Cyber Attacks, Threats, and Vulnerabilities
Magniber Ransomware Expands From South Korea to Target Other Asian Countries (BleepingComputer) After spending nine months targeting only South Korean users, the Magniber ransomware has expanded its targeting spectrum and is now also capable of infecting users who also feature a Chinese (Macau, China, Singapore) and Malay (Malaysia, Brunei) PC language setting.
From Mind Games to Election Hacking: Russia’s Trolling Tactics Explained (NYTimes.com - Video) Cyberattacks. “Little green men.” Frozen conflicts. These are just a few of the tactics Russia and its leader, Vladimir V. Putin, have used to try to disrupt the world order.
Siemens Warns Customers of New Meltdown, Spectre Variants (Industrial Control Systems (ICS) Cyber Security Conference) Siemens recently updated its security bulletin for the Meltdown and Spectre vulnerabilities to inform customers of the latest variants, specifically the ones known as LazyFP and Spectre 1.1. Several industrial control systems (ICS) vendors published security advisories for the CPU flaws shortly after they were disclosed in early January. Siemens …
Spectre Variants 1.1 & 1.2 (eSentire) Two new variants of the Spectre side channel attack have been discovered, neither of which are mitigated by previous Spectre security patches. eSentire Thr...
Stolen Code-Signing Certificate Used in Malware Attack (Computer Business Review) A new malware campaign that misuses stolen digital certificate has been identified by ESET Internet Security firms’ researchers.
Protego Labs Finds Nearly All Serverless Application Functions at Risk (PRWeb) Protego Labs recently discovered that 98 percent of functions in serverless applications are at risk, with 16 percent considered “serious.”
LabCorp hacked? Investigation under way (UPDATED) (DataBreaches.net) Related Posts:Records stolen from LabCorp Patient Service CenterJudge Dismisses Lawsuit Charging LabCorp with HIPAA…Women Find Thousands of Medical...
800K Patient Records At Issue in ProCare Health Snafu (Threatpost) IT companies allege that one of New Zealand’s largest networks of doctors and nurses has been storing hundreds of thousands of sensitive patient records, without express consent.
Ubisoft Games Hit by Massive DDoS Attacks (HackRead) Ubisoft has suffered a series of massive DDoS attacks (distributed denial-of-service) forcing several Ubisoft gaming servers to go offline.
DDoS Attacks Get Bigger, Smarter and More Diverse (Threatpost) DDoS attacks are relentless. New techniques, new targets and a new class of attackers continue to reinvigorate one of the internet's oldest nemeses.
Microsoft tops list of brands impersonated by phishers (Help Net Security) The number one brand spoofed by phishers in Q2 2018 in North America was Microsoft, likely due to a surge in adoption of Microsoft Office 365.
Cryptojacking: Has cryptocurrency-mining malware already reached its peak? (ZDNet) Newly released figures suggest coinmining attacks have started to decline, as some hackers grow impatient with low returns on their investment, which could lead to a rise in more dangerous attacks.
EMP Risk is 'Not a Sideshow': Why One Cyber Attack Could Wipe Out 90% of US Population (CBN News) Cybersecurity experts say foreign hackers are penetrating the US power grid and other critical infrastructure. The risk of an EMP attack that shuts down the power grid and cripples the US is real, and some experts say we're not doing enough to protect ourselves.
IMB data breach prompts 'comprehensive response' (Baptist Press) A data breach at the International Mission Board that may have exposed personal information of current and former employees, volunteers and applicants has led the Southern Baptist entity to undertake a 'comprehensive response.'
Millions of Verizon Customers’ Information Was Exposed Because of a Third Party It Hired to Analyze the Data (Update: Actually, This Happened Last Year) (Slate Magazine) Not good!
Security Patches, Mitigations, and Software Updates
Oracle Critical Patch Update Advisory - July 2018 (Oracle) A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes.
Cyber Trends
From Bullets to Clicks: The Evolution of the Cyber Arms Race (Dark Reading) Cyber strategies have become as important as physical weapons in the battle for political advantage. Here's a quick look at four broad categories.
Marketplace
If Your Weapons Aren’t Cyber-Hardened, Expect to Lose Pentagon Contracts (Defense One) The Pentagon intends to start assessing its weapons’ resistance to hacks, instead of leaving that to manufacturers.
