Cyber Attacks, Threats, and Vulnerabilities
China hijacking internet traffic using BGP, claim researchers (Naked Security) Researchers claim that unusual BGP routing changes are actually man-in-the-middle surveillance.
China ’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’ s BGP Hijacking (Military Cyber Affairs:) China’s Workaround: Hijacking Internet Traffic not covered by the anti-theft 2015 Xi-Obama Agreement
China's 5 Steps for Recruiting Spies (WIRED) Cases of Americans allegedly recruited to spy on China’s behalf follow a basic pattern.
Bitdefender Finds Hackers Targeting High-Profile US Election... (Bitdefender Labs) Here at Bitdefender Labs we are closely watching the US Midterm Elections in search of anomalies in malware, spam, misinformation and social network activity. What is a ‘fake domain’? Typically, a fake website. Hackers register variations of valid website domains in order to... #electionsecurity
Americans Are Easy Marks for Russian Trolls, According to New Data (The Daily Beast) A Daily Beast analysis of Twitter data shows the Kremlin troll farm’s English-language propaganda is nine times more effective than its disinformation in Russian.
Social-Media Companies Are Scanning for Potential Terrorists — Islamic Ones, Anyway (Defense One) Big platforms like Facebook others have come a long way in detecting and preventing the spread of Islamic extremist content and tracking potential Muslim terrorists. Why aren’t they doing more about other kinds?
This Election Offered A Window Into WhatsApp's Wild, Sometimes Fact-Free World (BuzzFeed News) "What we do know is that people trust the information they see in a WhatsApp group and are more likely to read every message that comes into the platform."
Twitter’s U.S. midterms hub is a hot mess (TechCrunch) Today, Jack Dorsey tweeted a link to his company’s latest gesture toward ongoing political relevance, a U.S. midterms news center collecting “the latest news and top commentary” on the country’s extraordinarily consequential upcoming election. If curated and filtered properl…
Facebook bans the Proud Boys, cutting the group off from its main recruitment platform (TechCrunch) Facebook is moving to ban the Proud Boys, a far-right men’s organization with ties to white supremacist groups. Business Insider first reported the decision. Facebook confirmed the decision to ban the Proud Boys from Facebook and Instagram to TechCrunch, indicating that the group (and presuma…
Facebook caught in an election-security Catch-22 (AP NEWS) NEW YORK (AP) — When it comes to dealing with hate speech and attempted election manipulation, Facebook just can't win. If it takes a hands-off attitude, it takes the blame for undermining democracy and letting civil society unravel. If it makes the investment necessary to take the problems seriously, it spooks its growth-hungry investors. That dynamic was on display in Facebook's earnings report Tuesday, when the social network reported a slight revenue miss but stronger than expected profit for the July-September period.
How one man could have taken over any business on Facebook (Naked Security) The recently patched flaw would have enabled anyone to make themselves an administrator for any Facebook business account.
Kraken Cryptor Ransomware Gains Popularity Among Cybercriminals (Recorded Future) Insikt Group collaborated with researchers at McAfee to analyze Kraken Cryptor, a ransomware affiliate program now popular among members of the dark web.
Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims (McAfee Blogs) Alexandr Solad and Daniel Hatheway of Recorded Future are coauthors of this post. Read Recorded Future's version of this analysis. Rising from the deep, Kraken Cryptor ransomware has had a notable development path in recent months. The first signs of Kraken came in mid-August on a popular underground forum. In
Security firm: Hacking group SamSam primarily targeting US organizations with ransomware attacks (TheHill) The hacking group behind the costly cyberattack that shut down many of the Atlanta's computer systems earlier this year is primarily targeting U.S.-based organizations, according to a new report.
Semmle Discovers Six Critical Vulnerabilities Affecting Macs, iPhones, and iPads (Semmle) Today, Apple announced a series of critical remote code execution vulnerabilities in Apple’s XNU operating system kernel. XNU is the kernel of macOS, iOS, and other Apple operating systems, which run on more than 1.3 billion devices globally. The vulnerabilities are in XNU’s networking code and its client-side NFS implementation. They were discovered by Kevin Backhouse from the Security Research Team here at Semmle, using our variant-analysis engine to search for vulnerability patterns in source code.
Snakes in the grass! Malicious code slithers into Python PyPI repository (Naked Security) Not for the first time, typosquatting malware made its way into an open source code repository.
Webroot Unveils Nastiest Malware of 2018 (PR Newswire) Webroot, the Smarter Cybersecurity® company, highlights the top cyberattacks of 2018 in its latest Nastiest...
More malspam using password-protected Word docs (SANS Internet Storm Center) This diary reviews an example of malicious spam (malspam) using password-protected Word documents to distribute Nymaim on Tuesday 2018-10-30.
