Cyber Attacks, Threats, and Vulnerabilities
Intelligence: Pyongyang Trying to Steal Cryptos before Pyeongchang Olympics (Bitcoin News) South Korean intelligence has informed lawmakers that the North keeps trying to steal cryptos from exchanges south of the DMZ.
Researchers attribute Flash Player zero-day attacks to rapidly advancing North Korean APT group (SC Media US) Multiple researchers are reporting that a North Korean hacking group is responsible for a series of attacks exploiting CVE-2018-4878, a critical use-after-
New Mission For North Korea’s Hackers: Get Rich (Fast Company) Pyongyang’s hackers, once known for spying and vandalism, have been accused of stealing millions in cryptocurrency in a string of digital heists.
All Ledger hardware wallets vulnerable to man in the middle attack (HackRead) IT security researchers have reported that all Ledger hardware wallet dealing with cryptocurrency are vulnerable to man in the middle attack.
Tech-support scammers have a new trick to send Chrome users into a panic (Ars Technica) Here’s what to do after landing on a page that freezes your browser.
Leaky Amazon S3 Bucket Exposes Personal Data of 12,000 Social Media Influencers (Threatpost) Octoly's incident response was sorely lacking, says the Upguard researcher who found the exposed repository.
Buffett's Business Wire suffers cyberattack (Reuters) Business Wire, the corporate news release distributor owned by Warren Buffett's Berkshire Hathaway Inc, on Tuesday said it has been suffering for nearly a week from a cyberattack designed to disable it.
One Computer Can Knock Almost Any WordPress Site Offline (SecurityWeek) An Israeli researcher has published details of how almost anyone can launch a denial of service (DoS) attack against almost any WordPress with just one computer.
Hackers Are Infecting WordPress Sites to Mine Cryptocurrency (The Daily Dot) Here's how you can protect yourself.
What is Cryptojacking and Why It's a CyberSecurity Risk (eSecurity Planet) Learn about this emerging attack method and how it's impacting organizations around the world in this eSecurityPlanet series.
CSS Code Can Be Abused to Collect Sensitive User Data (BleepingComputer) With the recent upgrades to the CSS language, CSS code has become a powerful tool that could be abused to track users on websites, extract and steal data from a web page, collect data entered inside form fields (including passwords), and even deanonymize Dark Web users in some scenarios.
AutoSploit: Mass Exploitation Just Got a Lot Easier (Dark Reading) But the response to the new hacking tool, now readily available to the masses of script kiddies, has been a mix of outrage, fear, some applause, and more than a few shrugs.
Cybercriminals exploiting traditional trust measures for compromises, study (SC Media US) Cybercriminals are exploiting traditional measures of trust to gain a foothold on users systems by compromising trusted sites.
BlackEnergy Malware: How Hackers May Tackle our Infrastructure (Infosecurity Magazine) In 2018, we’ll likely see threat actors increase their focus on critical infrastructure
Ransomware Victims Hit on Average by Two Attacks per Year (BleepingComputer) A study of 2,700 IT professionals across the globe has revealed that 54% of organizations suffered a ransomware attack in the last year, and most organizations were hit more than twice, with the average number of ransomware per attacks being two.
Russian threat to elections is not over, Nelson warns (Tampa Bay Times) Sen. Bill Nelson said Tuesday that the threat of Russian interference in elections is not over and faulted the Trump administration for not imposing further sanction.
Bitdefender Ironically Stopped Working on Safer Internet Day (BleepingComputer) Ironically on what has become known as Safer Internet Day, users of Bitdefender Antivirus are reporting today that the security software has suddenly stopped working. After installing an update, Bitdefender users are seeing errors that state "The Bitdefender Security Service (vsserv.exe) is unavailable".
False Tsunami Warnings Sent Over Phones Spook Americans (VOA) Last month's false alarm was a missile headed for Hawaii
How Long Did the US Government Know about Spectre and Meltdown? (Defense One) The largest CPU bug in history caught the Defense Department by surprise. Or not.
Security Patches, Mitigations, and Software Updates
Adobe Fixes Flash Player Zero-Day Vulnerability (Security Boulevard) Adobe has released an emergency update for Flash Player to fix a critical zero-day vulnerability that already has been used in targeted attacks by North Korean hackers.
Firefox 59’s privacy mode plugs leaky referrers (Naked Security) The Firefox browser’s Private Browsing Mode won’t tell websites where visitors have come from.
Cyber Trends
Digital dark age fears stoked by Davos elite do little to address cybersecurity (The Conversation) Cyberattacks are in the top five global risks, behind extreme weather events and natural disasters. But global cooperation remains deeply problematic.
