Atlanta: the latest from SecurityWeek's 2018 ICS Cyber Security Conference
Cultural issues: IT and OT, security and operations. (The CyberWire) There may be a growing awareness among corporate board members of the cyber risks to industrial control systems. That's one of the relatively positive outcomes of the pain inflicted by last year's NotPetya infestations. But there are still other cultures whose members need more work on developing mutual understanding and mutual trust. Several speakers addressed these rifts during the 2018 ICS Cyber Security Conference.
TRISIS/TRITON and the rise of malware built to kill. (The CyberWire) What lessons does the TRISIS/TRITON attack on a Middle Eastern petrochemical facility hold for industry? Speakers at the ICS Security Conference think there are at least three. First, hunt behaviors, not signatures. Second, the barriers to effective attacks on safety instrumentation systems have dropped. And third, there's now malware out there that's been built to kill.
The risk to OT networks is real, and it's dangerous for business leaders to ignore (Help Net Security) OT networks risk is real, and it's dangerous and perhaps even negligent for business leaders to ignore it, according to SANS Institute.
Cyber Attacks, Threats, and Vulnerabilities
North Korea is using the internet ‘like a criminal syndicate’ (Fifth Domain) A new report says North Korean leaders have ‘dramatically’ changed their internet use in a way that could be costly to U.S. interests, and former U.S. officials say it is difficult to deter the country's hacking operations.
Bolton Says He Told Kremlin: 'Don't Mess With American Elections' (RadioFreeEurope/RadioLiberty) White House national-security adviser John Bolton says he told top officials in Moscow that Russian meddling in U.S. elections had backfired and that should provide a lesson to the Kremlin: "Don't mess with American elections."
Kremlin 'amused' by report that Russia listening to Trump's phone calls (TheHill) A Russian official says the Kremlin is "amused" by a New York Times report claiming the country is listening in to President Trump's personal phone calls.
Researcher finds trove of political fundraising, old voter data on open internet (Cyberscoop) A consulting firm that works with Democratic campaigns unknowingly left sensitive information and credentials to old voter records open on the internet.
Should You Be Afraid of Election Hacking? Here's What Experts Say (Time) Assessing the threat — and what public fear can lead to
These states are battling malware ahead of the midterm election (CBS News) Data captured in battleground states shows a dramatic increase of trojans, adware, and ransomware
State County Authorities Fail at Midterm Election Internet Security (McAfee Blogs) One of the things we at McAfee have been looking at this midterm election season is the security of election infrastructure at the individual county and state levels. A lot of media and cybersecurity research focus has been placed on whether a major national attack could disrupt the entire U.S. voting
Analysis | The Cybersecurity 202: McAfee's decision to research election disinformation highlights industry shift (Washington Post) Politics is trendy right now.
British Airways warns that a further 185,000 customers were hit by security breach (Computing) Credit card details of a further 185,000 customers almost certainly compromised in BA payments hack in August
New DDoS botnet goes after Hadoop enterprise servers (ZDNet) Hacker group targets misconfigured Hadoop YARN components to plant DemonBot DDoS malware on resource-rich servers.
New DemonBot Botnet Pulls the YARN in Hadoop Servers (BleepingComputer) Attackers looking to increase the denial-service-power of their botnet have set their sights on servers with vulnerable Hadoop installations, compromising them via publicly available exploits.
New DemonBot Discovered (Radware Blog) Radware Research is monitoring and tracking a malicious agent that is leveraging a Hadoop YARN unauthenticated remote command execution to infect Hadoop clusters with a new unsophisticated bot called DemonBot.
Siemens Siclock: How do threat actors exploit these devices? (SearchSecurity) Six flaws were recently found in Siemens Siclock central plant clocks. Learn what these clocks do, which clocks were infected and how threat actors can exploit these devices from expert Judith Myerson.
Cymulate Finds Logical Bug in Microsoft Office Suite – Word Embedded Video Code Execution (BusinessWire) Cymulate, a leading provider of Breach & Attack Simulation (BAS) solutions and a Gartner 2018 Cool Vendor, announced today it has uncovered a secu
Indiana National Guard recovers from ransomware attack on state server (StateScoop) The server included military and civilian personal information, but officials say the malware used doesn't typically compromise data.
Has someone contacted you saying they’ve got webcam video of you? Don’t pay them. (Army Times) Scammers are claiming to have sensitive videos recorded from hacked webcams, and soldiers could be at risk.
Kodi piracy in steep decline: Anti-piracy efforts from ACE and others appear to be working (Comparitech) Following several anti-piracy efforts in 2017, Kodi piracy is now seeing a sharp decrease, as is almost all search traffic related to Kodi.
