Cyber Attacks, Threats, and Vulnerabilities
A pair of new Bluetooth security flaws expose wireless access points to attack (TechCrunch) Security researchers have found two severe vulnerabilities affecting several popular wireless access points, which — if exploited — could allow an attacker to compromise enterprise networks. The two bugs are found in Bluetooth Low Energy chips built by Texas Instruments, which networking device mak…
Two Zero-Day Bugs Open Millions of Wireless Access Points to Attack (Threatpost) Called BleedingBit, this vulnerability impacts wireless networks used in a large percentage of enterprise companies.
Nation-State Hackers Target Managed Service Providers to Access Large Companies (Wall Street Journal) Companies are reviewing basic security protocols following a Department of Homeland Security warning this month about active threats targeting managed service providers.
Beware: China may be reading your email (Asia Times) A new report alleges China uses key internet vulnerabilities to hijack traffic amid claims its technological success is ‘dependent on massive expropriation of foreign R&D’
Fake news network vs bots: the online war around Khashoggi killing (Reuters) On Oct. 20, Arabic-language website alawatanews.com published a report that Saud...
Bolton says U.S. is conducting ‘offensive cyber’ action to thwart would-be election distrupters (Washington Post) Trump’s national security adviser also said the Pentagon will face funding challenges as it builds up to counter Russia and China.
U.S. Cyber Command Targeted Russian Operatives to Deter Election Meddling. Here’s Why. (Council on Foreign Relations) Although anonymity is generally prized for successful cyber operations, it might not be ideal in all cases, especially if the United States wants to deter an Russia spreading disinformation.
Inside the Trump administration’s rudderless fight to counter election propaganda (POLITICO) In the absence of White House coordination, the administration is letting individual agencies respond to foreign governments’ attempts to undermine U.S. elections.
Opinion | The midterms will be the most secure elections we’ve ever held (Washington Post) Any suggestion otherwise is false and dangerous.
Here’s How Much Bots Drive Conversation During News Events (WIRED) About 60 percent of Twitter activity related to the caravan late last week was driven by bots, according to a new tool aimed at news organizations.
Analysis | The Cybersecurity 202: There is more phony political news on social media now than in 2016, report says (Washington Post) But Twitter and Facebook dispute the study's methodology.
Facebook is still approving fake political ads (Naked Security) Just a couple of weeks before the US midterm elections, journalists have revealed that Facebook is continuing to approve fake advertisements from fake sources.
We posed as 100 senators to run ads on Facebook. Facebook approved all of them. (VICE News) On the eve of the 2018 midterms, Facebook's "Paid for by" disclosure for political ads is easily manipulated.
Midterm election survey: Americans distrust news and social media (Express VPN) Results from an ExpressVPN survey before the midterm elections show a lack of faith in voting systems as well as information sources.
Critic's Notebook: 'Frontline' Doc 'The Facebook Dilemma' May Scare You Off Social Media (The Hollywood Reporter) The two-part 'Frontline' special presents a chilling portrait of a social media behemoth that cares more about profits than its users' privacy.
From Silicon Valley elite to social media hate: The radicalization that led to Gab (Washington Post) The founder of the social media platform, which has been linked to the Pittsburgh synagogue shooting suspect, created the site after he felt alienated by liberal Silicon Valley.
Microsoft accused of disclosing Indian banking information with US intelligence agencies (Computing) Indian press reports raise security questions about cloud computing.
Trickbot Shows Off New Trick: Password Grabber Module (TrendLabs Security Intelligence Blog) Trickbot (detected by Trend Micro as TSPY_TRICKBOT.THOIBEAI) now has a password grabber module that steals access from several applications and browsers.
Soulmate: A Dating App That Spies On You (Zscaler) Zscaler ThreatLabZ team came across a piece of spyware disguised as an Android app and hosted on Google Play, Google’s official Android app store. The app portrays itself as partner matching app but the app has capabilities of stealing contacts, tracing current and last-known location, and more
‘Stalkerware’ Website Let Anyone Intercept Texts of Tens of Thousands of People (Motherboard) A hacker exposes the awful security of two companies that sell spyware for consumers. By simply viewing the HTML of a particular website, anyone could log in and rummage through Facebook messages, texts, and phone call data.
