Cyber Attacks, Threats, and Vulnerabilities
White House: Strava heat map is a "security risk" (Axios) And they are "absolutely" weighing responses.
Mattis orders review of how troops use Fitbits, other fitness apps following breach (Military Times) Defense Secretary Jim Mattis has directed a DoD-wide review of fitness app use policies following the news this weekend that an app used by troops revealed sensitive military information, the Pentagon said Monday.
Researchers Connect Lizard Squad to Mirai Botnet (SecurityWeek) Lizard Squad and Mirai, which are responsible for a series of notorious distributed denial of service (DDoS) attacks, are connected to one another, a recent ZingBox report reveals.
Top Dutch Banks, Revenue Service Hit by Cyber Attacks (SecurityWeek) The top three banks in the Netherlands and the Dutch Revenue Service, have been by cyber attacks over the past week, blocking access to websites and internet banking services.
Rabobank hit by cyber attack after rivals targeted over the weekend (DutchNews.nl) Rabobank became the third of the big Dutch banks to be targeted by a cyber attack in as many days...
Russian servers linked to DDoS attack on Netherlands financial network: Report (NL Times) The DDoS attacks that hit ABN Amro, ING and Rabobank over the weekend and on Monday, came from servers in Russia, according to security company ESET. The company adds that this does not automatically mean that the perpetrators are also in Russia, the Telegraaf reports.
Tor-to-Web Proxy Caught Replacing Bitcoin Addresses on Ransomware Payment Sites (BleepingComputer) The operators of at least one Tor proxy service was recently caught replacing Bitcoin addresses on ransomware ransom payment sites, diverting funds meant to pay for ransomware decrypters to the site's operators.
IOTA Cryptocurrency Users Lose $4 Million in Clever Phishing Attack (BleepingComputer) A clever hacker made off with nearly $4 million worth of IOTA cryptocurrency after patiently setting up an elaborate phishing site for almost half a year.
Double dipping: Diverting ransomware Bitcoin payments via .onion domains (Proofpoint) Proofpoint researchers track operators of a Tor proxy diverting ransomware payments to their own Bitcoin wallets.
Cryptocurrency Mining Malware That Uses an NSA Exploit Is On the Rise (Motherboard) Say hello to WannaMine.
YouTube caught out by coin-mining ads (BBC News) The ads used visitors' computers to generate valuable crypto-coins for a cyber-scam.
Stop dilly-dallying. Block all ads on YouTube (Graham Cluley) Even Google, one of the world's largest advertising companies, seems to be incapable of guaranteeing a stream of safe ads.
Experty to Reimburse Phished Crypto-Investors (Infosecurity Magazine) Experty to Reimburse Phished Crypto-Investors. Scam netted criminals $150K ahead of start-up’s ICO
Exclusive: Hacks are caused by lack of common sense security best practices Is that possible? (Cryptovest) The majority of hacking incidents involving cryptocurrencies and initial coin offerings (ICOs) result from the "sheer stupidity" of some companies and their executives, according to Intrepid Ventures co-founder.
Flashpoint - Many Faces to Cryptocurrency (Flashpoint) While it may be a bit harsh to label it the currency of crime, Bitcoin and its dozens of cryptocurrency cousins certainly have an underworld appeal.
Kaseya Virtual System Administrator (eSentire Managed Detection and Response) eSentire has observed an unknown threat actor attempting to deploy a Monero cryptocurrency miner to multiple eSentire customers. We assess with high confid...
This Blackmail Scam Brought to You by [Name of Data Breach] (Credit.com) If you are the target of extortion, report it immediately to law enforcement and never underestimate your vulnerability.
Why Your Employees’ Compromised Credentials Endanger Your Organization (Infosecurity Magazine) A reused password can pose problems, especially when they are exposed in breaches.
Seasons Greetings? Not When That’s Malware In Your e-Card (Security Boulevard) Over Christmas, one of our customers was hit by a Trojan and they asked us to take a look at the threat. Sixteen of their users were fooled into opening a Word document. Fortunately, they had Bromium, so it safely ran inside a micro-VM and was unable to affect their host or their intranet. Seasons The post Seasons Greetings? Not When That’s Malware In Your e-Card appeared first on Bromium.
