Cyber Attacks, Threats, and Vulnerabilities
Bad Actors Sizing Up Systems Via Lightweight Recon Malware (Threatpost) These stealthy downloaders initially infect systems and then only install additional malware on systems of interest.
New modular downloaders fingerprint systems - Part 3: CobInt (Proofpoint) Proofpoint researchers provide new analysis of a downloader called CobInt, associated with the Cobalt Group but following a new trend of small-footprint, modular loaders.
The Unwanted Visitors You’re Letting Into Your Home: How Second-hand Smart Home Technology is Compromising Your Safety (Payments Journal) 27 million smart home units are expected to be sold in the US in 2018, with the global smart home market expected to be worth $53.45 billion by 2022.
Trend Micro Admits That Its Mac Apps Collect User Data (SecurityWeek) Trend Micro has confirmed that some of its applications for macOS systems collect browser history and send it to the security firm’s servers.
Trend Micro blames data collection issue on code library re-use (Cyberscoop) Cybersecurity giant Trend Micro has apologized after researchers discovered that a number of the company’s consumer-facing apps were collecting users’ browser histories.
Apple Removes Top Security Tool for Secretly Stealing Data (Anomali Forum) The top rated paid utility application on the Mac App Store, “Adware Doctor,” has been removed by Apple after security researchers found that the application was surreptitiously stealing browser data. The stolen data was observed being sent to AWS servers that were administered by an individual in China. This discovery is troubling because Adware Doctor, prior to its removal from the App Store...
Banking Trojan attacks increase, large scale Ramnit campaign impacts organizations worldwide (Help Net Security) Check Point revealed a significant increase in attacks using the Ramnit banking trojan. Ramnit has doubled its global impact over the past few months,
Advantech WebAccess RCE flaw still exploitable, exploit code available (Help Net Security) A vulnerability (CVE-2017-16720) in Advantech WebAccess allows attackers to remotely executed commands with administrator privileges on vulnerable systems.
LuckyMouse Signs Malicious NDISProxy Driver with Certificate of Chinese IT Company (Anomali Forum) The Advanced Persistent Threat (APT) group “LuckyMouse” (APT27, EmissaryPanda) has been found distributing a previously unknown, in-memory trojan, according to Kaspersky Lab researchers. The malware contains three different modules that include: a custom C++ installer, a network filtering driver (NDISProxy), and a last-stage C++ trojan functioning as an HTTPS server...
445 million customer records found on MongoDB database running on unsecured AWS server (Computing) 200GB database belonging to Veeam indexed on Shodan on 31 August - but was taken down nine days later.
IBM X-Force Delves Into ExoBot's Leaked Source Code (Security Intelligence) IBM X-Force researchers unpacked ExoBot's inner workings to reveal insights into its dynamic mechanisms and the features that help criminals use it in cross-channel bank fraud schemes.
Npower ‘urgently investigating’ personal information breach (ITV News) Npower is "urgently investigating" how the personal details of around 5,000 customers were shared with others by post.The letters included names, addresses and payment amounts — but did not include bank details.The energy giant has apologised to affected customers and said it had informed the Information Commissioner's Office (ICO) of the data breach.
Siemens warnt vor Cyber-Gefahren (Boersen Zeitung) The head of Siemens Germany, Uwe Bartmann, warns against cyber attacks on companies and public infrastructure
TV License website said it was secure. It wasn't (Graham Cluley) The official UK TV licensing website was allowing license purchasers to submit their personal identifiable information and bank details in unsafe, unencrypted plaintext.
Here's what happens during a social engineering cyber-attack (TechRepublic) BioCatch's VP Frances Zelazny explains each step of social engineering hacks, low-tech cyberattacks that have a big impact on business.
Password inadequacy remains a top threat (Help Net Security) WatchGuard's Q2 2018 Internet Security Report uncovers cybercriminals' heightened use of credential-focused attacks, password inadequacy, and more.
