Cyber Attacks, Threats, and Vulnerabilities
UK says it warned 16 NATO allies of Russian hacking activities (ZDNet) UK warns of Russian global hacking campaign targeting critical infrastructure and government networks.
Intelligence agencies brief 2020 campaigns on cybersecurity, espionage issues (CNN) The US intelligence community has briefed presidential campaigns on potential cybersecurity and espionage issues they may face ahead of the 2020 election.
US officials say foreign election hacking is inevitable (Fifth Domain) Comments before a House subcommittee by representatives from the Departments of Justice and Homeland Security underscored the challenges for federal and state governments in trying to ward off interference from Russia and other countries in the 2020 election.
Ex-Mossad director says cyber attacks pose biggest threat to free world (CBS News) On "Intelligence Matters" this week, Tamir Pardo told CBS senior national security contributor Michael Morell that cyber attacks are a "soft and silent nuclear weapon"
Security firm: North Korean hackers shifted focus from causing chaos to acquiring money (UPI) A group of suspected North Korean hackers seem to have shifted their focus to earning hard currency for the impoverished country since 2016, a global cybersecurity firm said Thursday.
Serial publisher of Windows 0-days drops exploits for 3 more unfixed flaws (Ars Technica) SandboxEscaper has published 7 such exploits to date, 3 in the past 24 hours.
Deutsche Bank Says Software to Detect Money Laundering Had a Bug (New York Times) The bank’s acknowledgment that faulty software had been used to screen transactions for suspicious activity came a day before executives prepared to face restive investors at an annual meeting.
Thangrycat: a deadly Cisco vulnerability named after an emoji (Boing Boing) Thangrycat: a deadly Cisco vulnerability named after an emoji
Some Androids don’t call 911 when you tell them to call an ambulance (Naked Security) Sometimes you get a list of ambulance companies, sometimes a blog post on when it’s OK to call an ambulance.
Security Patches, Mitigations, and Software Updates
Patch now! Why the BlueKeep vulnerability is a big deal (WeLiveSecurity) Here's what you need to know about the high-severity security hole that could be exploited for WannaCryptor-style attacks.
Don’t break Windows 10 by deleting SID, Microsoft warns (Naked Security) Sometimes it’s best not to tinker under the hood – especially when it comes to security IDs.
Cyber Trends
IoT in the Enterprise (Zscaler) An analysis of traffic and threats
Cyber Intelligence Tradecraft Report: The State of Cyber Intelligence Practices in the United States (Study Report and Implementation Guides)searchmenuicon-carat-rightcmu-wordmark (Carnegie Mellon University Software Engineering Institute) This report details the findings of a study the SEI conducted at the request of the United States Office of the Director of National Intelligence. In the report, we present current best practices and common challenges in cyber intelligence.
Online Privacy Is a Right, Not a Luxury (PCMAG) The tech industry is finally waking up to the fact that people care about their privacy. But current solutions all come at too high a cost in money or time to the end user, according to security expert Max Eddy.
Marketplace
China Surveillance Tycoons Lose Billions From Threat of U.S. Sanctions (Bloomberg) Fortunes of Hikvision and Dahua billionaires have tumbled. Losses deepened Wednesday on reports of potential blacklisting.
Huawei faces break with UK chip giant ARM (BBC News) Chinese company is dealt an "insurmountable" blow as chip designer says it must comply with US trade ban.
Huawei faces break with UK chip giant ARM (BBC News) Chinese company is dealt an "insurmountable" blow as chip designer says it must comply with US trade ban.
U.S. blacklisting of Huawei prompts European firms to follow suit (Washington Post) A key chip designer and British telecom companies suspend some dealings with the Chinese tech giant.
Can Huawei fight back against its trade ban? (The Verge) What happens after the White House’s executive order?
Equifax just became the first company to have its outlook downgraded for a cyber attack (CNBC) Moody's said it's downgrading the outlook for Equifax from stable to negative, citing ongoing fallout from the company's 2018 data breach.