How Secure is Your Medical Data? (Security Boulevard) Imagine getting online with your doctor on the other end of the streaming connection, and then sending her real-time data of your blood pressure and glucose levels for real-time analysis and consultation..
Protecting Against Breaches is a Fluid Job (The NonProfit Times) The computer, tablet, or phone that you are reading this on might already be obsolete, as the old joke goes. Seemingly every week tech companies…
Marketplace
Proofpoint Enters into Definitive Agreement to Acquire Wombat Security Technologies for $225 million in Cash; Moves into Phishing Simulation and Security Awareness Training Market (GlobeNewswire News Room) An industry-first combination of advanced threat protection capabilities with real-time phishing simulation and cybersecurity awareness and training
Aperio raises a $4.5M seed round to protect power plants from hackers (TechCrunch) Protecting critical infrastructure like power plants and other industrial plants is just as important as it's challenging. It's one thing to take over a..
DFLabs Doubles Revenues, Raises Additional Financing and Expands Footprint in US and EMEA in 2017 (Digital Journal) Automation and Orchestration, today announced it has increased its total
Exclusive: Gigamon layoffs hit Santa Clara HQ after hedge fund buyout (Silicon Valley Business Journal) Gigamon is shedding nearly one-fifth of its Silicon Valley workforce and restructuring the company, it said a month after its buyout by a global hedge fund.
Akamai cuts 5 percent of workforce as Q4 tops expectations (ZDNet) The company is cutting workers primarily in its media division as it aims to improve margins.
Why FireEye's Fiscal 4Q17 Results Matter (Market Realist) FireEye (FEYE), a leading player in the cybersecurity space, is scheduled to announce its fiscal 4Q17 earnings on February 8, 2018. Analysts expect the company to report revenue and non-GAAP (generally
Emily Biggs Security Champion Women in IT Awards (Infosecurity Magazine) Emily Biggs Security Champion Women in IT Awards
Cylance Committed to Trust, Appoints Chief Privacy Officer (BusinessWire) Cylance® Inc., the company that revolutionized the antivirus and endpoint protection industry with true AI-powered prevention that blocks malware, fil
Products, Services, and Solutions
New Lightweight Security Patching Agent (Waratek) Waratek has announced a new lightweight runtime plugin agent for fast and easy patching of known flaws, including long-term un-patched vulnerabilities.
Do you know your attack surface? (Sweepatic Blog) Think about the company you work for. How big is its digital footprint? 5 or 50 subdomains? Or 500? Which files are exposed? Do they leak sensitive information? How are new online assets reported? Is there an inventory of all assets?
Generali Global Assistance Partners with Deposits.com Corporation to Provide Comprehensive Identity Protection (Generali) Generali Global Assistance (“the Company”), a leader in the assistance industry since its founding in 1963 and part of the multinational Generali Group, today announced that it has implemented its proprietary and innovative identity and digital protection platform for Deposits.com Resources Corporation (“Deposits.com”). Deposits.com is now able to …
Perfetti Van Melle Turkey proves ISO/IEC 27001 compliance and secures its exclusive confectionery recipes (Netwrix) With Netwrix Auditor, the major confectionery manufacturer improved control over its IT environment to ensure security and compliance.
Comodo Partners with Optimus to Launch Thunder DNS - Affordable Cybersecurity for the Next Billion Internet Users (PR Newswire) Comodo Security Solutions Inc., a global innovator and developer of...
Japan firm Nihon Cornet to deliver BlackRidge next-gen cybersecurity (Security Brief) Japan-based network & cybersecurity provider Nihon Cornet Technology is working with defense provider BlackRidge Technology to deliver the solutions.
LogRhythm Wins Approval for Department of Homeland Security’s Cybersecurity Initiative (Digital Journal) LogRhythm, The Security Intelligence Company, today announced that its industry-leading NextGen Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA) solutions are now available under the Department of Homeland Security’s (DHS) Continuous Diagnostics and Mitigation (CDM) program.
Multi-risks in the Multi-cloud: An Industry Perspective (CSO Online) CSO offers the latest information and best practices on business continuity and data protection, best practices for prevention of social engineering scams, malware and breaches, and tips and advice abut security careers and leadership.
New Sophos Intercept X: The war against cyber criminals goes deep neural (Malaya Business Insight) False positives, a term used in cyber parlance to mean “false alarms” or “chasing shadows” are more time consuming than an actual threat or crisis. This is because the resources wasted on detecting a false positive is the same as when detecting a real threat. <br />
Palo Alto Networks Stretches Security Posture Across Big 3 Public (SDxCentral) Palo Alto Networks added multi-cloud capabilities to its Next-Generation Security Platform, extending support across the big three public clouds: Amazon Web
Orange Cyberdefense launches “Mobile Threat Protection” to enhance mobile security (ETCIO.com) Based on Check Point Sandblast mobile technology, Mobile Threat Protection embeds easy-to-deploy app that protects the device with accurate threat det..
