Cyber Attacks, Threats, and Vulnerabilities
Intel director Dan Coats warns of 'cyber-9/11,' tells Aspen conference Russia is one threat among many (Fox News) President Trump should have issued a more full-throated condemnation this week of Russian election meddling in the 2016 presidential election, Director of National Intelligence Dan Coats said Thursday at the Aspen Security Forum.
What a Cyber 9/11 Would Mean for the U.S. (Fortune) Worst case scenario.
Rosenstein Warns Russia Is Only One Tree in Forest
(Infosecurity Magazine) The 2018 Aspen Security Forum highlights cyber-threats to the US.
U.S. Homeland Security Secretary Warns Of Russian Interference In Upcoming Votes (RadioFreeEurope/RadioLiberty) U.S. Homeland Security Secretary Kirstjen Nielsen has said the United States must be ready to resist attempted Russian interference in the country's elections later this year.
DHS chief backs up intel assessment that Russia interfered in US elections (TheHill) Secretary of Homeland Security Kirstjen Nielsen on Thursday said she agreed "full stop" with the Obama-era intelligence assessment that Russia tried to interfere in the 2016 presidential election.
Microsoft Says Russia Has Already Tried to Hack 3 Campaigns in the 2018 Election (Fortune) A group of hackers believed to be tied to Russia’s military have launched spear-phishing campaigns against at least three candidates running for election in 2018, a Microsoft executive said Thursday.
Ex-NSA official: Russian hack of Democrats was 'assembly line operation' (Yahoo) The indictment of 12 Russian intelligence officers gave the public a glimpse into how large Moscow's hacking operation truly is, cybersecurity expert Oren Falkowitz says.
Russia planning massive cyber attack on the UK following diplomatic row over Novichok (MIrror) Security chiefs are convinced Vladimir Putin is intent on causing disruption to undermine Britain following finger-pointing over deadly planting of Novichok in Salisbury
Cambodian Rights Group Hacked Amid Concerns Over China-Linked Cyber Espionage Group (Radio Free Asia) A week ago, TEMP.Periscope infiltrated the computers of several stakeholders in an upcoming election.
Hackers Stole a Third of Singapore's Healthcare Data, Including Prime Minister's (BleepingComputer) Singapore's Ministry of Health (MOH) revealed today that a hacker had breached its IT systems and stolen personal and health-related data on roughly 1.5 million citizens.
SingHealth cyberattack likely by nation state, medical data ‘can fetch a high price’: Experts (Channel NewsAsia) The medical data of a high-ranking government official can also be used to “coerce” the person to provide access to otherwise out-of-reach ...
SingHealth cyber attack: SMS notifications sent to more than 700,000 patients (The Straits Times) More than 700,000 patients who visited SingHealth's specialist outpatient clinics and polyclinics have received text message notifications from SingHealth on whether their data had been stolen, said SingHealth in a statement on Saturday evening (July 21).
SingHealth cyber-attack: what are the concerns? (Enterprise Innovation) It would be unwise to think we have little to worry about over the recent cyber-attack on SingHealth. Identity theft, cyber-espionage, cyber-terrorism and obstacles to Singapore's 'smart nation' initiatives are key concerns.
Shock, anger and worry about stolen data being misused (The Straits Times) Victims of Singapore's largest data breach have expressed shock and anger, saying they are concerned that their personal information could be misused since it has fallen into wrong hands.
SingHealth hack 'worrying' for Singapore but govt response lauded (The Business Times) Cybersecurity experts praised the government's swift response to the cyberattack on SingHealth, but noted that it is "worrying" for Singapore's Smart Nation drive and industries that rely heavily on public confidence.
SingHealth cyber attack: Bite the bullet and reboot Smart Nation (The Straits Times) Cyber attacks have become a way of modern life and show how vulnerable Singapore's Smart Nation endeavours are to such threats, writes ST senior tech correspondent Irene Tham.
SingHealth Scammers Try to Cash in on Major Breach (Infosecurity Magazine) Hackers Stole Data on 1.5 million Patients
Robotics Supplier Error Leaks Decade of Data from Carmakers (Infosecurity Magazine) VW, Chryster, Ford, GM, Tesla and more affected by privacy leak
‘Big Red Flag’: Automakers’ Trade Secrets Exposed in Data Leak (New York Times) A small contractor’s unguarded server accidentally revealed a trove of corporate documents from Tesla, Toyota, Volkswagen and other manufacturers.
