Cyber Attacks, Threats, and Vulnerabilities
New GoldBrute Botnet is Trying to Hack 1.5 Million RDP Servers (BleepingComputer) A botnet is currently scanning the internet in search of poorly protected Windows machines with Remote Desktop Protocol (RDP) connection enabled.
China 'behind' huge ANU hack amid fears government employees could be compromised (The Sydney Morning Herald) China is the key suspect in the theft of huge volumes of highly sensitive personal data from the Australian National University
Researchers uncover new MuddyWater targeting of government, telecommunications entities (CyberScoop) Undeterred by the reported dumping of its data online, an Iran-linked hacking group has been using malicious documents and files to target telecommunications organizations and impersonate government entities in Iraq, Pakistan, and Tajikistan, researchers said Thursday. The so-called MuddyWater group has been carrying out attacks in two stages against the targets, according to research published by Israeli company ClearSky Cyber Security...
The MuddyWater APT Group Adds New Tools to Their Arsenal (BleepingComputer) The Iranian MuddyWater cyber-espionage group added new attack vectors to use as part of hacking campaigns targeting telecommunication and governmental organizations according to an analysis from the Clearsky Security threat intelligence outfit.
GateHub Users Lose $9.7m to Hackers (Infosecurity Magazine) Cryptocurrency wallets come under fire
Google confirms that advanced backdoor came preinstalled on Android devices (Ars Technica) After Google successfully beat back Triada in 2017, its developers found a new way in.
The RIG Exploit Kit is Now Pushing the Buran Ransomware (BleepingComputer) The RIG exploit kit is now infecting victim's computers with a new ransomware variant called Buran. This ransomware is a variant of the Vega ransomware that was previously being distributed through Russian malvertising campaigns.
Mimikatz and Windows RDP: An Attack Case Study (SentinelOne) How do attackers use mimikatz and Windows Remote Desktop to compromise networks? Find out as we reveal the details behing an "in the wild" attack.
Microsoft dismisses new Windows RDP ‘bug’ as a feature (Naked Security) Researchers have found an unexpected behavior in a Windows feature designed to protect remote sessions.
Threat Spotlight: Modular Malware (Barracuda) Modular malware provides an architecture that is more robust, evasive, and dangerous than typical document-based or web-based malware.
Millions of Exim Mail Servers Exposed to Local, Remote Attacks (BleepingComputer) A critical severity vulnerability present in multiple versions of the Exim mail transfer agent (MTA) software makes it possible for unauthenticated remote attackers to execute arbitrary commands on mail servers for some non-default server configurations.
Another Hacker Selling Access to Charity, Antivirus Firm Networks (BleepingComputer) A threat actor observed on underground hacker forums peddling internal network access to various entities claims to have breached the infrastructure of notable organizations such as UNICEF and cybersecurity companies Symantec and Comodo.
Fortune 500 giant Tech Data exposed customer and billing data (TechCrunch) Security researchers said a security lapse at IT giant Tech Data allowed them to access customer and billing data. The Fortune 500 information technology giant secured an exposed server shortly after researchers Noam Rotem and Ran Locar found and reported the leaking data. The server was running a …
Report: Data Breach at Fortune 500 Tech Company (vpnMentor) The research team at vpnMentor discovered a major data leak at the Tech Data Corporation (NASDAQ: TECD), a Fortune 500 company providing tech products, ...
A backdoor in Optergy tech could remotely shut down a smart building ‘with one click’ (TechCrunch) Homeland Security has given the maximum severity score for a vulnerability in a popular smart building automation system. Optergy’s Proton allows building owners and managers to remotely monitor energy consumption and manage who can access the premises. The box is web-connected, and connects …
Optergy Proton Enterprise Building Management System (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 10.0ATTENTION: Exploitable remotely/low skill level to exploitVendor: OptergyEquipment: Proton/Enterprise Building Management SystemVulnerabilities: Information Exposure, Cross-site Request Forgery, Unrestricted Upload of File with Dangerous Type, Open Redirect, Hidden Functionality, Exposed Dangerous Method or Function, Use of Hard-coded
Panasonic Control FPWIN Pro (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 7.3ATTENTION: Low skill level to exploitVendor: PanasonicEquipment: Control FPWIN ProVulnerabilities: Heap-based Buffer Overflow, Type Confusion2. RISK EVALUATIONSuccessful exploitation of these vulnerabilities could crash the device and allow remote code execution.
