Washington, DC: the latest from the 9th Annual Billington Cybersecurity Summit
GCHQ spy boss says Britain is ready to retaliate against Russia's "real and active" threat (Newsweek) In the wake of the Salisbury nerve agent attack, Britain pledges to fight back.
DHS cyber official: Federal cybersecurity is the "number one priority" (Axios) Just yesterday, DHS Secretary Kirstjen Nielsen warned of the threat from cyber attacks.
DOD CIO Dana Deasy: The CAC is here to stay 'for the foreseeable future' (Fedscoop) Two years ago, then-Department of Defense CIO Terry Halvorsen announced a plan to replace the common access card within two years. Today, the CAC is still alive and well as the Pentagon’s primary means of identity authentication, and according to new CIO Dana Deasy, the cards aren’t going anywhere anytime soon. “Now I know what you’re thinking. …
Cyber Attacks, Threats, and Vulnerabilities
Salisbury poisoning: Russia hits out at West over novichok ‘lie’ (Times) Russia hit back at the international community this morning, saying that accusations that its agents were responsible for the novichok attack on Salisbury were a “frank lie”. Moscow was accused...
NSA official: Foreign hackers have ‘pummeled’ U.S. by stealing IP (Cyberscoop) Hackers sponsored by foreign governments have chipped away at the United States’ global economic advantage through a steady campaign of intellectual property theft, according to a top National Security Agency official.
Scrappy 'Silence' Cybercrime Gang Refines Its Bank Attacks (BankInfo Security) A cybercrime gang called "Silence," which appears to have just two members, has been tied to attacks that have so far stolen at least $800,000, in part
Silence: Moving into the darkside (Group-IB) A mobile, small, and young cybergang group has been progressing rapidly. While successful attacks were detected in Russian banks, Group-IB experts have discovered the group’s activity in 25+ countries worldwide. Learn more about tactics and tools employed by Silence in first detailed report presented by Group-IB.
Attackers Abuse Age Restrictions to Hide Apps on iOS Devices (SecurityWeek) Malicious actors are using age restriction settings in iOS to hide legitimate apps so that victims will only able to access rogue variants instead.
Mobile spyware maker mSpy leaks millions of records – AGAIN (Naked Security) The irony: Parents put it on kids’ phones to protect them, but this breach exposed sensitive data including Whatsapp and Facebook messages.
PowerPool Malware Uses Windows Zero-Day Posted on Twitter (Dark Reading) Researchers detected the vulnerability in an attack campaign two days after it was posted on social media.
Recent Windows ALPC zero-day has been exploited in the wild for almost a week (ZDNet) ESET says it detected PowerPool group using recently disclosed Windows ALPC zero-day to improve the efficiency of its malware.
Social Security numbers exposed on US government transparency site (Naked Security) The US government exposed dozens of people’s’ personal details, including social security numbers, due to an online mishap on a public transparency portal.
British Airways hacked as 380,000 sets of payment details stolen (The Telegraph) British Airways has launched an “urgent” investigation and notified police after hundreds of thousands of customers’ personal and financial details were stolen.
BA boss apologises for data breach (BBC News) Airline promises compensation as data breach sees personal and financial details of customers compromised.
Over 50,000 customers' information exposed in Orrstown Bank cyber attack (Public Opinion Online) The bank said it discovered the incident, which involved two of its employees falling victim to an email phishing attack, in July.
Flaw in Schneider PLC Allows Significant Disruption to ICS (SecurityWeek) A vulnerability affecting some of Schneider Electric’s Modicon controllers can be exploited by malicious actors to cause significant disruption in ICS networks, researchers warn
Malware Found on USB Drives Shipped With Schneider Solar Products (SecurityWeek) Some of the USB flash drives shipped by Schneider Electric with its Conext Combox and Conext Battery Monitor solar energy products found to contain malware
Threat Landscape for Industrial Automation Systems in H1 2018 (Securelist) In this report, Kaspersky Lab ICS CERT publishes the findings of its research on the threat landscape for industrial automation systems conducted during the first half of 2018.
Using just a laptop, boffins sniff, spoof and pry – without busting browser padlock (Register) Researchers break certificate authorities' domain validation
IoT risk often 'cannot be managed' in Massachusetts state government, auditor finds (StateScoop) A paucity of controls and standards for the emerging technology has placed many agencies in an uncomfortable position, according to a new report.
