Cyber Attacks, Threats, and Vulnerabilities
Winter Olympics’ Security on Alert, but Hackers Have a Head Start (New York Times) Some computer systems connected to the 2018 Games in Pyeongchang, South Korea, have already been compromised, experts said. The big question is what happens next.
Now that's taking the p... Sewage plant 'hacked' to craft crypto-coins (Register) Mining Monero on SCADA networks? Why can't you kids be normal and just DDoS
Gojdue Variant Eludes Microsoft, Google Cloud Protection, Researchers Say (Threatpost) Researchers have identified a new ransomware strain that went undetected by built-in anti-malware protection used by cloud heavyweights Microsoft and Google as recently as January.
Google and Microsoft failed to detect zero-day ShurL0ckr ransomware (2 Spyware) New zero-day ransomware detected on both Google and Microsoft cloud servers. The new file-encrypting virus was detected on Google and Microsoft cloud services. Researchers report
Crypto-Mining Malware May Be a Bigger Threat than Ransomware (Security Boulevard) Crypto-Mining Malware is Crippling Enterprise Networks Cryptocurrencies such as Bitcoin and Ethereum have gone mainstream; it seems like everybody and their brother is looking to buy some crypto and get their piece of the digital currency gold rush. Hackers want a piece of it, too. In addition to hacking ICO’s and cryptocurrency exchanges, they’re using… Read More The post Crypto-Mining Malware May Be a Bigger Threat than Ransomware appeared first on .
How IoT botnets affect the 'internet of money,' cryptocurrency (IoT Agenda) We know botnets can wreak havoc, but what about IoT botnets? And how will they affect cryptocurrencies? Nexsoftsys's James Warner discusses.
Tennessee Hospital Hit With Cryptocurrency Mining Malware (Dark Reading) Decatur County General Hospital is notifying 24,000 patients of cryptocurrency mining software on its EMR system.
Cryptocurrency Marketplaces Hit by a Spectrum of Attacks Amidst Major Shifts in Cybercrime, Reveals New ThreatMetrix Report (BusinessWire) ThreatMetrix®, The Digital Identity Company®, today revealed a 113 percent year-over-year increase in cyberattacks in Q4 2017, as both the volume and
Insurance Customers’ Personal Data Exposed Due to Misconfigured NAS Server (Threatpost) The vulnerability also exposed login credentials for a massive national insurance claims database, Upguard says.
Sacramento Bee Leaks 19.5 Million California Voter Records, Promptly Compromised by Hackers (Gizmodo) Last month, a local California newspaper left more than 19 million voter records exposed online. Gizmodo confirmed this week that the records were compromised during an apparent ransomware attack.
Swisscom Breach Hits 10% of Swiss Population (Infosecurity Magazine) Swisscom Breach Hits 10% of Swiss Population. Telecoms firm says intruders got in via sales partner
New POS Malware Steals Data via DNS Traffic (Dark Reading) UDPoS is disguised to appear like a LogMeIn service pack, Forcepoint says.
Hacker group manages to run Linux on a Nintendo Switch (TechCrunch) Hacker group fail0verflow shared a photo of a Nintendo Switch running Debian, a distribution of Linux (via Nintendo Life). The group claims that Nintendo..
This phishing trick steals your email and then fools your friends into downloading malware (ZDNet) Researchers have noticed a sudden spike in a phishing attack that sends malware-ridden attachments as replies to real email conversations.
WordPress denial-of-service attacks – how real is the problem? [VIDEO] (Naked Security) Reports suggest that “29% of all websites are easy to DoS” thanks to what’s being called a WordPress security flaw – here are the facts.
