Cyber Attacks, Threats, and Vulnerabilities
US Spooks: Russia Hacked Pyeongchang 2018 (Infosecurity Magazine) US Spooks: Russia Hacked Pyeongchang 2018. Intelligence suggests Kremlin spies tried to frame North Korea
Report: Russian spies behind Winter Olympics cyber attack (USA TODAY) Russian spies tried to make Winter Olympics cyber attack appear to be initiated by North Korea, according to a report.
Russian spies hacked the Olympics and tried to make it look like North Korea did it, U.S. officials say (Chicago Tribune) Russian military spies hacked several hundred computers used by authorities at the 2018 Winter Olympic Games in South Korea, according to U.S. intelligence.
Russia hacked the Olympics and tried to make it look like North Korea did it (Vox) And the International Olympic Committee could reinstate Russia as soon as this week.
Winter Olympics cyber attacks - they thought it was all over (SC Media UK) The PyeongChang 2018 Olympic Winter Games closes this weekend, having been targeted by malicious cyber-attacks. But the threat is far from over.
North Korea resumes cyber attacks in desperate search for foreign currency (Nikkei Asian Review) The North Korean state-sponsored hacker group Lazarus appears to have resumed its efforts to steal desperately needed foreign currency for th
North Korean Trojan Activity - BANKSHOT, HARDRAIN and BADCALL (SystemTek) Three new trojans known as BANKSHOT, HARDRAIN and BADCALL have been identified as being created and operated by the advanced North Korean threat group known as HIDDEN COBRA. BANKSHOT consists of several proxy application tools intended to disguise command and control (C2) communications. Also included are two remote access trojan (RAT) tools designed to install …
Ad Network Uses DGA Algorithm to Bypass Ad Blockers and Deploy In-Browser Miners (Bleeping Computer) An advertising network is hiding in-browser cryptocurrency miners (cryptojacking scripts) in the ads it serves on customer sites, and has been doing so since December 2017, according to revelations made over the weekend by the Qihoo 360 Netlab team.
PSA: Improperly Secured Linux Servers Targeted with Chaos Backdoor (BleepingComputer) Hackers are using SSH brute-force attacks to take over Linux systems secured with weak passwords and are deploying a backdoor named Chaos.
'Critical' T-Mobile Bug Allowed Hackers To Hijack Users' Accounts (Motherboard) A security researcher discovered a flaw in a T-Mobile website that let hackers log in as any customer.
Ethereum Scammers Posing as Tech Celebrities Are Running Rampant On Twitter (Motherboard) Not even Ethereum's founder, Vitalik Buterin, is immune.
FBI Warns Of Spike In W-2 Phishing Campaigns (Threatpost) A recent FBI public service advisory warned of an increase in reports of compromised or spoofed emails involving W-2 forms.
Which phishing messages have a near 100% click rate? (Help Net Security) Training employees to spot phishing messages, emails and phone calls can't be done just once or once a year if the organization wants to see click rates decrease.
Everyone is a Spear Phishing Target (Infosecurity Magazine) Given the vast quantities of personal information breached, expect targeted attacks to rise.
The Problem with Cryptojacking (WIRED) Jackers pick so many pockets at once that the cost per victim is actually minimal. What’s more, browser-based mining isn’t all bad. So what gives?
Cyber Attack Targets State Agencies (NBC Connecticut) Some of Connecticut's state agencies experienced a cyber attack late Friday afternoon, according to the Department of Administrative Services.
Hack Attack: Why Mecklenburg County and who was behind the cyber attack? (WJZY) During the Hack Attack series, we’ve told you what it cost the county and what it took to rebuild 48 servers that were infected in December and held hostage for $23,000 dollars in ransom. But the big question still remains: Why Mecklenburg County? In Part 3 of the Hack Attack, we investigate why our local government was targeted and who was behind the hack attack.
After cyberattack, Spartanburg libraries begin checking out books (GoUpstate) Spartanburg County Public Libraries' computer system remained down Wednesday after a ransomware attack earlier in the week, but staff members have begun
Davidson recovering from cyber attack (The Courier) After adjourning over last weekend, Davidson County Commissioners once again entered into closed session Monday for updates following an
Poster of cyberthreat that closed Central York schools is 'brilliant' or 'lucky,' chief says (PennLive.com) Investigators are finding the case unusually hard to crack.
