Cyber Attacks, Threats, and Vulnerabilities
False alarm: Democrats say feared hack attempt was actually just a test (CNN) The Democratic National Committee said late Wednesday night that what it had earlier feared was the beginning of a sophisticated attempt to hack into its voter database, was, in fact, an unauthorized "simulated phishing test" and not an actual attempt to hack into its systems by an adversary.
Analysis | The Cybersecurity 202: DNC says hack attempt on its voter database was a false alarm (Washington Post) It was actually just a test.
Lookout discovers phishing site targeting DNC (Lookout) As reported by The Washington Post and CNN today, Lookout has discovered a customer phishing kit targeted at the Democratic National Committee (DNC) via a third-party technology provider NGP VAN.
Lazarus Group Deploys Its First Mac Malware in Cryptocurrency Exchange Hack (BleepingComputer) Lazarus Group, the North Korean hackers who hacked Sony Films a few years back, have deployed their first Mac malware ever, according to Russian antivirus vendor Kaspersky Lab.
Islamic State Leader Urges More Attacks In First Purported Audio In Year (RadioFreeEurope/RadioLiberty) The leader of the Islamic State extremist group in his first purported audio recording in a year is urging his followers to keep fighting the group's enemies around the world despite recent defeats.
Organizations Hit With North Korea-Linked Ryuk Ransomware (SecurityWeek) A recent wave of Ryuk ransomware attacks against organizations around the world can be linked to a notorious North Korean threat actor.
Dark Tequila: A Distilled Threat for Mexican Targets (Threatpost) Dark Tequila, which has been active since 2013, is highly modular and targets victims in Mexico.
Iran Emerges as Latest Threat to Facebook and Twitter (WIRED) The social media companies removed hundreds of fake accounts with links to Iran and Russia that were engaged in "coordinated inauthentic behavior."
How FireEye Helped Facebook Spot a Disinformation Campaign (New York Times) The cybersecurity company has shifted its attention to detecting disinformation and uncovering social media campaigns intended to influence politics.
How Microsoft Tackles Russian Hackers—And Why It's Never Enough (WIRED) Microsoft has once again taken down Russian phishing sites, but that won't deter them for long.
Europe Worries as Facebook Fights Manipulation Worldwide (New York Times) The social network’s disclosure of a new misinformation effort shows manipulation of its platform isn’t a phenomenon limited only to Americans.
New Spyware Framework for Android Discovered (SecurityWeek) A newly identified spyware framework called Triout can be used to build extensive surveillance capabilities into Android applications, Bitdefender security researchers warn.
Triout - The Malware Framework for Android That Packs Potent Spyware Capabilities (Bitdefender) Android malware is neither new nor scarce. If anything, the proliferation of Android devices – from smartphones to tablets and smart TVs – has sparked renewed interest among malware developers in new and potent threats.
Attackers Using 'Legitimate' Remote Admin Tool in Multiple Threat Campaigns (Dark Reading) Researchers from Cisco Talos say Breaking Security's Remcos software allows attackers to fully control and monitor any Windows system from XP onward.
Spyware Company Leaves ‘Terabytes’ of Selfies, Text Messages, and Location Data Exposed Online (Motherboard) A company that sells surveillance software to parents and employers left “terabytes of data” including photos, audio recordings, text messages and web history, exposed in a poorly-protected Amazon S3 bucket.
Critical Apache Struts 2 Flaw Allows Remote Code Execution (SecurityWeek) Apache Struts 2 developers release updates that patch a critical remote code execution vulnerability tracked as CVE-2018-11776
Semmle Discovers Critical Remote Code Execution Vulnerability in Apache Struts (CVE-2018-11776) (Semmle) Today, the Apache Software Foundation announced a critical remote code execution vulnerability in Apache Struts, a popular open source framework for developing web applications in the Java programming language.
Airmail 3 Exploit Instantly Steals Info from Apple Users (Threatpost) Attackers can abuse URL requests processed by an email program for Mac to steal files from the victim -- sometimes without user interaction.