Mobile security firm says it defeated Strava’s privacy feature with simple geometry (The Verge) Wandera pointed out the problem to Strava back in June
Trustwave Find Multiple Vulnerabilities in NETGEAR Broadband Routers (ISPreview UK) Digital security specialist Trustwave has this evening detailed 5 recently discovered vulnerabilities in NETGEAR routers, which affects multiple models and
Multiple Vulnerabilities in NETGEAR Routers (Trustwave) Last year I discovered multiple vulnerabilities in NETGEAR products. Now that these vulnerabilities have gone through the disclosure process and have been patched we can discuss the technical details. TWSL2018-002: Password Recovery and File Access on Some Routers and Modem...
Apple iPhone source code leaks on GitHub (CRN Australia) Apple's reputation for security takes another hit.
Apple’s iOS source code leak – what you need to know (HOTforSecurity) What's happened? Earlier this week someone anonymously published a key piece of Apple's iOS source code onto GitHub. Which bit of iOS was it? It was an integral part of iOS known as "iBoot" - the section of code which controls the security of your iPhone... #appleios #sourcecodeleak #vulnerability
UDPoS - Exfiltrating Credit Card Data via DNS (Forcepoint) In the current era of mass malware it's becoming increasingly rare to find something beyond the ‘usual suspects’ we see being spread by high-profile botnets on a regular basis. However, in amongst the digital haystack there exists the occasional needle: we recently came across a sample apparently disguised as a LogMeIn service pack which generated notable amounts of 'unusual' DNS requests. Deeper investigation revealed something of a flawed gem, ultimately designed to steal magnetic stripe payment card data: a hallmark of ATM/PoS malware.
Facebook HOAX! New algorithm will NOT only show you 26 friends (Naked Security) “Guess what, friends…. Facebook’s algorithm now chooses your 26 FB friends.” No, no it doesn’t.
Diverting Employees’ Payroll Direct Deposits: The Latest Wave of Phishing Scams (Ogletree Deakins) Employers beware: Companies are experiencing a wave of phishing scams that target employee paychecks.
Hidden PDF Trojan in Startup India Website (Infosecurity Magazine) I was recently analysing the Indian government website startupindia.gov.in after recently gaining recognition from Startup India for my new company.
Researchers are sounding the alarm on cyberbiosecurity (Fifth Domain) About two years ago, James Clapper, then the U.S. director of national intelligence, officially added genome editing to a list of threats posed to national security.
Symantec's untrusted certificates: How many are still in use? (Search Security) A security researcher found that a significant number of popular websites are still using untrusted certificates from Symantec, which will be invalidated this year.
'Minecraft' Data Mining Reveals Players’ Darkest Secrets (Motherboard) A Minecraft fan is using data-mining techniques to retrieve players’ in-game journals and correspondence, some of which is inspiring, depressing, and absurd.
Security Patches, Mitigations, and Software Updates
WordPress users – do an update now, and do it by hand! (Naked Security) The automatic update to WordPress 4.9.3 broke automatic updating, so the emergency update to 4.9.4 means you need to click a button.
WordPress Holds "Epic Fail Week" - Devs Break Background Updates, Ignore Zero-Day (BleepingComputer) Questionable patching on the part of the WordPress CMS team has caused lots of headaches for WP site owners this week.
Hotspot Shield Flaw Fixed After Report of Potential User Information Leak (Axcess News) Security researcher finds flaw in Hotspot Shield that leaks user information. AnchorFree responds with quick fix and denies severity of bug.
Cyber Trends
CISOs Wary Of Threat Intelligence Accuracy, Quality: Study (CXOtoday.com) In a world where cyber criminals are becoming increasingly stealthy and sophisticated—with new threats on the rise ranging from ransomware to DNS hijacking—it is ineffective and costly for companies to defend themselves against cybersecurity threats alone.
81% of Cybersecurity Pros See Value in Threat Intelligence (Infosecurity Magazine) 68% of organizations are currently creating or consuming threat data.
2017 State of Cybersecurity in Florida (Issuu) The Florida Center for Cybersecurity is proud to share The State of Cybersecurity in Florida report.
ERPScan experts decide on the major cyber risks for various industries 2017 (ERPScan) ERPScan experts estimated cyber risks for various industries.
