Cyber Attacks, Threats, and Vulnerabilities
Flirting With IDA and APT28 (Threat Vector) This blog shares a methodology used to develop Hex-Rays' Interactive Disassembler (IDA) signatures created as part of pre-analysis for a recently published APT28 sample. This will allow an analyst to focus on the malicious code while disregarding the statically linked Poco framework functions.
Buhtrap Group Used Windows Zero-Day in Government Attack (SecurityWeek) One of the Windows zero-days patched by Microsoft with its July 2019 updates was used by the Buhtrap group to target a government organization in Eastern Europe.
Hack Brief: A Card-Skimming Hacker Group Hit 17K Domains—and Counting (WIRED) Magecart hackers are casting the widest possible net to find vulnerable ecommerce sites—but their method could lead to even bigger problems.
Magecart Breaches Websites Via Misconfigured Amazon S3 Buckets (RiskIQ) Magecart has automated the process of compromising websites with skimmers by actively scanning for misconfigured Amazon S3 buckets.
New Android malware replaces legitimate apps with ad-infested doppelgangers (ZDNet) New "Agent Smith" malware operation is preparing to invade the Google Play Store.
25 Million Infected Devices: Check Point Research Discovers New Variant of Mobile Malware (Yahoo) Check Point Research, the Threat Intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber.
New malware 'Agent Smith' infects 15 million mobile devices in India (ETCIO.com) The malware exploits known Android vulnerabilities and automatically replaces installed apps with malicious versions without users’ knowledge or ..
Russia’s Kaspersky Lab Finds Says Notorious 'FinSpy' Malware Can Read Secret Chats (Forbes) U.K.-based Gamma Group's notorious surveillance program FinSpy is spreading.
Report: 7 million student records exposed by K12.com (Comparitech) We uncovered a K12.com data exposure involving almost 7 million student records. Find out about the data leak and its implications.
Hardcoded Credentials in Uniguest Kiosk Software lead to API Compromise (Trustwave) If you've traveled at all within North America, you've likely at some point noticed or even used the shared kiosk machines available in hotel lobbies.
Rogue Android apps ignore your permissions (Naked Security) New research has revealed that apps are snooping on data such as location and unique ID number – even when users haven’t given permission.
Hackers Infect Pale Moon Archive Server With a Malware Dropper (BleepingComputer) The Pale Moon web browser team announced today that their Windows archive servers were breached an the hackers infected all archived installers of Pale Moon 27.6.2 and below with a malware dropper on December 27, 2017.
DataVisor Fraud Index Report: Q2 2019 (DataVisor) DataVisor’s Q2 2019 Fraud Index Report contains the very latest and most actionable insights about where the fraud risks are, and what you can do about them.
Border officials not told of massive surveillance breach until three weeks after subcontractor was first alerted (Washington Post) The breach has fueled worries over the government’s mass gathering of data on the American public.
Hacked Border Surveillance Firm Wants To Profile Drivers, Passengers, and Their “Likely Trip Purpose” In New York City (The Intercept) Using a network of cameras, Perceptics wants to collect congestion pricing tolls — and to infer things about drivers, alarming privacy advocates.
Vulnerable GE anesthesia machines can be manipulated by attackers (Help Net Security) A vulnerability affecting anesthesia and respiratory devices manufactured by GE Healthcare could allow attackers to manipulate the devices' settings.
Arlington Investigating Cyber Attack on County Payroll System (ARLnow.com) (Updated at 5:20 p.m.) Arlington County has revealed a cyber attack that penetrated the county's payroll system. In a statement, the county says a number of employees were impacted by the intrusion, but did not specify the exact number or impacts. The intrusion appears to be the result of a “phishing” email targeting county employees and not a hack, the press release suggests.
Councilor Hugh Dunn Demands Answers from Mayor on Cyber Attack (1420 WBSM) City Councilor Hugh Dunn penned a letter to Mayor Jon Mitchell requesting transparency on the attack, while also expressing concern about the lack of an update.
Ransomware Attacks Create Dilemma For Cities: Pay Up Or Resist? (NPR.org) Several cities around the country have had their computer networks taken over by hackers and held for ransom. Paying up resolves the problem quickly, but could encourage more of the extortion.
Phishing-as-a-Service: Turn-key Phishing Kits - Hashed Out by The SSL Store™ (Hashed Out by The SSL Store™) Cyren reports finding over 5,334 unique phishing kits just this year Historically, phishing – like most cybercrimes – has had a technical barrier to entry. As in, you needed to...
