Cyber Attacks, Threats, and Vulnerabilities
Foreign government hackers target US senators, aides’ Gmail (Fifth Domain) On Thursday, Google spokesman Aaron Stein confirmed that his company had notified the Senate targets.
China is a bigger cyber threat than Russia: CrowdStrike CTO (Fox Business) CrowdStrike CTO Dmitri Alperovitch argues every major sector of the economy is being targeted by China.
Thanks NSA! Surveillance Agency Exploit Increases Illegal Bitcoin Mining by 459% (Sputnik) Illegal cryptocurrency mining has increased 459 percent year-on-year in 2018, a report has revealed - and much of the surge is down to software flaws originally identified and exploited by the National Security Agency (NSA).
Magecart claims another victim in Newegg merchant data theft (ZDNet) Updated: Researchers have found another example of Magecart's covert activities only 24 hours after the last incident concerning the prolific hacking group.
New Magecart victims ABS-CBN and Newegg are just the tip of the iceberg (Help Net Security) After Ticketmaster, British Airways and Feedify, two new Magecart victims have been identified: the broadcasting giant ABS-CBN and online retailer Newegg.
Japan hit by another cryptocurrency heist, $60 million stolen (Reuters) Japanese cryptocurrency firm Tech Bureau Corp said about $60 million in digital cur...
Account Takeover Attacks Widespread, Lead to More Efficient Phishing (TechNadu) Account Takecover Attacks are becoming widespread and the victims' emails are then used for spreading phishing campaigns, Barracuda Networks study shows.
Warning issued as Netflix subscribers hit by phishing attack (Naked Security) Netflix phishing scammers are at it again, sending emails that try to steal sensitive details from subscribers.
Multiple Malware Threats for Visitors to Pirate Websites (Informatics from Technology Networks) Over 4 000 files containing malware or potentially unwanted programmes were retrieved from more than 1 000 websites suspected of sharing illegally protected content in an EU-wide research project carried out by the European Union Intellectual Property Office (EUIPO).
Western Digital goes quiet on unpatched MyCloud flaw (Naked Security) Western Digital has failed to patch a serious security vulnerability in its MyCloud NAS drives that it was told about more than a year ago, researchers have alleged.
Unwiped Drives and Servers from NCIX Retailer for Sale on Craigslist (BleepingComputer) Servers and storage disks filled with millions of unencrypted confidential records of employees, customers and business partners of computer retailer NCIX turned up for sale via a Craigslist advertisement.
Bitcoin flaw could have allowed dreaded 51% takeover (Naked Security) The scenario was always hypothetical but the fact such a thing was even possible until this week has left some in the Bitcoin community feeling alarmed.
Unusual IoT Botnet Removes Cryptomining Malware from Devices (Security Boulevard) Security researchers have come across an unusual new botnet that infects Android devices over the debugging interface then searches for and removes Security researchers have come across an unusual new botnet that infects Android devices and then removes cryptocurrency malware.
New Vigilante Botnet Tracks Down and Destroys Crypto Mining Malware (Toshi Times) Botnets in the crypto sphere are almost always associated with illicit activities. The unsuspecting punters usually catch them by visiting shady websites or clicking on a link in a phishing email, which allows the malware to gain entry into the computer. Once inside, the malware hijacks the PC to do some dirty deed, like attacking …
New Documents Reveal Yet Another California Democratic Cyberattack (Rolling Stone) A third California congressional campaign was the subject of a successful hack earlier this year
Cyber Trends
Security data reveals worldwide malicious login attempts are on the rise (Help Net Security) According to the Akamai 2018 State of the Internet / Security Credential Stuffing Attacks report, worldwide malicious login attempts are on the rise.
Security priorities are shifting in response to increased cybersecurity complexity (Help Net Security) The increased complexity of the IT environment is causing organizations to invest more money in cybersecurity and start to focus on security priorities.
Analysis | The Cybersecurity 202: Is the U.S. prepared for another Russia hack? An interview with Greg Miller on his new book (Washington Post) The Post journalist has penned a narrative history of Moscow’s interference in the 2016 election.
Healthcare Workers Uninformed About Cybersecurity Best Practices (HealthITSecurity) Forty percent of healthcare workers would allow a colleague to use their work computer, displaying a disturbing lack of knowledge about cybersecurity best practices.
Triaging modern medicine’s cybersecurity issues (The Parallax) As technology has become the lifeblood of the health care industry, hospitals and patient care clinics are often ill-equipped to confront a Hydra-headed cybersecurity monstrosity.
