Cyber Attacks, Threats, and Vulnerabilities
Winter Olympics hit by cyber-attack (BBC News) The website for the Games suddenly went offline on 9 February after being attacked, officials say.
Researchers: We Found the Olympic-Disrupting Malware (Motherboard) They're calling the malware 'Olympic Destroyer' and say they have "moderate confidence" that it was used to disrupt the Opening Ceremony.
Olympics attack aimed at disruption, say Cisco researchers (iTWire) Researchers at Cisco's Talos Group say they are fairly sure that a cyber attack during the opening ceremony of the Winter Olympics on Friday, using Wi...
Hackers attacked the opening ceremony of the Winter Olympics. The question is who they were. (Vox) The two main suspects are Russia and North Korea.
Eset rejects allegations raised by Russia of cooperation with the CIA (Slovak Spectator) Slovak cyber security company stresses that one of its principles is to stay neutral on any political or geopolitical issue.
Skype can't fix a nasty security bug without a massive code rewrite (ZDNet) The bug grants a low-level user access to every corner of the operating system.
‘We’re still training Kashmiris for jihad,’ Hizbul leader claims (Asia Times) Commander laughs off his designation as a global terrorist in an exclusive interview with Asia Times
Necurs Spammers Go All In to Find a Valentine's Day Victim (Security Intelligence) The cybergang behind the Necurs botnet launched a massive romance-themed spam campaign in the lead up to Valentine's Day, impersonating single Russian women looking for dates online.
Valentine’s Day Sends Mobile, Online Dating Scammers on the Prowl (Security Boulevard) In a month where match-making is in high demand, we took a look at recent trends around online dating sites using Webroot Brightcloud Threat Intelligence Platform. What did we find? Valentine’s Day sends...read more The post Valentine’s Day Sends Mobile, Online Dating Scammers on the Prowl appeared first on Webroot Threat Blog.
Deciphering Confucius’ Cyberespionage Operations (TrendLabs Security Intelligence Blog) We stumbled upon the Confucius hacking group while delving into Patchwork’s cyberespionage operations. Confucius targeted a particular set of individuals in South Asian countries, such as military personnel and businessmen, among others.
‘I Lived a Nightmare:’ SIM Hijacking Victims Share Their Stories (Motherboard) Nine victims of SIM hijacking—an increasingly popular scam—share their stories.
BitGrail Cryptocurrency Exchange Claims $195 Million Lost to Hackers (Fortune) But claims of a hack have been greeted with widespread suspicion
Crypto-Wars: Bitgrail Hits Back at Dev Team After $170m Theft (Infosecurity Magazine) Crypto-Wars: Bitgrail Hits Back at Dev Team After $170m Theft. Crypto-exchange founder now claims Nano developers defamed him
Lazarus Rises Again with Aggressive Bitcoin-Stealing Campaign (Infosecurity Magazine) The campaign uses implants that have never before been seen and indicate a newly sophisticated level of attack.
Someone hacked this advertising screen to mine Bitcoin (HackRead) In today's world everyone wants Bitcoin and in today's news hackers have hacked advertising screen to mind Bitcoin with NiceHash code.
Researchers find Javascript cryptomining code in 19 Android apps (Computing) Cyber crooks are intent on hiding cryptomining code in Android apps
Cryptocurrency Mining Hack That Compromised Thousands of Sites ‘Could Have Been a Catastrophe’ (Motherboard) UK and US government sites were affected.
Hackers Used Ontario Government and CAMH Websites to Mine Cryptocurrency (Motherboard) Hackers hijacked a popular plugin.
Creators of In-Browser Cryptocurrency Miner 'Coinhive' Say Their Reputation Couldn't Be Much Worse (Motherboard) Hackers are planting code on websites designed to use visitors’ computers to mine cryptocurrency. The creators of Coinhive, one of the most popular variants, say they didn’t see it coming.
The harmful drive-by currency mining scourge shows no signs of abating (Ars Technica) One attack sneaks coin-mining malware onto 4,300 sites. Another targets Android users.
In Iceland, bitcoin mining will soon use more energy than its residents (Ars Technica) “I could not have predicted this trend—but then bitcoin skyrocketed.”
Flashpoint - Inside a Twitter ‘P[0]rnbot’ Campaign (Flashpoint) Flashpoint analysts recently investigated the trend of adult entertainment-themed Twitter bots known as p[0]rnbots, which post tweets with hashtags containing popular brand names alongside random, unrelated terms.