Reevaluate "low-risk" PHP unserialization vulnerabilities, researcher says (CSO Online) Over nearly a decade, PHP unserialization vulnerabilities have become a popular route for cyber-criminals to plant remote code execution or deliver other malware into systems. But new research, introduced at Black Hat this month, shows that malevolent hackers can introduce this vulnerability, even in environments that were previously considered low-risk for this attack.
Belkin IoT Smart Plug Flaw Allows Remote Code Execution in Smart Homes (Threatpost) An unpatched buffer overflow flaw allows remote attackers to completely take over the device and enter the home network.
Netflix, HBO GO, Hulu passwords found for sale on the Dark Web (Naked Security) On average, they’re fetching $8.71 (about £6.60) for one-time use, though some sellers are also selling bundles of accounts at higher prices.
Superdrug Held to Ransom After Breach (Infosecurity Magazine) High street retailer said to have spilled data on 20,000 customers
What a Forensic Analysis of 'Worst Voting Machine Ever' Turned Up (Dark Reading) University of Copenhagen associate professor discusses what he found when he dug into some decommissioned WinVote voting machines.
Serious Security: How to stop dodgy HTTP headers clogging your website (Naked Security) It’s been dubbed ReDos, for Regular Expression Denial of Service – where a few rogue HTTP requests could clog your whole site.
Fifty per cent of councils in England rely on unsupported server software (Computing) Lack of updates makes councils in England security targets
Cybercriminals Are Leveraging Agile Development, Organizations Must Keep Pace (SecurityWeek) Security teams need to adopt a more agile approach that enables them to not only see and defend against attacks, but also to predict where attacks are most likely to occur.
An introduction to the Chinese-language underground (IDG Connect) We speak to Mark Schaefer, an analyst on Flashpoint’s Asia-Pacific team, about the threat from the Chinese-language cybercriminal underground.
Babysitting app suffers ‘temporary data breach’ of 93,000 users (Naked Security) Babysitting-booking app Sitter “temporarily” exposed the personal data of 93,000 account holders, according to a researcher who recently discovered the trove of data using the Shodan Internet of Th…
1,464 Western Australian government officials used ‘Password123’ as their password. Cool, cool. (Washington Post) Try just a little harder, folks.
Security Patches, Mitigations, and Software Updates
Adobe Patches Critical Photoshop Flaws in Unscheduled Update (Threatpost) The two vulnerabilities are critical remote code execution flaws that exist in Adobe Photoshop CC.
Facebook Removes Data-Security App From Apple Store (Wall Street Journal) Facebook pulled its data-security app Onavo from Apple Inc.’s app store after the iPhone maker ruled that the service violated its data-collection policies.
It Takes an Average 38 Days to Patch a Vulnerability (Dark Reading) Analysis of 316 million-plus security incidents uncovers most common types of real-world attacks taking place within in-production Web apps in the AWS and Azure cloud ecosystems.
3 trends in the future of cyber conflict (C4ISRNET) Data will be more coveted, humans are the new attack vector and the homeland is increasing at risk in cyber conflicts of the future.
SMB Cybersecurity Report (Switchfast) Check your IT infrastructure against our report, which highlights the areas where small businesses become too complacent with their cybersecurity.
Ivanti Survey Reveals Tension in IT Departments between (Business Insider) Ivanti, the company that unifies IT to better manage and secure the digital workplace, today announced survey ...
Who owns application security? (Help Net Security) Information security is hard enough already, but it gets much easier when the whole team pulls together towards a common goal.
tCell Finds Web Application Attack to Breach Ratio Still High With Cross-Site Scripting (XSS) and SQL Injection the Most Common (PRNewswire) New application security report on Q2 2018 threats evaluated more than 300 million incidents to determine the most prevalent types of real-world attacks in cloud-based web applications
Untrusted, low-quality data is hurting decision-making in business (Computing) Organisations are overconfident when it comes to data-driven decision making
Security of smart utilities leaves a lot to be desired (Help Net Security) The security of smart utilities should be a primary concern. Unfortunately, digital security remains unimplemented during utility modernization.