Marketplace
Air Force Busts Out Credit Cards To Buy High Tech Gear (Breaking Defense) The Air Force can be an “angel investor” for some startups, said Will Roper, the service’s top acquisition official.
Google Says It Continues to Allow Apps to Scan Data From Gmail Accounts (Wall Street Journal) Google said it continues to allow other companies to scan and share data from Gmail accounts, responding to questions on Capitol Hill about privacy and potential misuse of information in users’ emails.
Google Workers Discussed Tweaking Search Function to Counter Travel Ban (Wall Street Journal) Days after the Trump administration instituted a controversial travel ban in January 2017, Google employees discussed how they could tweak the company’s search-related functions to show users how to contribute to pro-immigration organizations and contact lawmakers and government agencies, according to internal company emails.
Moss Adams combines with AsTech to expand cybersecurity consulting services (Moss Adams) Moss Adams announces its combination with AsTech Consulting, a cyberrisk management firm that specializes in application and network security.
ObserveIT Announces Several Deals over $1 Million with Fortune 500 Brands; Names Industry Veteran Dave DeWalt as Vice Chairman of the Board (Odessa American) ObserveIT, the leading insider threat management provider with more than 1,800 customers around the world, today announced continued success as global organizations seek to mitigate the risk posed by insiders. Recent momentum includes several significant Fortune 500 deals and the appointment of NightDragon Security Founder Dave DeWalt as vice chairman of the board of directors.
PacketViper appoints Don Gray as Chief Technology Officer (Help Net Security) In his new role, Gray will be responsible for the development of the PacketViper technology roadmap to help enterprises meet their security requirements.
Alert Logic Names Christopher Rajiah as Senior Vice President of Worldwide Alliances and Partnerships (GlobeNewswire News Room) Rajiah Brings Extensive Partner Experience to Expand Alert Logic’s Global Footprint
Products, Services, and Solutions
New infosec products of the week: September 21, 2018 (Help Net Security) Symantec makes elections more secure with free service to ‘spoof proof’ candidates websites Attracting users to fake websites that contain differences
wolfSSL Announces the First Commercial Release of TLS 1.3 (PRWeb) wolfSSL, a leading provider of TLS cryptography announces the world’s first commercial release of TLS 1.3. With the imminent finalization of the TLS 1.3 draft
CrowdStrike Falcon Receives FedRAMP Authorization (CrowdStrike) The CrowdStrike Falcon on GovCloud is now FedRAMP authorized to streamline the process of delivering comprehensive endpoint protection to federal entities via the cloud.
McAfee expands support for Amazon Web Services with new MVISION ePO on AWS (Help Net Security) McAfee automates management capabilities to identify and respond to threats through its new McAfee MVISION ePolicy Orchestrator on AWS.
Inside the Search Engine That Spots Traffickers, Terrorists and Money Launderers (Nextgov.com) Rooted in DARPA research, the tool shines light on the darkest corners of the internet.
Comodo PositiveSSL – A low cost HTTPS SSL certificate (Tapscape) Did you ever imagine, a one small security negligence may cause a big loss to your online business (Biggest loss $4 Billion – Source). There are many giant companies in the world, who face a significant penalty because of neglecting the importance of online data security. So, what loss these...
Disk Encryption is Smooth and Speedy in BestCrypt By Jetico (BusinessWire) Jetico releases superior disk encryption in BestCrypt Volume Encryption v4 with smoother interface and faster performance to encrypt hard drives.
NSFOCUS Introduces All-in-One Cloud Security Service for Regional Service Providers (Odessa American) NSFOCUS, a leader in holistic hybrid security solutions, announced today its newest cloud security service, Cloud-in-a-Box (CiaB), designed specifically for local and regional service providers across the globe. CiaB enables service providers to quickly deploy cloud security services with minimal expertise and without the upfront costs typically associated with creating a cloud service infrastructure.
SolarWinds Building Two-Tier MSSP to MSP Cybersecurity Partner Ecosystem (ChannelE2E) SolarWinds MSP begins to identify, recruit and empower MSSP partners that can offer threat management and SOC (security operations center) services to smaller MSPs. A two-tier security channel may emerge. Here's how.
Barracuda bundles email security offerings (CRN Australia) Total Email Protection bundle combines three products into a single SKU.
