Cyber Attacks, Threats, and Vulnerabilities
After North Korean summit, cyberattacks continued (Fifth Domain) Analysts say that after North Korean leader Kim Jong-Un met President Donald Trump, the hermit kingdom's cyberattacks continued.
NOKKI Almost Ties the Knot with DOGCALL: Reaper Group Uses New Malware to Deploy RAT (Palo Alto Networks Blog) Reaper Group uses custom malware family called DOGCALL to deploy RAT. Get the full report.
The Kingdom Came to Canada: How Saudi-Linked Digital Espionage Reached Canadian Soil (The Citizen Lab) In this report, we describe how Canadian permanent resident and Saudi dissident Omar Abdulaziz was targeted with a fake package delivery notification. We assess with high confidence that Abdulaziz’s phone was infected with NSO’s Pegasus spyware. We attribute this infection to a Pegasus operator linked to Saudi Arabia.
Analysis | The Cybersecurity 202: Facebook disclosed a major hack very quickly. But the alert was short on details. (Washington Post) That's the tradeoff as companies face pressure to disclose breaches sooner.
40 million more likely affected by massive Facebook data leak - Bitdefender (Security Brief) Almost 50 million accounts have been compromised through a daisy-chained vulnerability in the View As feature, which allowed an unknown party to snatch authentication tokens of 50 million users.
Several Bugs Exploited in Massive Facebook Hack (SecurityWeek) Facebook shares more details about the massive hack affecting 50 million accounts, including the exploited bugs, impact on users, attack timeline, and impact on Facebook
Facebook can’t keep you safe (TechCrunch) Another day, another announcement from Facebook that it has failed to protect your personal information. Were you one of the 50 million (and likely far more, given the company's graduated disclosure style) users whose accounts were completely exposed by a coding error in play for more than a year? …
YouTube hosts 'how to hack Facebook' videos (The Telegraph) Google is hosting tutorials on how to hijack Facebook accounts using a similar method to the hackers who had gained access to the personal data of 50 million users.
Industry Reactions to Facebook Hack (SecurityWeek) Industry professionals comment on the Facebook data breach that affected 50 million accounts and resulted in the tokens of 90 million users being reset
Weak Passwords Abused for 'FruitFly' Mac Malware Distribution (SecurityWeek) FruitFly, a piece of Mac malware that infected thousands of machines over the course of more than 13 years, was being distributed via poorly protected external services
Vulnerable Android password managers make phishing attacks easier (Help Net Security) Vulnerable Android password managers can be tricked into entering valid login credentials into phishing apps, a group of researchers has discovered.
Telegram Leaks User IP Addresses (SecurityWeek) A vulnerability in Telegram Desktop results in the end-user public and private IP addresses being leaked during a call, a security researcher has discovered.
Google sells ads to fraudsters despite pledge to crack down (Times) Google is allowing fraudsters to advertise at the top of search results despite its pledge to tackle the practice, an investigation by The Times has found. The search giant has been condemned as...
Torii IoT Botnet Takes Mirai to a New Level (Infosecurity Magazine) Advanced modular threat targets several architectures
'Short, Brutal Lives': Life Expectancy for Malicious Domains (Dark Reading) Using a cooling-off period for domain names can help catch those registered by known bad actors.
RDP Increasingly Abused in Attacks: FBI (SecurityWeek) Hackers leveraging the remote desktop protocol (RDP) have been on the rise for the past couple of years, fueled by the emergence of dark markets selling RDP access, the FBI warns.
RDP attacks on the rise warns FBI, DHS (SC Media) The FBI and DHS issued a joint warning to consumers and business on the increasing use of the Remote Desktop Protocol (RDP) administration tool as an attack vector.
Tory App Snafu Exposes Ministers’ Personal Info (Infosecurity Magazine) Error led to defacements and prank calls
Ransomware Casts Anchor at the Port of San Diego (Infosecurity Magazine) No waterfront woes for ships and boats after Port of San Diego fell victim to ransomware
Cyber-attack Revisits Nepal Government Websites! (Nepali Sansar) A hacker has reportedly hacked the country’s only international airport’s, the Tribhuvan International Airport (TIA), official website on September 28, 2018
Cyber Trends
Synopsys Releases BSIMM9 Study Highlighting Impact of Cloud Transformation and Growth of Software Security Community (Synopsys) Synopsys, Inc. (Nasdaq: SNPS) today released BSIMM9, the latest version of the Building Security In Maturity Model (BSIMM) designed to help organizations plan, execute, and measure their software...
Marketplace
The Scandals Bedevilling Facebook (SecurityWeek) The incident affecting 50 million accounts is the latest in a series of scandals involving Facebook
Facebook pledges not to make Instagram a 'replica' of Facebook (The Telegraph) Facebook has pledged not to make Instagram “a replica of Facebook” following the sudden departure of its founders last week.
