Cyber Attacks, Threats, and Vulnerabilities
Seven Australian universities targeted in global hacking campaign (ARN) At least seven Australian universities have been attacked by cyber criminals in a global action targeting researchers.
Swedish study notes surge in automated Twitter accounts (AP News) A Swedish government study says there's been a recent surge in the number of automated Twitter accounts ahead of the Sept. 9 election, noting that 40 pe
This Is How Russian Propaganda Actually Works In The 21st Century (BuzzFeed News) Skype logs and other documents obtained by BuzzFeed News offer a rare glimpse into the inner workings of the Kremlin’s propaganda machine.
Analysis | The Cybersecurity 202: President Trump is wrong about the way Chinese hackers target Americans (Washington Post) Beijing doesn't tend to weaponize the information it gleans.
Exploiting Decades-Old Telephone Tech to Break Into Android Devices (WIRED) So-called Attention commands date back to the 80s, but they can enable some very modern-day smartphone hacks.
Remote Mac Exploitation Via Custom URL Schemes (Objective-See) a cyber-espionage campaign infects macs with a novel infection mechanism
Hacked stalking app reveals victims’ photos, texts and location info (Naked Security) Another mobile stalking app has been hacked, endangering both its customers and the victims that they spy on.
How Instagram accounts are hijacked, according to Kaspersky Lab (Back End News) (Image from Pixabay) Instagram (IG) is one of the most popular social networking sites today with one billion monthly users. With the sheer number of accounts, it has become a playground for cyberc…
Yahoo still scans your emails for ads — even if its rivals won’t (TechCrunch) You’re not the only one reading your emails. A deep dive in The Wall Street Journal on Tuesday dug out new details on a massive email scanning operation by Oath, the Verizon-owned subsidiary that’s the combined business of AOL and Yahoo. The email-scanning program analyzes over 200 mill…
Yahoo woos advertisers with email scanning for targeted ad delivery (Help Net Security) Oath, Verizon's subsidiary that manages AOL and Yahoo and its webmail offerings, will continue with the practice of email scanning for data for advertisers.
Why Yahoo scanning user email is no cause for panic (Naked Security) The Wall Street Journal yesterday published an unsettling report that the owner of Yahoo, Verizon subsidiary Oath, has been quietly analysing the emails of its 200 million users to sell to advertis…
BusyGasper Malware Packs a Simple but Potent Punch (Threatpost) BusyGasper is rudimentary spyware with a bevy of novel twists that is highly effective at collecting and exfiltrating data from Android phones.
Hackers faked Cosmos backend to hoodwink bank out of $13.5m (Register) Researchers dissect methods behind Indian cyber-heist
Critical Flaws in Syringe Pump, Device Gateways Threaten Patient Safety (Threatpost) The Qualcomm Life Capsule Datacaptor Terminal Server and the Becton Dickinson Alaris TIVA Syringe Pump allow remote access without authentication.
Wireless Infusion Pumps Could Increase Cybersecurity Vulnerability (HealthITSecurity) Wirelessly connecting infusion pumps to point-of-care medication systems and EHRs improves healthcare delivery but also increases cybersecurity vulnerability.
WhatsApp warns that Google Drive backups are not encrypted (Help Net Security) Android users will soon be able to store their unencrypted WhatsApp backups on Google Drive without the backup being counted toward its storage quota.
Air Canada resets 1.7 million accounts after app breach (Naked Security) Air Canada has been forced to issue a password reset for all 1.7 million users of its Android, iOS and BlackBerry mobile app after up to 20,000 accounts were compromised by hackers last week.
Alaska Airlines Case Study In Managing A Cyber Attack (Defense Daily Network) Alaska Airlines closed its acquisition of Virgin America in December of 2016. The next month, the Seattle-based airline had been hacked.Alaska discovered a
Data of 130 Million Chinese Hotel Chain Guests Sold on Dark Web Forum (BleepingComputer) A hacker is selling the personal details of over 130 million hotel guests for 8 Bitcoin ($56,000) on a Chinese Dark Web forum.
Website of Rapper Cardi B Littered with Spam (Infosecurity Magazine) Soccer-fan spammers target Cardi B’s website with fake videos, links, and photos.
And you you thought you were safe behind your laptop screen… (Naked Security) Modern LCD screens don’t spew out electronic emissions like the old “tube” displays – but apparently they make telltale noises instead.
Mapbox CEO says the map calling New York City ‘Jewtropolis’ has been 100% fixed, was ‘human vandalism’ (TechCrunch) Mapbox, the mapping startup that competes with the likes of Google Maps and Here to power location services on apps like Snapchat and Foursquare, says that a version of its New York map calling the city ‘Jewtropolis’ was an act of human vandalism that has now been removed across the hun…
Google Blames Users For Renaming Senate Office Building After John McCain (Motherboard) The Russell Senate Office Building appeared as the McCain Senate Office Building on Google Maps Wednesday.