KnowBe4 Ransomware Simulator Now Includes Crypto Mining (GlobeNewswire News Room) Crypto Mining Infection Simulation Added to Show if a Workstation is Vulnerable to Infection
Veristor Partners with Mimecast to Secure Business Email and Data (PRNewswire) Companies Partner to Protect Organizations from the Threat of Email-Based Attacks
WatchGuard Unveils Trusted Wireless Environment Framework to Help Businesses Build Fast, Scalable and Secure Wi-Fi Networks (CSO) New independent report from Miercom reveals most top Wi-Fi solutions can’t automatically detect and prevent all six wireless threat categories
Thales announces advanced security for automotive, FinTech and IoT with new light-weight cryptographic curve support in nShield HSMs (Markets Insider) Thales, a leader in critical information systems, cybersecurity and data security, announces its nShield ha...
Technologies, Techniques, and Standards
AGMA Identifies Digital Authentication as Key Tool in High-Tech Industry’s Fight against Counterfeiting (GlobeNewswire News Room) More Advanced Product Marking Methods Help Even Playing Field with Fraudsters
Why identity verification needs to be a part of your digital transformation strategy (Help Net Security) Smartphones and tablets are an indispensable part of daily life, and consumers expect nothing less than a streamlined mobile experience. With this in
Why does Chrome flag Emsisoft Anti-Malware as incompatible? (Security Boulevard) After Chrome crashes, you may see a popup box warning you that Emsisoft Anti-Malware is an “incompatible application”. Why does this happen and what should you do? The post Why does Chrome flag Emsisoft Anti-Malware as incompatible? appeared first on Emsisoft | Security Blog.
First county buys voting machines under new state standards (AP News) Susquehanna County is the first Pennsylvania county to buy a voting system under new security standards by Gov. Tom Wolf's administration.
Research and Development
DARPA contract aims to design circuits in months, not years (C4ISRNET) DARPA wants to change the game for high-efficiency circuitry.
Academia
Create a safer digital world with a degree in cybersecurity (Study International) Picture a world without the internet. No websites to order our groceries, no way to instantly contact loved ones while away from home, no online banking to
iTWire - Six researchers boycott Dutch conf due to Palantir's sponsorship (iTWire) Two researchers from DATACTIVE, a University of Amsterdam project that examines the politics of big data, and four from the University of Cardiff's Da...
Legislation, Policy, and Regulation
German intelligence mulls putting largest Turkish-Islamic group under surveillance (Deutsche Welle) German intelligence is reportedly examining whether to put the Turkish-Islamic umbrella group DITIB under surveillance. The Turkish-state backed DITIB has been at the center of multiple controversies.
Britain to create 2,000-strong cyber force to tackle Russia threat (Sky News) The near four-fold increase in manpower will provide a means of "deterring states that wish to do us harm", say experts.
Protecting process infrastructure from cyber attack (Engineer Live) Some thoughts on what techniques can be employed to improve security
How the EU is building a robust and secure digital environment (Parliament Magazine) Cybersecurity poses a real, serious threat that must be addressed at EU level, says Mariya Gabriel.
National Cyber Strategy of the United States (The White House) My fellow Americans: Protecting America’s national security and promoting the prosperity of the American people are my top priorities.
White House Confirms It Has Relaxed Rules on U.S. Use of Cyberweapons (Wall Street Journal) The White House said Thursday it had rescinded a classified Obama-era memorandum dictating when the U.S. government can deploy cyber weaponry against its adversaries, acknowledging the move for the first time.
John Bolton warns of offensive cyberattacks under new Trump policy (Washington Examiner) President Trump has signed a new National Cyber Strategy document authorizing offensive cyberattacks against foreign targets, the White House announced Thursday.
White House authorizes ‘offensive cyber operations’ to deter foreign adversaries (Washington Post) John Bolton’s remarks come amid mounting concern about attacks on U.S. networks.
Trump’s new strategy calls for more cyber attacks (Fifth Domain) President Donald Trump announced a new national cyber policy that promises more offensive operations, but an expert warns it could have unintended consequences.
Defending Forward: The 2018 Cyber Strategy Is Here (War on the Rocks) Great-power strategic competition, defend forward, and prepare for war: These are the three central tenets of the newly released summary of the 2018
Analysis | The Cybersecurity 202: Trump administration seeks to project tougher stance in cyberspace with new strategy (Washington Post) But some lawmakers note it contains few specifics.
Watchdog worries Trump’s cyber strategy is not cohesive (Fifth Domain) Despite a recent flurry of strategy documents and executive orders, the Trump administration does not have a cohesive national or global cyber strategy, according to a government report.