North Somerset Council hit with cyber attack (Weston Mercury) North Somerset Council was hit by one cyber attack and one cyber security incident last year.
Security Patches, Mitigations, and Software Updates
NPM update changes critical Linux filesystem permissions, breaks everything (Naked Security) A recent update to the Node Package Manager introduced a bug that caused it to interfere with the operating system, by locking the system itself out of numerous mission-critical files
Samsung Galaxy Note 8 On Verizon gets February Security Patch (Geeky Gadgets) Verizon Wireless has released a software update for the Samsung Galaxy Note 8 smartphone. The update is a security update for the handset.
Cyber Trends
Global megatrends that are problematic for the state of cybersecurity (Help Net Security) The 2018 Global Megatrends in Cybersecurity survey shows that despite growing threats, IT professionals believe cybersecurity is still not considered a strategic priority among senior leadership.
A view of the global threat landscape: Cybercrime and intrusion trends (Help Net Security) The new 2018 CrowdStrike Global Threat Report analyzes comprehensive threat data and details key trends driving adversary targeting.
Cyber-Security Reports Reveal Growing Concerns About Data Breach Risks (eWEEK) NEWS ANALYSIS: Nine different cyber-security reports show a rising volume of cyber-threats, though not all organizations are preparing for the right types of risks.
Expert warns: Computer hackers becoming major threats to govts (BusinessMirror) A global cybersecurity expert recently warned that computer hackers are becoming major threats to governments, which could to lead instability in the long run.
Mobile Malware Infections Hit 16 Million in Q3 (Infosecurity Magazine) Mobile Malware Infections Hit 16 Million in Q3. McAfee warns of trouble ahead in 2018
93% of Cloud Applications Aren't Enterprise-Ready (Dark Reading) The average business uses 1,181 cloud services, and most don't meet all recommended security requirements, Netskope says.
Peter Thiel Is a Flawed Messenger With a Crucial Message for Tech (WIRED) The billionaire investor says Silicon Valley is unprepared for a coming wave of regulation.
Against Hack Porn (Motherboard) Media outlets often cover fanciful hacking techniques, but they need to make it clear that these attacks will probably never apply to most readers.
Marketplace
Defence ditches Chinese-made phones as US spy chiefs sound security warning (THe Age) The Defence department is phasing out its use of Chinese-made Huawei and ZTE phones at the same time as United States spy chiefs issued blunt security warnings about the companies’ products.
A US China proxy war is being fought through mobile phones (Verdict) Huawei and ZTE have been under fire from US government officials before, but people are being advised not to buy the companies' phones.
Chinese Smartphone Brands Oppo, ZTE And Huawei Facing Torrid Future Over 5G Security Concerns (Channel News) Chinese smartphone brands Oppo, Huawei and ZTE are facing a torrid future with their smartphones being labelled as devices that in the future could be used for State sponsored spying by the Chinese government.
Huawei's rivals 'worry we are too strong' and may use politics to kick the tech giant out of the US, top exec says (CNBC) Huawei's competitors are worried about its strength and are using politics to kick the company out of the U.S. market, the head of the Chinese giant's consumer business said on Sunday, adding that mobile carriers want to work with it.
Congressman Urges National Security Review of Any Broadcom-Qualcomm Deal (TheStreet) Rep. Duncan Hunter, Republican of California, sent a letter to President Trump urging him to conduct a national security review of a Broadcom-Qualcomm deal if it is consummated.
Worldwide smartphone sales recorded first ever decline in Q4 2017 (CRN Australia) Due to slow upgrades and lack of quality "ultra-low cost" smartphones.
Private Equity Giants Buy Cybersecurity Firm for $400 Million (Fortune) BlackRock is one of the buyers.
Fast-growing cybersecurity startup sells to private equity consortium, rebrands (Washington Business Journal) Leesburg-based PhishMe, a cybersecurity company that started by helping companies and employees combat “phishing” scams, announced Monday it has been acquired by a private equity consortium in a deal it says values the business at $400 million.
Zscaler IPO: What To Look For (Seeking Alpha) Zscaler, a tech company aiming to offer cloud security solutions, has filed for an IPO worth $100 million. Cloud security is a growing field where Zscaler has b
Dropbox to go public in US$500 million IPO (CRN Australia) Cloud file sharing vendor has revenue of $1.11 billion
How Precedent Communications, the company behind the Red Cross data breach, went bust (CRN Australia) What happened to Precedent Communications after the Red Cross data breach went public.