IoT security: The work on raising the bar continues (Help Net Security) As the number of connected devices grows, so do IoT security challenges. However, the goal should be not to eliminate new technology, but to maximize value.
Bitglass study finds that EMEA cloud adoption continues to outpace rest of the world (GlobeNewswire News Room) EMEAimage desc for 1 cloud adoption has increased to 84image desc for 2 percent; 5 in 6 companies analysedimage desc for 3 have deployed at least one cloud application
Imperva Survey Reveals Nearly One-third of Organizations Still Not Completely Prepared for GDPR (BusinessWire) Imperva survey conducted at the Infosecurity Europe reveales that 28 percent of organizations do not feel completely compliant with GDPR.
Google Tried to Change China. China May End Up Changing Google. (New York Times) Google once held itself up as proudly nonconformist. A decision to abide by Chinese censors would mark a new era for the company — one of conventionality.
Microsoft's anti-hacking efforts make it an internet cop (Tristate Homepage) Intentionally or not, Microsoft has emerged as a kind of internet cop by devoting considerable resources to thwarting Russian hackers.The company's announcement Tuesday that it had identified and forced the removal of fake internet domains mimicking conservative U.S. political institutions triggered alarm on Capitol Hill and led Russian officials to accuse the company of participating in an anti-Russian witch hunt.
Leaving the SecurityWeek ICS Cyber Security Conference (Control Global) I have decided to discontinue my participation in the SecurityWeek ICS Cyber Security Conference. I will continue to participate in control system and ICS cyber security conferences, my Managing Directorship of ISA99, the blogsite at www.controlglobal.com/unfettered , and my focus on instrumentation and control system cyber security, reliability, and safety. I also will continue to provide independent expert support to end-users, vendors, and government organizations. Additionally, I look forward to continue being an evangelist and keynote speaker for the need to secure these critical, but not well-understood systems.
XTN Establishes North American HQ, Expands Global Reach & Leadership Team (XTN) XTN Inc., provider of advanced security and anti-fraud solutions based in Italy, today announced it has established
Products, Services, and Solutions
Caveonix Announces Proactive Risk Management Platform for VMware Cloud Provider Partners (PRNewswire) Company Releases RiskForesight 2.0 platform and supports VMware Cloud Provider Program (VCPP) as Independent Software Vendor (ISV) partner at VMworld 2018 US
Coalition Introduces Service Fraud Coverage (The Coalition) Citing the rise in cloud services and cryptomining-driven fraud, Coalition, the leading technology-enabled cyber insurance solution, today announced the first cyber insurance product to protect organizations against fraudulent use of their IT and telephony services, including cloud- and Internet-based services.
Polyverse Thwarts PHP Vulnerabilities, WordPress Attacks (Polyverse) Polyverse Corporation today announced its R&D project, Polyscripting, stops all PHP code injection and execution vulnerabilities detailed in a whitepaper recently released by Secarma Labs.
Fortanix addresses enterprise blockchain security requirements with private key protection (Help Net Security) Fortanix SDKMS delivers new encryption-based data protection and cryptographic algorithms to help address blockchain security gaps.
Exabeam and Okta partner to deliver security detection and response for identity (Help Net Security) The joint Exabeam and Okta solution will help security teams to monitor and protect enterprises against credential-based threats.
SailPoint’s IdentityIQ extends identity governance for AWS and SAP environments (Help Net Security) With IdentityIQ 7.3, SailPoint expands the definition of identities to govern non-human identities such as software bots, including RPA bots.
Intello and OneLogin partner to offer visibility into SaaS utilization (Help Net Security) Through this partnership, IT and tech security leaders and enterprise CIOs and CISOs, can manage their organization’s SaaS spend, usage, and compliance.
Pulse Secure Recognized as Leading Hybrid IT Secure Access Platform Vendor (Pulse Secure) Pulse Secure provides a consolidated offering for access control, SSL VPN, and mobile device security. Contact Pulse Secure at 408-372-9600 to get a free demo.
