Cyber Attacks, Threats, and Vulnerabilities
Intel official: Cyber threat warnings ‘blinking red’ (Military Times) Warning lights about cyber threats to U.S. national security are “blinking red” and the digital attempts to undermine America are occurring daily, not just at election time, the nation’s top intelligence official said Friday.
Huawei linked to major data breach (Financial Review) Chinese phone company Huawei has been linked to a major data breach in Africa casting doubt on its national security credentials.
A Addis-Abeba, le siège de l’Union africaine espionné par Pékin (Le Monde.fr) Il y a un an, les informaticiens du bâtiment, construit en 2012 par les Chinois, ont découvert que l’intégralité du contenu de ses serveurs était transférée à Shanghaï.
Huawei Faces Scrutiny Over Claims It Infiltrated a Closed Facebook Meeting (SDxCentral) A lawsuit filed by a former Huawei employee against the Chinese telecom firm is adding some fuel to U.S. government fears that the company is spying on its
DHS secretary: Russia continues to view US elections as a target of cyberattacks (CNN) The head of the Department of Homeland Security warned state officials on Saturday that the threat from Russia targeting US elections has not dissipated.
DHS: Russia Not Targeting Election Systems Like 2016 (Roll Call) Although the 2018 “midterms remain a potential target for Russian actors,” the intelligence community has yet to see evidence of a robust campaign.
U.S. cybersecurity "not in a good place" for 2018, 2020 elections, says NYT's David Sanger (CBS News) This week on "The Takeout" podcast, New York Times reporter David Sanger analyzes the Trump administration's approach to cyber security
Spread of 'Fake News' Could Affect Irish Elections, says Gov Report (Infosecurity Magazine) Report has found Irish elections are exposed to interference through cyber-attacks and spread of fake news
Magecart presents an unprecedented threat: Here’s what you can do (Help Net Security) Recently we learned that the previously disclosed Ticketmaster UK breach from a few weeks ago was not a one-off event but instead part of a widespread website digital credit card skimming operation that impacted over 800 ecommerce sites around the world.
Russia Fends Off 25 Million Cyber-Attacks During World Cup (Infosecurity Magazine) Russia prevented nearly 25 million cyber-attacks and other criminal acts during the football World Cup
Compromised JavaScript Package Caught Stealing npm Credentials (BleepingComputer) A hacker has gained access to a developer's npm account and injected malicious code into a popular JavaScript library, code that was designed to steal the npm credentials of users who utilize the poisoned package inside their projects.
Flaws Expose Siemens Protection Relays to DoS Attacks (SecurityWeek) Researchers discover vulnerabilities that expose Siemens SIPROTEC protection relays to DoS attacks
Ransomware is so 2017, it's all cryptomining now among the script kiddies (Register) Plus: Hackers take crack at cloud, phones come pre-pwned, malware's going multi-plat
8 Insights on the Future of Ransomware (The State of Security) Nick Santora shares eight thoughts on ransomware and what this digital threat category might look like years in the future.
Two-factor auth totally locks down Office 365? You may want to check all your services... (Register) A network's only as strong as its weakest link or worker
Internet Crime Complaint Center (IC3) | Business E-mail Compromise The 12 Billion Dollar Scam
(Federal Bureau of Investigation) Business E-mail Compromise (BEC)/E-mail Account Compromise (EAC) is a sophisticated scam targeting both businesses and individuals performing wire transfer payments.
Webstresser: When Platform Capitalism Goes Rogue (Security Boulevard) Platform criminality is leading to a rise in online services that offer easy access to malware and cybercrime expertise We must move beyond a simplistic firefighting approach to cybercrime if we want to disrupt cybercrime supply chains Earlier this year, an international law enforcement cooperation led to the arrest of the administrators of webstresser.org,
Phishing scams – a deep dive into this year’s cyber attack trends (Security Brief) There’s no doubt email is the number one vector used to initiate attacks on organisations, and of those email attacks, phishing is king.
Cyrillic Characters Are Favorites for IDN Homograph Attacks (BleepingComputer) Cyrillic (Russian alphabet) characters are the most common characters used in IDN homograph attacks, according to research published last month by Farsight Security.
