Cyber Attacks, Threats, and Vulnerabilities
Chinese Cyber-Spy Hackers Target Cambodia as Elections Loom (Bloomberg.com) Chinese cyber spies have targeted Cambodian government institutions, opposition party members, diplomats and media, possibly to gather information ahead of elections later this month, according to cybersecurity firm FireEye Inc.
Ticketmaster Breach Part of Massive Payment Card Hacking Campaign (Dark Reading) Threat actor Magecart has infiltrated over 800 e-commerce sites with card skimming software installed on third-party software components, RiskIQ says.
Ticketmaster breach part of massive credit card skimming campaign (Help Net Security) RiskIQ researchers have discovered that the Ticketmaster breach was part of a massive card-skimming campaign affecting 800+ e-commerce sites.
Inside and Beyond Ticketmaster: The Many Breaches of Magecart (RiskIQ) The hack of Ticketmaster was not a one-off event, but part of a massive digital credit card-skimming campaign by the threat group Magecart.
Asian APT Groups Most Active in Q2 (Dark Reading) Researchers at Kaspersky Lab published data on the most prolific threat groups and campaigns, compiled from private intelligence reports developed this quarter.
iPhone crashing bug likely caused by code added to appease Chinese gov’t (Ars Technica) Apple fixed the denial-of-service flaw in update released Monday.
Apple's China-Friendly Censorship Caused an iPhone-Crashing Bug (WIRED) Security researcher Patrick Wardle's friend thought China had hacked her iPhone. In reality, a bug crashed it any time she used a Taiwanese flag emoji.
Another Linux distro poisoned with malware (Naked Security) Arch Linux user repository altered to host malware, Arch maintainers say they’re “surprised it doesn’t happen more often”.
Security Researchers Find New Loophole in IAB's Ad Fraud Prevention Framework (Ad Week) Thousands of apps are masquerading as premium publishers in order to bypass new industrywide protections against ad fraud, according to new data.
Cryptocurrency Social Engineering Schemes Helped Criminals Net Nearly £7.5 Million Last Year (Information Security Buzz) Kaspersky Lab experts have exposed a relatively new fraudulent trend: the development of cryptocurrency is not only attracting investors, but also cyber-criminals seeking to boost their profits. During the first half of 2018, Kaspersky Lab products blocked more than a hundred thousand triggers related to cryptocurrencies on fake exchanges and other sources. With each attempt, …
Malware and ransomware see huge rises across the world (IT Pro Portal) Cybercriminals turn to encryption to help deliver their malicious payloads.
Ransomware back in big way, 181.5 million attacks since January (Help Net Security) The 2018 SonicWall Cyber Threat Report offers insight into numbers for malware volume, ransomware attacks, encrypted threats and chip-based attacks.
The Pirate Bay: We mine Monero from your CPU, install Adblocker or leave (HackRead) The Pirate Bay is now displaying a message on its home page stating that it uses visitor's CPU to mine Monero coins.
Security Patches, Mitigations, and Software Updates
Patch Tuesday, July 2018 Edition (KrebsOnSecurity) Microsoft and Adobe each issued security updates for their products today.
Microsoft Fixes 17 Critical Bugs in July Patch Tuesday Release (Threatpost) Microsoft patches 17 critical bugs and 34 important bugs as part of its monthly security bulletin.
Microsoft July Security Updates Mostly Browser-Related (Dark Reading) Patch Tuesday includes 53 security updates, including mitigation for the latest side-channel attack.
July Patch Tuesday: Large Adobe Security Update and Patches for 18 Critical Microsoft Vulnerabilities (TrendLabs Security Intelligence Blog) Patch Tuesday for July addresses 53 Microsoft and 107 Adobe vulnerabilities.
Over 100 Vulnerabilities Patched in Adobe Acrobat, Reader (SecurityWeek) Adobe has patched over 100 vulnerabilities in Acrobat and Reader, and several flaws in some of the company’s other products
Update Flash (and Adobe Acrobat) now! (Naked Security) Flash: “I’ve got a critical vulnerability.” Acrobat: “hold my beer…”
IBM Study: Hidden Costs of Data Breaches Increase Expenses for Businesses (IBM News Room) IBM (NYSE: IBM) Security today announced the results of a global study examining the full financial impact of a data breach on a company's bottom line. Overall, the study found that hidden costs...
Businesses Collect More Data Than They Can Handle, Reveals Gemalto (BusinessWire) With pressure to ensure consumer data is protected mounting, Gemalto, the world leader in digital security, today released the results of a global stu
Microsoft bug reports up 121%, virtualization software bugs up 275% (CSO Online) The Zero Day Initiative saw a 33% increase in the number of bugs reported so far in 2018, which may shatter 2017's 'busiest year ever' record.