Facebook Curbs Incentives to Sell Political Ads Ahead of 2020 Election (Wall Street Journal) Facebook said it stopped paying commissions to employees who sell political ads, as it overhauls how it engages with campaigns ahead of elections in 2020.
Former Facebook executive thinks Mark Zuckerberg should step aside as CEO (Silicon Valley Business Journal) “There’s a legit argument that he has too much power,” Alex Stamos, the company's former chief security officer, said Tuesday.
Does Alphabet’s CEO have the right to be forgotten? (Quartz) The CEO of Alphabet, one of the most valuable companies in the world, hasn't been heard from in years. Should we be ok with that?
Hunters.AI Raises $5.4M Seed Round to Equip Cybersecurity Teams with the First Autonomous Threat Hunting Machine (BusinessWire) Hunters.AI, the pioneer in autonomous threat hunting, today announced $5.4M in seed funding for its mission to accelerate cyber threat response and fi
DISA, DSS award second OTA to build governmentwide security clearance system | Federal News Network (Federal News Network) The Defense Department awarded a $75 million other transaction agreement to Perspecta, the contractor it hired a year ago to construct a separate piece of the National Background Investigation System.
KB4-Con 2019 Trip Report (Cyber Defense Magazine) Take a Deep Dive Against the Wave of New Threats and Compliance Risks
Siemens, Alphabet's Chronicle forge cybersecurity partnership | ZDNet (ZDNet) Chronicle's Backstory platform will be combined with Siemens' cybersecurity tools for the energy industry.
ZTE opens cybersecurity laboratory in Italy (RCR Wireless News) The cybersecurity laboratory aims to provide global customers, regulators and other stakeholders with security assessment and audit services
Products, Services, and Solutions
Infocyte Launches First Agentless Cloud Workload Protection Platform, (PRWeb) Infocyte, a pioneer in proactive threat detection and instant incident response (IR), today announced the availability of Infocyte HUNT Cloud for Amazon Web Ser
Public Launch & Funds for Personal Data Management Network Veriglif (Medium) Veriglif, the world’s first Personal Data Network, has announced their official public launch with ten network partners and access to over 5 million consumer datagraphs, as well as achieving significant fundraising milestones.
SigmaDots & Telit Join Forces to Strengthen IoT Cybersecurity (SigmaDots) SigmaDots blockchain-based solution enables protection for IoT and IIoT systems
Sure to Offer Trustwave Managed Security Services in the Channel Islands and Isle of Man (Trustwave) Trustwave and Sure, a leading telecommunications provider serving the Channel Islands and Isle of Man announced a partnership to offer Trustwave Managed Security Services and other cybersecurity solutions.
Enveil Advances the Secure Usage of Data with ZeroReveal™ 2.0 (West) Enveil, the pioneering data security company protecting Data in Use, today announced the release of its enhanced ZeroReveal™ solutions for secure data usage.
Kali Linux Ethical Hacking OS Now Supports More Than 50 Android Devices (softpedia) Kali Linux 2019.2 is now available for download
Carahsoft to Resell Keeper Security Platform Through Government Contracts (ExecutiveBiz) Carahsoft has agreed to distribute Keeper Security' password management and encryption platform to public sector agencies via three government contracting vehicles and reseller partners. Agencies can procure the cybersecurity offering from Carahsoft through NASA's Solutions for Enterprise-Wi
SEGA turns to Palo Alto Networks for cybersecurity protection (Security Brief) When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.
Tenable Expands Cyber Exposure Ecosystem (AP NEWS) Tenable®, Inc., the Cyber Exposure company, today announced the expansion of its Cyber Exposure ecosystem with 19 new and enhanced technology integrations.
Panda protects the skies with innovative security solution: how NAC secured its network (ITWeb) Panda's Adaptive Defense 360 solution protects NAC from traditional and advanced threats such as exploits, insider attacks and hacking attacks.