Security Patches, Mitigations, and Software Updates
Apple has pushed a silent Mac update to remove hidden Zoom web server (TechCrunch) Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission. The Cupertino, Calif.-based tech giant told TechCrunch that the update — now rel…
Apple disables Walkie Talkie app due to vulnerability that could allow iPhone eavesdropping (TechCrunch) Apple has disabled the Apple Watch Walkie Talkie app due to an unspecified vulnerability that could allow a person to listen to another customer’s iPhone without consent, the company told TechCrunch this evening. Apple has apologized for the bug and for the inconvenience of being unable to use the …
AT&T says it will automatically block robocalls "in the coming months" (The Verge) It’s the first major carrier to automatically block robocalls.
Cyber Trends
Risks and Riptides Survey – Summer’s Impact on Enterprise Security (Lastline) Our summer security survey uncovered three areas of impact on enterprise security: threat activity by cybercriminals, increased employee exposure and vulnerability, and how security teams respond in order to keep their organizations protected.
AI cyberattacks: Humans attackers are the real threat (Verdict) We often fear that eventually AI will rise against us. But when it comes to AI cyberattacks, the AI should fear humans – not the other way round.
State of Healthcare Security in 2019 (Bugcrowd) As the healthcare industry continues to move into the digital age, each new technology that provides value to patients, organizations, and caregivers also bring
Executives’ Changing Views on Cybersecurity (Radware) What does the shift in how cybersecurity is viewed by senior executives within organizations mean? To find out, Radware surveyed more than 260 executives worldwide and discovered that cybersecurity has moved well beyond the domain of the IT department and is now the direct responsibility of senior executives. Security as a Business Driver The protection The post Executives’ Changing Views on Cybersecurity appeared first on Radware Blog.
China rises ahead of New Zealand, Sweden in cybersecurity, UN body says (TechNode) Rankings assess progress in the legal, technical, and organizational aspects of cybersecurity.
Examine cyber exposures of vendor law firms: Report (Business Insurance) Companies are not paying enough attention to the cyber vulnerabilities that stem from their legal vendors, warns a report.
Survey: Canadians Confident in Protecting Their Data, But Feel Cybersecurity Education Is Lacking (Yahoo) A new online survey from Palo Alto Networks (PANW), the global cybersecurity leader, and YouGov reveals that two-thirds of Canadians (66%) apply the same management of security across all of their personal devices (e.g., PCs, laptops, smartphones, tablets), and
Marketplace
ZTE launches Brussels cybersecurity lab as a transparency play | ZDNet (ZDNet) The lab's main purpose will be to allow regulators and potential clients to perform black box and penetration testing, as well as review its source code and documents.
CLO Managers, BlackRock Lend to Hacker Faulted by Rights Groups (Bloomberg) MJX, Zais Group also bought chunks of NSO buyout debt. NSO’s software allegedly used by Saudis to spy on dissidents.
Mozilla blocks UAE bid to become an internet security guardian... (Reuters) Firefox browser maker Mozilla is blocking the United Arab Emirates' governm...
Mozilla vs DarkMatter: The Cyber Espionage End Game (Safehaven) Firefox browser maker Mozilla is blocking the United Arab Emirates’ government from serving as one of its internet security gatekeepers
McAfee Readies Return to Public Markets (Wall Street Journal) Cybersecurity-software company McAfee is planning to return to the public markets, joining a record rush of IPOs.
TrustArc raises $70 million to help companies implement privacy and compliance programs (VentureBeat) TrustArc, a San Francisco-based provider of compliance solutions for enterprises, has raised $70 million in venture capital.