HackerOne Report Unveils Latest Hacker-Powered Security Trends From Largest Vulnerability Data Set (BusinessWire) HackerOne, the leading bug bounty and vulnerability disclosure platform, today announced findings from the 2018 Hacker-Powered Security Report, based
'White hat' hacker rewards skyrocket as cyber attack threat looms (The Telegraph) Technology giants are handing out record payouts to stay-at-home hackers who spot bugs in their products according to industry insiders.
ThreatConnect Research Finds Majority of Cybersecurity Leaders Say Threat Intelligence Programs Successfully Blocked Attacks and Prevented Breaches Last Year (ThreatConnect) Organizations credit threat intelligence programs with saving businesses an average of $8.8 million over twelve month
Innovation in healthcare: A hacker's dream and CISO's nightmare? (Help Net Security) Ground-breaking tech inevitably comes with associated risks, and it is important to weigh up the benefits of innovation with the potential cyber threats.
Not enough CISOs and business leaders cooperate on a cybersecurity plan and budget (Help Net Security) Accenture survey finds fewer than one-third of CISOs and business leaders collaborate on a cybersecurity plan and budget.
PE Firm Thoma Bravo Buys Majority Stake in Centrify (SecurityWeek) Private equity investment firm Thoma Bravo said it will acquire a majority interest in identity and access management (IAM) solutions firm Centrify.
Cybersecurity provider Mimecast acquires Bethesda company (Washington Business Journal) International email and data security company Mimecast Ltd. has acquired Ataata Inc., a Bethesda cybersecurity training and awareness platform.
Bomgar Acquires Avecto to Provide a Best-in-Class PAM Solution Suite (Bomgar) With Avecto’s endpoint privileged management technology, Bomgar customers can remove excess admin rights throughout their organizations, and only elevate privileges for approved applications and actions.
4 of the most highly-anticipated tech IPOs in the pipeline (TheStreet) The IPO market is back in action, with tech companies driving the most excitement and highest returns. Here's a look at who's on deck.
SonicWall CEO rubbishes redundancy reports but confirms 'pulling resources' in Asia (CRN) Vendor says that EMEA has not been impacted by the changes,Security,Vendor ,SonicWall,Infinigate,vendor,UK
BAE launches cyber security intelligence network (Sky News) The industry forum has been launched to address the difficulties that companies are having in sharing cyber security intelligence.
Teramind Announces Record Growth with Key Customer Acquisitions, Opens (PRWeb) Teramind Inc., a leading global provider of insider threat and data loss prevention (“DLP”) solutions, today announced record breaking 2Q2018 performance.
Palo Alto Networks proposes USD 1.5 billion senior notes offering (Telecompaper) Global cyber security platform provider Palo Alto Networks has announced a proposed USD 1.5 billion offering of convertible senior notes due 2023, subject to market conditions and other factors.
Cellebrite's newest target: Your IoT-infested home (Cyberscoop) A new set of technical updates, commercial webinars and sales pitches from Cellebrite outline the company's drive into IoT.
Georgia looks to build on the Army’s cyber investment (Fifth Domain) When complete, the $100 million facility will be home to cybersecurity research, training and operations.
Cyber innovation centre opens (New Electronics) London cyber innovation centre opens and welcomes first cohort of UK-based cyber security businesses.
Huntsmam Security Expansion in Australia (PRWire) Huntsman Security announced today its expansion in the Australian market to support the increasing demand for the ASD Essential Eight Monitoring solution that gives organisations the ability ...
Products, Services, and Solutions
Ivanti Unifies IT, Service Management and Security Operations with Ivanti Automation (Ivanti) Free for Integration with Ivanti Products, Ivanti Automation Streamlines the Management of Infrastructure, Cloud and Workspace Processes Across the Ivanti Product Portfolio and Beyond
Cryptomathic Signer Achieves eIDAS Certification for Remote Qualified Electronic Signatures (Cryptomathic) Banks and trust service providers across Europe can now benefit from a new gold standard in remote qualified electronic signatures, following the eIDAS certification of Cryptomathic’s remote qualified eSignature solution, Signer.
