Cyber Attacks, Threats, and Vulnerabilities
U.S. National Security Officials Worried About Voter Influence From Russia, China and Iran (Time) The two-page statement about foreign influence in U.S. elections was issued
Russian Trolls Are Still Playing Both Sides—Even With the Mueller Probe (WIRED) The latest indictment against Russian trolls shows how they sowed division in the US on wedge issues, including the investigation into their activity.
Russian troll threat hasn't gone away as election day nears (CNN) The US intelligence community and Silicon Valley may have upped their efforts to prevent interference in November's midterm elections, but that hasn't stopped the Russians from trying, a criminal complaint filed on Friday shows.
Trump Claims China Election Meddling—But Cyber Firms Don't See It (Fortune) The findings of top cybersecurity firms are casting doubt on Trump's claims.
Saudis’ Image Makers: A Troll Army and a Twitter Insider (New York Times) The kingdom silences dissent online by sending operatives to swarm critics. It also recruited a Twitter employee suspected of spying on users, interviews show.
A Twitter employee groomed by the Saudi government prompted 2015 state-sponsored hacking warning (TechCrunch) An explosive report in The New York Times this weekend sheds new light on the apparent targeting of Twitter accounts by “state-sponsored actors” three years ago. It comes in the wake of the confirmed death of Washington Post journalist Jamal Khashoggi on Friday, two weeks after he disap…
Twitter suspends bots spreading pro-Saudi tweets after Khashoggi case (The Telegraph) Twitter has taken down a sophisticated network of bots that were pushing out thousands of tweets in support of the Saudi regime following the disappearance of journalist Jamal Khashoggi.
Opinion | This new technology could send American politics into a tailspin (Washington Post) We should all be concerned about ‘deepfakes.’
Perspective | I fell for Facebook fake news. Here’s why millions of you did, too. (Washington Post) Everyone now knows the Web is filled with lies. So then how do fake Facebook posts, YouTube videos and tweets keep making suckers of us?
How AI is creating new threats to election security (CBS News) Big data and artificial intelligence will expose old vulnerabilities and create new methods of hacking campaigns
Weaponizing the Digital Influence Machine: The Political Perils of Online Ad Tech (Data and Society Research Institute) In this report, we argue that today’s digital advertising infrastructure creates disturbing new opportunities for political manipulation and other forms of antidemocratic strategic communication.
Revealed: Israel's cyber-spy industry helps world dictators hunt dissidents and gays (Haaretz) Haaretz investigation spanning 100 sources in 15 countries reveals Israel has become a leading exporter of tools for spying on civilians. Dictators around the world – even in countries with no formal ties to Israel – use them eavesdrop on human rights activists, monitor emails, hack into apps and record conversations.
Big attacks a smokescreen for “low-level” North Korea cybercrime that the world is ignoring (CSO) North Korean hackers’ use of gaming hacks has become one of numerous strategies they have successfully used to stay under the radar of international law-enforcement authorities, according to a threat-intelligence researcher who warns the world has long underestimated the rogue state’s use of criminal activities to raise money.
Kaspersky says it detected infections with DarkPulsar, alleged NSA malware (ZDNet) Victims located in Russia, Iran, and Egypt; related to nuclear energy, telecommunications, IT, aerospace, and R&D.
SettingContent-ms can be Abused to Drop Complex DeepLink and Icon-based Payload (TrendLabs Security Intelligence Blog) Microsoft’s SettingContent-ms has become a recent topic of interest. In July, we saw one spam campaign use malicious SettingContent-ms files embedded in a PDF to drop the remote access Trojan FlawedAmmyy, a RAT also used by the Necurs botnet. That campaign was mostly targeting banks in different countries across Asia and Europe.
Zero-day in popular jQuery plugin actively exploited for at least three years (ZDNet) A fix is out but the plugin is used in hundreds, if not thousands, of projects. Patching will take ages!
Password and credit card-stealing Azorult malware adds new tricks (ZDNet) Malware can now steal more types of cryptocurrecny and comes with other updates, likely in response to a free version being leaked online.
Fraudster Targets Cryptocurrency Wallets with a Variety of Info Stealers (BleepingComputer) An online scammer targeting thousands of victims interested in cryptocurrencies runs a large and diverse business that includes phishing and fraud operations.
Hurricane Michael phishing schemes leverage Azure blob storage to rake in credentials (Proofpoint) Proofpoint researchers detail recent phishing templates that combine multiple techniques for credential theft.
What Spammers Could Do With Your Hacked Facebook Data (WIRED) A new report suggests that spammers, not nation states, may have been behind the Facebook hack. That could be even worse news.