'I'm looking out your front door': Stranger warns homeowner about faulty security system (CBC) Last Monday, Shelan Faith of Saskatoon received a letter from a stranger. Moments later she burst into tears.
Security Patches, Mitigations, and Software Updates
Cisco Patches Serious Flaws in RV, SD-WAN, Umbrella Products (SecurityWeek) Cisco patches critical and high severity vulnerabilities in its RV series, SD-WAN, Umbrella and other products
Firefox Drops Support for Windows XP (SecurityWeek) Effective this week, Windows XP is no longer supported by Firefox. More than four years after Microsoft stopped supporting the platform, Mozilla is making a similar move.
Cyber Trends
Attack Landscape of 2018, So Far - Cyber security news, articles and tips (Cyber security news, articles and tips) 2017 had WannaCry, NotPetya, and an explosion of activity on our global network of honeypots. 2018 in comparison has been, well, a little quieter. For the last two years, we’ve been reporting traffic seen on our honeypot network. These honeypots, or decoy servers that are set up to attract the interest of attackers, provide an …
Latest Research Shows Security Teams Review an Average 12,000 Alerts/Week, Setting the Stage for Automation (Press of Atlantic City) Demisto, an innovator in Security Orchestration, Automation and Response (SOAR) technology, today announced the results of their second annual State of SOAR Report 2018. Notably, the
The State of SOAR Report 2018 (Demisto) Technological advancements have made it easier to conduct business, but the job of securing these technologies falls upon already overworked security teams. Demisto conducted a study of security professionals around the world to delve deeper into security challenges, their manifestations, and possible solutions.
Beyond the Cyber Leviathan: White Hats and U.S. Cyber Defense (War on the Rocks) When the WannaCry ransomware created a global hospital crisis in 2017, locking emergency rooms and medical centers out of their systems, it was Marcus
A Scoville Heat Scale For Measuring Cybersecurity (Forbes) The Scoville Scale is a measurement chart used to rate the heat of peppers or other spicy foods. It can have a useful application for measuring cybersecurity threats.
Marketplace
Official: Acquisition Limits Hindering Cyber Command, Want Contracting Cap Raised To $250 Million (Defense Daily Network) Cyber Command is looking to make the most of the extension of its acquisition authority through 2025, but officials are still pushing Congress to raise its
Analysis: How data breaches affect stock market share prices (2018 update) (Comparitech) Data breaches can have serious consequences for companies and customers but what impact do they have on share prices? We dig in to the data to find out.
DNotes Global CEO Alan Yong Cites NextGen VC as Solution for ICO Conundrum (DNotes Global) In a new interview with DCEBrief, DNotes Global, Inc. CEO Alan Yong stressed the importance of ensuring that the cryptocurrency industry works to comply with existing government regulations. He specifically addressed the controversy surrounding initial coin offerings and suggested that the industry must change the way it uses that fundraising tool if it wants to avoid additional regulations to rein in ICO excesses.
Aramco Weighs $1 Billion Venture Capital Fund For Tech (Wall Street Journal) Saudi Arabia’s national oil company is considering a $1 billion fund to invest in international technology firms, as the kingdom deepens efforts to diversify its economy.
VPN Company AnchorFree Raises $295 Million (SecurityWeek) AnchorFree, the company that makes the Hotspot Shield VPN, raised $295 million in a new funding round, bringing the total raised to date to nearly $358 million
Announcing the Fall 2018 Cohort of Startups in Dreamit SecureTech (Medium) Seven startups were accepted into the inaugural program, led by Managing Director Bob Stasio
Optiv Security Announces Additional Key Appointments in Europe to Support International Growth Strategy (Optiv) Optiv Security, the world’s leading security solutions integrator, today announced two key appointments in Europe to support its international growth strategy.
Ola Sergatchov joins GuardiCore as VP of corporate strategy (Help Net Security) In his new role, Sergatchov will lead GuardiCore’s corporate strategy and go-to-market initiatives to drive growth on a global scale.
