Cyber Attacks, Threats, and Vulnerabilities
Symantec reveals WhatsApp and Telegram exploit that gives hackers access to your personal media (VentureBeat) Cybersecurity firm Symantec found an exploit that could allow WhatsApp and Telegram media files to be exposed and manipulated by malicious actors.
Intel officials warn of China’s growing threat to American tech secrets (C4ISRNET) While concerns over Huawei's involvement in 5G get a lot of attention, intelligence officials warn that China's efforts to steal American intellectual property go much farther, encompassing artificial intelligence, agriculture and more.
Alleged Iranian hacker who aided cyber espionage attacks on the US unmasked (Fox News) For years, “Mr. Tekide” has been well-known as a red flag within international cybersecurity communities. The alias has managed to evade being publicly identified despite being deemed a top malware developer and hacker whose crypters – which are used to conceal malware in an attack – have been used in cyber espionage attacks on the United States and broader West, as well as Sunni Arab countries and Israel.
Brazil is at the forefront of a new type of router attack (ZDNet) Avast: More than 180,000 routers in Brazil had their DNS settings changed in Q1 2019.
Attacks in Turkey Used Excel Formula Injection (Infosecurity Magazine) Malicious spam attacks on Turkish organizations flew under the radar.
Bitpoint Exchange Hacked for $32 Million in Cryptocurrency (CoinDesk) Bitpoint, a licensed cryptocurrency exchange based in Japan, has had $32 million-worth of crypto assets stolen from the platform.
Phishing kits are licensed, managed and pirated like any other legitimate software (CyberScoop) Spearphishing schemes are pulling on practices from legitimate software companies in order to enhance the efficiency and distribution of their scams, according to new research published Wednesday.
The Evolution of a Russian Troll (Foreign Policy) Alexander Malkevich, whose employees were detained in Libya, is part of Moscow’s efforts to create a “concert of chaos” around the globe.
Kamala Harris Rips Russian Bots For Kaepernick Furor, Says They're Coming For Her (HuffPost) And Russian interference in the 2020 election could be even worse than the last time, she warns.
Japanese Exchange Bitpoint Hit By $32m Cyber-Attack (Infosecurity Magazine) Japanese Exchange Bitpoint Hit By $32m Cyber-Attack. Firm suspends services after notifying authorities
Dr.Web — innovative anti-virus technologies. Comprehensive protection from Internet threats. (Dr.Web) Doctor Web is a Russian IT-security solutions vendor developing Dr.Web anti-virus for businesses and personal use, as well as anti-virus as a service since 1992.
Agent Smith malware targets android apps; remove these 16 apps immediately (International Business Times) If you are an Android user then you should know that it is vulnerable to malware attacks, which can cause serious data theft. Recently a new malware called 'Agent Smith' is targeting android phones to bombard with advertisements.
New TrickBot Attack May Have Compromised 250 Million Email Addresses (Digital Trends) TrickBot returns with a new attack that teams up the malware with an email-based infection and distribution module dubbed TrickBooster. An investigation into TrickBooster's servers discovered a database with 250 million compromised email accounts, including from US government departments.
Hey, Google, why are your contractors listening to me? (Naked Security) Humans are listening to our recordings – some made by mistake – to improve speech recognition. But they’re not as anonymous as Google says.
Google defends letting human workers listen to Assistant voice conversations (The Verge) The public is waking up to the compromises of using AI assistants
China’s low-profile forensics champion caught in data privacy storm (South China Morning Post) Fujian-based digital forensics and information security specialist is believed to be linked to spy app used by Chinese police to extract data from citizens’ smartphones.
AP Exclusive: New election systems use vulnerable software (AP NEWS) Pennsylvania's message was clear: The state was taking a big step to keep its elections from being hacked in 2020. Last April, its top election official told counties they had to...
New Election Systems Found to Use Vulnerable, Outdated Software (Time) The vast majority of 10,000 election jurisdictions nationwide use Windows 7 or an older operating system
Syracuse schools’ cyber attack is ransomware (Syracuse.com) The district is facing a six-figure ransom in order to retain control of its computer system.
New Bedford: public release of info on cyber attack could put city at further risk (South Coast Today) Cyber professionals have "strongly advised" the city against providing any details about the impacts of a computer virus
Argentina, Uruguay, Paraguay suffer massive power blackout (Deutsche Welle) A massive power grid failure left all of Argentina and parts of Uruguay and Paraguay without electricity, affecting around 50 million people. Power was mostly restored by evening.
