Cyber Attacks, Threats, and Vulnerabilities
Iran accuses Israel of failed cyber attack (Reuters) Iran's telecommunications minister accused Israel on Monday of a new cyber ...
Iran accuses Israel of launching cyber attacks targeting telecoms infrastructure (Computing) Allegations ratchet-up as the US imposes sanctions on Iran
Fake Telegram Apps Used to Spy on Iranian Users (Infosecurity Magazine) Fake Telegram Apps Used to Spy on Iranian Users. Cisco Talos details new campaigns
Persian Stalker pillages Iranian users of Instagram and Telegram (Cisco Blogs) State-sponsored actors have a number of different techniques at their disposal to remotely gain access to social media and secure messaging applications. Starting in 2017 and continuing through 2018, Cisco...
Why people are worried that the next big threat will come from Iranian hackers targeting American oil companies (Business Insider) America’s friends in the Middle East might face disruptive attacks in retaliation against the latest US measures – six years after Saudi oil major was hit by major cyber sabotage.
CIA’s secret online network unravelled with a Google search (Naked Security) The US government is reeling from a catastrophic, years-long intelligence failure that compromised its internet-based covert communications.
Report: Australian intelligence knows Huawei was used in espionage (Axios) Politicos often accuse the company of espionage, but few specific examples are known.
Huawei denies foreign network hack reports (ZDNet) Huawei has pointed to its 'unblemished record of cybersecurity' following reports over the weekend that it helped the Chinese government gain access codes for a foreign network.
Strange snafu misroutes domestic US Internet traffic through China Telecom (Ars Technica) Telecom with ties to China's government misdirected traffic for two and a half years.
Joint Statement on Election Day Preparations (Federal Bureau of Investigation) The FBI, DHS, DOJ, and ODNI—in coordination with federal, state, local, and private sector partners nationwide—are continuing efforts to protect our elections.
The Unprecedented Effort to Secure Election Day (WIRED) Ninety-four district election officers. Thirteen hundred electoral jurisdictions. Multiple law enforcement agencies. The fight to keep the midterms safe has an unimaginable scope.
U.S. intel sees no evidence of efforts to tamper with election systems (NBC News) Last week, the White House was sent a top secret assessment of election security produced by an interagency task force.
U.S. Girds for Possible Russian Meddling on Election Day (Wall Street Journal) This year, voters will be casting ballots in what experts say will be the most secure U.S. election since the birth of the internet. But officials worry that Russia or others could deploy new, unpredictable tactics.
The US has a cyberattack ready if Russia interferes with 2018 midterm elections (TechRepublic) Cybersecurity precautions could easily turn into cyberwarfare. Here's how the US plans to combat possible Russian influence in the midterm elections.
Voting officials under scrutiny amid heavy election turnout (AP NEWS) Federal and state officials have been working for nearly two years to shore up the nation's election infrastructure from cyberattacks by Russians or others seeking to disrupt the voting process. It turns out that many of the problems are closer to home.
What Cyber Malfeasance Will Rear Its Ugly Head in the 2018 Midterm Elections? | CyberDB (CyberDB) With the approach of the United States’ 2018 midterm elections, concerns have been expressed by many regarding the security and integrity of...
Voting Machine Manual Instructed Election Officials to Use Weak Passwords (Motherboard) A vendor manual for voting machines used in about ten states shows the vendor instructed customers to use trivial, easy to crack passwords and to re-use the passwords when changing log-in credentials.
Twitter Says It Is Ready for the Midterms, but Rogue Accounts Aren’t Letting Up (New York Times) On the eve of the midterm elections, Twitter — like other social media companies — is still struggling to combat misinformation.
Facebook blocks 115 accounts for alleged 'inauthentic behavior' ahead of midterm elections (Yahoo! Good Morning America) Facebook announced it blocked 30 accounts and 85 on Instagram that authorities believe are linked to foreign entities tying to interfere with elections.
Experts warn the social media threat this election is homegrown (POLITICO) Homegrown American trolls are a growing force behind efforts on Facebook and Twitter to suppress voter turnout.
Panelists at Penn Law event suggest different measures against foreign cyber interference (Daily Pennsylvanian) The panel was the keynote presentation of a two-day conference on cyber interference, dark money, and foreign influence.
Scammers Ride on Popular Vote411 Voter Info Site to Push Scareware Alerts (BleepingComputer) Online swindlers looking for a quick buck are using a domain that can be easily confused with a voter information website to redirect users to pages pushing various types of scams.
