Cyber Attacks, Threats, and Vulnerabilities
New Andariel Reconnaissance Tactics Hint At Next Targets (TrendLabs Security Intelligence Blog) Reconnaissance plays a vital role in criminal operations, and some groups go to great lengths to investigate their targets' systems. A recent example is the Andariel Group, a known branch of the notorious Lazarus Group. Last month, we tracked new scouting techniques coming from Andariel, used mainly against South Korean targets.
Blackgear Cyberespionage Campaign Resurfaces, Abuses Social Media for C&C Communication (TrendLabs Security Intelligence Blog) Blackgear (also known as Topgear and Comnie) is a cyberespionage campaign dating back to 2008, at least based on the Protux backdoor used by its operators.
Telefonica Spain Exposed the Personal Details of Millions of Customers (BleepingComputer) Telefonica, one of the world's largest telecommunications provider, has suffered a data breach this week, exposing the personal and financial information for millions of Spanish users of the company's Movistar landline, broadband, and pay television service.
Telefonica Calls Authorities after Massive Breach (Infosecurity Magazine) Millions of records were exposed in a telecom vendor breach.
Thousands of Mega logins dumped online, exposing user files (ZDNet) Exclusive: Email addresses, passwords, and lists of file names were exposed.
Passwords for Tens of Thousands of Dahua Devices Cached in IoT Search Engine (BleepingComputer) Login passwords for tens of thousands of Dahua devices have been cached inside search results returned by ZoomEye, a search engine for discovering Internet-connected devices (also called an IoT search engine).
Analysis | The Cybersecurity 202: Russia hacking tactics exposed in Mueller indictment still a threat, election officials say (Washington Post) It's hard to defend against these simple attacks.
Russia Indictments Reminder of Phishing Threats (Infosecurity Magazine) Russian indictments increase concerns over threats of phishing campaigns in midterm elections.
Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States (Motherboard) Remote-access software and modems on election equipment 'is the worst decision for security short of leaving ballot boxes on a Moscow street corner.'
Russian National Vulnerability Database Operation Raises Suspicions (Dark Reading) Recorded Future says Russia's Federal Service for Technical and Export Control has ability to find, weaponize vulnerabilities under cover of doing technology inspections.
Russia Publishes Only 10% of CVEs (Infosecurity Magazine) Report finds Russia's vulnerability database, while highly focused, is incomplete and slow
Pavlov’s Digital House: Russia Focuses Inward for Vulnerability Analysis (Recorded Future) Insikt Group examines the publication speeds and utility of Russia’s vulnerability database with results suggesting sustained control of the Russian state.
Is Putin’s soccer ball gift to Trump bugged? (Fifth Domain) During their summit in Finland, Vladimir Putin gave Donald Trump a commemorative World Cup soccer ball. But was it an innocence gesture?
A Privacy Researcher Uncovered a Year of Breakups and Drug Deals On Venmo (Motherboard) Unless you change the settings yourself, the stuff you do on Venmo is publicly visible. “Public by Default” explores the easily accessible details of Venmo users’ lives.
No Evidence of GandCrab Leveraging SMB Exploit - Yet (Threatpost) Researchers found a new version of GandCrab - but no evidence that the ransomware is using the same SMB exploit as Wannacry.
The SIM Hijackers (Motherboard) Meet the hackers who flip seized Instagram handles and cryptocurrency in a shady, buzzing underground market for stolen accounts and usernames. Their victim’s weakness? Phone numbers.
How to Protect Yourself From SIM Swapping Hacks (Motherboard) Here’s a guide on how to prevent and protect yourself against the threat of hackers taking over your phone number and going after your online accounts.
DanaBot Trojan Targets Bank Customers In Phishing Scam (Threatpost) A new phishing scam purports to be MYOB invoices - but really contains a novel banking trojan.
Researchers Mount Successful GPS Spoofing Attack Against Road Navigation Systems (BleepingComputer) Academics say they've mounted a successful GPS spoofing attack against road navigational systems that can trick humans into driving to incorrect locations.
Cyber criminal interest in electrical utilities on the rise (Canadian Underwriter) Electrical and utility firms in North America continue to be a target for cyber criminals, the head of a cyber loss modelling provider suggests. Over the past few months, there has been an “uptick in threat actor activity around energy…
Security Patches, Mitigations, and Software Updates
USB Restricted Mode in iOS 11.4.1 now available to all iPhone users (Naked Security) The latest version of iOS includes bug fixes and at least one new feature that might be of interest to security-minded users.
Reprise Software Refuses to Patch RLM Issue (Infosecurity Magazine) Reprise Software has refused to patch a vulnerability in its Reprise License Manager
Threats, Politics, and Cryptocurrency Mining (AlienVault) With Infosecurity 2018 happening shortly after GDPR came into force, and thus ended months of preparation, we were interested as to whether security professionals have found GDPR to be a friend or foe over the last couple of years.