Illumio Achieves Federal Compliance for Securing High Value Assets (PRNewswire) Software-defined micro-segmentation solution achieves Common Criteria "in evaluation" milestone and FIPS 140-2 compliance to support digital transformation efforts for the government
Proofpoint Launches Innovative Cloud Account Defense Solution to Detect and Respond to Compromised Microsoft Office 365 Accounts (GlobeNewswire News Room) Cybersecurity leader enables organizations to detect, investigate, and remediate Microsoft Office 365 credential theft, mitigating financial and data loss
5nine Expands Platform with Hybrid Cloud Management and Security for M (PRWeb) 5nine, a provider of security and management solutions for the Microsoft Cloud, today announced it is expanding the 5nine solution suite to support the...
Checkpoint Systems and Impinj team to create ARC-qualified RFID inlay (Help Net Security) The Vortex R6-A inlay is based upon the Monza R6-A tag chip, which helps retailers implement “Privacy by Design” principles to protect consumer privacy.
Nozomi Networks and IBM Team Up to Answer Demand for Integrated IT/OT Cyber Security (Nozomi Networks) We’re excited to tell you that Nozomi Networks and IBM Security have teamed up to address the exploding demand for effective, integrated IT/OT cyber security services and solutions. Read on to see how industrial organizations around the world now get easy access to deep OT network visibility and continuous threat detection.
EclecticIQ Integrates with MITRE's Attack Framework (Help Net Security) The integration of the ATT&CK matrix into EclecticIQ Platform, attack patterns used in separate attacks can now be pinpointed.
VMware NSX 6.4 introduces upgrade planner, HTML5 features (SearchVMware) VMware NSX 6.4 introduces a host of new features, including an upgrade planner, improved HTML5 capabilities and numerous firewall functionality improvements. Keep up to date with the development of NSX and learn how these new features can enhance deployment.
Rapid7 Introduces Canada and Australia Instances of its Security Analytics and Automation Platform (GlobeNewswire News Room) Rapid7’s global footprint continues to expand with introduction of new platform data regions
Technologies, Techniques, and Standards
DOD seeks classification “Clippy” to help classify data, control access (Ars Technica) Would integrate with Microsoft Office, email and prevent sharing of sensitive documents.
Feds Can Achieve Better Security Through Network Segmentation (MeriTalk) Keeping pace with growing cyber threats is an uphill battle for Federal agencies as network complexity increases and the boundaries of networks extend to systems and devices not always under the control of their IT organizations.
What is continuous user authentication? The best defense against fraud (CSO Online) Authenticating all user actions and attributes throughout a session ultimately provides the best defense against fraud and account abuse.
Why (and how) law firms should up their security game (CSO Online) Lawyers have been slow to adopt modern technology — and even slower to respond to security threats. That may be changing.
With So Many Eyeballs, Is Open Source Security Better? (eSecurity Planet) VIDEO: Dirk Hohndel, VP and Chief Open-Source Officer at VMware, talks about how dev security should be done, whether the code is open source or proprietary.
Security Automation - The Future Starts Now! (SecurityWeek) Incident response playbook sharing helps the community respond to those threats without having to reinvent the wheel.
7 Key Cybersecurity Factors Shaping Threat Hunting Technologies (Bricata) Cybersecurity has more tools than ever, but attacks still occur and breaches still happen. While this is driving force behind the threat hunting initiative, there are several factors influencing how these technologies are evolving. #ciso #cloudsecurity #cyberthreatintel
Why You Should Be Dwelling on Dwell Time (SecurityWeek) If your board isn't already asking for dwell time reporting, I can virtually guarantee you the questions are coming.
Security Automation - The Future Starts Now! (SecurityWeek) Incident response playbook sharing helps the community respond to those threats without having to reinvent the wheel.
The Marine Corps wants to protect its Hornets from GPS jammers (Marine Corps Times) The Corps is facing down increased threats from electronic warfare. In Syria, adversaries have used EW attacks against AC-130 gunships.
Seven Things To Look For In A Secure Work-At-Home Customer Care Provider (Forbes) Be picky when it comes to protecting your business and your customers -- always.
Design and Innovation
Facebook Is Testing a Feature to Tell You If That DM Came from Russia (Motherboard) Facebook has faced a wave of misinformation and scam campaigns. Users may soon have more information about that unsolicited direct message, judging by a new feature Facebook is currently trying out.
HTC’s blockchain phone is real, and it’s arriving later this year (TechCrunch) HTC isn’t gone just yet. Granted, it’s closer than it’s ever been before, with a headcount of fewer than 5,000 employees worldwide — that’s down from 19,000 in 2013. But in spite of those “market competition, product mix, pricing, and recognized inventory write-downs,” the company’s still trucking …
How a Startup Is Using the Blockchain to Protect Your Privacy (WIRED) Oasis Labs is working with Uber as it aims to cure some of the ills of the internet.