NSA approves tablet and communicator for Five Eyes special forces (C4ISRNET) NSA approves new secure communication device for immediate adoption by special forces.
Technologies, Techniques, and Standards
Wall Street Finds Limits with Current AI Applications (Wall Street Journal) Experts who are experimenting with various aspects of artificial intelligence at Goldman Sachs Group Inc. and Morgan Stanley say artificial intelligence could be useful in detecting fraud and reducing errors in algorithmic trading, but there are still many limitations with the technology as it exists today.
Victimology: Target Association (ThreatQuotient) In a previous life, I managed two SOCs with 40+ analysts each, where a large component of the team was dedicated to threat intelligence
Timeline Analysis to Identify Campaign Attacks (ThreatQuotient) Building from our previous spearphish investigation, let’s continue to dissect the robertwanger [at] aol.com spearphish attacks.
Attack Attribution (ThreatQuotient) This is the third and final blog in my series on victimology. Now that we have a relatively decent baseline, we can start to compare other spearphish
The single sign-on account hijacking threat and what can we do about it? (Help Net Security) Single sign-on (SSO) lets users avoid creating and managing accounts across different services, but can users remediate an account takeover?
Army leaders say this is the service’s ‘secret sauce’ (C4ISRNET) Enemies have begun to recognize and develop strategies to attack a key weapon system.
Design and Innovation
Facebook Is Rating Users' Trustworthiness, But It Won't Say How (Motherboard) In an effort to fight fake accounts and misinformation, Facebook is implementing a scale that ranks users’ trustworthiness from zero to one.
Research and Development
empow Drives SIEM Innovation with Six Patents Granted and 10 Pending (PRNewswire) Company's high patent volume focuses on using true artificial intelligence, natural language processing, security infrastructure abstraction and other innovations to automatically detect and respond to cyber attacks
Legislation, Policy, and Regulation
Australia bans Huawei, ZTE from 5G network (CRN Australia) In light of security concerns.
How the Defense Department views China’s cyberthreat (Fifth Domain) The Defense Department believes that China will use cyber as a way to deter future attacks, according to a new report.
EU unlikely to heed British call for more Russia sanctions (Reuters) The European Union is unlikely to heed London's call for it to match the latest U.S. sanctions against Moscow over an attack on a former Russian spy in Britain earlier this year, diplomats in Brussels said.
U.S. Widens Russia Sanctions Amid Calls They Don’t Go Far Enough (Wall Street Journal) The Trump administration imposed new sanctions against Russia, escalating U.S. diplomatic pressure on Moscow as the White House tries to fend off a push by lawmakers to deploy even-more-potent tools to cripple the Russian economy.
Sanctions on Russia Are Working (Foreign Affairs) On August 8, the Trump administration announced new sanctions on Russia in response to its use of the nerve agent Novichok to poison Sergei Skripal, a former Russian military intelligence officer, and his daughter, Yulia, in the United Kingdom in March. The penalties are set to go into effect in the coming days. Congress will soon consider further sweeping measures against Russia in retaliation for the chemical attack.
Russia to spurn certain U.S.-made electronic goods regardless of sanctions: RIA (Reuters) Russia plans to stop buying electronic devices and components from the United States that can be used for both civilian and military purposes regardless of new U.S. sanctions, Russian lawmaker Alexei Kondratiev was quoted as saying on Thursday.
Not Too Early to Start to Prepare for New California Privacy Law (Lexology) In late June, the California legislature signed into law Assembly Bill 375 (AB 375) as the California Consumer Privacy Act of 2018…
Litigation, Investigation, and Law Enforcement
How a hacker network turned stolen press releases into $100 million (The Verge) International hackers based in Ukraine stole unpublished press releases and passed them to stock traders to reap tremendous profits.
Rights Group Demands Government Take Action on Nuisance Calls (Infosecurity Magazine) ICO should be allowed to fine directors, argues Which?
Using smart meter data constitutes a search, but court allows them anyway (Naked Security) US cities using smart meters narrowly escaped a legal problem this month when a court decided that the benefits of these IoT devices outweighed the privacy issues created by collecting detailed hom…