Cyber Attacks, Threats, and Vulnerabilities
Iranian Attackers Spoof Security Site for Phishing Lure (Infosecurity Magazine) An Iranian APT group has been spotted building a phishing site, using a cybersecurity company which outed it as a lure.
Hamas Uses Fake Dating Apps to Infiltrate Israeli Military (Infosecurity Magazine) IDF claims to have found sophisticated spyware operation
Geodo Malware Targets Patriots with Phishing Attack on Eve of American Independence Day Holiday (Cofense) A classic phishing technique involves timing attacks to match major holidays and other global and regional events. One example of this scenario in a phishing attack captured by Cofense Intelligence™ delivering the Geodo botnet malware on July 3, 2018. In this attack the threat actor appeals to the patriotic nature of the Fourth of July holiday and recipients’ sense of patriotism in its content. In these messages, the attacker reminds the recipient of the sacrifices of American service member as part of a narrative designed to entice victims to click on the link in...
Scans Reveal 13 Million Internet-Exposed Databases (BankInfo Security) Old technology never dies, but rather fades "very slowly" away, as evidenced by there being 21 million FTP servers still in use, says Rapid7's...
Facebook gave certain companies special access to customer data (Naked Security) What do Mail.ru, Nissan, Spotify, and Nike have in common? They were all afforded temporary extensions to access private Facebook data API.
Someone else is reading your Gmails (Naked Security) Remember when privacy advocates used to worry about Google scanning your email? Well now, they have another problem on their hands: real people reading them.
How to See Which Apps Can Read Your Gmail (Motherboard) Third party app developers read user emails, the Wall Street Journal reported, raising questions about Google’s oversight.
Phishing tales: Microsoft Access Macro (.MAM) shortcuts (Posts By SpecterOps Team Members) Previously, I blogged about the ability to create malicious .ACCDE Microsoft Access Database files and using them as a phishing vector…
Bigger, Faster, Stronger: 2 Reports Detail the Evolving State of DDoS (Dark Reading) DDoS attacks continue to plague the Internet, getting bigger and more dangerous. And now, the kids are involved.
When your personal data is stolen, you’re the last to know (Quartz) It's a process that's become depressingly routine.
The Pirate Bay is silently mining cryptocurrency without user consent (HackRead) After being offline for over a week the torrenting giant The Pirate Bay is back online with a cryptocurrency mining code.
Linux targeted by illicit cryptocurrency miners (ComputerWeekly.com) Cryptojacking is increasingly being used by cyber criminals to raise funds, Watchguard report reveals.
New Cybersecurity Report Notes Rising Cases of Cryptojacking Attacks on Linux Devices (Bitcoinist.com) A recent internet security report from an independent cybersecurity firm has highlighted the growing threat of crypto-mining malware. Its findings Rising cases of cryptojacking, including attacks on devices running Linux have been noted in a new cybersecurity report.
Cryptocurrency heists soar as hackers steal £577m in six months (The Telegraph) A record amount of cryptocurrency has been stolen from online exchanges in the first half of 2018, according to a study into online heists.
Wiltshire pair poisoned by Novichok nerve agent (BBC News) They were exposed to the same substance as ex-Russian spy Sergei Skripal and his daughter Yulia.
Brain injury, sound-attack fears spread in China as more Americans evacuated (Ars Technica) Officials are still baffled amid new cases and reports of abnormal sounds, sensations.
Really dumb malware targets cryptocurrency fans using Macs (Ars Technica) A command spread through Slack and Discord channels to cryptocurrency users is a trap.
Tech-support scammers revive bug that sends Chrome users into a panic (Ars Technica) Similar bugs reportedly affect Firefox and other browsers, too.
Samsung Investigates Claims of Spontaneous Texting of Images to Contacts (Threatpost) After users complained online that their Galaxy devices are randomly sending photos to contacts, Samsung said it isn't a hardware or software issue.