Cryptojacking: cyber-scourge or legitimate business model for the ad-block age? (Computing) Cryptojackers steal CPU time and bandwidth, but then again so do ads, says RiskIQ
Why Malware as a Business is on the Rise (Heimdal Security Blog) How has the malware economy developed so fast? In this article, we learn how malware evolved and transformed into a profitable business, and what can you do to better secure your data.
Security Patches, Mitigations, and Software Updates
Google Chrome's new Meltdown and Spectre safeguard is a memory hog (MobileSyrup) Google Chrome has introduced new safeguards against Meltdown and Spectre, but they come at a cost.
Microsoft Replacing 'Premiere Assurance' Support with New Security Plan (Redmond Channel Partner) Organizations using SQL Server 2008/R2 and Windows Server 2008/R2 products can add three years of patch support via Microsoft's new Extended Security Updates plans, the company announced Thursday.
Cyber Trends
Mobile cybersecurity is a hellish nightmare that’s getting worse by the day (VentureBeat) Despite screaming headlines about the growing vulnerabilities of mobile devices and promises to take the matter seriously, both individuals and corporations alike are still essentially walking arou…
Only 20% of companies have fully completed their GDPR implementations (Help Net Security) Key findings from a survey conducted by Dimensional Research highlight that only 20% of companies surveyed believe they are GDPR compliant, while 53% are
86% of enterprises have adopted a multi-cloud strategy (Help Net Security) Most enterprises are adopting a multi-cloud strategy, since no single cloud platform meets all enterprise workload requirements.
The Types of Hackers & Why They Hack (BleepingComputer) In current times, the term may describe a person who attempts to gain unauthorized access to computers, with less than honorable intentions, or the person who counters the bad intentioned one. But, there is a pretty broad spectrum of hackers and a variety of motivations for hacking.
Experts lay stress on importance of trained workforce for cyber security (The Times of India) An increased cyber security threat has sparked a need for cyber intelligence analysts and workers.
Marketplace
Why wasn’t the Pentagon’s tech guru surprised by Google Maven pushback? (C4ISRNET) Project Maven was part of a broader attempt to develop artificial intelligence for the Pentagon.
Goldman Sachs says cybersecurity stocks could get a boost from fears of meddling in the midterm elections (CNBC) Pointing to an expected uptick in security spending in the run-up to November, analyst Arjun Menon told clients that the select group of stocks are likely to see upside in the months to come.
One Secure Way for Investors to Play the U.S. Midterm Elections (Barron's) The upcoming 2018 U.S. midterm elections promise several leading months of uncertainty and volatility, followed by concerns over policy risk and a potential impeachment saga if the House of Representatives changes majorities.
ZTE can import technology from the U.S. again… for now (Brinkwire) ZTE’s strenuous journey to get back to work seems to have finally paid off, at least for the time being.
A-LIGN Raises $54.5 Million Growth Equity Investment from FTV Capital (BusinessWire) A-LIGN, a cybersecurity and compliance solutions provider that specializes in helping businesses navigate the complexities of regulatory and business-
Six Companies Join the Auto-ISAC (Markets Insider) The Automotive Information Sharing and Analysis Center (Auto-ISAC) welcomes as new members Mitsubishi E...
Billion-Dollar Unicorns: Is Palantir Losing Valuation? (Seeking Alpha) Palantir was expected to go public last year, but declining valuations appear to have deferred that plan. Analysts still hope that Palantir will be able to make
Cyber security threats stir competition among UK tech groups (Financial Times) ECSC, Blancco and NCC Group struggle as risks for businesses escalate
CACI Wins Place on $50B GSA Alliant 2 Contract (WashingtonExec) CACI International Inc. has been awarded a place on the General Services Administration's Alliant 2 contract, a multple-award indefinite
King & Union Appoints Chris Camacho as Board Advisor (PRNewswire) Flashpoint Chief Strategy Officer helps shape cybersecurity startup's future growth strategy, offers support as the firm rolls out new information sharing platform
Products, Services, and Solutions
Review | Your password has probably been stolen. Here’s what to do about it. (Washington Post) Getting a password manager is the most important way to improve your online security. Our tech columnist picks the best.
