Cyber Attacks, Threats, and Vulnerabilities
Twitter suspends more accounts for “engaging in coordinated manipulation” (TechCrunch) Following last week’s suspension of 284 accounts for “engaging in coordinated manipulation,” Twitter announced today that it’s kicked an additional 486 accounts off the platform for the same reason, bringing the total to 770 accounts. While many of the accounts removed last week appeared to origina…
Bound to Fail: Transnational Jihadism and the Aggregation Problem (War on the Rocks) On Aug. 22, ISIL’s leader Abu Bakr al-Baghdadi issued his first message to his followers in nearly a year, calling on them to carry out lone-wolf attacks
Google Tells Toomey Hackers Tried to Infiltrate Staff Email (SecurityWeek) Google alerted U.S. Sen. Pat Toomey's office that hackers with ties to a "nation-state" sent phishing emails to old campaign email accounts.
Vulnerability Note VU#906424 - Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the ALPC interface (US-CERT) Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface, which can allow a local user to obtain SYSTEM privileges.
AT Command Hitch Leaves Android Phones Open to Attack (Threatpost) Researchers used AT commands to rewrite device firmware, bypass Android security mechanisms, exfiltrate sensitive device information, and unlock screens.
Bank of Spain's website hit by cyber attack (Reuters) The Bank of Spain's website has been hit since Sunday by a cyber attack which has temporarily disrupted access to the site, a spokesman for the central bank said on Monday.
The Dark Side of APIs: Denial of Service Attacks (Akamai) In this blog post, we will discuss different Denial of Service (DoS) attacks that may negatively impact your API services, as well as mitigations offered by Kona Site...
BEC Detections Soar 80% (Infosecurity Magazine) Mimecast spots 41,000 attacks missed by others
The dangerous power of the clickbait king (UnHerd) The text message had read, simply, “noon”. I wait in nervous silence, as noon came and passed. Another hour trickled by and eventually a man wearing a thin smile steps through the cloud of hot white dust that billowed under the enormous canopies of Radio Café, Pristina, Kosovo. The young man’s name is Burim, and …
Cyber Trends
How Social Media Became The Locus Of 21st Century War (Task & Purpose) In 'LikeWar: The Weaponization of Social Media,' Peter W. Singer and Emerson T. Brooking examine this new 21st century way of war
Social media’s dangers are starkest outside the West (Times) This is to be a column about ethnic violence in Burma. First, though, let me remind you about Penn and Teller, a pair of American magicians who used to turn up quite a lot on British light...
ICO Breach Complaints Jump 160% in a Year (Infosecurity Magazine) GDPR thought to be a key factor
Fear of 'brand damage' stops firms reporting cybercrime (Independent) Brand damage and embarrassment are among the reasons given for the under-reporting of cybercrime by Irish businesses to gardai.
Marketplace
Australian property sector hit hard by hackers (Financial Review) Global cyber security executives are targeting Australia as growth hot spots for their companies.
Very Good Security makes data ‘unhackable’ with $8.5M from Andreessen (TechCrunch) “You can’t hack what isn’t there,” Very Good Security co-founder Mahmoud Abdelkader tells me. His startup assumes the liability of storing sensitive data for other companies, substituting dummy credit card or Social Security numbers for the real ones. Then when the data needs to be move…
Products, Services, and Solutions
Denim Group Works with Election Officials to Improve Security Infrastructure Ahead of Mid-Terms (BusinessWire) Denim Group today announced their role in assisting state and local election officials in improving their security infrastructure ahead of the 2018 mi
BehavioSec Provides Unique Anti-fraud Safeguards That Deliver Continuous Authentication Utilizing Behavioral Biometric (Digital Journal) BehavioSec, the first vendor to pioneer behavioral biometrics, continues rapid growth and momentum as more financial institutions, retailers, app developers and cloud service providers turn to the company’s flexible software platform for safeguarding their customers and dramatically slashing fraud costs.
Qrypt licenses ORNL's quantum random number generator to fortify encryption methods (Newswise) Qrypt, Inc., has exclusively licensed a novel cyber security technology from the Department of Energy's Oak Ridge National Laboratory, promising a stronger defense against cyberattacks including those posed by quantum computing.
Technologies, Techniques, and Standards
How to fix the troubled cyber vulnerability database (Fifth Domain) The Common Vulnerabilities and Exposures program has been criticized for delays in its disclosure process, but a group of lawmakers are offering a solution.
