Cyber Attacks, Threats, and Vulnerabilities
Russian APT Compromised Cisco Router in Energy Sector Attacks (Dark Reading) DragonFly hacking team that targeted US critical infrastructure compromised a network router as part of its attack campaign against UK energy firms last year.
Energetic DragonFly DYMALLOY Bear 2.0 (Cylance) New research from Cylance identifies for the first time the use of a compromised core router as one of the tools wielded by the threat actor that has recently been accused by the United States government of acting in the interests of Russia to attack government agencies and organizations in the “energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.”
The electric grid continues to be cyber vulnerable and susceptible to catastrophic impacts (Control Global) The Russians have been in the US electric grids since at least 2014. The Defense Science Board stated the US critical infrastructure doesn’t have the ability to prevent damage. What is happening to provide resilience and recovery?
India: Chinese hackers spying on Indians using WhatsApp, warns army (Deutsche Welle) The Indian Army has put out a video warning Indians about Chinese hackers extracting personal information using the social media application. Cyber security experts say hacking WhatsApp groups is no "rocket science."
AMD Chip Flaws Confirmed by More Researchers (SecurityWeek) An increasing number of researchers confirm existence of vulnerabilities in AMD processors, but no impact on the chip giant’s stock
AMD Processor Flaws Real, But Limited (Dark Reading) A vulnerability report threatened falling skies over AMD processor vulnerabilities that are real but limited in impact.
Check Point says CTS Labs' AMD disclosure was 'irresponsible' (iTWire) Security firm Check Point Research has revived the controversy over the flaws reported in some AMD processors by Israel-based CTS Labs last week, by s...
Cambridge Analytica and Facebook's privacy storm: Latest developments (Help Net Security) A day before the most recent exposé on Strategic Communication Laboratories (SCL)/Cambridge Analytica's exploitation of user data syphoned out of Facebook to fuel election campaigns, Facebook finally publicly confirmed that it happened.
The Noisy Fallacies of Psychographic Targeting (WIRED) Cambridge Analytica’s targeting efforts probably didn’t work, but Facebook should be embarrassed anyway.
Facebook Rocked by Data breach Scandal as Investigations Loom (SecurityWeek) Facebook shares plunged following revelations that Cambridge Analytica harvested data on 50 million users, as analysts warned the social media giant's business model could be at risk.
Facebook suspends firm that took 50M users' data, says wasn't a breach (CSO Online) Facebook suspended Trump-linked data firm Cambridge Analytica, which pilfered 50 million Facebook users’ data, claiming the collected personal data was not the result of a breach.
Facebook Plunges as Pressure Mounts on Zuckerberg Over Data (Bloomberg.com) Facebook Inc. shares posted their steepest drop since 2015 as U.S. and European officials demanded answers to reports that a political advertising firm retained information on millions of the social network’s users without their consent.
Selling data on millions ‘is the opposite of our business model,’ says Facebook’s Boz (TechCrunch) Facebook's former VP of ads has weighed in on the ongoing disaster involving his company's apparent negligence in allowing data on as many as 50 million users to be used for nefarious purposes by Cambridge Analytica. In a post on (what else) Facebook, Andrew "Boz" Bosworth gave variations on the li…
Why We're Not Calling the Cambridge Analytica Story a 'Data Breach' (Motherboard) Facebook insists that Cambridge Analytica didn't get information on 50 million Americans because of a 'data breach.' It's right. What really happened is much worse.
Facebook Data Privacy Policies Bashed By Critics After Cambridge Analytica Incident (Threatpost) Facebook is in hot water after acknowledging that a consulting group – that has worked on several high profile political campaigns, including that of President Donald Trump's – used the social media platform to harvest the data of 50 million users.
Cambridge Analytica's Ad Targeting Is the Reason Facebook Exists (Motherboard) Thousands of third party apps were designed solely to obtain and sell your data. It's no surprise that the data ended up being used again on Facebook, one of the biggest advertising platforms on Earth.
Facebook’s security chief to depart role over company’s handling of misinformation [Updated] (Ars Technica) CSO Alex Stamos clashed with other executives over handling of Russian meddling.
Cambridge Analytica: Firm at the Heart of Facebook Scandal (SecurityWeek) Cambridge Analytica, a firm hired by those behind Donald Trump's successful US presidential campaign, is at the center of a scandal over alleged misuse of Facebook users' personal data.