OneTrust raises $200M at a $1.3B valuation to help organizations navigate online privacy rules (TechCrunch) GDPR, and the newer California Consumer Privacy Act, have given a legal bite to ongoing developments in online privacy and data protection: it’s always good practice for companies with an online presence to take measures to safeguard people’s data, but now failing to do so can land them…
IBM closes $34B Red Hat acquisition (Intelligence Community News) IBM of Armonk, NY and Raleigh, NC-based Red Hat announced on July 9 that they have closed the transaction under which IBM acquired all of the issued and outstanding common shares of Red Hat for $19…
EUROPE : European funds promise to boost French cyber startups (Intelligence Online) A number of Paris and Luxemburg-based investment firms have raised capital to invest in cyber-defence and articifial intelligence recently but for the moment French firms are still struggling to
Illumio Increases Global Customer Adoption by 80 Percent and Expands Leadership Team with new CMO (Illumio) Illumio Increases Global Customer Adoption by 80 Percent and Expands Leadership Team with new CMO
ReversingLabs Appoints Angiras Koorapaty as CFO and Tyson Whitten as VP Global Marketing to Support Company’s Continued Growth (West) ReversingLabs capitalizes on emerging security trends in support of customer acquisition and revenue goals with two management hires
Thales' U.S. arm adds three new board members (InsideDefense.com) The U.S. defense and security arm of Thales said today it has appointed three new board members to "enhance the defense and security reach of Thales in the U.S. and abroad."
Lastline Continues to Accelerate Channel Growth with Addition of Industry Veteran Jarrett Miller as VP of Global Channel Sales (Yahoo) Lastline®, the leader in network threat detection and response, today announced that it has named Jarrett Miller as VP of Global Channel Sales, responsible for leading Lastline's global channel program. Jarrett is tasked with expanding and enhancing
MobileIron Names Jeroen Nooijen Vice President of Sales for Asia Pacific and Japan (Yahoo) MobileIron (MOBL), the company to introduce the industry’s first mobile-centric, zero trust enterprise security platform, today announced the appointment of Jeroen Nooijen as Vice President of Sales for Asia Pacific and Japan. Based in Singapore, Jeroen is responsible for MobileIron’s go-to-market and
Dragos Appoints CrowdStrike Co-founder and CTO Dmitri Alperovitch to Board of Directors (Yahoo) Dragos, Inc., provider of the industry’s most trusted asset identification, threat detection and response platform and services for industrial systems, today announced that Dmitri Alperovitch, co-founder and CTO of CrowdStrike Inc., the leader in cloud-delivered endpoint protection, has joined the Dragos
Products, Services, and Solutions
ThreatConnect Now Supports the MITRE ATT&CK Framework (BusinessWire) ThreatConnect®, provider of the industry’s only intelligence-driven security operations platform today announces the support of the MITRE ATT&CK™
The EU Cybersecurity Act: what is it and what does it mean for Europe? (GlobalPlatform) The standard for secure digital services and devices
Pradeo Streamlines Mobile Threat Intelligence With a Brand-new Line of Services for Security Professionals (BusinessWire) Pradeo’s new threat intelligence line provides deep and accurate insights on mobile threats, enabling effective counter-threat responses.
Exostar Helps DoD Suppliers Mitigate Risk and Ease Compliance Burden with New Policy Management Solution (Yahoo) Exostar PolicyProTM Automates Development and Evaluation of Security Policies to Facilitate Compliance with NIST 800-171 and Similar Standards
Radware Signs Multi-Million Dollar Deal for Hybrid Cloud DDoS Protection With Global Leading SaaS Provider (West) Radware® (NASDAQ: RDWR), a leading provider of cyber security and application delivery solutions, today announced that it signed a three-year, multi-million dollar hybrid cloud DDoS protection deal with a global enterprise SaaS provider.
Chiron Technology Services, Inc. Awarded $60M/Five-Year Prime Contract to Provide Technical Cybersecurity Course Delivery Services For The Department of Defense (PR Newswire) Chiron Technology Services, Inc., an international provider of advanced cybersecurity training and services for...
BlackBerry launches managed detection and response offering CylanceGUARD (CrackBerry.com) Since acquiring Cylance last year, BlackBerry has continued to introduce new offerings under the BlackBerry Cylance banner, and now, they have announced a 24x7 managed detection and response solution called CylanceGUARD.
Technologies, Techniques, and Standards
Malicious social media bots tried, but failed, to diminish NATO during its 2018 exercise (Cylab) Malicious social media bots tried, but failed, to diminish NATO during its 2018 exercise - CyLab Security and Privacy Institute
Whitehats use DoS attack to score key victory against ransomware crooks (Ars Technica) Victory is anything but decisive, as crooks live to fight another day.
What blockchain can and can't do for security (CSO Online) Blockchain expert Rosa Shores agrees: Unless you have a data integrity problem, blockchain won't fix it. Try a distributed ledger instead.
