Cyber Attacks, Threats, and Vulnerabilities
Massive power outage once again leaves most of Venezuela in the dark (The Week) Venezuela has once again been plunged into darkness, with a massive blackout leaving most of the country without electricity.
Venezuelan government alleges 'electromagnetic attack' as blackout hits country (ABC News) Citizens on the streets of Venezuela's capital city scrambled to find transportation home as a new blackout surprised the country Tuesday.
While different states have suffered from blackouts over the past few months, this is the first one to affect the entire country since March.
The streets of...
Widespread blackout hits Venezuela, government blames 'electromagnetic attack' (CNBC) More than half of Venezuela's 23 states lost power on Monday, according to Reuters witnesses and reports on social media, a blackout the government blamed on an "electromagnetic attack."
Venezuelan government blames 'electromagnetic attack' for nationwide blackout (CNN) Venezuela is facing its fourth nationwide blackout this year, which officials are blaming on a hostile "electromagnetic attack."
Cyber threats from the US and Russia are now focusing on civilian infrastructure (TechCrunch) Cyber-confrontation between the U.S. and Russia is increasingly turning to critical civilian infrastructure, particularly power grids, judging from recent press reports.
Hackers Exploit Recent WordPress Plugin Bugs for Malvertising (BleepingComputer) An ongoing malvertising campaign is targeting an unauthenticated stored cross-site scripting (XSS) vulnerability in the Coming Soon Page & Maintenance Mode WordPress plugin according to Wordfence's Defiant Threat Intelligence team.
How Account Takeover Botnets Outsmart Traditional Security Controls | Imperva (Imperva) Account Takeover (ATO) describes when an online account is accessed and/ or used by someone other than its legitimate owner, usually for malicious purposes. Account Takeover attacks happen when an attacker is trying to get unauthorized access to an account or when the account has already been compromised and the attacker uses the account for …
How Cybercriminals Break into the Microsoft Cloud (Dark Reading) Microsoft and Trimarc researchers explore the most common attacks against the cloud and effective defenses and mitigation.
2.3 Billion Files Exposed Online: The Root Causes (BankInfo Security) Misconfigured file storage technologies and a lack of basic security controls are the root causes for the inadvertent online exposure of 2.3 billion files worldwide
Vulnerability Summary for the Week of July 15, 2019 (CISA) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.
A Deep Dive Into IcedID Malware: Part III - Analysis of Child Processes - Security Boulevard (Security Boulevard) In Part II of this blog series, we identified three child processes that were created by the IcedID malware. In Part III, we provide a deep analysis of those child processes.
Scammers Impersonating IRS, TSP Next? (FEDweek) Scammers are impersonating federal agencies such as the IRS; they’re often pretending to be from the Social Security Administration and Medicare. When will they start targeting TSP account holders? Identity theft and phishing are threats to all of us. It’s not just bank accounts and credit cards that are at risk, our
Opinion | The unnerving tale of having my Social Security hacked (Washington Post) The Internet offers greater choices, but it also gives cybercriminals a host of opportunities.
Security Patches, Mitigations, and Software Updates
Released: PoC for RCE flaw in Palo Alto Networks firewalls, gateways (Help Net Security) Palo Alto Networks has silently patched a critical remote code execution vulnerability (CVE-2019-1579) in its enterprise GlobalProtect SSL VPN.
Apple fixes Walkie Talkie app vulnerability in watchOS update (TechCrunch) If you are, for some reason, an avid Walkie Talkie user on the Apple Watch, you will be pleased to learn that the functionality is back in the latest watchOS update today. The watchOS 5.3 release notes specify that the update “[p]rovides important security updates including a fix for the Walk…
Chrome 76 blocks websites from detecting incognito mode (Naked Security) Ever bypassed a website paywall using a browser’s privacy mode? It was once a simple hack, however, it no longer works for most websites.
Cyber Trends
Risk Assessment Data Compiled by ConnectWise Reveals Most SMBs Exposed to Critical Security Risks (West) Nearly 70% of SMBs have not identified and documented cybersecurity threats
M&As a hotbed for hackers and cybercriminals (Business News Australia) With breaches of cybersecurity now one of the most looming threats for most Australian businesses and their sustainability, many are wondering how best to protect their operations.
IBM Study Shows Data Breach Costs on the Rise; Financial Impact Felt for Years (Yahoo) IBM (NYSE: IBM) Security today announced the results of its annual study examining the financial impact of data breaches on organizations. According to the report, the cost of a data breach has risen 12% over the past 5 years1 and now costs $3.92 million
Cyberthreats targeting municipalities are on the rise (Help Net Security) Cyberthreats targeting municipalities are on the rise, according to the Mid-Year Global Security Report, released by AppRive.
New Cyber Attack Trends Report Reveals That Digital Criminals Made Off With $45 Billion in 2018 (CPO Magazine) Recent Cyber Incident & Breach Trends report not only reveals a $45 billion cyber crime industry in 2018, it also suggests a shift in cyber attack trends towards focused attacks on businesses.
