Cyber Attacks, Threats, and Vulnerabilities
Tenable Research Advisory: Critical Schneider Electric InduSoft Web Studio and InTouch Machine Edition Vulnerability (Tenable™) Tenable Research recently discovered a new remote code execution vulnerability in Schneider Electric’s InduSoft Web Studio and InTouch Machine Edition.
Fancy that, Fancy Bear: LoJack anti-laptop theft tool caught phoning home to the Kremlin (Register) Stolen PC locator plays double agent, say researchers
Medical devices vulnerable to KRACK Wi-Fi attacks (Naked Security) Some KRACKs still haven’t been papered over.
Privilege Escalation Bug Lurked in Linux Kernel for 8 Years (SecurityWeek) A security vulnerability in a driver leading to local privilege escalation in the latest Linux Kernel version was introduced 8 years ago, Check Point reveals.
Fake Flash Updates with a side of Domain Shadowing (RiskIQ) Fake Flash download pages have come to be a marker for all manners of malicious activity— exploit kits, Trojans, digital currency miners, phishing, etc.
Botnet Operators Cash in on Travel Rewards Program Credentials (Flashpoint) Specialty shops in the Russian-language underground are advertising login credentials for travel and hospitality rewards program accounts that were likely obtained incidentally while operating a botnet.
The Majority of Travel Booking Sites Fail Basic Security Tests. Here’s How to Protect Yourself (Money) Start implementing these preventative measures now.
A Remote Hack Hijacks Android Phones Via Electric Leaks in Their Memory (WIRED) Dutch researchers have pushed the mind-bending Rowhammer hacking technique one more step towards a practical attack.
Security Holes Make Home Routers Vulnerable
(Infosecurity Magazine) Researchers discovered two vulnerabilities in a popular home router used by more than a million people.
Nigerian Email Scammers Are More Effective Than Ever (WIRED) Move over Nigerian Princes. A new generation of "Yahoo boys" are fine-tuning social engineering techniques and targeting small businesses.
What’s so special about the SamSam ransomware? [VIDEO] (Naked Security) SamSam ransomware: fewer victims, but bigger disruption and a higher decryption price if you get caught. Here’s what to do to stay safe.
Shutting out SamSam ransomware (Sophos News) 4 simple tips for improving your protection against targeted ransomware
Ransomware ‘Gold Rush’ looks finished, but threat remains warns F-Secure (TechSource International) A new F-Secure report finds that ransomware attacks exploded in 2017 thanks to WannaCry, but a decline in other types of ransomware signals a potential shift in
5 things to know about the cyber attack on Knox Co. election commission (WBIR) The most important thing to note---- the cyber attack did not impact the voting results in Knox County. It just delayed them getting to the public.
Security Patches, Mitigations, and Software Updates
Schneider Electric Patches Critical RCE Vulnerability (Threatpost) Researchers found a critical remote code execution vulnerability afflicting two Schneider Electric products that could give attackers to disrupt or shut down plant operations.
Heart Implants Recalled over Hack Fears (Computer Business Review) The US FDA has recalled an estimated 465,000 ICD a small device used to help treat irregular heartbeats – for firmware updates.
Product security bulletin for WPA2 "KRACK" Wi-Fi Vulnerability (Becton Dickinson) BD is monitoring the developing situation with a recently disclosed set of vulnerabilities found in the WPA2 protocol...
Microsoft patches Docker remote code execution bug (iTnews) No evidence of public exploit.
Microsoft Working on a Fix for Windows 10 Meltdown Patch Bypass (BleepingComputer) Microsoft's patches for the Meltdown vulnerability have had a fatal flaw all these past months, according to Alex Ionescu, a security researcher with cyber-security firm Crowdstrike.
Cyber Trends
Cybercriminals are exposing oil and gas — but the industry is turning a blind eye (Business Insider) The oil gas industry is one of the most targeted industries by cyber threats. But the industry has been turning a blind eye to the issue, spending almost nothin
The existing focus on control system cyber security is not appropriate (Control Global) The focus of control systems is reliability, availability, productivity, and safety which is directly affected by field devices such as process sensors, actuators, and drives. Yet the focus of cyber security has been on networks and data. There is also a lack of understanding of control systems.
