Cyber Attacks, Threats, and Vulnerabilities
Russia slams Britain's "groundless" cyber attack accusations (Xinhua) London's allegations of Moscow being behind the cyber attack against Ukraine in June 2017 are far-fetched and "information warfare" against Russia, said Russia's Foreign Ministry on Wednesday.
Russian Embassy spokesperson confronts FBI, DHS officials in public event (Cyberscoop) A Russian Embassy spokesperson challenged two senior U.S. officials Wednesday during a public event in Washington, D.C., claiming the Trump administration refuses to collaborate with Russia to fight cybercrime.
Report: Cybercrime causes over $600 billion in damage annually (Cyberscoop) Cybercrime and espionage have caused more than $600 billion worth of damage annually in recent years, according to new estimates from the Washington, D.C., think tank Center for Strategic and International Studies (CSIS) and American cybersecurity firm McAfee.
North Korean Reaper APT uses zero-day vulnerabilities to spy on governments (ZDNet) The often-overlooked hacking group appears to be backed by the North Korean government.
A New North Korean Hacker Group Is Making a Name for Itself (BleepingComputer) A lesser-known North Korean cyber-espionage outfit has become more active on the international scene in 2017, after spending the previous five years targeting only South Korean government agencies and North Korean defectors.
North Korea's growing criminal cyberthreat (Fifth Domain) North Korea’s cybercrime efforts — all seemingly state-sponsored — steal money that is then used to fund its cash-strapped government.
The global cyber war is heating up: Why businesses should be worried (CSO Online) From NotPetya's global disruption to North Korea's digital plundering of financial institutions, state-sponsored cyber attacks should be top of mind for business leaders. Here's how to defend against them.
The Rise of ICS Malware: How Industrial Security Threats Are Becoming More Surgical (SecurityWeek) ICS environments were generally not targeted by targeted malware, but this is no longer case and represents a major challenge for facilities operators.
Anatomy of an Attack on the Industrial IoT (Dark Reading) How cyber vulnerabilities on sensors can lead to production outage and financial loss.
Life-saving Pacemakers, Defibrillators Can Be Hacked and Turned Off (HackRead) Pacemakers and implantable cardioverter defibrillators (ICDs) are lifesaving devices but malicious actors can exploit vulnerabilities and result of it can be life-threatening.
How AI-Driven Systems Can Be Hacked (Forbes) Nowadays, AI seems to be taking over everything, and there is a variety of examples of that.
43% of all online login attempts are made by hackers trying to break into your account (TechRepublic) Content delivery network Akamai says nearly half of all online login attempts are performed by cybercriminals trying to break into accounts containing sensitive user data.
BitSight Survey: Botnet Attacks Prevalent Among Govt Contractors (ExecutiveBiz) A new survey by cybersecurity company BitSight says botnets have become widespread among government contractors specifically for manufacturing and health care firms, e-End reported Friday. BitSight polled at least 1,200 federal government contractors and found that health care firms have recorded a data breach incidence rate of 8.2 percent since January 2016, followed by aerospace...
The risks of DDoS and why availability is everything (Security Brief) We’ve all experienced the feeling of frustration, or even desperation, when the online services we expect are not available when we need them.
One-stop counterfeit certificate shops for all your malware-signing needs (Ars Technica) Certificates registered in names of real corporations are surprisingly easy to come by.
The Use of Counterfeit Code Signing Certificates Is on the Rise (Recorded Future) Researchers are seeing an increase in code signing certificates being used for malicious payload distribution campaigns. Recorded Future investigated the criminal underground to find answers.
uTorrent Client Affected by Some Pretty Severe Security Flaws (BleepingComputer) A Google security researcher has found multiple security flaws affecting the uTorrent web and desktop client that allow an attacker to infect a victim with malware or collect data on the users' past downloads.
2,000 Systems Down Due To SamSam Ransomware Infection At Colorado Department of Transportation (KnowBe4 Blog) 2,000 Systems Down Due To SamSam Ransomware Infection At Colorado Department of Transportation
Bad Actors Increase Focus on Cloud Services, Encryption (Infosecurity Magazine) There was a threefold increase in encrypted communication used by malware in last 12 months.