NYC wants to build a cyber army (TechCrunch) Empires rise and fall, and none more so than business empires. Whole industries that once dominated the planet are just a figment in memory’s eye, while new industries quietly grow into massive behemoths. New York City has certainly seen its share of empires. Today, the city is a global cente…
Northern Virginia firms merge to form new 'converged security' company (Washington Business Journal) Two Northern Virginia companies have combined to create a “converged security” company offering both cyber and physical security services to government and commercial clients.
Gremlin raises $18 million, announces Application Level Fault Injection (Help Net Security) Gremlin raises $18MSeries B and launches ALFI, enabling companies to build resilient serverless environments in production.
Belden and Claroty Announce Strategic Partnership (BusinessWire) Companies Deliver Integrated Cybersecurity Solution for Deep, End-to-End Visibility and Real-Time Monitoring Across Industrial Networks.
DXC Connect lands Cisco network security contract with Department of Parliamentary Services (CRN Australia) Department of Parliamentary Services awards $2.8m contract.
Intelligent Waves wins spot on US Army’s ITES-3S Services contract (Army Technology) Intelligent Waves has secured a contract position on the US Army’s Information Technology Enterprise Solutions—3 Services (ITES-3S) award.
Optiv Security Continues to Invest in Canada; Further Supports International Growth Strategy (Odessa American) Optiv Security, the world’s leading security solutions integrator, today announced its continued investment in the Canadian market with the hiring of seasoned information management and cyber security executive Michael Doucet as executive director, office of the CISO. Doucet will help public and private clients plan, create and execute security strategies, with a focus on reducing the complexity of their cyber security programs and realizing the efficacy and value of the in-place systems.
Is Akamai Technologies, Inc. a Buy? (The Motley Fool) The content distribution veteran is making some good moves, but how much higher can its stock fly?
Products, Services, and Solutions
Ntrepid Analysts Utilize Timestream Solution To Generate Detailed Case Study of Russian GRU Interference in 2016 U.S. Presidential Election (BusinessWire) Ntrepid today announced that analysts using Timestream have compiled a detailed case study of Russian GRU interference in the 2016 election.
Morphisec announces interoperability with RSA NetWitness Platform (Help Net Security) Morphisec’s Endpoint Threat Prevention Platform certified as ‘RSA Ready’ with RSA NetWitness SIEM for threat prevention visibility and analyst response.
Microsoft trademarks Pluton, their IoT security subsystem for Azure Sphere (MSPoweruser) Microsoft has applied for a trademark for Microsoft Pluton, their IoT security subsystem for Azure Sphere. Pluton is the secure boot system which ensures the firmware and hardware has not been compromised and ensures that communication with the Azure back-end is secure. It also controls the Wi-Fi hardware to ensure compromised IoT applications cannot be …
Microsoft encouraging backup via OneDrive using Windows Security Alerts (MSPoweruser) Microsoft is already offering protection of your important files from Ransonware via back-up to OneDrive, and now HTNovo reports that Microsoft will be using Windows Security Alerts to encourage users to enable this feature. The new feature is found in the Windows 10 October 2018 update and will alert users via the very effective yellow …
Upgrade Path for Microsoft Customers (Versasec) With Microsoft Pulling FIM/MIM Support, Versasec Builds Seamless Migration Path to vSEC:CMS
Technologies, Techniques, and Standards
TLS is Dead, Long Live TLS (Infosecurity Magazine) Why adoption of TLS 1.1 is being forced by the PCI council.
True password behaviors in the workplace revealed (Help Net Security) LastPass released the first annual, “2018 Global Password Security Report,” revealing true password behaviors in the workplace.
Introducing the 2018 Benchmark Security ScoreExplore the Data (Lastpass) Explore the state of password security in 2018 & what you can do to stay secure. LastPass has analyzed 43,000 business to show where password habits fall short.
How VMtech and Cylance prevented a trojan attack on the Sydney Opera House (CRN Australia) Approximately 1300 endpoints protected from attackers.
It only takes one data point to blow open a threat investigation (Help Net Security) Hackers are creatures of habit. Once you know how to connect the dots between the activity you’re seeing, you’ll be able to spot suspicious patterns.
Speed of Cyber Is Not Always in Milliseconds (SIGNAL) U.S. Army officials offer lessons learned from the third annual Cyber Blitz.
The Lie Generator: Inside The Black Mirror World of Polygraph Job Screenings (WIRED) Want to become a police officer, firefighter, or paramedic? A WIRED investigation finds government jobs are one of the last holdouts in using—and misusing—otherwise debunked polygraph technology.
Design and Innovation
Boffin: Dump hardware number generators for encryption and instead look within (Register) Chip timing could be as effective and harder to hack
Digital IDs Are More Dangerous Than You Think (WIRED) Opinion: Digital identification systems are meant to aid the marginalized. Actually, they're ripe for abuse.