Nearly 600 Russia-Linked Accounts Tweeted About the Health Law (Wall Street Journal) Nearly 600 Russia-linked Twitter accounts tweeted about the Affordable Care Act and U.S. health policy from 2014 through this past May, new data show. Most of the nearly 10,000 tweets seem intended to pit one side against the other.
Security Patches, Mitigations, and Software Updates
Patch Tuesday, September 2018 Edition (KrebsOnSecurity) Adobe and Microsoft today each released patches to fix serious security holes in their software.
September 2018 Security Updates (Microsoft) The September security release consists of security updates for the following software
Microsoft Patches Three Actively Exploited Bugs as Part of Patch Tuesday (Threatpost) Microsoft's September Patch Tuesday release tackles three vulnerabilities actively being exploited in the wild.
Microsoft details for the first time how it classifies Windows security bugs (ZDNet) The Microsoft Security Response Center publishes two documents detailing internal procedures used by its staff to prioritize and classify security bugs.
SAP Patches Critical Vulnerability in Business Client (SecurityWeek) SAP's September 2018 patches fix a total of 14 security vulnerabilities in its products, including a critical bug in SAP Business Client.
OpenSSL 1.1.1 Released With TLS 1.3, Security Improvements (SecurityWeek) OpenSSL 1.1.1 has been released. The new Long Term Support (LTS) version brings TLS 1.3 and significant security improvements
Adobe Patches Vulnerabilities in Flash Player, ColdFusion (SecurityWeek) Adobe patches a total of 10 vulnerabilities in Flash Player and ColdFusion, but none of the flaws appear too serious
Cyber Trends
Half of US mobile traffic will be scam calls by 2019 (BetaNews) Unwanted and scam phone calls are an increasing problem. Analysis by call management company First Orion predicts that nearly half of all calls to mobile phones in the US will be fraudulent in 2019 unless the industry adopts and implements more effective call protection solutions.
Nexusguard research reveals 500 percent increase in average DDoS attack size (BusinessWire) The average DDoS attack quintupled in size to more than 26 Gbps in Q2 2018 compared to the same period last year, according to Nexusguard.
DDoS Trends Report | Half Year 2018 (Corero) The frequency of DDoS attacks is rising but the duration of these attacks is decreasing. Learn more about the current DDoS threat landscape in Corero’s Half Year 2018 DDoS Trends Report.
The Risk of Triangulation: You May Just be a Piece of the Puzzle (SecurityWeek) You have to be thinking about how your data might connect with data from other organizations or industries and how those combined data sets could be triangulated into a larger picture that ultimately puts you at risk.
Action1 Research: Top 7 Cybersecurity Challenges in 2018 (Action1) This report highlights the results of a study of what cybersecurity professionals perceive as their main challenges; which types of threats they are mostly concerned about, based on their past experience; what plans do they have to solve these challenges.
Marketplace
More Enterprise-Tech Ventures Going Public (Wall Street Journal) High valuations and rising IT budgets this year are prompting a surge in initial public offerings by business-to-business tech startups, 451 Research says.
White House Workforce Summit Aims to Future-Proof Tech Talent (Nextgov.com) The administration plans to reskill more than 300,000 employees over the next three years, including the IT workforce.
Bitdefender takes over Australian partner SMS eTech in global expansion move (Business Review) Bitdefender has announced on Tuesday the takeover of its Australian partner SMS eTech, as part of its global business expansion strategy. The acquisition
Is FireEye, Inc. a Buy? (The Motley Fool) Will this cybersecurity underdog ever rally?