Healthcare's blind spot: Unmanaged IoT and medical devices (Help Net Security) From imaging to monitoring systems, infusion pumps to therapeutic lasers and life support machines, medical devices are used to improve and streamline
Companies Beware: IoT Devices Are a Doorway to Cyberattacks (SUpply Chain Brain) The internet of things offers businesses an unprecedented level of visibility and control over their supply chains. But it also opens the door to potentially crippling cyberattacks.
Marketplace
Norsk Hydro sees higher cost of cyber attack as second quarter lags (Yahoo News) Norsk Hydro, one of the world's largest aluminum producers, said a cyber attack it sustained in March would cost it more than expected in the second quarter as it reported quarterly earnings that slightly lagged forecasts on Tuesday. The cyber attack is now expected to cost 250-300 million crowns
The next step in the Army’s $800M upgrade to its intel-sharing system (C4ISRNET) The Army is looking to a award a contract worth as much as $800 million to upgrade it’s battlefield intelligence-sharing system.
QOMPLX Secures $78.6 Million Series A Financing Led By Cannae Holdings And Motive Partners (Yahoo) QOMPLX™, an intelligent decision platform provider, today announced it has closed its Series A financing totalling $78.6 million, led by Cannae Holdings, Inc. and Motive Partners. Formerly known as Fractal Industries, QOMPLX will use the growth capital to rapidly
Microsoft invests $1 billion in OpenAI to pursue holy grail of artificial intelligence (The Verge) Artificial general intelligence is the biggest moonshot in AI.
Cowen expects cybersecurity earnings strength (Seeking Alpha) Cowen analyst Nick Yako thinks cybersecurity companies will report solid Q2 results due to strong demand particularly in the North American market, where spending should remain favorable through the end of the year.
Carbon Black Is Not The Best Cybersecurity Investment (Seeking Alpha) Carbon Black is transitioning from an on-premise cybersecurity company to a cloud-based one, but on-premise still is a significant portion of revenues.
CrowdStrike: The Market Ignores The Competition (Seeking Alpha) CrowdStrike reported encouraging fiscal Q1 2020 earnings with strong growth and operating leverage.
'I kept my multimillion dollar business secret' (BBC News) Young entrepreneur Marcin Kleczynski secretly ran his business Malwarebytes from his college dormitory.
Remembering Cyber Industry Leader Mark Cohn (WashingtonExec) Mark Cohn, former chief technology officer of Unisys Federal Systems and leading cybersecurity industry executive, died July 14. He will be remembered
Google Will Pay You Up To $150K If You Can Break It (Forbes) Google has an offer you might find hard to refuse, assuming you like to break things. It has announced it will pay up to $150,000 (£120,000) to those who can find the holes in Google stuff.
Cyber Defense Magazine Names 30 Finalists in Black Unicorn Awards for (PRWeb) Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine with its sister http://www.cyberdefenseawards.com platform is announci
ExtraHop Honored as One of Washington’s Best Companies to Work For by Seattle Business Magazine (Yahoo) ExtraHop®, provider of enterprise cyber analytics from the inside out, announced today it has been honored as one of Washington’s best companies to work for by Seattle Business Magazine for the second consecutive year. The recognition is based on anonymous surveys conducted by a third-party research
ReFirm Labs Recognized on CRN's 2019 Emerging Vendors List as a Top Provider for IoT/Firmware Security Solutions (Yahoo) ReFirm Labs, a provider of the industry's first proactive IoT and firmware security solutions, announced today that CRN®, a brand of The Channel Company, has named ReFirm Labs to its 2019 Emerging Vendors list in the Security category. The annual
Caveonix Names Cybersecurity Software Leader Erich Baumgartner Chief Revenue Officer (PR Newswire) Caveonix, the first company providing proactive defense for compliance and security in hybrid-Multicloud...
Experian names senior VP of product management for Global Identity & Fraud Solutions (Biometric Update) Product management leadership veteran EK Koh has joined Experian as senior vice president of product management for Global Identity & Fraud Solutions. Koh is expected to help Experian drive gro…
BAE Systems announces three appointments to its senior leadership team (Help Net Security) BAE Systems announced three appointments to its senior leadership team, including Alice Eldridge, Travis Garriss and Leslie Jelalian.
Aura Announces Addition to Executive Leadership Team (Yahoo) Aura, a unified threat protection platform committed to making digital security simple for everyone, today announced the expansion of its leadership team with the appointment of human resources leader Jeanne Gray as chief people officer. Gray brings key
Products, Services, and Solutions
Proofpoint Drives People-centric Innovation with Two Industry-Firsts: Enhanced URL Isolation Based on User Risk Profiles and New Training Customization (West) Leading cybersecurity company protects organizations’ most attacked people from phishing attempts, malware, and data loss risk, while boosting online training effectiveness
Collibra Debuts New Privacy & Risk Product to Power Data Intelligence (Collibra) Collibra, the Data Intelligence company, today announced the launch of Collibra Privacy & Risk, a new enterprise-grade product that will empower organizations to proactively manage personal data assets by enabling compliance with privacy regulations, helping to protect data, and unlocking...