Rapid7 Previews InsightPhish for Phishing Email Security (eWEEK) The new service aims to complement Rapid7's existing technologies and bring phishing email security into SecOps teams.
Hillstone and Flowmon Join Forces to Allow Customers to Build Complete Cybersecurity Platform (Digital Journal) Networks a leading provider of network security solutions, today
IBM QRadar and Cisco Firepower Partner for Advanced Threat Detection (Security Intelligence) The IBM QRadar App for Cisco Firepower delivers advanced threat detection and helps security analysts prioritize events from various sources of threat intelligence.
Sensato Cybersecurity Solutions Introduces Cybersecurity Last Line of Defense (PRWeb) Sensato Cybersecurity Solutions is introducing Sensato-Nightingale, a cybersecurity solution designed by cyber attackers to catch cyber attackers
Antivirus without false positive alerts: 5 best solutions for Windows 10 (Windows Report) The best 5 antivirus without false positive programs are reviewed below; so read these guidelines in order to install the right security solutions for your Windows 10 configuration.
This platform wants to address cyberthreats at the edge (C4ISRNET) PacStar and Fidelis Cybersecurity have teamed to deliver a rugged tactical cyberthreat detection and response system for mobile war fighters.
Technologies, Techniques, and Standards
Making Security Awareness Work in 2018 – Get SMARTER (Infosecurity Magazine) It's not too late to create a SMARTER security awareness and training program.
6 use cases for blockchain in security (CSO Online) Blockchain has the potential to improve encryption and authentication, and that could be good news for IoT security and DDoS protection.
3 Golden Opportunities to Mitigate Network Cyber Attacks (Bricata) Effective network security provides 3 opportunities to detect and mitigate cyber threats: at the initial download; during communication between endpoint and router; and the lateral movement of files or malware within the network. #idp #ids #networksecurity
Safer Internet Day: 3 things your social networks can do for you (Naked Security) It’s Safer Internet Day 2018, and there are things you can do for your social networks…and things they can do for you.
Safer Internet Day: 3 things you can do for your social networks (Naked Security) It’s Safer Internet Day 2018, and there are things your social networks should be doing… and things you can do for them.
Why Every Company Should Consider Creating a “Cyber No-Fly List” (Harvard Business Review) Threat intelligence can help firms stop malicious traffic.
Keeping kids safe online – trying to practice what I preach (Naked Security) My approach to keeping my kid safe online is easy right now because she’s a baby and it’s all fully under my control. My main concern is her future privacy, and I know it only gets hard…
Design and Innovation
Cyberwarfare is taking to the skies, aboard drones (MIT Technology Review) Hovering computers will make it increasingly possible to hack equipment that doesn’t connect directly to the internet.
Detecting New Threats via Contextual Information and Reputation (TrendLabs Security Intelligence Blog) Cybercriminals are constantly looking for new strategies to defeat security solutions and improve the success of their attacks.
Research and Development
IBM to expand major cybersecurity lab in Beersheba (The Jerusalem Post) The company employs thousands of Israelis across the country.
Academia
How Do You Know If Something Online Is Real or Fake? Trend Micro Asks Students to Answer in Annual Video Contest (BusinessWire) Trend Micro Incorporated today announced its 2018 “What’s Your Story?” contest during the US Safer Internet Day 2018 event in Austin, TX.
Why cybersecurity skills should be taught at business schools (TechRepublic) To be more secure, organizations need leaders who understand cybersecurity. If they want to accomplish either of those goals, companies and business schools need to become more tech and cyber savvy.
News and Events – S&T’s cybersecurity offerings strengthen employment credentials of business students (Missouri S&T) To address the growing need to protect online infrastructures and equip business students and executives for success in this arena of the global workplace, Missouri University of Science and Technology has added a cybersecurity and information assurance minor to its bachelor’s degree programs in business and management systems and information science and technology, as well as a graduate certificate in cybersecurity for its MBA and M.S. in information science and technology.
Grant to Fund Facility Upgrades for Information Security and Intelligence Cyber Competition Center (Ferris State University) Three rooms on the first floor of the College of Business Building will be renovated to provide Ferris State University’s Information Security and Intelligence program the capability to host cyber competitions while allowing faculty to deliver synchronous two-way online interactive instruction.
Louisville eighth grader working with Microsoft to combat cyber bullying (WDRB) A Louisville teenager is doing what she can to get the word out about online safety, and she is partnering with one of the world’s biggest companies to do it.