Security Patches, Mitigations, and Software Updates
Instagram’s New Security Tools are a Welcome Step, But Not Enough (KrebsOnSecurity) Instagram users should soon have more secure options for protecting their accounts against Internet bad guys.
Cyber Trends
Firms Failing on Crucial Machine Identity Management (Infosecurity Magazine) Venafi warns of a coming security storm
The State of IoT Security (Dark Cubed) The threat of in-home smart (IoT) devices – like smart light bulbs, thermostats, power outlets, and security cameras – being hacked and controlled by botnets has been researched and documented extensively, but we wanted to explore the level of risk they pose during their everyday operations, as designed and delivered out of the box.
Trend Micro Report Reveals Criminals Increasingly Drawn To Low-Profile Attacks (Financial Post) Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in cybersecurity solutions, today released its Midyear Security Roundup 2018, revealing that cybercriminals are moving away…
Do Executives and Cybersecurity Pros Agree on Today’s Biggest Cyber Threats? (Varonis Blog) Breaches cost companies billions, erode trust and can have a long-lasting negative impact on a company’s brand. With so much as stake, we wondered: are C-Suite executives aligned with their security and IT pros when it comes to cybersecurity? We asked 345 C-Suite executives and cybersecurity/IT pros in the U.S., U.K., France and Germany some questions to find out. Dreading Data Loss: What are Executives’ Top 3 Cybersecurity Concerns? Corporate executives share the same concerns…
Report: Nearly Half of Security Professionals Think They Could Execute a Successful Insider Attack on Their Organization (Blog | Imperva) As potential threats and entry points into organizations’ databases keep growing, so does the amount of money folks are throwing at detecting and actioning insider threats.
Protecting blind spots — or, the search for security's next big thing (SC Media US) Blind Spots, or unseen dangers, are an inevitable fact of life. This is particularly true in the cybersecurity industry. This is because it's simply imposs
Few Execs Believe Healthcare IT Security Tech Will Be Disruptive (HealthITSecurity) Only 7 percent of executives surveyed by Reaction Data believe that healthcare IT security technology will have a significant disruptive impact on healthcare.
New research shows impact of GDPR on global spam levels (Silicon Republic) Many security researchers feared that the advent of GDPR would create a spam deluge, but has this really happened?
Former UK Cyber Boss: Big Change Unlikely Before ‘Highly Destructive Attack’ (MeriTak) John Noble, former director of the National Cyber Security Centre in the United Kingdom, took a pessimistic view on the future of cybersecurity during a BeyondTrust webinar on Wednesday.
4 Benefits of a World with Less Privacy (Dark Reading) The privacy issue is a problem for a lot of people. I see it differently.
Marketplace
Google denies Trump’s claim that it did not promote his State of the Union address (TechCrunch) Google is pushing back against a claim by Donald Trump that the search engine stopped promoting State of the Union livestreams on its homepage after his presidency began. Trump’s claim came in the form of a tweeted video, which was still pinned to the top of his profile when this post was published…
ZTE Back in the Game, Seeking Trust & 5G Deals (Light Reading) But the road ahead looks steep, despite domestic support and opportunities.
Could Japan Also Bar Huawei, ZTE? (Light Reading) Or are we into FUD territory?
Huawei requests FTC hearing to fight U.S. national security ban (VentureBeat) Banned by the United States and Australian governments with a similar lockout looming in South Korea, embattled Chinese 5G hardware maker Huawei has asked the U.S. Federal Trade Commission (FTC) fo…
VMware Pledges to Reduce Cybersecurity Costs (Security Boulevard) VMware, at this week's VMworld 2018 conference, signaled its intention to reduce dramatically the number of products and technologies required to secure VMware has signaled its intention to reduce dramatically the number of products and technologies required to secure an IT environment.
Check Point gets a fifth-generation snub from Wikipedia (iTWire) Security companies regularly hype the dangers of operating online in order to scare the bejesus out of ordinary people – that's nothing new. But when...
Defense contractor Booz Allen Hamilton to add 200 jobs in Cumberland (WRAL.com) National defense contractor Booz Allen Hamilton Inc. plans to expand its operations to Cumberland County over the next five years, adding more than 208 jobs to the Fayetteville area in exchange for more than $2 million in state and local incentives.
Products, Services, and Solutions
SnapLogic eXtreme accelerates cloud data lake initiatives (Help Net Security) SnapLogic eXtreme provides a serverless, cloud-based runtime environment for data transformations to enterprise customers.