Study shows which phishing attacks most successful (SC Media UK) People are predictable when it comes to designing phishing attacks with messages concerning money getting the most clicks.
Don't fall for this elaborate WhatsApp phishing scam (Trusted Reviews) Thousands of users are falling victim to a new scam on WhatsApp. Here's how to make sure you don't fall into the same trap.
Beware the ‘celebrities’ offering you free cryptocoins on Twitter (Naked Security) Who CAN you trust if you can’t trust @DoonaldTrump65, promising Ethereum to all comers like he’s a cryptocurrency version of Oprah Winfrey?
5 Questions on Cryptomining Answered with Bryan York of CrowdStrike (Best Endpoint Security Protection Software and Vendors) We asked Bryan York, Director of Services at CrowdStrike, 5 questions on cryptomining and what it means for your business.
New Hack Can Steal Data From Devices in Faraday Cages (Motherboard) Last year Wikileaks released documents detailing how attackers can compromise offline computers. This new study goes one step further, exposing the fallibility of Faraday cages
MY TAKE: Here’s how the U.S. economy would lose $15 billion from a 3-day cloud outage (Security Boulevard) Cyber attack scenarios have become fairly common. It doesn’t take too much imagination to conjure plausible assumptions and project Armageddon-scale damages attributable to crippling cyber attacks. One prime example is the Herjavec Group’s 2017 cybercrime report which suggests damage caused by cyber criminals is climbing towards a whopping $6 trillion in annual global encomic damage
Dissidents Have Been Abandoned and Besieged Online (Motherboard) Neither governments nor the cybersecurity community have taken enough responsibility for protecting human rights activists from hacking and surveillance.
Security Patches, Mitigations, and Software Updates
February Patch Tuesday forecast: Key updates to act on (Help Net Security) We all know that on a month-to-month basis there is not a lot of important patch information we need to convey up to management or down to our users.
Verizon kills unlocked-phone policy by temporarily locking phones to its service (CNET) It had previously sold all its phones unlocked, allowing you to swap SIM cards and use other carriers immediately.
Netflix warning over Intel's latest Meltdown fix that could cause CPU latency spikes of 8,000 per cent (Computing) New Meltdown patches from Intel still have issues...
Cyber Trends
New Research from Advanced Threat Analytics Finds Mssp Incident Responders Overwhelmed by False-Positive Security Alerts (Advanced Threat Analytics Inc) Incident responders waste hours each day investigating false-positive security alerts; manpower requirements stress MSSP business models
9 in 10 Cybersecurity Leaders Concerned About Sharp Rise in Digital Threats, RiskIQ CISO Survey Finds (RiskIQ) Lack of internal resources and exploding cybercrime a ‘perfect storm’ for CISOs and their teams San Francisco
What CISOs prioritize in order to improve cybersecurity practices (Help Net Security) A new survey has unveiled what what CISOs prioritize. 35 percent of CISOs surveyed said that employee training is a top priority for improving security posture in the financial sector.
Despite costly breaches, channel customers target remediation over prevention (Channelnomics) Both enterprises and SMBs showing channel a lack of urgency in taking preventative measures
Consumers want more IoT regulation (Help Net Security) According to a study from Market Strategies International, consumers who understand IoT technologies want more IoT regulation.
Network Security Policy Management Solutions (NSPM) Enhance Change Management, Application & Business Continuity, Cloud Migrations and Disaster Recovery (GlobeNewswire News Room) New survey from Enterprise Management Associates reveals that NSPM solutions improve the security posture through better visibility, change and compliance management processes
Never Mind Malware – Social Engineering Will Be Your Biggest Threat This Year (Infosecurity Magazine) A much bigger threat comes in the form of the increasingly advanced deceptive techniques used by criminals to reach their targets.
Marketplace
General Dynamics Buying CSRA for $6.8 Billion (Wall Street Journal) General Dynamics said it agreed to buy CSRA for $6.8 billion as part of the defense contractor’s push into government IT services.
CSRA deal will determine whether General Dynamics is past its M&A troubles (Washington Business Journal) “Our M&A process was broken in that we bought some businesses that were somewhat problematic. We’re past that,” says General Dynamics CEO Phebe Novakovic.