Company Advertised American, Canadian, Indian Phone Location Data for Sale (Vice) TeleSign’s advertisement highlights how the sale of phone location data is not restricted just to the United States.
4 in 10 dark net cybercriminals selling targeted FTSE 100 or Fortune 500 hacking services (West) New academic research exposes abundant availability and increased demand for tailored malware, network access and targeted hacking services; requests for customized malware outnumber off-the-shelf by 2:1
Into the Web of Profit: Behind the Dark Net Black Mirror (Bromium) ‘Behind the Dark Net Black Mirror’ is the next chapter of ‘Into the Web of Profit’ study, offering unique insights into the volume and variety of malware and hacking services available on the dark net. The author, Dr. Mike McGuire, tells a compelling story about how this underground trade is threatening enterprises, their employees, customers, …
Second reported data breach in as many days prompts cybersecurity warnings, tips (Healio) The health care diagnostics company LabCorp announced that “unauthorized activity” occurred on the webpage of American Medical Collection Agency, LabCorp’s external collection agency, impacting up to 7.7 million patients. The breach occurred between Aug. 1, 2018, and March 30, 2019 and involved customers’ personal, medical and payment information, but not ordered tests,
A new cyber attack which can mimic a user's personalised keystroke characteristics (SciTech Europa) Cybersecurity researchers have developed a new cyber attack which can mimic a user's personalised keystroke characteristics.
Listen for the log-in: Hackers may glean your password by listening to how you type on your phone (Washington Post) PIN codes, individual letters and whole words can be recovered with the right app, researchers say.
Image-Recognition Technology May Not Be as Secure as We Think (Wall Street Journal) As social networks expand the use of AI-powered image-recognition filters, experts warn that attackers are finding ways to fool them.
How a phone scam tied up a Maryland police call center (Axios) It started receiving 2,500 direct calls a day.
Computer system partially restored after cyber attack (Citizens' Voice) Luzerne County’s computer system, effectively shut down since last week by a cyber attack, continues to recover but will not be fully restored until at least this weekend, according to David Parsnik, county director of administrative services. Servers for
Security Patches, Mitigations, and Software Updates
VMware Patches Vulnerabilities in Tools, Workstation (SecurityWeek) VMware patches high-severity vulnerabilities in Tools and Workstation. Exploitation of the flaws can lead to kernel information leakage, DoS, and arbitrary code execution.
macOS Catalina Brings Several Security Improvements (SecurityWeek) macOS 10.15 Catalina brings several security-related improvements, including an enhanced Gatekeeper, a dedicated read-only volume for the OS, data protections, and support for Activation Lock.
Firefox aims at Google with Enhanced Tracking Prevention (Naked Security) The latest version of Firefox, 67.0.1, features a fully-fledged version of Mozilla’s Enhanced Tracking Protection (ETP) privacy system.
YouTube bans kids’ live-streaming without an adult present (Naked Security) In another step to scrape pedophiles off the bottom of its shoe YouTube is banning youngsters from live-streaming without adult supervision.
Cyber Trends
Exabeam’s Annual Look at Security Operations Centers Reveals a Critical Shift in Responsibilities (Exabeam) As C-level executives engage more frequently in incident response and threat hunting, more IT professionals are missing security[...]
The Exabeam 2019 State of the SOC Report (Exabeam) The Exabeam 2019 State of the SOC Report is based on the results of an April 2019 survey of US and UK security professionals who are involved in the management of security operations centers (SOC) across CISO, CIO, management, and analyst roles.
Healthcare Orgs Hit with Destructive Attacks (Infosecurity Magazine) Attacks on healthcare industry are increasingly more targeted, report says.
A Troubled City Reminds Us That Ransomware Is Here to Stay (CyberArk) The massive Robbinhood malware attack on Baltimore is part of a growing trend of ransomware attacks on state and local governments.
Five themes that dominated Infosec 2019 (CRN) Infosecurity Europe is a thermometer for what's hot and what's not in cybersecurity. Here we round up the five recurring themes from around the stands.
High-profile data breaches underline cyber threats to health care industry (TheHill) The recent breach of a billing collection provider for blood testing groups Quest Diagnostics and LabCorp are underlining the serious threats posed to the health care sector from cyberattacks.
