Cyber Attacks, Threats, and Vulnerabilities
Russia accused of “false flag” attack on Olympic opening (Ars Technica) Routing hacks, bits of code used to throw off attribution trail.
Russian state media just mixed up Syrian war footage with a video game clip (Stars and Stripes) The scene is from a battlefield where countless lives have been lost, but only in the digital world — it's footage from the popular combat simulator Arma made by Prague-based Bohemia Interactive.
Facebook bug reveals identity of page admin via email (Naked Security) The autogenerated emails sent on behalf of a named Facebook page gave away more about the accounts behind the page than you’d expect.
Adobe Flash Vulnerability Reappears in Malicious Word Files (Dark Reading) CVE-2018-4878, a Flash zero-day patched earlier this month, has resurfaced in another campaign as attackers capitalize on the bug.
Covert 'Replay Sessions' Have Been Harvesting Passwords (WIRED) Analytics services are unintentionally collecting a mass of passwords and other sensitive data, new research shows.
Malspam pushing Formbook info stealer (SANS Internet Storm Center) I wrote a diary about malicious spam (malspam) pushing the Formbook information stealer back in November 2017. Formbook malspam is still a thing.
Oracle Server Vulnerability Exploited to Deliver Double Monero Miner Payloads (TrendLabs Security Intelligence Blog) The sudden rise of cryptocurrency triggered a shift in the target landscape. Cybercriminals started adapting and using their resources to try acquiring cryptocurrencies, whether through pursuing repositories like Bitcoin wallets or by compromising networks and devices to mine the currency.
2,844 new data breaches added to Have I Been Pwned (CSO Online) The massive breach, which includes more than 80 million records, is listed as a single 'unverified' data breach, but it is ranked as the 15th biggest breach on Have I Been Pwned.
Revamp of 'Pwned Passwords' Boosts Privacy and Size of Database (Threatpost) Troy Hunt has expanded his Pwned Passwords tool with 80 million more passwords, to help users find if their passwords have been compromised.
Ransomware set to become more vicious in 2018: Quick Heal (The Economic Times) Ransomware, cryptocurrency mining and zero-day exploits headlined the threat landscape in 2017, said the global IT security firm's "Annual Threat Report - 2018".
The Rig Exploit Kit Has Forsaken Ransomware for Coinminers (Cyber Security - James Griffiths) The exploit kit landscape has continued its downfall started in the summer of 2016 and its leading player —the RIG exploit kit— has stopped delivering any ransomware strains in 2018, focusing now on spreading cryptocurrency miners (coinminers) and information-stealing trojans... Continue Reading →
Unsecured AWS led to cryptojacking attack on LA Times (Naked Security) Cryptojackers have been discovered sneaking mining code on to a big brand’s website through the back door of a poorly secured Amazon AWS (Amazon Web Service) S3 bucket.
Cryptojacking is the new malware (Help Net Security) Each cryptojacked machine may provide a small fraction of computing cycle time but, when combined, they are transformed into distributed supercomputers that can earn hackers substantial cryptocurrency amounts.
Cyber attack hits 12 state agencies (WTNH Connecticut News) Approximately 160 machines in 12 agencies were not protected with antivirus software.
This is why you might be an easy target for hackers, according to experts (News Shopper)
Londoners’ email passwords could make them easy targets for hackers and put themselves at risk of identity theft, experts have warned.
Mobile banking Trojans spread confusion worldwide (Help Net Security) Mobile banking Trojans spread confusion worldwide, and consumers around the world that use mobile banking apps are at a greater risk of being tricked by cybercriminals and falling victim to mobile banking theft.
Threats from Mobile Ransomware & Banking Malware Are Growing (Dark Reading) The number of unique mobile malware samples increased sharply in 2017 compared to a year ago, according to Trend Micro.
CoinDash: Hacker returns another $17m worth of stolen Ethereum to firm just months after ICO heist (International Business Times UK) The unexpected transaction came just days before the Israel-based company's formal product launch.
When employee access exceeds trust, IP goes missing (CSO Online) Companies may be tempting fate by giving interns deep access to company data, as these two examples of intellectual property theft show.
School CCTV Streams End Up on US Website (Infosecurity Magazine) School CCTV Streams End Up on US Website. Privacy snafu alarms parents in Blackpool
Oops! Apple repair center making around 20 false emergency calls a day (Naked Security) Devices are innocent until proven guilty, but those Apple Watches are notorious for being easily triggered.
Security Patches, Mitigations, and Software Updates
USPS Finally Starts Notifying You by Mail If Someone is Scanning Your Snail Mail Online (KrebsOnSecurity) In October 2017, KrebsOnSecurity warned that ne’er-do-wells could take advantage of a relatively new service offered by the U.S. Postal Service that provides scanned images of all incoming mail before it is slated to arrive at its destination address.
