Cyber Attacks, Threats, and Vulnerabilities
Iranian official says president's cellphone was tapped (AP News) Iranian officials say President Hassan Rouhani's mobile phone was tapped, without providing details on who was behind it or what information they might have gleaned. The semi-official ISNA news agency on Monday quoted Gen. Gholam Reza Jalali, the head of a military unit charged with combatting sabotage, as saying Rouhani's phone was tapped "recently" and would be replaced with a more secure device. He did not provide further details.
Beijing Has Learned How to Play U.S. Politics (Foreign Policy) China is listening to Trump’s phone, but what can it do with that information?
How ‘Mr. Hashtag’ Helped Saudi Arabia Spy on Dissidents (Motherboard) Saud Al-Qahtani, a close advisor of crown prince Mohammed bin Salman, was tasked with buying Hacking Team spyware, and apparently moonlighted as a member of online cybercrime website Hack Forums.
Under Attack: How Election Hacking Threatens the Midterms (PCMAG) The United States is grappling with fundamental cybersecurity threats at every level of voting infrastructure, from malware-based campaign hacks to weaponized social media posts. But there are plenty of people trying to do something about it.
US election integrity depends on security-challenged firms (Washington Post) Secretive, cybersecurity-challenged companies are gatekeepers of US election integrity
Texans say glitchy voting machines are changing their ballots. The state blames user error. (Washington Post) As Beto O'Rourke and Ted Cruz fight for a Senate seat, Texas voters say machines are erroneously changing their ballots.
DHS: Election officials inundated, confused by free cyber-security offerings (ZDNet) Official would have liked free offerings to have been coordinated through DHS.
2018 midterm election study (Ghostery) We analyzed 981 candidate websites (House and Senate candidates for the 2018 midterm elections) and found that trackers are present on 87% of all sites considered and that around 13% of all campaign pages assessed were tracker free. 41% of pages assessed had 2 – 5 trackers on them; followed by 26% of pages with …
Case study in fake news for all journalism schools (South China Morning Post) Allegations made in magazine article that the Chinese military planted spy chips on motherboards made by US company has been denied by cyber giants and security services
SBP instructs banks after ‘cyber attack’ on Bank Islami network (The News) “On the morning of October 27, 2018 certain abnormal transactions valuing Rs 2.6 million were detected by the Bank on one of its international payment card scheme. The Bank immediately took precautionary steps which, interalia, included shutting its international payment scheme. All monies withdrawn from accounts i.e. Rs 2.6 million have been credited in the respective accounts,” it said.
JuiceChecker-3PC: Introduces New Technique to Escape Malware Detection and Infect Millions of Smartphones (The Media Trust) A new malware attacks demand side platform providers serving publishers around the world.
Securonix Threat Research: British Airways Breach: Magecart Formgrabbing Supply Chain Attack Detection (Securonix) The data breach suffered by British Airways earlier this year affected around 380,000 customers and resulted in the theft of customer data including personal and financial details. The attack was highly targeted and utilized customized…
X.Org Flaw Allows Privilege Escalation in Linux Systems (Threatpost) The issue impacts many large distros with GUI interfaces.
The analysis of the attack which uses Excel 4.0 macro to avoid antivirus software detection (360 Total Security Blog) On October 18, 2018, 360 Threat Intelligence Center captured for the first time an example of an attack using the Excel 4.0 macro to spread the Imminent Monitor remote control Trojan.
Kraken Ransomware Emerges from the Depths: How to Tame the Beast (McAfee Blogs) Look out, someone has released the Kraken — or at least a ransomware strain named after it. Kraken Cryptor ransomware first made its appearance back in August, but in mid-September, the malicious beast emerged from the depths disguised as the legitimate spyware application SuperAntiSpyware.
Exposed Docker APIs Continue to Be Used for Cryptojacking (BleepingComputer) Trend Micro has recently spotted an attacker that is scanning for exposed Docker Engine APIs and utilizing them to deploy containers that download and execute a coin miner. These containers then use scripts to spread to other systems.
Campaign evolution: Hancitor malspam starts pushing Ursnif this week (SANS Internet Storm Center) Today's diary reviews noteworthy changes in recent malicious spam (malspam) pushing Hancitor.
