Cyber Attacks, Threats, and Vulnerabilities
A Genocide Incited on Facebook, With Posts From Myanmar’s Military (New York Times) With fake pages and sham accounts, the military targeted the mostly Muslim Rohingya minority group, said former military officials, researchers and civilian officials.
China’s alleged supply chain hack: Explaining the controversy around Bloomberg’s ‘Big Hack’ reporting (SupChina) Since October 4, Bloomberg has published three stories about Chinese attempts to compromise hardware sold to major U.S. companies. Those reports have been widely criticized in the cybersecurity community, though Bloomberg stands by its reporting. The smoking gun may be out there, or Bloomberg may be chasing ghosts. Either way, the damage is already done.
Cyber Security: Wie Geheimdienste Computer in anderen Staaten kapern (Wirtschafts Woche) Chinesische Hacker sollen für den Geheimdienst Spionagechips in PCs von Hightechunternehmen eingebaut haben. Sind Unternehmen Angriffen ausgeliefert?
U.K. Cyber Security Center Says Most Attacks Are From Hostile States (Bloomberg) Report reveals how operational code names are computer-made. Companies need to stop hanging up on ‘prankster’ NCSC agents.
Major life-threatening cyber attack on UK 'in little doubt' in near future, warns security chief (Sky News) The National Cyber Security Centre warns that a life-threatening incident will almost inevitably strike the UK.
NCSC deals with 1,100 cyber attacks in first two years (National Cyber Security Centre) On its second anniversary, the NCSC has revealed it has defended the UK from an average of more than 10 attacks per week
Annual Review 2018 (National Cyber Security Centre) The Annual Review 2018 - the story of the second year of operations at the National Cyber Security Centre.
DHS finds increasing attempts to hack U.S. election systems ahead of midterms (NBC News) The assessment said the feds don't know who is behind the attacks, but none have been successful.
DHS Downplays Report That Data Thieves Are Selling Millions of Voters’ Data (Defense One) But your personal data from voting rolls is more public than you likely realize.
Report: People are crowdfunding to buy voter data off hacker forums (Cyberscoop) While data is being illicitly sold, it was not necessarily illicitly obtained, as voter records are in many cases public records.
Up to 35 Million 2018 Voter Records For Sale on Hacking Forum (Threatpost) Just weeks before the midterms, voter information from 19 states has turned up on the Dark Web.
Estimated 35 Million Voter Records For Sale on Popular Hacking Forum (Anomali) Anomali Labs researchers in close partnership with Intel 471, a leading cybercrime intelligence provider, have uncovered a widespread unauthorized information disclosure of US voter registration databases. To be clear, this voter information is made generally available to the public for legitimate uses. Anomali and Intel 471 researchers discovered dark web communications offering a large quantity of voter databases for sale. The databases include valuable personally identifiable information and
Exclusive: Facebook to ban misinformation on voting in upcoming U.S. elections (Reuters) Facebook Inc will ban false information about voting requirements and fact-check...
Election Security Still ‘Years Behind,’ U.S. Officials Warn (The Daily Beast) Maybe you were hoping the government would have its election security act together by now. If so, there’s bad news below.
Is It Safe to Vote? (The New Yorker) Russian intelligence has been probing for weaknesses in our election systems. Can states secure themselves from attack in time for the midterms?
Literary-minded phishers are trying to pilfer publishers’ manuscripts (Naked Security) In a twist on Business Email Compromise, they’re spoofing literary agents and going after manuscripts at Penguin Random House and Pan Macmillan.
Instagram Has a Massive Harassment Problem (The Atlantic) The platform has cast itself as the internet’s kindest place. But users argue harassment is rampant, and employees say efforts to stem it aren’t funded well or prioritized.
Beware sextortionists spoofing your own email address (Naked Security) In the past, they’ve pretended to have your passwords – now they’re pretending to send email from your “hacked” account, too.
Tinder profiles were 'at risk' due to XSS vulnerability (SC Magazine) Tinder users were at risk of having their profiles breached by hackers due to multiple XSS vulnerabilities, according to a team of researchers.