Hackers target UK universities accredited by NCSC (Computing) Iranian criminals tried to phish 18 universities, half of them offering NCSC-approved cybersecurity courses
Square, PayPal POS Hardware Open to Multiple Attack Vectors (Threatpost) Popular card readers like Square and PayPal have various flaws that allow attacks ranging from fraud to card data theft.
Pakistani bank denies losing $6 million in country's 'biggest cyber attack' (ZDNet) Anonymous source says the attack consisted of a flood of suspicious PoS transactions made at Target stores in Brazil and US.
How’d this government agency get infected with malware? 9,000 pages of porn. (Washington Post) An employee at the U.S. Geological Survey visited more than 9,000 pornographic Web pages and infected the agency's network with malware, prompting calls to bolster security measures, according to an inspector general’s report.
Crypto exchange collapses, victims accuse it of exit scam (Naked Security) Another day, another exchange goes down – but was it a hack or an exit scam?
Cortland And Homer Among 50 CNY School Districts Under Cyber Attack (X101 Always Classic) Senator Chuck Schumer announced yesterday (October 29) that more than 50 Central New York schools were hit with a total of nine cyber attacks so far t
Security Patches, Mitigations, and Software Updates
Apple releases security updates, says new MacBooks will disconnect microphone when lid is closed (Help Net Security) Apple unveiled new Macs and iPads on Tuesday and has pushed out security updates for macOS, iOS, watchOS, tvOS, Safari, iTunes, and iCloud for Windows.
About the security content of macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra (Apple Support) This document describes the security content of macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra.
Yes, you should update your iPhone to iOS 12.1, but its lock... (HOTforSecurity) Apple has released its first major update to iOS 12 - iOS 12.1 - bringing a host of new features to iPhones and iPads including dual SIM support, Group Facetime, and for those who needed more of them in their life - 70 new emoji. Apple is less keen to brag about... #ios #iphone #maliciouswebsite
Apple's T2 Security Chip Makes It Harder to Tap MacBook Mics (WIRED) By cutting off the microphone at the hardware level, recent MacBook devices minimize the chance that someone can eavesdrop
Cyber Trends
Damaging cyberattacks surge ahead of 2018 U.S. midterm elections (Help Net Security) Two-thirds of IR professionals interviewed believe cyberattacks will influence the upcoming U.S. elections, according to Carbon Black.
Quarterly Incident Response Threat Report | November 2018 (Carbon Black) Stay abreast of the current attack landscape and trends seen by leading IR firms in Carbon Black's Quarterly Incident Response Threat Report (QIRTR)
OTX Trends Part 3 - Threat Actors (AlientVault) This is the third of a three-part series on trends identified by AlienVault in 2017.Part 1 focused on exploits and part 2 addressed malware. This part will discuss threat actors and patterns we have detected with OTX.Which threat actors should I be most concerned about?Which threat actors your organization should be most concerned about will vary greatly. A flower shop will have a very different threat profile from a defense contractor. Therefore below
2018 Open Threat Exchange (OTX) Trends Report (AlienVault) AlienVault Threat Researcher Chris Doman and Security Advocate Javvad Malik highlight the latest threat trends with advice on how to defend against them.
The three C’s of cyber (Fifth Domain) Creativity, communication and collaboration secure critical infrastructure.
Spooking the C-Suite: The Ephemeral Specter of Third-Party Cyber-Risk (Dark Reading) Halloween movies are the perfect metaphor for breaking down today's scariest supplier breach tropes.
Marketplace
Does your small business need cyberattack insurance? (The Globe and Mail) Front Row Insurance says small businesses in Canada are so poorly covered because the process is too complex and costly
RSA Conference 2019 expands innovation program (Help Net Security) RSA Conference announced submissions are open for the returning RSAC Innovation Sandbox Contest and the first-ever RSAC Launch Pad.
Qualys Acquires Container-Native Security Company Layered Insight (Qualys) Strategic acquisition enables Qualys to add runtime defense capabilities and automated enforcement to its current Container Security solution
Mobileum Inc. Announces the Acquisition of Evolved Intelligence (BusinessWire) Mobileum Inc. (“Mobileum”), a leading global provider of analytics-based roaming and risk management solutions, today announced the acquisition of Evo
Facebook loses more users in Europe as its growth continues to cool (The Telegraph) Facebook has warned investors to expect slower revenue growth for the foreseeable future as it battles new privacy laws, lower user numbers and a worldwide shift towards private messaging.