Cambridge Analytica sends ‘girls’ to entrap politicians (Times) The chief executive of a British company at the centre of allegations of electoral interference boasted about using “beautiful Ukrainian girls” to entrap the political opponents of clients.
Facebook and friends assume we are fools (Times) In 2004, a young student at Harvard called Mark was chatting online to a friend about his new website. A mildly abbreviated transcript reads as follows: Mark: Yeah so if you ever need info about...
No one can pretend Facebook is just harmless fun any more (the Guardian) From its stance on extremist content, to its vast caches of user data, Facebook is a corporation whose power must, finally, be reined in, says freelance journalist Ellie Mae O’Hagan
Meet Christopher Wylie, the millennial whistleblower behind Facebook’s data controversy (CNBC) If you're one of 2.13 billion Facebook users, data scientist Christopher Wylie recommends using social media with a "healthy dose of skepticism."
Uber self-driving car hits and kills pedestrian [Updated] (Ars Technica) An Arizona pedestrian died in the hospital following the crash.
Police chief: Uber self-driving car “likely” not at fault in fatal crash (Ars Technica) Tempe police chief says victim "came from the shadows right into the roadway."
Prilex ATM Malware Modified to Clone Chip-and-Pin Payment Cards (HackRead) It is just another day with just another ATM malware targeting unsuspecting users - This time, the malware comes with cloning capabilities.
Frost Bank Says Data Breach Exposed Check Images (SecurityWeek) Frost Bank, a subsidiary of Cullen/Frost Bankers said it discovered the unauthorized access to images of checks stored electronically.
Cyber Trends
ISC West Reflects the 2018 Security Megatrends™ (ISC West) ISC West and The Security Industry Association (SIA) dive into this year’s most significant emerging threats and business opportunities, mirroring what’s to come at ISC West 2018
Akamai warns of UK chaos from shoddy smart home security (BroadbandDeals.co.uk) Akamai’s influential State of the Internet Security Report has warned that the current poor level of cybersecurity around smart homes and interconnected home devices have opened the door to hackers and their like to exploit us as much as they please.
Algorithms don’t have biases and other dangerous cyber assumptions (CSO Online) Everyone makes assumptions on a daily basis...even algorithms.
Marketplace
Detectify Raises $6.15 Million in New Funding Round (ReadITQuik) Detectify makes use of automation to scan websites for vulnerabilities, thus utilizing crowd-sourced knowledge of white-hat hackers to enable customers to ensure the security of their websites
DocuSign has filed confidentially for IPO (TechCrunch) DocuSign is gearing up to go public in the next six months, sources tell TechCrunch. The company, which pioneered the e-signature, has now filed confidentially, we are hearing. Utilizing a commonly used provision of the JOBS Act, DocuSign submitted its IPO filing behind closed doors and will reveal…
CACI makes bid for CSRA in hopes of breaking up General Dynamics deal (Washington Business Journal) CACI International has made a $7.2 billion cash-and-stock offer to acquire CSRA Inc. in a bid to break up the government IT services company’s blockbuster sale to General Dynamics Corp.
Former top Canadian security officials warn Ottawa to sever links with China’s Huawei (The Globe and Mail) Public Safety Minister Ralph Goodale said in a statement on Friday that Huawei is being monitored and does not pose a risk to Canada’s cybersecurity
Verizon shareholders want executive pay tied to how well it improves its cybersecurity (Fast Company) With data breaches at Yahoo, Equifax, and seemingly every other company plugged into the internet, who hasn’t had their personal information compromised?
Unisys wins contract to provide biometric identity service with IDEMIA matching engine for Australian Home Affairs (BiometricUpdate) Unisys has won an AUD $44.2 million (US$34 million) contract to provide the Australian Department of Home Affairs’ with a new Enterprise Biometric Identity Service (EBIS) to aid visa, border crossi…
KnowBe4 Completes Rigorous SOC 2 Data Security Audit (PRWeb) KnowBe4, the world’s largest provider of security awareness training and simulated phishing, has successfully completed a rigorous third-party audit of its
Telos Corporation Appraised at CMMI Maturity Level Three (Telos) Telos highly rated for level of work and processes, proactive approach to managing projects, and dedication to continuous improvement.
Products, Services, and Solutions
Introducing Deep & Dark Web External Threats Module (RiskIQ) Organizations should monitor both the open internet and the dark web for holistic visibility and a proactive approach to external threats.