Search for Chrome on Bing, and you might get a nasty surprise (HOTforSecurity) It's 2018, and you can still end up with your computer compromised by searching for the world's most popular browser. That fact was brought home once again by Twitter user Gabriel Landau who, immediately upon firing up his brand new Windows 10 laptop and trying to download... #bing #malvertising
DemonBot Fans DDoS Flames with Hadoop Enslavement (Threatpost) An unsophisticated but effective botnet is targeting exposed cloud servers and racking up millions of infections.
Call of Duty players caught up in cryptocurrency theft racket (Naked Security) The FBI recently busted a group of criminals who seem to be using Call of Duty to coordinate cryptocurrency thefts.
League of Legends Gamers Targeted by Phishing Scam (Security Boulevard) Who is being targeted?
UK Construction Firms Hemorrhage Log-Ins to Dark Web (Infosecurity Magazine) RepKnight finds hundreds of thousands of credentials for sale
Mac cryptocurrency ticker app installs backdoors (Malwarebytes Labs) A Mac application named CoinTicker has been found installing two different backdoors, capable of keylogging, data theft, execution of arbitrary commands, and more.
An Update on the jQuery-File-Upload Vulnerability (Akamai) In the days following the original post concerning my disclosure of the flaw in jQuery-File-Upload (CVE-2018-9206), many people reached to me with a number of questions on various related topics. I think a blog post is the best way to...
Word documents seemingly carrying videos can deliver malicious code instead (Help Net Security) A feature that allows anyone to embed a video directly in a Word document can be easily misused to trick target users into downloading and running malware.
Researchers exploit Microsoft Word through embedded video (Naked Security) A group of researchers has found a way to infect computers via Word documents without triggering a security warning.
Action Fraud warns against fake TV licensing emails, as over 2,500 reports are made in two months alone (Action Fraud) Fraudsters are sending the public fake TV licensing emails to steal their personal and financial information.
IT Security Vulnerability Roundup – October 2018 (eSecurity Planet) A look at 10 of the many security flaws reported in the past month.
Security Patches, Mitigations, and Software Updates
Windows Defender can now run inside a sandbox (Help Net Security) Windows Defender Antivirus can be run within a sandbox, a restrictive environment that separates the AV's processes from those of the underlying Windows OS
Cyber Trends
Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructures (TrendLabs Security Intelligence Blog) Using open source intelligence techniques (OSINT), we were able to get a glimpse of possible problem areas for the energy and water sectors. Using internet scanning (mainly through Shodan) and physical location mapping, we were able to identify a number of exposed and vulnerable HMIs, all of which are from small to medium businesses. What this tells us is how important cybersecurity is for each level of the supply chain as well as for each CI sector.
Exposed and Vulnerable Critical Infrastructure: Water and Energy Industries (Trend Micro) The water and energy (W&E) sectors are critical to the economy of every nation, in fact to human life, and need to be secured.
You're Not Imagining It: Civilization is Flickering; and it can be catastrophic (Control Global) Mike Assante wrote two blogs: You're Not Imagining It: Civilization is Flickering, part 1 and 2. Mike is saying is what I have been saying: network monitoring of control system networks is necessary but not sufficient. Moreover, it has been shown in laboratory demonstrations and actual incidents that cyber vulnerabilities exist that can lead to physical damage equipment such as transformers, motors, generators, etc. Damaging this equipment can lead to long term outages of electric systems, refineries, manufacturing, etc.
Washington Journal: Blake Sobczak Discusses Energy Grid Security (C-SPAN) E&E News Reporter Blake Sobczak discusses the security of the U.S. energy grid and recent hacks to systems.
New Report: IoT Now Top Internet Attack Target (Dark Reading) IoT devices are the top targets of cyberattacks -- most of which originate on IoT devices, new report finds.
CEO and Board Risk Management Survey Report (Deloitte United States) Learn how 400 CEOs and board members are prioritizing investments in four critical risk areas.
21% of all files in the cloud contain sensitive data (Help Net Security) McAfee released its Cloud Adoption and Risk Report, which analyzed billions of events in anonymized customers production cloud use to assess the current
Americans Trust Government More than Tech Companies to Combat Election Influence Ops (Nextgov.com) A survey found that U.S. adults think it’s highly likely some nation will try to interfere in the midterms and aren’t confident government or industry can stop it.