Hack on 8 adult websites exposes oodles of intimate user data (Ars Technica) A recovered 98MB file underscores the risks of trusting personal info to strangers.
Cryptojackers Keep Hacking Unpatched MikroTik Routers (GovInfo Security) Cryptojackers and eavesdroppers are continuing to exploit a one-time zero-day flaw in unpatched MikroTik routers, despite a patch that's been available for six
Serious D-Link router security flaws may never be patched (Naked Security) Six routers with serious security flaws are considered end of life (EOL) and may never be updated.
Hackers breach Healthcare.gov system, taking files on 75,000 people (TechCrunch) A government system used by insurance agents and brokers to help customers sign up for healthcare plans was breached, allowing hackers to siphon off sensitive and personal data on 75,000 people. The Centers for Medicare and Medicaid Services confirmed the breach in a late Friday announcement, but r…
UK-based Card Factory Website Glitch Exposes Personal Data (Information Security Buzz) News is breaking that a leading retailer has seen a website glitch put the privacy of customers’ personal data at risk. This time, Card Factory, a popular UK-based greeting card business, has been storing customers’ data in an insecure way, letting the public access their photos with a basic URL trick, specifically through an ‘insecure direct …
Muscatine cyber-attack targets government financial server (WQAD.com) Several government servers were attacked early Wednesday morning including a server used for the city's finances.
Local clerk's office suffers cyber attack (WTHI News) The Crawford County Clerk's office was the victim of a ransomware attack.
Borough continues to recover from cyber attack (Mat-Su Valley Frontiersman) The price tag on the cyber attack that hit the Mat-Su Borough in July has reached $2.1 million.
Security Patches, Mitigations, and Software Updates
Amazon fixes security flaws allowing smart home hijacks (Engadget) The real-time OS had 13 flaws affecting a wide range of devices.
Tumblr fixes security flaw that exposed account info (Engadget) The recommended blogs feature showed more than it should.
Audio recording is now disabled by default in OpenBSD (ZDNet) OpenBSD 6.4 also ships with Meltdown, Spectre v2, SpectreRSB, L1FT, and Lazy FPU mitigations.
Google Patch to Block Spectre Slowdown in Windows 10 (Dark Reading) Microsoft will incorporate Google's Retpoline patch to prevent Spectre Variant 2 from slowing down its operating system.
Microsoft Releases Security Update for Yammer (US-CERT) Microsoft has released a security update to address a vulnerability in the Yammer desktop application. A remote attacker could exploit this vulnerability to take control of an affected system.NCCIC encourages users and administrators to review the Microsoft Security Advisory and apply the necessary update.
Critics warn Microsoft it needs to fix broken update process (Computerworld) Microsoft's decision this month to stop distribution of the fall feature upgrade to Windows 10 is only the latest sign of a broken update process. Upset users want that fixed.
Microsoft’s problem isn’t how often it updates Windows—it’s how it develops it (Ars Technica) Buggy updates point at deeper problems.
Google warns Apple: Missing bugs in your security bulletins are 'disincentive to patch' (ZDNet) Google's Project Zero has again called Apple out for silently patching flaws.
Cyber Trends
Cyberattacks that Target the C-Suite on the Rise (BizTech) Whaling, impersonating CEOs and compromising executives’ business emails are all ways that hackers are targeting those at the top.
Business Cyber Attacks Escalate While Cryptojacking Drops 26% In Q3 2018 - Malwarebytes | CryptoGlobe (CryptoGlobe) Cybersecurity firm Malwarebytes has revealed that cybercriminals are modifying their tactics in favour of targeting businesses over individuals, which comes alongside a 26 percent fall in recorded cryptojacking incidents in the third quarter of 2018.
USA and China identified as top cyber attack sources (Help Net Security) NSFOCUS identified USA and China as the top cyber attack sources in its H1 Cybersecurity Insights report, which analyzed traffic from January 1, 2018 to June 30, 2018.
Few employers have a culture that supports cybersecurity (HR Dive) While cybersecurity may seem like an issue for IT, a modern company requires HR and IT to work together to protect the company, a new study shows.
Building a Culture of Security within the Aviation Industry - Connected Aviation Today (Connected Aviation Today) Airport management & aviation organizations can proactively mitigate insider threats by creating a “culture of security.” Dominic Nessi offers tips on how.
A simple acronym sums up what's wrong with social media (Quartz) Engineer, philosopher, and virtual reality pioneer Jaron Lanier thinks you should leave social media platforms like Twitter and Facebook because they are BUMMERs.