NYC blackout 'not a cyber attack': mayor (Reuters) As officials seek answers for a five-hour blackout in New York's Manhattan, the city's mayor says the power outage was not a cyber attack or an act of terrorism. Rough Cut (no reporter narration).
12 top cloud security threats: The dirty dozen (CSO Online) More data and applications are moving to the cloud, which creates unique infosecurity challenges. Here are the "Treacherous 12," the top security threats organizations face when using cloud services.
6 ways malware can bypass endpoint protection (CSO Online) Breaches from attacks that defeat or run around endpoint protection measures are on the rise. Here's how attackers do it.
Security Patches, Mitigations, and Software Updates
Citrix plugs critical Citrix SD-WAN flaws, patch ASAP! (Help Net Security) Researchers have found critical vulnerabilities in Citrix SD-WAN and are urging administrators to patch them as soon as possible.
Cyber Trends
APT Groups Make Quadruple What They Spend on Attack Tools (Dark Reading) Some advanced persistent threat actors can spend north of $1 million on attacks, but the return on that investment can be huge.
Persistent Threats Can Last Inside SMB Networks for Years (Dark Reading) The average dwell time for riskware can be as much as 869 days.
In an online world, we could forget everything (Times) An unpretentious rom-com lured me into a labyrinth of historical reflection, mild technophobia and tentative neuroscience. Yesterday is directed by Danny Boyle and written by Richard Curtis (with...
Don’t blame flawed Silicon Valley for the rot of Wall Street and Washington (TechCrunch) The techlash is well underway. Blame Facebook! Blame Google! Blame Amazon! (Apple and Microsoft still seem relatively immune, for now.) And, I mean, there’s a lot of objectively blameworthy behavior there, especially in that first case. But I find myself wondering: why does the ire go beyond …
The CIO and CFO rarely agree on digital strategy (Computing) Less than a quarter of business leaders say that the CIO and CFO are aligned on the approach to digital transformation
Marketplace
Huawei Plans Extensive Layoffs in the U.S. (Wall Street Journal) Huawei Technologies is planning extensive job cuts at its U.S. operations as the Chinese technology giant continues to struggle with its American blacklisting.
Middle East Dictators Buy Spy Tech From Company Linked to IBM and Google (The Intercept) Iran and Syria are the only countries in the region where Semptian would refuse to sell its surveillance tools, an employee said.
enSilo Unveils Advanced Platform Capabilities, Announces Strong Growth and New Investment (PR Newswire) enSilo, the company protecting businesses around the world from data breaches and disruption caused by cyber...
OurPact returns to App Store, reviving debates about Apple’s impartiality (Ars Technica) What OurPact's return means for similar apps, iOS security, and antitrust cases against Apple.
The Czech Cyber Billionaire Who Built A Fortune On Free Software (Forbes) Pavel Baudis built a massive software company out of Czech communism's ashes. It's made him a billionaire and protected millions from cybercriminals.
Products, Services, and Solutions
New infosec products of the week: July 12, 2019 (Help Net Security) New infosec prodcuts of the week feature interesting releases from the following vendors: Barracuda, Pradeo, Exostar and Corsa Security.
Nucleus Cyber Integrates with Microsoft Information Protection (MIP) t (PRWeb) Nucleus Cyber, the intelligent data-centric security company for the modern workplace, today at Microsoft Inspire in Las Vegas announced its NC Protect solution now u
How Alphabet security moonshot Chronicle fits in at Google Cloud (ComputerworldUK) In late June this year, Google parent company Alphabet announced that Chronicle - the 'moonshot' spinout that became a standalone security company - would be folded into Google Cloud. Here's what it promises to bring to customers
BlackBerry juices up threat hunting software (ComputerWeekly) Things changed at BlackBerry, more than once, to be fair. The company that used to be known as Research in Motion (RIM) decided to drop the somewhat incongruous name and some bright spark in ...
Technologies, Techniques, and Standards
GDPR One Year Anniversary: A Risk-Based approach to GDPR is key for achieving compliance (Gemalto blog) Data protection has become a global hot topic since the General Data Protection Regulation (GDPR) took effect on May 25th last year.
“Five Eyes” Nations Finish Large-Scale Cyber Exercise (Air Force Magazine) Military personnel from the US and the other “Five Eyes” intelligence-sharing partner nations came together for a large-scale exercise focused on preparing for cyberattacks and keeping adversaries out of critical infrastructure.