Data breach exposes trade secrets of carmakers GM, Ford, Tesla, Toyota (TechCrunch) Security researcher UpGuard Cyber Risk disclosed Friday that sensitive documents from more than 100 manufacturing companies, including GM, Fiat Chrysler, Ford, Tesla, Toyota, ThyssenKrupp, and VW were exposed on a publicly accessible server belonging to Level One Robotics. The exposure via Level On…
Increase in Attacks on GPON Routers (eSentire) eSentire Threat Intelligence has observed an increase in exploitation attempts targeting consumer grade network devices manufactured by Dasan and D-Link.Cu...
eSentire Observes an Increase in Exploitation Attempts Against Routers (eSentire) On July 19, 2018, eSentire observed an increase in exploitation attempts targeting Small-Office/Home Office (SOHO) network devices manufactured by Dasan an...
Got Huawei router? Here's a warning (Gadget Now) According to a report in Bleeping Computer, this new botnet was first spotted this week by security researchers from a cybersecurity company called NewSky Security.
DNS rebinding attack puts half a billion IoT devices at risk (HackRead) A billion smart devices being used around the globe are vulnerable to a decade-old attack called DNS rebinding.
Facebook Suspends Analytics Firm on Concerns About Sharing of Public User-Data (Wall Street Journal) Facebook said it was suspending analytics firm Crimson Hexagon while it investigates whether the firm’s government contracts violate Facebook policies.
Hackers Breach Russian Bank and Steal $1 Million Due to Outdated Router (BleepingComputer) A notorious hacker group known as MoneyTaker has stolen roughly $1 million from a Russian bank after breaching its network via an outdated router.
Sinister Emojis & Critical Oracle Patch Among New Cybersecurity Worries (Credit Union Times) Emojis have become the bait-of-choice for scammers.
Adult Site Blackmail Spammers made Over $50K in One Week (BleepingComputer) After examining 42 bitcoin addresses associated with a current extortion scam, it was discovered that over $50,000 USD in payments have been made.
Beware of freebies on internet, Kaspersky Lab warns (Vanguard News) Kaspersky Lab experts have warned internet users to be wary of fake websites offering gift cards online. They said cybercriminals are able to “sell” users’ data registered for the gifts to third party partner sites, to which they redirect victims.
Who Are ComplyRight's Security Employees? (Infosecurity Magazine) Post-breach efforts to talk with ComplyRight's security department turn up empty for Brian Krebs.
Renewable resources can increase cyber threats (Control Global) Renewable resources are good for the environment and reduce consumer costs but they are not a panacea to reducing electric grid cyber threats as utility-scale solar facilities can utilize hundreds of thousands of solar panels with little to no cyber security.
Alert: Gmail users warned of cyber attack (Khaleej Times) The new feature can require users to click a link in order to access the messages.
What the Incident Responders Saw (Dark Reading) New report on IR professionals' experiences reveals just how advanced attackers, such as nation-state hackers, dig in even after they're detected.
Security Patches, Mitigations, and Software Updates
Adobe Patches Vulnerability Affecting Internal Systems (SecurityWeek) Adobe patches potentially serious code injection vulnerability affecting some of its internal systems, but the company downplayed its impact
Cyber Trends
5 Fierce Facts About Cybersecurity You Probably Don’t Want to Hear (NULL TX) Just when you thought you'd heard the worst, new research reveals some alarming findings about cybersecurity.
How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape: The Growth of Miners (FireEye) Cyber criminals tend to favor cryptocurrencies because they provide a certain level of anonymity and can be easily monetized.
A Cyber Axis of Evil is Rewriting the Cyber Kill Chain (SecurityWeek) Carbon Black's Tom Kellermann doesn't think an understanding of the source of the attacks is an important as an understanding of how they are being operated.
Insider security threats fall following GDPR (IT Pro Portal) Some cyber threats are shrinking in the UK and Germany, new research suggests.
Marketplace
Exploring the dynamics of the attacker economy (Help Net Security) Global software companies are increasingly turning to attackers for help identifying security vulnerabilities in their offerings, and they’re not alone.
Pay-n-pray cybersecurity isn’t working. What if we just paid when it works? (Digital Trends) Like home security, people would often rather not think about cybersecurity once they’ve paid for it. They’d rather pay and pray.
With cyber forces underequipped, DoD turns to rapid prototyping contracting (Fifth Domain) DoD is using rapid prototyping authorities to equip its cyber warriors.
How Will Healthcare Cybersecurity Issues Impact Acquisitions? (Security Intelligence) Healthcare cybersecurity is now the primary concern during acquisitions in this expanding industry. Business owners can take proactive steps to secure digital infrastructure before issues arise.