Raphael Satter on brilliant spies, terrible spies, and “medium” spies (Columbia Journalism Review) Raphael Satter’s beat at the Associated Press covers straightforward crime reporting and high-tech espionage, with a special fondness for people who are bad at their jobs. His most recent scoop, shared with colleague Isabel Debre, chronicled Facebook’s purge of “coordinated inauthentic activity” on accounts run by an Israeli company called the Archimedes Group, “
Marketplace
'Shoddy' Huawei needs to raise its game, UK cyber official says (Reuters) China's Huawei Technologies needs to raise its "shoddy" security ...
U.K. Cybersecurity Official Says 5G Market Is ‘Fundamentally Broken’ (Wall Street Journal) Ian Levy, technical director of the U.K.’s National Cyber Security Centre, said the concentration of the 5G market in a handful of companies is “insane” and will increase security risks as the superfast networks are installed.
Huawei Strikes a 5G Deal in Russia as the Chinese Tech Giant Remains on U.S. Blacklist (Fortune) "The last thing the U.S. industry wants right now is to have 5G focused in China and Russia," says one analyst.
‘EU strongly backed us amid US spy claims’: Kaspersky Lab boss on friends, hackers & cyber-awareness (RT International) The US crusade against Kaspersky Lab has revealed that the Russian anti-virus company has many friends in the EU, including Germany, France, and Belgium, who value its high-quality cybersecurity products, Eugene Kaspersky told RT.
Bezos Says Amazon Will Bet Even Bigger Despite Antitrust Probes (WIRED) In a speech at an Amazon conference, CEO Jeff Bezos sounded unconcerned by reports that regulators are eyeing the company, potentially for a break-up.
Cyber Insurance and Systemic Market Risk (EastWest Institute) The EastWest Institute (EWI) today released a new report: Cyber Insurance and Systemic Market Risk—developed to provide a framework to better understand and address the systemic nature of cyber risk and the challenges it presents to the burgeoning cyber insurance industry.
GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland (The Last Watchdog) There’s oil in the state of Maryland – “cyber oil.” With the largest concentration of cybersecurity expertise –– the “oil” — in the world, Maryland is fast changing from the Old Line State into “Cybersecurity Valley.” Related: Port Covington cyber hub project gets underway That’s because Maryland is home to more than 40 government agencies […]
CrowdStrike boosts IPO targets 30%, now hopes to raise up to $621M (Silicon Valley Business Journal) The Sunnyvale unicorn's valuation could be as much as $5.9 billion, nearly twice what Palo Alto Networks was valued at when it went public in 2012. It would be the highest valuation ever for a U.S. cybersecurity company on IPO day.
Form S-1/A: CrowdStrike Holdings, (StreetInsider.com) Approximate date of commencement of proposed sale to the public: As soon as practicable after this Registration Statement becomes effective.
Cisco to acquire industrial IoT security firm (CRN Australia) France-based Sentryo specialises in device visibility and security.
This Arlington cyber company recently denied it was for sale. Now, it's being sold for $234M. (Washington Business Journal) Endgame CEO Nate Fick has inked a deal to be acquired by a larger Dutch firm.
Rail System Cybersecurity Firm Cylus Raises $12 Million (SecurityWeek) Rail and metro cybersecurity company Cylus has raised $12 million in a Series A funding round, bringing the total amount raised by the company to date to $17 million.
Thales buys AI specialist (Jane's 360) Thales has announced the acquisition of US-based artificial intelligence company Psibernetic. The French headquartered group said the purchase will allow it to create “certifiable AI” with “explainable AI processes for applications in safety-critical environments”.
Insight leads $120m Series D for software security business SentinelOne (AltAssets) Insight Partners has led a $120m Series D financing round for endpoint security software business SentinelOne.
SentinelOne CEO: Partners unsure of BlackBerry's plans for Cylance (CRN) Tomer Weingarten talks to CRN about taking staff from its competitor and bolstering its UK operations.
Why Splunk Stock Dropped 17.4% in May (The Motley Fool) A shift to more recurring revenue means lower cash flows for now.
Glasswall Solutions Appoints Danny Lopez as Chief Executive Officer (BusinessWire) Glasswall Solutions today announced that Danny Lopez has joined the company as Chief Executive Officer, based in London.
