Cyber Attacks, Threats, and Vulnerabilities
Electronic Jamming Between Russia and NATO is Par for the Course in the Future, But it Has its Risky Limits (Atlantic Council) Norway says Russia jammed GPS during major NATO exercise BRUSSELS — New revelations by the Norwegian military and allied officials that Russia persistently jammed GPS signals during NATO’s recently concluded Trident Juncture exercise in Europe’s...
Special Report: How ZTE helps Venezuela create China-style social... (Reuters) In April 2008, former Venezuelan President Hugo Chavez dispatched Justice Minist...
China’s Cyber Cop Ups the Pressure to Control Online Speech (Wall Street Journal) China’s chief cybercensor is raising the pressure on internet companies to police online speech, requiring they keep extensive records about users and alert authorities about the spread of what the government deems harmful content.
Facebook says it removed a flood of hate speech, terrorist propaganda and fake accounts from its site (Washington Post) Facebook said Thursday it had removed billions of fake accounts and millions of posts, photos and other forms of content that violated its community standards.
Facebook Moves to Limit Toxic Content as ‘Times’ Scandal Swirls (WIRED) Mark Zuckerberg rolls out a new algorithm change meant to fix Facebook while defending his company against a scathing New York Times report.
How Are We Doing at Enforcing Our Community Standards? (Facebook Newsroom) Today, we're publishing our second Community Standards Enforcement Report.
A leaky database of SMS text messages exposed password resets and two-factor codes (TechCrunch) A security lapse has exposed a massive database containing tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more. The exposed server belongs to Voxox (formerly Telcentris), a San Diego, Calif.-based communications company. The server wa…
Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware (CrowdStrike) New tactics of selectively targeting organizations for high ransomware payouts have signaled a shift in the adversary group INDRIK SPIDER’s operations with a new focus on targeted, low-volume, high-return criminal activity referred to as big game hunting.
Threat Actors Exploit Equation Editor to Distribute Hawkeye Keylogger (Security Intelligence) A recent Hawkeye keylogger campaign leveraged an old Microsoft Office Equation Editor vulnerability to steal user credentials, passwords and clipboard content.
Exploring Emotet: Examining Emotet’s Activities, Infrastructure (TrendLabs Security Intelligence Blog) To know more about Emotet, we examined unique URLs, document droppers, and executables to discover its infrastructure and activities.
Emotet infection with IcedID banking Trojan (SANS Internet Storm Center) Emotet malware is distributed through malicious spam (malspam), and its active nearly every day--at least every weekday. Sometimes the criminals behind Emotet take a break, such as a one month-long hiatus from early October through early November, but the infrastructure pushing Emotet has been very active since Monday 2018-11-05.
Russian Banks Under Phishing Attack (BleepingComputer) Banks in Russia today were the target of a massive phishing campaign that aimed to deliver a tool used by the Silence group of hackers believed to have a background in legitimate infosec activities.
Why grid security starts with cybersecurity awareness (Fifth Domain) The U.S. energy sector faces daily cyberattacks from both independent adversaries and state-sponsored actors.
Never mind oil companies, cyberattacks risk 'shutting down entire countries' (CNBC) The threat of cyber espionage goes above and beyond endangering some of the world's largest oil and gas companies, industry experts warned on Wednesday, saying "entire countries" are being targeted.
Google's Past Data Use Could Impede Health Care Push (WIRED) Privacy researchers raise concerns about the planned transfer of a DeepMind project in the UK to corporate sister Google.
Researchers Created Fake 'Master' Fingerprints to Unlock Smartphones (Motherboard) It’s the same principle as a master key, but applied to biometric identification with a high rate of success.
5 Privacy Mistakes that Leave You Vulnerable Online (HackRead) When news broke about Cambridge Analytica, the Internet went into a frenzy: “How could Facebook do this!” “Facebook should be made accountable!” Besides the fact that I think the whole Cambridge Analytica issue was blown out of proportion, I believe bigger issue is the fact that very few people are willing to be responsible for their own privacy: the kind of permissions we give to apps and sites like Facebook, freely allowing applications and websites to access our location information, etc, are just some of the ways we jeopardize our own privacy.
Thought you deleted your iPhone photos? Hackers find a way to get them back (Naked Security) The hacking duo @fluoroacetate demonstrated zero-day exploits against phones from Apple, Samsung and Xiaomi at the recent Pwn2Own contest.