Increased dark web activity putting merchants and consumers at risk (Help Net Security) IntSights scoured the dark web to assess data and goods being sold illegally, new cyber scam tactics and how cybercriminals impersonate brands online.
More exploits: the great PLC hack (Control Design) Diving into vulnerabilities of industrial control systems withSiv Hilde Houmb, Norwegian University of Science and Technology (NTNU); and Erik David Martin, Noroff Education.
Cybersecurity Experts: Stop Sending Troops Into Combat With Personal Tablets, Smartphones (Washington Free Beacon) Special operators and other troops must stop taking their unsecured personal tablets and smart phones into combat after an internal Navy investigation.
Security Patches, Mitigations, and Software Updates
Google just made it easier to delete your search history: Here's how (CNBC) In an effort to simplify its data privacy controls, Google is making it easier to delete user search history.
Cyber Trends
The State of the Threat Detection Report 2018 (Fidelis Cybersecurity) Cybercriminals have been upping their game this year; the use of file-less attacks with macros and PowerShell scripts to evade preventive defenses and sandboxes mean that they are getting better than ever at using phishing, social engineering and drive-by techniques to gain initial footholds in private domains – and once they arrive, they are often avoiding detection for extended periods of time.
State Of Software Security (CA Veracode) CA Veracode presents volume 9 of the State of Software Security (SOSS) report, our comprehensive review of application testing data.
‘Internet of Battlefield Things’ Transforms Combat (Wall Street Journal) A variety of intelligent and semi-intelligent things are starting to talk to each other and work together on the battlefield, says Dr. Alexander Kott, chief scientist of the United States Army Research Lab.
Gigamon Deploys Applied Threat Research Team to Provide World-Class Detection, Investigation and Response (Gigamon) Research team’s latest research report unveils new trends in crimeware affecting global enterprises
How People Use Connected Devices (Clutch) People own and use connected devices, particularly smart home appliances, to access personal information. Most connected devices people own, though, are used as singular technologies, according to our survey of more than 500 people who own a connected device. Read More
Security Alert: Lack of Trust Comes with a High Price Tag for U.S. Bus (PRWeb) US Consumers Increasingly Put Their Money Where Their Trust Is, Research From PCI Pal Finds
Organizations want to threat hunt, but can't due to lack of time, skills and visibility (Help Net Security) 63% of respondents do not currently employ threat hunting, with half of organizations with over 5000 employees stating that they threat hunt.
Cybercrime could cripple nation’s economy, says NITDA (Guardian) Again, the National Information Technology Development Agency (NITDA) has called for concerted efforts in the fight against cybercrimes in the country.
Marketplace
Arctic Wolf Lands $45 Million in New Funding to Accelerate Company Growth (Arctic Wolf) Amidst Rapid Growth and Market Interest, SOC-as-a-Service Provider Plans for Expanded Offerings with New Products and Strategic Acquisitions
Verimatrix acquires Akamai identity Services assets (Digital TV Europe) Content security specialist Verimatrix has acquired the assets that comprise the Akamai Identity Services (AIS) product from CDN giant Akamai. The acquisition will help Verimatrix provide a common authentication system to reduce friction within the content distribution workflow for TV everywhere se...
Former Facebook security chief calls out Apple for privacy hypocrisy (Naked Security) Tim Cook’s warnings about an “industrial data complex” have been met with accusations of hypocrisy from Facebook’s former security supremo.
GDS offers £90k a head for squad of cyber and privacy professionals (PublicTechnology.net) The Government Digital Service is offering annual salaries of up to £90,000 as it seeks to recruit a team of experts to ensure the privacy and security credentials of its services.
Digital Guardian Announces CEO Transition (BusinessWire) Paul Ciriello Appointed as Interim CEO to Oversee Daily Business Operations and Product Innovation
Kount Appoints 20-Year Security and Privacy Executive Gary Sevounts as (PRWeb) Kount, a leading provider of fraud prevention solutions, announced today that industry leader Gary Sevounts has joined its executive team as Chief Marketing
CynergisTek Appoints New Senior Vice President of Sales and Marketing (BusinessWire) CynergisTek appoints new SVP of Sales & Marketing to drive business development of strategy and enhance customer experience.
Products, Services, and Solutions
New infosec products of the week: October 26, 2018 (Help Net Security) Data Theorem introduces automated API discovery and security inspection solution Data Theorem introduced the industry’s first automated API discovery and
Latest security tests introduce attack chain scoring (SE Labs) Security testing lab specialising in anti-malware and targeted attack testing of endpoints, appliances and cloud services.
SyncDog Inc. Announces Integrated Partnership with Quick Heal Technologies (BusinessWire) SyncDog, Inc., the leading Independent Software Vendor (ISV) for next generation mobile security and data loss prevention, today announced that IT sec
Garland Technology Announces 40G Bypass TAP and Advanced Aggregator to Improve Network Security and Efficiency (PR Newswire) Garland Technology, a leading provider of network and test access solutions, today announced a release of two new...