As OTAs grow, traditional contractors are reaping the benefits (FederalNewsRadio.com) The Defense Department spent nearly $21 billion on OTAs in the past three years, but who is bringing home the bacon? Are traditional defense contractors using them to avoid oversight?
Microsoft offers bug bounties for holes in its identity services (Help Net Security) Microsoft is asking security researchers to look for technical vulnerabilities affecting its identity services and OpenID standards implementations.
Top Cybersecurity Stocks Proofpoint, Okta, FireEye Near Buy Points (Investor's Business Daily) The software sector continues to lead, and top cybersecurity stocks Proofpoint, Okta and FireEye all working on bases. Palo Alto Networks, CyberArk Software, Qualys and Zscaler are consolidating, but they're too short to be bases.
Compliance-Focused Firms Draw Investor Dollars (Wall Street Journal) Recent investments in companies that deal with financial crime and compliance have put these firms on the radar of venture capitalists and private-equity funds, especially as they offer savvier ways to streamline compliance for banks and financial institutions.
ObserveIT closes $33M in Series B financing (Help Net Security) The funding will be used to accelerate innovation for ObserveIT’s insider threat management solutions and to expand ObserveIT’s sales and marketing teams.
Alexa, Are You A Spy? Israeli Startup Raises $12.5 Million So Governments Can Hack IoT (Forbes) Former Israeli Prime Minister helps launch a one-stop hacking shop for government agencies. Privacy concerns abound.
Data Privacy Automation Provider Integris Software Secures Oversubscribed $10 Million Series A Financing Round (Business Wire) Integris Software, a leading provider of data privacy automation, today announced it has raised a $10 million Series A financing round.
This office security startup wants to kill the keycard (Business Insider) Openpath, which just raised $20 million, lets employees enter the office with their phones — and claims it can do it without any glitches or hiccups.
CEO sees recent acquisition as Allied Universal’s continued evolution (SecurityInfoWatch.com) USSA expands both reach and competencies for growing service and tech company
Plurilock Rolls Out First Formal Partner Program (Channel Partners) Plurilock's new sales channel partners include such companies as Carahsoft, Siltek, Paramount Computer Systems (PCS) and Assurity Systems, and through these and other partners, the company now is readily available in the Middle East, Europe and Asia/Pacific, in addition to the Americas.
U.S. Navy Selects Unisys Software for Secure, Mission-Critical Communications (PRNewswire) Under contract worth approximately $20 million, company will develop, operate and manage tactical military messaging software
FARNBOROUGH: Raytheon to advise Jordan on aircraft cybersecurity (Flightglobal.com) Raytheon has been selected to advise the Kingdom of Jordan on the vulnerability of its aircraft networks and data to cyberattacks.
Syniverse names former FBI cyber official as its top security and risk officer (Tampa Bay Times) Syniverse, the Tampa-based company that knits together the world's mobile communications networks, has hired a 26-year veteran of the FBI as its chief security and risk officer, effective tod
Kudelski Security Maintains Growth in Consulting & Research Services With Strategic Hires (Markets Insider) Kudelski Security, the cybersecurity division within the Kudelski Group (SIX:K...
Products, Services, and Solutions
Webroot Announces Integration with BrightGauge (Webroot) Industry-First Integration Enables MSPs to Gain the Most Intelligence out of Their Data for Better Business
NGFW achieves highest security effectiveness (Forcepoint) While next generation firewalls (NGFWs) have historically been thought of as security products, it’s surprising how few vendors deliver security that actually works.