FireEye: This Turnaround Story Gains Momentum (Seeking Alpha) Internet security firm FireEye was one of the few stocks that rose in the market downdraft last week. Better than expected fourth quarter results spark a rash o
Why a FireEye Deal Makes Some Sense for Microsoft Corporation (InvestorPlace) FireEye makes a sensible acquisition target for Microsoft. Don't buy MSFT stock just because of the possibility, but it sure doesn't hurt the bullish argument.
Google-Nest merger reawakens privacy worries (Naked Security) One observer said it “would be naive” to expect that a combined Google/Nest wouldn’t bring all the platforms and all the data together.
Thoma Bravo completes Barracuda Networks acquisition (PE Hub) Thoma Bravo has closed its previously announced buyout of Barracuda Networks Inc, a provider of cloud-enabled security and data protection solutions. The deal is valued at $1.6 billion. Goldman Sachs, Credit Suisse and UBS Investment Bank served as financial advisers to Thoma Bravo on the transaction.
Infocyte Series B Funding and New CEO Fuel Market Expansion of Leading Threat Hunting Platform (Infocyte) Infocyte, the threat hunting leader, today announced the close of a $5.2 million Series B funding round and welcomed seasoned Fortune 500 technology executive Curtis Hutcheson as CEO.
France's Thales sees more cybersecurity sales after strong 2017 (Reuters) French defense electronics group Thales enjoyed a jump in sales at its cybersecurity business in 2017 and expects further strong growth in the coming years, said executive Laurent Maury.
Why the IT industry is deserting UK's 'Silicon Valley' (and where everyone is going instead) (CRN) The Thames Valley has homed the IT industry for 30 years. As that changes, this is where the country's next tech hubs are going to be located
Cyber Security Cluster Austria presents IT security solutions (GlobeNewswire News Room) High-ranking representatives from international authorities around the world met with players in industry and research in Austria's capital earlier this month at this year's Vienna Cyber Security Week 2018 (VCSW)
To keep growing, these bwtech@UMBC incubator grads didn't move far (Technical.ly Baltimore) As they get bigger or even get acquired, companies who went through the Catonsville startup program stay in Maryland.
One in Three SOC Analysts Now Job-Hunting (Dark Reading) The more experienced a SOC analyst gets, the more his or her job satisfaction declines, a new survey of security operations center staffers shows.
Equifax Names New CISO (Dark Reading) Former Home Depot CISO takes the reins in the wake of Equifax's massive data breach and fallout.
Products, Services, and Solutions
D3 Security Launches Guided Case Management; A Force Multiplier for Post-Incident Investigations and Digital Forensics (BusinessWire) D3 Security today announced the release of a Guided Case Management feature that supports efficient and disciplined post-incident investigations.
Technologies, Techniques, and Standards
You have five months to switch your website to HTTPS (Naked Security) Starting in July, Google Chrome will mark all HTTP sites as ‘not secure’.
4 reasons forensics will remain a pillar of cybersecurity (CSO Online) When protection fails, forensics can still prevail.
Polisis: AI-based framework for analyzing privacy policies in real time (Help Net Security) A group of researchers have developed Polisis, a framework for analyzing privacy policies. Polisis can be used to assign privacy icons to a privacy policy with an average accuracy of 88.4%.
How do you measure cybersecurity risk? (FederalNewsRadio.com) Rick Howard, chief security officer at Palo Alto Networks. discusses a wide range of security features offered by his company that could help your agency.
Tackling the insider threat: Where to start? (Help Net Security) Not all insider threats have to be malicious to cause an incident. How are you tackling insider threat within your organization?
Design and Innovation
UK outs extremism blocking tool and could force tech firms to use it (TechCrunch) The UK government's pressure on tech giants to do more about online extremism just got weaponized. The Home Secretary has today announced a machine learning..
The revolution of obfuscation for cybersecurity and threat intelligence (FCW) Without the proper protections, threat intelligence can do more harm than good.
Why banning autonomous killer robots wouldn’t solve anything (Aeon) Autonomous weapons – killer robots that can attack without a human operator – are dangerous tools. There is no doubt about this fact. As tech entrepreneurs such as Elon Musk, Mustafa Suleyman and other signatories to a recent open letter to the Un...
Research and Development
Scientists claim vanadium dioxide could transform aerospace and neuromorphic computing (Computing) Project backed by €3.9m of European Union funding
How large-scale quantum computers could become a security nightmare (Fifth Domain) If large-scale quantum computers are ever built, they may be able to break many of the public-key cryptosystems currently in use.