The Annabelle Ransomware Is a Horrific Mess (BleepingComputer) While most ransomware is created to actually generate revenue, some developers create them to show off their "skills". Such is the case with a new ransomware based off of the horror movie franchise Annabelle.
Hackers Use Fake Facebook Profiles of Attractive Women to Spread Viruses, Steal Passwords (Newsweek) Newly-uncovered hacking campaign could transform a smartphone into the ultimate surveillance tool.
Hackers Use 'Honey Pot' Tactics on Facebook to Take Your Phone (Outer Places) The early 2000s had fraudulent emails from Nigerian princes. The 2010s have seductive Facebook messages from hackers using fake profile pictures. It's...
BEC scammers actively targeting Fortune 500 companies (Help Net Security) Nigerian scammers are targeting Fortune 500 companies, and have already stolen millions of dollars from some of them, IBM Security researchers have found.
Hackers Steal Millions by Ditching Malware to Sidestep Security (Gizmodo) Employing sophisticated scams involving social engineering, email phishing, and the harvesting of employee passwords, attackers have pilfered millions of dollars from some of the world largest corporations—all while bypassing traditional hacking safeguards by simply avoiding the use malware.
Incident Detection, Email Attacks Continue to Cause Headaches for Companies (Financial IT) Over one-third of all security incidents start with phishing emails or malicious attachments sent to company employees, according to a new report published today by global cyber security company F-Secure.
Is your child a victim of identity theft? (Naked Security) Finding out someone has already established your child’s credit for them is a nightmare to try and clean up after years of damage already done.
Does Fake News Affect Threat Intelligence? (Infosecurity Magazine) Is fake news more about dirty tricks, or a new form of subversion?
GDPR-based extortion is a dangerous myth (Computing) Eerke Boiten, Professor of Cyber Security at De Montfort University, argues that extortion via GDPR fines is not a realistic addition to the criminal repetoire
Harper’s Magazine Warns Subscribers That Passwords May Have Been Stolen (Motherboard) No one is immune to the ever-rolling wave of account data breaches.
Allentown Struggles with $1 Million Cyber-Attack (Infosecurity Magazine) The city’s critical systems have been hit by the malware known as Emotet, impacting both financial and public safety operations.
Security Patches, Mitigations, and Software Updates
To prevent data breaches, AWS offers S3 bucket permissions check to all users (Help Net Security) Previously available only to Business and Enterprise support customers, the S3 bucket permissions check identifies S3 buckets that are publicly accessible due to ACLs or policies that allow read/write access for any user.
Intel releases more Meltdown/Spectre fixes, Microsoft feints SP3 patch (Computerworld) Intel says it has most -- but not all -- of the buggy Meltdown/Spectre firmware patches in order. While Microsoft announces but doesn’t ship a firmware fix for the Surface Pro 3.
Trend Micro patches email gateway, but leaves two flaws unpatched (iTWire) Trend Micro has patched 10 vulnerabilities in its Email Encryption Gateway product that could be used for remote exploits, but left two others unpatch...
Cyber Trends
Cybercriminals stole $2.3 billion from Aussies in 2017 (Starts at 60) It’s worth reviewing your own security practices.
Higher Ed Users Are Less Susceptible to Phishing Scams (Technology Solutions That Drive Education) Survey finds that education end users aren’t clicking on suspicious email messages as much as users in many other industries.
Good conquers evil in the battle against social media trolls (Times) Good can triumph over hate on social media when trolls are challenged, research suggests. Academics investigating antisemitism on Twitter found that most offending posts were ignored or shared...
Marketplace
How cloud access security brokers have evolved (SearchCloudSecurity) Cloud access security brokers made a big splash when they first entered the industry, but where are they now? Here's a look at where they stand.
Here's how the Marines’ cyber warriors are buying new equipment (Fifth Domain) Marine Corps Forces Cyberspace Command uses a variety of partners and authorities within the Marine Corps to procure systems for their cyber warriors.
Cybersecurity Skills Gap Soars as Brexit Bites (Infosecurity Magazine) Cybersecurity Skills Gap Soars as Brexit Bites. Capgemini claims 25 percentage point gap between supply and demand
In the gig economy, a cybersecurity divide (The Parallax) Dek: The gig economy’s investment in cybersecurity education and protection is hard to quantify, but it’s easy to see that it’s important, researchers explain at the Enigma Conference.
