Cyber Attacks, Threats, and Vulnerabilities
Arrest of top Chinese intelligence officer sparks fears of new Chinese hacking efforts (ZDNet) Suspect is a top official in one of China's intelligence agencies, accused of controlling China's state hacking operations.
China a bigger security threat than Russia, says FBI Director Wray (Washington Post) FBI Director Christopher A. Wray and Secretary of Homeland Security Kirstjen Nielson said Oct. 10 China was waging an influence campaign ahead of November's election and was the greatest long-term counterintelligence threat to the United States.
China is ahead of Russia as 'biggest state sponsor of cyber-attacks on the West' (The Telegraph) China has become the biggest state sponsor of cyber-attacks on the West, primarily in its bid to steal commercial secrets, according to a report today by one of the world’s largest cybersecurity firms.
Analysis | The Cybersecurity 202: Lawmakers press for answers about China's alleged supply chain hack (Washington Post) Senior officials continue to push back on the Bloomberg report.
NSA cybersecurity head can't find corroboration for iCloud spy chip report (AppleInsider) The senior advisor for Cybersecurity Strategy to the director of the National Security Agency has advised there is a lack of evidence relating to both of Bloomberg's recent espionage-related stories, and has openly requested for people with knowledge of the situation to provide assistance.
China's Alleged Big Hack -- 'No There, There' (RealClearPolitics) Responding to Bloomberg’s blockbuster story last week regarding China’s alleged implanting of microchips into the U.S. supply chain, National Security Agency official Rob Joyce says the...
Apple and Amazon hacked by China? Here’s what to do (even if it’s not true) (Naked Security) Are major US companies really under attack from Chinese “zombie microchips” – and what should we do, whether it’s true or not?
Detail of Dutch reaction to Russian cyber attack made public deliberately (ComputerWeekly) Four Russian intelligence officials were expelled from the Netherlands after an attempted hack on the global chemical weapons watchdog. The Dutch government has been open about the detail.
Russia strongly rejects accusations of cyber attack against OPCW, says delegation head (TASS) Russia strongly rejects accusations of cyber attack against OPCW, says delegation head
With Various Threats, How Secure Is the 2018 Vote? (Government Technology) Texas registrations are at an all-time high, is the state ready for a secure Election Day?
These are the hackers targeting the midterm election (CBS News) Russia, China, Iran, and hacktivist groups are meddling with elections in the U.S. and around the world
DHS chief: Security sensors will monitor cyber threats for midterms (UPI) The Department of Homeland Security will deploy security sensors to protect voters from cybersecurity threats before the midterm elections.
The Problem Isn’t Fake News From Russia. It’s Us. (Foreign Policy) Propaganda has long affected elections around the world because publics have an appetite for it.
Russia Is 4chan, China Is Facebook (Foreign Policy) Mike Pence’s equation of Beijing’s influence with Moscow’s hacking was misleading and dangerous
Google Is Handing the Future of the Internet to China (Foreign Policy) The company has been quietly collaborating with the Chinese government on a new, censored search engine—and abandoning its own ideals in the process.
Thieves and Geeks: Russian and Chinese Hacking Communities (Recorded Future) Insikt Group analyzed posts, advertisements, and interactions within criminal forums to explore the organization of Chinese and Russian hacking communities.
China's clampdown on Tor pushes its hackers into foreign backyards (Register) Comparing Middle Kingdom's hacker forums to Russia's? Apples and pears
Hacking Forums Serve Different Purposes for Russian and Chinese Hackers (BleepingComputer) A peek into the cybercriminals underground of Russian and Chinese hackers reveals sharp differences between the two communities in terms of interests and the way they run their businesses, often shaped by state laws and unwritten norms.
CartThief: A Variation on the Magecart Scheme (The Media Trust) Digital Security & Operations Manager Mike Bittner describes a recent variant of the Magecart malware.
New Threat Group Conducts Malwareless Cyber Espionage (Dark Reading) Gallmaker group is relying exclusively on legitimate tools and living-off-the-land tactics to make detection very difficult.