Forcepoint VP says no automatic fix to rising cyber threats (The Economic Times) Forcepoint has unveiled what it calls a risk-adaptive protection solution that assesses risk and automatically provides proportional enforcement that can be dialed up or down.
Automation Exacerbates Cybersecurity Skills Gap (Dark Reading) Three out of four security pros say the more automated AI products they bring in, the harder it is to find trained staff to run the tools.
Two-Thirds of IT Professionals Believe Their Endpoint Security Tools Won't Prevent a Major Attack (Security Intelligence) According to a recent survey, two-thirds of security professionals believe their endpoint security tools are insufficient to protect their organizations from malware.
Fifty-Two Percent of Europeans are Open to Federated Identification, Finds Unisys Survey (PR Newswire) According to a new survey from Unisys Corporation (NYSE: UIS),...
Marketplace
Cambridge Analytica announces closure (CNN) Cambridge Analytica, the embattled data firm that worked on Donald Trump's 2016 presidential campaign, announced it is shutting down operations.
Firefox isn’t adding ads, it’s ‘sponsored content’ (Naked Security) Mozilla promises all the revenue-generating analytics, none of the privacy-skewering.
Insuring Uncle Sam’s cyber risk (CSO Online) The insurance sector needs to have panel members that are already cleared and approved by the DoD in advance of a cyber incident being reported and arguably before coverages are agreed upon within the four corners of an insurance policy.
Trusted Key Closes New Funding to Accelerate Secure Digital Identity Adoption (BusinessWire) Trusted Key Solutions Inc., a blockchain-based secure digital identity company, today announced that it has raised $3 million (USD) as part of a seed
Carbon Black IPO: 5 things to know about the cloud-based cybersecurity company (MarketWatch) Cybersecurity company Carbon Black Inc. is looking to be the next big tech IPO on Friday, as 2018 has seen a big revival in tech startups going public, especially those that are focused on cloud-based product offerings.
CACI takes $407M CDM cyber task order (Washington Technology) CACI International wins a potential $407.2 million task order to help implement cybersecurity tools as part of the government-wide Continuous Diagnostics and Mitigation program.
Ways for MSSPs to Survive in the New Infosec Age (Infosecurity Magazine) To remain competitive, MSSPs must change their mindsets to do more with less.
Here’s the Steve (not Jobs) who should have been mentioned at Maryland’s big cyber groundbreaking (Washington Business Journal) Without the efforts of this particular Steve, Gov. Larry Hogan probably doesn’t get away with proclaiming Maryland “the cyber capital of America."
Comodo Cybersecurity Names Steve Subar President and Chief Executive Officer (PR Newswire) Comodo Cybersecurity, a leader in innovative cybersecurity solutions,...
Attivo Networks® Expands Senior Leadership Team, Announces Steve Troyer as New Vice President of Business Development (Business Insider) Attivo Networks®, the leader in deception solutions for cybersecurity defense, today named Steve Troyer ...
Risk Intelligence recruits execs from Cobham and Maersk (ShippingWatch) Security analyst firm Risk Intelligence establishes a new organization. Employees from Cobham and Maersk Line are the first of a series of hires in the months to come, CEO Hans Tino Hansen tells ShippingWatch.
Zscaler Announces Departure of COO; Provides Date for Third Quarter Earnings Release (GlobeNewswire News Room) Zscaler, Inc. (NASDAQ:ZS), the leader in cloud security, today announced that William Welch has resigned as the company’s chief operating officer. Mr. Welch will remain with the company through May 14, 2018.
Centrify Hires Industry Veteran Mike Mooney as Chief Revenue Officer (BusinessWire) Centrify today announced that it has appointed Mike Mooney as Chief Revenue Officer.
Products, Services, and Solutions
SecBI to Support Orange Polska in Augmenting Its Managed Cyber Services (PR Newswire) SecBI, a disruptive player in automated cyber threat...
Ever AI Extends Product Suite with First U.S. Based Liveness Detection Offering (GlobeNewswire News Room) New features improve security for enterprise authentication and digital payments customers
Comodo CA and DonDominio Partner in Spain to Deliver a Unified Platform for Managing Domains, Hosting Plans and TLS/SSL Security (GlobeNewswire News Room) Spanish market sees an increased need for EV certificates due to the exponential growth in phishing attacks; EV certificates identify legitimate sites
FHOOSH Advances Government/Defense Cybersecurity Focus With Addition of Custom High-Speed Accelerator Kit, New Expert Advisor (PRWeb) High-speed cybersecurity leader FHOOSH™, Inc. has released its Government/Defense Custom Accelerator Kit to jumpstart government, military and first responder team
Iron Mountain Introduces Iron Cloud Critical Protection and Recovery to Safeguard High-value Data (PR Newswire) Iron Mountain Incorporated® (NYSE: IRM), the global leader in storage and...
