Twitter suspends more accounts as "divisive." Senatorial phishing. Bank of Spain DDoS. CVE reform?

Cyber Attacks, Threats, and Vulnerabilities

Twitter suspends more accounts for “engaging in coordinated manipulation” (TechCrunch) Following last week’s suspension of 284 accounts for “engaging in coordinated manipulation,” Twitter announced today that it’s kicked an additional 486 accounts off the platform for the same reason, bringing the total to 770 accounts. While many of the accounts removed last week appeared to origina…

Bound to Fail: Transnational Jihadism and the Aggregation Problem (War on the Rocks) On Aug. 22, ISIL’s leader Abu Bakr al-Baghdadi issued his first message to his followers in nearly a year, calling on them to carry out lone-wolf attacks

Google Tells Toomey Hackers Tried to Infiltrate Staff Email (SecurityWeek) Google alerted U.S. Sen. Pat Toomey's office that hackers with ties to a "nation-state" sent phishing emails to old campaign email accounts.

Vulnerability Note VU#906424 - Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the ALPC interface (US-CERT) Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface, which can allow a local user to obtain SYSTEM privileges.

AT Command Hitch Leaves Android Phones Open to Attack (Threatpost) Researchers used AT commands to rewrite device firmware, bypass Android security mechanisms, exfiltrate sensitive device information, and unlock screens.

Bank of Spain's website hit by cyber attack (Reuters) The Bank of Spain's website has been hit since Sunday by a cyber attack which has temporarily disrupted access to the site, a spokesman for the central bank said on Monday.

The Dark Side of APIs: Denial of Service Attacks (Akamai) In this blog post, we will discuss different Denial of Service (DoS) attacks that may negatively impact your API services, as well as mitigations offered by Kona Site...

BEC Detections Soar 80% (Infosecurity Magazine) Mimecast spots 41,000 attacks missed by others

The dangerous power of the clickbait king (UnHerd) The text message had read, simply, “noon”. I wait in nervous silence, as noon came and passed. Another hour trickled by and eventually a man wearing a thin smile steps through the cloud of hot white dust that billowed under the enormous canopies of Radio Café, Pristina, Kosovo. The young man’s name is Burim, and …

Cyber Trends

How Social Media Became The Locus Of 21st Century War (Task & Purpose) In 'LikeWar: The Weaponization of Social Media,' Peter W. Singer and Emerson T. Brooking examine this new 21st century way of war

Social media’s dangers are starkest outside the West (Times) This is to be a column about ethnic violence in Burma. First, though, let me remind you about Penn and Teller, a pair of American magicians who used to turn up quite a lot on British light...

ICO Breach Complaints Jump 160% in a Year (Infosecurity Magazine) GDPR thought to be a key factor

Fear of 'brand damage' stops firms reporting cybercrime (Independent) Brand damage and embarrassment are among the reasons given for the under-reporting of cybercrime by Irish businesses to gardai.

Marketplace

Australian property sector hit hard by hackers (Financial Review) Global cyber security executives are targeting Australia as growth hot spots for their companies.

Very Good Security makes data ‘unhackable’ with $8.5M from Andreessen (TechCrunch) “You can’t hack what isn’t there,” Very Good Security co-founder Mahmoud Abdelkader tells me. His startup assumes the liability of storing sensitive data for other companies, substituting dummy credit card or Social Security numbers for the real ones. Then when the data needs to be move…

Products, Services, and Solutions

Denim Group Works with Election Officials to Improve Security Infrastructure Ahead of Mid-Terms (BusinessWire) Denim Group today announced their role in assisting state and local election officials in improving their security infrastructure ahead of the 2018 mi

BehavioSec Provides Unique Anti-fraud Safeguards That Deliver Continuous Authentication Utilizing Behavioral Biometric (Digital Journal) BehavioSec, the first vendor to pioneer behavioral biometrics, continues rapid growth and momentum as more financial institutions, retailers, app developers and cloud service providers turn to the company’s flexible software platform for safeguarding their customers and dramatically slashing fraud costs.