Applying America’s Superpowers: How the U.S. Should Respond to China’s Informatization Strategy (War on the Rocks) Centuries ago, China led the world in technology innovation. It invented papermaking, printing, the compass, and gunpowder. Yet China failed to exploit
Democrat pushes changes to protect senators’ personal accounts from continued threats (Washington Post) Sen. Ron Wyden (D-Ore.) is trying to expand the Senate Sergeant at Arms’ mandate to provide protection for senators’ and staffers’ personal accounts and devices, as well as their official ones.
Senate can’t protect senators, staff from cyber attacks, Wyden warns (Ars Technica) Senate IT doesn't have authority to protect senators and staffers.
Shanahan: cybersecurity will become new measure for industry (Fifth Domain) The deputy secretary of defense says industry needs to take responsibility for their own information security.
DelBene Introduces Legislation to Regulate Consumer Privacy (U.S. Congresswoman Suzan Delbene) Today, Congresswoman Suzan DelBene introduced a bill that would change the way consumers' personal, private information is protected. Her legislation has received valuable input from both consumer advocacy groups and tech companies, and is cosponsored by Congressman Hakeem Jeffries (D-NY).
California may ban terrible default passwords on connected devices (Engadget) A proposed law could force smart device manufacturers to shore up security.
SEC: Christopher Hetner, Senior Advisor To The Chairman For Cybersecurity Policy, To Leave The Agency (Mondo Visione) <p><span>The Securities and Exchange Commission today announced that Christopher R. Hetner, Senior Advisor to Chairman Jay Clayton for Cybersecurity Policy, plans to leave the agency. Mr. Hetner will remain in the Chairman's Office during the identification of and transition to his successor. </span><strong></strong><em></em></p>
Litigation, Investigation, and Law Enforcement
U.S. Blacklists 33 Russians, Companies Linked To Military, Intelligence Agencies (RadioFreeEurope/RadioLiberty) The U.S. State Department said it was blacklisting nearly three dozen Russian people and companies with ties to military and intelligence agencies, in its latest effort to punish Moscow for “malign activities.”
Moscow Criticizes New U.S. Sanctions On Firms Linked To Russian Military, Intelligence (RadioFreeEurope/RadioLiberty) Russia's Deputy Foreign Minister Sergei Ryabkov has criticized the latest sanctions imposed against Russian firms and individuals by the United States, saying the move has increased tensions between Moscow and Washington and has "thoughtlessly" stirred up "global instability."
U.N. Report Details How North Korea Evades Sanctions (Foreign Policy) But a feud between Russia and the U.S. has kept the document from being published.
Abandoned IT Integration Linked to Danske Bank Failures (Wall Street Journal) The billions that flowed through the Estonian branch of Denmark’s largest bank may have slipped past risk analysts in part because the lender in 2008 dropped plans to integrate the branch into its group-level information technology platforms.
ICO levels first ever GDPR fine against AggregateIQ (Computing) The company has 30 days to audit its data practises, or face the maximum £17 million fine
NSA curbs spying after security breach (POLITICO) Feds ask for eight-year sentence for ex-NSA computer engineer who worked in unit targeting foreign computers.
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO (Dark Reading) Suit underscores longtime battle between vendors and labs over control of security testing protocols.
NSS Labs Sues CrowdStrike, Symantec, ESET, AMTSO for Alleged Testing Conspiracy (BleepingComputer) NSS Labs has filed an anti-trust law suit against CrowdStrike, Symantec, ESET, and the Anti-Malware Testing Standards Organization (AMTSO) over an alleged conspiracy to prevent independent testing companies from performing unbiased reviews of security software.
Silk Road suspect Gary Davis in talks with US prosecutors over plea deal (Times) An Irish man being held in New York accused of helping to run Silk Road, the dark web black market, has begun negotiations with prosecutors on a plea deal. Gary Davis, 29, was extradited to the...
Romanian woman pleads guilty in D.C. police camera ransomware attack before 2017 Trump inauguration (Washington Post) Attack on police servers exposed Romanian financial and computer fraud ring
Man who shared Deadpool movie on Facebook faces 6 months in jail (Naked Security) US government recommended six months behind bars. That’s one month for every million people that viewed a part of the pirated movie, apparently.
Algorithms in the justice system: Should computers decide our fate? (Computing) James Kitching, Solicitor - Corporate, Coffin Mew, examines the phenomenon of decisions being made by machines in the justice system