ERPScan continues helping protect business-critical systems (ERPScan) ERPScan, a leading ERP security company, again helped Oracle protect its most critical enterprise business applications including PeopleSoft and JD Edwards by providing the information on 17 vulnerabilities affecting the vendor’s products. Patches for these vulnerabilities have been released today as a part of Oracle’s quarterly Critical Patch Update (or CPU). Some have almost the […]
BehavioSec’s Behavioral Biometrics platform fulfills critical requirements achieving Payment Services Directory 2 (PSD2) compliance (Behaviosec) The European Banking Authority confirms behavioral biometrics as a proven technology delivering enhanced authentication and anti-fraud measures for payment service providers. Widely deployed across global banks, BehavioSec’s behavioral biometrics platform keeps customers prepared for PSD2 mandates and business opportunities. Stockholm/München – July 17, 2018 BehavioSec, the first vendor to pioneer behavioral biometrics, today announced that …
ThreatConnect Announces Enhanced Orchestration Capabilities Designed to Measure and Improve Security Operations Efficiency (ThreatConnect) ThreatConnect continues to reinforce its platform's value combining threat intelligence, analytics and orchestration
SoftwareONE Launches Security for Microsoft 365 (Daily American) SoftwareONE, a leading software and cloud portfolio management provider, announced today that it has launched Security for Microsoft 365, a new managed service that enhances the
Kaspersky Lab detects 42 million attacks on smartphones (IT Pro Portal) Mobile device management is not enough to protect employee smartphones from growing cyber threats.
Sophos Intercept X for Server Blocks Cyber Attackers from Hitting the Business Bullseye (GlobeNewswire News Room) Sophos (LSE:SOPH), a global leader in network and endpoint security, today announced Sophos Intercept X for Server, next-generation server protection with predictive deep learning technology that provides constantly evolving security against cyber threats.
Emsisoft Anti-Malware offers 4-layered protection to Windows (Windows Club) Emsisoft Anti- Malware is a light-weight security software that offers powerful protection for your Windows computers. It ships with a unique dual-engine scanner, offers 4-layered protection, hourly updates against 300000 new threats every day, and advanced malware removal capabilities. Today we take a look at the features that this antivirus software brings to you.
Has Your Multifunction Printer Become A Data Loss Risk? Consider DLP For Images. - Security Boulevard (Security Boulevard) Do you have one of those multi-purpose photocopier / printer / scanners?
Rapid7 Integrates with Microsoft Azure to Provide Visibility, Analytics, and Automation for Cloud Security (GlobeNewswire News Room) Rapid7 Insight platform integration with Azure increases visibility of threats in cloud and hybrid environments, helping to power the practice of SecOps between Security, IT, and DevOps
Change Healthcare Gives Payers and Providers the Keys to Cloud Security (PRNewswire) Change Healthcare Intelligent Healthcare Network introduces "BYOK" and "kill switch" technology to help payers and providers control security and respond to threats quickly and decisively
IBM attempts to graft VM security onto container flexibility (Register) Nabla Containers promises reduced attack surface through fewer system calls
BOHH Labs | BOHH Labs and Teradata Partner to Securely Expand Business Data Analytics Capabilities (RealWire) BOHH Labs’ brand new Secure Data as a Service© drives on-premise and cloud analyticsBOHH Labs, the leading provider of seamless and secure access to data, and Teradata Corporation, the leading data and analytics company, today announced a partnership to drive better business outcomes through securely accessing data in on-premises and cloud environments
Bitglass and Okta Partner on Advanced Access and Security for the Cloud - Media Releases (CSO) Partnership Brings Together Bitglass’ CASB and Okta’s IAM Capabilities
Bitdefender unveils new 2019 product line (PC World) Bitdefender launches its 2019 consumer security product line, which aims to stop criminals before they attack.
Symantec Announces Industry’s First Integrated Email Threat Isolation Solution to Render Advanced Email Attacks Harmless (Business Wire) Innovation represents major step forward in the fight against sophisticated phishing, account takeover, and ransomware attacks
Technologies, Techniques, and Standards
New Protocol Promises to Improve Wi-Fi Security — Eventually (Security Intelligence) WPA3, which was released in June 2018, promises to improve Wi-Fi security — but the changes will be gradual because the Wi-Fi Alliance will need to certify routers to work with the new protocol.
Research Finds Nearly 30% of Federal Agencies Have Yet to Start their DMARC Compliance Journey for BOD 18-01 (Proofpoint) Last October, the Department of Homeland Security issued Binding Operational Directive (BOD) 18-01 with the intent to safeguard federal information and information systems. A key component of this initiative is to drive these agencies to implement SPF and DMARC email authentication protocols within 12 months.
Human Error Strains Security Teams: How Can Companies Nip Employee Negligence in the Bud? (Security Intelligence) New data reveals that security professionals are increasingly concerned about employee negligence because it forces them to respond to preventable data breaches.