Perth-based Cyanweb Solutions hit by "criminal hacking", website data and backups lost (CRN Australia) “Worst-case scenario” at Cyanweb Solutions.
Tamil Guardian website back online after cyber attack (Tamil Guardian) After almost a month, the Tamil Guardian website has come back online this morning, following a malware attack on the site.
Your private data goes for as little as a $1 on the dark web (CNBC) Your private information, from bank account numbers to Social Security cards, can be sold on the dark web, a hidden part of the internet where cyber crime is rampant.
How Pseudonymous Reputation and the Dark Web Have Made Cybercrime Easier Than Ever (Infosecurity Magazine) Today an array of marketplaces, infrastructure, and technology empower much more ordinary actors to commit crime on a massive scale with impunity.
Singtel rules out cyber attack as cause of 3½-hour outage (The Straits Times) Singtel is still investigating the root cause of a fibre broadband outage that saw its users cut off from Web surfing for 3½ hours yesterday morning, but it has ruled out a cyber attack.. Read more at straitstimes.com.
Security Patches, Mitigations, and Software Updates
How Microsoft helped neuter ‘double zero-day exploit’ before anyone was infected (CSO) Exploits like these are exactly why you should upgrade to Windows 10, says Microsoft.
Huawei enterprise comms kit has a TLS crypto bug (Register) You don't want insecure kit from a vendor the Pentagon hates, do you?
Millions of websites using HTTP may be labeled “Not Secure” with July Google Chrome update - DigiCert (DigiCert) DigiCert supports Google action to improve user security and offers free tools to help admins LEHI, Utah (July 3, 2018) — DigiCert Inc., the leading global provider of SSL/TLS certificates and other PKI solutions for securing web traffic and the Internet of Things (IoT), is providing industry guidance that millions of websites are not encrypted …
Cyber Trends
Halfway Through 2018, How Are All Those Cybersecurity Predictions... (Bricata) Earlier this year, we rounded up 20 security predictions for 2018 from across the industry. As we are nearing the halfway mark of the year, we thought it might be useful to revisit those predictions and see how they were panning out. Here we look back at the first three predictions – and the...
Truth, lies and data breaches (CRN Australia) Cybersecurity expert Troy Hunt shines a light on some facts surrounding hacks.
One Big Unintended Consequence of Protecting Cyber Privacy in the West (The Bull) In late May, people in Europe were blocked from US news sites such as the Los Angeles Times.
Top six security and risk management trends (Help Net Security) Security leaders should take advantage of six emerging trends, to improve their organization’s resilience while elevating their own standing.
How connected and secure is the modern workplace? (Help Net Security) What do employees want from a modern workplace and how well-placed are businesses to satisfying their requirements? Read on to find out.
Machine Learning, Cloud, Compliance and Business Awareness Drive Cybersecurity (Infosecurity Magazine) Gartner determine the six trends that it sees driving cybersecurity forward
Security Automation Soars to Top of Agenda (Infosecurity Magazine) Security orchestration, automation and response platforms need careful consideration in easing the security management burden.
Bill Clinton's cyber-attack novel: The airport haxploit-blockbuster you knew it would be (Register) Wannabe Die Hard with the literary genius of The Da Vinci Code
Marketplace
A cybersecurity fund has returned more than 30 percent since the Equifax data breach (CNBC) Since the Equifax hack last year, cybersecurity stocks have quietly outperformed amid market turmoil
Facebook confirms acquisition of London-based Bloomsbury AI (Computing) Facebook scoops up natural language processing start-up for up to $30m
TransUnion Completes Acquisition of iovation (GlobeNewswire News Room) TransUnion (NYSE:TRU) announced today that it has completed the acquisition of iovation, one of the most advanced providers of device-based information in the world, strengthening its leadership position in fraud and identity management.