Symantec Cuts Ties With NRA Amid Backlash Over School Shootings (Gizmodo) Symantec, one of America's largest security software companies, has ended its partnership with the National Rifle Association, Gizmodo has learned.
Accenture Hires Former Head of Operations for US Cyber Command (Washington Executive) Accenture Federal Services has hired retired Gen. George Franz, former director of operations for U.S. Cyber Command, to provide cybersecurity expertise for Accenture’s customers in the defense and security markets.
Products, Services, and Solutions
Apple iCloud security change in China raises privacy questions (CNET) The company is moving encryption keys for China-based users' data from the US to the Asian country. Bad for dissidents?
Archos debuts hardware cryptocurrency wallet ahead of Mobile World Congress (Neowin) Archos has announced that it will be releasing a €49.99 cryptocurrency wallet. The firm gave details about it and will be showing it off at the upcoming Mobile World Congress next week.
5 best encrypted messaging software to block prying eyes (Windows Report) Millions of people exchange messages every day throughout the world, but how many of them really know what truly happens to their messages once they send them? Will these be intercepted by third-parties? The unfortunate truth is that we do live in a world and age in which data logging and Internet surveillance are happening.
Use 1Password' 'pwned password' to verify if your password was leaked (HackRead) 1Password's "pwned password" will check your password on the list of leaked passwords in previous or unannounced data breaches.
Here's Why You Need to Add Another Layer of Security to Your Antivirus (Heimdal Security Blog) Ransomware attacks continue to be a real online threat to both users and companies. Here's why antivirus usually can't keep up with these threats and why you need extra layers of security to enhance online protection.
Technologies, Techniques, and Standards
Three steps MSPs must take to become GDPR compliance experts (Channel Pro) MSPs need to position themselves effectively to take advantage of the new regulations
How to protect Office 365 data from ransomware attacks (Help Net Security) In order to protect Office 365 data from ransomware attacks, organizations should incorporate the following risk mitigation best practices to help keep their organization secure.
Interpol Tests Global Cops with IoT Simulation (Infosecurity Magazine) Interpol Tests Global Cops with IoT Simulation. Some investigators still lack digital skills
Cracking AD Domain Passwords (Password Assessments) - Part 1 - Collecting Hashes (SANS Internet Storm Center) In my last 2 posts we discussed recovering passwords in a penetration test, first by using password spraying and then by using LLMNR (using the responder tool). In both cases we discussed that it’s pretty likely that you’ll recover domain admin credentials in these steps.
Six months on – Have we reached the other side of the Bad Rabbit hole? (IT Pro Portal) Employee training is key to preventing your organisation from falling victim to ransomware and other cyber threats.
Ransomware and the Importance of Prevention, Recovery, and Managed IT Services in NYC (Simplegrid Technology, Inc.) You should consult a managed IT services expert in NYC to help your business in creating a prevention and protection against ransomware. In general,
Insights on industrial vulnerability: How secure is your OT infrastructure? (IT Brief) Addressing the requirements of an OT network is now more important than ever and requires an integrated approach.
Design and Innovation
Cybersecurity Style Guide helps you write like a hacker (The Parallax) The point of the Bishop Fox Cybersecurity Style Guide, its editor says, is to “bridge the gap between people who are writing in security, and the people who have to read that.”
Would Tech Giants Be Able to Secure Autonomous Vehicles? (iHLS) While autonomous vehicles real-world tests become more and more prevalent, the risk of hackers taking
Blockchain and Biometrics Could Produce Paperless Global Travel, Boost Border Security (EnterpriseTech) A wonderful week in Italy is coming to an end, and now there’s the heartbreak of leaving the life of the Med. But the spirit of la dolce vita is upon you. Italy has given you a new appreciation for life and people, for beauty, for relaxation, art and culture, for good food and wine, laughter, enjoyment – for the
Cryptocurrencies – money of the future or flash in the pan? (Market Business News) Are cryptocurrencies the money of the future or something that came and went rapidly, i.e., a flash in the pan?
Start-ups fight back against the scourge of fake news (National) Google, Facebook and others are under pressure to tackle the spread of “alternative facts” online. Now start-ups are offering their own solutions.