Qrypt licenses ORNL's quantum random number generator to fortify encryption methods (Newswise) Qrypt, Inc., has exclusively licensed a novel cyber security technology from the Department of Energy's Oak Ridge National Laboratory, promising a stronger defense against cyberattacks including those posed by quantum computing.

Technologies, Techniques, and Standards

How to fix the troubled cyber vulnerability database (Fifth Domain) The Common Vulnerabilities and Exposures program has been criticized for delays in its disclosure process, but a group of lawmakers are offering a solution.

“No encryption, no fly” rule proposed for smallsats (SpaceNews.com) Small satellites that have propulsion systems, but don’t have encrypted communcations, pose a small but real threat of being hacked and endangering others.

Incorporating sensitive asset data into your vulnerability and compliance program (Help Net Security) In this podcast recorded at Black Hat USA 2018, Tim White, Director of Product Management, Policy Compliance at Qualys, talks about the importance of

What commanders will need in multidomain operations (C4ISRNET) New operating environments demand new capabilities.

Design and Innovation

The World’s Oldest Blockchain Has Been Hiding in the New York Times Since 1995 (Motherboard) This really gives a new meaning to the “paper of record."

Research and Development

Circadence Receives New U.S. Patent for Gamified Cybersecurity Training Platform, Project Ares (GlobeNewswire News Room) Circadence® Corporation, a market leader in cybersecurity training and assessments, announced today that the United States Patent and Trademark Office has issued U.S. Patent 10,056,005, entitled “Mission-Based, Game-Implemented Cyber Training System and Method,” for Project Ares®.

SOCOM seeking technologies for war in a post-cyberpunk era (C4ISRNET) In order to fight the wars of the present and the future, SOCOM is asking for a suite of technologies straight out of a cyberpunk thriller.

Toyota Investing $500 Million in Uber in Driverless-Car Pact (Wall Street Journal) Toyota is set to invest about $500 million in Uber as part of an agreement by the two companies to work jointly on driverless-vehicle development.

Legislation, Policy, and Regulation

Peter Dutton takes on responsibility for cybersecurity in Scott Morrison's new cabinet (CRN Australia) Still no dedicated ministry though.

Switzerland ramps up protection against cyber attack on infrastructure (Xinhua) After several recent cyber attack on emails of some 15,000 government employees, Switzerland on Monday released minimum standards for companies and organizations to protect the country's critical infrastructure.

New Cyber Deterrence Bill Empowers US Gov't to Impose More Sanctions - Senators (Sputnik) US Senators Cory Gardner and Chris Coons introduced the Cyber Deterrence and Response Act will enable the United States to prevent state-sponsored cyberattacks and impose sanctions on all parties responsible for such attacks, Gardner’s press office said in a press release on Monday.

Analysis | The Cybersecurity 202: Lawmakers dismiss voting machine maker's claim that spies benefit from election hacking demos (Washington Post) They're taking Def Con research seriously.

New document lays out American military’s early cyber struggles (Fifth Domain) A lack of resources, staff shortages and blurry lines of authority were just some of the difficulties that the American military experienced in cyberspace in 2014, according to a Freedom of Information Act request.

McCain Leaves a Rich Cyber Legacy (Nextgov.com) The late senator pushed relentlessly for the government to develop a comprehensive cyber deterrence strategy.

Litigation, Investigation, and Law Enforcement

Swiss close investigation into cyber attack on defence firm (SWI swissinfo.ch) The Attorney General’s Office has suspended criminal proceedings in connection with the cyberattacks carried out against government-owned defence ...

Court case puts PRISM back in the spotlight (FCW) An appeals court heard arguments Aug. 22 on a case that has broad implications for digital privacy and the constitutionality of government surveillance authorities.

T-Mobile quietly reveals uptick in government data demands (TechCrunch) T-Mobile has revealed an uptick in the number of demands for data it receives from the government. The cellular giant quietly posted its 2017 transparency report on August 14, revealing a 12 percent increase in the number of overall data demands it responded to compared to the previous year. The re…

Woman sues US border patrol over data copied from seized iPhone (Naked Security) The Muslim American wants assurances that the data – including photos of her not wearing a hijab – are deleted.