U.S. Companies Learn to Defend Themselves in Cyberspace (Wall Street Journal) By deploying dozens of specialized defense tools against hostile hackers, “cyber-resilient” firms are minimizing their digital risk.
Thycotic expert on achieving maturity in privileged access security (Intelligent CIO Europe) Joseph Carson, Chief Security Scientist and Advisory CISO, Thycotic, explores how organisations can develop more advanced strategies for protecting privileged
How To Clear Out Your Zombie Apps and Online Accounts (WIRED) All those services you signed up for but forgot about? They're a security risk. Here's how to get rid of them.
To slow down cyber attacks, know what you have and deceive them (Federal News Network) Craig Harber, the CTO for Fidelis Cybersecurity, said there are several steps agencies can take to reduce their risks.
As FTC cracks down, data ethics is now a strategic business weapon (TechCrunch) $5 billion. That’s the apparent size of Facebook’s latest fine for violating data privacy. While many believe the sum is a slap on the wrist, it’s still the largest amount the FTC has ever levied on a tech company.
Design and Innovation
The Toxic Potential of YouTube’s Feedback Loop (WIRED) Opinion: I worked on AI for YouTube’s "recommended for you" feature. We underestimated how the algorithms could go terribly wrong.
German banks to stop using SMS to deliver second authentication/verification factor (Help Net Security) German banks are moving away from SMS-based customer authentication and transaction verification (SMS-TAN), as the method is deemed to be too insecure.
Research and Development
DARPA demonstrates warfighting force with artificial intelligence as a true partner (Defence Blog) The Defense Advanced Research Projects Agency, commonly known as DARPA, has provided details of the program that highlights manned-unmanned teaming to enhance capabilities for ground units, giving …
Peter Cochrane: Much of what we're told about quantum computing is nonsense (Computing) Articles and presentations on quantum computing are often completely wrong, warns Professor Peter Cochrane
On the Viability of Conspiratorial Beliefs (Plos One) Conspiratorial ideation is the tendency of individuals to believe that events and power relations are secretly manipulated by certain clandestine groups and organisations. Many of these ostensibly explanatory conjectures are non-falsifiable, lacking in evidence or demonstrably false, yet public acceptance remains high.
Academia
Danville Community College team participates in Virginia Cyber Cup Competition (GoDanRiver.com) Special to the Register & Bee
Legislation, Policy, and Regulation
Microsoft Office 365: Banned in German schools over privacy fears (ZDNet) State of Hesse says student and teacher information could be "exposed" to US spy agencies.
The Shifting Dynamics of Britain's National Security Threats (Global Security Review) With the advent of the twenty-first century came differing classifications of national security threats and a shifting order of strategic preeminence. The risk of extremism and consistent alienation of citizens in European countries have both expanded and diversified. Some European Union member states in the EU require security sector reforms and the replacement of old …
'Hybrid war': Army Chief Bipin Rawat talks about future wars - Here’s what India is planning (Times Now News) The nature of modern-day warfare has shifted from physical to virtual and with the increase in state-sponsored cyber-attacks India has taken concrete steps to secure its interests.
Trump is rattling sabers in cyberspace — but is the U.S. ready? (POLITICO) While cyber defenses are improving, some experts worry about how the U.S. would recover from an even larger strike.
How should the US respond to ‘gray zone’ activity? Here are three options (Defense News) A Center for Strategic and International Studies report lays out a campaign plan to respond to
House votes to curb Trump’s war powers, challenging Senate to act (Defense News) The House has passed legislation with limits on President Donald Trump’s ability to strike Iran without the consent of Congress.
Are Congress and the White House on a collision course in cyber? (Fifth Domain) The Trump administration has ignored Congress's request to see documents governing cyber operations.
Huawei calls on US to lift export restrictions (AP NEWS) The chairman of Huawei said Friday the Chinese tech giant has yet to see any benefit from President Donald Trump's promise to allow U.S. companies to sell some components to...
Why Canada Must Protect its 5G Networks from Huawei (The National Interest) Canadians deserve to reap the benefits of next generation technology, but not at the cost of its national security.
Regulators pressed on Chinese gear in energy supply chain (FCW) A House panel grilled energy regulators about the presence of Huawei and ZTE gear in power providers' operations.
Army chief Milley strongly backs 'dual hat' role at Cyber Command (FCW) Army Chief of Staff Gen. Mark Milley testified during his confirmation hearing that filling DOD's leadership vacancies was essential to the 'effectiveness and efficiency of the department.'