Threat intelligence 'absolutely critical' to government cyber programs, NYC CISO says (StateScoop) Geoff Brown, New York City's chief information security officer, says in a video interview that intelligence-driven security programs are the way to go.
Design and Innovation
Instagram Working on Stronger 2FA That Won't Use Your Phone Number (Motherboard) Some Instagram users are at particular risk of sim hijacking, where a hacker takes control of their phone number and uses that to break into accounts. Now, Instagram is pushing towards app-based authentication, which should make the hackers' job harder.
How Google's Safe Browsing Helped Build a More Secure Web (WIRED) You may not have heard of Safe Browsing, but it's made the web more secure for over a decade. Here's its story, from the people who built it.
Research and Development
The Pentagon Wants to Bring Mind-Controlled Tech To Troops (Nextgov.com) The Defense Department’s research arm is working on a project that connects human operators’ brains to the systems they’re controlling—and vice versa.
Pentagon Plans to Publish Broad Artificial Intelligence Strategy ‘Within Weeks’ (Nextgov.com) The report will focus on long-term plans and how it will funnel resources to developing the technology, a Defense official said.
Here’s how much a new artificial intelligence center could cost (C4ISRNET) New reprogramming budget documents reveal how much the Pentagon plans to spend on the new Joint Artificial Intelligence Center.
Academia
UWF leading Florida's cybersecurity training for 2018 elections (Pensacola News Journal) The University of West Florida is training Florida supervisors of elections and their key personnel to guard themselves against cyberattacks
Female Network Will Deter Cybersecurity Threats (US News & World Report) Promoting cybersecurity careers and connecting with students will help boost women's participation in the industry.
Legislation, Policy, and Regulation
Was the Helsinki Summit Worth It? (The National Interest) The Helsinki summit set the right course for the United States and Russia in defusing tensions—until the last thirty minutes.
Forget the Summit: How Trump Let Putin Win the Cyber-Security War (The Hive) Trump’s continued denial of Russian election interference sets a dangerous precedent in this era of cyber-warfare—and practically guarantees that it will happen again.
NSA and Cyber Command to coordinate actions to counter Russian election interference in 2018 amid absence of White House guidance (Washington Post) The move by NSA Director Paul Nakasone comes as Trump again dismisses findings of Russian culpability.
Analysis | The Cybersecurity 202: Trump's intel chiefs fight Russia's election interference -- with or without him (Washington Post) But Trump is making it more complicated.
White House Cybersecurity Strategy at a Crossroads (Dark Reading) Trump administration's initial lack of a unified front in the wake of Russian election-hacking indictments worries cybersecurity experts.
Putin proposes a joint cybersecurity group with the US to investigate Russian election meddling (TechCrunch) Over the course of Monday’s controversial Helsinki summit, Russian President Vladimir Putin pushed an agenda that would ostensibly see the U.S. and Russia working side by side as allies. The two countries make stranger bedfellows than ever as just days prior, Trump’s own Department of J…
Trump wants to work with Russia on infosec. Security experts: lol no (Register) Thanks for Putin that out there
Trump calls summit with Putin a great success, ‘even better’ than meeting with NATO allies. Some in GOP disagree. (Washington Post) The president blamed the news media for negative coverage of his performance alongside the Russian leader. Fellow Republicans, however, want him to clarify his statements.
Analysis | The Daily 202: Trump’s Helsinki performance is a ‘final straw’ for some Republicans. Others are just disappointed. (Washington Post) Most criticism is coming from lawmakers who are already retiring or have been Never Trumpers.
Opinion | Trump just gave Putin complete free rein (Washington Post) Trump did not get a single concession or course correction.
Former Intel panel chairman says Trump betrayed US intelligence community (The Hill) A former chairman of the House Intelligence Committee said Tuesday that President Trump betrayed the U.S. intelligence community by accepting Russian President Vladimir Putin's denials about Moscow's interference in the 2016 presidential election.
Former intel chiefs condemn Trump's news conference with Putin (CNN) Former US intelligence chiefs expressed astonishment and condemnation Monday in response to President Donald Trump's comments at Monday's news conference with Russian President Vladimir Putin, with former CIA Director John Brennan calling the US President's performance "nothing short of treasonous."