Janrain Collaborates With Akamai to Bring Security to Janrain's Identity Cloud (Martech Advisor) Janrain Secure Edge Brings Industry-leading Security from Akamai to the Janrain Identity Cloud
Comodo Cybersecurity and Cloud Distributor intY Strike Global Distribution Deal (Markets Insider) Comodo Cybersecurity, the global leader in innovative cyber technology software solutions, today announced it h...
Plurilock Launches New Global Channel Partner Program for its Invisible Identity Assurance Cybersecurity Solution (PRNewswire) As Demand for Its Behavioral Biometrics & AI Technology Grows, Plurilock Closes Seed Round, Adds 9 Channel Partners
Hackproof CryptoSecure to Set New Security Standard for Cryptocurrencies (GlobeNewswire News Room) Impenetrable security is essential for cryptocurrency potential to be realized
ManageEngine Rolls Out Two-Factor Authentication (TFA) in ADSelfService Plus; Adds an Extra Layer of Security (ReadITQuik) ADSelfService Plus will now be able to enable organizations to introduce an additional layer of protection for crucial resources that are accessed by users via Windows-based machines
Now HackerOne is handling Tron [TRAX] foundation's Bug Bounty program (BCFocus) Tron Foundation launched a Bug Bounty Program with the highest reward of USD$10 million in the month of May.
Technologies, Techniques, and Standards
SECURITY: DHS official pushes to 'move beyond' cyber info sharing (E&E News) A top cybersecurity official announced plans to shift the Department of Homeland Security's focus from sharing information on cyberthreats to offering tools for concrete action.
IRONSCALES Survey Reveals Phishing Awareness Training Not Equating to (PRWeb) IRONSCALES, the world’s first automated phishing prevention, detection and response platform, today announced the results of a recent survey of security pro
Failed GDPR Consent Efforts (Information Security Buzz) The Facebook fine announced today for the Cambridge Analytica breach would have been significantly larger under GDPR. While the flurry of activity around the May 25 GDPR deadline may have subsided, the confusion regarding privacy, consent and what comprises actual GDPR compliance is only building. Pravin Kothari, Founder and CEO of cloud security provider CipherCloud, …
Cyber defense team trains with civilian agency at Cyber Shield 18 (DVIDS) Oklahoma National Guard Soldiers are no stranger to working side-by-side with fellow government agencies at home and on the battlefield. However, during a two-week training event at Camp Atterbury, Indiana, Soldiers from the OKARNG trained with a civilian agency to better prepare for a threat on the cyber battlefield.
Securing real-time payments with tokenization (Rambus Blog) For banks, direct debit (ACH) fraud represents a bigger financial risk than card fraud. In particular, growing momentum for real-time payment schemes across the world is creating huge opportunities for fraudsters and placing increasing pressure on banks and clearing houses, who now have only seconds instead of days to identify fraudulent transactions.
Matching disaster recovery to cyber threats (ComputerWeekly.com) While it is important to take steps to prevent cyber attacks, they can still happen. That is why disaster recovery practices are equally as critical
Academia
Coast Guard Academy to offer new major in cyber systems (Longview News-Journal) The U.S. Coast Guard Academy is now offering an academic program in cyber systems, its first new major in a quarter century.
Pilot program substantiates efforts to introduce students in rural Alabama to cybersecurity (The University of Alabama in Huntsville) Though initially established to introduce high school students in rural Alabama to the field of cybersecurity, the Expanding Cybersecurity Innovative Incubator to Extended Demographics (ExCIITED) program has managed to do much more over the course of its first year. Indeed, not only did 16 members of its initial cohort successfully complete the program’s requirements, but three of its four seniors will also be attending UAH this fall.
Kaspersky to help train Swinburne students in cyber security (ITWire) Security firm Kaspersky Lab and Swinburne University of Technology have signed a memorandum of understanding to support cyber security education and h...
Three Russian Universities Add Crypto Courses and Diplomas (Bitcoin News) More academic institutions in Russia are starting educational courses and even postgraduate programs in crypto and blockchain technologies. Three universities will be teaching related subjects like cryptography and digital economy during the new academic year beginning in September.
Legislation, Policy, and Regulation
The Cybersecurity 202: Trump's meeting with Putin a pivotal moment for effort to deter Russian cyberattacks (Washington Post) President Trump's meeting today with Russian President Vladimir Putin is a pivotal moment for his administration's efforts to deter future election interference efforts by Moscow and other sophisticated actors.
