Cyber Attacks, Threats, and Vulnerabilities
Hezbollah Goes on the Cyber Offensive with Iran’s Help (The Cipher Brief) Maturing under Tehran’s tutelage, Hezbollah’s hackers are quickly learning the art of cyber warfare.
Malware Exploiting Spectre, Meltdown Flaws Emerges (SecurityWeek) Researchers find more than 130 malware samples exploiting the Meltdown and Spectre vulnerabilities, including malware for Windows, Linux, macOS and browsers
Meltdown and Spectre malware being picked-up by anti-virus software firms (Computing) Cyber crooks have started experimenting with Meltdown and Spectre malware
We May Soon See Malware Leveraging the Meltdown and Spectre Vulnerabilities (BleepingComputer) Security researchers are seeing an ever-increasing number of malware samples that are experimenting with the Meltdown and Spectre vulnerabilities.
Cybercriminals Impersonating Google Docs, Outlook, DocuSign (Barracuda) When you receive an email from a trusted web service such as Microsoft Outlook or DocuSign informing you of unread messages, you might blindly follow the directions to retrieve those messages.
Man-in-the-Middle Attack Now Hitting Hackers (SecureWorld) Hackers waiting on a ransom to be paid are getting hit with a man-in-the-middle attack. The attack also hurts victims who need their files back.
Activity Trackers Releasing 'Too Much Information,' DOD Warns (SIGNAL) The U.S. military will study the related implications of wearable exercise devices.
Fitness apps aren’t just spying on the military (New York Post) Soldiers using fitness-tracking devices inadvertently revealed the locations of US military bases — including classified ones — and the incident has lessons for anyone with a smartphone. The locati…
CLC Report: U.S. Elections Remain Vulnerable to Foreign Influence (Campaign Legal Center) Today, Campaign Legal Center (CLC) released a report detailing the vulnerabilities of American elections to foreign interference that were exposed in the 2016 presidential election. The report outlines solutions for addressing this most urgent issue, which would protect the integrity of our democracy for the upcoming 2018 elections and beyond.
If you're on an Android device, be careful about looking at porn (CNET) Google's mobile operating system is riddled with malware using NSFW content as bait, according to Kaspersky Lab.
Security Bug Affects Over 300,000 Oracle POS Systems (BleepingComputer) Hackers have a new security flaw in their arsenal they can exploit to install POS malware on Oracle Micros point-of-sale systems.
DDoS threats and bot attacks are biggest threats to API security (BetaNews) APIs power many of our digital experiences, but because they provide a window into applications they also present a security risk.
Smominru! Half a million PCs hit by cryptomining botnet (The State of Security) A Monero-mining botnet called Smominru is said to have infected 526,000 Windows PCs since May 2017 and is earning millions of dollars for its operators.
Massive Smominru Cryptocurrency Botnet Rakes In Millions (Threatpost) Researchers say Smominru threat actors are in control of 500,000 node botnet and earning $8,500 daily mining for Monero cryptocurrency.
Johnny Hacker hauls out NSA-crafted Server Message Block exploits, revamps 'em (Register) Yep, vulns of WannaCry infamy. Why haven't you patched yet?
NSA exploit EternalBlue is back and powering WannaMine cryptojacking malware (TheINQUIRER) It's like WannaCry but it's more stealthy and goes after your CPU,Security
What are “WannaMine” attacks, and how do I avoid them? (Naked Security) Combine the ETERNALBLUE exploit from WannaCry with a payload that mines cryptocoins, and you get “WannaMine” – here’s what you need to know.
Cryptomining – is it the new ransomware? [REPORT] (Naked Security) SophosLabs just published a technical report about cryptomining – on your Android device, via apps from Google Play, no less.
Erie County Medical Center: Anatomy of a ransomware attack (Health Data Management) Buffalo, N.Y. hospital’s response to cybercriminals taking its data hostage provides valuable lessons for other healthcare providers.
Medical Imaging Devices Are Vulnerable To Cyber-Attacks (Information Security Buzz) The Israeli national media is reporting on research from Ben-Gurion University which shows that “unpatched” medical devices whose owners and operators don’t download ongoing security updates may be vulnerable to attacks. In their paper “Know Your Enemy: Characteristics of Cyber-Attacks on Medical Imaging Devices,” the researchers show the relative ease of exploiting these “unpatched” medical devices.
True Believers (Foreign Affairs) ISIS’ land may be vanishing, but the dream of a true Islamic state—of heaven on earth—remains.
ISIS's War on Families Never Ended (Foreign Policy) The Islamic State's campaign for the hearts and minds of Syrian children may have laid the groundwork for its resurgence.