InfoSec Global and ID Quantique collaborate to provide a Quantum- Powered Crypto-Agile VPN, delivering the Industry's Strongest Security Transmission for Wide Area Communications (PR Newswire) InfoSec Global (ISG) and ID Quantique today announced a collaboration that for the first time delivers a Quantum-Safe...
Pulse Secure Launches New Packaging to Fuel Secure Access Services for Cloud and Hybrid IT (Globe Newswire) Service providers benefit from an integrated Secure Access suite with new on-demand provisioning, usage-based licensing and nominal up-front investment
A10 Networks delivers automation, analytics and multi-cloud management advancements to its ADCs (Help Net Security) Thunder ADC enhancements enable integration with Kubernetes, enhanced Ansible Playbooks and simplified ADC policy configuration with expanded ACT support.
FaceShield launches to protect your digital facial data and privacy online (Help Net Security) FaceShield offers three different filters for your photos, each of which provide a different level of image alteration and protection.
SyncDog's partners with Quick Heal Technologies (Help Net Security) Quick Heal has embedded SyncDog’s Secure.Systems workspace into their MDM solution to expand their offering and capture the growing BYOD market.
Pokémon chooses Vera’s data-centric security platform to protect critical IP worldwide (Help Net Security) The Pokémon relies on Vera to secure and track media files, game designs, and more, for secure collaboration and rights management.
Data Theorem introduces automated API discovery and security inspection solution (Help Net Security) Data Theorem introduced an automated API discovery and security analysis solution aimed at addressing API security threats.
Technologies, Techniques, and Standards
Some notes for journalists about cybersecurity - Security Boulevard (Security Boulevard) The recent Bloomberg article about Chinese hacking motherboards is a great opportunity to talk about problems with journalism.
Free decryption tool released for multiple GandCrab ransomware versions (ZDNet) New decryption tool can recover files locked by GandCrab versions 1, 4, and 5.
Behavioral Scientists Joining Risk Assessment Teams (Wall Street Journal) Behavioral science is finding its place in risk management as companies increasingly understand that a mechanical, box-ticking approach to compliance isn’t enough to avert misconduct.
Five Cybersecurity Steps for SMB Contractors (SIGNAL) The threat is no longer doomsday rhetoric.
Windows 7 End-of-Life: Are You Ready? (Dark Reading) Microsoft will terminate support for Windows 7 in January 2020, but some there's still some confusion among enterprises about when the OS officially gets retired.
Is your email account secure? (Action Fraud) Your email account can be a treasure trove for cyber criminals. New research has revealed that 79% of people keep emails in their account that can be exploited by cyber criminals to commit Identity theft, fraud, or impersonation.
Top Four G Suite Security Tips (Forbes) The use of G Suite brings a range of cloud-related security challenges that businesses can’t afford to ignore.
DHS Plans to Rejigger Government’s Cyber Sensor System for Move to Cloud (Nextgov.com) The government’s current system of Einstein cyber threat sensors isn’t well-suited to the scale and complexity of cloud systems.
Design and Innovation
National Cryptocurrencies – A Viable State Alternative to the Established Norm? (CyberDB) Cryptocurrency appears to be gaining traction among governments seeking to establish their own digital currencies, despite questions regarding...
DIB Calls BS On Buzzwords: Defense Innovation Board (Breaking Defense) Besides digging out ineptitude with a sharp spade, the DIB guide also offers constructive suggestions, even including 16 specific software programs to use for specific purposes, from version control to bug reports.
DIB Guide: Detecting Agile BS (Defense Innovation Advisory Board) Agile is a buzzword of software development, and so all DoD software development projects are, almost by default, now declared to be “agile.” The purpose of this document is to provide guidance to DoD program executives and acquisition professionals on how to detect software projects that are really using agile development versus those that are simply waterfall or spiral development in agile clothing (“agile-scrum-fall”).
Research and Development
US Department of Energy behind 'unhackable' quantum network to be built in Chicago (Computing) Principles of quantum physics ought to make experimental network unhackable
Legislation, Policy, and Regulation
Blessings and Curses From Constantinople (Foreign Affairs) The split in the Orthodox Church between Constantinople and Moscow will have wide-ranging implications for Russia's foreign policy under Vladimir Putin and Ukrainian domestic politics under Petro Poroshenko.
Cyber spy boss taking agency ‘out of shadows’ (The Australian) Australia’s military and cyber spy agency will undergo a public repositioning campaign — one of its most significant since its intelligence role was first recognised in 1977 — amid growing global threats to national security, cyber defence and demands for accountability.