Most Orgs Enabling BYOD Lack Security Controls (Infosecurity Magazine) Employee mobility and satisfaction are the main drivers for enabling BYOD.
Cyber Trends
Cyber Monday: Big Savings, Big Risks (Webroot Blog) Business owners and MSPs should know the risks of online shopping during Cyber Monday, and prepare for them accordingly.
RiskIQ's 2018 Black Friday E-commerce Blacklist (RiskIQ) RiskIQ released its 2018 Black Friday E-commerce Blacklist, which analyzes the results of a keyword query of our Global Blacklist and mobile app database.
Introducing WatchGuard’s 2019 Security Predictions (Secplicity - Security Simplified) As we move into 2019, once again, it’s time to offer our annual security predictions. What threats could have the biggest impact on businesses? How will malware continue to evolve? Will we see a continued escalation of state-sponsored attacks? Our predictions this year take a dystopian theme, and it’s no surprise following a year full of …
95% of Organizations Have Cultural Issues Around Cybersecurity (Dark Reading) Very few organizations have yet baked cybersecurity into their corporate DNA, research finds.
AI Poised to Drive New Wave of Exploits (Dark Reading) Criminals are ready to use AI to dramatically speed the process of finding zero-day vulnerabilities in systems.
The State of Media Security (Akamai) How media companies are securing their online properties.
Cyber security will be the single biggest risk in 2019 (Asia Insurance Review) Cyber security will perhaps be the single biggest risk that organisations are likely to face in 2019 according to the third edition of European Confederation of Institutes of Internal Auditing's (ECIIA) annual report Risk in Focus.
A 1970s Essay Predicted Silicon Valley's High-Minded Tyranny (WIRED) Published in Ms. magazine, "The Tyranny of Structurelessness" observes that organizations built to avoid hierarchy develop leaders with pernicious power.
Online Security Concerns Split UK Black Friday Shoppers (Security Boulevard) Shopping online on Black Friday Weekend can be a great way of getting the best deal as retailers slash prices across their range.
Real Hackers Tell Us Why They Love the Movie 'Hackers' (Motherboard) We asked a bunch of hackers why they love the over-the-top, cult 90s movie 'Hackers.
Marketplace
U.S. Cybersecurity Job Market Cries for Help as Demand for Top Talent Soars - Security Boulevard (Security Boulevard) Employer demand for cybersecurity professionals across the United State continues is soaring, according to new data sourced by Burning Glass Technologies. While the U.S. houses hundreds of thousands of cybersecurity workers, there are still plenty of chairs to fill in IT departments across the nation.
$3.2B worth of cyber contracts positions DHS for a good ‘backlog’ (Federal News Network) Kevin Cox, the CDM program manager at the Homeland Security Department, said the future for CDM includes security operations-as-a-service (SOCaaS), shared services and moving to a continuous improvement cycle.
BlackBerry to Acquire Cylance and Add Premier AI and Cybersecurity Capabilities (PR Newswire) Next-Generation Machine Learning to Complement Entire BlackBerry Technology Portfolio
BlackBerry to acquire Cylance in $1.4bn deal (Computing) Biggest-ever acquisition for BlackBerry reflects shift towards security software and services,Security ,BlackBerry,Cylance,Stuart McClure,Ryan Permeh,John Chen
Rumored Acquisition Would Give BlackBerry Stock a Huge Lift | InvestorPlace (InvestorPlace) If BlackBerry acquires Cyclance, BB will obtain many more huge IT security deals, boosting BlackBerry stock.
DirtySecurity Podcast: Chris Stephen on What Separates Cylance from the Herd (Security Boulevard) In this week’s episode of DirtySecurity, guest host Matt Stephenson talks with Chris Stephen about what Cylance is doing that is so fundamentally different from the old guard of the cybersecurity industry and the new kids trying to make a splash. Are Cylance’s claims about artificial intelligence real? Tune in and judge for yourself.
Data Protection Firm Cognigo Raises $8.5 Million (SecurityWeek) Cognigo, a Tel Aviv, Israel-based startup focused on data protection and compliance, has completed an $8.5 million Series A round of funding led by OurCrowd, with Prosegur, and State of Mind Ventures.