“No encryption, no fly” rule proposed for smallsats (SpaceNews.com) Small satellites that have propulsion systems, but don’t have encrypted communcations, pose a small but real threat of being hacked and endangering others.
Incorporating sensitive asset data into your vulnerability and compliance program (Help Net Security) In this podcast recorded at Black Hat USA 2018, Tim White, Director of Product Management, Policy Compliance at Qualys, talks about the importance of
What commanders will need in multidomain operations (C4ISRNET) New operating environments demand new capabilities.
Design and Innovation
The World’s Oldest Blockchain Has Been Hiding in the New York Times Since 1995 (Motherboard) This really gives a new meaning to the “paper of record."
Research and Development
Circadence Receives New U.S. Patent for Gamified Cybersecurity Training Platform, Project Ares (GlobeNewswire News Room) Circadence® Corporation, a market leader in cybersecurity training and assessments, announced today that the United States Patent and Trademark Office has issued U.S. Patent 10,056,005, entitled “Mission-Based, Game-Implemented Cyber Training System and Method,” for Project Ares®.
SOCOM seeking technologies for war in a post-cyberpunk era (C4ISRNET) In order to fight the wars of the present and the future, SOCOM is asking for a suite of technologies straight out of a cyberpunk thriller.
Toyota Investing $500 Million in Uber in Driverless-Car Pact (Wall Street Journal) Toyota is set to invest about $500 million in Uber as part of an agreement by the two companies to work jointly on driverless-vehicle development.
Legislation, Policy, and Regulation
Peter Dutton takes on responsibility for cybersecurity in Scott Morrison's new cabinet (CRN Australia) Still no dedicated ministry though.
Switzerland ramps up protection against cyber attack on infrastructure
(Xinhua) After several recent cyber attack on emails of some 15,000 government employees, Switzerland on Monday released minimum standards for companies and organizations to protect the country's critical infrastructure.
New Cyber Deterrence Bill Empowers US Gov't to Impose More Sanctions - Senators (Sputnik) US Senators Cory Gardner and Chris Coons introduced the Cyber Deterrence and Response Act will enable the United States to prevent state-sponsored cyberattacks and impose sanctions on all parties responsible for such attacks, Gardner’s press office said in a press release on Monday.
Analysis | The Cybersecurity 202: Lawmakers dismiss voting machine maker's claim that spies benefit from election hacking demos (Washington Post) They're taking Def Con research seriously.
New document lays out American military’s early cyber struggles (Fifth Domain) A lack of resources, staff shortages and blurry lines of authority were just some of the difficulties that the American military experienced in cyberspace in 2014, according to a Freedom of Information Act request.
McCain Leaves a Rich Cyber Legacy (Nextgov.com) The late senator pushed relentlessly for the government to develop a comprehensive cyber deterrence strategy.
Litigation, Investigation, and Law Enforcement
Swiss close investigation into cyber attack on defence firm (SWI swissinfo.ch) The Attorney General’s Office has suspended criminal proceedings in connection with the cyberattacks carried out against government-owned defence ...
Court case puts PRISM back in the spotlight (FCW) An appeals court heard arguments Aug. 22 on a case that has broad implications for digital privacy and the constitutionality of government surveillance authorities.
T-Mobile quietly reveals uptick in government data demands (TechCrunch) T-Mobile has revealed an uptick in the number of demands for data it receives from the government. The cellular giant quietly posted its 2017 transparency report on August 14, revealing a 12 percent increase in the number of overall data demands it responded to compared to the previous year. The re…
Woman sues US border patrol over data copied from seized iPhone (Naked Security) The Muslim American wants assurances that the data – including photos of her not wearing a hijab – are deleted.
Two found guilty of terror plot in Germany. Their accomplice once planned attack on Ramstein (Stars and Stripes) Two associates of a man who once planned to attack Ramstein Air Base were found guilty of charges related to a planned suicide bombing at a German town.
Source: FBI Agent Told Congress The Bureau Used Leaked Stories To Obtain Spy Warrants (Daily Caller) Today's entertainment gossip and chatter
SOURCES: China Hacked Clinton’s Private Email Server (Daily Caller) 'A "courtesy copy" of her emails was sent to a third party'