Wireless Working, Part II: Why cyber criminals love free WiFi (Canadian Underwriter) Free WiFi offered at coffee shops, hotels and airports should pique the interest of brokers – and not just because brokers and their clients can work remotely in these locations for free. The technology does not come risk-free. WiFi technology…
Harris County issues $888K payment to scammer (StateScoop) Though officials caught the mistake and canceled payment before it was too late, the incident has led the Texas county to a thorough review of its security policies.
Security Patches, Mitigations, and Software Updates
Malwarebytes apologies for dodgy update that borked customers PCs (Inquirer) Shonky production update spiked users' CPU and memory usage
Cyber Trends
Digital Extortion: A Forward-looking View (TrendLabs Security Intelligence Blog) In 2017, we saw digital extortion increasingly become cybercriminals’ first and foremost money-making modus operandi. It’s mostly due to ransomware — cybercriminals’ currently most popular weapon of choice, helping them in extorting cash from users all over the world and in hitting big businesses and organizations.
edgescan Release their Industry Leading 2018 Cyber Security Vulnerability Statistics Report (PR Newswire) The report includes trends and observations based on assessing thousands of web...
Data breaches exposed 179 million records in 2017 (San Diego Union Tribune) Data breaches reached a new high of 1,579 and exposed almost 179 million records in 2017 according to a report last week by the Identity Theft Resource Center and CyberScout.
Future of Identity: Millennials Moving Beyond Passwords (IBM) New IBM study shows young adults are putting less care into traditional password hygiene, yet are more likely to use biometrics, multifactor authentication and password managers to improve their personal security.
PwC's 21st CEO Survey: The anxious optimist in the corner office (PwC) PwC US CEO Survey 2018 findings on outlooks for employment, M&A, important overseas markets. See how views on technology threats change since 2013.
Momentum Cyber Releases Comprehensive Inaugural Report Analyzing Cybersecurity Transaction Data & Industry Trends – Reveals Record-Breaking Activity in 2017 (BusinessWire) Momentum Cyber, the premier trusted advisor to the cybersecurity industry, today released its inaugural Cybersecurity Almanac for 2018 – the most comp
Marketplace
Japanese Crypto Stocks Unfazed by $500 Million Coincheck Heist (Bloomberg.com) Cryptocurrency-related stocks rallied in Japan on Monday, even as news of a $500 million heist at an exchange run by Coincheck Inc. spawned security concerns about digital money.
Verizon Drops Plan to Sell Phones From China's Huawei, Sources Say (Bloomberg.com) Verizon Communications Inc. has dropped all plans to sell phones by Chinese manufacturer Huawei Technologies Co., including the new Mate 10 Pro, under pressure from the U.S. government, according to people familiar with the matter.
Maersk Line invests heavily to secure its operations from cyber attacks (Hindu Businessline) Terming the 2017 cyber-attack as an “extremely difficult” episode, global shipping giant Maersk Line has said it has invested in network to ensure that its operations here do not get impacted by any s
Relx acquires ThreatMetrix for $817M to ramp up in risk-based authentication (TechCrunch) Another startup in the area of cyber security has been snapped up as platform businesses serving enterprises look for more ways of securing their own networks..
GitLab acquires Gemnasium to strengthen its security services (TechCrunch) GitLab, which helps businesses manage their software development and operations lifecycle from planning to deployment and monitoring, has acquired Gemnasium,..
BrowserStack hauls in $50 million Series A from Accel (TechCrunch) It's not often you see a single venture capital firm investing $50 million in a Series A round. These usually involve a much smaller number spread across a..
BehavioSec Raises $17.5M Series B Investment Led by Trident Capital Cybersecurity to Accelerate Global Expansion (The Daily Telescope) Mon, Jan 29, 2018 13:35 CET Cisco Investments and ABN AMRO Digital Impact Fund join the round alongside existing investors Octopus Ventures and Conor Venture Partners PALO ALTO, CALIFORNIA, 29 JAN,…
Logikcull Raises $25 Million to Continue Making Discovery Instant for Everyone (BusinessWire) Logikcull raises $25 million to continue making discovery instant for everyone. NEA led the round with participation from OpenView and Storm Ventures.