Security Patches, Mitigations, and Software Updates
Facebook's WhatsApp says has fixed video call security bug (Reuters) Facebook Inc's WhatsApp messenger service said on Wednesday it has fixed th...
Google Privacy Upgrades Could Jolt Gmail App Developers (Wall Street Journal) Google’s plan to put more limits on access to Gmail user data is likely to disrupt business for scores of app developers whose services are based on the world’s most popular email service.
Instagram tests sharing your location history with Facebook (Naked Security) Instagram is testing Facebook Location History – which allows the tracking of precise locations from your device – in its app.
Cyber Trends
Cofense Report Reveals 10 Percent of User-Reported Emails Across Key Industries are Malicious, Over Half Tied to Credential Phishing - Cofense (Cofense) The 2018 State of Phishing Defense Report highlights top phishing email subjects and industries most susceptible and resilient to phishing attacks
Most Fortune 50 companies unprepared for major DNS attack (Help Net Security) ThousandEyes has found that 68 percent of the top 50 companies on the Global Fortune 500 rankings are not adequately prepared for the next major DNS attack.
Deloitte Survey Finds Many CEOs and Boards May Be Missing the Mark on Strategic Risk Investment and Readiness (PR Newswire) In a report released today by Deloitte, most (96 percent) CEOs and board members say they expect their organizations...
The State of Online Privacy in the US: 2018 (BestVPN) BestVPN surveyed 1,000 US consumers to understand the state of online privacy in 2018. This report reveals a significant knowledge gap and suggests that, despite their fears, US citizens are not protecting themselves against the ever-growing number of cyber-threats. The State of Online Privacy in the US: 2018 offers advice to citizens concerned about protecting their digital privacy.
CyberPolicy Cyber Report 2018 (CyberPolicy) Full scope view of the trending cyber insurance market for small to medium size businesses.
2018 User Risk Report (Wombat) Our free cybersecurity report reveals how end users’ personal technology habits are impacting global organizations’ device, data, and system security.
STEALTHbits Technologies Partners with the Ponemon Institute to Reveal the Current State of Data Access Governance (GlobeNewswire News Room) STEALTHbits Technologies Inc., a cybersecurity software company focused on protecting an organization’s sensitive data and the credentials attackers use to steal that data, today announced their partnership with the Ponemon Institute to release a study on the current state of Data Access Governance.
Marketplace
VMware's CEO has a vision that should terrify the security industry: 'Start getting rid of products' (Business Insider) In an interview on Monday at the Best of Breed conference, VMWare CEO Pat Gelsinger talked about how reducing the number of security products a company uses can actually make you more secure.
Cybersecurity in organizations must enable competitive advantage while they continue to protect and optimize security, EY report reveals (EY) A year after organizations were rocked by a series of large-scale cybersecurity breaches and ongoing recriminations over state-sponsored interventions, this year’s EY Global Information Security Survey 2018-19 (GISS) Is cybersecurity about more than protection? shows cybersecurity continuing to rise up the board agenda.
Leaked Google research shows company grappling with censorship and free speech (The Verge) A rare look at how the employees of the world’s most powerful search engine are trying to balance two opposing forces
Does Facebook Need a Constitution? (Intelligencer) Facebook’s gestures toward “free speech” make it sound like a liberal democracy. But where are its checks and balances?
Imperva Announces Agreement to Be Acquired by Thoma Bravo (BusinessWire) Imperva announced it has entered into a definitive agreement to be acquired by leading private equity technology investment firm Thoma Bravo, LLC.
Singtel to buy Australian cyber security firm for A$23.3 million (The Business Times) SINGTEL'S Australian subsidiary has inked a deal to buy a privately held cyber security firm incorporated in Victoria state, which will be integrated into the group's Trustwave cyber security arm. Read more at The Business Times.
AppRiver Acquires Endpoint Security Provider Total Defense (ChannelE2E) AppRiver acquires Total Defense for consumer & small business endpoint security. MSP-friendly software companies push deeper into cybersecurity.