Putin laughs off election interference question (Washington Examiner) Russian President Vladimir Putin laughed Monday as Fox News reporter Chris Wallace asked him about meddling in the 2016 U.S. election, denying responsibility while defending the hacks he's accused of orchestrating.
Is the U.S. Hypocritical to Criticize Russian Election Meddling? (Foreign Affairs) The United States is simply not engaging in electoral meddling in a manner comparable to Russia’s approach.
Dem calls Russia meddling 'act of war,' urges cyber attack on Moscow banks (The Hill) Rep. Steve Cohen (D-Tenn.) on Tuesday said that Russian hacking efforts against the U.S. amount to an act of war and the U.S. should have countered by launching cyber attacks against the Kremlin.
Why regulation on cyberspace is long overdue in Kenya (The Standard) The level of cyber crime in Kenya, at the moment, is such that businesses are grounding to a halt. Cases of those who have lost money online simply...
Wickr, Linux Australia, Twilio sign open letter against govt’s encryption crackdown ‘mistake’ (CIO) Prime Minister Malcolm Turnbull’s favourite secure messaging app Wickr is among the 76 organisations and individuals that have signed an open letter today calling on his government to reject its plans to ‘undermine strong encryption’.
Litigation, Investigation, and Law Enforcement
US intel chief stands by assessment of Russian meddling (Tampa Bay Times)
The top U.S. intelligence official says assessments of Russian meddling in the 2016 election have been 'clear' and describes the Kremlin's efforts to undermine the United States' democracy as 'ongoing' and 'pervasive.'
The Russia Investigation's Intelligence Is 'A Triumph' -- Trump Should Trust It (Forbes) Trump has little reason to not believe his own intelligence teams over Putin's strong denials, such is the strength of the Russia investigation's intelligence.
Russia did meddle in US election, Donald Trump forced to admit (Times) President Trump lurched into damage control mode last night, insisting that he had “full faith” in his intelligence agencies and conceding that Russia had tried to influence the 2016 election. He...
Putin Explained Away Russian Hackers Because It Exposed Corruption In DNC (Daily Caller) 'Democratic leadership admitted it'
How the Russians broke into the Democrats' email, and how it could have been avoided (CNBC) The Russians started by sending a phony email to "big fish" that was then used to install malware on DNC mail servers, according to the DoJ's indictment of 12 Russians involved.
Bitcoin, malware and 'spearphishing' helped Russian agents hack Democratic Party computers in 2016 election (Los Angeles Times) As Trump prepares to meet Putin in Helsinki, federal prosecutors have painted a detailed and complex portrait that shows how a skilled cadre of Russian intelligence officers hacked Democratic computers and undermined the 2016 U.S. election. Here's how it went down.
Russia proved it is the greatest threat to our democracy (TheHill) Mueller’s indictment is a clear and compelling statement of the fundamentally dire cybersecurity threat we face as a nation.
Robert Mueller Is Fighting a War (Foreign Policy) The special prosecutor's latest indictments prove he's waging more than just a legal battle.
£200,000 fine for exposing possible child abuse victims in classic Cc/Bcc email blunder (Graham Cluley) The Independent Inquiry into Child Sexual Abuse (IICSA) has been fined £200,000 for revealing identities of abuse victims in a mass email.
Google Is Fined $5 Billion by EU in Android Antitrust Case (Wall Street Journal) The EU fined Alphabet’s Google $5 billion, a record for the bloc that could loosen the company’s grip on its biggest growth engine: mobile phones.
Google confirms it will appeal $5 billion EU antitrust fine (TechCrunch) Google has confirmed the expected, that it will indeed appeal the record $5 billion fine that it was handed today by European antitrust regulators for abusing the dominance of its Android operating system. The European Commission announced that it is fining the U.S. firm for “three types of r…
Judge slams FBI for improper cellphone search, stingray use (Ars Technica) "They are not the only instances of sloppy, inappropriate law enforcement work."
Republicans accused Facebook, Google and Twitter of bias. Democrats called the hearing ‘dumb.’ (Washington Post) Facebook, Google and Twitter on Tuesday sought to defend themselves against accusations from Republican lawmakers that the tech giants censor conservative news and views during a congressional hearing that devolved into a political sniping match.