Cyber Trends
Top Five Insider Attack Predictions for 2018 (Haystax) This research is based on the results of a comprehensive online survey of 1,493 cybersecurity professionals to gain deep insight into the insider threats faced by their organizations, and the solutions needed to detect, remediate, and prevent them.
CrowdStrike Global Threat Report Reveals The Biggest Cyber Crime and Targeted Intrusion Trends (BusinessWire) CrowdStrike® Inc., the leader in cloud-delivered endpoint protection, today announced the release of its 2018 CrowdStrike Global Threat Report: Blurring the Lines Between Statecraft and Tradecraft
The Hacker Zoo Breaking Into A Computer Near You (Fast Company) Security firm CrowdStrike highlights the growing global threat of both state-sponsored and criminal hackers in a new report.
2018 CrowdStrike Global Threat Report: Blurring the Lines Between Statecraft and Tradecraft (CrowdStrike) The 2018 CrowdStrike® Global Threat Report offers one of the industry's most comprehensive reports on today's most damaging cyberattacks and dangerous adversaries.
6 Cybersecurity Trends to Watch (Dark Reading) Expect more as the year goes on: more breaches, more IoT attacks, more fines...
7 Key Stats that Size Up the Cybercrime Deluge (Dark Reading) Updated data on zero-days, IoT threats, cryptomining, and economic costs should keep eyebrows raised in 2018.
FSB: Just 8% of UK Small Businesses Are GDPR-Ready (Infosecurity Magazine) FSB: Just 8% of UK Small Businesses Are GDPR-Ready. Non-profit kick-starts awareness-raising campaign
Marketplace
Here’s the latest update on the very spicy beef between two massive chipmakers (TechCrunch) Broadcom and Qualcomm, the former of which is trying to acquire the latter, are continuing to duke it out on their respective investor relations pages by..
Le genevois ID Quantique passe sous contrôle coréen pour 65 millions (Le Temps) Spécialisée en cryptographie quantique, la société passe sous le contrôle de l’opérateur sud-coréen SK Telekom, via un investissement sous plusieurs formes
CyberX Raises $18 Million in Series B Funding to Combat Rising Threats to IIoT and Critical Infrastructure, Bringing Total Funding to $30 Million (BusinessWire) CyberX closes $18M Series B round led by Norwest Venture Partners to combat rising threats to critical infrastructure, bringing total to $30M.
Huawei says national security accusations are `groundless’ (South China Morning Post) US lawmakers have raised concerns that Huawei’s ties to the Chinese government pose a potential national security threat, which the company has denied.
Apple CEO to co-chair China Development Forum after handover of Chinese iCloud accounts (VentureBeat) Apple CEO Tim Cook will co-chair the 18th annual China Development Forum, a Chinese government event held in Beijing from March 18-20, according to a Wall Street Journal report this morning. The an…
Northrop Grumman Wins $95 Million Award from Department of Homeland Security to Develop Next-Generation Biometric Identification Services System (Northrop Grumman Newsroom) MCLEAN, Va. – Feb. 26, 2018 – Northrop Grumman Corporation (NYSE: NOC) has been awarded a $95 million contract by the Department of Homeland Security’s (DHS) Office of Biometric Identity Management (OBIM) to develop increments one and two of the...
PolySwarm Kickstarts Platform with First Arbiter Based on Cuckoo Sandbox (NewsBTC) Decentralized IT security marketplace PolySwarm today announced a partnership with the lead development team behind Cuckoo Sandbox.
CRN Exclusive: Mobile Security Vendor Zimperium's New CRO Makes Channel Business A Priority (CRN) Eric Grotefeld wants to help take Zimperium from doing half of its business through the channel in 2016 to carrying out 80 percent of its business through partners within a couple of years.
Chuck Brooks Takes New Role at General Dynamics (Homeland Security Today) He will drive market strategy for existing and new market segments in the public and private sectors, define product inception, and develop go-to market strategies and partnering opportunities.
David Hannigan, Chief Cyber Risk Officer for Capital One Named to Per Scholas National Board (Per Scholas) Per Scholas is pleased to announce the addition of David Hannigan to its National Board. Per Scholas is a national workforce nonprofit that provides rigorous and tuition-free technology training and professional development in careers such as IT in Atlanta, GA; Cincinnati and Columbus, OH; Dallas, TX; Washington, D.C. and New York, NY.