The ‘Donald Daters’ Trump Dating App Exposed Its Users’ Data (Motherboard) On Monday, Donald Dating received a wave of media coverage from outlets such as Fox News. It didn’t take long for a security researcher to find the app’s exposed database.
Cyber attack targets ONWASA; company refusing to pay ransom (WCTI) In the wake of Hurricane Florence disaster, ONWASA, a water utility company has been specifically targeted by cyber criminals. ONWASA provides water and sewer service to all of Onslow County except Jacksonville residents. According to a press release, ONWASA's internal computer system, including servers and personal computers, have been subjected to a sophisticated ransomware attack. The attack has left the utility with limited computer capabilities.
US embassy accidentally emails invitation to ‘cat pyjama-jam’ meeting (Naked Security) Canberra’s US embassy accidentally exposed details of one of its more enticing get-togethers last week, featuring a cat in a Cookie Monster outfit.
Security Patches, Mitigations, and Software Updates
Analysis | The Cybersecurity 202: Google puts privacy over business incentives with new developer restrictions (Washington Post) Heightened privacy awareness and regulatory scrutiny is pushing Silicon Valley titans to make changes.
How Chrome and Firefox could ruin your online business this month (Naked Security) Last year, Symantec sold off its web certificate business. The new owners are reissuing certs for free – but there’s a deadline looming!
Cyber Trends
Security Industry Association Forecasts 2019 Security Megatrends | Security Industry Association (Security Industry Association) SIA has identified and announced the 2019 Security Megatrends – the foundation of SIA’s signature report defining major trends in global security.
MediaPRO Annual Report Shows Continued Decrease in Workers’ Cybersecurity Awareness and Increase in Risky Behaviors (BusinessWire) Seventy-five percent of professionals pose a moderate or severe risk to their company’s data. According to MediaPRO’s third-annual State of Privacy an
On Shaky Ground: More Than Half of Professionals Lack Confidence in Their Organization's Ability to Respond to Cyber Attack (PR Newswire) Nearly half (46 percent) of executive-level respondents to a Deloitte poll say their organizations have experienced a...
9 in 10 organizations have a cybersecurity culture gap (Help Net Security) Just 5% of employees think their organization’s cybersecurity culture is as advanced as it needs to be to protect their business from threats.
Marketplace
Security warranties: selling peace of mind (CRN Australia) Security resellers weigh-in on an emerging trend.
Microsoft, Amazon CEOs Stand By Defense Work After Google Bails on JEDI (Nextgov.com) The leaders of two contenders for the Pentagon’s JEDI cloud contract sounded off on Google’s decision not to bid.
Tech companies need to work with US military, says Amazon boss Jeff Bezos (The Telegraph) Tech companies need to work with the US military, Jeff Bezos has said, as he defended deals made by Amazon and his aerospace firm Blue Origin.
No Easy Fix for Silicon Valley Angst About Government Contracts (Nextgov.com) CBP’s acquisitions chief urges patience, understanding over protests against border contracts.
Instagram founder admits to differences with Facebook (The Telegraph) Instagram’s co-founder has admitted to differences with Facebook for the first time since quitting the photo-sharing app last month.
Utimaco Announces Intent to Acquire Atalla from Micro Focus (Utimaco HSM) Acquisition to strengthen investment in Atalla. Adds a market-leading Payment HSM business to the Utimaco Information Security Portfolio.
MongoDB acquires mLab for US$68 million (CRN Australia) To bolster cloud services.
Experts: W.Va.’s high tech wave focused on cybersecurity (WV News) MORGANTOWN — For anyone who ever wanted to be a professional computer hacker (or one of the guys who stops them) a new WV Forward Report suggests there’s never been
Cynerio Welcomes Dr. John Halamka as Advisor (AP NEWS) Harvard's International Healthcare Innovation Professor & Chief information Officer at Beth Israel Deaconess Medical Center Joins Cynerio in an Advisory Capacity
Microsoft Co-Founder Paul Allen Dies at 65 (Wall Street Journal) Microsoft co-founder Paul Allen died just two weeks after revealing that a cancer he successfully received treatment for several years ago had returned.
