Cyber Attacks, Threats, and Vulnerabilities
Lazarus Continues Heists, Mounts Attacks on Financial Organizations in Latin America (TrendLabs Security Intelligence Blog) The Lazarus cybercriminal group successfully planted their backdoor into several machines of financial institutions across Latin America.
Big foreign cyber attack targets Italian certified email accounts (Reuters) Unknown hackers gained access to thousands of Italian certified email accounts, ...
Iran-Linked Hackers Use Just-in-Time Creation of Weaponized Attack Docs (SecurityWeek) Documents used in cyberattacks by Iran-linked cyber-espionage group OilRig (APT34) were delivered to the victim via a spear-phishing email within 20 minutes after creation.
Hackers Impersonated State Department Spokeswoman, Experts Say (Bloomberg) Group that leaked Clinton emails believed to be behind attack. State Department, Nauert, deputy Stevenson not compromised.
Russia’s Cozy Bear comes out of hiding with post-election spear-phishing blitz (Ars Technica) Emails that seem eerily familiar masquerade as US State Department.
Russia's Elite Hackers May Have New Phishing Tricks (WIRED) Two new reports show an uptick in sophisticated phishing attacks originating from—where else—Russia.
Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign (Security Boulevard) Introduction FireEye devices detected intrusion attempts against multiple industries, including think tank, law enforcement, media, U.S. military, imagery, transportation, pharmaceutical, national government, and defense contracting..
Olympic Destroyer Wiper Changes Up Infection Routine (Threatpost) The Hades APT group continues its quest to stay under the radar.
Olympic Destroyer Returns with Improved Arsenal (Security Boulevard) The hacker group that attacked the 2018 Winter Olympic Games IT infrastructure is still active and has recently been observed attacking organizations with The hacker group that attacked the 2018 Winter Olympic Games IT infrastructure with the Olympic Destroyer malware is still active.
New Strain of Olympic Destroyer Droppers (Check Point Research) Over the last few weeks, we have noticed new activity from Hades, the APT group behind the infamous Olympic Destroyer attack. Moreover, this new wave of attack shares a lot with those previously attributed to the group but it seems that this time we are witnessing significant changes that may hint at a new evolution...
Analysis | What’s the strategy of Russia’s Internet trolls? We analyzed their tweets to find out. (Washington Post) The Internet Research Agency posed as local news outlets and spread outrage more than fake news.
Ukraine detects new Pterodo backdoor malware, warns of Russian cyberattack (Ars Technica) Revived Gamaredon threat group just part of wave of new attacks tied to Russia's FSB.
Hackers use Drupalgeddon 2 and Dirty COW exploits to take over web servers (ZDNet) Hacks could be easily avoided if people would patch their Drupal CMSs and Linux web servers.
Instagram Download Tool Exposes User Passwords (SecurityWeek) Instagram informs some users that their passwords may have been exposed as a result of using the “Download Your Data” tool
New Vehicle Hack Exposes Users’ Private Data Via Bluetooth (SecurityWeek) People who have synced their mobile phones with a wide variety of vehicle infotainment systems may have have their personal information exposed to a new type of in-vehicle Bluetooth hack Dubbed CarsBlues.
Is your Facebook and Instagram down? Well, you are not alone (Updated) (HackRead) Follow us on Twitter @HackRead
Facebook And Instagram Are Down In Second Snag This Week (Forbes) Global Facebook users reported outages Tuesday on the web's largest social media platform, as well as on sister platform Instagram.
Microsoft cloud suffers login fail (CRN Australia) Multi-factor authentication is down for some Azure and Office 365 users.
"Classic" bugs open TP-Link's SafeStream Gigabit Broadband VPN Router to attack (Help Net Security) Cisco Talos researchers have flagged four serious vulnerabilities in TP-Link's SafeStream Gigabit Broadband VPN Router (TL-R600VPN).
6,500 Dark Web Sites Offline After Hosting Service Attacked (Dark Reading) The actor behind the attack on Daniel's Hosting, and their initial point of entry, remain unknown.