It's early, but Booz Allen has high hopes for a new business line (Washington Business Journal) The company’s solutions business is tackling mobile security first, but CEO Horacio Rozanski sees product potential in artificial intelligence, directed energy and cybersecurity as well.
Radiflow Expands Corporate Management Team to Accelerate Company's Strategic Expansion for its Industrial Cybersecurity Solutions (PR Newswire) Radiflow, a leading provider of industrial cybersecurity solutions for critical infrastructure, today...
Products, Services, and Solutions
Endgame Introduces Total Attack Lookback™ for Comprehensive Incident Review (Endgame) Includes 120 days of non-repudiable forensic information that exceeds average adversary dwell time at zero additional cost ARLINGTON, VA - October 31, 2018 - Endgame, the leader in unified endpoint protection against targeted attacks, today announced it has made critical threat intelligence data available to all customers free of charge through Total Attack Lookback™ – the industry’s first forensic review feature to exceed average adversary dwell time.
Comodo Launches Dome Shield Platinum to Secure and Control Internet Access (GlobeNewswire News Room) DNS-based protection and visibility deployed in under two minutes anywhere on any IT infrastructure
NSS Labs Announces Results of Second Edition of 2018 Data Center Intrusion Prevention System Group Test (P&T Community) Three Products Receive Recommended Rating
AlienVault - Open Threat Exchange (AlienVault Open Threat Exchange) Learn about the latest online threats. Share and collaborate in developing threat intelligence. Protect yourself and the community against today's latest threats.
ConnectWise and Cylance Integrate Managed Services Provider Solutions (Cylance) Cylance is pleased to announce the integration of flagship products CylancePROTECT and CylanceOPTICS with ConnectWise Automate to boost security protocols for managed services providers (MSPs) that support security solutions across a range of businesses.
CA Technologies updates mainframe solutions, promoting a platform for hybrid environments (Help Net Security) CA's enhanced offerings enable customers to use intelligence and automation to maximize resources and protect data while working across hybrid environments.
Allot Communications reaches deal with Swiftel Networks (Proactiveinvestors NA) Allot Communications Ltd (NASDAQ:ALLT) - Allot will provide Swiftel with a distributed denial-of-service (DDoS) protection system to offer it as a service across their broad network of internet service provider and enterprise customers
Technologies, Techniques, and Standards
Paper Is Big Again, at Least for Elections. These States Don’t Have It (Roll Call) Just days before the midterms, dozens of jurisdictions around the country go to polls without a paper backup for electronic voting systems.
Military Cyber Teams On Standby For Elections (Breaking Defense) “We haven’t deployed anyone, just to be clear,” Edwin Wilson said. “We’ll have a traditional prepare-to-deploy order, (and) the members and teams are on recall ready to go within hours.”
Center for Internet Security looks to expand threat sharing program to political campaigns (Cyberscoop) While hundreds of millions of dollars in federal money have been allocated for securing state election infrastructure this year, political campaigns are often cash-strapped operations short on cybersecurity expertise.
Fewer than half of US states have undergone federal election security reviews (ABC News) With only a week left before the midterms, fewer than half of U.S. states have submitted to a Department of Homeland Security assessment of their vulnerabilities.
Don’t Be Manipulated This Midterm Election Season: 5 Immediate Social Media Actions You Need to Take (Proofpoint) Our midterm elections are quickly approaching, which means Americans need to be hyperaware on social networks to avoid misinformation and scams. Below are five things you must do right now to protect yourself online and not be manipulated. It’s time for all Americans to take control of the information they consume.
Cyber Supply Chain Task Force to Meet Soon (Nextgov.com) The task force will be managed by Homeland Security Department’s new long-range cyber planning organization.
Gathering Insights on the Reemergence and Evolution of Old Threats Through Managed Detection and Response (TrendLabs Security Intelligence Blog) Smart Protection Network (SPN) data and observations from Managed Detection and Response (MDR) for the North American region show the persistence of older threats and tactics: delivery methods such as spam emails are still going strong, while ransomware attacks have seen a renewed vigor alongside newer threats such as cryptocurrency mining malware in the third quarter of 2018.
The Role of Technology in Compliance (TetherView) Learn about various technology compliance frameworks as they relate to cyber risk management. TetherView - the most comprehensive private cloud for business
Cyber Drills Are the New Fire Drill: 5 Mistakes You’re Probably Making Right Now (CSO) When a data breach hits an organization, everyone is under pressure to react. There is little to no time to think or plan. That’s why having a solid, approved plan and regular drills to practice are critical to an effective response.
Deceptioneering Part 2: Principles of Deception (Infosecurity Magazine) Once you have a foundational knowledge of Deceptioneering, it is important to look at some practical applications.