An Intelligent History (The American Interest) Christopher Andrew’s The Secret World shows us how the intelligence business is consistently underrated by politicians, military leaders, and historians.
Book Review: 'Cyber Strategy: The Evolving Character of Power and Coercion' (International Policy Digest) Given a choice between hysteria or complacency about international cyberattacks, Bruce Newsome urges a more practical view.
Marketplace
NSA Finalizes $6.7 Billion in Classified Tech Contracts (Nextgov.com) After two years, the NSA finished rebidding its “Groundbreaker” program and is beginning work on a secretive new set of communications contracts.
NCCoE Unveils Vendor Partners for Medical Device Security Project (HealthITSecurity) The National Cybersecurity Center of Excellence unveiled this week an initial set of vendor partners for a medical device security project called Securing Picture Archiving and Communication Systems.
10 Security Startups That Investors Are Funding (SDxCentral) These 10 security startups raised over $499 million in just the last month as security remains a top priority for many enterprises.
Exclusive: CrowdStrike hires Goldman Sachs to lead IPO - sources (Reuters) Cybersecurity software maker CrowdStrike Inc has hired investment bank Goldman S...
SolarWinds had a wobbly first day of trading — its CEO explains why he's not sweating it (Business Insider) BI Prime: SolarWinds literally set off fireworks over Time Square at 7:30 am, despite pricing its IPO on the low end of its range just hours before.
SolarWinds shares rise 3.2 percent in downsized market debut (WSAU) SolarWinds Corp's shares rose as much as 3.2 percent in their downsized U.S. market debut on Friday, giving the enterprise software maker a market value of about $4.80 billion.
3 Cyber Security Stocks to Focus on Following Facebook Breach (Zacks Investment Research) Frequent data breaches and information theft enhances growth opportunities for cyber security stocks.
These are the top 20 cybersecurity companies today, according to reviews from IT professionals (Business Insider) BI PRIME: IT professionals say these are the companies leading the way in the cybersecurity business.
ESET to focus on Cybersecurity consulting (TahawulTech.com) IT security firm ESET says it is transforming itself from a software provider to cyber security consultant, even as the …
Defense Firms Battle Long Wait for Security Clearances (Wall Street Journal) An exacerbated workforce crunch for makers of warships, jet fighters and cybersecurity systems is forcing them to resort to workarounds to finish Pentagon orders.
Liked at last... Sir Nick Clegg takes top job at Facebook (Times) Two years ago Sir Nick Clegg said: “I’m not especially bedazzled by Facebook. I find the messianic Californian new-worldy-touchy-feely culture of Facebook a little grating.” How times have changed.
QuintessenceLabs Scales Up, Attracts Top Leadership in Growth Phase (AP NEWS) QuintessenceLabs (QLabs), a leader in quantum cybersecurity known for its quantum random number generators and integrated data protection capabilities, welcomes Andreas Baumhof as its Vice President of Technology.
Products, Services, and Solutions
BAE Systems technology successfully shares data (Homeland Preparedness News) BAE Systems technology successfully demonstrated its ability to provide U.S. intelligence organizations with data from BAE Systems’ Geospatial eXploitation Products (GXP) Platform and access to geospatial imagery. The technology, XTS Guard 5, was equipped with the GXP platform demonstrated secure …
IPKeys and ElectSolve accelerate growth strategies with the synergistic merger of Secure Demand Response and Meter Data Management platforms for the Public Power and Rural Electric Cooperatives Sectors (PR Newswire) IPKeys Power Partners (IPKeys) announced today the completion of the merger and acquisition...
Leading Certificate Authority, GlobalSign, Secures Qualified Trust Service Provider Recognition in Europe (PR Newswire) GMO GlobalSign (www.globalsign.com), a global Certificate Authority (CA) and the leading provider of...
SRA Tool 3.0 Expands Application to More Health Data Security Risks (HealthITSecurity) OCR and ONC have updated their security risk assessment tool to improve usability and expand its application to a broader range of health data security risks.
5 open source intrusion detection tools that are too good to ignore (CSO Online) Everyone should employ an intrusion detection system (IDS) to monitor their network and flag any suspicious activity or automatically shut down potentially malicious traffic. We look at five of the best open source options.
Technologies, Techniques, and Standards
To Curb Terrorist Propaganda Online, Look to YouTube. No, Really. (WIRED) Opinion: Despite YouTube’s crackdown, extremist groups are still exploiting other Google platforms.