PeopleSoft Security/UX Leader, GreyHeller, Announces Name Change To Appsian (PRNewswire) GreyHeller, a leading PeopleSoft application security and UX/UI solutions provider has announced today the launch of a new corporate identity, name, and website. The organization will now be known as Appsian
Meet Matthew Goodman, a 2018 CIO of the Year honoree (Tampa Bay Business Journal) Matthew Goodman, chief information officer, Digital Media Solutions
Bromium Appoints Kevin Mosher as Chief Revenue Officer (GlobeNewswire News Room) Industry veteran to orchestrate rapid growth and customer success, while expanding revenue opportunities for partners in the burgeoning Application Isolation and Containment security market
DFLabs Names Security Veteran Tito Avila Vice President of Global Sales and Business Development (BusinessWire) Tito Avila's international and domain experience will help DFLabs aggressively grow its market share, enter new markets and build a global sales team.
World-renowned Cybersecurity Veteran Richard Bejtlich Joins Corelight as Principal Security Strategist (GlobeNewswire News Room) Bejtlich brings key industry perspectives and insights on network visibility and data-centric security that will help Corelight customers, and drive sales and product development strategy
Telstra security execs Neil Campbell and Jacqui McNamara exit (CRN Australia) In line with first round of Telstra2022 cuts.
Products, Services, and Solutions
Varonis Announces Interoperability with RSA Identity Governance and Lifecycle to Detect and Mitigate Security Risks by Providing Centralized Management and Control of Sensitive Data (Varonis Systems) Varonis Systems, Inc. (NASDAQ: VRNS), a pioneer in data security and analytics, announces interoperability between Varonis DataPrivilege with RSA® Identity Governance and Lifecycle.
Digital Defense, Inc. Achieves Certified Integration with McAfee ePoli (PRWeb) Digital Defense, Inc., an industry recognized provider of security assessment solutions, today announced that it has achieved certified technical int
ThreatConnect Now Integrates with Dragos WorldView Intelligence (BusinessWire) ThreatConnect, Inc.®, provider of the industry's only extensible, intelligence-driven security platform, is proud to announce its integration with Dra
Digital Defense, Inc. Achieves Certified Integration with McAfee ePoli (PRWeb) Digital Defense, Inc., an industry recognized provider of security assessment solutions, today announced that it has achieved certified technical int
Prey Remote Installation Helps Retrieve Valuable Laptops (GlobeNewswire News Room) Ability to deploy tracking software after a device has gone missing enables companies to produce solid evidence of property theft for police action
Introducing the Hacker101 CTF (HackerOne) Capture flags all day and night in our newly launched CTF, available 24/7 at ctf.hacker101.com.
Darktrace Launches Antigena Version 2 (Darktrace) More Organizations Fight Back with Autonomous Response AI as Antigena v2 Announced
Beating the OWASP benchmark (Security Boulevard) Tl;dr; Today, we present the results of evaluating ShiftLeft’s static analysis pipeline on the OWASP benchmark, where we achieve a true positive rate of 100% at 25% false positives.
Cypaw: Risk management and data compromise prevention tool (Help Net Security) Cypaw is a risk management tool, bringing visibility and control to organisation’s digital footprint while reducing the likelihood of phishing attacks.
Project VAST Security Tool Now Rolling Out to Microsoft Premier Customers (Redmondmag) Microsoft's Project VAST is now a supported product that's offered to Microsoft Premier customers, Microsoft announced last week.
MITRE Adds Appthority as CVE Numbering Authority (CNA) (Security Boulevard) On Sep 7, 2018, MITRE announced that Appthority has joined 89 other organizations as a CVE Numbering Authority (CNA). Appthority is the first CNA that is focused on enterprise mobile threat research, and we’re proud of this designation. We look forward to participating in and supporting the CVE project and ecosystem for the benefit of
KnowBe4 Completes Rigorous SOC 2 Type 2 Data Security Exam (GlobeNewswire News Room) Company demonstrates ongoing dedication to protection of client data
KnowBe4 Boost's Training Offering to Include Privacy Focused Video Series (Markets Insider) Restricted Intelligence series on privacy and GDPR added to arsenal to fight social engineeringLONDON, Sept. 11, 2018 /PRNewswire/ -- KnowBe4, the world's l...