Cybersecurity Insiders Product Review Recognizes DFLabs IncMan SOAR for Unique Security Automation and Orchestration Features (BusinessWire) DFLabs recognized for R3 Rapid Response Runbooks which use machine-learning to orchestrate and automate security incident response and contain threats
Linux Foundation Announces ACRN —Open Source Hypervisor for IoT Devices (BleepingComputer) The Linux Foundation announced a new project called ACRN (pronounced "acorn") that will provide generic code for the creation of hypervisors for IoT devices.
BlackRidge Technology Receives FIPS 140-2 Government Validation for the Cryptography in its Cyber Security Products | Markets Insider (Business Insider) BlackRidge Technology International, Inc. (OTCQB: BRTI), a leading provider of next generation cyber defense sol...
StrongVPN Unveils All-New Rebranding and Apps (PR Newswire) StrongVPN, one of the oldest VPN service providers in the industry, has...
Technologies, Techniques, and Standards
FIDO Alliance Extends Certification Program to Further Strengthen Trust in Standards-based Authentication Devices - FIDO Alliance (FIDO Alliance) First 10 Products Awarded New FIDO Authenticator Security Certification MOUNTAIN VIEW, CA, MARCH 20, 2018 — The FIDO Alliance, the . . .
A Handbook for Elections Infrastructure Security (CIS) Protect your elections infrastructure with this free best practices handbook and other resources from CIS and our elections partners.
Every Time You Upload a Malware Sample... (SafeBreach) Online sandboxing services as a data exfiltration intermediary.
Cloud Data Remains Your Responsibility (Infosecurity Magazine) Your data may be held in an external cloud, but you cannot abdicate your own security responsibilities.
Our Journey to GDPR Compliance: Lessons learned on our way to May 25th (CSO) With the European Union’s (EU) General Data Protection Regulation (GDPR) date fast approaching, we have been working hard to make sure our already strong security culture and policies will align ...
ThreatQuotient to Participate in 2018 DEFNET Exercise (BusinessWire) ThreatQuotient today announced their participation in the 5th Annual DEFNET exercise, hosted by the French CyberCommand of Ministry Armed Forces.
A Mirai Botnet Postscript: Lessons Learned (Threatpost) Threatpost's Tom Spring sits down with Flashpoint and Akamai to discuss how the two companies worked together to address the 2016 Mirai DDoS attacks.
Design and Innovation
Inside the Army’s cyber ‘Shark Tank’ (Fifth Domain) The Cyberspace Real-time Acquisition Prototyping Innovation Development promises generate cutting-edge solutions to evolving cyber threats through a rapid, 30-day process.
This Call May Be Monitored for Tone and Emotion (WIRED) Call centers are using voice-analysis software that detects mood in both customers and agents, and offers motivational suggestions.
Research and Development
IBM predicts Lattice Cryptography will be big within 5 years to stop hackers (NextBigFuture.com) IBM predicts Lattice Cryptography will be big within 5 years to stop hackers
Cryptographic crumpling: The encryption 'middle ground' for government surveillance (ZDNet) Researchers believe a new encryption technique may be key to maintaining a balance between user privacy and government demands.
Legislation, Policy, and Regulation
US Charges Russia With Cyber Attacks At Power Plants (Impacts, Attribution, "Digital Geneva Convention") (Information Security Buzz) In response to reports that the U.S. blames Russia for cyber attacks on energy grid , Nick Bilogorskiy, a Cybersecurity Expert at Juniper Networks commented below on attack attribution, potential impacts of such attacks, and considerations for a “Digital Geneva Convention.” Nick Bilogorskiy, Cybersecurity Strategist at Juniper Networks: Considering a Digital Geneva Convention: “I think the world needs a set of …
Why New Russia Sanctions Won't Change Moscow's Behavior (Foreign Affairs) The newest round of U.S. sanctions against Russia are unlikely to produce any substantive policy changes from Moscow.
Vladimir Putin secures landslide election victory . . . thanks to Britain (Times) Vladimir Putin secured a decisive victory in the Russian presidential election last night, with his campaign claiming that turnout was bolstered by the confrontation with Britain over the poisoning...
Putin's Biggest Enemies Threw A Powwow Just To ‘Piss Him Off.’ Here's What They Said (Task & Purpose) "I think there was a somewhat naive hope that if we drew a thick red line under the bad behavior the Russians engaged in prior to Obama ... they might shift their behavior and become more cooperative."