Design and Innovation
The Plausibility of Forecasting Cyber Attacks (SIGNAL) Experts examine if and how cyber attacks can be predicted.
Google Updates reCAPTCHA: No More Boxes to Check (Threatpost) Puzzles and check-boxes have been replaced with in-the-background behavioral analysis.
10 Years of the Blockchain: What Is Bitcoin, Really? (Motherboard) The Bitcoin white paper was released into the world 10 years ago today, so we asked some influential people in the space—including the guy who spent 10,000 bitcoins on pizza in 2010—what it is and where it's going.
Research and Development
Denim Group Awarded Hybrid Analysis Mapping Patents by U.S. Patent and Trademark Office (Digital Journal) announced that the United States Patent and Trademark Office (USPTO) has
Bank of America awarded new patent for storing cryptography keys (BCFocus) In an interesting development on Tuesday, Bank of America was awarded a patent for systems and devices for hardened remote storage of private cryptography keys used for authentication, according to documents released by the US Patent and Trademark Office (USPTO).
Legislation, Policy, and Regulation
The threat to US cyber intelligence (Fifth Domain) How “failure of imagination” continues to plague counterintelligence efforts.
DoD leader calls for teamwork in ‘cyber posture review’ (Fifth Domain) The deputy secretary of defense discussed the importance of sharing tools, techniques and insight between agencies to protect America's critical infrastructure from cyberattacks.
Common suitability, security clearance standards are coming within a year, ODNI says (Federal News Network) Common standards across the suitability and security clearance processes may ease long-held frustrations from industry and the intelligence community.
Intelligence 'black budget' hits mysterious new high under Trump (Washington Examiner) Congress secretly boosted U.S. spy agency funding last year, pushing the government's intelligence "black budget" to its highest publicly known level, and raising questions about the reason for the surge.
Military Intelligence Spending Just Posted Biggest Spike in a Decade (Defense One) With an 18 percent increase this year, the Pentagon’s $22 billion intelligence tab is rising faster than civilian spy agencies.
Litigation, Investigation, and Law Enforcement
Feds: Chinese spies orchestrated massive hack that stole aviation secrets (Ars Technica) Feds say campaign hacked 13 firms in bid to help Chinese state-owned aerospace company.
U.S. charges Chinese spies and their recruited hackers in conspiracy to steal trade secrets (Washington Post) It’s the third such law enforcement action taken against China since September.
[Superseding indictment] (US Department of Justice) UNITED STATES OF AMER]CA, Plaintiff, V ZHANG ZHANG_GU] (1), aka "leanov, " aka "1eaon, " zHA RONG (2), cHAr MENG (3), aka "Cobain," L]U CHUNLIANG (4), aka "sxpdi-cl-," aka "Fangshour " GAO HONG KUN (5), aka "mer4en7y, " ZHUANG XTAOWET (6), aka "jpxxavr " MA ZHrQr (1) , aka "Le Mar " Lr xrAo (B), aka "zhuan86 " GU GEN (9), aka "Sam Gur" TrAN Xr (10), Defendants.
Zuckerberg gets joint summons from UK and Canadian parliaments (TechCrunch) Two separate parliamentary committees, in the UK and Canada, have issued an unprecedented international joint summons for Facebook’s CEO Mark Zuckerberg to appear before them. The committees are investigating the impact of online disinformation on democratic processes and want Zuckerberg to a…
Mueller probes Roger Stone’s interactions with Trump campaign and timing of WikiLeaks release of Podesta emails (Washington Post) On Friday, the special counsel interviewed Stephen K. Bannon, Trump’s former chief strategist, about alleged claims Stone made privately about WikiLeaks, according to people familiar with the session.
Alleged SWATter will plead guilty to dozens of serious new federal charges (Naked Security) The long list of charges includes bank fraud, involuntary manslaughter, cyberstalking and wire fraud.
Infantino expects release of info from cyberattack on FIFA (AP NEWS) FIFA President Gianni Infantino is braced for a release of private information gained by hackers after world soccer's governing body said its computer network was subject to another cyberattack. The disclosure comes in the same month the U.S. Department of Justice and the FBI said Russia's military intelligence body was responsible for a hack on FIFA in 2016, which led to evidence from anti-doping investigations and lab results being published. FIFA did not provide details about the data gained in the latest attack this year on e-mail systems, but it has been contacted by media outlets about internal information contained in private exchanges.
UK Law Firm Preps Cathay Pacific Class Action (Infosecurity Magazine) Lawyers claim airline owes customers compensation
Credit Union’s Employees Saw Anti-Money-Laundering Compliance Gaps (Wall Street Journal) Employees at Pentagon Federal told regulators it had a flawed program to prevent money laundering.