Seabed to Space: U.S. Navy Information Warfare Enriches Cyber Resiliency, Strategic Competition (DVIDS) The U.S. Navy Information Warfare (IW) pavilion concluded the three-day premier naval conference and exposition on the West Coast, WEST 2018, Feb. 8.
Academia
CyberPatriot Holds Proof of Concept for New CyberGenerations Program (GlobeNewswire News Room) The Air Force Association’s (AFA) CyberPatriot program announced today it has held a proof of concept for its new CyberGenerations program, designed to promote cyber safety for mature technology users, which is expected to launch late 2018.
Penn State Altoona students collaborate across disciplines on HAX competition (Penn State University) What began as an activity for the Security and Risk Analysis Club at Penn State Altoona, has grown to include entrepreneurs from the Sheetz Fellows Program. The two groups of students teamed up with the national security firm GRIMM to solve HAX challenges.
Legislation, Policy, and Regulation
Estonian Spies Understand the Russian Threat (Bloomberg.com) Finally, a comprehensive look at Putin's ambitions backed by real expertise.
US terror designations expose 3 international facilitators for Islamic State (FDD's Long War Journal) The US Treasury Department has further exposed the Islamic State's international network by designating three facilitators as terrorists. The men have operated in the Philippines, Somalia, Turkey and elsewhere. One of them operates a business in Turkey that has acquired drone components for the so-called caliphate.
Dark Money: How Militants Exploit Hawala to Fund Terror (The Cipher Brief) Moving money covertly through hawala networks remains one of the leading methods of terrorist financing while avoiding detection.
Lawmakers spar over how much to punish Chinese firms (Washington Examiner) Mike Conaway wants to bar two firms from getting federal contracts, but it could hurt U.S. companies.
Trump requests $3.3B for DHS cyber unit in 2019 (TheHill) The 2019 budget request is largely consistent with Trump's first proposal.
Amino Apps Makes the Case for Anonymity Online (WIRED) The saying goes, "On the internet, no one knows you're a dog." Is that a good thing for an app for teens?
Litigation, Investigation, and Law Enforcement
Facebook's use of personal data is illegal, German court rules (Computing) Berlin legislators uphold complaint of German consumer groups about Facebook's privacy Ts&Cs
Adam Schiff: Trump didn't release Democratic memo because court citations undermine 'vindication' (Washington Examiner) 'What's really going on here is that the president doesn't want the public to see the underlying facts.'
Marc Short: Adam Schiff intentionally sabotaged the release of House Intelligence Committee Democrats' memo (Washington Examiner) “We believe Congressman Schiff intentionally put in there methods and sources that he knew would need to be redacted. And if we redacted it,...
Did the NSA really use Twitter to send coded messages to a Russian? (Naked Security) A sequence of 12 NSA tweets are claimed to be a coded back-channel used to communicate with a Russian negotiating to sell cyberweapons.
Obama admin discussed how much of Russia probe to share with Trump team (CNN) President Barack Obama met in January 2017 with then-FBI Director James Comey and other top national security officials to discuss sharing information related to Russia with the incoming Trump administration, where Obama stated that the Trump-Russia investigation should be handled "by the book," according to an email made public Monday and a source familiar with the matter.
Hillary Fingerprints All Over FBI's Investigation Into Trump's Russia Ties (The Federalist) Her campaign is linked to at least three separate pieces of information fed to the FBI, including the dossier the FBI used to spy on the Trump campaign.
Former Senior FBI Official Is Leading BuzzFeed’s Effort to Verify Trump Dossier (Foreign Policy) Anthony Ferrante coordinated the U.S. government’s response to Russian election interference. Now he’s helping a news site defend itself from a Russian billionaire’s lawsuit.
Explained: How the secret spy court really works (TheHill) The allegations of surveillance abuse raised by House Intelligence Committee Devin Nunes (R-Calif.) hinge on a 1978 law that governs surveillance for the purposes of foreign intelligence.
DHS pushes back on NBC, 'no evidence' Russians 'manipulated' elections (Washington Examiner) The Department of Homeland Security made the rare move Monday to officially push back on an NBC News report that claimed a top Trump officia...
Equifax accused of not disclosing the full extent of last year's data breach (Computing) Equifax accused of not telling the whole truth about the data that was stolen when it was hacked last year