Digital Risk Management Platform CybelAngel Raises $12 Million to Fuel Growth in Cybersecurity Market and Expand Globally (Cision) CybelAngel offers an industry-leading solution that proactively protects organizations from digital threats across...
Egnyte hauls in $75M investment led by Goldman Sachs (TechCrunch) Egnyte launched in 2007 just two years after Box, but unlike its enterprise counterpart, which went all-cloud and raised hundreds of millions of dollars, Egnyte saw a different path with a slow and steady growth strategy and a hybrid niche, recognizing that companies were going to keep some content…
Generali launches cyber security venture (International Travel & Health Insurance Journal) Italian general insurer Generali has announced the launch of a new startup company, through which it will offer cyber security solutions via a web-based platform.
GDPR has cut ad trackers in Europe but helped Google, study suggests (TechCrunch) An analysis of the impact of Europe’s new data protection framework, GDPR, on the adtech industry suggests the regulation has reduced the numbers of ad trackers that websites are hooking into EU visitors. But it also implies that Google may have slightly increased its marketshare in the regio…
3 Cybersecurity Stocks That Should Help Investors Lock Up Gains (InvestorPlace) Cybersecurity stocks CARB, PANW and SAIC are 3 excellent stocks to buy that will serve as great investing vehicles in online security.
Will Cloud Security Expansion Lift Symantec Back Into the Black? (SDxCentral) Symantec rolled out cloud security updates today that supoort AWS and Microsoft Azure and extend its cloud access security broker services.
Lastline Joins Cyber Threat Alliance, Supporting its Mission to Improve Cybersecurity Industry Cooperation and Information Sharing (PR Newswire) Lastline®, the leader in AI-powered network security, today announced that is has joined the Cyber Threat...
Former Cisco cybersecurity exec, now a VC, says startups need to keep potential M&A in mind (Silicon Valley Business Journal) Karthik Subramanian joined Evolution Equity Partners last month to help the Zurich- and New York-based firm establish an office in the Menlo Park-Palo Alto area, one of two high-level venture defections in September from Cisco's security unit.
IOActive Engages Tom Brennan to Accelerate East Coast Client Operations (IOActive) Industry Veteran Joins IOActive to Serve as Software Security Strategist
SecureAuth Bolsters Leadership Team (GlobeNewswire News Room) Newly-created positions, appointments, and diversity program emphasizes experience, inclusion, and greater cultural understanding in the workforce
Cyber accelerator Mach37 has some new bosses — and we have the details (WTOP) The Mach37 Cybersecurity Accelerator is officially under new management — sort of. The Center for Innovative Technology and Alexandria-based startup consulting firm VentureScope entered into a joint…
Products, Services, and Solutions
Comodo CA and Device Authority collaborate for security and authentication of IoT devices (Wire19) Comodo CA is collaborating with Device Authority to provide enterprises an IoT (internet of things) solution for private PKI networks.
Immediate Insight App from FireMon Now Available on the Palo Alto Networks Application Framework (BusinessWire) FireMon announced the availability of its Immediate Insight app for the Palo Alto Networks® Application Framework.
Carbon Black and Secureworks to Expand Long-Time Partnership By Applying Red Cloak™ Analytics to Carbon Black’s Cb Predictive Security Cloud™ (PSC) (GlobeNewswire News Room) By combining Secureworks’ behavioral analytics with Carbon Black’s unfiltered PSC data, joint customers will see immediate ROI when investigating advanced attacks
Thycotic Selects Cylance to Boost Application Control Management and Endpoint Protection (Cylance) Partnership at the Intersection of User Least Privilege Management and AI-Driven Malware Prevention Designed to Stop Adversaries from Using Malicious Applications to Access Restricted Data
Akamai platform enhancements bolster security and agility for digital businesses (Help Net Security) Akamai Intelligent Edge Platform now has security automation, threat protection for web apps, real-time insights, and improved efficiencies to the edge.
The Paranoids at Oath Take Bug Bounties to Argentina: h1-5411 Recap (HackerOne) HackerOne kicked off its first South America live hacking event in Buenos Aires, Argentina! Oath, a media and tech company, under which Yahoo, AOL, Verizon Digital Media Services, TechCrunch and many more dynamic brands fall, opened up their assets to 53 hackers in their second live hacking event in 2018.