CERES Forum Marks One-Year Anniversary With 10th Country Addition (Vietnam News) The CERES (CEntral banks, REgulators and Supervisory Entities) Forum, established through the Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry consortium dedicated to reducing cyber-risk in the global financial system, announced today that it has grown its membership to 11 members in 10 countries from Africa, Asia, Europe, North and South America.
Discovering and fingerprinting BACnet devices (Help Net Security) BACnet is a communication protocol deployed for building automation and control networks. The most widely accepted networks include Internet Protocol
The Router's Obstacle-Strewn Route to Home IoT Security (LinuxInsider) It is newly minted conventional wisdom that not a single information security conference goes by without a presentation about the abysmal state of IoT security. While this is a boon for researchers looking to make a name for themselves, this sorry state of affairs is definitely not beneficial for anyone who owns a connected device. IoT device owners aren't the only ones fed up, though.
Put Those Cloud Security Objections to Rest (BankInfo Security) In the wake of digital transformation, there remain some organizations that - for security reasons - resist the temptation to move to the cloud. What are their
Building a threat intelligence framework: Here's how (SearchSecurity) Building a threat intelligence framework isn't easy, but having a robust cyber threat intelligence foundation is critical to companies looking for ways to secure their data. A researcher with AT&T's cybersecurity unit explains what companies should do.
The New Threat Intelligence (BankInfo Security) Threat intelligence programs have evolved greatly over the past decade. But Mario Vuksan, CEO of ReversingLabs, says too many organizations are overlooking the
Threat Intelligence: Why Sharing Is Difficult (BankInfo Security) Cyber adversaries are resilient and move quickly, so it'st critical that organizations share threat intelligence in an automated way, says Shawn Henry of
Podcast: What the Next Generation of Bug Bounty Looks Like (Threatpost) Threatpost catches up with David Baker, the chief security officer at Bugcrowd, about the future of bug bounty programs.
Design and Innovation
As-A-Service Technology Models Can Help the Military, U.K. Report Claims (SIGNAL Magazine) Digital platforms give users access to advanced commercial computing tools, which can improve readiness.
Instagram asks bullies, ‘Are you sure you want to say that?’ (Naked Security) A new anti-bullying feature uses AI to recognize mean words in comments and warns users before they post them.
Opinion | Google’s 4,000-Word Privacy Policy Is a Secret History of the Internet (New York Times) How a nascent search engine became a tech behemoth, one edit at a time.
There’s a big problem with Facebook’s Libra cryptocurrency (Ars Technica) "I don't understand how this is possible," an expert said of Facebook's approach.
AT&T’s robocall-blocking expansion won’t block spam calls unless you pay extra (Ars Technica) With free version, you get "personal block list" instead of automatic blocking.
Will “Sign in With Apple” Revolutionize Digital Identity? (Infosecurity Magazine) The Apple credit card may be the first step in entering the identity space
Research and Development
Scientists developing self-organizing migration of services with sovereignty over proprietary data (Help Net Security) Developing the self-organizing migration of services is the core idea of the team headed by Magdeburg project leader, Professor Dr. Mesut Güne.
Academia
Wicked6 Cyber Games Finalists Announced (Wicked6 Cyber Games) The Women’s Society of Cyberjutsu announces the finalists in the Wicked6 Cyber Games, a unique cybersecurity exhibition and fundraiser to be held at HyperX Esports Arena Las Vegas at the Luxor Hotel and Casino on August 8, 2019, followed by the 6th Annual Cyberjutsu Awards Reception.
Virginia Tech launches U.S. Cyber Range to support cybersecurity education nationwide (Virginia Tech News) After three years of providing infrastructure and courseware for cybersecurity students and faculty in Virginia's high schools and colleges through the Virginia Cyber Range, Virginia Tech is launching the U.S. Cyber Range to provide this service nationwide.
Monash Uni deploys MFA after Iran attacks targeting universities (iTnews) Enrols 130,000 users in multi-factor authentication.
UTSA Taps Former Military Commander to Lead Cyber Hub (Rivard Report) @UTSA has tapped a former military commander to lead its National Security Collaboration Center, as the university aims to build the city's cybersecurity ecosystem.
Legislation, Policy, and Regulation
What Clausewitz Can Teach Us About War on Social Media (Foreign Affairs) Clausewitz would have understood the weaponization of social media.