China Mobile may well have paid the price of the trade war (South China Morning Post) The Chinese telecoms company’s application to build its own network in America has been denied by US officials on the grounds of national security. But it is hard not to see the decision as fallout from the Sino-US trade war
ZTE ready to recapture IT market as US lifts ban (Daily Times) In a major development, the United States has lifted its trade ban on China’s telecom giant, ZTE, making way for the company to once again commence trade with American companies after three months of being unable to do so. “Secretary of Commerce Wilbur Ross announced that Zhongxing Telecommunications Equipment Corporation of Shenzhen, China (“ZTE …
Cybersecurity Stocks Are Red-Hot As Election Looms (Nasdaq) Over the past few years, the digital and tech world has been witnessing an explosion in cyberattacks that take all manner of incarnations-- DDoS (distributed denial-of-service) attacks, corporate espionage, malware, ransomware and full-on campaign hacking.
Buy This Cybersecurity ETF Before Midterms (Seeking Alpha) We're increasingly living in a digital world where securing all of our personal information and data is becoming top priority. After the Russian hacks on the 20
Tall Poppy aims to make online harassment protection an employee benefit (TechCrunch) For the nearly 20 percent of Americans who experience severe online harassment, there’s a new company launching in the latest batch of Y Combinator called Tall Poppy that’s giving them the tools to fight back. Co-founded by Leigh Honeywell and Logan Dean, Tall Poppy grew out of the work…
Novetta Launches Machine Learning Center of Excellence (PRNewswire) Focal point for mission-focused machine learning engineering, research and development, and collaboration
Zix Corporation Has Been On A Tear Since February 2018 (Seeking Alpha) Cybersecurity is a hot sector in 2018 - Zix is riding the trend.
Auto Immune - A Simple Metaphor Has Helped Darktrace Achieve Unicorn Status (Forbes) With its R&D in the US and a second headquarters in San Francisco, Darktrace has has global sales on its mind since day one. CEO Nicole Eagan explains how a cybersecurity company founded in 2013 has attained unicorn status in just five years
CyberMDX Raises to $10M to Fight The Inevitable Rise of Medical Hackers (AlleyWatch) A company that is embarking on an honorable institution: to protect the places that are saving lives
Report: CGI Federal Lands $530M Cyber Task Order Under CDM DEFEND (GovCon Wire) CGI’s (NYSE: GIB) federal business has received a potential $530 million task order to provide cyber
Cyber media company in Fulton raising $1.8 million to add staff, products (Baltimore Business Journal) A cyber-focused media company located in Fulton is looking to raise up to $1.8 million as it aims to grow its staff and product lines.
Deloitte launches women in cyber initiative to help close tech gender gap (Accountancy Age) Currently women only represent 11% of the global cyber security workforce despite talent shortages in the cyber industry
RiskIQ Taps Growth Leader Dan Schoenbaum as President and Chief Operating Officer (GlobeNewswire News Room) Distinguished Tech Executive to Help Digital Threat Management Leader Drive Growth
Products, Services, and Solutions
Verimatrix Announces Veriteem Distributed Ledger Technology to Address Security Gaps for Blockchain Applications (PRNewswire) Open Source Technology Creates Foundation to Build Secure Compliance Ledger for IoT Applications
ForgeRock rolls out technical sandbox for Open Banking testing (Paypers) ForgeRock, a platform provider of digital identity management solutions, has announced the availability of the ForgeRock Open Banking Directory.
IBM sees its future in blockchain (TheStreet) IBM says that its 'strategic imperatives' -- which include cloud, security and analytics -- made up more than half of its Q2 revenues.
Symantec Improves Email Security With Threat Isolation Technology (eWEEK) Symantec brings its threat isolation capabilities to email in an effort to help protect organizations against phishing and ransomware attacks.
Equinix completes integration of Verizon data centres (The Stack) Equinix has finished the integration of Terremark Federal Group (TFG) into its government portfolio, finishing its integration of 29 Verizon data centres.
DPI solution from Rohde & Schwarz helps Indigo Software reach new high in customer satisfaction (Rohde & Schwarz) Indigo Software embeds the deep packet inspection (DPI) engine R&S®PACE 2 into their web application security solution to enhance network protection and management. With the new traffic analytics capabilities, Indigo Software has been empowered to expand their business to highly regulated industries and markets.
Technologies, Techniques, and Standards
How Americans Wound Up on Twitter's List of Russian Bots (WIRED) Researchers analyzing the pattern of tweets say 20 or more real Americans may have been erroneously included on a list given to Congress, and later publicized.
FERC directs enhanced reporting of cyberattacks on US power grid (S&P Global) US federal regulators Thursday directed the nation s grid electric reliability organization to expand requirements to report cybersecurity incidents to include unsuccessful attacks that might lay the
Why the Best Defense Is a Good Offensive Security Strategy (Security Intelligence) When many people think about offensive security, they picture a mysterious figure wearing a hoodie, sitting behind a black-and-green terminal, diligently typing away as he probes enterprise networks. But the cybersecurity world has evolved well beyond this Hollywood hacker stereotype.