DUST Identity Announces Seed Round Led by Kleiner Perkins (PRWeb) DUST Identity, pioneers of the world’s first diamond unclonable security tag, launched out of stealth today to announce it has secured $2.3 million in seed funding
A conversation with Centrify and Idaptive on their future plans (BrianMadden.com) With Centrify splitting into two companies and Idaptive becoming the other half, we were curious how it would work. Jack sat down with the leadership team of both companies to learn more.
BAE awarded $100M Army intell support contract (Washington Technology) BAE Systems Inc. books a $100 million contract for technical and functional support services to an Army intelligence brigade.
SEC Awards Booz Allen Spot on 10-yr $2.5B IT Contract (Odessa American) In an ever-changing financial regulatory environment, the U.S. Securities and Exchange Commission (SEC) must constantly leverage technological capabilities to meet the commission’s evolving business needs.
Italians clearly aren’t that suspicious of Huawei (Telecoms.com) Despite governments around the world turning against Chinese vendors, Telecom Italia has agreed a new partnership with Huawei based on Software Defined Wide Area Network (SD-WAN) technology.
A Rundown of Israeli Spy Firms and Surveillance Outfits (CTECH) A small cluster of Israeli firms with close ties to the country’s intelligence agencies have been recently dragged into the spotlight, sometimes unwillingly
Facebook ‘smears rivals’ like Apple to hide failings (Times) When Mark Zuckerberg banned Facebook executives from using iPhones it appeared to be a petulant, kneejerk response to criticism from the Apple boss, Tim Cook. However, the edict was said to be part...
Facebook has other ties to Definers, the GOP-led opposition research group (TechCrunch) In the wake of a fairly catastrophic behind the scenes glimpse into Facebook’s high-level decision making, one question remains: Who brought a controversial Republican opposition research firm into the fold? In a long call with reporters on Thursday, Mark Zuckerberg denied any knowledge of hi…
Mark Zuckerberg says he did not know about 'dark arts' PR firm accused of savaging Facebook's critics (The Telegraph) Mark Zuckerberg has denied any knowledge of the "dark arts" public relations firm accused of leading an aggressive lobbying campaign against Facebook's critics in order to distract from its scandals.
Zimperium Joins the Microsoft Intelligent Security Association (BusinessWire) Zimperium, a global leader in mobile threat defense (MTD), today announced it has joined the Microsoft Intelligent Security Association.
London is fast becoming a major hub for A.I. development (CNBC) London's AI sector saw a 200 percent venture capital funding increase between 2015 and 2017.
Products, Services, and Solutions
New infosec products of the week: November 16, 2018 (Help Net Security) This week's infosec releases include products from Aruba, Cequence, Cryptowerk, and Push Technology.
TechDemocracy announces IT risk management platform for Amazon Web Services (GlobeNewswire News Room) With Intellicta platform, senior non-technical business decision makers can understand, evaluate and measure in-depth the effectiveness of their existing cybersecurity, governance, risk and compliance program for their cloud services
CryptoMove Launches Private Beta for Tholos Key Vault to Secure Cloud Native Development (PR Newswire) CryptoMove, the only cloud-native secrets management key vault to provide moving target defense, today announced ...
NAB offers new Cybersecurity certificates programm (Global Security Mag Online) The National Association of Broadcasters (NAB) is releasing a robust Broadcast Cybersecurity Certificate Program for engineering and information technology professionals. The online program is specifically tailored to the needs of the broadcast industry and is available to NAB members and nonmembers.
GreatHorn Expands Email Security Platform (SecurityWeek) GreatHorn has expanded its phishing protection system into a complete email security platform that addresses every potential stage of a phishing attack with integrated threat detection, protection, and incident response.
Cyber crisis continues unabated – is ATP the answer? (IT Brief) Statistics on cybercrime certainly makes for grim reading, and that is set to continue unless businesses take measures to stack the odds better in their favour.
Inmarsat Enhances Cyber Security Offering for Maritime Industry (The Maritime Executive) Inmarsat has introduced two new components to its maritime cyber security service, Fleet Secure, as...
Cisco Systems Embeds Security For 'No Compromise' SD-WAN (CRN) The development is a strong signal that the San Jose, Calif., networking giant sees SD-WAN as perhaps its biggest opportunity and is making that market its biggest focus in the coming year.