Cybersecurity 'Paul Revere' touts adversarial model (Star Tribune) Chris Wysopal and his Boston hacker collective pals from the L0pht sounded the alarm on the sad state of software vulnerability in a now-legendary 1998 appearance before Congress. Then-Sen. Joe Lieberman hailed the group as "modern-day Paul Reveres."
Navy 'Extremely' Confident HMS Queen Elizabeth Can Fend Off Cyber Attack (Forces Network) In recent weeks, Russia and its military intelligence unit the GRU have been accused of a raft of cyber-attacks on targets around the world.
Industrial IoT Intelligence Aims to Save Lives by Preventing Disasters (PCMAG) In an evolution that could save lives as well as billions of dollars in disaster damage, real-time embedded systems, virtualization, and artificial intelligence (AI) are now a part of the Industrial IoT (IIoT) mix at plants and oil refineries.
Know Your Enemy: Lockheed Touts ‘Intelligence-Driven’ Cybersecurity (Breaking Defense) In a bland office building 30 minutes from the Pentagon, a wall-mounted screen shows, in real time, every suspicious email and LinkedIn request sent to employees of Lockheed Martin, the world’s largest defense contractor.
LA's cyber strategy: savvier employees, secure IoT (GCN) Los Angeles is reducing its attack surface by training employees and securing connected devices.
When cybersecurity capabilities are paid for, but untapped (GCN) Agencies should cull the security stack and provide contextual visibility across all layers of the environment -- network, endpoint, lateral movement, cloud and IoT.
Design and Innovation
The Tiny Chip That Powers Up Pixel 3 Security (WIRED) Google's latest flagship smartphone includes the Titan M, a security-focused chip that keeps users safe against sophisticated attacks.
A Very British AI Revolution in Intelligence is Needed (War on the Rocks) Artificial intelligence (AI) and automation will make large numbers of intelligence staff the world over increasingly redundant. This means that people
Threat intelligence needs AI to prove effective - McAfee (Channelnomics) CTO details the changing demands of cyber security
Decentralized Internet: TV Technobabble or Problem-Solver? (Northrop Grumman) Tech comedy show "Silicon Valley" introduced the concept of decentralized internet — could this work in real life or is it just TV technobabble?
Cybersecurity And The Human Element: Creating Realistic Solutions For A Safer Digital World (Forbes) When it comes to the technology itself, we often jump straight into complex software development without stopping to think about the natural tendencies of the consumers using that tech.
Wisdom of the Crowd: How the App Store Model Drives Innovation in Data Security (Security Intelligence) Application developers can accelerate the pace of innovation in data security by making it easy for third parties to integrate with their platforms.
Free societies face emerging, existential threats from technology (TechCrunch) Bilal Zuberi Contributor Share on Twitter Bilal Zuberi is a partner at Lux Capital, and is on the boards of Evolv Technology, CyPhy Technologies, and Nozomi Networks, among others. Silicon Valley is currently, and correctly, under fire for the failure of leading platforms such as Facebook, Google a…
Research and Development
Can the Pentagon Win the AI Arms Race? (Foreign Affairs) Artificial intelligence (AI) is the new frontier of military competition, and with China and Russia making headway in the field, the Pentagon is starting to rush, some say belatedly, into the new era.
How is IBM Research strengthening security in machine learning? (Silicon Republic) Machine learning and AI systems are transforming organisations all over the world, and IBM Research is helping to strengthen their defences.
Academia
How NSA is winning the war for cyber talent (Federal News Network) Kathy Hutson, NSA’s senior strategist for academic engagement, said a 20-year partnership with the University of Maryland, Baltimore County helps keep current employees growing and brings in new ones.
At CyberMaryland, Baltimore startup Point3 Security organized a capture the flag tournament (Technical.ly Baltimore) Poolesville High School won the Maryland Cyber Challenge, besting a field that also included college teams. It marks a new front for Point3's Escalate platform.
Legislation, Policy, and Regulation
Russia dodges bullet of EU sanctions on cyber — for now (POLITICO) EU summit shows capitals are divided on how to counter a growing cyberthreat from Moscow.
EU Leaders to Seek Cyber Sanctions, Press Asia for Action: Draft Statements (US News) The European Union should agree a sanctions law to target computer hackers by early next year, the bloc's leaders are set to say on Thursday and will also seek a pledge from Russia and China to help stop cyber attacks, internal EU documents show.
Paranoia is the religion of Putin’s Russia (Times) I was saddened, but not surprised, to find myself again on the Kremlin-financed RT channel’s list of top ten “Russophobes”. Dismissing criticism as prejudice is the easiest, and cheapest, way of...