Two found guilty of terror plot in Germany. Their accomplice once planned attack on Ramstein (Stars and Stripes) Two associates of a man who once planned to attack Ramstein Air Base were found guilty of charges related to a planned suicide bombing at a German town.

Source: FBI Agent Told Congress The Bureau Used Leaked Stories To Obtain Spy Warrants (Daily Caller) Today's entertainment gossip and chatter

SOURCES: China Hacked Clinton’s Private Email Server (Daily Caller) 'A "courtesy copy" of her emails was sent to a third party'

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

National Cyber League Fall Season (Chevy Chase, Maryland, USA, Dec 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Regular Season and Postseason. NCL allows players of all levels to enter. Between easy, medium and hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Fall Season is 8/27/18-9/28/18.

Incident Response 18 (Arlington, Virginia, USA, Sep 5 - 6, 2018) If you work for a vendor or product company, please understand this is not a sales event. IR18 is a community-driven event that aims to disrupt the traditional approach and is more focused on community, connections and change. IR18 is a conference for cybersecurity professionals to learn and develop playbooks to improve Incident Response processes. If you are interested in contributing to the event, your company can sponsor one of the exclusive innovation categories. Contact Sponsors@IncidentResponse.com for more information.

InfoWarCon 18 (Leesburg, Virginia, USA, Nov 1 - 3, 2018) InfoWarCon 18 brings together a highly elite group of political, military, academic, DIYer, and commercial cyber-leaders and thinkers from around the world. We examine the current, future, and potential hostile use of cyber and related information technologies including how to neutralize the current ones. Since the initial InfoWarCon in 1994 we have hosted the event in multiple venues across the US and Europe

Upcoming Events

The Air Force Information Technology & Cyberpower Conference (Montgomery, Alabama, USA, Aug 27 - 29, 2018) As the premiere Air Force cyber security annual event, the Air Force Information Technology & Cyberpower Conference (AFITC) returns to Montgomery, Alabama in August of 2018. As a critical intersection of Air Force IT experts, prominent IT academics, and some of America’s top cyber security companies, the AFITC offers a full of slate events and activities, with 3 days of speakers, expanded education/training opportunities, and an exhibitor-driven trade show that all revolves around the ways we can better defend America from cyber-attacks, advanced persistent threats, and proactively lead in this in this increasingly digital world.

National Cyber League Fall Season (Chevy Chase, Maryland, USA, Dec 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Regular Season and Postseason. NCL allows players of all levels to enter. Between easy, medium and hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Fall Season is 8/27/18-9/28/18.

The Cyber Security Summit: Chicago (Chicago, Illinois, USA, Aug 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Intelligence & National Security Summit (National Harbor, Maryland, USA, Sep 4 - 5, 2018) The Intelligence & National Security Summit is the premier forum for unclassified, public dialogue between the U.S. Government and its partners in the private and academic sectors. The 2018 Summit will include five plenary sessions, where senior leaders from the intelligence and national security communities will discuss top priorities, challenges, and assessments of key threats, as well as nine breakout sessions that will examine issues of vital importance to our national wellbeing and the readiness of the intelligence and national security workforce.

Cyber Resilience & Infosec Conference (Abu Dhabi, UAE, Sep 5 - 6, 2018) Interact with the top-notch cyber security specialists, learn new strategies and protect your company's future efficiently

Incident Response 18 (Arlington, Virginia, USA, Sep 5 - 6, 2018) If you work for a vendor or product company, please understand this is not a sales event. IR18 is a community-driven event that aims to disrupt the traditional approach and is more focused on community, connections and change. IR18 is a conference for cybersecurity professionals to learn and develop playbooks to improve Incident Response processes. If you are interested in contributing to the event, your company can sponsor one of the exclusive innovation categories. Contact Sponsors@IncidentResponse.com for more information.

9th Annual Billington CyberSecurity Summit (Washington, DC, USA, Sep 6, 2018) The mission of Billington CyberSecurity is to bring together thought leaders from all sectors to examine the state of cybersecurity and highlight ways to enhance best practices and strengthen cyber defenses within government and the private sector. This year's summit, like the previous eight, will bring together leaders from government and industry for a comprehenive look at the challenges of cybersecurity.