Lack of Investments in Training and IT GRC Holding Back Cybersecurity Maturity, Finds MetricStream Survey (PR Newswire) MetricStream, the independent market leader in governance, risk, and...
76% of local government organisations suffered a cyber attack in the past year (IT PRO) Many IT professionals are unsure how to combat the rise in attacks
Half of web users are faking their data due to security fears (Sky News) New research suggests that almost 50% of people on the internet have falsified data in online forms to protect themselves.
Check Point CEO: Most enterprises generations behind in cyber security (Channelnomics) The average enterprise hasn't made it past app security, Gil Shwed tells conference
Marketplace
Poor data practices can ruin a company, research claims (IT Pro Portal) People will not do business with companies known for misuse of personal data.
Qualcomm rejects Broadcom’s $121 billion bid (TechCrunch) The largest tech acquisition offer in history wasn't enough. Qualcomm's board of directors issued a statement on Thursday saying that they are turning down..
Cyber security star Sophos sees share price slump, but there’s a much more interesting underlying story here, (Shares Magazine) Today’s third quarter update from UK cyber security firm Sophos (SOPH) makes for interesting reading.
FireEye reports first-ever adjusted quarterly profit, shares jump (Reuters) Cyber security firm FireEye Inc on Thursday reported its first-ever quarterly adjusted profit since going public in 2013, highlighting gains from the company's shift to a subscription model and its cost-cutting efforts.
Akamai Announces 400 Layoffs Seeking Cost Reduction (ReadITQuik) The 400 layoffs mark 8% of the global workforce of the company
Crowdsourcing cyber threat defense (GCN) With input from communities of professional cyber threat analysts and white-hat hackers, 418 Intelligence analyzes threat risks and countermeasures.
Wombat Security team staying in Pittsburgh after $225M acquisition (Pittsburgh Tribune) A Pittsburgh cybersecurity firm will stay local and grow after it was purchased for $225 million. Proofpoint, a Silicon Valley cybersecurity company, this week announced ...
What Wombat will look like post-acquisition (Pittsburgh Business Times) The local company was recently acquired for $225 million.
Cybersecurity firm Verodin moving HQ to Tysons (Fairfax News) Verodin, a security instrumentation firm, announced its new global headquarters in Tysons Thursday, at a ceremony attended by business, political and defense leaders.
Bandura Systems Appoints Prominent Security Executive Chris Fedde as CEO (GlobeNewswire News Room) Internet industry veteran to take the lead of fast-growing cyberthreat prevention company as it expands in a new market segment
Secureworks names Haydon as new chief revenue officer (Telecompaper) Secureworks appointed Geoff Haydon, longtime RSA and EMC executive, as its chief revenue officer.
World’s First Blockchain Compliance Protocol Hooks Former Amex, IBM, Oracle Consultant as CTO (Digital Journal) The Prefacto Compliance Protocol is at the core of iComplyICO and makes it possible for ICO issuers and investors to be assured that legal, financial and regulatory compliance procedures are adhered to throughout the lifecycle of the token, enabling the token itself to monitor and report AML, KYC, and a myriad of other compliance matters with jurisdictionally specific considerations on every transaction.
Products, Services, and Solutions
Mimecast Commits to GDPR Compliance for Customers (GlobeNewswire News Room) Mimecast Limited (NASDAQ:MIME), a leading email and data security company, today announced its commitment to helping customers comply with the General Data Protection Regulation (GDPR), a new European privacy regulation due to take effect on May 25, 2018
KnowBe4 Introduces New Feature: Industry Benchmarking (KnowBe4) KnowBe4 Introduces New Feature: Industry Benchmarking - compare your organization’s Phish-prone percentage™ with other companies in your industry.
