Cyber Attacks, Threats, and Vulnerabilities
Cyberattacks in Finland Surge During Trump-Putin Summit (Dark Reading) Attackers targeted IoT devices like they did during Trump's June meeting with North Korea's Kim Jong-un, but this time China was the top-attacking nation.
US Company: Evidence Found of Chinese Cyber Attacks on Cambodia (VOA) An American company says it found evidence that a Chinese group has attacked computers belonging to Cambodian government agencies, opposition leaders and media. One of the targeted groups was the National Election Committee.
Transcript: Dan Coats Warns The Lights Are 'Blinking Red' On Russian Cyberattacks (NPR.org) "Today, the digital infrastructure that serves this country is literally under attack," the director of National Intelligence told a D.C. think tank on July 13. Here is the full transcript.
Scammers spoof UK university domains as part of massive fraud campaign (Security Brief) Action Fraud UK is warning people to be wary of any emails they receive that look like they belong to UK university email addresses.
Criminals Are Using Clash Of Clans To Launder Money, New Report Claims (Kotaku) Online criminals are reportedly laundering hundreds of thousands of dollars using blockbuster mobile games like Clash of Clans, Clash Royale and Marvel Contest of Champions, according to a new report by German cybersecurity firm Kromtech.
Hackers automate the laundering of money via Clash of Clans (The State of Security) Popular smartphone games such as Clash of Clans are being used to launder hundreds of thousands of dollars on behalf of credit card thieves.
Open MongoDB Database Exposes Mobile Games Money Laundering Operation (BleepingComputer) The US Department of Justice, Apple, and game maker Supercell, have been warned of a money laundering ring that uses fake Apple accounts and gaming profiles to make transactions with stolen credit/debit cards and then sells these game premiums on online sites for the group's profit.
Who's leaving Amazon S3 buckets open online now? Cybercroooks, US election autodialers (Register) Hundreds of thousands of voter records and contact info spilled
Roblox says hacker injected code that led to avatar’s gang rape (Naked Security) Roblox was moving some older, user-generated games to a newer, more secure system when the attack took place, it says.
Ever heard of ‘deep fake’ technology? The phony audio and video tech could be used to blackmail US troops (Military Times) The ability to distort the truth is expected to reach new heights with the development of so-called “deep fake
Rome Wasn’t Built in a Day, but This Botnet Was, Using CVE-2017-17215 (Security Boulevard) A new botnet has been detected by security researchers at NewSky security, with their discovery being confirmed by researchers from Qihoo 360 Netlab, Rapid7, and Greynoise. The botnet in question has compromised more than 18,000 routers in a single day,...
Router Crapfest: Malware Author Builds 18,000-Strong Botnet in a Day (BleepingComputer) A malware author has built a huge botnet comprised of over 18,000 routers in the span of only one day.
Calisto Trojan for macOS: the first member of the Proton malware family? (Securelist) As researchers we interesting in developmental prototypes of malware that have had limited distribution or not even occurred in the wild. We recently came across one such sample: a macOS backdoor that we named Calisto.
Cryptomining replaces ransomware as most prevalent threat (Computing) Awareness of ransomware and rise in price of cryptocurrencies has caused the change, says Skybox Security
MalwareBytes Report Says CryptoJacking Cases Are "Plateauing" (Ethereum World News) A MalwareBytes report mentioned that the presence of cryptojacking has become quite apparent, as it currently dominates the cyber threat landscape.
Stealthy Malware Hidden in Images Takes to GoogleUserContent (Threatpost) Hackers are embedding malicious code within compromised, uploaded images on trusted Google sites – weaponizing the website and staying under the radar.
The 3 riskiest apps found in the enterprise (TechRepublic) The Appthority Pulse Report for Q2 2018 found that messaging apps were risky across Android and iOS.
Drupal, Phishing and A New Cryptomining Botnet (Security Boulevard) It’s a well-known fact that security solutions must quickly adapt to new attack methods. There are several ways to achieve this goal, regularly applying security patches and updates, relying on threat intelligence and more. At Imperva, we use pattern anomaly detection as one of the tools to identify emerging threats and build new defenses. Our
Onslaught of botnets hounds hospitality industry — Akamai (Back End News) While critical industries such as the financial sector have embraced and invested heavily in information security, the hospitality industry has been left wide open …
Hackers Targeting Online Retailers Can Cost Businesses Billions Of Dollars (Fortune) 90% of login attempts at online retailers come from hackers, a study says
Hackers account for 90% of login attempts at online retailers (Quartz) Hackers apply stolen data in a flood of login attempts, called "credential stuffing." They target bank accounts, airline miles, and even online grocery sites.
Inside look at lifecycle of stolen credentials and extent of data breach damage (Help Net Security) Shape Security's Credential Spill Report sheds light on the extent to which industries are impacted by credential stuffing attacks and account takeover.