Thunder NSI, Webroot, Enable Cyber Security for the Masses (PR Underground) Thunder NSI enables secure Internet in underserved markets with Webroot BrightCloud® Threat Intelligence Partnership
Technologies, Techniques, and Standards
To understand autonomous weapons, think about electronic warfare (C4ISRNET) When remote piloting becomes difficult or impossible, autonomy will still let uncrewed vehicles operate.
Why aren’t chip credit cards stopping “card present” fraud in the US? (Ars Technica) Fraud is on the rise despite a move to chip cards.
7 Free (or Cheap) Ways to Increase Your Cybersecurity Knowledge (Dark Reading) Building cybersecurity skills is a must; paying a lot for the education is optional. Here are seven options for increasing knowledge without depleting a budget.
How to Tell if Your Account Has Been Hacked (Motherboard) How to check if your Gmail, Facebook, Instagram, Twitter, and other accounts have been hacked.
Availability and resilience important but overlooked aspects of digital risk: Deloitte - ETtech (ETtech.com) However, Jain cautioned that the people element is equally important.
Intel and NCSA Share Tips for Safe Online Holiday Shopping (AP NEWS) Heads up holiday shoppers! As you scour the internet for end-of-the-year deals and discounts, it’s important to protect your PC from hackers and fraudsters who are looking for an opportunity to steal your personal information. While online shopping has made our lives easier, it potentially exposes us to new vulnerabilities that can compromise our identities and personal data and provide access to our credit card and bank account information. In order to help shop online safely this season, let’s take a look at some safety tips.
Design and Innovation
Patching Software Is Failing as a Security Strategy (Motherboard) Many of the most damaging hacks in recent history were only possible because someone failed to update software.
The Internet Needs More Friction (Motherboard) Tech companies’ obsession with moving data across the internet as fast as possible has made it less safe.
NATO looks to hi-tech startups to tackle emerging threats (UNIAN) NATO is focused on areas such as artificial intelligence, connectivity, quantum computing, big data and hypervelocity, also seeking to improve the logistics of moving weapons and troops.
Show Me The Battle: Cyber Command Needs Data Fusion, Training Sims & C2 (Breaking Defense) Until cyber operators can both train realistically and see the their digital battlespace as clearly as traditional commanders see physical battlespace, they'll be hard-pressed to defend everyone else's systems.
MasterCard Set to Conduct 16 weekTrial of Biometric Bank card in Italy (Computer Business Review) Italian bank Intesa Sanpaolo is due to begin a four-month trial of a bank Mastercard containing a biometric fingerprint sensor...Biometric mastercard
What Separates the Good From the Bad: Mental Health and Cybersecurity (Infosecurity Magazine) Mental health can have critical implications on cybersecurity practices.
Research and Development
Amazon Wins Two Blockchain Related Patents: Cryptography and Distributed Storage (CryptoSlate) Internet retail behemoth Amazon was recently awarded two blockchain-related patents.
Cybersecurity 'moonshot' panel sends recommendations to White House (TheHill) A presidential committee has voted to move forward with its cybersecurity “moonshot,” a daunting task aimed at making the U.S. a global leader on cyber over the next decade.
Academia
Search to find Cyber Security experts of the future (GOV.UK) Success of Cyber Discovery scheme will see programme extended to Scotland and Northern Ireland
North Carolina launches cybersecurity training program for veterans (StateScoop) The state is partnering with Cisco and other tech firms to offer free training to former military members pursuing cybersecurity careers.
Legislation, Policy, and Regulation
Chinese regulator orders detailed user data to fight online... (Reuters) China's cyber watchdog said on Thursday it will require detailed logs on us...
Thai proposal for all-powerful cyber agency alarms businesses,... (Reuters) A proposed cybersecurity law in Thailand would give a new government agency swee...
NTEU asks OPM for 10 year plan to protect cyber breach victims (Federal News Network) In today's Federal Newscast, the Postal Service lost money for the 12th straight year, although a rate increase on stamps could help.
Cyber will be a priority for new Congress. But what does that mean? (Fifth Domain) Congressional aides are skeptical that the budget outlook will drastically change from this deadlock, casting doubt over whether the Trump administration will be able to fund cybersecurity initiatives.