UPDATE — Check Point Software Announces CloudGuard: Complete Gen V Cyber Protection for the Cloud (StockGuru SmallCap Alerts on Penny Stocks) Check Point® Software Technologies Ltd. (NASDAQ:CHKP), a leading provider of cyber-security solutions globally, has today announced…
Kaspersky bundles security products into single solution (IT Business) Kaspersky Lab is amalgamating some of its cybersecurity products into a single platform called Kaspersky Threat Management and Defense solution. In addition
Check Point Software Technologies to support Orange Cyberdefense with launch of mobile threat protection (SecurityInfoWatch) New Enterprise Mobility Security Service designed to address growing number of mobile cyber attacks
Gemalto, Entrust Datacard Pair On Payment Cards (PYMNTS.com) Gemalto, the digital security company and payment card supplier, announced news on Wednesday (Feb. 7) that it is joining forces with Entrust Datacard, a provider of identity and secure transaction technology solutions, to provide a Software-as-a-Service (SaaS)-based instant issuance solution for U.S. financial institutions. In a press release, the companies said that instant issuance began […]
The Bunker and IBM protect data by spreading it across the UK (Computing) Storing data in ex-nuclear facilities is only the start of The Bunker's protection proposition
GT Maritime Selects Lastline to Protect Shipboard Email Systems From Malware, Protecting Ships and Cargo, and Keeping Crews Connected (PR Newswire) Lastline Inc., the leader in advanced network-based malware...
Owl Cyber Defense Solutions Integrates with GE Bentley Nevada System 1 (GlobeNewswire News Room) New Combined System Greatly Increases Safety, Efficiency, and Security
Cylance Expands Availability of First AI-Based Consumer Endpoint Protection Platform: CylancePROTECT Home Edition (BusinessWire) Cylance® Inc., the company that revolutionized the antivirus and endpoint protection industry with true AI-powered prevention that blocks malware, ran
Technologies, Techniques, and Standards
How CISOs and Security Leaders Are Managing Evolving Global Risks to Safeguard Data (Ankura) Each year, new threats emerge faster than organizations can improve their defenses. Despite this perpetual challenge, security leaders continue to develop innovative strategies, adopt new tools, and assemble talented teams to combat information uncertainty. From the rise of cloud-computing to the evolving regulatory landscape, there are a myriad of issues to address.
22 Ransomware Prevention Tips (The State of Security) Dealing with the aftermath of ransomware attacks is like Russian roulette, where submitting the ransom might be the sole option for recovering locked data.
Don’t Let Your Out Of Office Message Become Phish Food (Infosecurity Magazine) How an out of office message can unintentionally create a security risk for the organization.
Exposing the Culture of Compliance Cramming (Security Boulevard) The latest PCI requires companies show evidence of continuous compliance, going well beyond the pass-or-fail audit of years past? Too many companies, however, are guilty of "compliance cramming."
Maturity in Your Cybersecurity Culture (Infosecurity Magazine) ENISA has published the most comprehensive and applicable recommendations and structure for setting up and running a successful security culture program.
A corporate culture of cyber security awareness (Virtual College) When cyber security is still a big problem for most corporate cultures. Is this reality or will cyber security continue to be a business dream?
Cyber Activities at the National Training Center Support Real World Operations (DVIDS) U.S. Army Cyber Command (ARCYBER) is using the Cyber-Electromagnetic Activities (CEMA) Support to Corps and Below (CSCB) program at the Army's Combat Training Centers to develop and test CEMA concepts and operational cyber support to those units.
Design and Innovation
The Embedded Cybersecurity TrendThe Embedded Cybersecurity Trend (Automation World) Though IT and software-based approaches to industrial cybersecurity will continue to be critical aspects of automation system security, embedded...
Research and Development
The Brute Force Of IBM Deep Blue And Google DeepMind (Forbes) There are interesting parallels between one of this week’s milestones in the history of technology and the current excitement and anxiety about artificial intelligence (AI). Bottom line: Beware of fake AI news and be less afraid.
New silicon chip for helping build quantum computers and securing our information (News | University of Bristol) Researchers at the University of Bristol’s Quantum Engineering Technology Labs have demonstrated a new type of silicon chip that can help building and testing quantum computers and could find their way into your mobile phone to secure information.