Avast 2019 extends AI technology to block phishing attacks for enhanced security (Help Net Security) Avast 2019 includes Do Not Disturb Mode, Sensitive Data Shield, as well as improved threat detections based on AI and visual recognitions.
Juniper Networks fosters adoption of network automation (Help Net Security) Juniper EngNet features access to virtual devices that run in the cloud, documentation and a suite of tools to move from manual to automated operations.
Alert Logic Grows Container Security Capabilities (eWEEK) Alert Logic is moving its container security support beyond Amazon Web Services and now supports Microsoft Azure--in addition to on-premises deployments of containers and Kubernetes.
AVG 2019 now includes enhanced phishing threat detection (Help Net Security) AVG 2019 security software now includes Do Not Disturb Mode, Sensitive Data Shield, and enhanced phishing threat detection.
Kisco Bolsters Network Socket Security (IT Jungle) IBM i shops that are serious about security should monitor all potential ingress routes into their computer systems, including network socket connections. Now Kisco Information Systems is supporting the latest network socket technology in IBM i 7.2 with its network security tool, SafeNet/i. The Internet is a double-edged sword. On the one hand, the network
Technologies, Techniques, and Standards
Cyber Security is an Integral Part of Systems Engineering (Control Global) Network monitoring is necessary but not sufficient to cyber secure control systems and prevent long term equipment damage and is intractable. Making cyber security an engineering problem can make an intractable network problem tractable, prevent long term equipment damage, improve safety and reliability, and help in identifying impacts from supply chain threats.
What is IAM? Identity and access management explained (CSO Online) IAM products provide IT managers with tools and technologies for controlling user access to critical information within an organization.
Your backup data sets can become a treasure trove for advanced threat detection (Help Net Security) When accessible, backup files and their metadata are a treasure trove of context-rich cybersecurity data, according to HotLink.
Does Your SOC Have a Security Playbook? (Security Intelligence) By creating, regularly reviewing and maintaining a security playbook, SOC leaders can position analysts to execute incident response processes more quickly and effectively.
War of the digital worlds: A day in the life of a threat intelligence analyst (International Business Times UK) If a company or individual is powerful, they are vulnerable to a dangerous cyber attack, and that's where we come in.
Design and Innovation
Modernizing the Social Security Number (McAfee) A Foundation for Online Authentication of Identity
Cyber Researchers Propose a ‘Smart’ Social Security Card (Nextgov.com) Instead of ditching the SSN as an identifier, the government could take steps to modernize it.
Microsoft donates 60,000 patents to open source as it joins Open Invention Network (Computing) What a difference a decade makes.
Research and Development
Intel Collaborates on New AI Research Center at Technion, Israel’s Technological Institute (BusinessWire) Intel (NASDAQ: INTC): What’s New: Technion*, Israel’s technological institute, announced this week that Intel is collaborating with the institute on i
BlackBerry Server Tackles Quantum Computing Security Concerns (eWEEK) BlackBerry will add a quantum-resistant server to its cyber-security platform, and Splunk advances data platforms for what's next.
Legislation, Policy, and Regulation
EU Lawmakers Back Measures to Avoid Repeat of Facebook Scandal (Bloomberg) A European Parliament committee backed draft proposals aimed at avoiding a repetition of the scandal in which the data of millions of Facebook users ended up in the hands of the political consultancy Cambridge Analytica.
Exclusive: Vietnam cyber law set for tough enforcement despite... (Reuters) Vietnam is preparing to strictly enforce a new cybersecurity law requiring globa...
Lawmakers Push to Rein In Tech Firms After Google+ Disclosure (Wall Street Journal) Top lawmakers argued Wednesday that Congress needs to rein in big tech companies, citing revelations about Google+ as the latest example of questionable practices involving consumers’ private information.