World powers equip, train other countries for surveillance (Help Net Security) Privacy International has released a report detailing how powerful governments finance, train and equip countries with surveillance capabilities.
Newsmaker Interview: Bruce Schneier on 'Going Dark' and the Crypto Arms Race (Threatpost) Noted cryptographer waxes on the threats posed by physical cyber systems, 'going dark' and a crypto arms race.
SCADA/ICS Dangers & Cybersecurity Strategies (Dark Reading) Nearly 60% of surveyed organizations using SCADA or ICS reported they experienced a breach in those systems in the last year. Here are four tips for making these systems safer.
Most executives trust cloud-based systems to keep account payables secure (Help Net Security) Large majorities of surveyed executives trust cloud-based systems more than locally hosted ERP/AP systems to keep account payables secure.
Many infosec professionals reuse passwords across multiple accounts (Help Net Security) A Lastline survey from June 2018 revealed that 45 percent of infosec professionals reuse passwords across multiple accounts.
Government’s Kaspersky Ban Takes Effect (Nextgov.com) Pentagon, GSA and NASA contracts will now officially prohibit Kaspersky software.
Tenable prices initial public offering (Washington Business Journal) The Columbia company plans to sell 9.2 million shares of stock at an anticipated price of between $17 and $19 per share.
First Look At Tenable's IPO (Seeking Alpha) Tenable, a Maryland-based cybersecurity software vendor, has filed for its IPO. The company helps its clients to manage enterprise data with the goal of identifying and responding to cyber risks.</p><p>Tenable has 24k paying customers, most of which are billed annually on a subscription basis. This includes 53% of the Fortune 500. Revenues hit $187.7 million last year at a rapid 51% y/y growth rate. Billings too showed tremendous advances and supports a stable growth trajectory for the company.
1776 to launch startup accelerator program — with a twist (Washington Business Journal) A new accelerator from 1776 won't take equity in its startups.
Seven cloud vendors lining up for government security clearance (ZDNet) After Microsoft's contentious addition to the Certified Cloud Services List, the Australian Signals Directorate has revealed it is working with another seven companies interested in providing cloud services to government.
Former General Motors Cybersecurity Group Manager Joins NanoLock Security As VP of Customers (Business Wire) NanoLock Security today announced the appointment of Yoni Kahana as the company’s VP of Customers to lead NanoLock’s business development initiatives
McAfee Cybersecurity Expert Joins Plixer as CTO (GlobeNewswire News Room) Plixer, a leader in network traffic analytics and incident response, is announcing that Paul Piccard, a cybersecurity expert from McAfee, has joined Plixer as its new Chief Technology Officer and SVP of Engineering.
Products, Services, and Solutions
Nehemiah Security’s EQ Validates Offensive Intelligence to Drive Defensive Advances (Business Wire) Upgraded EQ Software Leverages Automated Cyberwarfare Tools to Establish Scalable and Repeatable Testing, Train Personnel, and Strengthen Defensive Posture
Digital Defense, Inc. Announces Integration with ForeScout Technologies (Digital Defense) Provides Organizations with Accurate and Complete Visualization of Network Risks
Alert Logic Transforms Container Security with Industry’s First Network Intrusion Detection for Containers (BusinessWire) Alert Logic delivers unprecedented network visibility to thwart attacks on containers deployed on AWS including Docker, Elastic Container Service, Kubernetes and Elastic Beanstalk
Infoblox Enables Rapid Automation of Core Network Services for Data Centers (PRNewswire) New Version of Infoblox NIOS™ Platform Integrates Cloud Readiness to Protect Devices Everywhere from Data Exfiltration
BlockSafe Technologies, First to Market with Cybersecurity Solution for Crypto Wallets (Business Wire) BlockSafe Technologies, Inc., (BlockSafe) the company that secures the blockchain ecosystem, today announced the availability of CryptoDefender™ for d
CrowdStrike Enhances Security Hygiene for Workloads on AWS (CrowdStrike) Falcon Discover empowers security teams through enhanced visibility, control, and improved security posture
Versasec Identiv Partnership (Versasec) Versasec Partners with Global Technology Company Identiv to Provide Strengthened Security and Identity Management
Darktrace Cloud protects cloud computing models and SaaS applications (Help Net Security) Darktrace Cloud can protect cloud computing models, applications, and devices with its cyber AI technology.
McAfee ePolicy Orchestrator now available on AWS (Help Net Security) McAfee ePO provides organizations time to focus on security concerns by eliminating the hardware, networking and database maintenance tasks.