Claranet Acquires Training & Pen Test Experts NotSoSecure (Infosecurity Magazine) Deal sees ethical hacking training provider and penetration testers join the Claranet portfolio
Israel's ThetaRay raises over $30 million for money laundering... (Reuters) Israel's ThetaRay, which uses mathematics to provide early detection from cyber threats, has completed a fundraising round of over $30 million, bringing the total amount raised to date to more than $60 million.
Navigating an Uncharted Future, Bug Bounty Hunters Seek Safe Harbors (Threatpost) More companies are looking to adopt "safe harbor" language in their bug bounty programs to build trust with participants.
Comodo CA Announces New World Headquarters (Dark Reading) Today, Comodo CA, a worldwide leader in digital identity solutions, announced it will be moving into a new world headquarters in Roseland, New Jersey this week.
Raytheon hires Air Force CISO Peter Kim (Cyberscoop) The U.S. Air Force’s recently departed Chief Information Security Officer Peter Kim joined the military contracting giant Raytheon as its director of IT security and governance at the company’s subsidiary Raytheon Missile Systems...
Products, Services, and Solutions
Corero secures $0.5m contract with unnamed American client - ShareCast News - London South East (London Southeast) Corero Network Security announced a $0.5m order for its new '100G SmartWall Threat Defense System' technology with an unnamed North American service provider on Monday.
Zilliqa Testnet v2.0 — Codename: D24 – zilliqa (zilliqa) Zilliqa is a new blockchain platform that is using the technology of sharding to scale to thousands of transactions per second as the…
Tripwire's IP360 vulnerability management solution features agent-based scanning (Help Net Security) By combining agent-based and agentless scanning options, Tripwire IP360 provides assessment of vulnerability risks across hybrid environments.
Redscan announces availability on G-Cloud 10 - cyber security for the public sector (Information Age) Redscan, cyber security services providers, has today announced their availability on G-Cloud 10, the government procurment platform.
ThreatMetrix has launched a risk engine API to support 3DS 2.0 environments (Help Net Security) ThreatMetrix has launched a risk engine API to support 3DS 2.0 environments, enhancing risk-based decisions for card-not-present transactions.
The changing faces of cybersecurity (Deloitte Canada) Canada's cyber talent shortage is being driven by the rapid spread of digital technology. But tackling the challenge will require an approach that is people-centric, not technology-centric. Deloitte's new cyber talent framework puts a human face on the problem.
DarkMatter to protect Expo 2020 digital network (Trade Arabia) DarkMatter, a leading UAE-based cyber security firm, has teamed up with Expo 2020 Dubai to deploy advanced cyber security technologies that will help safeguard Expo’s digital experience for millions of visitors and 180 country participants.
New online portal lets you send dash cam evidence directly to police (Auto Express) National Dash Cam Safety Portal launched by dash cam maker Nextbase, with support from 19 police forces
Top 7 Most Popular and Best Cyber Forensics Tools (HackRead) We often watch experts in movies using forensic tools for their investigations but what cyber forensic tools are used by experts? Well, here are top 7 cyber forensic tools preferred by specialists and investigators around the world.
Technologies, Techniques, and Standards
The DOD’s App Store Does This One Crucial Thing to Stay Secure (WIRED) To keep malware at bay, the GEOINT App Store has created a screening process that no commercial platform could ever match.
How suppliers of everyday devices make you vulnerable to cyber attack – and what to do about it (The Conversation) Malicious code or deliberate design faults can be inserted into everyday business products before they even leave the original manufacturer. Here's how you can protect yourself.
Using cyber threat intelligence at the operational, tactical levels (FederalNewsRadio.com) Tom Topping, the senior director of strategic programs for FireEye, said agencies need to understand their risks and use cyber threat intelligence to better mitigate them.
China’s AI ‘entanglement’ with Australia and US (Jane's 360) Beijing’s focus on developing artificial intelligence (AI) technologies to support advances in both military and commercial domains is leading to increasingly strong ‘entanglement’ between Chinese agencies and counterparts in Australia and the United States, a new paper has said.