Technologies, Techniques, and Standards
Analysis | The Cybersecurity 202: Top cybersecurity companies are pooling their intel to stop cyberattacks (Washington Post) It's like everyone in a neighborhood locking their doors at once.
Panel: all vulnerable to cyber crime so collaboration needed (The Augusta Chronicle) A panel of experts Wednesday said more collaboration and cross-talk is needed to combat cyber crime threats faced by the public and private sector alike.
Microsoft Joins MANRS to Improve Routing Security | Internet Society (Internet Society) The Mutually Agreed Norms for Routing Security (MANRS) initiative, supported by the Internet Society, today announced that Microsoft has joined the program whose primary objective is to reduce the most common threats to the Internet’s routing system. Routing security is vital to the future and stability of the Internet. …
Big Changes Coming to NTC: Drone Swarms, Communication Headaches (Military.com) In addition to fighting an armored opposing force, BCTs will soon have to face a greater drone presence here.
Marines want their phones and tablets to handle classified data (C4ISRNET) The Marine Common Handheld program will provide secure mobile computing at the tactical edge.
For the Air Force, not every record needs to be on paper (C4ISRNET) Better data entry means better data and more time for maintenance.
Emsisoft releases a free decrypter for the GetCrypt Ransomware (Emsisoft | Security Blog) Emsisoft releases ransomware decrypter for GetCrypt.
Killing Wannacry: How to Eradicate Ransom.Wannacry for Good | Symantec Connectlogo-symantec-dark-source (Symantec) Symantec helps consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. The Symantec Connect community allows customers and users of Symantec to network and learn more about creative and innovative ways to use Symantec products and technologies.
The Supply Side: Walmart cybersecurity team handles over 200 billion events annually - Talk Business & Politics (Talk Business & Politics) Data breaches are always on the minds of retailers regardless of their size. In brick-and-mortar stores or online, all retailers face millions of hacker threats each day. Walmart recently held...
Design and Innovation
Security’s not that funny, but maybe it should be (Computerworld) Sometimes a single experience or just one data point can radically reshape an individual’s entire outlook — at least, that was the case for Michael Madon, the senior vice president and general manager of security awareness and threat intelligence products at Mimecast.
WannaCry-Infested Laptop Starts at $1.13M in Art Auction (Threatpost) The "bestiary" houses six historical threats that combined resulted in at least $95B in damages worldwide.
Malware-ridden laptop auction bids top $1m (BBC News) The laptop is infected with six notorious strains, including WannaCry and ILoveYou.
Research and Development
HAC Pumps Up NIST Research On Emerging Tech (Breaking Defense) House Appropriators add millions of dollars to the National Institute of Standards & Technology's work on AI, cybersecurity, quantum computing, 3D printing, and 5G telecommunications.
Academia
Security executives join new Virginia Tech Fellows Program (VT News) The inaugural cohort of the fellows program includes distinguished leaders working in the security community with backgrounds in both industry and government.
Legislation, Policy, and Regulation
42 Countries Agree to International Principles for Artificial Intelligence (Nextgov.com) The Organisation for Economic Co-operation and Development released its global standards, which aim to ensure AI is designed to be robust, safe, fair and trustworthy.
NATO warns Russia of 'full range' of responses to cyberattack (France 24) NATO warns Russia of 'full range' of responses to cyberattack
Reeducation Returns to China (Foreign Affairs) It is possible to see how Xinjiang’s reeducation drive could end up influencing the nation’s future social credit system: those who end up falling below a certain score could be required to undergo reeducation treatments to greater or lesser degrees.
Budget sought for telecom equipment malware checks (NHK WORLD) Japan's government will seek funding in the next fiscal year's budget for studies to detect telecommunications equipment with malicious functions.
The case against Huawei, explained (The Verge) China’s biggest phone maker is in deep, deep trouble
Hikvision faces Trump ban: Chinese security giant is behind more than one million UK CCTV cameras (The Telegraph) More than one million surveillance cameras in the UK - including at airports and in NHS trusts - were built by a Chinese company the US is considering blacklisting over security fears.