Veeam Intelligent Data Management combines with Cisco HyperFlex to deliver new Availability solution (Help Net Security) Veeam Availability Platform on Cisco HyperFlex provides scalability, ease of management, and support for multi-cloud environments.
Managed Methods Partners With Cylance for Enhanced Endpoint Protection for Cloud Applications (PRNewswire) Managed Methods Inc., the leader in API-based cloud application security solutions, today announced a product partnership with Cylance, the global provider of AI-driven, prevention-first security solutions.
In a Push to Enter IoT Market, Check Point Develops a Mini-Firewall (CTECH) CEO Gil Shwed has repeatedly stated that the next generation of cyber attacks—and consequently, the next demand for security products—will focus on Internet of Things
Data61 uses IBM Blockchain for Australian smart legal contracts network (ZDNet) The Australian National Blockchain will allow local companies to use digitised contracts, exchange data, and confirm the authenticity and status of legal contracts.
This is Google’s Titan security key (TechCrunch) Google isn’t one to shy away from bold claims. “We have had no reported or confirmed account takeovers since implementing security keys at Google,” a spokesperson told TechCrunch. And it’s probably true. Think of a security key as like a two-factor authentication code that&#…
Technologies, Techniques, and Standards
The Army is testing deceptive cyber technology despite past struggles (Fifth Domain) The Army is testing methods to trick attackers into believing that they have compromised a network, but experts both inside and outside government warn that the idea has struggled to go from concept to reality.
ARCYBER Chief Seeks Convergence Between Cyber, Electronic Warfare (Executive Gov) Lt. Gen. Stephen Fogarty, commander of U.S. Army Cyber Command, has said he wants to rename ARCYBER
Why You Need a Physical Vault to Secure a Virtual Currency (WIRED) Cryptocurrency exchange Coinbase stores its customers' bitcoin offline, using an elaborate process that breaks apart encryption codes and stores them on paper.
Fostering A Culture Of Cybersecurity (Forbes) There are a few key principles to keep in mind when attempting to effectively promote a cybersecurity culture at your company.
How to improve security without treating your users like criminals (TechRepublic) Strong security controls will protect your organization, but they may also hinder or annoy users. Here's how to walk the line between security and user accessibility.
Design and Innovation
Listening Watch sounds out security idea with websites that listen (Naked Security) Listening Watch, a project based on earlier work by researchers Prakash Shrestha and Nitesh Saxena, uses the power of sound to log you into your favourite websites.
Research and Development
Germany, seeking independence from U.S., pushes cyber security... (Reuters) Germany announced a new agency on Wednesday to fund research on cyber security and to end its reliance on digital technologies from the United States, China and other countries.
Raytheon developing system that lets artificial intelligence explain itself (Yahoo) Under the Defense Research Project Agency's (DARPA) Explainable Artificial Intelligence program (XAI), Raytheon (RTN) BBN Technologies is developing a first of its kind neural network that explains itself. The XAI program aims to create a suite of
FBI Looking For Tech to Foil Fingerprint Obliteration (Nextgov.com) The FBI wants artificial intelligence tools that can ID people with burnt, cut or otherwise altered fingerprints.
Academia
Cornell offers more crypto classes than any other top university in the world (Quartz) The Ivy League university runs 28 courses on cryptography, cryptocurrencies, or blockchain.
Legislation, Policy, and Regulation
Trump’s Secret Order on Pulling the Cyber Trigger (Lawfare) Decision Responsibility, Legal Secrecy, and Congress’s Options.
The cyber Cold War: Russian and US security systems draw new lines on the map (Army Technology) Splinternet. Cyber-balkanisation. Military digital complex. Unprecedented scenarios demand new language to describe them. So it is with the battle for...
What went wrong with Israel's cybersecurity agency (Haaretz) More than three years after it was established, former key officials and other sources describe a government body has lost its focus
Aussie channel reacts to leadership change at the top (ARN) Scott Morrison was sworn in last week but days of politically instability leading to his appointment has created uncertainty among businesses.
Not having a dedicated cyber minister is ‘foolhardy’: Forcepoint boss (CIO) The Australian government cannot underestimate the importance of cyber security threats and it would be ‘foolhardy’ not to appoint a cyber tsar at some point, says Forcepoint’s US-based CEO, Matthew Moynahan.
How the Saudis made Canada the loneliest country in the world (Haaretz) Western leaders wooing Saudi money aren’t going to nag the crown prince about Riyadh’s executions of human rights activists
Opinion | Is Saudi Arabia Really So Angry at Canada Over a Tweet? (New York Times) Crown Prince Mohammed bin Salman is attempting to transform his country. The West shouldn’t undermine him.