Security Patches, Mitigations, and Software Updates
New AMD Processors to Include Protections for Spectre-like Exploits (SecurityWeek) AMD’s Zen 2 and future processors will include protections against exploits such as the recently disclosed Spectre, the company’s CEO said
Mozilla Fixes Severe Flaw in Firefox UI That Leads to Remote Code Execution (BleepingComputer) Mozilla has released Firefox 58.0.1 to fix a security issue that was hiding in the browser's UI code and would have allowed an attacker to run code on the user's computer, allowing a quick and easy path to delivering malware or even taking over the entire PC.
Multiple Zero-Day Vulnerabilities in ManageEngine Products Disclosed by Digital Defense, Inc. (Digital Defense) Collaboration results in prompt resolution
Windows security: We'll delete tools that bully you to buy upgrades, says Microsoft (ZDNet) Cleaners and optimizers that try to scare PC users into paying for upgrades will be detected and removed.
Machine Learning Helps Google Remove a Record 700,000 Bad Apps (SecureWorld) Google removed a record number of bad apps from its Google Play store in 2017. In part, the company credits advances in machine learning.
Cyber Trends
Poll: Dissolving network boundary requires a new approach to security. (CSO Online) A Forcepoint study shows IT security executives want to understand user intent vs. relying on technology alone.
6 findings from Experian’s newest global fraud report (Auto Remarketing) It would seem automotive financing and retail activity is not immune to unscrupulous behavior, especially activity that originates online.
Nearly Two-Thirds of U.S. Federal IT Leaders See Identity Management as Critical to Cybersecurity - Unisys Survey (Business Insider) About two-thirds (64 percent) of U.S. federal government IT leaders view identity management solutions as a 'very...
Marketplace
Lieberman Software Acquired by Bomgar (Dark Reading) Deal combines privileged access management products, technologies.
ECS to be Acquired by On Assignment For $775 Million (BusinessWire) ECS Federal, LLC (“ECS” or the “Company”), one of the largest privately-held government services contractors delivering artificial intelligence, cyber
An unnamed Hong Kong-based blockchain investment fund has acquired Chinese crypto exchange BTCC (Business Insider) Chinese cryptocurrency exchange BTCC has been acquired by an unnamed Hong Kong-based blockchain investment fund
These hot technologies are ready to be commercialized... all they need is you! (National Security Agency Technology Transfer Program) A Patent License Agreement offers the opportunity to add Agency technology to your existing capability or build a new business around it. The National Security Agency’s Technology Transfer Program (TTP) may have exactly what your company needs to gain a competitive edge in the commercial marketplace.
Duo Security Announces Record-Breaking Year After Launching Duo Beyond (Duo Security) Duo Security today announces a major annual recurring revenue (ARR) milestone, investments in additional leadership, and strategic partnerships with some of the largest players in the technology world in 2017.
Symantec's revenue jumps 16 percent (Reuters) Symantec Corp's quarterly revenue rose 16 percent, helped by strong demand for its cyber-security software.
Symantec CEO Cloud Confession: Traditional License, Appliance Product Sales Will Become An Exception In Our Business (CRN) "Customers are picking the cloud form factor and the virtual appliance form factor way more often that we thought," said Symantec CEO Greg Clark.
Why Google partnered with MobileIron – and what they plan to offer (Computerworld) Google will use MobileIron's enterprise mobility management platform and analytics software to create App Store-like instances that can be offered through telecom providers.
Imperva: The Value-Destructive Effects Of Dilution (Seeking Alpha) Imperva has diluted shares by ~33% over five years. I look at what happens to shareholder value if it repeats this over the next five years. Share dilution shou
Emerging Gulf State cyber security powerhouse growing rapidly in size, (Reuters) A little-known cyber security company in the United Arab Emirates (UAE) recruiting executives who have worked for Western intelligence services is turning over hundreds of millions of dollars a year, largely in contracts with the government, according to its chief executive.
Cyber Armour is Need of the Hour: Harshil Doshi, Forcepoint India (Elets News) Rising menace of security threats is creating the urgent need to ensure cyber security solutions across the Banking, Financial Services and Insurance (BFSI) domain. In order to ensure complete safety of data and maintain credibility all the banks – big and small are ensuring the use of advanced technologies, says Harshil Doshi, Strategic Security Solutions Consultant, Forcepoint India, in conversation with Harshal Yashwant Desai of Elets News Network (ENN).
“Vendors promise the moon, but don’t always deliver," analyst says (Tahawul Tech) Technology vendors mislead CIOs when they claim to be complete solutions providers, and systems integrators are the true unsung heroes of enterprise IT, a leading industry analyst has claimed.