Technologies, Techniques, and Standards
Should DHS do more with DMARC data? (FCW) A 2017 cybersecurity directive is providing DHS with a flood of data on hackers attempting to penetrate federal systems through fake emails, but thus far the agency has not articulated a plan for using the information.
DHS wants input on threats from information-sharing organizations, promises more 'context' (Inside Cybersecurity) The Department of Homeland Security is encouraging information sharing and analysis organizations to share threat indicators with them, with an official saying today the department wants to be “more transactional and operational” with these groups and is pushing for further automation of sharing.
5G is attractive but security issues loom large, say experts (Techgoondu) A 5G connected ecosystem will have more devices, connections and data flows linked together, leading to higher security risks, experts have warned.
GDPR requires Certified Data Erasing According to Common Criteria EAL3+ (UNN) Secure Data Erasing With EU Cloud-Based Management
Google Knows Where You’ve Been, but Does It Know Who You Are? (New York Times) How looking at the location data that the company collects about you lets you see yourself in a whole new way.
Essential Elements Needed for a Successful Threat Hunt (Infosecurity Magazine) Threat hunting is vital to reduce the spread and effectiveness of attacks.
Hidden in Plain Sight: File System Protection With Cyber Deception (Security Intelligence) Decoy File Systems (DcyFS), a new file system approach recently unveiled in Paris, complement access control schemes and can help overcome many of the fundamental limitations of traditional ACLs.
Design and Innovation
Email security crisis... What email security crisis? (Register) Let them eat phish
Going Beyond a 'Walled-Garden' Approach (BankInfo Security) Security technology innovations entering the market are getting attached as features to an infrastructure that is fundamentally broken and an enforcement model that
How the industry expects to secure information in a quantum world (ZDNet) With all of the good a quantum computer promises, one of the side effects is that it will be able to break the mechanisms currently used to secure information. But the industry is onto it, and Australia's QuintessenceLabs is playing a key role.
Research and Development
Penn State scientists build quantum version of Maxwell’s demon (Ars Technica) 3D grids of super-cooled atoms could one day form the basis for a quantum computer.
High-speed quantum cryptographic communications with key distribution speeds exceeding 10 Mbps (Phys.org) Toshiba and the Tohoku Medical Megabank Organization at Tohoku University have successfully applied high-speed quantum cryptographic communications technologies developed at Toshiba and Toshiba Research Europe's Cambridge Research Laboratory to achieve world-first quantum cryptography communication at one-month-average key distribution speeds exceeding 10 Mbps over installed optical fiber lines.
DARPA Wants to Find Botnets Before They Attack (Nextgov.com) The defense agency awarded a contract to develop a tool that scours the internet for dormant online armies.
Academia
RIT cybersecurity lab named for partnership with Eaton Corp. (Monroe County Post) A penetration testing laboratory at Rochester Institute of Technology is being named the Eaton Cybersecurity SAFE Lab to recognize the university’s
Legislation, Policy, and Regulation
EU Passes Controversial Copyright Law With ‘Link Taxes’ (Motherboard) Lawmakers exempted non-commercial and smaller platforms from the directive, but opponents of the law still worry that it will lead to greater censorship on the internet.
An EU copyright bill could force YouTube-style filtering across the Web (Ars Technica) Wednesday's vote by the EU parliament has big stakes for the Internet's future.
U.S. Silently Enters New Age of Cyberwarfare (New York Magazine) Buried beneath a mound of political scandal, the Trump administration silently rescinded key regulations limiting the use of destructive cyberweapons.
Has a cyberattack constituted an act of war? Probably not yet (Fifth Domain) No NATO nation has suffered a cyber attack big enough to be an act of war -- yet.
17 Years Later: Applying Post-9/11 Lessons to Potential Cyber Attacks (Just Security) We’re not still waiting for a Cyber 9/11: It’s already unfolding.