Academia
Engility announces CyberWarrior® Scholarship recipients (PR Newswire) Engility Holdings, Inc. (NYSE: EGL) today announced the recipients of...
Students explore cybersecurity during event (Hickory Daily Record) Six hundred local middle and high school students got some interactive opportunities in cybersecurity this week when they attended Catawba Valley Community College’s Day of Security.
MSU breaks ground on tech park research lab, first of its kind in Montana (Bozeman Daily Chronicle) University leaders and industry members including executives from Boeing and defense giant Raytheon broke ground Friday on Montana State University’s Applied Research Lab, the first of a handful of buildings
Legislation, Policy, and Regulation
ISIS May Be on the Run But What’s Our Message to Prevent Its Re-Grouping? (cyberdb.co) Even with the near- defeat of ISIS it is still a prominent force on the Internet, particularly for propaganda and recruitment campaigns.
The world badly needs a cyber-warfare truce - what are the chances? (diginomica) Cyber warfare is combat on the cheap, writes Denis Pombriant, as he sets out the case for an international truce to limit the scope for cyber attacks
Russia gets its super power on (SC Media US) After the breakup of the Soviet Union stripped it of its influence, Russia seems determined to reassert itself as a super power...in cyberspace. Teri Robinson reports.
White House challenges media claims of inaction on Russia (Washington Examiner) 'He has been tougher on Russia in the first year than Obama was in eight years combined,' White House press secretary Sarah Sanders told rep...
Homeland Security's tall order: A hacker-free election (CNET) Jeanette Manfra, the top cybersecurity official at DHS, tells CNET about all the ways hackers can sow chaos in this year's primaries and midterm elections.
Microsoft joins calls for a 'national cybersecurity agency' (Digital Journal) Microsoft has advocated a "national security agency" to avoid a "national security quagmire." The company has compiled guidelines to follow when establishing a federal cybersecurity agency. It said it would create a "focal point" for cyber defence.
Litigation, Investigation, and Law Enforcement
Jeremy Corbyn and the Czech spy: the secret files (Times) Soon after 32-year-old Jan Sarkocy flew from Prague to Heathrow on May 29, 1986, to start his career as an intelligence officer at the Czech embassy in London, his cover as Jan Dymic, a diplomatic...
Democratic intelligence memo released (CBS News) The memo claims Christopher Steele's dossier did not play a key role in the surveillance application process
House Democrats release intelligence memo defending DOJ, FBI investigation (TheHill) House Intelligence Committee Democrats on Saturday released their memo defending the Justice Department (DOJ) and FBI against allegations of surveillance abuses made in a memo by committee Republicans.
5 Key Takeaways From the Democratic Rebuttal Memo (WIRED) House Democrats released a 10-page memo Saturday that shows just how misleading the original #ReleaseTheMemo campaign was.
Byron York: Assessing the new Democratic intel memo (Washington Examiner) The GOP accused the Justice Department and FBI of relying heavily on the unverified Trump dossier in a secret court request to wiretap the s...
Out for Justice: Feds Battle Trolls (BankInfo Security) Leading the latest edition of the ISMG Security Report: The Department of Justice indicts Russians for allegedly running an industrialized troll factory designed to
The Russia Investigations: More Pleas, More Charges — Any More Preparation? (WBUR) This week in the Russia investigations: More newcomers join Mueller's roll of honor; the feds meet with state officials on election security; and Washington starts thinking about considering some potential planning to defend the 2018 midterms.
Top Trump Campaign Aide Flips, Pleads Guilty In Mueller Probe (New York Law Journal) Rick Gates pleaded guilty Friday to one count of conspiracy and another of lying to federal investigators.
Jared Kushner pushed to Donald Trump margins as Russia inquiry closes in (Times) He was once the power behind the throne, Donald Trump’s most influential adviser. But Jared Kushner, the president’s son-in-law, now finds himself on the margins, fighting for relevance. The...
‘In Fraud We Trust’ – Cybercrime org bust shows we’re fighting pros (Naked Security) A former FBI official says the Russian Infraud Organization was operated like a “dark-web cousin of major commercial marketplace sites.”
Developer gets prison after admitting backdoor was made for malice (Ars Technica) Full-featured trojan catered to password thieves, Peeping Toms, and ransomware scammers.