NorthState Technology Solutions Introduces Multi-Cloud Exchange (PR Newswire) NorthState Technology Solutions, a secure cloud and IT solutions...
Streamr and Fysical to partner to reshape human location data market (Medium) One of the world’s largest providers of human location data to the advertising industry is changing its business model in the wake of the…
Comprehensive OT Cybersecurity from Nozomi Networks & Fortinet (Nozomi Networks) At the RSA Conference in San Francisco, many CISOs and IT leaders shared that OT risk management, defense and resiliency topped their must-have list.
Nozomi Networks and Fortinet deliver one ‘knock-out’ IT/OT cybersecurity solution for network and operational visibility, risk assessment, and proactive defense. Read on to see how it tackles two of the most common OT use cases.
Virtustream Makes Security Risk Management SaaS-Y With Viewtrust (SDxCentral) Cloud company Virtustream launched a software-as-a-service (SaaS) version of its risk management and compliance monitoring product Viewtrust. The move exten
Thinfilm debuts CNECT Blockchain Services for product provenance, supply-chain traceability, secure transfer of ownership (Computer Technology Review) Thin Film Electronics ASA launched on Wednesday CNECT Blockchain Services to enable product traceability and secure transfer of ownership capabilities in the CNECT Cloud Platform.
ESET's Free Cybersecurity Awareness Training Program Now Gamified (IT News Online) ESET announced that the latest version of its free ESET Cybersecurity Awareness Training program now includes new interactive and
British port deploys AI system to keep attackers at bay (Computing) Port IT chief claims that conventional cyber security methods are no longer working
Technologies, Techniques, and Standards
Why a NATO team defended a made-up country’s infrastructure (Fifth Domain) NATO is working on coordinating its cyber defense across the alliance. But is the organization too large to effectively respond to cyber attacks?
ECB designs cyber attack simulation for financial firms (Reuters) The European Central Bank has designed a new test simulating cyber attacks on banks, stock exchanges and other firms that are critical for the functioning of the financial system, it said on Wednesday.
The critical need for automation in agency cyber defense (GCN) With a system of integrated, orchestrated security solutions, agencies can shorten the time to detection so that forensic analysis can begin immediately and defenses hardened.
USAF expects challenge in certifying modernised nuclear weapon systems for cyber age (Jane's 360) The USAF expects a challenge with certifying revamped nuclear weapon systems for cyber. Its legacy ICBMs, aircraft, and cruise missiles were certified long before the internet era.
Industry CMO on the Downstream Risks of "Logo Disclosures" (SecurityWeek) Failures in the coordinated approach to vulnerability disclosures can seem attractive from an initial marketing perspective, but are damaging to both the industry and its users.
Who’s in Charge of IoT Security? The Role of the CSO Referee (Data Center Knowledge) IoT is creating a push-pull environment within organizations, with operations pushing to take advantage of IoT-enabled technology and IT pulling back due to security concerns.
5 Critical Reasons Why SMBs Should Outsource Tech Support (TechStory) Deciding to outsource is a big decision, which can save at least 40% of your costs over a period. Here are 5 critical reasons why SMBs should outsource tech support.
Design and Innovation
Windows 10: We're going to kill off passwords and here's how, says Microsoft (ZDNet) Microsoft wants to banish 'inconvenient, insecure, and expensive' passwords. So what's going to replace them?
Five reasons to kill off passwords as we know them (Future Five) Centrify, a provider of Zero Trust Security are calling for the end of password protection.
Your next bank card will have a fingerprint scanner built-in (WIRED UK) Mastercard says it is ready to issue thousands of biometric bank cards as its fingerprint scanners become useful
Machine learning use case to ID unhappy employees (SearchCIO) A machine learning use case at Telus International is helping the IT services company better predict who might be on the verge of quitting.