Are more robust cyber partnerships on the horizon? (Fifth Domain) Joint Chiefs nominee Gen. Mark Milley expressed the need to partner with U.S. agencies and the private sector to protect and reinforce U.S. capabilities.
Policy Brief: Principles for Responsible Data Handling (Internet Society) Introduction More and more of our activities generate data which is collected and used in ways we don’t see and can’t control. While the data is used for analytics and targeted advertising that can potentially improve services enhance our experience as consumers or public service users, its use can also undermine privacy, autonomy, and trust …
If 5G Networking Is a U.S. Intel Priority, Should It Receive U.S. Intel Funding? (Breitbart) David P. Goldman, China policy expert and frequent guest on Breitbart News Tonight, offered what he described as a “modest proposal” in an article published Thursday at PJ Media: If 5G wireless is so clearly a concern for U.S. intelligence, a portion of the intelligence budget should be invested in creating an American competitor to China’s dominant Huawei corporation.
Right-wingers say Twitter’s “bias” against them should be illegal (Ars Technica) Conservatives are split on whether section 230 harms or preserves free speech.
The new way data will be managed in federal agencies (Federal Times) New Office of Management and Budget guidance directs a new data management structure within agencies.
State lacks basic cyber hygiene (Longview Daily News) Imagine a customer service survey composed of a series of questions and circles to fill in according to your level of response: A circle left blank means "Poor." A half-darkened
Military Discipline in the Social Media Age: How the New Top Marine Plans to Lead (Military.com) Policing social media use for the military's youngest force is a hefty mission.
Litigation, Investigation, and Law Enforcement
Police chase leaker as diplomatic row dominates final Tory leadership TV tussle (Times) Counterterrorism officers are investigating the leak of comments by the British ambassador about President Trump. The decision to call in the Metropolitan Police after Whitehall spent a week...
FTC Approves Roughly $5 Billion Facebook Settlement (Wall Street Journal) The Federal Trade Commission voted this week to approve a roughly $5 billion settlement with Facebook over a long-running probe into the tech giant’s privacy missteps, according to a person familiar with the matter.
FTC votes to approve $5 billion settlement with Facebook in privacy probe (Washington Post) The Federal Trade Commission voted to approve a roughly $5 billion settlement with Facebook ending an investigation into its privacy practices, according to a source familiar with the matter but not authorized to speak on the record, a deal that could result in unprecedented federal oversight of the company.
Facebook Set For Record $5bn FTC Fine (Infosecurity Magazine) Facebook Set For Record $5bn FTC Fine. Social network penalized after Cambridge Analytica scandal
Facebook’s $5 billion FTC fine is an embarrassing joke (The Verge) Facebook gets away with it again
Why BA and Marriott were hit with massive GDPR fines - and how you can avoid one (Computing) Coffin Mew's Guy Cartwright explains why BA and Marriott have hit with big GDPR fines - and what you can do to minimise yours if the worst comes to the worst
Special counsel Mueller's testimony delayed until July 24 (KLEW) WASHINGTON (AP) — Special counsel Robert Mueller's testimony to Congress has been delayed until July 24 under an agreement that gives lawmakers more time to question him. Mueller had been scheduled to testify July 17 before two house committees about the findings of his Russia investigation. But lawmakers in both parties complained that the short length of the hearings would not allow enough time for all members to ask questions.
Revealed: This Is Palantir’s Top-Secret User Manual for Cops (Vice) Motherboard obtained a Palantir user manual through a public records request, and it gives unprecedented insight into how the company logs and tracks individuals.
Lawsuit claims FedEx misled investors after cyber attack (WMCA) A lawsuit claims FedEx violated federal securities laws after a cyber attack.
China Arrests Another Canadian, Adding to Diplomatic Tensions (New York Times) The person was detained last week, Ottawa said, around the same time as 16 foreign students and teachers were held on drug charges elsewhere in China.
Blah blah Blaha: Slovak infosec firm ESET sues politico who called them 'outrageous fascists' (Register) He also said they're working with the CIA
Cyber virus at Strafford County becomes criminal probe (Union Leader) A virus that infected Strafford County computers last month has turned into a criminal investigation and moved a U.S. senator to demand more answers.
Heather Mills Gets An Apology and ‘Substantial’ Settlement in Spyware Case (Threatpost) Rupert Murdoch's News Group has agreed to pay damages to Paul McCartney's ex as part of the massive phone-hacking scandal by UK tabloids.