Trump-Putin summit hits last-minute turbulence (Asia Times) A craftily timed intervention to torpedo - or reset the agenda - of Monday's Helsinki summit will infuriate and disappoint Moscow
Cyber Saturday: Red Flags Flap Before Trump-Putin Meeting (Fortune) On Friday, the special counsel investigating Russian interference in the 2016 presidential election issued an indictment of 12 Russian military intelligence officers accused of conspiring to obstruct American democracy.
Perspective | I’ve been in meetings with Putin. Here’s what Trump can expect. (Washington Post) He's confident. He'll never admit wrongdoing. And he'll probably be late.
Dems to Trump: Cancel Putin meeting over hacking indictments (Fifth Domain) Democrats in Congress are pressuring President Trump to cancel his meeting with Vladimir Putin in the wake of indictments against a dozen Russians who meddled in U.S. elections.
Trump-Putin summit mystery: What about Snowden? (POLITICO) Trump has called for the fugitive NSA leaker’s execution and once guaranteed that Russian President Vladimir Putin would hand him over. But there’s no sign that Trump is pressing the issue.
G.R.U., Russian Spy Agency Cited by Mueller, Casts a Long Shadow (New York Times) From the downing of a civilian airliner over Ukraine to operations in Syria to the 2016 United States election, the G.R.U. has been an arm of the Russian state.
France’s cyber command marched in Paris’s Bastille Day Parade for the first time (The Verge) A small demonstration that cybersecurity is a national priority
Australia to ban Huawei from 5G roll-out amid security concerns (CNET) Intelligence agencies warned the government about the company's links to China.
Senators push to block Trump's ZTE deal in final defense bill (TheHill) A bipartisan group of senators is urging negotiators on Capitol Hill to retain a provision in the annual defense policy bill that would block President Trump’s deal to save Chinese telecommunications giant ZTE.
The AI Column: How To Think About China, Silicon Valley And CFIUS (Task & Purpose) CFIUS has come under increasing scrutiny as China has invested heavily in the U.S. technology sector in a way Silicon Valley fears
Microsoft Calls For Federal Regulation of Facial Recognition (WIRED) “Facial recognition will require the public and private sectors alike to step up—and to act,” says Brad Smith, the company’s president.
Official: Outdated classification system near the breaking point (FCW) In a new report, the chief of the Information Security Oversight Office warns that the system by which critical security information is created, classified and shared is overburdened by a reliance on paper, legacy policies and incompatible tech.
Litigation, Investigation, and Law Enforcement
12 Russian Intelligence Officers Indicted for Hacking U.S. Democrats (SecurityWeek) Twelve Russian intelligence officers have been indicted by a grand jury for hacking Democratic Party emails ahead of the 2016 US presidential election, Deputy Attorney General Rod Rosenstein announced July 13.
Mueller indictment: Read the full charges against Russia’s GRU intelligence agency (Fast Company) The indictment was announced today by Deputy Attorney General Rod Rosenstein.
DOJ Russia DNC Hack Indictment (NPR) The Grand Jury for the District of Columbia charges...
Tracing Guccifer 2.0’s Many Tentacles in the 2016 Election (Mew York Times) The indictment of 12 Russian operatives provides never-before-seen detail about the central role of the online avatar Guccifer 2.0 in the dissemination of stolen Democratic documents.
Russian Hackers Kept DNC Backdoor Longer Than Anyone Knew (The Daily Beast) The Democrats swore in the summer of 2016 that they had banished all outside intrusions from their networks. They were wrong.
America’s indictment of Russian hackers underlines the cyber risks facing US politics (MIT Technology Review) Special Counsel Robert Mueller’s charges against 12 members of Russia’s GRU military intelligence agency accused of hacking related to the 2016 US presidential election are a stark reminder of the ways in which technology can be used to disrupt democratic processes.
After indictment, Russian hackers’ lives “changed forever,” ex-ambassador says (Ars Technica) Dozen named Russians now can't travel as freely, and Moscow is now on notice.