Alphabet, Microsoft leaders named to National Security Commission on Artificial Intelligence (Fedscoop) Two West Coast tech experts were chosen Wednesday by the Republican and Democratic leaders of the House Armed Services Committee to serve on the new National Security Commission on Artificial Intelligence. Armed Services Chairman Mac Thornberry, R-Texas appointed Eric Schmidt, technical adviser to the board of Google parent company Alphabet, while ranking member Adam Smith, D-Wash., went with …
A White House aide picked a fight with Melania Trump. The first lady won. (Washington Post) The first lady’s decision to publicly push for the ouster of a senior member of her husband’s staff shows a new willingness to weigh in on White House operations.
Japan Cyber Minister Says He Has Never Used a Computer (Dark Reading) Yoshitaka Sakurada, who recently took on the role after a cabinet shuffling, says it's up to the government to deal with it.
Pentagon, Homeland Security Helping Private Companies Defend Against Cyber Threats (Roll Call) The Pentagon and DHS have reached an agreement jointly defend the United States against strategic cyber threats, including assistance to private firms.
Government Contractors Face New Data Breach Disclosure and Investigation Requirements (Nextgov.com) A planned rule would require contractors to save images of breached systems and allow agencies access.
Silicon Valley Doesn’t Want the U.S. to Get Too Hasty About Regulation (Bloomberg) After two years of hacks, leaks, and misinformation, the big internet companies say they’re open to a little more oversight.
Tech leaders must do more to stamp out cyberbullying (Times) I convened the cyberbullying task force in 2016 because I was a new parent and saw that my friends and peers were worried about the risks of the very powerful tools we were putting in our...
Litigation, Investigation, and Law Enforcement
Cut-and-paste error apparently reveals federal charges against Assange (Ars Technica) Filing in unrelated case mentions criminal charges against Wikileaks founder.
U.S. judge refuses to toss out Mueller probe case against Russian firm owned by ‘Putin’s chef’ (Washington Post) Judge: Concord ‘cannot escape’ that deceit alleged in 2016 U.S. election interference effort is illegal.
Maria Butina, alleged Russian agent, asks U.S. court to dismiss charges as unconstitutional (Washington Post) Her attorneys argued that a U.S. law criminalizes otherwise protected and legal speech by foreign nationals.
‘Alarming’: Soros calls for investigation of Facebook after report of a smear campaign (Washington Post) Facebook hired a Republican opposition-research firm to discredit activists critical of the social network, linking them to the liberal philanthropist, according to a New York Times report.
Sheryl Sandberg claims she didn’t know Facebook hired agency behind ‘abhorrent’ anti-Soros campaign (TechCrunch) Sheryl Sandberg has denied that she obstructed early investigations into election meddling and claimed that she was unaware Facebook was involved with an agency that ran “abhorrent” anti-Semitic campaigns that targeted George Soros, among others. Facebook, the world’s largest soci…
Suspected Russian cybercriminal arrested in Bulgaria at U.S. request, lawyer says - CyberScoop (Cyberscoop) Bulgarian authorities last week arrested an accused Russian cybercriminal based on an Interpol warrant that originated with prosecutors from the Eastern District of New York, a lawyer familiar with the case told CyberScoop.
Saudi Arabia distances crown prince from killing of journalist Jamal Khashoggi (Washington Post) The public prosecutor indicted 11 people in the killing but said there are no links to the powerful crown prince.
Opinion | Saudi Arabia’s latest account of Khashoggi’s death is shocking in its audacity (Washington Post) The Saudis change their story — again. Congress should not allow this travesty to continue.
U.S. imposes sanctions on 17 Saudis allegedly involved in the killing of journalist (Washington Post) The announcement follows the release of a statement in Riyadh saying 11 Saudi citizens had been indicted in the crime.
Facebook under pressure over Soros smear tactics (TechCrunch) Facebook is facing calls to conduct an external investigation into its own lobbying and PR activities by an aide to billionaire George Soros. BuzzFeed reports that Michael Vachon, an advisor to the chairman at Soros Fund Management, made the call in a letter to friends and colleagues. The call foll…
Facebook drops PR firm after revelation of anti-Soros campaign (Ars Technica) A New York Times expose reveals how Facebook sought to discredit critics.
Videographer sues Adobe after losing $250k worth of data through Premiere Pro bug (HackRead) A class action lawsuit has been filed by Dave Cooper, a freelance videographer, against Adobe for a bug in its video-editing software Premiere Pro that deleted years of his work within no time. Cooper software watched in horror as his important videos and clips got permanently deleted.