SamSam Ransomware Goes on a Tear (Dark Reading) SamSam ransomware hasn't gone away and it's adapting to meet evolving defenses.
Eurostar forces all customers to reset passwords after data breach (The Telegraph) Eurostar has forced all of its customers to reset their passwords after detecting an "unauthorised attempt" to hack into its systems and access their accounts.
FIFA Braced for Revelations After Breach (Infosecurity Magazine) Attackers not thought to be Kremlin-linked
Private details are hacked in raid on Scottish trade hub (Times) Private details of almost 200 companies have been hacked in an attack on the Scottish government’s hub for businesses looking to do business in London. Information including bank details was...
GandCrab ransomware crew loses $1M after Bitdefender releases free decrypter (ZDNet) Bitdefender says over 1,700 victims successfully decrypted GandCrab-locked files within hours of the tool's release.
GandCrab: The most popular Multi-Million Dollar Ransomware of the Year (Security Boulevard) Ransomware has been around for years and has inflicted financial losses estimated in the billions of dollars. As one of the most lucrative types of malware, from a financial perspective, ransomware developers have invested considerable time, effort, and knowledge into perfecting both its delivery mechanisms and its capabilities. Traditional ransomware families such as CryptoWall and
Radisson Rewards Program Targeted in Data Breach (Dark Reading) It's the latest in a series of attacks targeting the travel industry, following incidents at British Airways and Cathay Pacific.
Anatomy of a sextortion scam (Cisco Talos) Since this July, attackers are increasingly spreading sextortion-type attacks across the internet
If Terrorists Launch a Major Cyberattack, We Won’t See It Coming (The Atlantic) National-security experts have been warning of terrorist cyberattacks for 15 years. Why hasn’t one happened yet?
Security Patches, Mitigations, and Software Updates
Apple Fixes Multiple macOS, iOS Bugs Including a Quirky FaceTime Bug (Threatpost) Security updates across all Apple platforms released alongside its new products.
Apple flaw leaves millions of devices exposed to 'ping of death' (The Telegraph) Millions of iPhones, iPads and Macbooks are vulnerable to a flaw that allows hackers to shut down any Apple devices sharing the same Wi-Fi network.
Cyber Trends
Digital Trust Insights (PwC) Digital businesses that lead in safety, security, reliability, privacy and data ethics will be the titans of tomorrow.
Proofpoint Quarterly Threat Report (Proofpoint) The Proofpoint Quarterly Threat Report highlights the threats, trends and key takeaways of threats we see within our large customer base and in the wider threat landscape.
Only half of the Fortune 500 use DMARC for email security (TechCrunch) When Homeland Security told all federal government departments last year to roll out a new email security policy to cut down on incoming spam and phishing emails, three-quarters of all federal domains were compliant by the time of their deadline just a few weeks ago. That’s far more than what…
Marketplace
Shape Security Raises $26M Round Led by Norwest Venture Partners, Joined by JetBlue Technology Ventures and Singtel Innov8 (Shape Security) Round brings Shape’s total raised to $132M, enables global expansion
Intersections Inc., Owner of Consumer Security Platform Identity Guard®, Signs Definitive Agreement to be Acquired by Joint Venture Formed by iSubscribed and Partners (MarketWatch) Acquisition expected to accelerate growth of iSubscribed's Intrusta brand, an integrated consumer security platform that manages digital threats
AI-Fueled Anti-Phishing Start-Up Emerges from Stealth as Almost Half of Phishing Emails Pass Traditional Anti-Spam Filters (PR Newswire) INKY, an email protection startup that leverages the power of unique computer vision and artificial intelligence...
Facebook Sketches a Future With a Diminished News Feed (WIRED) The social media giant expects growth from its Stories platform, plus Messenger and WhatsApp, as it confronts big challenges.
Facebook Growth Slows as It Revamps (Wall Street Journal) Facebook recorded lower revenue than expected as the social-media giant continues to adjust to slowing growth rates. Profit, though, rose more than forecast.
DICT partners with Kaspersky to boost cybersecurity in gov’t (Philippine News Agency) The Department of Information and Communications Technology (DICT) has partnered with international cybersecurity firm, Kaspersky Lab, to strengthen cybersecurity efforts in the government.The DICT has signed a Memorandum of Understanding (MOU) with Kaspersky, which will enhance...