Products, Services, and Solutions
Avast Announces ‘Smart Life’ IoT Security Platform (BusinessWire) Powered by Avast’s AI technology, the new SaaS platform protects devices, networks and personal data
Lanner Partners with Enea and Trend Micro to Showcase Edge SD Security Solutions at MWC 2018 (PR Newswire) Lanner Electronics (TAIEX 6245), a global leader in SDN/NFV...
Blackpoint Announces SNAP-Defense Module for Securing the Internet of Things (IoT) (PR Newswire) Today, Blackpoint Cyber announced availability of its IoT module...
Netwrix partners with Concept Searching to enrich security intelligence with data discovery and classification functionality (Netwrix) The partnership aims to help organizations improve security and streamline GDPR compliance
Leading smartphone maker OPPO adopts Trustonic Secure Platform (Trustonic) Trustonic technology is now being integrated by the world’s fourth largest smartphone manufacturer, OPPO
Data I/O Corporation (NASDAQ:DAIO) announced support for the new Platform Security (PSA) Architecture from Arm (Benchmark Monitor) Data I/O Corporation (NASDAQ:DAIO) announced support for the new Platform Security (PSA) Architecture from Arm. PSA is the industry's first common framework for
Abu Dhabi's DarkMatter unveils its secure Katim Android phone (The National) Device already shipping to UAE customers with interest from overseas
TIM and Cisco Join Forces To Increase The IT Security Of Italian Companies (GlobeNewswire News Room) TIM Safe Web, the new security service developed in collaboration with Cisco and integrated into the TIM network, going live in March
Dimension Data achieves Australian Signals Directorate's Protected certification (CRN Australia) Becomes fourth provider to achieve 'Protected' certification.
CENTRI to Demonstrate Complete Chip to Cloud Data Security Following Platform Security Architecture (PSA) Principles (PR Newswire) CENTRI, a leading provider of advanced security for the Internet of Things,...
Technologies, Techniques, and Standards
How Google implements the Right To Be Forgotten (Help Net Security) Who is asking Google to delist certain URLs appearing in search results related to their name, and what kind of requests does the search giant honor?
Building Resilience Against Evolving Technology: An Interview With a Cyber Risk Expert (Security Intelligence) According to IBM cyber risk expert Tim Roberts, security professionals must do a better job of communicating with top management as the technology landscape evolves and new threats emerge.
Podcast: How identity can control shadow IT (Cyberscoop) By focusing on identity management, IT departments are able to simplify access to cloud applications, making them more secure.
Is that smart device secure, and will it protect your privacy? (Help Net Security) The decision to introduce a new smart device in your home should come only after you've answered these two questions affirmatively: "Will the device improve the quality of my life/fill a need I have?" and "Am I satisfied with the level of security and privacy the manufacturer provides to users?"
Automating out of the skill gap sinkhole (Help Net Security) Everyone involved in cybersecurity IR, at all levels, should constantly have one question in mind, "Can this be automated?" By the end of 2018, humans should only be spending their time doing work that absolutely must be done by a human analyst.
Design and Innovation
Why Data Science Is Becoming So Important in Cybersecurity (insideBIGDATA) In this special guest feature, Mike MacIntyre, Chief Scientist at Panaseer discusses where data science comes in with respect to cybersecurity. With the correct data, CISOs can translate technical risk into business risk, deliver a business case to solve it and demonstrate success. The current struggle is that CISOs have information that is meaningful but not timely, or it is timely but not meaningful because the content is too technical and siloed. What they really need is data that will enable them to market and measure the security program.
Drama-Free Artificial Intelligence (Gigaom) Depending on who’s listening, the current discussion involving the growing role of Artificial Intelligence in business inspires a range of dramati...
Is your vendor being honest about AI? (CSO Online) Some vendors who claim their products use artificial intelligence or machine learning technology are really using rules-based engines. Here's how to spot the lie.
Using technology to craft accurate, persuasive political messages (TechCrunch) In a country that's increasingly polarized, where partisan politics shape perception, the question of how to create a compelling argument -- rooted in facts..
Research and Development
How do you teach common sense? DARPA wants to find out (C4ISRNET) DARPA's budget request for fiscal 2019 shows that the agency wants to develop general artificial intelligence that can reason like humans.
Researchers Propose Improved Private Web Browsing System (SecurityWeek) A group of researchers from MIT and Harvard have presented a new system designed to make private browsing even more private.
Researchers Warn of Extraterrestrial Hacks (Motherboard) Can Earth get pwnd from space?
Academia
Satisnet teams up with Cyber Academy to fight security threats (BQ) A new cyber security project will allow companies to train staff to combat attacks like the one which saw NHS systems infected with malicious software last year.