Indicting 12 Russian Hackers Could Be Mueller's Biggest Move Yet (WIRED) The special counsel has unleashed an international, geopolitical bombshell.
The Russia Investigation Is A Puzzle Designed Never To Be Solved (The Federalist) Rod Rosenstein and others embarrassed by DOJ’s actions may derive safety from the never-ending nature of the investigation.
For Mueller, pushing to finish parts of Russia probe, question of American involvement remains (Washington Post) There are signs that the special counsel is moving to finish a significant portion of his investigative work by the end of the summer.
What Robert Mueller Knows—and 9 Areas He'll Pursue Next (WIRED) The special counsel has collected a mountain of evidence in the Trump-Russia investigation, but so far only a tiny amount of it has been revealed in official indictments. Here are nine areas where we should expect answers as the inquiry unfolds.
The Russians Who Allegedly Hacked the DNC Mined Bitcoin to Fund Their Operation (Motherboard) The Russian hacking team singled out in the Mueller probe’s latest indictment allegedly mined Bitcoins and banked on cryptocurrency’s pseudonymity to keep their identities hidden.
Basic Digital Security Could Have Prevented One of the Biggest Political Scandals in American History (Motherboard) Russia hacked the Clinton campaign in large part because John Podesta didn't bother to turn on two-factor authentication.
The public tools Russia allegedly used to hack America’s election (Fifth Domain) Using spear-fishing, Russian intelligence officials launched a devastating hack against Hillary Clinton's 2016 presidential campaign.
President Trump blames Barack Obama for Russian cyber attack on Democratic email servers - NY Daily News (New York Daily News) President Trump took aim at his predecessor Barack Obama for failing to do more in preventing Russia’s cyber attack on Democratic email servers while fanning the flames of a deep web conspiracy theory.
‘I hadn’t thought’ of asking Putin to extradite indicted Russian agents, Trump says (Washington Post) The president also tried to set expectations for his one-on-one meeting with Russia’s Putin in a new CBS interview.
Rand Paul on Russian election meddling: 'We all do it' (POLITICO) The Kentucky senator said Moscow would not admit that it interfered in the 2016 election.
Russia probe indictments spotlight risk of bitcoin, digital currency (McClatchy DC) The use of so-called cryptocurrencies in global finance are likely to come under increased scrutiny after the Justice Department announced indictments Friday against 12 Russian military intelligence officers.
[Letter requesting DoJ investigate the Cyber Caliphate as a Russian intelligence service false flag operation] (US Senate) We write to express our concerns about reports that Russian intelligence services posing as Islamic extremists threatened and harassed U.S. military families. We urge you to investigate this potential false flag operation and to hold any perpetrators accountable.
‘Novichok bottle’ found in search at victim Charlie Rowley’s home (Times) Counterterrorism police have found a small bottle believed to contain a nerve agent that killed a woman and was used in the attack on a former Russian spy and his daughter. Assistant Commissioner...
Huawei Faces Scrutiny Over Claims It Infiltrated a Closed Faceboo (SDxCentral) A lawsuit filed by a former Huawei employee against the Chinese telecom firm is adding some fuel to U.S. government fears that the company is spying on its
Top Liberal not convinced by WA government's Huawei security assurance (WAtoday) Acting Opposition Leader Liza Harvey has raised questions over the advice received from security agencies over the awarding of a $136 million telecommunications contract to a Chinese telco.
Three Arrests Made in Largest Hack in Lebanon's History (BleepingComputer) Beirut officials have arrested three suspects believed to be behind what local authorities are calling the biggest hack in Lebanon's history.
Kaspersky Lab, Russian cyber firm, denied injunction in appeals case against Trump administration (The Washington Times) Russian cybersecurity firm Kaspersky Lab suffered another setback Friday in its efforts to oppose new rules prohibiting the U.S. government from using its antivirus software and services.
Smart TVs are invading privacy and should be investigated, senators say (Ars Technica) Democrats want FTC probe of privacy policies and practices of smart TV makers.
Facebook ordered to let grieving mother in to dead daughter’s account (Naked Security) The girl’s parents want access to her account to see if her death was the result of cyberbullying.
National Lottery website hackers jailed (BBC News) Idris Akinwunmi transferred £13 into his account after the attack on National-Lottery.co.uk