Data protector BigID raises $14 million from ClearSky Security, Comcast Ventures (New York Business Journal) New York-area startups and venture capitalists are making funding deals with the hope of creating the next profitable company. Here's one deal announced Monday:
Andrew Ng officially launches his $175M AI Fund (TechCrunch) As the founder of the Google Brain deep learning project and co-founder of Coursera, Andrew Ng was one of the most recognizable names in the machine learning..
As hackers gain strength, Israeli cyber firms raise more money than ever ( The Jerusalem Post | JPost.com ) Investors poured a record-breaking $815 million into the Israeli cyber ecosystem in 2017, totaling some 16% of all global investment in the cybersecurity industry, second only to the United States.
Small business takes on Missile Defense cyber work (Washington Technology) Small business Decisive Analytics has won a $59.5 million contract from the Missile Defense Agency to support cybersecurity compliance requirements.
Cyber Firm Tenable Reveals $189 Million in Revenue as Sector Faces Doubts (Fortune) Defying the downturn?
Cylance Customers Propel Company Past $100M Revenue (BusinessWire) Cylance® Inc., the company that revolutionized endpoint protection and detection with AI-powered predictive prevention, today announced that it had su
Verve Industrial Protection - First Year as Verve Brings Significant Growth and Foundational Achievements - Significant Growth from a 25-year Foundation (Morningstar) Verve Industrial Protection - First Year as Verve Brings Significant Growth and Foundational Achievements - Significant Growth from a 25-year Foundation.
Cybersecurity Salaries to Increase 7% in 2018 (Infosecurity Magazine) Developers and infrastructure specialists will also benefit from a 3% pay raise
Six Hot Cybersecurity Certifications for 2018 (GoCertify) Skilled cybersecurity professionals will continue to be in high demand in 2018. Certification can give you an edge. These six credentials will help you sharpen your skills and be ready to compete for top jobs.
Bill Varner Joins Novetta Board of Directors (Business Insider) Novetta, a leader in advanced analytics technology, today announced the appointment of Bill Varner - former presi...
Products, Services, and Solutions
Threat Intelligence: Putting It All Together (Recorded Future) Today we launch Recorded Future Fusion — a new product providing centralization, collaboration, and customization of threat intelligence to create the only complete solution on the market.
As Hackers Target Vulnerable Assets, Cymulate Enhances Breach And Atta (PRWeb) Cymulate announced today at Cybertech 2018 that it has launched a new Endpoint Assessment solution to help businesses defend their most vulnerable assets
Cyberbit to Protect the Bank of Jerusalem From Advanced Cyberattacks With its Endpoint Detection and Response System (PR Newswire) Cyberbit Ltd., provider of cybersecurity products for detection,...
Cryptomathic First to Add Management Capability to ‘Bring Your Own Key’ Model of Cloud Security (Fintech Finance) Cloud security pioneer, Cryptomathic, today unveils the only cloud encryption management solution to address market demand for new ‘Manage Your Own Key’ (MYOK) practices. ‘Bring Your Own Key’ (BYOK…
Blockchain startups and exchanges now can pay in over 50 cryptocurrencies for application security services (TechWorld) Following Microsoft’s announcement to accept Bitcoin for its Windows and Xbox online stores, High-Tech Bridge believes now is the time to simplify payment for security services among the skyrocketing number of blockchain startups.
Palo Alto Networks launches new cloud-based user behaviour analytics application (Computer Dealer News) Palo Alto Networks is continuing to help companies better protect their systems from cyber threats with its latest product. The Calif.-based security
Check Point debuts Infinity Total Protection (IT-Online) Check Point Software Technologies has announced Infinity Total Protection: a revolutionary security consumption model that enables enterprises to prevent Gen V cyberattacks.
DynFi : the new software that simplifies management of firewalls (24presse) Noting that there is no centralized management tool to administer firewalls such as pfSense and OPNSense, the ToDoo company, expert in network security for over 17 years, launches its latest innovation: DynFi.
Blackpoint Announces SNAP-Defense 3.0: Next-Generation Cyber Threat Hunting with Multi-Tenant Capability (Broadway World) Today, Blackpoint Cyber announced availability of SNAP-Defense 3.0 (SNAP), a multi-tenant offering that allows MSSPs to deliver SNAP's next-generation cyber threat hunting and response to their customers.