Sizing Up The Scourge of Credential Stuffing (Threatpost) Over two billion credential were stolen in 2017 and contributed to the complex problem of credential spills, credential stuffing and account takeover fraud.
MoneyTaker Grabs $1m from PIR Bank (Infosecurity Magazine) Hacker group stole $1m and transferred money to 17 accounts at major Russian banks
Human Resources Firm ComplyRight Breached (KrebsOnSecurity) Cloud-based human resources company ComplyRight said this week that a security breach of its Web site may have jeopardized sensitive consumer information — including names, addresses, phone numbers, email addresses and Social Security numbers — from tax forms submitted by the company’s thousands of clients on behalf of employees.
Samsam infected thousands of LabCorp systems via brute force RDP (CSO Online) LabCorp, one of the largest clinical labs in the U.S., said the Samsam ransomware attack that forced their systems offline was contained quickly and didn't result in a data breach. However, in the brief time between detection and mitigation, the ransomware was able to encrypt thousands of systems and several hundred production servers.
Will this biz be poutine up the cash? Hackers demand dosh to not leak stolen patient records (Register) Tens of thousands of Canadian medical files, healthcare worker details snatched
Hackers hold 80,000 healthcare records to ransom (Naked Security) CarePartners said its forensic investigation identified 1500 affected records – the hackers say they took 80,000.
Navi Mumbai hospital under cyber attack, hackers demand bitcoins (NewsBytes) A private hospital in Navi Mumbai became the latest prey of hackers after its computer systems came under a malware attack. Cops said today that the attackers are demanding ransom in Bitcoins, a typ
Robotic Vacuums May Hoover Your Data (Dark Reading) Researchers have discovered a pair of vulnerabilities that allow unauthorized code execution in a robotic vacuum.
This Bot Tweets Photos and Names of People Who Bought 'Drugs' on Venmo (Motherboard) Venmo transaction data is public by default. But a programmer has taken that data stream and is tweeting the username and photos of users who buy 'drugs'.
Google Cloud outage caused by networking issue (CRN Australia) Outage affected Snapchat, Spotify, Discord, among others.
Security Patches, Mitigations, and Software Updates
Amazon Tests Out Two Tools to Help Keep Its Cloud Secure (WIRED) Amid frequent customer data exposures, Amazon Web Services is pushing to spot errors and promote access control.
WhatsApp limits message forwarding in bid to reduce spam and misinformation (TechCrunch) In a bid to cut down on the spread of false information and spam, WhatsApp recently added labels that indicate when a message has been forwarded. Now the company is sharpening that strategy by imposing limits on how many groups a message can be sent on to. Originally, users could forward messages o…
So long and thanks for all the fixes: ERPScan left out of credits on Oracle bug-bash list (Register) App security firm sanctioned in US over ties with Russia
Cyber Trends
Surprise! Top sites still fail at encouraging non-terrible passwords (TechCrunch) You would think that Amazon, Reddit, Wikipedia and other highly popular websites would by now tell you that "password1" or "hunter2" is a terrible password — just terrible. But they don't. A research project that has kept tabs on the top sites and their password habits for the last 11 years shows t…
Cybercrime drops in second quarter but makes up in severity (International Business Times, India Edition) Cryptomining tops as the most popular cybercrime for the quarter followed by ransomware and exploits.
Cybersecurity no longer top risk for telecom industry (Help Net Security) Telecommunications executives have relegated disruption from new technologies to third place in their risk top 5: the number one risk identified by 60
Cyber-Attacks by Vertical: Battle of the Sectors (Infosecurity Magazine) It’s not just banks and other financial businesses that are at risk, but every type of institution.
Capturing the conscience of the computing profession (Help Net Security) The ACM Code of Ethics and Professional Conduct is considered the standard for the computing profession, and has been adopted around the world.
Marketplace
Why Security Startups Fly - And Why They Crash (Dark Reading) What makes startups stand out in a market flooded with thousands of vendors? Funding experts and former founders share their thoughts.
Five Things To Mull In Taking Profits Or Going Long On Cybersecurity (Investor's Business Daily) Cybersecurity software stocks such as Palo Alto Networks, Proofpoint and Zscaler have had a big run, with analysts divided on whether it's time to take profits or go long ahead of earnings reports.
Tech Pressure on Privacy: National Security Requires a Fuller View of Corporate Social Responsibility (Just Security) The corporate world and the U.S. national security apparatus increasingly find themselves in conflict over technology and expertise.
McAfee Reorganization Apparently Triggers Channel Team Changes, Layoffs (ChannelE2E) Amid a McAfee reorganization, the cybersecurity company remains committed to channel partners, a spokesperson says. Still, there are unconfirmed reports of some McAfee layoffs & channel staff departures.