Ludwig Wittgenstein was one of the great 20th-century philosophers. He also invented the emoji (Quartz) Eighty years ago, philosopher Ludwig Wittgenstein had a brainwave.
iPhone’s weirdest glitch yet: Ask Siri to define “mother” twice, learn a bad word (Ars Technica) Hint: Four syllables, rhymes with "other shucker."
Research and Development
Companies Grapple With AI’s Opaque Decision-Making Process (Wall Street Journal) Artificial intelligence is becoming more pervasive as companies look to drive innovation and competitive advantage, but some executives say they are coming up against a big challenge: advanced AI systems are not able to explain how they make decisions.
What the Pentagon is learning from its massive machine learning project (C4ISRNET) Project Maven has already deployed in five or six locations across Africa and the Middle East. Here's what officials are learning from those deployments so far.
Facial Recognition for Robots Advances With AI, Machine Learning (Robotics Business Review) Software improvements and better vision are helping facial recognition grow beyond security use cases. Future robots will not only know who you are, but how old you are, your gender, and emotional state to provide better service.
Academia
NYU and NY Cyber Command team up to offer cheap cybersecurity education and training (SC Media US) Earlier this year NYU Tandon School of Engineering and New York's Cyber Command joined forces to announce one of the country's most affordable Cybersecurity Master's Degree in the form of its NY Cyber Fellows program.
Legislation, Policy, and Regulation
Trump administration may throw out PPD-20, the approval process for cyber warfare (Cyberscoop) The White House is looking to rescind PPD-20, a memorandum that helps guide the use of government-backed hacking operations.
Russian government strengthening national cyber-security prior to World Cup (SC Media UK) The Russian government, together with the national special services, is continuing strengthening the country's cyber-security prior to the World Cup.
U.S. Weighs Curbs on Chinese Telecom Firms Over National-Security Concerns (Wall Street Journal) The Trump administration is considering executive action that would restrict some Chinese companies’ ability to sell telecommunications equipment in the U.S., based on national-security concerns.
How the U.S. Government Learned to Stop Worrying About The Global Internet and Kicked Russians Off Its Networks (Nextgov.com) The Obama administration was willing to accept some risks to keep global tech markets free and flowing. That era’s over.
McCain book: US should consider cyberattack to punish Putin (Defense News) In his book, set to launch later this month, Sen. John McCain says it’s time for America to go on the offensive in the information war with Russia.
Tech giants hit by NSA spying slam encryption backdoors (ZDNet) The tech coalition includes Apple, Facebook, Google, Microsoft, and Verizon and Yahoo's parent company Oath — all of which were hit by claims of complicity with US government's surveillance.
Lawyers, security specialists sort through Privacy Shield impact on new EU data rule (Inside Cybersecurity) The impact of the U.S.-European Union Privacy Shield on companies' compliance with the separate EU General Data Protection Regulation -- taking effect on May 25 -- continues to be a matter of debate and speculation among corporate security professionals and attorneys as GDPR implementation nears.
Should I retweet this? What does the Hatch Act say? (FederalNewsRadio.com) The federal agency that enforces compliance with the Hatch Act offers new guidance to federal employees on the use of political commentary in social media.
A new leader for Army Cyber Command (Fifth Domain) Maj. Gen. Stephen Fogarty was nominated to be the next commander of Army Cyber Command.
Litigation, Investigation, and Law Enforcement
Russia Isn’t Just Interfering in Elections Around the World. It’s Doing Something Far Worse (Atlantic Council) Russian President Vladimir Putin will stop at nothing in his hunt for dissidents abroad. In his determination, he has found some powerful allies within Western democracies—a practice that should alarm those who prize justice and the rule of law.
Xerox Fires CEO After Manhattan Supreme Court Defeat (New York Law Journal) Faced with a devastating court ruling, Xerox on Tuesday threw in the towel, firing its CEO and half of its board of directors to resolve a proxy contest.
Leidos's Treatment of Female Whistle-Blower Gets Pentagon Review (Bloomberg.com) Defense Department attorneys are reviewing possible disciplinary action against Leidos Holdings Inc. after the Pentagon’s inspector general backed allegations that the information technology company retaliated against a female subcontractor for complaining of a hostile work environment.
How to safely be a whistleblower in your organization (ExpressVPN) An ExpressVPN guide detailing how to blow the whistle on a company or organization. Part 1 looks at how and why you should become a whistleblower.