Hyperledger releases Hyperledger Sawtooth 1.0, its second distributed ledger project (TechCrunch) Hyperledger, the open source blockchain project from the Linux Foundation, released Hyperledger Sawtooth 1.0, its latest open source digital ledger project...
TiTAN Platform Introduces TiTAN AI Robot At CES 2018 (PR Newswire) Virtual assistants have just gotten smarter and more versatile with the TiTAN...
Technologies, Techniques, and Standards
DoD jams GPS in western states for joint exercise (C4ISRNET) The Air Force is jamming GPS in western states to prepare pilots for future age of electronic warfare as part of a series of war games.
No Silver Bullet for GDPR Compliance (Infosecurity Magazine) The challenge for many of us is that we may not easily be able to afford the range of skills we need for a GDPR compliance team.
What is a security data lake? (Help Net Security) A security data lake is a specialized data lake. A security analyst could certainly pull from a generic data lake built for multiple applications, but several things would prove more difficult.
Achieving zero false positives with intelligent deception (Help Net Security) Breadcrumbs are clues for a potential attacker that an intelligent deception platform intentionally leaves behind on organizational systems.
Insider threats: How an IT security company keeps itself safe (Personnel Today) With insider threats on the rise in companies, close collaboration between HR and info-security departments is key, according to Forcepoint CHRO Kristin Leary.
If you didn't freeze your credit after the Equifax breach, now's the time (Fox 19 Now) If you haven’t frozen your credit after that huge Equifax data breach, now’s the time to do it.
10 old-school security priniciples that (still) rule (CSO Online) Oldies but goodies, these security tips have stood the test of time.
Research and Development
Congress Wants Update on Advanced Computer Research Efforts (Nextgov.com) And the crypto wars continue.
Academia
Towson University partners with Maryland National Guard to foster workforce development in cyber security (Baltimore Sun) Towson University and the Maryland National Guard signed a memorandum of understanding aimed at fostering workforce development in cyber security.
Creating cyber protection tools (Albuquerque Journal) Tech division solves security problems confronted by federal government
Legislation, Policy, and Regulation
Snoopers' Charter surveillance regime ruled unlawful by High Court (Computing) Snoopers' Charter had been guided through Parliament by the-then home secretary Theresa May
Coincheck Hack May Spur Regulation, P2P Trading (PYMNTS.com) Following the theft of $530 million in NEM tokens from Coincheck last week, governments will likely call for more cryptocurrency regulation and investors may turn to peer-to-peer (P2P) methods of trading instead of centralized exchanges, Bloomberg reported. “The latest theft will have two immediate effects: more regulation by authorities over exchanges and more recognition of ...
France’s Digital Minister Mounir Mahjoubi on upcoming digital policies (TechCrunch) Mahjoubi joined Emmanuel Macron’s team as the person in charge of all things digital while Macron was campaigning to become France’s President. He joined..
Fines for firms with poor cyber-security (BBC News) Companies in the UK that fail to protect themselves effectively from hackers could be fined up to £17m.
Getting Intelligence Reform Right This Time: New Threats Bring New Opportunities (Just Security) The United States’ belated realization that foreign powers can wreak havoc on the American political process is already prompting discussions of how to thwart future interference directed at subverting democracy. Invariably the Intelligence Community (IC) and the broader U.S. national security enterprise will become
DHS secretary: Focus on the systemic cyber risks (FCW) Block-and-tackle cybersecurity tactics are no longer effective, Kirstjen Nielsen said, so DHS and its partners must act together to address the evolving threats.
WH cybersecurity coordinator seeks more 'naming and shaming' of hackers (FederalNewsRadio.com) White House Cybersecurity Coordinator Rob Joyce said the U.S plans to strengthen its cyber deterrence policy this year through some of its closest partners.
Trump security team sees building U.S. 5G network as option (Reuters) President Donald Trump's national security team is looking at options to counter the threat of China spying on U.S. phone calls that include the government building a super-fast 5G wireless network, a senior administration official said on Sunday.
Reported plan for government wireless network gets panned (Fifth Domain) Telecom regulators and industry groups voiced opposition Monday, Jan. 29, 2018, to a government-built wireless network that the Trump administration is reportedly considering.