Spammers Use Brand Recognition to Make ‘Trump’ Top Term in 2018 Midterm Election Email Spam Subject Lines (Proofpoint) Proofpoint researchers chart spam volumes related to the midterm elections.
New Microsoft Edge Browser Zero-Day RCE Exploit in the Works (BleepingComputer) Details are about to emerge about a zero-day remote code execution vulnerability in the Microsoft Edge web browser, as two researchers plan to reveal a proof-of-concept and publish a general write up. Microsoft has not been told the details of this vulnerability.
Study of political junk on Facebook raises fresh questions about its metrics (TechCrunch) A midterms election study of political disinformation being fenced by Facebook’s platform supports the company’s assertion that a clutch of mostly right-leaning and politically fringe Pages it removed in October for sharing “inauthentic activity” were pulled for gaming its e…
Facebook wants to reveal your name to the weirdo standing next to you (Naked Security) Facebook’s had a patent approved for a new way to sniff out potential friends, based on your phone and patterns of movement.
Security Bug in Icecast Puts Online Radio Stations At Risk (BleepingComputer) A vulnerability discovered in Icecast streaming media server could be leveraged by an attacker to kill the broadcast of online radio stations that rely on it to reach their audience.
GPU side channel attacks can enable spying on web activity, password stealing (Help Net Security) Computer scientists at the University of California, Riverside have revealed how easily attackers can use GPU side channel attacks to spy on web activity.
The Growing Threat of SMiShing Attacks (Infosecurity Magazine) SMiShing attacks use SMS texting as the medium and is often used in conjunction with other attacks.
HSBC Bank Breached Again, Suspends Online Access to Affected Accounts (softpedia) Enhances authentication process to Personal Internet Banking
BBC micro:bit vendor Kitronik says customers' deets nicked, fingers Magecart malware (Register) We're one of 7,000 victims here, firm insists
Children’s apps contain an average of 7 third-party trackers, study finds (Naked Security) Android apps in the “Family” category had a surprisingly high number of trackers embedded in them.
Another wave of Elon Musk bitcoin scams spread by verified Twitter accounts (Graham Cluley) The cryptocurrency giveaway scammers are up to their tricks again on Twitter, and it seems that Twitter simply can't keep up with them.My advice to Twitter? Make Login Verification compulsory for verified accounts.
Security Patches, Mitigations, and Software Updates
Android fans get fat November security patch bundle – if the networks or mobe makers are kind enough to let 'em have it (Register) And Apple fixes Watch-killing security patch of its own
Chrome 71 will block any and all ads on sites with “abusive experiences” (Ars Technica) Fake error messages, phishing, and other annoyances will soon be heavily penalized.
Cyber Trends
Phishing attacks up by 297 percent across eCommerce in Q3 2018 (Enterprise Times) Report reveals increased dark web activity putting eCommerce merchants and consumers at greater risk. Phishing attacks up by 297 percent in Q3 2018
2018 AFP Payment Fraud Control Survey (Association for Financial Professionals) The 2018 AFP Payment Fraud Control Survey examines the nature of fraud attacks on business-to-business transactions, payment methods impacted and strategies organizations are adopting to protect themselves. 682 corporate practitioner member responses form the basis of this report.
What were the DDoS numbers for Q2 & Q3 2018? (Akamai) We heard your feedback. First of all, the numbers that everyone is most interested in: There were 2,057 DDoS attacks in the Q1 of 2018, 1839 attacks in Q2 and 2,367 attacks in Q3, for a total of 6,263 DDoS...
AI is Changing the Landscape of Cybersecurity (PCQuest) Automation often used synonymously with Artificial Intelligence, although automated machines can use AI, they are very different.
Hidden Costs of IoT Vulnerabilities (Dark Reading) IoT devices have become part of our work and personal lives. Unfortunately, building security into these devices was largely an afterthought.
Marketplace
Addressing the 3 Million Person Cybersecurity Workforce Gap (SecurityWeek) A 2018 report shows the cybersecurity workforce gap stands at more than 2.9 million workers globally -- with 2.14 million staff required in the Asia-Pacific region, and almost half a million required in North America.
USAF announces Hack the Air Force 3.0 (Air Force Reserve Command) The Air Force and HackerOne have teamed up for Hack the Air Force 3.0, the military service’s third and most inclusive bug bounty program.
DISA Prepping Three Contracts to Manage All Its Mobility Services (Nextgov.com) The military’s IT office plans to award all three contracts for mobile services and content management—classified and unclassified—before the end of fiscal 2019.