Obscurity should be a universal security feature (Cyberscoop) There’s a common belief in information security that obscurity shouldn’t be a layer of protection. Jonathan Wilkins thinks the opposite.
3D Printing Is the Future of Factories (for Real This Time) (WIRED) A technology that for years has been good for making prototypes and tchotchkes promises to usher in a new industrial revolution.
Bismarck State College to start cybersecurity partnership (kansas) A college in Bismarck is partnering with a California-based company to address a growing gap in computer safety jobs.
Legislation, Policy, and Regulation
Waging cyber war without a rulebook (FCW) As the U.S. looks to go on the offense in the cyber domain, critical questions remain unanswered around who will take the lead and how clearly to draw the rules of engagement.
Mexico orders banks to step up security to prevent cyber attack (Retail Banker International) Mexico has alerted the domestic banks about potential cyber attack and ordered them to strengthen preventive security measures.
Cyber ambiguity: NATO’s digital defense in doubt amid unstable alliances (Fifth Domain) The very future of NATO’s cyber strategy is left intentionally murky.
Trump’s Supreme Court pick: ISPs have 1st Amendment right to block websites (Ars Technica) Net neutrality violates ISPs' right to edit the Internet, judge wrote.
Analysis | The Cybersecurity 202: Privacy advocates blast Kavanaugh for government surveillance support (Washington Post) Members of Congress from both parties are concerned.
Litigation, Investigation, and Law Enforcement
Apple and Google questioned by Congress over user tracking (Naked Security) Inquiring lawmakers’ minds want to know, for one thing, whether our mobile phones are actually listening to our conversations.
Facebook Gave a Russian Internet Giant a Special Data Extension (WIRED) Mail.ru also ran hundreds of apps on Facebook at a time when the platform’s policies allowed app developers to collect their users' friends' data.
Facebook under fresh political pressure as UK watchdog calls for “ethical pause” of ad ops (TechCrunch) The UK’s privacy watchdog revealed yesterday that it intends to fine Facebook the maximum possible (£500k) under the country’s 1998 data protection regime for breaches related to the Cambridge Analytica data misuse scandal. But that’s just the tip of the regulatory missiles now be…
UK’s Information Commissioner will fine Facebook the maximum £500K over Cambridge Analytica breach (TechCrunch) Facebook continues to face fallout over the Cambridge Analytica scandal, which revealed how user data was stealthily obtained by way of quizzes and then appropriated for other purposes, such as targeted political advertising. Today, the U.K. Information Commissioner’s Office (ICO) announced t…
Facebook stares down barrel of $660,000 fine over data slurping (Naked Security) The UK privacy regulator has fired a £0.5M shot across Facebook’s bows in the looks-set-to-go-on-for-ages “Cambridge Analytica” saga
Australian litigator IMF Bentham files complaint against Facebook over privacy breaches (CRN Australia) Sydney-based IMF Bentham may sue over Cambridge Analytica breach.
Surely we can find, and stop, high-tech spies (TheHill) It’s rumored that the U.S. intelligence community has commissioned The Eagles to rewrite some of their famous lyrics to serve as a deterrent to Russia and China.
Justice walks back claims of data from OPM breach was used in a crime (FederalNewsRadio.com) The Justice Department tells Sen. Mark Warner (D-Va.) that it came to a premature conclusion on a recent case regarding information from the OPM data breach.
Hacker Caught Selling Maintenance Manuals for Military Drones (Defense One) A poorly configured router allowed the theft of drone manuals, a list of maintainers, material on the Abrams tank, and more.
Ex-Apple employee charged with stealing trade secrets (CRN Australia) Accusing of downloading self-driving car blueprints.
Former Apple Employee Charged With Theft of Trade Secrets Related to Autonomous Car Project [Updated] (Mac Rumors) The United States Federal Bureau of Investigation this week charged former Apple employee Xiaolang Zhang with theft of trade secrets, according to...
This former Navy sailor wants to sue the feds over classified submarine photos (Navy Times) A former U.S. Navy sailor who spent a year in prison for taking photos in classified areas of a nuclear submarine based in Connecticut wants to sue the Justice Department and several former government officials, including President Barack Obama.
Google to pay billions in fines for Android practices: report (CRN Australia) Allegedly pressured smartphone vendors to bundle apps.
Woman who once bought bitcoins for $300,000 cash in paper bags sent to prison (Ars Technica) At one point, Theresa Tetley had an upstanding client named "Pirate Sh*t."