Cybersecurity and the Middle Market (National Center for the Middle MArket) An in-depth investigation of how cybersecurity affects the Middle Market based on research from our Q3 2018 MMI Report.
Study Considers Characteristics of the Future Work Force (SIGNAL) With machines augmenting the work force, humans will perform more mission-critical work, Deloitte report predicts.
State of the States for Tech and Cyber (Government Technology) The survey results from two major government studies were released at the National Association of State CIOs (NASCIO) Annual Conference in San Diego this past week. The technology and cybersecurity results signal major change is coming — in many diverse ways. Here’s what you need to know as we head into 2019.
How People Use Connected Devices (Clutch) People own and use connected devices, particularly smart home appliances, to access personal information. Most connected devices people own, though, are used as singular technologies, according to our survey of more than 500 people who own a connected device. Read More
Marketplace
Security Implications of IBM-Red Hat Merger Unclear (Dark Reading) But enterprises and open source community likely have little to be concerned about, industry experts say.
Fugue Announces Strategic Partnership and Development Agreement with In-Q-Tel (IQT) (BusinessWire) Fugue, the leader in cloud security and compliance automation, today announced a strategic partnership agreement with In-Q-Tel (IQT). IQT is the not-f
Products, Services, and Solutions
LookingGlass Cyber Solutions Software Platform Proactively Manages Third Party Cyber Risks to Business Data and Operations (BusinessWire) LookingGlass™ Cyber Solutions, a leader in threat intelligence-driven security, today announced the general availability of its advanced Third Party R
Nyotron's PARANOID Receives Advanced Threat Defense Certification from ICSA Labs (PR Newswire) Nyotron, provider of the industry's first OS-Centric Positive Security solution to strengthen endpoint...
Dashlane Research Finds Majority of Two-Factor Authentication Offerings Fall Short (Dashlane Blog) The results of our Two-Factor Authentication (2FA) Power Rankings are in. The rankings, which examined the prevalence of 2FA offerings among 34 top consumer websites in the United States, found...
Safeguarding global critical networks now and in the future (Help Net Security) Lior Frenkel talks about the vulnerability of critical networks, challenges related to safeguarding such security architectures from 0-day attacks, etc.
LATAM Financial Institutions Tap Behavioral Biometrics Leader, BioCatch, to Strengthen Regional Cybersecurity and Combat Homegrown Fraud (Biocatch) LATAM Financial Institutions Tap Behavioral Biometrics Leader, BioCatch, to Strengthen Regional Cybersecurity and Combat Homegrown Fraud
ZeroStack delivers inter-cloud VPN-as-a-service (Help Net Security) The ZeroStack's cloud administrator can now use VPN-as-a-service to establish a secure tunnel between local networks and users in multiple sites.
Learning Tree expands end-to-end cybersecurity certification training solutions (Help Net Security) Learning Tree expanded end-to-end cybersecurity certification training solutions to help organizations invest in a people-first cybersecurity culture.
Verint and Thales join forces to deliver cyber threat intelligence approach (Help Net Security) Verint Systems and Thales partner to create a Cyber Security Threat Intelligence approach for governments, enterprises, and critical infrastructures.
wolfSSL Announces Qt Framework Support & Integration (PRWeb) wolfSSL, a leading provider of TLS cryptography and the world’s first commercial release of TLS 1.3 announces support for the Qt Framework. Qt is a GUI deve
Technologies, Techniques, and Standards
Psy-Ops, Meet Cyber-Ops: U.S. Takes on Russian Trolls (Just Security) "Hello, Ivan. This is U.S. Cyber Command. We can see your mouse from here."
7 Ways an Old Tool Still Teaches New Lessons About Web AppSec (Dark Reading) Are your Web applications secure? WebGoat, a tool old enough to be in high school, continues to instruct.
Don’t Go Once More Unto the Breach: Fix Those Policy Configuration Mistakes (Infosecurity Magazine) Examining four common security policy errors, and how organizations can avoid them.
Design and Innovation
Signal Has a Clever New Way to Shield Your Identity (WIRED) "Sealed sender" gives the leading encrypted messaging app an important boost, hiding metadata around who sent a given message.
Self-driving cars learn (from us) about who to sacrifice in a crash (Naked Security) It’s bad news for overweight, elderly, male jaywalkers.