IBM Security: Covering Every Cybersecurity Base for M&E (Media & Entertainment Services Alliance) IBM Security’s portfolio of enterprise security products and services runs the gamut, covering applications, mobile, networks, data, the cloud, you name it, a
Products, Services, and Solutions
New TRITON Analysis Tool: Wireshark Dissector for TriStation Protocol (Nozomi Networks) In 2017, TRITON malware was used to attack a gas facility, directly interacting with its Safety Instrumented System (SIS). Given the significance of this attack, Nozomi Networks conducted research to better understand how TRITON works.
Today we released a Wireshark dissector for the TriStation protocol on GitHub to help the ICS community understand SIS communications. Our complete TRITON analysis will be presented at Black Hat USA 2018.
Vaccine Available for GandCrab Ransomware v4.1.2 (BleepingComputer) AhnLab, a South Korea-based cyber-security firm, has released today a vaccine app that blocks the GandCrab ransomware from taking root and encrypting users' files.
70 US Election Jurisdictions Adopt Free Website Security Service (Dark Reading) Hawaii, Idaho, North Carolina, and Rhode Island are among states now using gratis DDoS mitigation, firewall, and user access control service from Cloudflare.
Free New Scanner Aims to Protect Home Networks (Dark Reading) Free software pinpoints vulnerabilities and offers suggestions for remediation.
Diffy: A triage tool for cloud-centric incident response (Help Net Security) Diffy is an open source triage tool that allows incident response teams to quickly pinpoint compromised hosts during a cloud-centric security incident.
Proofpoint, Mimecast, And Imperva: Leaders Of Protecting My Email (Seeking Alpha) Email continues to be the main vector hackers use to infiltrate an enterprises' network security. Pure Storage claims their TAM is ~$12B with email protection c
How Microsoft 365 Security integrates with the broader security ecosystem—part 1 (Security Boulevard) First in a three part series that provides an in-depth look at how Microsoft 365 Security integrates into the broader cybersecurity industry.
Utimaco HSM protects digital wallets and cryptocurrencies - Help Net Security (Help Net Security) Utimaco partners with ThothTrust to protect digital wallets and their cryptocurrency assets with Utimaco HSMs and the CryptoScript Software Development Kit.
3 tools for cybersecurity guidance (Business Management Daily) What’s bugging you? Where do you look for the truth about cyberthreats?
Technologies, Techniques, and Standards
Why is America so bad at information wars? (Financial Times) ‘Russian-backed groups began populating US social media from the autumn of 2015 onwards’
How political campaigns can avoid cyberattacks (Fifth Domain) Tips for how political campaigns can change a broken cybersecurity culture.
Security Lessons to Learn From Tactics of Indicted Russian Hackers (eWEEK) The federal indictments of multiple Russian hackers that penetrated the Democratic National Committee’s describes in detail the tactics used to steal sensitive email and other information used to influence the 2016 U.S. presidential election.
The Fundamental Flaw in Security Awareness Programs (Dark Reading) It's a ridiculous business decision to rely on the discretion of a minimally trained user to thwart a highly skilled sociopath, financially motivated criminal, or nation-state.
6 Ways to Tell an Insider Has Gone Rogue (Dark Reading) Malicious activity by trusted users can be very hard to catch, so look for these red flags.
Reporting Malicious Websites in 2018 (SANS Internet Storm Center) Back in 2010 I wrote up a quick diary on how to report malicious websites at the end of your incident response process ... John C, a reader, asked for an update. Let's see how munch has changed in the past 8 years...
Engineering expertise is needed to secure control systems (Control Global) Network cyber security (IT and OT) is necessary, but NOT sufficient to secure control systems. Securing control systems require an engineering understanding of the systems and their impact, yet the engineers have not been adequately involved. There was a desire expressed by several key individuals about NSPE talking a more active role in control system.
For better electronic warfare, the Army and Marine Corps work together (C4ISRNET) The Army and Marines are conducting more cooperative exercises in electronic warfare.
The Army wants to build a better signals intelligence force (C4ISRNET) The Army is moving forward with integrating SIGINT, EW and cyber.
Accenture's Justin Harvey explains why cyber attribution isn't important (SearchSecurity) At RSA Conference 2018, Justin Harvey, managing director and lead of Accenture's FusionX Global Incident Response team, spoke about the declining importance of cyber attribution and the incident response challenges facing enterprises today.
Singapore to bolster threat intelligence sharing in financial sector (ComputerWeekly.com) Singapore’s Cyber Security Agency has partnered the Financial Services Information Sharing and Analysis Centre to glean cyber threat intelligence for the country’s financial industry
A step-by-step guide to disappear from the internet - Panda Security (Panda Security Mediacenter) Before you delete yourself from the internet, make sure that this is what you want. And if you are not 100% sure, create a backup of the information that you may need in the future.