Make-A-Wish website compromised to serve cryptojacking script (Help Net Security) The international website of the US-based non-profit Make-A-Wish Foundation has been compromised to serve a cryptojacking script.
Fake Email Leads the List of Cybercrimes to Watch Out for This Holiday (Valimail) Data collected by Valimail during the week of Thanksgiving in 2017 showed a dramatic rise in the number of fake emails sent that week.
The Mixed Forecast for Cybersecurity during Black Friday and Cyber... (Bricata) The first nine months of 2018 have not been easy in cybersecurity circles. Reporting indicates that while breaches and records exposed are down slightly, the statistics are still staggering: 3,676 breaches and 3.6 billion compromised records, according to Dark...
Beware Black Friday Scams Lurking Among the Holiday Deals (WIRED) Cybercriminals are always looking to steal your credit card or even your identity. But it pays to be on extra high alert come Black Friday.
Black Friday security alert as hackers spoof popular brands (IT Pro Portal) Shoppers need to be extra careful during the holiday season, report warns.
Every day is Black Friday (Naked Security) Scammers don’t stop trying to dupe you or take their foot off the gas just because it’s the day after Cyber Monday.
Credit card fraud in ANZ showing no signs of abating (ComputerWeekly.com) The value of fraudulent transactions more than doubled that of legitimate purchases during the third quarter this year
An Introduction to Magecart (Akamai) Since at least September, a number of criminals have been targeting online shopping carts and skimming credit card data at checkout. Collectively, these criminals are being called Magecart. Researchers at RiskIQ and Flashpoint Intelligence have identified...
Security Patches, Mitigations, and Software Updates
Microsoft: We've pulled buggy Outlook 2010 patches over crashes (ZDNet) Flawed updates cause Outlook and other apps to crash.
Patch Skype for Business now or risk DoS via emoji kittens! (Naked Security) So cute! So grabby with the bandwidth!
Update now! Dangerous AMP for WordPress plugin fixed (Naked Security) The popular plugin for implementing Accelerated Mobile Pages returned, patched, to WordPress.org last week.
Instagram kills off fake followers, threatens accounts that keep using apps to get them (TechCrunch) Instagram is fighting back against automated apps people use to leave spammy comments or follow then unfollow others in hopes of growing their audience. Today Instagram is removing from people’s accounts who use these apps inauthentic follows, Likes and comments that violate its policies; sen…
Microsoft Enhances Windows Defender ATP (SecurityWeek) Windows Defender ATP can now prevent Office communication applications, including Outlook and Adobe Reader, from creating child processes.
Exclusive poll: America sours on social media giants (Axios) Americans are waking up to dark side of the technologies that play big roles in their daily lives.
How artificial intelligence is disrupting cyber crime (Computing) Mariana Pereira, director at Darktrace, discusses how AI and machine learning technologies are changing the ways cyber criminals seek to attack enterprises and steal their data.
On Pace To Break 20k Mark For Disclosed Vulnerabilities (Risk Based Security) The number of vulnerabilities through Q3 of 2018, though significant and on track to be over 20,000, is down from the same time last year and will likely fall short of the record-breaking 2017 year end numbers of more than 22,000 disclosed vulnerabilities, according to Risk Based Security.
Small Businesses, Big Breaches (SecurityWeek) Board of directors, business partners, consumers, and legislators all play a role in defining how much risk is acceptable in their organizations.
India Among Top 4 Countries Targeted for Phishing Attacks: RSA Security (NDTV Gadgets360.com) India is among the top four nations targeted by phishing attacks. The other three are Canada, the US, and the Netherlands.
Mark Zuckerberg's 'war' footing at Facebook driving out executives (The Telegraph) Aggressive internal messaging from Facebook chief executive Mark Zuckerberg is causing rifts with allies and contributing to high-level departures.
Analysis | The Cybersecurity 202: Dem senator on Facebook: 'This isn't a public relations problem' (Washington Post) Sen. Mark Warner calls the company's issues more fundamental.
Perspective | Embattled and in over his head, Mark Zuckerberg should — at least — step down as Facebook chairman (Washington Post) Two devastating pieces of journalism show how disastrous the media giant has become.