Financial Industry Insiders Put the Keys to the Kingdom at Risk (SecurityWeek) Monitoring for illicit insider activity shouldn’t focus exclusively on dark web and criminal forums. Instead, start by looking inside.
How to Protect Businesses from Phishing, Spear-Phishing and Whaling (Technology Solutions That Drive Business) As scams get more sophisticated, IT teams must increase their cyberawareness.
Here's what cybersecurity professionals at companies actually do, and why they're so vital (CNBC) A rundown of all the roles filled by the Chief Information Security Officer (CISO) and staff, with real-world examples of problems that can occur in each role.
Top Army cyber leaders visit Muscatatuck cyber training exercise (DVIDS) Senior leaders from United States Army Cyber Command and Army Intelligence and Security Command visited Muscatatuck Urban Training Center for a cyber test and evaluation exercise.
Muscatatuck’s cyber warfare training interests Army secretary (The Republic) Rapid developments in cyber warfare and the need for those skills to defend the United States make Muscatatuck Urban Training Complex important, the secretary of the U.S. Army said. Mark T. Esper visited the military installation in Jennings County on Friday afternoon as part of his assessment of the state's military readiness. A
Research and Development
AI Companies & Cybersecurity:The Race To Build Artificial Intelligence Defenses (Investor's Business Daily) Artificial intelligence, for all its promise, presents grave risks if put in the wrong hands. But startup AI companies, cybersecurity firms and tech giants like Google aim to fight the bad guys with their own AI. For investors tracking AI’s impact, cybersecurity is a key sector to watch.
Academia
Army partners with UMBC to train tool developers for the future fight (DVIDS) FORT GEORGE G. MEADE, Md. – The 780th Military Intelligence (MI) Brigade (Cyber) has partnered with the University of Maryland Baltimore College (UMBC) Training Center to design a Tool Developers Qualification Course (TDQC) which produces computer programmers for the U.S. Army and the fourth class graduated on July 13 at the post theater.
Visually impaired students get taste of cyber careers at Cyber Summer Camp (Bossier Press-Tribune) A week-long cyber summer camp gave visually impaired high schoolers a taste of cyber curriculum and inspired them to pursue careers in the field. The July 16-20 camp culminated Friday at the Louisiana Association for the Blind’s Low Vision Rehabilitation Facility in Shreveport. Funded by L.A.B. and led by NICERC (National Integrated Cyber Education Research …
Legislation, Policy, and Regulation
NSA Chief Forms Group to Counter Russian Threat (Bloomberg.com) Paul Nakasone, U.S. cyber commander and director of the National Security Agency, confirmed that he’s created a special task force to address Russian threats in cyberspace.
The Guardian view on cybersecurity: trust – but verify (the Guardian) Editorial: The use of Chinese-made equipment in Britain’s broadband infrastructure demands, and gets, careful scrutiny
Congress Ends Bid to Undo Trump Deal to Save China’s ZTE (Wall Street Journal) Congress abandoned a bipartisan attempt to undo President Donald Trump’s deal with Beijing to save Chinese telecommunications giant ZTE Corp.
Can Anything Stop Cyber Attacks? (Knowledge@Wharton) The U.S. must wake up to the seriousness of cyber attacks on its economy and way of life, experts said at the Penn Wharton Budget Model’s Policy Forum.
DHS official: States must be 'much more precise' when requesting election security funding (TheHill) The head of the Department of Homeland Security’s (DHS) cyber and critical infrastructure protection efforts said Friday that states must be "much more precise" in their election security funding requests to Congress.
Who Should Foot the Bill for a Secure Election System? (The Fiscal Times) In a party-line vote, House Republicans on Thursday blocked a Democratic effort to boost election security fundi
Litigation, Investigation, and Law Enforcement
Canada spies denied warrant to collect intelligence abroad (The Straits Times) The Canadian Security Intelligence Service (CSIS) cannot spy outside of Canada unless national security is clearly at risk, a federal court judge ruled, denying the agency a warrant to do so.. Read more at straitstimes.com.
Ecuador may be close to ejecting WikiLeaks founder Julian Assange from its London embassy (WFMY) Ecuador appears close to ejecting WikiLeaks' founder from embassy
Russian billionaire with U.S. investments backed alleged agent Maria Butina, according to a person familiar with her Senate testimony (Washington Post) Konstantin Nikolaev, a transportation magnate who was in Washington during President Trump’s inauguration, was in contact with Butina as she launched a gun rights group.
Slovak company joins forces with Europol’s cybercrime centre (Slovak Spectator) ESET’s researcher will represent the Slovak cyber-security company at the Europol advisory group on internet security.
The Clinton State Department’s Major Security Breach That Everyone Is Ignoring (The Daily Signal) The media virtually ignored an exchange between Rep. Louie Gohmert and the FBI's Peter Strzok that revealed a potential bombshell.