Can a U.N. Report Help Rein in Expansive and Abusive Digital Surveillance? (World Politics Review) The private surveillance industry has skyrocketed, with mainly Western companies selling sophisticated technologies to governments and intelligence services worldwide. In a recent, scathing report, the U.N. special rapporteur on freedom of opinion and expression called for “an immediate moratorium.”
Why Blacklisting Huawei Could Backfire (Foreign Affairs) China has overcome technological blockades before.
The Right Way to Deal With Huawei (Foreign Affairs) The United States needs to compete with Chinese firms, not just ban them.
U.S. to approve sales it deems safe to blacklisted Huawei (Reuters) The U.S. government will issue licenses to companies seeking to sell goods to Ch...
Trump used 'innuendo and assumption' to claim that Huawei is a security risk, says Yale's Stephen Roach (CNBC) Washington had alleged that products by Chinese technology giant Huawei could be used by Beijing for espionage.
White House objects to new cyber proposal from Congress (Fifth Domain) The White House has reservations about disclosing when it delegates cyber authorities to the Secretary of Defense.
Top intelligence, homeland and cyber officials brief Congress on election security (Washington Post) The briefing came as Republicans and Democrats are at odds over next steps and ahead of Robert Mueller’s testimony on Russian interference in the 2016 elections.
U.S. Government Officials Participate in Congressional Briefings on Election Security (Office of the Director of National Intelligence) Director of National Intelligence Daniel R. Coats, Acting Secretary of Homeland Security Kevin K. McAleenan, Federal Bureau of Investigation Director Christopher A. Wray, U.S. Cyber Command Commander and National Security Agency Director Gen. Paul M. Nakasone...
Marketers, leave them kids alone! Why it's time to rein in the prying data mafia (ET Prime) Imagine someone sitting in a remote country, knowing exactly what your child looks like and how he or she will behave under certain circumstances. Scary? But it’s a possibility. Today’s children are a powerful consumer group and are closely monitored by data aggregators. The worst part: there is zero regulation to protect them from this notoriously leaky data bucket.
Daily Briefing: French tech tax adds to global trade tensions (Reuters) A new battle may be starting in the multi-fronted global trade war with Donald T...
Online property portals fear future hit from digital services tax (The Telegraph) Property websites have joined tech giants in voicing fears over Philip Hammond's plans for a digital services tax, amid expectations they will be dragged into paying the controversial levy.
US threatens tariffs on French imports in retaliation against ‘tech tax’ - and UK could be next (The Telegraph) Donald Trump has ordered an investigation into French plans for a “tech tax” on internet companies that could see the US impose retaliatory tariffs on French imports.
Navy to nominate three-star for CNO (Defense News) The Secretary of the Navy will nominate the former head of Fleet Cyber Command to be the next chief of naval operations.
New energy-sector reporting requirements could shed light on emerging threats, or tread old ground (Inside Cybersecurity) Expanding cyber reporting requirements for the energy sector could reinforce regulators' reputation for fostering paperwork rather than security outcomes, according to a former Federal Energy Regulatory Commission official, but current government officials say the move will provide valuable insight into emerging threats across the ecosystem.
Litigation, Investigation, and Law Enforcement
UK Security Breach Fines Should Be a Wake-Up Call for Big Business (PCMAG) British Airways and Marriott say they are 'disappointed' by fines imposed by UK regulators for massive security breaches. But what else is going to wake them up? Money talks, and in a post-GDPR world, private companies with lackluster security might finally be listening.
Email scam nets $3 million in top-secret military gear (Quartz) Some of the items are so highly classified, "even a photograph is considered controlled."
Drunz Search Warrant (SCRIBD) In the matter of the search of the Apple iCloud account, records, and information associated with the email addresses...
Silicon Valley Spy Case Links ZTE, PLA to Stolen US Technology (Washington Free Beacon) China's major telecommunications firm ZTE was offered stolen American wireless technology used in filtering electronic signals from cell phones
Kaspersky gets into the security systems of INTERPOL despite US concerns (Data Economy) The Trump government sought to ban Kaspersky before it paid even more attention to Huawei, but INTERPOL certainly doesn't seem to be bothered about those security shouts.
FSB internal investigation dept staff suspected of complicity in a forcible takeover of a bank (Crime Russia) According to sources in the security forces, a background check is being conducted regarding large group of FSB officers and special forces soldiers.
Prenda Law porn-troll saga ends with prison for founder (Ars Technica) Disbarred former lawyer John Steele said he made "stupid decisions."