Security Standing Committee to secure the future of computing (Help Net Security) RISC-V Foundation Security Standing Committee will develop consensus around security practices for IoT devices, embedded systems, and other areas of computing.
Don't be a sitting duck in the next OT cyberattack ((ISC)² Blog) In a recent Operational Technology (OT) cyberattack, Monero Crypto-currency mining malware was discovered in the ICS network of a water utility company located in Europe.
Where To Invest Your Cybersecurity Budget (eSecurity Planet) Tom Parker of Accenture Security discusses how organizations should budget for cybersecurity - and make the most of what they already have.
For victims of smart home abuse, there's no easy out (Engadget) Unplugging could be dangerous.
Security Culture has to be Intentional and Sustainable (Infosecurity Magazine) Your security culture is – and will always be – a subcomponent of your larger organizational culture.
Want to beat facial recognition? Join the Insane Clown Posse (Naked Security) The black and white clown makeup worn by the rap duo and their fans fools facial recognition.
What base security needs to know about Insane Clown Posse camouflage (C4ISRNET) Like dazzle paint on World War I warships, the makeup worn by members and fans of Insane Clown Posse confuses identification systems.
How to See Everything Your Apps Are Allowed to Do (WIRED) It's never a bad time to audit your app permissions. In fact, it's more important than ever.
5 things to know about fitness trackers and security in 2018 (CSO Online) Activity trackers, including dedicated fitness trackers and smartwatches, can expose enterprise networks if not properly managed and connected.
Security Experts Commend IBM’s Ban on Flash Drives (SHRM) Data security experts applauded IBM’s recent decision to prohibit its employees from using removable data storage devices in the workplace but caution that the policy may not be right for everyone.
Research and Development
AI spots legal problems with tech T&Cs in GDPR research project (TechCrunch) Technology is the proverbial double-edged sword. And an experimental European research project is ensuring this axiom cuts very close to the industry’s bone indeed by applying machine learning technology to critically sift big tech’s privacy policies — to see whether AI can automa…
Academia
Mohammed bin Salman Cyber Security College signs deal with IronNet Cybersecurity (Al Arabiya) Prince Mohammed bin Salman College of Cyber Security, Artificial Intelligence and Advanced
US experts to teach Saudi students cyber warfare (Arab News) Saudi Arabian students are to learn about cyber warfare from the people who experienced it first hand, state news agency SPA reported. Former members of the US Department of Defense will be working with the Prince Mohammed bin Salman College of Cyber Security, Artificial Intelligence and Advanced Technologies in teaching various aspects of cyber warfare. The announcement follows the signing of an agreement between the college and IronNet Cybersecurity.
Scottsdale tech firm pledges $1M to help 100 women pursue STEM careers (Phoenix Business Journal) A Scottsdale technology firm is committing $1 million in scholarships to help 100 women pursue careers in information technology during the next decade.
Legislation, Policy, and Regulation
Iranian Government Gags Crypto Exchanges To Fight 127% Inflation And New US Sanctions (ZyCrypto) The government in Iran has gagged bitcoin exchanges across the country, claim bitcoin users and alternate coin community of the Islamic state.
European MEPs vote to reopen copyright debate over ‘censorship’ controversy (TechCrunch) A 318-278 majority of MEPs in the European Parliament has just voted to reopen debate around a controversial digital copyright reform proposal — meaning it will now face further debate and scrutiny, rather than be fast-tracked towards becoming law via the standard EU trilogue negotiation proc…
Wikipedia goes dark in Spanish, Italian ahead of key EU vote on copyright (TechCrunch) Wikipedia’s Italian and Spanish language versions have temporarily shut off access to their respective versions of the free online encyclopedia in Europe to protest against controversial components of a copyright reform package ahead of a key vote in the EU parliament tomorrow. Update: Polish…
Ticket to copyright: Paul McCartney joins crowded fight over online rules (POLITICO) The European Parliament will vote on a sweeping overhaul of online copyright rules, and celebrities are getting involved.