Snake Oil Salesmen Plague the Security Industry, But Not Everyone Is Staying Quiet (Gizmodo) Adriel Desautels was suddenly in a serious mess, and it was entirely his fault.
Midlands Cyber sets sights on USA | TheBusinessDesk.com (East Midlands) Breaking the US Cyber market, taking East Midlands companies Stateside
New York Aiming to Be the Country’s Cybersecurity Hub (WSJ) New York City is pushing to become the country’s cybersecurity hub, and has attracted several firms in recent months with a $30 million initiative.
Products, Services, and Solutions
Equifax, still having problems computering, releases credit locking app that doesn’t (Ars Technica) It's supposed to lock reports for free but doesn't work as advertised—or at all.
CompTIA Launches Beta Test for New CompTIA PenTest+ Certification (PR Newswire) CompTIA, the leading provider of vendor-neutral skills...
Munich Airport Establishes Center to Fight Cybercrime (AviationPros.com) Munich Airport has opened a new chapter in its IT security activities. At a special ceremony today, the airport launched its Information Security Hub (ISH) – a competency center where IT specialists with the airport operating company (FMG) will work...
CenturyLink and collab9 to deploy secure cloud communications to the Defense Nuclear Facilities Safety Board (PR Newswire) CenturyLink, Inc. (NYSE: CTL) and collab9, a leading FedRAMP-authorized...
Zentera Systems Announces Partnership with Nebosystems to Help Enterprises Address Need for GDPR Compliance (Broadway World) Zentera Systems Announces Partnership with Nebosystems to Help Enterprises Address Need for GDPR Compliance
SpaceX Launches Satellite With More Cyber Protection (VOA) The Luxembourg-built satellite expands NATO surveillance and ability to stop cyber attacks
Sophos integrates $100m acquisition into new next-gen offering (CRN) Vendor acquired Invincea last year and has now integrated it into its offering, with one partner calling the end result 'a game changer'
Paladin Armor Seeks To Redefine Smart Home Security (Forbes) “Home security” is a broadly defined moniker that in my view does a disservice ...
Virsae unveils fraud busting security solution (New Zealand Reseller News) Virsae has unveiled plans to tackle rising toll fraud costs, through the introduction of a security management solution leveraging unified communications capabilities.
Bandura-Pioneered Threat Intelligence Gateways Begin Mainstream Ascent (GlobeNewswire News Room) Providers of threat intelligence gateways reported growth rates from 120% to 400% from startup companies with a small base of overall revenue in 2016, Gartner states in report
Recorded Future Gives Companies Single View, Analysis of Security (SDxCentral) Threat intelligence company Recorded Future launched a new security product that provides a single view and analysis of threat data from various sources.
Technologies, Techniques, and Standards
Navigating ASEAN’s patchy cyber security landscape (ComputerWeekly) Cyber resilience remains low across Southeast Asia, a regional economic powerhouse that is increasingly susceptible to cyber threats as its digital economy grows
Govt's cyber swachhta project reduces malware infections by 50% (Moneycontrol) Over 121 ISPs and close to 40 financial service organisations and other such firms are configured to receive daily bots threat intelligence feeds from the analysis centre.
How To Decrypt Files Locked By a Ransomware (Virus Removal Instructions) If your files got decrypted by a ransomware there are still chances to save them.
Coincheck hack: How investors can protect their digital money (International Business Times, Singapore Edition) Cybersecurity expert Rick McElroy shares a few things about the significance of protection for cryptocurrencies.
Mattis considers cellphone ban at Pentagon (Military Times) Defense Secretary Jim Mattis is considering banning all cell phones and personal electronic devices such as FitBits from the Pentagon
Cybersecurity/Defense & Homeland "Progress & Best Practices" 2018 (Federal News Radio) This program will provide a progress report on cybersecurity in defense and homeland in government.
Making the Case for Vendor Security to the C-Suite (BitSight) Learn how to overcome common objections and convince your executive team that vendor risk management is a vital component of information security.
Ignorance is no defence for failure to encrypt - Senetas (Voxy) "In 2018, it is staggering that many businesses still do not encrypt their data, especially when the data is travelling across public networks. Large data breaches are becoming the norm around the world. At least once a week we hear of a significant
Design and Innovation
In fingerprints and banks we trust: IBM reports on the future of authentication (ZDNet) An IBM study of The Future of Identity has found that whether people use passwords or biometrics is influenced by how old they are, where they live, and the value of the service involved. Choices are not purely technical....