Swimlane Adds Key Hires to Leadership Team (Yahoo) Swimlane, a leader in security orchestration, automation and response (SOAR), today announced several leadership appointments to help drive global expansion in marketing and sales. President and Chief Operating Officer (COO) Jim Hansen, Senior Vice President of Global Sales Tom Smith, and Vice President
Products, Services, and Solutions
Crowdsourced Security Testing that Puts Privacy First (BusinessWire) Synack introduces new workspaces with endpoint control through LaunchPoint+ for enhanced privacy and control during crowdsourced security testing.
Kfivefour Emerges From Stealth And Launches Full Spectrum Red Team Assessments, Training And Penetration Testing Services. (PR Newswire) Kfivefour today emerged from stealth and announced the immediate availability of its full spectrum Red Team...
Siemplify Enhances Security Operations Platform with Advanced Crisis Management and Real-Time Collaboration (Yahoo) Siemplify, the leading independent provider of security orchestration, automation and response (SOAR), today released a new version of its security operations platform. Version 5.0 continues to raise the bar for end-to-end security operations management, adding new capabilities that make security analysts
ADT Selects SonicWall as Exclusive Provider of Managed Cybersecurity Service Offering for SMBs (SonicWall) SonicWall, the trusted security partner protecting more than one million networks worldwide, announces a strategic partnership with ADT Cybersecurity, a leading managed security service provider (MSSP), to provide an exclusive cybersecurity offering to better protect small- and medium-sized businesses (SMB) from the growing volume of cyberattacks.
Milestone Partners Prove Their Skills: 200,000 Course Registrations and Tutorial Views; 10,000 Certifications (Milestone) Within the span of one week in mid-May, the Milestone Learning & Performance group celebrated three important benchmarks
Aporeto Expands Comprehensive Zero Trust Security Solution with Privileged Access Management and Identity-Aware Proxy (BusinessWire) Aporeto announces the availability of Cloud Privileged Access Management (PAM) for infrastructure and Identity-Aware Proxy for modern applications.
How HackerOne's White Hat Army Makes the World a Safer Place (PCMAG) HackerOne CEO Marten Mickos explains how the site offers hacking as a service and lets talented hackers turn a hobby into a potentially lucrative side project.
Honeywell launches industrial IoT platform called Honeywell Forge (ZDNet) The plan is to roll out versions for airlines, industrials and buildings.
Technologies, Techniques, and Standards
Watchdog: Current pipeline security plans weak on cybersecurity, coordination (FCW) The Transportation Security Administration's plans for coordinating pipeline security incidents aren't keeping up with rising threats in cyberspace, according to the Government Accountability Office.
For HHS, blockchain means faster ID management and safer mangoes (Federal News Network) The Department of Health and Human Services already uses blockchain in its acquisition shop to buy bulk items more cheaply, but now the Food and Drug Administration sees it as a tool to manage threats to the global food supply chain.
Protecting Service Revenue from Hackers: Cybersecurity for Connected Maintenance Apps (Infosecurity Magazine) Modern maintenance apps provide on-site history, diagnostics, performance measurement and tunability of systems
Eyeing Russia, Army fields jam-resistant GPS in Europe (C4ISRNET) The decision comes amid a pattern of Russia jamming or disrupting all sorts of communications vital to Western forces in recent years.
Design and Innovation
To win the cyber arms race, give hackers fewer incentives (Washington Technology) Where the rubber meets the road in the battle with hackers is in raising the aggravation levels for the enemy while also lowering incentives.
Research and Development
The Day When Computers Can Break All Encryption Is Coming (Wall Street Journal) Quantum computers will be able to overpower current encryption within a decade. That has security experts scrambling to come up with new ways to protect our data before it is too late.
Legislation, Policy, and Regulation
States Must Explain When a Cyber Attack Might Draw a Violent Reprisal (Defense One) Without clear explanations that affirm rules of the road, countries make it easier for conflicts to spiral out of control.
China says its Russia partnership is designed to blunt US ‘strategic edge’ (Washington Examiner) China and Russia are being pushed into a closer geopolitical partnership by President Trump's foreign policy decisions, a diplomat in Beijing argued Thursday.
US Ambassador to S. Korea urges companies to avoid using Huawei equipment (Hankyoreh) Harry Harris cites long-term security issues and importance of “reliable” suppliers
Cyber security must become an essential part of technology culture: Vice President (The Hans India) Vice President of India M. Venkaiah Naidu has called for out-of-box ideas and innovations to protect data as new advancements in science and technology would pose a big challenge to cyber security.