ClearDATA launches healthcare compliant cloud offering on Microsoft Azure (Help Net Security) ClearDATA enables the move to the cloud with performance, agility and efficiency while adhering to the complex regulations in healthcare, including HIPAA, GxP and GDPR.
Optiv Security launches Privileged Access Managed Service (Help Net Security) Optiv’s Privileged Access Managed service protects data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline.
Monero has successful audit of their “bulletproofs”, only minor issues present (Chepicap) Monero or XMR is an open source securities token that focuses heavily on privacy and decentralization has recently had a successful audit by Kudelski Security of its new protocol.
Bitdefender New Security Line Will Stop Most-Sophisticated Attacks (Markets Insider) Bitdefender, a leading global cybersecurity technology company protecting over 500 million users worldwide,...
From National Security to Cybersecurity (Infosecurity Magazine) Crucial Academy addresses skills gap, offering free training to ex-military.
GitHub adds Python support for security alerts (Help Net Security) GitHub's Security Alerts now also work for Python projects, notifying developers about vulnerabilities in software packages that their projects depend on.
Technologies, Techniques, and Standards
How Can an ISAC Improve Cybersecurity and Resilience? (Security Intelligence) Sharing computer security information is now an established practice in IT. But pooling resources in an ISAC can provide greater insight, broader collaboration and improved overall cyber resiliency.
Here's Why the Federal Government Ought to Embrace the Blockchain (Nextgov.com) First, it's essentially impervious to tampering.
Census Should Be More Transparent About Cyber Protections, Former Officials Say (Nextgov.com) The Census Bureau will conduct its first largely online decennial census in 2020 but hasn’t said how it will secure the process.
Ex-cyber officials demand to know security measures for 2020 Census (TheHill) Former government cyber and technology officials are calling on the Census Bureau to publicly share its cybersecurity preparations for the 2020 Census after Special Counsel Robert Mueller indicted 12 Russians for the 2016 hack into the Democratic National Committee.
What does DoD need as it transitions to multidomain operations? (C4ISRNET) In future operating environments, the services are going to need interoperable systems that can readily share and fuse data, but how they will get there remains a bit of a mystery.
The Pentagon is gearing up to red team industry cybersecurity (Fifth Domain) The Pentagon is ready to test how the defense industry is doing on cybersecurity - and industry wants it.
Using Tape to Optimize Data Protection Costs and Mitigate the Risk of Ransomware for Data-Centric Organizations (IDC) IDC forecasts that 60% of organizations will have developed a digital transformation strategy and will be in the process of implementing it by 2020.
7 Security Trends Shaping Intrusion Detection Technology (Bricata) The threat landscape has evolved and is shaping the need for innovation in intrusion detection. These include the need for multiple methods of detection rather than just relying on one, like signature analysis. #ids #ips #networksecurity
How to Teach Your Employees About Cybersecurity (HackRead) With much of the workforce now being made up of millennials, this is a key part of ensuring cybersecurity training is a success.
Protecting a Mobile Workforce with Hybrid DNS Security (Infosecurity Magazine) The root of many of data breaches, and the damage and stress that accompanies them, lies the DNS.
Searching for Geographically Improbable Login Attempts (SANS Internet Storm Center) For the human brain, an IP address is not the best IOC because, like phone numbers, we are bad to remember them. That’s why DNS was created.
Design and Innovation
Zero login: Fixing the flaws in authentication (Help Net Security) Zero login essentially refers to the idea that we will never again have to recall complex passwords or provide documentation to identify ourselves.
A new data-driven idea of warfare doesn’t quite add up (New Scientist) Mathematical models of conflict are seductive, but we shouldn’t throw out the lessons of the past, warns David Betz
Weaponized AI -- Your Machine Is "Learning" But Who's The Teacher? (Forbes) Hackers are perverting machine language to infect critical datasets. This Professor explains how you can stop them.
D-Wave’s quantum computer successfully models a quantum system (Ars Technica) System lets researchers explore phase transitions in a quantum system.
Research and Development
Is the ‘Google Translate’ of sensor systems coming? (C4ISRNET) Lockheed recently concluded a series of flight tests with DARPA on an experimental program for stitching together systems.
60 Talented Hackers to Participate in Intensive Weeklong Bootcamp & Competition in Delaware (US Cyber Challenge) U.S. Cyber Challenge (USCC), the State of Delaware, and a conglomeration of Delaware universities (including the University of Delaware, Delaware Technical Community College, Wilmington
Legislation, Policy, and Regulation
Putin laughs off election interference question (Washington Examiner) Russian President Vladimir Putin laughed Monday as Fox News reporter Chris Wallace asked him about meddling in the 2016 U.S. election, denying responsibility while defending the hacks he's accused of orchestrating.