Treasury Spells Out New Rules on Foreign Deals Involving U.S. Technology (Wall Street Journal) New regulations will require all foreign investors in certain deals involving critical U.S. technology to submit to national security reviews or face fines as high as the value of their proposed transactions.
The New Cyber Strategy Frees Up U.S. Cyber Muscle. How Will It Be Flexed? (CyberDB) The Strategy consists of four primary pillars designed to guide how the United States will undergo defensive, and perhaps more importantly...
Trump's praise for North Korea complicates cyber deterrence (TheHill) President Trump’s recent goodwill toward North Korea is at odds with his administration’s attempts to crack down on the country’s cyberattacks, and experts say the president’s plaudits could hinder U.S.-led efforts
Weichert: Government 'paralyzed by the embarrassment of data' it can't use (Federal News Network) Days after President Donald Trump announced his intention to name her the acting director of the Office of Personnel Management, Margaret Weichert highlighted opportunities to commercialize government data.
Want Safer Internet of Things? Change Government Buying Rules. (Nextgov.com) Federal agencies could shape the security of connected devices by using the Federal Acquisition Regulation.
Litigation, Investigation, and Law Enforcement
U.S. Detains Alleged Chinese Spy It Says Tried to Steal GE Trade Secrets (Wall Street Journal) An alleged Chinese intelligence operative arrested in Belgium has been brought to the U.S. and charged with conspiring to steal trade secrets from GE Aviation and other companies, marking a rare break for the U.S. in its effort to target Chinese industrial spying.
Chinese Intelligence Officer Charged with Economic Espionage Involving Theft of Trade Secrets from Leading U.S. Aviation Companies (US Department of Justice) A Chinese Ministry of State Security (MSS) operative, Yanjun Xu, aka Qu Hui, aka Zhang Hui, has been arrested and charged with conspiring and attempting to commit economic espionage and steal trade secrets from multiple U.S. aviation and aerospace companies. Xu was extradited to the United States yesterday.
How the US Forced China to Quit Stealing—Using a Chinese Spy (WIRED) For years, China has systematically looted American trade secrets. Here's the messy inside story of how DC got Beijing to clean up its act for a while.
A Trio of Wealthy Russians Made an Enemy of Putin. Now They’re All Dead. (Wall Street Journal) Nikolai Glushkov, a close associate of the late oligarch Boris Berezovsky, was preparing to testify that Aeroflot was a corrupt instrument of Russian intelligence. Then, on the eve of his court date, he was strangled to death with a dog leash.
Mueller Target Gets Six Months in Prison for Selling Bank Data to Russians (Wall Street Journal) A California man who pleaded guilty to providing stolen bank-account information to Russians was sentenced to six months in prison, the longest prison term to date from Robert Mueller’s inquiry.
Broadcom Says It's Victim of Fraudulent Memo on CA Deal Risk (Bloomberg) Broadcom Inc., which is closing in on a purchase of CA Technologies Inc., said it is the victim of a fraudulent effort to raise national security concerns about the deal.
Tell truth about Jamal Khashoggi, Donald Trump urges Saudi rulers (Times) President Trump has demanded a personal explanation from the Saudi government for the disappearance of the journalist Jamal Khashoggi amid signs that the United States believes Turkish accounts...
The Global Financial System Is Dying in a London Courthouse (Foreign Policy) A legal battle between Russia and Ukraine is an unprecedented instance of war by other means—and an example that others will soon follow.
‘Mrs McMafia’ Zamira Hajiyeva was waved into Britain (Times) The “McMafia” suspect targeted by Britain’s first unexplained wealth order was given a “golden visa” to live in the UK eight years ago without any checks on the source of her fortune. The woman...
UAE holds Durham student Matthew Hedges in solitary over spying claim (Times) A British student has been held in solitary confinement in the United Arab Emirates for five months after being accused of spying. Matthew Hedges, 31, was seized at Dubai airport in May as he tried...
Cyber tormentor leaves a trail that lands him 17.5 years (Naked Security) Ryan S. Lin pleaded guilty to cyberstalking, distribution of child abuse imagery, hoax bomb threats, computer fraud and abuse, and ID theft.