Why everyone is freaking out about a White House plan to nationalize the country’s 5G data networks (Washington Post) The intelligence community views network equipment made by Chinese companies with close ties to Beijing as insecure, officials said. But the federal government has rarely taken a direct role in building such networks, making the proposal remarkable in its ambitions.
Federal security clearance process gets stamp of disapproval (Federal Times) The Government Accountability Office has added the governmentwide personnel screening process to its High Risk list, reserved for programs most vulnerable to waste, fraud and abuse.
Shutdowns mean the government keeps using old hardware and software … and that’s bad for security (Fifth Domain) Without a final budget for the year, agencies will continue to operate in a constrained environment with little flexibility to begin new programs or terminate existing ones.
McCabe out as FBI's No. 2 (POLITICO) Trump has complained that McCabe is biased, but Democrats fear the president is trying to oust officials connected to former FBI Director Comey.
Trump to appoint financial services veteran to Federal CIO role (FederalNewsRadio.com) Suzette Kent comes to the administration after spending the two-plus years as a principal with Ernst & Young in the financial services office.
The Pentagon has a cyber policy appointee and he’s well known in DoD (Fifth Domain) The Department of Defense has announced Ed Wilson will serve as the deputy assistant secretary of defense for cyber policy.
Litigation, Investigation, and Law Enforcement
House Intel votes to make Nunes memo public (TheHill) The House Intelligence Committee on Monday evening voted to make public a GOP-crafted memo alleging what some Republicans say are “shocking” surveillance abuses at the Department of Justice (DOJ).
House Intelligence Committee votes to release controversial GOP surveillance memo (Washington Examiner) The four-page memo put together by House Intelligence Committee Chairman Devin Nunes, R-Calif., allegedly details how Deputy Attorney Genera...
Trump supports release of FBI intelligence memo, White House aide says (POLITICO) "I think the president is more inclined for transparency in this investigation," Marc Short said.
MY TAKE: What ace-in-the-hole does Devon Nunes have that McCarthy would have loved? (Security Boulevard) When Russian botnet controllers deployed their bots on yet another social media blitz last week, they participated in a campaign that took a page from Sen. Joseph McCarthy’s play book, On Feb. 9, 1950, at the height of the Cold War, McCarthy infamously brandished a list of what he claimed were 57 subversive communists who
Patching isn't working and end-users ignore breaches, says ex-NSA security VP David Venable (Computing) Vendors need to be liable when their software is breached, says David Venable
Japan punishes Coincheck after $530m cryptocurrency theft (ZDNet) Coincheck has been ordered by Japan's financial regulator to get its act together after hackers stole $530 million worth of digital money from its exchange.
Chinese Company Sinovel Wind Group Convicted of Theft of Trade Secrets (US Department of Justice) A manufacturer and exporter of wind turbines based in the People’s Republic of China was convicted today of stealing trade secrets from AMSC, a U.S.-based company formerly known as American Superconductor Inc., announced Acting Assistant Attorney General John P. Cronan of the Justice Department’s Criminal Division and U.S. Attorney Scott C. Blader for the Western District of Wisconsin.
Social media firms told to crack down on grooming (Times) Ministers have been urged to force social media companies to crack down on online grooming after police revealed that they have investigated more than 1,300 allegations of children being targeted...
Democrats seek subpoena for DHS info on election hacking (POLITICO) DHS faced heavy criticism from Capitol Hill Democrats over its initial refusal to tell Congress which states the Russians targeted.
Cowardice allows Muslim extremism to thrive (Times) The scale of Britain’s problem with Islamic extremism has been graphically illustrated by what happens to Muslims who fight it. St Stephen’s is a secular state primary school in a largely Pakistani...
Anti-extremism tsar Sara Khan has no credibility, say Muslim groups (Times) Downing Street was forced yesterday to defend its appointment of Britain’s first counterextremism commissioner after complaints from Muslim groups. A petition to the Home Office signed by 100...
Cop buys mobile spyware, says he can’t remember why (Naked Security) The now-retired cop says he can’t quite recall why he used FlexiSpy spyware, which intercepts email and WhatsApp messages.
Lyft investigates allegations of employees snooping on riders (Naked Security) On an anonymous site, a purported Lyft worker claimed that employees look up ride data on exes, actors, porn stars and Mark Zuckerberg.