US begins lifting ban on ZTE (The Verge) So it can update phones and other equipment
Congress's Efforts to Block Trump on Tariffs, China's ZTE Fizzle (Bloomberg.com) U.S. exporters want Congress to rein in President Donald Trump on tariffs, and national security hawks want Congress to force him to put Chinese telecom gear-maker ZTE Corp. out of business.
NDAA Nears the Finish Line–ZTE, Cloud, Cyber Still in Play (MeriTalk) The National Defense Authorization Act (NDAA) for FY2019 will head into conference next week when legislators return from the Fourth of July recess. The $700+ billion must-pass defense spending bill has been approved in both the House and Senate, and now the two chambers must come together to reconcile differences in the legislation and re-vote the unified bill before it can land on President Trump’s desk for signing.
Huawei founder bets Sino-US trade war won’t happen – but could he be wrong? (South China Morning Post) Ren Zhengfei, who established Huawei in 1987 and serves as its chief executive, expects the US and China to eventually reach a compromise on their trade dispute
SCOTUS and Congress Leave the Right to Privacy Up for Grabs (WIRED) As the push for more digital privacy grows, the question is whether the courts or lawmakers will step up to protect our rights—or if it will fall through the cracks.
Analysis | The Cybersecurity 202: How Trump's Supreme Court pick could influence digital privacy (Washington Post) Kennedy's successor could face a slew of online privacy cases.
Analysis | The Cybersecurity 202: Big tech is going after California's new privacy law (Washington Post) Google, Amazon and Uber are massing their resources.
California's New Privacy Law Gives GDPR-Compliant Orgs Little to Fear (Dark Reading) Others should boost their security controls to get in sync with AB 375... or get ready to be sued hundreds of dollars for each personal record exposed in a breach.
Florida elections supervisors urged to take federal help on security (TBO.com) Florida election supervisors should take advantage of help from the Department of Homeland Security to make systems more secure, Sens. Marco Rubio and Bill Nelson wrote in a letter
Litigation, Investigation, and Law Enforcement
Trump calls unauthorized NSA collection of data ‘a disgrace’ (POLITICO) “Wow! The NSA has deleted 685 million phone calls and text messages. Privacy violations?” the president tweets.
Trump falsely links NSA counterterrorism program to Mueller probe (Stars and Stripes) The president's assertion that the NSA may have committed privacy violations echoes his previous claims of privacy violations against him, including the false assertion that the Obama administration had "wiretapped" Trump Tower in New York City to spy on his campaign.
Senate report affirms conclusion that Russia favored Trump over Clinton (The Day) A Senate panel investigating Russia's interference in the 2016 presidential election released Tuesday a written summary of
Think Russian elections-meddling is fake news? Lawmakers disagree (Fifth Domain) The Senate intelligence committee announced it agreed with a 2017 assessment which said that Moscow preferred Trump during the 2016 presidential elections.
DOJ Agrees Not To Prosecute Imran Awan For House Cybersecurity And Theft, But Questions Remain (Daily Caller) 'The Government has uncovered no evidence'
NSO Group Employee Allegedly Stole Company’s Powerful Spyware for Personal Profit (Motherboard) NSO sells its potent iPhone malware to governments, including Mexico and the United Arabs Emirates. But according to a newly released indictment, a disgruntled employee stole the company's code and tried to sell it for $50 million worth of cryptocurrency.
WhatsApp child sex claims leave 29 dead in Indian mob hysteria (Times) Rumours spread on social media that gangs of child traffickers and paedophiles are running wild in India have prompted several lynchings across the country, with at least 29 people murdered so far.
Elderly scam victims are too embarrassed to speak up (Naked Security) Financial talk itself is taboo. Admitting to getting fleeced and losing all your savings? That qualifies as super taboo, a new report says.
Kim Dotcom loses latest appeal to avoid extradition to U.S. (CBS News) The latest decision comes more than six years after U.S. authorities shut down Dotcom's file-sharing website Megaupload