & Systèmes is issuing new stock, among other moves, to finance its strategic Ambition 2021 growth plan.
Palo Alto Networks: Solid Leadership To Accelerate Growth (Seeking Alpha) Palo Alto Networks (PANW) offers a differentiated business model with significant competitive advantage, making it an expensive stock. The structural change of
Could Tenable lead the way for other Maryland cyber IPOs? (Baltimore Business Journal) It has taken Tenable 16 years to grow to be IPO-ready, with nearly $190 million in annual revenue and 1,054 employees.
Virginia’s path to shine in cybersecurity: The Commonwealth Cyber Initiative (CyberX) (Virginia Business) Virginia’s efforts to grow its cybersecurity sector and cyber workforce received a major boost recently. Virginia’s budget includes $25 million to establish the Commonwealth Cyber Initiative (CyberX).
Cyber security new focus at KPMG (Manx Radio) Former UK government advisor takes on challenge
IBM snaps up £30m cyber security contract from NHS Digital (Digital Health) The three-year partnership will see IBM provide a range of enhanced cyber security services to NHS Digital’s security operations centre.
NHS asks IBM to boost its cyber security defences after WannaCry (IT PRO) Health organisation calls in experts, having failed to meet basic security standards on its own
Products, Services, and Solutions
Trustonic Awarded Cybersecurity Certification By French Government (Trustonic) Trustonic has been awarded the new Security Visa by the French National Cybersecurity Agency. This prestigious stamp of approval is used by the Agence nationale de la sécurité des systèmes d’information (ANSSI) to help commercial businesses and government organizations make informed decisions about cybersecurity solutions.
R9B Awarded Training Contract for U.S. Army Warrant Officer Advanced Course (Markets Insider) R9B (root9B, LLC), a leading provider of advanced cybersecurity products, services, and training annou...
Access Professional Edition 3.7: Personalized access control from Bosch (Help Net Security) Bosch APE 3.7 features: assembly points for emergency situations, personalized permanent open and output signals, supports companies in being compliant with the GDPR requirements.
Technologies, Techniques, and Standards
Preparing for Transport Layer Security 1.3 (Dark Reading) The long-awaited encryption standard update is almost here. Get ready while you can to ensure security, interoperability, and performance.
Top Ten Ways to Reduce Your Digital Footprint (Infosecurity Magazine) What are the options to reduce the size of your digital footprint and how can you take steps to make yourself less visible online?
Four common API vulnerabilities and how to prevent them (Help Net Security) It’s great for an API to give developers access to the data and functions they need to create apps, but only if those connections are protected.
The modern CSO: Future-proofing your organization in a disruptive world (Help Net Security) A modern CSO must have three essential skills. The first is knowledge of the business, the second is technical breadth, and the third is evangelism.
Cyber Resiliency a Feather in CROWS' Flight Cap (SIGNAL) The Air Force office elevates cybersecurity analysis of weapon systems.
The Army is bringing new electronic warfare prototypes home (C4ISRNET) Electronic warfare prototypes designed to counter Russian capabilities in Europe hit Army units stateside.
Design and Innovation
Hands-Off Weaponry Requires Hands-On Planning (SIGNAL) As artificial intelligence revolutionizes warfighting, military leaders must recognize the ramifications.
Intellectual Preparation for Future War: How Artificial Intelligence Will Change Professional Military Education (War on the Rocks) Is the dawn of artificial intelligence and autonomous weapons resulting in a new revolution in military affairs? That’s the question posed by a recent
Top cyber spy warns against dependence on artificial intelligence we don't understand (The Sydney Morning Herald) Artificial intelligence is bringing benefits, but the world isn't thinking enough about the possible pitfalls, an intelligence boss says.
Tech companies just woke up to a big problem with their AI (Quartz) A wave of announcements shows the whole industry is concerned.
The Inefficient Battle Against Phishing Attacks and the Technology to Turn the Tides of War (Infosecurity Magazine) It's important for providers to constantly adapt and block spammer accounts.
Semper Bumble: Are Marines taking to dating app to find new recruits? (Marine Corps Times) This was the experience for at least one unlucky Bumble user who screenshot the exchange.
Legislation, Policy, and Regulation
US Bans China Mobile on Security Concerns (Infosecurity Magazine) Beijing-backed telco denied Section 214 license
The government is right to be cautious about Huawei and China as a cyber threat (Financial Review) With China its largest trade partner, it's clear Australia has a lot to lose from a deteriorating relationship, but evidence shows it is right to be wary of cyber security threats.
Does DoD know how to supply intel for cyber ops? (Fifth Domain) The House Armed Services Committee is requiring a briefing on the Department of Defense's intelligence support to cyber operations.
Making it mandatory to declare data breaches (The Star Online) There needs to be a law to compel Malaysian companies to disclose data breaches, especially when personal information has been stolen.
Litigation, Investigation, and Law Enforcement
The FBI, FTC and SEC are joining the Justice Department’s inquiries into Facebook’s Cambridge Analytica disclosures (TechCrunch) An alphabet soup of federal agencies are now poring over Facebook’s disclosures and the company’s statements about its response to the improper use of its user information by the political consultancy Cambridge Analytica. The Federal Bureau of Investigation, the Federal Trade Commission…
In Newly Obtained Memo, Congress’ Top Cop Said House Democratic Caucus Server VANISHED (Daily Caller) A secret memo marked “URGENT” detailed how the House Democratic Caucus’s server went “missing” soon after it became evidence in a cybersecurity probe. The secret memo also said more than “40 House offices may have been victims of IT security violations.”
Former ICE Chief Counsel Sentenced to Four Years in Prison for Wire Fraud and Aggravated Identity Theft Scheme (US Department of Justice) Former Chief Counsel Raphael A. Sanchez of the U.S. Immigration and Customs Enforcement’s (ICE) Office of Principal Legal Advisor (OPLA) was sentenced to 48 months in prison for a wire fraud and aggravated identity theft scheme involving the identities of numerous aliens, announced Acting Assistant Attorney General John P. Cronan of the Justice Department’s Criminal Division and ICE Principal Legal Advisor Tracy Short.