Declassified files reveal how pre-WW2 Brits smashed Russian crypto (Register) Moscow's agents used one-time pads, er, two times – ой!
You’ve Just Attended a Security Conference: Now What? (Impact Networking) Attending a conference focused around business and IT security can be a very rewarding experience
Design and Innovation
The Two Biggest Disruptions To Cybersecurity Since The Invention Of The Firewall (Forbes) Two changes have had an enormous impact on cybersecurity.
Research and Development
Mitre is helping cyber vendors strengthen their products (Washington Business Journal) “If we can work far upstream directly with the vendors and improve them, we’re maximizing the impact Mitre can have,” says a cyber engineer at the McLean nonprofit research organization.
DARPA Awards GrammaTech $6.2M for Autonomous Botnet Neutralization Research (PRNewswire) GrammaTech has been working on this contract since April 2018 together with Assured Information Security (AIS), which is headquartered in Rome, New York...
Academia
Comodo Cybersecurity and Pittsburgh Technical College Empower Future IT Leaders (Markets Insider) Comodo Cybersecurity, a global innovator of cybersecurity solutions and a division of Comodo Security Solutions...
UWF cybersecurity student wins prestigious scholarship to encourage women in technology (Pensacola News Journal) UWF's Megan Morton placed second in an international scholarship competition that recognizes her drive to expand the cybersecurity field to women.
Legislation, Policy, and Regulation
NATO’s Real Spending Emergency Is in Cyberspace (Bloomberg.com) The alliance is all geared for a Russian troop invasion, but Putin is thinking digital.
Japan’s New Cybersecurity Strategy: Plugging The IoT Gap – Analysis (Eurasia Review) Japan should craft a new Cybersecurity Strategy to encourage risk-averse business leadership to tackle shadow IT and bring visibility and control on two key fronts: first, endpoint security to prot…
UK Gov Launches Consultation to Speed-Up Cybersecurity Strategy
(Infosecurity Magazine) The DCMS launches a consultation to develop the cybersecurity profession in the UK
South Korea says sanctions shrank North Korean economy at sharpest... (Reuters) North Korea’s economy contracted at the sharpest rate in two decades in 2017, South Korea’s central bank estimated on Friday, as international sanctions and drought hit growth hard, with signs living conditions were beginning to deteriorate.
Australian govt urged to abandon decryption legislation (CRN Australia) Letter sent to MPs warns against 'risky' precedent.
Justice Department plans to alert public to foreign operations targeting U.S. democracy (Washington Post) The effort is designed to foil covert operations such as the one Russia undertook in 2016 to disrupt the presidential election.
White House names Grand Schneider to top cyber post (Federal Times) Grant Schneider was officially named the federal chief information security officer, a position he'd previously held in an acting capacity.
Why self-regulation is better than legislative regulation (TechCrunch) Self-imposed third-party algorithm audits should become the norm to prevent overly restrictive government regulations.
Litigation, Investigation, and Law Enforcement
'Russian spy' Guccifer 2.0 had steamy online affair with former Playboy model and Bond girl (The Sun) A FORMER Playboy model and Bond girl had a steamy online affair with an alleged Russian spy accused of tampering with the US election, Sun Online can reveal. Brunette Robbin Young said she “f…
The Russians Who Allegedly Hacked the DNC Sexted a Playboy Model and 'Bond Girl' (Motherboard) “All I want to do now is look at u again and again.”
UK Puts Huawei on the Naughty Step for Security Issues (Infosecurity Magazine) Report finds Huawei's products have underlying engineering issues
UK government panel issues inconclusive Huawei security report (TechCrunch) Huawei’s had a rough go of it here in the States, after concerns around ties to the Chinese government have left the company scrambling to gain a commercial toehold. Over the past several years, top U.K. security officials have also put the company under the microscope over potential security conce…
Huawei Cyber Security Evaluation Centre (Hcsec) Oversight Board Annual Report 2018 (HCSEC) This is the fourth annual report from the Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board.
We need a new law to punish the Skripal poisoners (Times) Russia has spun a dozen toxic fairytales in the wake of the Salisbury poisoning in March. Here are a few: Novichok was stored in Ukraine; it was a British attempt to divert attention from a...
S. Korean ex-leader sentenced to 8 more years in prison (AP News) A South Korean court on Friday sentenced former South Korean President Park Geun-hye to an additional eight years for abusing state funds and violating e
GP ‘sought web hitman to murder financial adviser’ (Times) A retired family doctor tried to hire a hitman from a “Chechen Mob” website to kill a financial adviser, a court was told yesterday. David Crichton, 64, is alleged to have had a vendetta against...
Ex-Apple employee pleads not guilty in trade secret case (CRN Australia) Accused of stealing 25-page blueprint for autonomous vehicle component.