Google threat to close Google News in the EU over 'link tax' plan (Computing) Google will do to Google News in the EU what it did to Google News in Spain in 2014, company warns.
Vodafone chief vouches for Huawei in security debate (Times) The new boss of Vodafone has backed Huawei, the Chinese telecoms supplier that is under scrutiny from the government amid concerns about risks to national security. Nick Read said that Huawei was...
Ford Eyes Using Personal Data to Boost Profits (Threatpost) Ford's CEO sees the tech company model as key to the company's next chapter.
FireEye Is Finally Getting Its Act Together (The Motley Fool) The cybersecurity specialist has won back investor confidence with its solid results and looks destined for better times.
Apple’s Tools Sneak Into Business (Wall Street Journal) This summer, Apple addressed a major IT pain point with the launch of Apple Business Manager, which lets administrators manage Apple devices, apps and accounts. It’s being used by more than 40,000 businesses, including sneaker companies GOAT and Flight Club.
Microservices Firewall Innovator Alcide Raises $7M to Redefine Cloud Security (GlobeNewswire News Room) Total Funding Reaches More Than $12M Only Seven Months After General Availability; Company Expanding to US and EMEA
Five key questions for Cylance partners following Blackberry takeover (CRN) What is a former smartphone maker doing buying a next-gen security start-up, and what will the deal mean for Cylance partners' margins and market opportunity?
Products, Services, and Solutions
Asigra TrueNAS Backup Appliance Built on iXsystems Open Source Storage to be Unveiled at VMWorld 2018
(Asigra) The Asigra TrueNAS Backup Appliance is a physical hardware solution configured with Asigra Cloud Backup Software version 14.
SyncDog Inc. Supports Utility Companies in Secure Communications During Emergency Power Outages (Digital Journal) generation mobile security and data loss prevention, today announced
empow Announces Partnership with Elastic (empow) Integration of empow’s intent-based NG SIEM with the Elastic Stack will provide unprecedented, rules-free proactive security coverage
F-Secure Boosts Endpoint Detection and Response With Unique On-demand Elevate to Experts (Markets Insider) Endpoint protection solutions and prevention are very effective when it comes to fighting commodity cyber t...
Rivierenland improves security, performance and availability with new VDI platform and support from Proact (News Powered by Cision) Water authority Rivierenland has modernised its VDI platform with support from specialists at
PayLeak-3PC: Pulitzer Prize Winning Newspaper Blocks Malicious Mobile Redirect (The Media Trust) Malicious campaign targets users of widely-used digital wallet.
Mobey Forum sets up digital ID expert group (Finextra) Mobey Forum, the global industry association empowering banks and other financial institutions to shape the future of digital financial services, today announces the formation of the Digital ID Expert Group.
A closer look at HTC’s blockchain phone, the Exodus 1 (TechCrunch) The Exodus 1 didn’t make its global debut on stage at TechCrunch Shenzhen. That was the plan, but stuff, as the saying goes, happens. It simply didn’t make its way from Hong Kong to China in time. I won’t lie, I was a bit suspicious of this latest turn of events. After month of teasing […]
Technologies, Techniques, and Standards
Here’s how Cyber Command’s ‘defend forward’ strategy protects the nation in cyberspace (Fifth Domain) Cyber Command is using its unique capabilities to provide important insights to civilian agencies and the private sector.
The Czech tech to overcome Russian jammers (C4ISRNET) Czech company Era is relatively unknown outside of the electronic surveillance community and civil aerospace sector, but it has a rich history in passive sensor technology.
The new way the Army will conduct information operations (Fifth Domain) A quietly released Army document provides in-depth steps and tactical guidance on how to conduct
Here’s what combatant commanders want from cyber teams (Fifth Domain) Combatant commanders are asking for this from their cyber commanders.
Can Army Afford The Electronic Warfare Force It Wants? (Breaking Defense) Army planners are thrashing out how many electronic warfare specialists the service needs, not just to rebuild radio-jamming and spoofing capability in combat units, but to create a training cadre that can sustain the EW corps for the long-term.