Products, Services, and Solutions
Corelight Launches Virtual Sensor and New Core Collection of Curated Bro Packages for Out-of-the-Box Traffic Insights (GlobeNewswire News Room) Corelight Virtual Sensor enables more pervasive network monitoring; Core Collection includes detections for bitcoin mining and port scanning, as well as efficient hostname annotation
Infoblox Offers Managed Service Providers New Core Network Solutions (PRNewswire) Consumption Based Model Fills Critical Gap to Strengthen DDI Infrastructure
WhiteHat Security unveils AI capabilities for Sentinel Dynamic DAST solution to empower DevSecOps (Help Net Security) New Sentinel Dynamic enhancements enable accuracy, make real-time risk assessment a reality and empower developers to create secure web applications.
Security Compass expands support for OpSec, adding Microsoft Azure to its knowledge library (Help Net Security) Policy-to-Procedure platform, SD Elements, now features operational security requirements for Microsoft Azure, AWS, and Apache.
Technologies, Techniques, and Standards
Study: Grid security needs to be a team sport (FCW) Electrical grid infrastructure providers and federal agencies need to do even more collaboration on operational preparation, response and recovery planning, according to a new study.
Preventing the Other Kind of Hack Back (SecurityWeek) Taking proper care during your security research activities can ensure that you get the information you need without putting yourself at risk.
How metrics can enhance the effectiveness of security programs (Help Net Security) Choosing the right metrics is not one size fits all. Metrics must be aligned with the organization organization, its industry, size and attack surface.
'Tiger Stance' focuses on realistic, state-of-the-art cyber task force training (DVIDS) Cyber warriors from the Army Cyber Protection Brigade (CPB) had an opportunity for realistic state-of-the-art cyber training at the Indiana National Guard’s Muscatatuck Urban Training Center (MUTC) here, Aug. 20-24.
Homeland Security head: Colorado tops US in vote security (AP News) Colorado, whose election systems are ranked among the nation's safest, held a cyber-security and disaster exercise Thursday for dozens of state, county and federal e
Fighting Alert Fatigue With Security Orchestration, Automation and Response (SecurityWeek) Security orchestration, automation and response (SOAR) has the potential to improve proactive threat hunting, standardize incident processes, improve investigations, accelerate and scale incident response, simplify security operations.
Back to school: Lessons in endpoint security (Help Net Security) There are simple, but effective steps you can provide to your school’s employees and students to help them be more secure.
Academia
Secure Channels Blending Academic Theory and Practical Experience by Partnering with Georgetown University's Technology Management Graduate Program (PRNewswire) Program Headed by Dr. Maria F. Trujillo Brings Together Graduate Students and Secure Channels Executives to Work on Dynamic Cybersecurity Problems
National Cyber League Hones in on Specific Skills Needed for Cybersecurity (PRWeb) As the shortage of qualified employees in the cybersecurity industry continues, the National Cyber League (NCL) is helping get those folks into careers
Legislation, Policy, and Regulation
PM 'orders cyberwar' on Russian spy network after novichok charges (Evening Standard) Theresa May has vowed to take on Russia’s spy network as she called an emergency UN security meeting amid reports Britain is preparing for cyberwarfare. It comes after two Russians were charged with carrying out the Salisbury Novichok poisonings in a dramatic breakthrough in the major investigation.
What's GRU? A Look at Russia's Shadowy Military Spies (SecurityWeek) Russia's GRU military intelligence service is attracting increasing attention as allegations mount of devious and deadly operations on and off the field of battle.
Russia’s Military Intelligence Agency Isn’t Stupid (Foreign Policy) Don’t let the reporting on the suspected Skripal attackers fool you: Moscow got what it wanted.
Russian Sovereign Debt in the Crosshairs (Atlantic Council) On September 6, the US Senate Banking Committee will hear expert testimony on draft Russia sanctions legislation, including the Defending American Security from Kremlin Aggression Act introduced this summer following US President Donald J. Trump’s...
Homeland Security vows change in face of cyber ‘pandemic’ (Fifth Domain) Department of Homeland Security Secretary Kirstjen Nielsen outlined a reorganization of the agency to focus on nation-state threats amid a growing number of cyberattacks, but lawmakers seem unaware of the changes.
The surprising test ground for DoD information operations (Fifth Domain) The intensity of operations in the Middle East over the past decade-plus has provided an unprecedented learning laboratory for Cyber Command to test concepts and forces.