Audit: UW System hasn’t protected computer systems (The Seattle Times) A new state report indicates the University of Wisconsin System hasn't developed a comprehensive computer security program. The Legislative Audit Bureau's report Tuesday found the UW Information Assurance Council established authentication, data classification, security awareness, incident...
Legislation, Policy, and Regulation
Senate cryptocurrency hearing strikes a cautiously optimistic tone (TechCrunch) In a hearing today before the Senate Banking Committee, SEC Chairman Jay Clayton and Commodity Futures Trading Commission Chairman Christopher Giancarlo..
The SEC Is Mad About All These ICOs, Wants the Government to Regulate Cryptocurrency Trading (Motherboard) The commission may need new powers, chairman Jay Clayton told the US Senate.
The SEC Chairman Will Tell Congress He Supports Regulating Cryptocurrency Trading (Motherboard) The chairman will testify on Tuesday morning.
What is Cryptocurrency And Where Did It Come From? (The Merkle) In its barest form, cryptocurrency is a digital medium of exchange, designed to be purchased, exchanged, and utilized for a variety of services. It is an intangible form of currency, having no physical ...
New Bill Would Moot Microsoft Ireland Case — And Much More! (Just Security) A bipartisan group of Senators introduced the Clarifying Lawful Overseas Use of Data, or CLOUD, Act– a bill that authorizes the executive to enter into bilateral and multilateral agreements so as to to facilitate cross-border access to data in the investigation of serious crime.
Cyber adversaries could benefit from State Department shortcomings (Fifth Domain) Experts said downgrading the Office of the Coordinator for Cyber Issues at the Department of State sends a message to foreign nations that hacking the U.S. may offer immediate rewards and delayed response.
Pentagon’s No. 2: Dismissing cyber risks is like ignoring smoking dangers (C4ISRNET) The Pentagon and its contractors need to take a more rigid and uncompromising approach to cybersecurity, a change in philosophy that would require a more active role from CEOs and industry leaders.
Pentagon No. 2 foreshadows future of ‘uncompromising’ cyber-hygiene (FedScoop) The Defense Department’s No. 2 official hinted Tuesday of a future in which the military’s cybersecurity is “uncompromising” and good cyber-hygiene is a condition of business.
The case for hiring a federal cyber officer (TheHill) The federal and the public sector alike have traditionally lagged on understanding and adopting better cybersecurity practices.
Litigation, Investigation, and Law Enforcement
Suspect arrested for cyber attacks on Dutch tax service; Bunq (NL Times) The police arrested an 18-year-old man from Oosterhout in connection with multiple DDoS attacks on the Tax Authority, tech site Tweakers and internet provider Tweak last week, as well as on online bank Bunq in September last year. The man was arrested on Thursday, February 1st, the police said in a statement on Monday. In a DDoS attack large amounts of data is sent to the targeted site, overloading the site's server and thereby crashing the site.
IG poised to reignite war over FBI’s Clinton case (TheHill) Few people have heard of Michael Horowitz, but that’s about to change.
Where’s the Beef? The House Intelligence Committee Memo Provides Few Answers and Leaves Many Questions (Foreign Policy Research Institute) After touting its content with almost breathless anticipation, the Republican majority of the House Permanent Select Committee on Intelligence (HPSCI) last week secured President Donald Trump’s approval to declassify and publicly release the memorandum prepared by the Republican majority’s staff provocatively titled “Foreign Intelligence Surveillance Act Abuses at the Department of Justice and the Federal Bureau of Investigation” (the “HPSCI Memorandum”).
Uber: We had “no justification” for covering up data breach (Ars Technica) Republican senator: data breach incident “raises red flags within this committee.”
Uber Defends Bug Bounty Hacker Program to Washington Lawmakers (Bloomberg.com) Uber’s information security chief, John Flynn, defended the company’s practice of paying hackers to find security flaws as he faced lawmakers over a data breach in 2016 where hackers stole the personal information from 57 million people.
U.S. Senate Hearing - Data Security and Bug Bounty Programs: Lessons Learned (HackerOne) Today, HackerOne was invited to testify in front of the U.S. Senate Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security. We are honored to join the Senate and leaders in our industry to discuss the role hackers can play in strengthening security.
We got a great glimpse into how Google figured out when a star former engineer allegedly stole 14,107 files (Business Insider) One of Google's forensic security engineers took the stand on Tuesday in day two of the ongoing Uber-Waymo trial.
Court Considers Cold War Secrecy Over Muslim Surveillance (New York Law Journal) The New York Police Department overstepped its reach when it used a Cold War-era legal tactic to conceal information about whether it put two Muslim men under surveillance a lawyer representing the men argued Tuesday before New York's highest court.