What is happening with AI in cybersecurity? (SearchNetworking) Bloggers explore the growing role for AI in cybersecurity, network simplicity and the role of BGP in EVPN-based data center fabrics.
Why experts think blockchain has the same potential as the internet (Jacksonville Business Journal) Blockchain technology has the potential to dramatically improve efficiency and security in a variety of industries, Deloitte experts told the Jax Chamber IT Council.
Research and Development
Device-Independent Quantum Cryptography (EurekAlert!) The key to proving the security of device-independent quantum cryptography in a regime that is attainable with state-of-the-art quantum technology is the realization that any attack strategy, no matter how complex (symbolized in the lower row), can be decomposed into a sequence of simple steps (upper row).
MIT launches MIT IQ, aims to spur human, artificial intelligence breakthroughs, bolster collaboration (ZDNet) Perhaps the biggest takeaways from MIT IQ are that algorithms need new approaches and multiple disciplines and research areas need to collaborate to drive AI breakthroughs.
The Army wants to be able to track friendly forces during a cyber attack (C4ISRNET) The Army is working on a new Blue Force Tracking system as the service prepares for soldiers to operate in hostile cyber and electronic warfare environments.
Legislation, Policy, and Regulation
How barely connected North Korea became a hacking superpower (South China Morning Post) North Korea’s most promising hackers are sent to Shenyang, in China, before being unleashed upon the US and other enemies
Russian spy chiefs met in Washington with CIA director to discuss counterterrorism (Washington Post) The meeting raised concerns among some U.S. officials that Moscow may believe the Trump administration is willing to move beyond the issue of election interference.
China Prepares to Win 'Informationized Local Wars' (StrategyPage) CIA Director Mike Pompeo pegs Russia and China as America's two most powerful and worrisome adversaries.
Israeli entrepreneur calls for NATO-style cybersecurity alliance (Times of Israel) Former MK Erel Margalit says Israel and its Arab neighbors already cooperate in protecting the civilian cybersphere, but must do more
Data breach disclosure law will lift Australia’s cyber security game (ComputerWeekly.com) New rules underscore Australia’s recent efforts to tackle cyber security challenges on the local and international stage.
Parliament passes law on cyber-security (Slovak Spectator) The new law aims to ensure security of Slovak cyber-space and avert possible cyber-attacks.
Countering significant cyber threats? Check. (Fifth Domain) Cyber Command’s global operational defense arm has reached full operational capability.
Who Is Paul Nakasone? Army Cyber Warfare Chief May Head NSA Soon (International Business Times) Apart from serving in the Army Cyber Command, Nakasone also worked as deputy commanding general at the U.S. Cyber Command, and was later promoted to commander of the Cyber National Mission Force.
Firewalling democracy: Federal inaction on a national security priority (TheHill) This is a moment to choose national defense over politics, and develop election cybersecurity plans.
Establishing digital age of consent for children won’t protect them – expert (Independent) Establishing a digital age of consent for children is not an effective method of protecting them online, according to an expert and professor in cyber studies.
Litigation, Investigation, and Law Enforcement
House intel committee releases transcript of contentious meeting over surveillance memo (Fox News) The House Intelligence Committee on Wednesday released a 51-page unclassified transcript of the contentious meeting this week between Republicans and Democrats in which members voted to publicly release the classified memo circulating in Congress that purportedly reveals government surveillance abuses.
Small businesses ‘losing the war’ against cyberattacks, say FBI and DHS (The Washington Times) Small businesses across America are increasingly falling prey to cyberattacks and allowing criminals access into the nation’s critical information-technology infrastructure, officials from the FBI and Department of Homeland Security warned lawmakers Tuesday.
German antitrust office starts asking questions about online ad platform giants (TechCrunch) Germany's national competition regulator has announced it's looking into market conditions in the online advertising sector, responding to concerns that a..
Bitcoin payments used to unmask dark web users (Naked Security) Researchers have discovered a way of identifying those who bought or sold goods on the dark web, by forensically connecting them to Bitcoin transactions.
Facebook sued for not stopping killer who gave 4 minute notice (Naked Security) The killer called it an “Easter day slaughter,” fatally shot a 74-year-old father of 10, then posted a video of the shooting to Facebook.
Wollongong hacker told GoGet of software flaws a year before cyber attack: court (Illawarra Mercury) Nik Cubrilovic advertised himself as a 'former hacker turned security consultant' on his recently shut-down website.
Warrington police are latest to offer safe zone for online transactions (Bucks County Courier Times) The police station lobby and parking lot on Easton Road are available to the public to use to complete online purchase transactions. Both areas are