What we know about the Chinese companies that could come under US scrutiny (The Telegraph) Across the UK, more than a million CCTV cameras made by Chinese businesses have been installed everywhere from hospitals and universities to buses and business parks.
Bipartisan House bill calls for strategy to protect 5G networks from foreign threats (TheHill) Rep. Abigail Spanberger (D-Va.) and five other bipartisan House members on Tuesday introduced a bill meant to protect U.S. telecommunications networks from national security threats from companies such as the Chinese firm Huawei.
U.S. lawmakers want to help rural telecoms replace Huawei, ZTE equipment (Metro USA) A bipartisan group of U.S. lawmakers introduced legislation on Wednesday to provide about $700 million in grants to help U.S. telecommunications providers with the cost of removing Huawei equipment from their networks.
China cuts taxes on circuit industry in face of US pressure (WJAX) With negotiations on hold and tariffs piling up, the United States and China appear to be bracing for a prolonged standoff over trade.
Can Congress Bolster Energy Cyber Protections? (Forbes) Can Congress legislate better cybersecurity or will government and industry partnerships based on best practices run circles around legislative and regulatory mandates?
U.S. election cybersecurity agency staff 'strained to the breaking... (Reuters) As the U.S. government prepares to defend the 2020 presidential election from cy...
Could an advisory board help intel innovation? (C4ISRNET) The latest Intelligence Authorization Act, which was approved by the Senate Select Committee on Intelligence on May 14, would establish an advisory board for the National Reconnaissance Office.
Chief of Naval Operations Engages Navy Cyber and Cryptology (DVIDS) Chief of Naval Operations (CNO) Adm. John Richardson held an all-hands call for Navy personnel while visiting the National Security Agency/Central Security Service (NSA/CSS), May 21.
Litigation, Investigation, and Law Enforcement
EU regulator launches probe into Google over data privacy (CNBC) Ireland's privacy watchdog, which leads supervision of Google in the EU, launched an inquiry into the firm's online advertising practices.
Gerelateerde websitesBlijf op de hoogteOver (FIOD) On 22 May the FIOD and the Public Prosecution Service took one of the largest online mixers for cryptocurrencies offline, named Bestmixer.io. This operation deals a severe blow to the concealment of criminal flows of money by mixing cryptocurrencies such as bitcoins. Six operational servers have been dismantled and seized in the Netherlands and Luxembourg. …
Cryptocurrency Laundering Service, BestMixer.io, Taken Down by Law Enforcement (McAfee Blogs) A much overlooked but essential part in financially motivated (cyber)crime is making sure that the origins of criminal funds are obfuscated or made to
DeSantis orders ‘top priority’ cybersecurity review of state, county election systems (Miami Herald) Describing it as a “top priority,” Gov. Ron DeSantis on Wednesday directed Secretary of State Laurel Lee to immediately start a review of the security of state and county election systems after disclosures about Russian hacking during the 2016 campaign.
SEAL’s trial delayed as defense seeks info on email snooping (Washington Post) A judge has delayed the court-martial of a Navy SEAL accused of murder while lawyers resolve questions over whether the government’s monitoring of emails compromised his right to a fair trial
SEAL defense claims prosecution withheld information from judge about email spying (Military Times) The trial for Special Operations Chief Edward Gallagher, the Navy SEAL accused of murdering an injured teenage ISIS fighter in Iraq in 2017, has been delayed amid a whirlwind of allegations that the prosecution in the case was illegally spying on defense attorneys and a journalist while withholding information from the judge.
Maria Butina: jailed for the crime of being Russian (Spectator USA) Maria Butina has seen the worst of America first hand: namely its egregious prosecutorial excesses and susceptibility to overwrought, irrational paranoia
Ransomware Cyber Attack on Baltimore City Services Investigated by FBI (CBN News) More than two weeks after a cyber attack, 10,000 of Baltimore's city government computers remain frozen.