Research and Development
Dartmouth's PhasorSec protects power grids from cyberattack (EurekAlert!) A new technique protects power grids from attacks against utility control systems that can shut down facility operations, trigger longer-term blackouts and even cause permanent physical damage.
Academia
China Is Secretly Enrolling Military Scientists in Western Universities (Defense One) Dozens of scientists and engineers linked to China’s People’s Liberation Army obscured their military connections when applying to study overseas.
2 universities getting new sites for cybersecurity training (The State) Michigan Gov. Rick Snyder says two universities will be getting new sites for cybersecurity training.
Cadillac High School Wins High School Cyber Challenge (PR Newswire) High School teams from across Michigan came to the 2018 North American International Cyber Summit (NAICS) at Cobo Center ...
Legislation, Policy, and Regulation
Angela Merkel to step down in 2021 (BBC News) The decision by Germany's veteran chancellor comes after a series of regional election setbacks.
Angela Merkel sets date to quit after election drubbing (Times) Angela Merkel will step down as chancellor and retire from German politics by 2021 in an unprecedented attempt to hand over power to a successor. Her long farewell, announced after her party...
Russia, US Offer Competing Vision of Cyber Norms to the UN (Defense One) Two proposed versions of an “international code of conduct for international information security” set up a clash between autocracies and democracies.
Report: Israel sold $250m. of sophisticated spy systems to Saudi Arabia (The Jerusalem Post) These are the most sophisticated systems Israel has ever sold to any Arab country.
Spy chief wanted ban on China telecoms from Australian 5G (AP News) Australia's critical infrastructure including electricity grids, water supplies and hospitals could not have been adequately safeguarded if Chinese-owned telecommunications giants Huawei and ZTE Corp. were allowed to help roll out the nation's 5G network, a spy chief said. Mike Burgess, director-general of the Australian Signals Directorate, said his cyber experts had backed the government's decision in August to bar the two Chinese companies that he described as "high-risk vendors." It was the first time the secretive agency had disclosed such information.
Huawei poses security threat to Australia's infrastructure, spy chief says (the Guardian) Australian Signals Directorate chief says using ‘high-risk vendor equipment’ could pose threat to water supply and electricity grid
Tech tax is a 'quick and dirty' solution that will damage UK businesses, Hammond told (The Telegraph) The launch of a digital services tax could severely damage businesses across the UK, Chancellor Philip Hammond has been warned.
Hate speech tied to suspect in synagogue massacre rekindles calls for regulating social media (Washington Post) Some lawmakers questioned whether a decades-old law that protects social media giants from lawsuits might be in need of an overhaul.
OMB loosening the reins on major cyber programs for 2019 (Federal News Network) The Office of Management and Budget released the 2019 Federal Information Security Management Act guidance giving agencies more options to meet the intent of the CDM program.
“Right to repair” gets a boost from new DMCA software rules (Naked Security) It just got easier for owners of a wide range of home devices to hack and repair their software.
The 5 areas of emphasis in the Army’s new electronic warfare strategy (C4ISRNET) The Army's new strategy provides five broad lines of effort.
Inside the Pentagon’s struggle to build a cyber force (Fifth Domain) Experts suggest the armed forces have structural problems that prevent it from becoming a digitally cohesive force.
Army announces new director of operations at NGA (C4ISRNET) The Department of Defense announced a new director of operations at the National Geospatial-Intelligence Agency.
Litigation, Investigation, and Law Enforcement
China’s Bad Old Days Are Back (Foreign Affairs) Under Xi Jinping, China is extending political repression from its Western border regions into Hong Kong and other that once seemed relatively free by comparison. What we are witnessing is not a continuation of China’s oppressive status quo but the onset of something alarming and new.
U.S. to Restrict Chinese Chip Maker From Doing Business With American Firms (Wall Street Journal) The U.S. has raised the stakes in a battle with Beijing over intellectual property by restricting American firms from doing business with state-owned Chinese chip maker Fujian Jinhua that Micron Technology Inc. has accused of stealing its secrets.
Average ICO Fines Double in a Year (Infosecurity Magazine) Latest stats show total increased 24%
FBI investigating cyber attack at Peoria Notre Dame High School (Journal Star) Peoria Notre Dame High School has been the target of a cyber attack that had drawn the attention of federal investigators.