Products, Services, and Solutions
Darktrace And Endace Strike New Partnership To Combine cyber AI And Forensics (PR Newswire) Darktrace and Endace today announced a partnership that combines Darktrace's cyber...
Google using lock screen passwords to encrypt Android Cloud backups (Naked Security) If, that is, your phone has updated to the Android 9 operating system, otherwise known as Pie. If so, say hi to the Titan chip!
Dataguise Expands Data Privacy Protection and GDPR Compliance Platform for Secure Business Analytics (AP NEWS) Company to Demonstrate New Product Suite at Teradata Analytics Universe 2018
Certara’s Synchrogenix Division Collaborates with Hedera Hashgraph to Offer Data Flow and Transparent Collaboration Solutions for the Life Sciences Industry (Certara) Hedera's next-generation distributed ledger technology to provide Certara with a near real-time, public, scalable platform to address key clinical research, regulatory reporting and supply chain challenges.
Garland Technology and Corelight Announce Technology Partnership (PR Newswire) Garland Technology, a leading provider of network and test access solutions, today announced a technology partnership...
Versasec Releases vSEC:CMS S5.3 (Versasec) Version 5.3 of Leading Identity and Access Management Solution
Also Speeds New User Validations and Enables License and Operator Store Issuance and Supports More Gemalto eTokens and Smart Cards
Therap announces enhanced secure communication tool (Help Net Security) Developmental disability and LTSS software features enhanced user interface for Therap's HIPAA compliant agency communications.
Postmedia Network Selects RANK Software To Bolster Security Protection Against Real-Time Cyber Attacks (AP NEWS) RANK Goes Beyond SIEM Capabilities to Protect Postmedia Network From Unknown Attacks and Zero Day Events
Three large Dutch banks dependent on one cyber security firm: report (Netherlands Times) The three large Dutch banks - ING, ABN Amro and Rabobank - are largely dependent on only one company for cyber security against DDoS attacks. The cyber security firm in question is the American company Akamai, which counts 18 of the world's 30 largest banks as its customers, Financieele Dagblad reports.
Technologies, Techniques, and Standards
Podcast: behind the scenes of an incident (National Cyber Security Centre) A rare glimpse of the inner workings of the UK’s strongest asset against cyber attacks.
Most government domains adopt program to prevent sending of fake emails (TheHill) The majority of federal domains met a deadline to adopt an email authentication program aimed at preventing fake emails from being sent, according to an analysis by the cybersecurity firm Proofpoint.
Federal DMARC Adoption Rates Increase Significantly to Address BOD 18-01 Deadline (Proofpoint) Today marks the Department of Homeland Security’s (DHS) Binding Operational Directive (BOD) 18-01 deadline, which requires all U.S. federal agencies to deploy email authentication on all domains to increase security for anyone receiving email from federal agencies or visiting a federal website.
How CIOs Can Master the Art of Talking to the Board (Wall Street Journal) Board presentations are not about what the CIO wants the board to think. They are about what the CIO wants the board to feel, according to Tina Nunno, distinguished analyst at Gartner. It is not the CIO’s job to go into a board meeting and be objective. “Take a position and tell the story,” she said. “It is better to be interesting than complete.”
The 10 Tenets of CISO Success (Bricata) There are three ways to obtain wisdom. Imitation – the easiest way; Reflection – the noblest way; and Experience, which is often the bitterest way. That’s how Frank Kim of ThinkSec opened his presentation – 10 Tenets of CISO Success – at the RSA Conference 2018... #cisco #leadership #riskmanagement
How to buy (and set up) a safe and secure baby monitor (Naked Security) Wi-Fi enabled or not? Digital or analog? Here are the features to look for, and how to secure your baby monitor out of the box.