Legislation, Policy, and Regulation
China’s web censors go into overdrive as President Xi Jinping consolidates power (TechCrunch) A week that begins with the repeal of regulation that prevents dictatorship in China is likely to be a busy one for the country's censorship people, and so..
Inside the Russian effort to fuel American secessionists (Think Progress) Flights to Russia, embassies in Moscow, fake social media accounts galore. But for what?
Iraq’s Real Weapons of Mass Destruction Were 'Political Operations' (War on the Rocks) Editor’s Note: This is the third installment in “Ministry of Truth,” a special series on state-sponsored influence operations. Read the first installment h
State Department, DoD partner to counter foreign fake news (Federal Times) The Defense Department will transfer $40 million to a State Department initiative for combating foreign disinformation campaigns.
The Russian Bots Are Coming. This Bipartisan Duo Is On It. (POLITICO Magazine) Jamie Fly and Laura Rosenberger crossed party lines to track the Kremlin propaganda campaign. Tweeters on the far right — and far left — aren’t happy about it.
US Cyber Command: "When faced with a bully...hit him harder." (The Cipher Brief) In Washington, there may be division and confusion about how to deal with Russian cyber-based interference. But 25 miles north, at Fort Meade, home of U.S. Cyber Command, they are angry and ready. Cyber Command’s new strategy demands that, “We must not cede cyberspace superiority.” The goal is “superiority” through “persistent, integrated operations [to] demonstrate … Continue reading "US Cyber Command: “When faced with a bully…hit him harder.”"
Clock is ticking for Congress to move cyber legislation (Washington Examiner) Congress is in session for about 17 weeks before the August recess, and it will get more and more difficult to pass significant cyber legisl...
Computer hacking bill threatens to ice Georgia's cybersecurity industry (Atlanta Business Chronicle) Proposed legislation, aimed at criminal hackers, is so broadly written critics say it would criminalize the fundamental way cybersecurity researchers find vulnerabilities in websites and tech products.
Public companies in the US warned over disclosure of cybercrime details (WeLiveSecurity) The SEC has told public companies in the US that they need to improve transparency for investors in relation to cybercrimes and infosecurity risks.
Coast Guard Needs Fresh IT, People to Keep Networks Secure (Nextgov.com) The service’s head of Cyber Command outlines his strategy for updating old systems and getting personnel to rethink cybersecurity.
DHS Deputy Secretary Elaine Duke to retire in spring (FederalNewsRadio.com) Homeland Security Secretary Kirstjen Nielsen praised Duke's leadership and expertise on DHS management, personnel and procurement.
Litigation, Investigation, and Law Enforcement
Case against alleged hoarder of NSA documents gets tougher for federal prosecutors - Cyberscoop (Cyberscoop) Prosecutors may be facing an uphill battle in their case against a former NSA contractor who was hoarding classified information in his Maryland home. A federal judge questioned the prosecution and defense in an ongoing case regarding Harold Martin, a former Navy officer turned defense contractor who was indicted for stealing and hoarding secret documents that outline U.S. hacking operations.
Feds' case against alleged NSA hoarder hits turbulence (POLITICO) A judge raises thorny questions that could complicate life for prosecutors.
Whistleblower documentarian calls next step in Reality Winner case 'a big one' (WRDW) Lawyers from both sides are set to appear in an Augusta courtroom Tuesday morning as the case against Reality Winner takes its next step in Augusta's federal court.
Ukraine police say they've rearrested cybercrime ringleader (Fifth Domain) The arrest comes 15 months after his embarrassing escape put the spotlight on corruption in the Eastern European country.
NanoCore's author didn't hack anyone, but he was imprisoned anyway (Graham Cluley) 33 months in prison for man found guilty of aiding and abetting online criminals by creating and selling the NanoCore RAT.
Middle school student responsible for cyber-threat that canceled classes at Central York School District: Police (PennLive) Investigators said the student's actions were motivated by the desire to cancel classes at the school.
Court rules against AT&T, closing FTC regulation loophole (TechCrunch) A federal court has ruled against AT&T in a long-running case that found itself tied up in the net neutrality debate. AT&T had argued that the 2015..
Coinbase: We will send data on 13,000 users to IRS (Ars Technica) Bitcoin startup says if concerned, “seek legal advice from an attorney promptly.”
50 Cent admits he ‘has never owned, and does not now own’ any bitcoin (TechCrunch) Reports last month that rapper 50 Cent had forgotten about $7 million or so in bitcoin he owned have been given the lie by the man himself, who declares in..
The Man Who Claimed to Invent Bitcoin Is Being Sued for $10 Billion (Motherboard) Craig Wright is being sued by Ira Kleiman, brother of deceased coder Dave Kleiman and representative of his estate.