DHS S&T Awards $5.6M to Improve Cybersecurity Research (Newswise) DHS S&T awarded a total of $5,643,466 across seven organizations to develop new tools to arm researchers with the latest insight and an increased collection of cybersecurity incident data to understand and counter cyberattacks.
An AI That Reads Privacy Policies So That You Don't Have To (WIRED) Polisis, a machine-learning-trained tool, automatically produces readable charts of where your data ends up for any online service.
Academia
Blockchain 101: Law Schools Tackle the New Frontier (New York Law Journal) Law schools noticed the boom in interest around blockchain through the end of 2017 and they are now working hard to try to develop content around it.
Legislation, Policy, and Regulation
Cyberspace Vulnerability Factors (Modern Diplomacy) The fact is, contrary to what the majority of people think, “Cyberspace” is not a virtual and unrealistic space. In fact, the use of virtual words has led to the misleading of individuals and ideas in this area. Real space cyberspace is a new field for impact and as a result of friendship, cooperation, competition, […]
China’s Fourth Industrial Revolution: Artificial Intelligence (Cipher Brief) Bottom Line: China’s nationwide pursuit to become the world leader in artificial intelligence (AI) is an attempt to not only match U.S. economic power, but to bypass it geo-strategically.
Course internationale autour de la physique quantique (Le Temps) La Chine multiplie les initiatives et les projets spectaculaires en matière de communications quantiques, un domaine dont elle était totalement absente il y a moins de vingt ans. Après avoir formé les experts chinois, l’Europe et les Etats-Unis peuvent perdre leur leadership
A Plan to Thwart Russian Meddling (The New Atlanticist – Medium) US Rep. Will Hurd [R-TX] has a strategy to check Russian meddling in the midterm elections later this year and the US Department of Homeland Security would have a pivotal role in that plan.
George W. Bush says Russia meddled in 2016 U.S. election (Los Angeles Times) Former President George W. Bush said on Thursday that "there's pretty clear evidence that the Russians meddled" in the 2016 American presidential election, forcefully rebutting fellow Republican Donald Trump's denials of Moscow trying to affect the vote.
Anti-China bill being softened after U.S. companies complain (Reuters) Proposed legislation in Congress aimed at preventing China from acquiring sensitive technology is being softened after protests by big U.S. companies that fear a loss in sales, four people with knowledge of the matter said this week.
Three tech problems the Navy and Marines are worried about (Fifth Domain) Leaders from the Navy and Marine Corps highlighted technical problems that could lead to long-term difficulties for the Pentagon.
Litigation, Investigation, and Law Enforcement
Uber data breach aided by lack of multi-factor authentication (Naked Security) How to bolt a stable door when the horse is already miles down the road…
Putting Lawyers in Charge of Investigations Does Not Assure Privilege Protection (Password Protected) Corporations' investigations generally deserve (1) privilege protection only if the corporations are primarily motivated by their need for legal advice; an
FireEye spent $12.5M on legal settlement costs last quarter (CIO) FireEye has revealed that it spent US$12.5 million in net legal settlement costs during the three months ending December 2017.
Fed. Circuit Urged To Make Army Consider Palantir Software (Law360) Palantir Technologies Inc. urged the Federal Circuit on Thursday to uphold a lower court’s finding that the company was wrongly shut out of the running for a $206 million U.S. Army intelligence software contract, saying the service branch unnecessarily set out to develop a custom system and failed to conduct legally required research into available commercial options.
Google fined $21.1M for search bias in India (TechCrunch) Another antitrust fine for Google. India's competition commission has issued a 1.36BN rupees (~$21.1M) penalty on the search giant for abusing its dominant..
Motherboard Files Legal Complaint Against Metropolitan Police for Malware Purchase (Motherboard) London police have refused to explain why an officer bought powerful spyware that was marketed for spying on a user's spouse.