Pompeo Eyes Fox News Reporter to Head Counterpropaganda Office (Foreign Policy) The troubled agency is charged with responding to Russian influence operations.
Senate Committee Approves Top White House Tech Advisor (Nextgov.com) Office of Science and Technology Policy hasn't had a permanent leader since the last administration.
Google’s bad day in Congress came at the worst possible time (The Verge) Washington is gearing up for a fight with big tech — and Google could be at the center of it
Cybersecurity Exercise Reveals Authority Confusion (Meritalk) A cybersecurity exercise hosted by the Intelligence and National Security Alliance (INSA) revealed complications that can arise in the response to an attack on critical infrastructure including challenges in establishing authority among multiple agencies and levels of government.
Cyber threats 'blurring' line between agencies' foreign, domestic intel (FederalNewsRadio.com) DHS has been pushing greater cyber threat information sharing with the private sector. But the advance of cyber threats might bring together the government’s foreign and domestic intelligence operations.
Litigation, Investigation, and Law Enforcement
U.S. Charges North Korean Over Lazarus Group Hacks (SecurityWeek) US charges North Korean national for Lazarus Group attacks, including the 2014 Sony hack, the $81 million Bangladesh Bank heist, the WannaCry ransomware attack, and targeting of US defense contractors
U.S. Accuses North Korea of Plot to Hurt Economy as Spy Is Charged in Sony Hack (New York Times) Only one North Korean was named in a complaint, but it described a team of hackers for the North’s main intelligence agency who caused hundreds of millions of dollars of damage to the global economy.
U.S. charges North Korean operative in conspiracy to hack Sony Pictures, banks (Washington Post) The criminal complaint marks the first such case against Pyongyang.
DOJ criminal complaint against an alleged spy for the North Korean goverment (Washington Post) The Justice Department announced charges Thursday against an alleged spy for the North Korean government in connection with a series of cyberattacks including the 2014 assault on Sony Pictures Entertainment, marking the first time the United States has brought such charges against a Pyongyang operative.
US indicts North Korean agent for WannaCry, Sony attacks [Updated] (Ars Technica) Justice Department charges agents of Reconnaissance General Bureau in broad indictment.
Analysis | The Cybersecurity 202: Trump's praise for Kim Jong Un on same day as Sony hacking charges undercuts deterrence strategy (Washington Post) It's a clash of messages.
Analysis | The Cybersecurity 202: From encryption to deepfakes, lawmakers geek out during Facebook and Twitter hearing (Washington Post) They displayed a solid understanding of the technical issues.
Twitter Permanently Bans Alex Jones After New Violations (Wall Street Journal) Twitter Inc. on Thursday said it permanently banned Alex Jones and his website Infowars, effectively taking away one of the last few online microphones available to the right-wing provocateur.
Feds shut down alleged ‘copycat' military recruiting sites (Military Times) The companies say they helped a network of 7,500 military recruiters across the services.
Just and Unjust Leaks (Foreign Affairs) Revealing official secrets and lies involves a form of moral risk-taking. And drawing the line between the right and wrong kinds of disclosures has grown harder than ever in the Trump era.
Ten-fold increase in security breach cases since GDPR, claim lawyers (Computing) Last year, Fieldfisher handled about three new cases a month. Today, it's handling one new case every day.
Leader of DDoS-for-Hire Gang Pleads Guilty to Bomb Threats (KrebsOnSecurity) A 19-year-old man from the United Kingdom who headed a cybercriminal group whose motto was “Feds Can’t Touch Us” pleaded guilty this week to making bomb threats against thousands of schools.
Teen hacker admits to SWATting schools, airline flight (Naked Security) The teenager made bomb threats to schools, and to a flight between the UK and San Francisco while it was in mid-air.
Justice Department Probing Wells Fargo’s Wholesale Banking Unit (Wall Street Journal) The Justice Department is probing whether employees committed fraud in Wells Fargo’s wholesale banking unit, following revelations that employees improperly altered customer information.
Apple to provide online tool for police to request data: letter (Reuters) Apple Inc plans to create an online tool for police to formally request data about its users and to assemble a team to train police about what data can and cannot be obtained from the iPhone maker, according to a company letter seen by Reuters.