The Current State Of Cybersecurity Shows Now Is The Time For Zero Trust (Forbes) 41% of total breaches in 2017 targeted the healthcare industry, making it the most popular target for breach attempts. Personally Identifiable Information (PII) combined with user credentials tops the percentage of breaches with 29% according to Wipro’s report.
Design and Innovation
Apple's Jony Ive on the Unpredictable Consequences of Innovation (WIRED) "I think it's good to be connected,” says Apple’s chief design officer. “I think the real question is what you do with that connection."
Anand Giridharadas Delivers a Harsh Message to Rich Techie Philanthropists (WIRED) Journalist Anand Giridharadas had a message for the rich techies in the audience at WIRED25: they’re “causing, by daylight, problems that they simply will never be able to undo by philanthropic moonlight.”
Microsoft's Nadella Says AI Can Make the World More Inclusive (WIRED) Artificial intelligence can help deaf people communicate, but the algorithms need to be fair, the Microsoft CEO says.
Neha Narula and Alexis Ohanian Say It's Early Days Yet For Cryptocurrency (WIRED) But, they say, blockchain is still developing fast.
Research and Development
Army looking for software, not hardware for electronic warfare (C4ISRNET) Software will help the Army meet pacing threats.
Legislation, Policy, and Regulation
Britain, Baltics seek Italian support for EU cyber sanctions (Reuters) A European Union sanctions plan to punish computer hackers is not directed at Ru...
Alleged Cyber Attack on OPCW, Eastern Partnership to Top EU's Luxembourg Summit (Sputnik) The foreign ministers of 28 EU countries will sit down for talks in Luxembourg later on Monday to discuss possible new sanctions targeting Russia over its alleged use of chemical weapons and hacking activity; they will also address cooperation with former Soviet countries in Europe and the Caucasus region via the Eastern Partnership program.
Russian diplomat: those accusing Russia of cyberattack will soon apologize for provocation (TASS) The West is seeking to discredit Russia’s initiative to elaborate a code of conduct in the cyber space, that is why it is accusing Russia of plotting a cyberattack on OPCW, Maria Zakharova said
Nigerian Army Launches Cyber Command Base In Abuja (AIT Online) The Nigerian Army has launched a cyber operations command center in Abuja, in the drive to counter insecurity and propagation of extremism in the cyberspace.
It’s not the state’s job to keep us nice online (Times) Here’s a neat little modern conundrum for you. Imagine you’ve just come off stage from debating “Is social media the curse of our age?” at the Cheltenham Literature Festival. Imagine that you and...
Litigation, Investigation, and Law Enforcement
Saudi Arabia to admit ‘Jamal Khashoggi died under interrogation’ (Times) Saudi Arabia was preparing last night to admit that the journalist Jamal Khashoggi was killed accidentally in its custody, according to sources close to a joint inquiry with Turkey. Such an...
Insurer Anthem will pay record $16M for massive data breach (AP NEWS) The nation's second-largest health insurer has agreed to pay the government a record $16 million to settle potential privacy violations in the biggest known health care hack in U.S. history, officials said Monday.
UK Bank Fined GB £16.4 Million Related to Cyber-Attack Because of Employee Breakdowns (Lexology) The United Kingdom’s Financial Conduct Authority fined Tesco Personal Finance plc GB £16.4 million (US $21.5 million) for failing to exercise “due…
Former Senate intelligence aide pleads guilty to lying about contact with reporter (Washington Post) James A. Wolfe admitted lying to the FBI about his use of encrypted messaging.
Cops Told ‘Don’t Look’ at New iPhones to Avoid Face ID Lock-Out (Motherboard) After five failed attempts with the 'wrong' face, Apple's Face ID system will fall back to asking a passcode; a tricky situation for investigators.
Ex-NASA Contractor Pleads Guilty in Cyberstalking Scheme (SecurityWeek) A former NASA contractor who allegedly threatened to publish nude photos of seven women unless they sent him other explicit pictures has pleaded guilty to federal charges.