Department of Human Services awards $102 million in IT services contracts to DXC, Capgemini, Accenture (CRN Australia) As part of the department's ongoing welfare payments overhaul.
Bromium on hunt for new partners (Channelnomics) Cyber security vendor's CRO labels detection-based security as 'fundamentally flawed' as firm looks to grow channel
Products, Services, and Solutions
Tripwire IP360 Enterprise-Class Vulnerability Management Solution Re-Certified To Meet Most Current Common Criteria Certification Standards (Tripwire) Product is one of only 12 ‘Detection Devices and Systems’ recognized globally as being Common Criteria Certified
Bricata Delivers Improved Threat Hunting with Enhanced Network... (Bricata) Security Teams Can Fine Tune Metadata Granularity to Meet Their Unique Needs and Gain Greater Insight into the True Nature of Network Activity
FireMon Delivers Unrivaled Hybrid Cloud Security with New Visibility and Orchestration Capabilities (FireMon) Platform enhancements empower organizations with scalable cloud security and unrivaled business agility
The new Netwrix Auditor 9.7 enhances Prediction, Prevention, Detection and Remediation of security incidents (Netwrix) New features help organizations implement a risk-based security approach and balance their security investments
Covata's Enterprise Security Console to Provide Single Pane Visibility and Control over Sensitive Data (BusinessWire) Covata Limited (ASX: CVT), a data-centric security provider for on-premises and cloud unstructured data, today announced the availability of a unique
NanoLock and Winbond to Unveil Industry’s First Secure Cloud Controller Flash Memory for IoT Devices at electronica 2018 - Press Release (Digital Journal) Will debut the first ever solution to securely protect and manage IoT
DataVisor powers insight into fraud and abuse patterns for enterprise and mobile customers (Help Net Security) The DataVisor Threat Insights Dashboard improves customers’ ability to gain insight into the fraud and abuse impacting their business.
IKARUS Security Software partners with PolySwarm to advance early malware detection (Help Net Security) PolySwarm partners with IKARUS to expand its network of antivirus vendors and developers by uploading IKARUS’ engine into Polyswarm’s marketplace.
WindTalker launches cloud-based content security technology (Help Net Security) The WindTalker platform allows lawyers and business professionals to share documents by securely classifying, encrypting, and redacting sensitive content.
Endgame introduces Total Attack Lookback for incident review (Help Net Security) Endgame Total Attack Lookback provides a record of operating system events, to ensure assessment of the origin and extent of an attack.
Experian unveils the future of instant credit and identity management (PR Newswire) Experian senior executives were joined today by award-winning digital analyst Brian Solis for an open...
Equifax Has Chosen Experian. Wait, What? (KrebsOnSecurity) A year after offering free credit monitoring to all Americans on account of its massive data breach that exposed the personal information of nearly 148 million people,
Alaska Extends Contract with Gemalto to Enhance Driver’s License Security (BusinessWire) Gemalto (Euronext NL0000400653 GTO), and Alaska’s Division of Motor Vehicles will continue their work of providing credentials to citizens with the ad
LogRhythm Advances NextGen SIEM Security Platform With SOAR Features (eWEEK) LogRhythm is adding case playbooks and enhanced response and security operations center metrics to its NextGen SIEM platform.
Technologies, Techniques, and Standards
The case for high-frequency readiness (C4ISRNET) Alarmingly, as hostile near-peer adversaries reemerge, it is necessary to re-establish HF alternatives should very-high frequency, ultra-high frequency or SATCOM come under attack.
The true cost of a data breach (TechRadar) Falling victim to a data breach hurts your business' bottom line as well as its reputation
Design and Innovation
Automating security at AWS: How Amazon Web Services operates with no SOC (CSO Online) Amazon Web Services CISO Stephen Schmidt explains the company's recipe for combining security automation with ways to get management and staff to take security seriously.