Joyce: Give the U.S. cyberwar policy a chance (Defense Systems) Rob Joyce, former White House cyber coordinator, said the Trump administration's new cyber warfare policy is more 'thoughtful' than some might think.
Top NSA official skeptical of ‘hack back’ (Fifth Domain) Experts have called hack back
The Need for C3 (New America) A proposal for the creation of a Cybersecurity Civilian Corps—an innovative solution to critical cybersecurity issues.
President Trump Calls for National Spectrum Strategy (Broadcasting & Cable) Focus is on government to find spectrum for burgeoning internet of everything
National Risk Management Center to 'build on small things' (Federal News Network) Chris Krebs of the National Protection and Programs Directorate, described the National Risk Management Center as one half of a two-pronged approach to cybersecurity.
Analysis | The Cybersecurity 202: Google faces calls for privacy legislation, FTC probe after exposing user data (Washington Post) Its secrecy could get them in the most trouble.
DHS Report Urges Research into Cyber Market Failures (Nextgov.com) The research road map urges examining the long-term effects of laws, regulations and supply chain vulnerabilities.
ICANN GDPR WHOIS Policy Eliminates Pre-Emptive Protection of Internet Infrastructure Abuse; Obstructs Routine Forensics to Cybercriminals’ Advantage (BusinessWire) GDPR Whois policy reducing industry's ability to protect internet infrastructure from cybercrime abuses.
Corporate Speech Police Are Not the Answer to Online Hate (Electronic Frontier Foundation) A coalition of civil rights and public interest groups issued recommendations today on policies they believe Internet intermediaries should adopt to try to address hate online. While there’s much of value in these recommendations, EFF does not and cannot support the full document. Because we deeply...
Litigation, Investigation, and Law Enforcement
Saudi Arabia, in latest reversal, says Khashoggi’s killing was premeditated (Washington Post) The announcement underscored the rapidly mounting pressures on Saudi Arabia to fully explain the journalist’s death.
CIA director listens to audio of journalist’s alleged murder (Washington Post) Trump has grown skeptical of Saudi Arabia’s claim that the killing of journalist Jamal Khashoggi was a “rogue operation.”
Man in Florida arrested in connection with mail bombs sent to public figures (Washington Post) The arrests came after at least a dozen packages containing suspected explosives were sent to public figures.
Suspected explosives sent to Biden, De Niro as investigation into pipe bombs expands to 10 packages (Washington Post) Police found more suspicious packages the day after bombs addressed to Hillary Clinton, Barack Obama and others were intercepted.
The instant, inevitable cries of ‘false flag’ after bomb threats targeting the Clintons, Obamas and CNN (Washington Post) Once, false flag conspiracy theories lived in the online fringes. They're now an inevitable response to breaking news stories with political implications
Warner Calls on FTC and Google to Address the Prevalence of Digital Ad Fraud (Mark R. Warner) U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and a member of the Banking Committee, wrote a letter to the Federal Trade Commission (FTC) Chairman Joseph Simons expressing concern following a report published by Buzzfeed detailing continued prevalence of digital advertising fraud and inaction by Google to curb these efforts. According Buzzfeed, this scheme has generated hundreds of millions of dollars in fraudulent advertising revenues, with operations spanning more than 125 Android apps and websites.
Mueller probing whether Stone pal knew Clinton emails would be leaked (NBC News) Mueller's team is investigating whether Jerome Corsi knew stolen emails would be leaked and passed information about them to Trump associate Roger Stone.
U.S. Charges, Puts Sanctions on Singaporean Commodities Executive (Wall Street Journal) U.S. authorities filed criminal charges and imposed sanctions on the owner and director of a Singapore-based commodities-trading firm for allegedly laundering money on behalf of North Korea.
Two hackers behind 2016 Uber data breach have been indicted for another hack (TechCrunch) Two hackers who stole millions of users’ data from ride-hailing firm Uber have been indicted on separate hacking charges related to a data breach at online learning portal Lynda, two people familiar with the case have told TechCrunch. Vasile Mereacre, a Canadian citizen living in Toronto, and…
Treasury Official Accused of Leaks Is a Trump Supporter Who Feuded With Another Unit (Wall Street Journal) The arrest last week of a senior Treasury Department official for allegedly leaking sensitive records to BuzzFeed had its roots in a bureaucratic dispute dating to the Obama administration, according to people familiar with the matter.
Former ID card manufacturer Gemalto files against PPA (ERR) Former Estonian ID card manufacturer Gemalto AG has filed a breach of contract action against the Police and Border Guard Board (PPA) following the latter's own action filed at Harju County court on 27 September.
Why the NSA Called Me After Midnight and Requested My Source Code (Medium) The story behind my top secret coffee cup