Canada elections chief says hackers aim to keep people from voting (Reuters) Hackers seeking to interfere in Canada's federal election this October want...
Election Rules Are an Obstacle to Cybersecurity of Presidential Campaigns (New York Times) Security experts warn that time is running out for campaigns to create protections against the cyberattacks and disinformation seen in recent elections.
NGA selects six states for election cybersecurity policy academy (StateScoop) Arizona, Hawaii, Idaho, Minnesota, Nevada and Virginia will spend the next six months studying election security to come up with plans ahead of the 2020 election.
Analysis | The Cybersecurity 202: Stanford group calls for major overhaul on election security. Here are their recommendations (Washington Post) They call it a 9/11 Commission-style report.
The Missing Mandate In Australia’s Efforts To Protect The Finance Sector From Cyber Threats (Information Security Buzz) Australia’s financial services industry regulator has a new information security standard that is set to kick in from July, opening up a potential pathway to a much-needed national intelligence-led attack simulation scheme for the industry. The Australian Prudential Regulation Authority’s (APRA) incoming CPS 234 standard on information security, which late last year was fast-tracked “due …
NDAA draft focuses on AI, cyber oversight (FedScoop) A key defense subcommittee aims to increase its oversight of the Department of Defense’s cyber-activity, artificial intelligence development and technology acquisition in a draft of the 2020 National Defense Authorization Act it approved Tuesday. The House Armed Services Subcommittee on Intelligence and Emerging Threats and Capabilities wants to require the Pentagon to file more reports on several …
The Snowden Effect, Six Years On (Just Security) Reforms inspired by Edward Snowden's disclosures six years ago about the NSA's warrantless electronic surveillance still fall woefully short.
DoD cyber ops are changing, and so is oversight (Fifth Domain) The first draft of the annual House defense authorization bill has several provisions aimed at understanding DoD's new cyber posture.
Blocking Robocalls to Get Easier Under New FCC Policy (Wall Street Journal) Phone companies have more freedom to block robocalls after U.S. regulators moved to protect them from the legal consequences of doing so.
Going All In to Stop Scam Robocalls- Senate Approves TRACED Act (Neustar Blog) Sooner than expected, but not soon enough for most consumers, the United States Senate has approved amendments to the TRACED Act to take on robocalls.
Nuclear Energy Regulators Need to Bring on More Cyber Experts, Watchdog Says (Nextgov.com) Cyberattacks on nuclear power stations on the rise, and an aging workforce may soon leave the government struggling to defend plants against the latest threats.
DHS cyber deficiencies are improving, says watchdog (Fifth Domain) While deficiencies in the department’s overall patch management process and shortfalls with weakness remediation and security awareness training activities were reported, these are being addressed alongside a FEMA data breach.
Lawmakers Question FBI’s Facial Recognition Program (Defense One) The bureau for years ignored concerns about the accuracy and transparency of its facial recognition efforts, and the House Oversight Committee isn’t happy about it.
Health care data hacks drawing attention of Congress (BenefitsPRO) Senators wrote to Quest Diagnostics asking about its recent breach, one of a growing number of such incidents in the health care sector.
Fort Gordon and U.S. Cyber Center of Excellence have new commander (WFXG) The change of command ceremony took place on post Thursday, June 6. Major General John B. Morrison relinquished his command over to incoming commander Major General Neil S. Hersey.
Litigation, Investigation, and Law Enforcement
Facebook Revamps Defense Team as Antitrust Scrutiny Increases (Wall Street Journal) Facebook has been revamping the leadership of its defense teams in the face of what is potentially the most serious antitrust threat to the company in its 15-year history.
Extradition hearing for Huawei CFO set for early 2020 (CTV News Vancouver) British Columbia's Supreme Court has accepted a proposal by the defence team for Huawei executive Meng Wanzhou that would see her extradition hearing begin Jan. 20, more than a year after she was taken into custody.
Australian Police Collect 9K+ Docs in ABC Raid (Infosecurity Magazine) A raid on the Australian Broadcasting Corp. is a sign that journalists may need to do more to protect their data and sources.
Gang charged with $19 million iPhone scam (Naked Security) It was a well-oiled business, with Top Dogs fencing devices, forgers cooking up fake IDs with stolen PII, and runners ripping off phones.
Privacy watchdog criticizes Cathay Pacific over 2018 data breach (Reuters) Airline Cathay Pacific has been found to have not followed data protection princ...