Cyber Technology Dives Into Shark Tank (SIGNAL) It’s down to five companies as a competitive series aims to make a big splash in innovation development.
Unicorn or donkey? How accelerators and venture builders identify the best tech startups (Computing) Most startups fail. We examine the secrets of the ones that survive and thrive
Feature Labs launches out of MIT to accelerate the development of machine learning algorithms (TechCrunch) Feature Labs, a startup with roots in research begun at MIT, officially launched today with a set of tools to help data scientists build machine learning..
Exclusive: Ex-Synack Engineers Raise $3 Million for Security Startup (Fortune) The founders graduated from startup accelerator YCombinator last summer.
WhatsApp Co-Founder Puts $50M Into Signal To Supercharge Encrypted Messaging (WIRED) WhatsApp co-founder Brian Acton has taken on the leadership of the non-profit behind that popular encryption app—and given it a serious injection of cash.
Robinhood rolls out zero-fee crypto trading as it hits 4M users (TechCrunch) Coinbase has some serious competition. Today, Robinhood starts rolling out its no-commission cryptocurrency trading feature in California, Massachusetts,..
Government Ramps Up ICO Fees for Large Organizations (Infosecurity Magazine) Government Ramps Up ICO Fees for Large Organizations.Potential £2000+ rise in annual costs as GDPR lands
The ICO immaturity problem (TechCrunch) I’ve been following “startups” - I define startups as small businesses with a global scale - for almost two decades. In that time I’ve watched them..
Multiven Announces its Initial Coin Offering (“ICO“) to Build the World’s First Blockchain-Based Marketplace for IT, Telecoms and Network Products and Services (WebWire) Multiven Token launch will disrupt and decentralise the over $3 Trillion global marketplace for IT products and fund the cyber-defense of Bitcoin, Ethereum and other public cryptocurrency network nodes
Imperva Announces Transition of Its Chairman of the Board (BusinessWire) Imperva, Inc. (NASDAQ:IMPV), a cybersecurity leader that delivers best-in-class solutions to protect data and applications on-premises, in the cloud,
Products, Services, and Solutions
Wombat Security Announces Industry-First Configurable Password Policy Module (PR Newswire) Wombat Security Technologies (Wombat), the leading provider of security...
Data Center Intrusion Prevention System (DCIPS) (NSS Labs, Inc) NSS Labs arms enterprises with fact-based and objective information to get secure and stay secure. Click to learn more.
QuintessenceLabs Launches Technology Alliance Partner Program to Meet Increased Demand for Integrated Data Security (GlobeNewswire News Room) Extended program follows successful collaborations with NetDocuments, PKWARE and VMware, and supports data protection integration with emerging and strategic technology partners
Centripetal Announces Network Filter Technology Breakthrough (PR Newswire) Centripetal Networks, the leading provider of real-time network defense...
Don't Trust Google Play Protect to Shield Your Android (Tom's Guide) Google Play Protect bears the dubious honor of being the only Android program evaluated by AV-Test that doesn’t routinely protect its users.
Chiron To Provide Free Cybersecurity Skills Assessments (PRWeb) Chiron Technology Services, Inc., a leading provider of cybersecurity services and training solutions to government and commercial clients, announced today
New Cyber Defense Solutions Protect SAIC Customers from Distributed Denial of Service Attacks (BusinessWire) Large-scale, persistent Distributed Denial of Service (DDoS) attacks directed at cyber infrastructure are becoming a major threat to our federal gover
DomainTools Launches Innovative Predictive Domain Risk Scoring Model (Markets Insider) DomainTools®, the leader in domain name and DNS-based cyber threat intelligence, today announced its Domain Risk Scor...
Technologies, Techniques, and Standards
C-Suite Divided Over Security Concerns (Dark Reading) Survey shows 60% of CEOs plan to invest the most resources in malware prevention, but CISOs, CIOs, and CTOs are on a different page.