White House: No plan to congratulate Vladimir Putin on his election victory (Washington Examiner) President Trump does not plan to congratulate Russian President Vladimir Putin on his election for a new six-year term, the White House said Monday, days after the U.S. agreed with Britain's assessment that Moscow was behind a nerve agent attack in London earlier this month.
Labour’s moderates have hit breaking point (Times) It is bizarre, but oddly revealing, that Jeremy Corbyn’s supporters spent the weekend accusing the BBC of doctoring an image of the Labour leader’s hat to make him look like a Soviet stooge. While...
Nicholson: US Planning Religious, Diplomatic, Military and Social Pressure on Taliban (VOA) Effort aims to get comprehensive peace talks organized
House approves legislation to authorize Homeland Security cyber teams (TheHill) Legislation would codify Homeland Security cyber teams that respond to attacks on critical infrastructure.
3 reasons why CIOs will feel more heat in 2018 (FederalNewsRadio.com) Lawmakers on the House Oversight and Government Reform Subcommittee on IT are concerned that the IT modernization effort is losing momentum.
Defence industry urges government to relax controls on crypto exports (ComputerWeekly) Trade body representing defence, aerospace and security companies calls on government to make it easier to export “non-contentious” cryptography needed to secure organisations against hacking and cyber crime.
Entire broadband industry will help FCC defend net neutrality repeal (Ars Technica) NCTA, CTIA, and USTelecom sign up to defend net neutrality repeal in court.
Why the first state with a net neutrality law isn’t scared of lawsuits (Ars Technica) Washington lawmaker: FCC can’t preempt state laws “just because it says so."
State Starts New Unit to Combat Cyberattacks (Caldwell Journal) The N.C. Department of Public Safety is partnering with the N.C. Department of Information Technology to combat the growing threat of cyberattacks. A new entity – housed in the State Bureau of Investigation’s N.C Informat
Trump Signs Executive Order Banning Venezuela’s Petro Cryptocurrency (Bitcoin News) U.S. president Donald Trump has signed an executive order banning American citizens from using Venezuelan cryptocurrencies. In effect, this means that the petro, recently launched by Venezuelan president Nicolas Maduro, is now illegal in the U.S. The controversial cryptocurrency was widely seen as a means to evade economic sanctions imposed by the U.S. The executive …
Litigation, Investigation, and Law Enforcement
Cambridge Analytica: ICO Seeks Warrant to Search London Office (Infosecurity Magazine) The ICO urgently seeks court warrant to enter the CA's London HQ
Salisbury attack: Anger at delays in seizing car linked to Skripals (Times) Police investigating the nerve agent attack on a Russian spy and his daughter have been accused of incompetence after they took more than a fortnight to seize a car linked to the Skripals. The...
Claims of ballot-stuffing taint Putin’s victory in Russian elections (Times) Vladimir Putin secured an overwhelming victory last night in presidential elections marred by widespread reports of vote-rigging and attempts to bolster the turnout. Millions of Russians went to...
Britain must wean itself off Russia’s dirty money (Times) Vladimir Putin has been elected president of Russia for a fourth term amid gloating claims that his turnout was boosted by Britain’s furious reaction to the poisoning in Salisbury of Sergei and...
Ex-French president Nicolas Sarkozy 'arrested over campaign financing' (Sky News) The Former French president is being questioned in connection to alleged Libyan funding for his 2007 election campaign.
What Michael Flynn Could Tell the Russia Investigators (Bloomberg.com) The former national security adviser mingled business with government. That could help Robert Mueller look for similar overlaps among Trump insiders.
McCabe just made life tough for Comey and the special counsel (TheHill) The fired FBI deputy director is lashing out and posing problems for James Comey and Robert Mueller.
Ajit Pai celebrates after court strikes down Obama-era robocall rule (Ars Technica) FCC rule improperly treated everyone with a smartphone as potential robocaller.
Report: Police are now asking Google for data about all mobile devices close to certain crimes (TechCrunch) According to a new report from Raleigh, N.C. television affiliate WRAL, Google might have quietly helped local detectives in their pursuit of two gunmen who committed separate crimes roughly one-a-half years apart. How? According to the story, Raleigh police presented the company with warrants not …
SEC Announces Its Largest-Ever Whistleblower Awards (US Securities and Exchange Commission) The Securities and Exchange Commission today announced its highest-ever Dodd-Frank whistleblower awards, with two whistleblowers sharing a nearly $50 million award and a third whistleblower receiving more than $33 million. The previous high was a $30 million award in 2014.