OWASP Sting: How Education Can Take the Bite out of Common Vulnerabilities (Infosecurity Magazine) It should be a wake-up call to the industry that the most common security threats have remained nearly unchanged since the first OWASP list 15 years ago.
CVSS Scores Often Misleading for ICS Vulnerabilities: Experts (SecurityWeek) While CVSS can be useful for rating vulnerabilities, the use of the standard for flaws affecting ICS can have negative consequences, particularly if an organization relies solely on it for prioritizing patches
Do Wearable Devices Connect People to the Internet of Things? (Clutch) People who own wearable devices mostly connect them to their smartphones, rather than other IoT devices, which limits their devices' functionality, according to our new survey.
Design and Innovation
Deception technology: An approach that is beginning to gain traction (Federal News Network) Tony Cole, the chief technology officer at Attivo Networks, explains how agencies can stop being one-step behind the cyber attackers.
Research and Development
Future military satcom system puts cybersecurity first - SpaceNews.com (SpaceNews.com) Electronic threats against satellite communication have rapidly escalated in the last few years and will continue to advance in the foreseeable future.
Gannon University launches cybersecurity program (GoErie.com) The initial vision for the six-story Knight Tower in downtown Erie calls for space for cyber labs, a hacking lab, a defense lab and a lab where they would
UTSA, NSA partner to accelerate degree completion and workforce development (UTSA Today) UTSA and the National Security Agency (NSA) have announced an articulation agreement to create accelerated degree plans in cybersecurity and modern languages and enhance workforce development in those fields.
Legislation, Policy, and Regulation
How China Walled Off the Internet (New York Times) The web was supposed to set the world free. China's is censored, but booming anyway.
A Little Less Complication: Does the UK Need a New Cyber Council? (Infosecurity Magazine) If approved, what impact would a UK Cybersecurity Council have?
Qatar beefs up incidence response capabilities against cybercrimes (MENAFN) Qatar's Cybersecurity Centre (CSC) has strengthened its incidence response capabilities to protect and assist its client organis
Singapore Signs Cybersecurity Agreements With US, Canada (SecurityWeek) Singapore signs cybersecurity agreements with Canada and the United States
The Bill Codifying The New Cybersecurity and Infrastructure Security Agency Is Short and Sweet (CTOvision.com) The nation has a new federal agency. The Cybersecurity and Infrastructure Security Agency (CISA) was created out of several existing organizations within the DHS. The CISA was codified by a law signed by the President on 16 November 2018. I read what DHS said about CISA (see more here). Then thought I should spend a …
Department of Health wants to up security posture to Commonwealth standard (ZDNet) The Australian government department wants a solution to support its move towards compliance with the Essential Eight Security Controls.
HHS Deputy Secretary Eric Hargan Describes Cyber Initiative (BankInfo Security) So what's the mission of the newly launched Department of Health and Human Services' Health Sector Cybersecurity Coordination Center, and how will it function? HHS
The SEC and Cybersecurity Regulation (Lawfare) American companies are getting hacked, and the Securities and Exchange Commission wants corporate executives to do something about it.
Litigation, Investigation, and Law Enforcement
We can detest Assange but don’t lock him up (Times) As his lawyers might put it, Julian Assange’s best defence against extradition to America is that there is no law yet against being really annoying. Remarkably it is now a little over six years...
TalkTalk hackers jailed over 2015 data breach that affected 1.6 million customers (Computing) Matthew Hanley and Connor Allsopp sentenced to 12 months and eight months respectively.
Russian hacker arrested in Bulgaria for ad fraud of over $7 million (ZDNet) Alexander Zhukov, a supposed hacker who went online by the name of "Nastra," is currently fighting extradition to the US.
Woman in alleged homeless Marine veteran scam duped by boyfriend, says attorney (Marine Corps Times) A woman charged with scamming GoFundMe donors out of more than $400,000 with a fake story about a homeless veteran was duped by her former boyfriend and genuinely thought she was helping the man, her attorney said Monday.