Know How to Avoid Cyber attacks by Minimizing Human Error (Security Boulevard) According to Cybersecurity Ventures, damages brought about by cybercrime will cost the world $6 trillion annually by 2021. A common finding in studies conducted by different parties reveals that majority of cyberattacks on businesses can be traced back to human error. In fact, according to London-based consultancy, Wills Towers Watson, 66% of 2016 cyber breaches The post Know How to Avoid Cyber attacks by Minimizing Human Error appeared first on Netswitch Technology Management.
When Two-Factor Authentication Fails: Rethinking The Approach To Identity Security (Forbes) In 2017, we saw a new influx of spectacular and devastating breaches. Somewhat lost in the chaos was a surprising trend amongst them -- a sharp escalation in attackers utilizing stolen, valid credentials as their primary means of gaining a foothold in the organization. This is by no means a new trend.
Cyber Aware – are passwords past it? (Hint: no.) [VIDEO] (Naked Security) Getting your online password situation right is easier than you think – so here’s how to do it!
Control Flow Integrity: a Javascript Evasion Technique (Security Boulevard) Understanding the real code behind a Malware is a great opportunity for Malware analysts, it would increase the chances to understand what the sample really does. Unfortunately it is not always possible figuring out the "real code", sometimes the Malware analyst needs to use tools like disassemblers or debuggers in order to guess the real Malware actions.
Red Sparrow: State of Manipulation (In Partnership with 20th Century Fox from VICE Media) (Vice) VICELAND's Karley Sciortino and former FBI agent Joe Navarro talk about the future of espionage and counterintelligence training.
Research and Development
Good versus evil: Who will win the AI arms race? (CRN) Crowdstrike and other providers hit back at new report warning that the rise of AI could boost cybercrime, arguing it should be seen as a force for good.
Legislation, Policy, and Regulation
U.S. SEC calls for 'clearer' cyber risk disclosure from companies (Reuters) The U.S. Securities and Exchange Commission on Wednesday updated guidance to public companies on how and when they should disclose cyber security risks and breaches, including potential weaknesses that have not yet been targeted by hackers.
What the budget request explains about Cyber Command’s goals (Fifth Domain) Here are four programs and capabilities Cyber Command is looking to purchase in fiscal 2019.
The FCC’s order gutting net neutrality is now official — but the fight is just getting started (TechCrunch) The FCC's "Restoring Internet Freedom" order, which vastly curtails the agency's 2015 net neutrality rules, has officially taken effect in the Federal..
Why states might win the net neutrality war against the FCC (Ars Technica) FCC might have doomed its preemption case by renouncing authority over broadband.
Litigation, Investigation, and Law Enforcement
Robert Mueller Is Treating Russia Like a Gang, and It's Working (Vice) This is like an anti-mafia RICO case—except applied to a whole country.
Israel foiled Australia 'plane terror plot' (BBC News) PM Benjamin Netanyahu says his nation halted an "unimaginable slaughter" last year.
IDF cyber warriors thwart major ISIS aviation terror attack (The Jerusalem Post) Spread across the country, the online soldiers of Unit 8200 are on the front line of Israel’s cyber wars 24/7, 365 days a year to identify possible threats and effectively neutralize them.
The Microsoft Design Decisions That Caused this Mess (Just Security) Microsoft's design decisions contributed to the problem in Microsoft Ireland, as did its revolution against borders and local laws.
Justices Embrace Narrow View of Dodd-Frank Whistleblower Protections (New York Law Journal) The U.S. Supreme Court on Wednesday narrowed the scope of whistleblower protection under the Dodd-Frank Act ruling unanimously that employees must first report alleged securities violations to the U.S. Securities and Exchange Commission.
Bitcoin Platform Operator Allegedly Lied to SEC Over Hack (New York Law Journal) Jon Montroll's now-defunct BitFunder allegedly misappropriated cryptocurrency deposits even before hackers stole over 6000 of the digital currency.
Online security is a disaster and the people who investigate it are being sued into silence (Boing Boing) Online security is a disaster and the people who investigate it are being sued into silence
LA Times homicide website throttles cryptojacking attack (The State of Security) Whoever hacked the LA Times probably hoped to make a killing mining cryptocurrency - but action from a security researcher has put paid to their plans.