A Chinese Perspective on the Pentagon’s Cyber Strategy: From ‘Active Cyber Defense’ to ‘Defending Forward’ (Lawfare) The aggressive posture of the 2018 Department of Defense Cyber Strategy risks increasing insecurity and instability in the cyber realm.
Egypt and Thailand: When the military turns against free speech (TechCrunch) Wael Abbas, a human rights activist focused on police brutality in Egypt has been under arrest since May on charges of spreading fake news and “misusing social media.” Andy Hall, a labor rights researcher, has been fighting charges under Thailand’s computer crime laws because of a report published …
Australia lawyers' group: Draft cyber laws would curb rights (WAFF48) Australian lawyers' group say proposed cybersecurity laws to force companies such as Facebook and Google to help police by unscrambling encrypted messages would significantly limit privacy and freedom
Here are all the countries where the government is trying to ban VPNs (Security Boulevard) VPNs keep your online activity private and unrestricted. Some countries with repressive governments have outlawed VPNs in an attempt to maintain control. VPNs are powerful tools that can evade all but the most sophisticated efforts to regulate the Internet and censor information. That is why repressive governments around the world have been making efforts to The post Here are all the countries where the government is trying to ban VPNs appeared first on ProtonVPN Blog.
Former CSIS director, defence minister urge feds to bar Huawei from 5G (CTVNews) A former CSIS director and defence minister are both urging Ottawa to bar Chinese telecom giant Huawei from participating in the development of Canada’s next-generation 5G wireless network over espionage and security concerns.
Litigation, Investigation, and Law Enforcement
Russian National Charged with Interfering in U.S. Political System (US Department of Justice) A criminal complaint was unsealed in Alexandria, Virginia, today charging a Russian national for her alleged role in a Russian conspiracy to interfere in the U.S. political system, including the 2018 midterm election. Assistant Attorney General for National Security John C. Demers, U.S. Attorney G. Zachary Terwilliger of the Eastern District of Virginia, and FBI Director Christopher Wray made the announcement after the charges were unsealed.
Russian Woman Charged With Influencing US Elections on Social Media (Motherboard) Elena Alekseevna Khusyaynova was part of a wide-ranging project to influence the 2016 and 2018 election on social media.
DOJ charges Russian accountant with targeting 2018 midterms (Fast Company) The Russians allegedly sought to further divide Americans around issues like race and immigration.
Trump doubts Saudi account of journalist’s death: ‘There’s been deception, and there’s been lies’ (Washington Post) The president has expressed displeasure with son-in-law Jared Kushner for mishandling U.S.-Saudi relations, officials said.
Crown prince under scrutiny in journalist’s disappearance even as Saudis search for exculpatory explanation (Washington Post) Mounting evidence points to Mohammed bin Salman’s involvement in the disappearance of Jamal Khashoggi.
Saudi Arabia fires 5 top officials, arrests 18 Saudis, saying Khashoggi was killed in fight at consulate (Washington Post) The Saudi government acknowledged early Saturday that journalist Jamal Khashoggi was killed inside the Saudi Consulate in Istanbul, saying he died during a fistfight, but the new account may do little to ease international demands for the kingdom to be held accountable. The announcement, which came in a tweet from the […]
Saudi claims that Khashoggi died in a ‘brawl’ draw immediate skepticism (Washington Post) Officials called on the Trump administration to investigate the Saudi journalist’s death.
Jamal Khashoggi was choked and put in a rug, Saudi Arabia now says (Times) Jamal Khashoggi’s body was rolled up in a rug and handed to a “local co-operator” for disposal after he was accidentally strangled while being restrained, a Saudi official has claimed. Three weeks...
Khashoggi suspect had 'cyber spy' training (BBC News) A source tells the BBC about one of the Saudi agents alleged to have killed journalist Jamal Khashoggi.
Khashoggi’s fate shows the flip side of the surveillance state (TechCrunch) It’s been over five years since NSA whistleblower Edward Snowden lifted the lid on government mass surveillance programs, revealing, in unprecedented detail, quite how deep the rabbit hole goes thanks to the spread of commercial software and connectivity enabling a bottomless intelligence-gat…
Sir Nick Clegg faces pressure to attend Commons’ probe into Facebook’s practices and data breaches (The Telegraph) Sir Nick Clegg is under pressure to face questions from MPs over Parliament’s inquiry into Facebook’s data breaches and activity around fake news, following revelations the former Deputy Prime Minister will become an executive at the US technology company.
Yale Faces Additional Lawsuit After 2011 Breach (Infosecurity Magazine) Another victim in a Yale University data breach files a second lawsuit.