Trump casts doubt on intelligence assessment of Russian election interference (Fifth Domain) During a summit with Vladimir Putin, Donald Trump said that he didn't
Trump sides with Russia against FBI (BBC News) The US president contradicts intelligence agencies over claims of interference in the US election.
Trump hands Putin a diplomatic triumph by casting doubt on U.S. intelligence agencies (Washington Post) At a Helsinki summit, the U.S. president refused to denounce Russian interference in the 2016 election and called the Mueller probe a disaster for our country.”
‘Very much counter to the plan’: Trump defies advisers in embrace of Putin (Washington Post) “Everyone around Trump” pushed him to take a strong stand against Putin over Russia’s interference in the 2016 U.S. elections. He ignored the advice.
Donald Trump faces backlash after hailing ‘productive’ summit with Vladimir Putin in Helsinki (Times) President Trump said that America’s relationship with Russia had changed after a “deeply productive dialogue” at his first formal summit with President Putin in Helsinki yesterday. The two leaders...
Fallout after Trump-Putin meeting: Live updates (CNN) The White House is struggling to control the fallout after President Trump sided with Russia over the US intelligence community. Follow live.
Top Republicans in Congress break with Trump over Putin comments (CNN) After President Donald Trump's stunning news conference Monday next to Russian President Vladimir Putin, members of Congress -- including some powerful Republicans -- were quick to rebuke Trump's performance on the world stage and Trump's refusal to call Putin out for interfering in the US election.
Trump Is Right to Meet Putin (POLITICO Magazine) America needs fewer enemies. What’s wrong with reducing tensions?
Trump thanks Rand Paul for praising his position on Russia (New York Post) Facing widespread condemnation for his fawning meeting with Vladimir Putin, President Donald Trump gave a shout-out to Sen. Paul Rand, who praised him for trying “to prevent us from having World Wa…
Trump-Putin Summit Is Over. The Head-Scratching? Not So Much (NYTimes) President Trump has ended his weeklong trip to Europe.
Putin showed a threatening video of nukes hitting Florida — and an outraged Trump snapped on him (Business Insider) A new report from the news website Axios indicates President Donald Trump became outraged in March after Russian President Vladimir Putin showed a video of nuclear weapons hitting Florida amid his reelection campaign.
Retaliatory Hacking Has Returned – Will States Ever Learn? (TechNative) In mid-June 2018, the United States Cyber Command (CYBERCOM) was officially given the authority to launch cyber attacks against foreign nations The change in policy comes after the elevation of CYBERCOM to a full-fledge combatant command, after being initially established in 2009. As a result, the commander of CYBERCOM will report directly to the U.S. Secretary of Defense, rather than another combatant commander. Empowering CYBERCOM represents a more proactive approach to directly respond to those states that “host or sponsor malicious hacking groups” believed to be perpetrating hostile cyber attacks against U.S. interests. The “hacking back” phenomenon has gained traction
Litigation, Investigation, and Law Enforcement
Trump's Stupid ‘Where Is the DNC Server?’ Conspiracy Theory, Explained (Motherboard) Trump refuses to believe all the evidence that Russia hacked the DNC, because he understands nothing about how digital forensics works.
U.S. officials charge NRA-linked Russian with acting as Kremlin agent (POLITICO) The Justice Department said one of the person's missions was to establish 'unofficial lines of communications with U.S. politicians and political organizations.'
Twitter shutters accounts linked to US election hacking (Naked Security) The move comes after special counsel Robert Mueller’s indictment of 12 Russians believed to have used the accounts as fronts in US election hacking.
It’s official: Brexit campaign broke the law — with social media’s help (TechCrunch) The UK’s Electoral Commission has published the results of a near nine-month-long investigation into Brexit referendum spending and has found that the official Vote Leave campaign broke the law by breaching election campaign spending limits. It says Vote Leave broke the law including by chann…
Guy jailed for refusing to unlock phones (Naked Security) The phones are new, he said, and he can’t remember the passcodes.
Suspect behind bitcoin exchange that “catered to criminals” ordered to France (Ars Technica) Russia isn't happy that one of its own won't be coming home.
‘LuminosityLink RAT’ Author Pleads Guilty (KrebsOnSecurity) A 21-year-old Kentucky man has pleaded guilty to authoring and distributing a popular hacking tool called “LuminosityLink,” a malware strain that security experts say was used by thousands of customers to gain unauthorized access to tens of thousands of computers across 78 countries worldwide.
7 Nigerians Indicted for Fraud Operation on Dating Sites (Dark Reading) Con artists have been charged with operating a scheme that cost users of American dating websites more than $1.5 million.
21-year-old woman charged with hacking Selena Gomez (Graham Cluley) Popstar Selena Gomez’s alleged hacker has been charged.
Are your secret password reset questions easy to answer with public information?