How (and why) Microsoft is making its AI study Romeo and Juliet (CRN) Did Romeo actually suffer more emotionally than Juliet? Microsoft's AI thinks so, but it's not a fan of Hamlet,
Research and Development
Kaspersky Lab reveals research on future threat of memory hacking (Intelligent CIO Middle East) Kaspersky Lab has warned that the cyberattackers of the future may be able to exploit memory implants to steal, spy on, alter or control human memories. And while the most radical threats are several decades away, the essential technology already exists in the form of deep brain stimulation devices. Scientists are learning how memories are […]
Legislation, Policy, and Regulation
Estonia knows a lot about battling Russian spies, and the West is paying attention (Washington Post) The small Baltic nation aims to rattle Moscow by naming and shaming suspected agents.
Tim Berners-Lee proposes breaking up tech giants (Computing) Companies like Facebook and Amazon are too dominant and hold too much power, says the father of the World Wide Web
How Congress could rein in Google and Facebook (The Verge) Congress is getting ready to take on data privacy — here’s how.
Failure to report Canadian privacy breaches could mean big fines after Nov. 1 (CTVNews) After more than three years of legislative fine-tuning, Canadian businesses will be required as of Thursday to alert their customers and the federal privacy watchdog if there's a danger that personal information under an organization's control has fallen into the wrong hands.
The Personal Information Protection and Electronic Documents Act (PIPEDA) (Office of the Privacy Commissioner of Canada) Find information about Canada’s federal private-sector privacy law.
California Consumer Privacy Act of 2018 – Full Text (Cooley) For your ease of reference, we reproduce here a formatted, hyperlinked copy of the California Consumer Privacy Act of 2018 (CCPA), current as of October 15, 2018. We’ve included our own topic headi…
Budget 2018: US politicians and business groups attack UK Digital Services Tax (Computing) Chancellor Philip Hammond faces US backlash against Digital Services Tax proposal
HHS opens renamed cyber center after management debacle (Federal Times) The Department of Health and Human Services announced the opening of its Health Sector Cybersecurity Coordination Center over a year after debate over the cyber center's reporting structure caused upheaval at the agency.
Gen. Michael Hayden: Overclassification of Cyber Threats Puts Businesses at Risk (Wall Street Journal) “This is the most disruptive thing to happen to us as a species probably since the European discovery of the new world,” he said.
ITU Member States re-elect Houlin Zhao as ITU Secretary-General (ITU) Zhao to lead UN specialized agency for information and communication technology for next four years
Litigation, Investigation, and Law Enforcement
Passcodes are protected by Fifth Amendment, says court (Naked Security) The government isn’t really after the password, after all; it’s after any potential evidence it protects. In other words: fishing expedition.
Prosecutor says Khashoggi was strangled and dismembered, but fate of body still a mystery (Washington Post) Turkish investigators were pursuing the theory that Khashoggi’s body was destroyed in acid, a senior official said.
SingHealth cyber attack COI: Senior manager reluctant to report attack because he did not want to deal with pressure (The Straits Times) "Once we escalate to management, there will be no day no night," read one message from an internal chat retrieved from server log files.. Read more at straitstimes.com.
Plans to secure Internet access deferred before cyber attack (The Straits Times) A more secure way of accessing the Internet was meant to be put in place to protect public medical systems some time this year, but had to be pushed back to next year because of technical issues.. Read more at straitstimes.com.
Manhattan DA: Locked Phones Continue to Thwart Criminal Probes (Wall Street Journal) The Manhattan district attorney’s office says encrypted cellphones and tablets continue to hinder its investigations, preventing local prosecutors from solving crimes and winning cases.
RoboCops: AI on the rise in policing to predict crime and uncover lies (Naked Security) PrediPol uses predictive policing algorithms, VeriPol analyzes fake-report text. Who ya gonna call?
Feds accuse ex-CIA employee of continuing leaks from prison (Washington Post) Federal prosecutors have beefed up charges against a former CIA employee, saying he has leaked classified national defense materials while incarcerated
Pittsburgh synagogue suspect pleads not guilty (San Diego Union Tribune) Robert Bowers was arraigned one day after a grand jury issued a 44-count indictment that charges him.
FDIC Still Isn’t Protecting Its Sensitive Information, Audit Finds (Nextgov.com) The agency isn’t patching vulnerabilities quickly enough or fixing longstanding information security weaknesses.