DHS Official: NRMC Is ‘Long Game’ in U.S. Cyber Defense (MeriTalk) Matthew Travis, deputy undersecretary of the Department of Homeland Security’s National Programs and Protection Directorate (NPPD), said today that DHS’s recently-established National Risk Management Center (NRMC) represents the agency’s plan to play “the long game” in defending U.S. critical infrastructure sectors from attacks.
NPPD builds on reorg momentum in renewed pitch for name change (FederalNewsRadio.com) Building off the momentum of launching its National Risk Management Center last month, the Department of Homeland Security has renewed its pitch to Congress to approve an agency reorganization that would streamline DHS' cybersecurity functions.
US Government Takes Steps to Bolster CVE Program (BleepingComputer) The US government is taking steps to fix the Common Vulnerabilities and Exposures (CVE) system that's been plagued by various problems in recent years.
Secure Elections Act sponsors say bill is 'moving,' but its destination remains uncertain (Inside Cybersecurity) The future of the bipartisan Secure Elections Act remains unclear, as its Senate sponsors insist the bill is “moving” and Rules Committee members say they continue to discuss ways to improve it -- a week after the indefinite postponement of a markup seemed to doom the measure for the year.
The agency created to protect elections is broken (Yahoo News) The mission of the Election Assistance Commission — the nation’s first federal agency created to oversee elections at every level of government — has never been clear, and more than 15 years later, critics say the agency has succumbed to the whims of partisan operatives.
4 ways Trump could go after Google (Washington Post) Trump has policy options, but they're all rather limited.
Why Google Is the Perfect Target for Trump (WIRED) A line-by-line breakdown of the president's recent tweets reveal why Google is his most convenient target.
Why It Is Time For a U.S. Cyber Force (Center for International Maritime Security) By Dave Schroeder and Travis Howard The proposal to create a U.S. Space Force has cyber professionals wondering about the government’s national security
How should we regulate facial recognition? We asked the experts (The Verge) Facial recognition is everywhere — airports, police stations, and built into the largest cloud platforms in the world — but there are few federal rules about how it can be used. Is it time to change that?
Congressman Ro Khanna’s cyber security roundtable - streaming link and observations (Control Global) August 27th, 2018, I participated in US Congressman Ro Khanna’s Cybersecurity Roundtable. The panel was originally to be focused on cyber hygiene. After meeting with Congressman Khanna Sunday morning August 26th, critical infrastructure was added to the agenda. The streaming link for the roundtable is available.
Why pushback on the CCPA is wrong (Help Net Security) Since GDPR was implemented on May 25th, 2018 one big question has been lurking in the U.S.: When will the U.S. Federal Government follow suit?
Litigation, Investigation, and Law Enforcement
What Europe Can do to Catch Dark Web Criminals (Infosecurity Magazine) Could the Europol dark web investigation team succeed in pinning down underground attackers?
FBI refutes Trump claim that Clinton’s private email server was hacked by China (Ars Technica) After Trump says China "hacked" Clinton's server, FBI says no evidence suggests that.
Cyber attack allegations nothing new: FM (Global Times) China's Foreign Ministry, asked on Wednesday about US President Donald Trump's claim that China hacked the emails of 2016 Democratic presidential candidate Hillary Clinton, said such allegations were nothing new.
Facebook and Twitter executives to testify to Congress next week (Washington Post) Facebook’s Sheryl Sandberg and Twitter’s Jack Dorsey are set to face a fresh grilling on Capitol Hill next week as lawmakers probe Silicon Valley’s efforts to police content online, from political speech to suspected Russian propaganda.
Ex-CIA officer running for Congress says GOP obtained her unredacted personnel file with sensitive information (Washington Post) Republicans say they obtained it through a standard Freedom of Information Act request.
CIA Analyst Turned Candidate Fears She’ll Get Doxxed Next (The Daily Beast) At least 34 intelligence and military veterans are running for House or Senate seats in 2018. And now, there’s a very real risk that their private lives could be exposed.
State Department Visa Analysis System Wasn’t Patched or Scanned for Viruses, Audit Finds (Nextgov.com) Department officials also weren’t tracking who used the system or if they were sharing passwords.
Newbie Hacker Fingered for Monster Botnet (The Daily Beast) Federal prosecutors quietly indicted this 20-year-old, and rival hackers say he’s behind a king-sized botnet. But did he really have the skills to pull it off?
Hacker of celebrity photos gets 8 months in prison (AP News) A Connecticut man who hacked into more than 200 iCloud accounts of Hollywood stars and other people has been sentenced to eight months in prison.
Soldier to Plead Guilty in Trying to Help ISIS (Military.com) A soldier based in Hawaii who is accused of pledging allegiance to ISIS planned to plead guilty Wednesday.