The future of AI is not in sentient robots, but it might be in gaming (Computing) Recent developments, though impressive, showcase the weaknesses of today's artificial intelligence,Big Data and Analytics ,Gaming,OpenAI.com,OpenAI,Dota 2,eSports,datastrategy
Research and Development
Math Titans Clash Over Epic Proof of the ABC Conjecture (WIRED) Two mathematicians say they found a glaring hole in a proof that has convulsed the math community for years.
DARPA Blockchain Programs (CoinCentral) In September 2017, the Defense Advanced Research Projects Agency (DARPA) approved research into blockchain technology.
UTSA wins NSF grant to create machine-learning system to unmask malware attacks (EurekAlert!) The University of Texas at San Antonio, proposes the creation of a malware recognition algorithm which will unmask malicious software, and with a new grant from the National Science Foundation (NSF).
Academia
ReliaQuest commits $1 million to prepare students for careers in cybersecurity at the University of South Florida Muma College of Business (PR Newswire) ReliaQuest, the leader in security model management, today announced that it has committed a $1 million gift to the...
Legislation, Policy, and Regulation
Microsoft kicks off Digital Peace Now initiative to #stopcyberwarfare (Neowin) This weekend, Microsoft has launched a petition to unite digital citizens in calling upon the world's governments to protect the online world and its communities rather than weaponizing them.
NATO Ops Center Goes 24/7 To Counter Russians: Gen. Scaparrotti (Breaking Defense) NATO is dusting off Cold War concepts such as deterrence, rapid reinforcement and battle readiness as it faces a Russian destabilization campaign.
China's Global Propaganda Is Aimed at Bosses, Not Foreigners (Foreign Policy) Chinese reporters overseas are rewarded for whiny nationalism, not persuasive argument.
How the US cyber force is maturing (Fifth Domain) U.S. Cyber Command is moving past building to operational readiness.
Happy new (fiscal) year! Feds want more electronic warfare and cybersecurity tools (Fifth Domain) As the new federal fiscal year begins, cybersecurity firms and analysts predict that electronic warfare and managed services will be top priorities for the U.S. government.
Massive Facebook breach spurs calls for regulation (Fifth Domain) Facebook announced Sept. 28 that 50 million accounts have been infiltrated in a hack, which comes amid a storm of proposals that the social media giant should be regulated.
Advocates Call on Senate to Invite Consumer Privacy Experts to Testify (Center for Digital Democracy) Dear Chairman Thune and Ranking Member Nelson, We appreciate your interest in consumer privacy and the hearing you convened recently to explore this topic.
New Zealand’s ‘digital strip searches’: Give border agents your passwords or risk a $5,000 fine (Washington Post) Travelers who refuse to surrender passwords, codes and encryption keys could be fined up to $5,000, according to a law that took effect Monday.
Litigation, Investigation, and Law Enforcement
U.S. Takes on Russia’s Favorite Money Haven: Cyprus (Wall Street Journal) Washington regulators are cracking down on money laundering and penalizing wealthy Russians on a tiny Mediterranean island as they try to check Moscow’s power in Europe.
FBI Director Implores Corporate Boards to Join Cyber Fight (Nextgov.com) Companies should amp up protections and be wary of deals that expose U.S. intellectual property, FBI Director Chris Wray says.
The FBI and Corporate Directors: Working Together to Keep Companies Safe from Cyber Crime (Federal Bureau of Investigation) FBI Director Christopher Wray’s remarks at the National Association of Corporate Directors Global Board Leaders Summit, Washington, D.C.
EFF Pushes Back Against NSA Bid To End Spying Challenge (Law360) The Electronic Frontier Foundation has laid out additional evidence to support its long-running California federal lawsuit claiming that the National Security Agency unlawfully spied on hundreds of millions of unsuspecting Americans through mass surveillance programs, it said Monday.
SIE Europe: Data sharing initiative to combat cybercrime launches (Help Net Security) SIE Europe UG emerged from stealth mode to launch an initiative to enable European organisations to contribute and share Internet data.
Failure to Protect Data Costs Bupa £175,000 (Infosecurity Magazine) ICO fines Bupa the maximum penalty under Data Protection Act of 1998.
Tesco Bank FCA fine proves its not just the ICO that will fine companies for security breaches, say lawyers (Computing) Companies that don't take security seriously enough could be hit with multiple fines from different regulators.
Royal Commission scorns banks' compliance tools (CRN Australia) Banks had little visibility of compliance.
Cops Can Legally Force You to Unlock Your Phone With Your Face (WIRED) For the first publicly documented time, law enforcement has used Face ID to forcibly unlock someone's iPhone. It won't be the last.
Police to Seattle’s techies, streamers: Sign up for our anti-swatting service [Updated] (Ars Technica) Dept's video includes guns-drawn response to hoax call, "sounds... like swatting to me."