Symantec Acquires Appthority, Javelin Networks (SecurityWeek) Symantec acquires mobile application security firm Appthority and Javelin Networks, a company specializing in Active Directory (AD) security
Thoma Bravo to Acquire Veracode Software from Broadcom Inc. (NASDAQ:AVGO) (PR Newswire) Thoma Bravo, a leading private equity investment firm, today announced that it has agreed to...
VMware acquires Heptio, the startup founded by 2 co-founders of Kubernetes (TechCrunch) During its big customer event in Europe, VMware announced another acquisition to step up its game in helping enterprises build and run containerised, Kubernetes-based architectures: it has acquired Heptio, a startup out of Seattle that was co-founded by Joe Beda and Craig McLuckie, who were two of …
No, IBM Did Not Overpay For Red Hat (Seeking Alpha) IBM pays $33 billion for Linux vendor Red Hat. Synergies will be extensive. IBM has done this successfully before.
OPAQ Appoints Industry Veteran Lynn D. Tinney SVP Channels (Press of Atlantic City) OPAQ, the network security cloud company, today announced the appointment of industry veteran Lynn D. Tinney as Senior Vice President of Channels. Lynn has successfully led
Products, Services, and Solutions
Webroot Expands Continuum Integration (Webroot) Webroot DNS Integration Provides MSPs with Enhanced Visibility within the Continuum console.
DH2i looks to disrupt cloud VPN market with new DxOdyssey software-defined perimeter software (DH2i) DH2i's DxOdyssey Set to Disrupt the Multi-Billion Dollar Cloud VPN Market
MasterPeace Solutions’ Project to Reduce IoT Device Vulnerabilities is Driver Behind NIST-led Consortium (BusinessWire) MasterPeace Solutions drives osMUD, an open source project to reduce IoT device vulnerability within consumer and small business environments.
Bandura Cyber and Gigamon Deliver Threat Intelligence-Fueled Network Protection to the Enterprise (BusinessWire) Bandura Cyber today announced a strategic integration with Gigamon to deliver an all-encompassing solution.
CyberGRX Challenges Market to Take a United Approach to Third-Party Cyber Risk Management (BusinessWire) CyberGRX today announced an open online community dedicated to increasing cross organizational collaboration between risk professionals and IT teams.
Dashlane and Chubb Announce Global Partnership (PR Newswire) Today, Dashlane announced a partnership expansion with Chubb, the world's largest publicly traded property and casualty...
Secure Channels Launches Encryption-as-a-Service Platform SCIFCOM featuring Secure Token Exchange, File Encryption and Send, Password Protection, and Secure Email Capabilities (PR Newswire) Secure Channels Inc., a provider of innovative security solutions, announced today the launch of SCIFCOM (Secure...
Netflix releases desktop versions of device security app Stethoscope (Help Net Security) The Stethoscope app promotes good security configurations for desktop and laptop computers, but it does not force the users to do anything.
ThreatQuotient integrates verified breach intelligence from Visa to strengthen payment data defenses (Help Net Security) Combination of ThreatQ Threat Intelligence Platform and Visa Threat Intelligence Data enables a proactive cyber defense and streamlined incident management.
Wipro partners with Check Point for cyber security solutions (The Economic Times) The Bengaluru-headquartered IT services company would deliver Check Points advanced and dynamic cloud security solution, CloudGuard IaaS (infrastructure as a service).
Liquid Telecom, Serianu Target Sacco Cyber Criminals With New Service (KahawaTungu) Internet service provider Liquid Telecom has partnered with cyber security consultancy Serianu to bring a new service targeting local savings and credit cooperative societies (saccos) help them miti
Technologies, Techniques, and Standards
How Estonia Secures Its Electronic Elections From Kremlin Attacks (Defense One) Could innovations like a volunteer infosec corps and 'data embassies' help the U.S.?
A Quest for Answers on Army Expeditionary Cyber Teams (SIGNAL) Officials seek to define a concept that never before existed.
How to Lock Down What Websites Can Access on Your Computer (WIRED) If you’re not careful, websites can access your webcam and grab all kinds of permissions on your computer. Take back control of your browser.
How financial institutions can change the economics of fraud (Help Net Security) As the US became the last of the G20 countries to adopt Chip and PIN/Signature cards, fraudsters moved towards online card-not-present fraud.
Intelligence is Not a Numbers Game (SecurityWeek) There’s no point in having billions of data points if those data points aren’t timely, accurate, actionable, and adequately map to your intelligence objectives and requirements.