Now we'll know less Russia is about to ban soldiers from posting about themselves on social media (Meduza) The Russian government has drafted legislation that would prohibit members of the armed forces from sharing on the Internet any information about themselves, their fellow soldiers, or the military itself.
Exclusive: Trump to target foreign meddling in U.S. elections with sanctions order (Reuters) President Donald Trump plans to sign an executive order as soon as Wednesday that will slap sanctions on any foreign companies or people who interfere in U.S. elections, based on intelligence agency findings, two sources familiar with the matter said.
White House drafting sanctions order to punish foreign interference in U.S. elections (Washington Post) The move is seen as an effort to quiet criticism of President Trump’s reluctance to blame Russia for targeting American democracy.
Cyberattacks are a constant fear 17 years after 9/11 (The Hill) Seventeen years after the 9/11 terror attacks, lawmakers are stepping up their warnings about how the next assault on the U.S. could be a cyberattack.
Understanding Cybersecurity Threats to America’s Aviation Sector (House Committee on Homeland Security) The purpose of this joint hearing is to examine the current cybersecurity threats facing the aviation sector, and to explore ways in which the aviation industry is looking at cybersecurity in general. The hearing will feature individuals from the private sector who are able to paint a clear picture of the threat landscape, and provide …
Analysis | The Cybersecurity 202: Lawmakers slam State Department for failing to meet basic cybersecurity standards (Washington Post) "Two-factor authentication is cybersecurity 101,” said Sen. Ron Wyden.
What election security funding means for state and local CIOs (GCN) State and local governments must make informed decisions about how to improve the security of their voting processes.
In a Few Days, Credit Freezes Will Be Fee-Free (KrebsOnSecurity) Later this month, all of the three major consumer credit bureaus will be required to offer free credit freezes to all Americans and their dependents.
Litigation, Investigation, and Law Enforcement
Skripal suspects 'civilians, not criminals' (BBC News) Vladimir Putin says there's "nothing special" about the men and suggests they will tell their story soon.
()
British Airways Data Hack a Test Case for GDPR (PYMNTS.com) GDPR compliance has yet to be fully embraced by firms on a global scale, yet headlines from this past week show just what the repercussions might be against a new regulatory landscape. As noted late last week, a data breach at British Airways was revealed – one that affected more than 380,000 transactions done over […]
Google’s location privacy practices are under investigation in Arizona (Washington Post) The probe focuses on Google's alleged practice of recording location data about Android device owners even when they believe they have opted out of such tracking.
FINRA takes down an unregistered cryptocurrency security (TechCrunch) FINRA, the non-profit organization that tasks itself with policing the securities industry, is charging Timothy Tilton Ayre of Agawam, Mass. with fraud and unlawful distribution of unregistered cryptocurrency securities. Ayre claimed that users could buy equity in his company, Rocky Mountain Ayre, …
AT&T Users Lack Standing In NSA Spying Suit, Court Told (Law360) The National Security Agency is pressing a California federal judge to ax a long-running putative class action accusing the agency of illegal spying, arguing that the AT&T customers leading the dispute lack standing because they have failed to offer any “competent evidence” that their communications were scooped up by the challenged surveillance.
Ex-NSA chief says he never discussed collusion with Trump (CBS News) In rare public remarks, ex-National Security Agency Director and Cyber Command chief Adm. Mike Rogers rejects reports Trump asked him to deny Russian collusion
Former NSA chief breaks with other ex-intel officials over Brennan letter (The Hill) A former director of the National Security Agency (NSA) on Tuesday split with other former intelligence officials who signed a letter condemning President Trump’s decision to revoke former CIA Director John Brennan’s security clearance.
Dealers remain on Instagram as it pushes drug searchers to treatment (TechCrunch) You don’t have to search too hard to find Xanax and Fentanyl dealers posting their phone numbers all over Instagram, but at least it’s starting to push people towards addiction recovery resources. Backlash led Instagram to perform a cursory blocking of exact drug name hashtag searches i…