Cyber-crooks think small biz is easy prey. Here's a simple checklist to avoid becoming an easy victim (Register) Make sure you're spending your hard-earned cash on the 'right' IT security
How Security can Drive Business Competitiveness (SecurityWeek) A Consumer Identity and Access Management (CIAM) approach can help your security organization gain a reputation as a business partner that drives heightened user experiences and business competitiveness.
Fortinet Issues Cyber Safety Tips for Mobile Users Ahead of Diwali Online Shopping Season (BW CIOWORLD) Indian News - , Security-Indian consumers should Bolster Security On Mobile Devices before the start of ‘11/11’ Singles’ Day & The Ongoing Diwali Festive Shopping Spree
Why a Dog Bite is a Lesson in Handling Cyberattacks (SecurityWeek) Like dog bites, the negative impact of cyber incidents can go from bad to worse quickly—and the first 48 hours are critical.
Design and Innovation
Market Insight: The Road to AI — A Journey to Smarter Security and Risk Decision Making (Blue Vector) Security and risk providers' excessive use of messaging around artificial intelligence and machine learning has left customers unable to differentiate hype from real value. This report helps technology product marketing leaders understand challenges and opportunities around AI in security.
Is the US about to get a nationwide, privately owned, biometrics system? (Naked Security) Two US biometric companies have partnered to research a private, nationwide biometrics system.
Blockchain-based elections would be a disaster for democracy (Ars Technica) Opinion: Blockchain-based voting would destroy public trust in elections.
Research and Development
Viewpoint: Record Distance for Quantum Cryptography (Physics) An optical-fiber-based quantum cryptography scheme works over a record distance of 421 km and at much faster rates than previous long-distance demonstrations.
Academia
Cybersecurity Beanpot 2018 - CMD+CTRL Cyber Range Competition (Security Innovation) A huge thank you to everyone who participated in the inaugural Cybersecurity Beanpot Challenge! Below are some highlights from the event, including all the winners and scholarship recipients.
Popular cyber security MOOC begins third year (FE News) Popular cyber security MOOC begins third year
Marquette cyber security program receives federal designation (Milwaukee Business Journal) Marquette University’s information assurance and cyber defense specialization program has received a formal recognition for excellence by the federal government.
Virginia State Approving Agency (SAA) Approves Security University's Registered Qualified/ Cybersecurity Apprenticeship Program for Veterans' Education Benefits (PR Newswire) The Virginia State Approving Agency October 23, 2018 approved Security University's (SU) 2 Registered Qualified/...
Legislation, Policy, and Regulation
UK Government Warns Telecos of 5G Security Review (Infosecurity Magazine) UK Government Warns Telecos of 5G Security Review. Letter could signal change of approach to Chinese players
Senators Want Facebook To Fix Ad Transparency Tool (Nextgov.com) The system for verifying ad buyers is easily abused.
Md. Air National Guard cyber security units activated (WBAL) Two new Air National Guard units have been activated in Maryland. At full strength, the units will employ more than 300 full-time and traditional airmen, focusing on federal and state missions. The Maryland Air National Guard's new 175th Cyber Operations Group is one of only two Cyber Operations Groups in the Air National Guard.
Litigation, Investigation, and Law Enforcement
SCOTUS Refuses to Hear Appeal of Net Neutrality (Infosecurity Magazine) The FCC ruling to repeal net neutrality regulations remains contested.
Facebook still isn’t taking Myanmar seriously (TechCrunch) Facebook picked election evening in the U.S. to release a major report on its role in Myanmar, where it is widely accused of failing to prevent its social network from being used to incite genocide. The situation is arguably more severe that alleged Russia-backed attempts to meddle with the 2016 U.…
Facebook must change and policymakers must act on data, warns UK watchdog (TechCrunch) The UK’s data watchdog has warned that Facebook must overhaul its privacy-hostile business model or risk burning user trust for good. Comments she made today have also raised questions over the legality of so-called lookalike audiences to target political ads at users of its platform. Informa…
In Chinese Spy Ops, Something Old, Something New (Foreign Policy) Indictments reveal how Beijing mixes traditional spycraft with cyberespionage to steal U.S. technology.
Cathay Pacific faces probe over massive data breach (Reuters) Hong Kong's privacy commissioner will launch a compliance investigation int...
Police devices can extract data from mobiles (Times) Devices that can extract private data from mobile phones are being issued to police officers in Scotland despite widespread questions about their legality. The national force is rolling out...