Perimeter 81 Amplifies Its Global Reach with Ingram Micro Cloud Distribution Agreement (PR Newswire) Perimeter 81, a leading provider of software-defined network security solutions, today announced a distribution ...
EdgeConneX® and Rackspace Team to Provide Hybrid Cloud Solutions Across EdgeConneX Global Edge Data Center® Platform (Yahoo) Partnership Brings Hybrid Cloud Solution to the Enterprise with Localized, Multi-Cloud Capabilities via EdgeConneX Highly Proximate Edge Data Centers and Rackspace Managed Hosting and Cloud Offerings HERNDON, ...
Netography Announces Open Beta of New Security Technology: Distributed IPS (BusinessWire) Netography, which turns any network asset into a security device using a cloud-native Distributed Intrusion Prevention System, releases open beta
Bitdefender Browser Isolation Stops Sophisticated Cyber Threats (Bitdefender) Bitdefender, a global cybersecurity leader protecting over 500 million systems across 150 countries, today announced availability of Bitdefender Browser Isolation. Creating a virtual air-gap between end-user systems and the web, it ensures attackers cannot gain a foothold or escape the execution environment of virtualized browsers.
Technologies, Techniques, and Standards
Emsisoft Decrypter for LooCipher (Emsisoft) LooCipher encrypts the victim's files using AES-128 ECB, and adds the extension
Protecting tech startups without compromising on innovation (Information Age) Tech startups, by their very nature, are innovation-led. But, this doesn't mean protection against cyber security threats can be ignored
Research and Development
The Army wants better cyber defense in 4 areas (Fifth Domain) The Army wants to hear from contractors how they can help improve the cyber posture of critical areas.
Academia
Digital Defense, Inc. and UTSA Partnership Facilitates Cybersecurity C (PRWeb) Digital Defense, Inc. and The University of Texas at San Antonio (UTSA) Department of Computer Science jointly announced today a partnership that will provide st
Legislation, Policy, and Regulation
EU completes first phase of 5G cybersecurity risk assessment (RCR Wireless News) Although 5G networks are already live in the European Union, leaders are chipping away at a plan to conduct a rigorous assessment of 5G cybersecurity risks.
The Future of 5G or Quo Vadis, Europe? (Kosciusko Institute) As little as a year ago few experts would probably anticipate the fifth-generation telecommunication network development issue along with 5G vendor choice to become an acid test for new geopolitical and geoeconomic alignments of states and regions. Today, it is obvious that the pillar of power, might, and agency that global actors …
Government dodges decision on Huawei 5G ban (The Telegraph) A final decision on the role Huawei can play in building Britain’s 5G mobile networks will be left to the new prime minister, MPs were told this evening.
Trump Touts Tech Industry Support for Huawei Exemptions (Wall Street Journal) President Trump agreed to grant timely licensing decisions to U.S. technology companies that want to continue lucrative sales to Huawei Technologies, as the administration seeks to restart trade talks with China.
Trump agrees to prompt responses to license requests for Huawei sales (Reuters) President Donald Trump agreed at a meeting with the heads of top technology comp...
Why this security expert is concerned about Huawei (CNBC) Huawei suppliers are expected to meet at the White House on Monday to talk about doing business with the Chinese telecom giant. Robert Spalding, senior fellow at the Hudson Institute, joins "Squawk Box" to discuss why he's been very outspoken about the security issues posed by Huawei.
Unplugging From Digital Controls to Safeguard Power Grids (IEEE Spectrum) Legislation passed by the U.S. House and Senate supports isolating power equipment to block cyber attacks
Brexit is Jeopardizing the U.K.'s Cybersecurity—And Fueling the Rise of the "Splinternet" (Fortune) The U.K. is already being excluded from cybersecurity meetings
China's anti-addiction regulations put American game developers in an awkward moral situation (pcgamer) Bending to the will of Chinese policy, videogame companies are "crossing a new threshold" according to digital privacy advocates.
Intel chief addresses ‘enduring challenge’ of election security (Fifth Domain) The Office of the Director of National Intelligence has assigned a new executive position to coordinate activities.
Why getting election security right for 2020 matters (CSO Online) The U.S. is moving at glacial speed to secure election systems against possible interference by foreign adversaries. We're not even close to ready, and that could call contests into question.
Stop facial recognition trials now, warns UK committee (Naked Security) The UK government should suspend trials of automatic facial recognition systems until it can meet regulators’ concerns about the technology, according to a report released Friday.
Amazon Alexa, Google Home Are On a Collision Course With Regulation (Threatpost) Threatpost talks to Tim Mackey with Synopsys about recent Amazon Echo and Google Home privacy faux pas. Will GDPR and other regulations catch up to the voice assistants?
Anti-Money Laundering Rules For Cryptocurrency Dealers Finalized By Canadian Government (Mondaq) The Canadian Department of Finance published amendments to regulations made under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act 2019 (PCMLTFA) Canada Fin Tech Osler, Hoskin & Harcourt LLP 22 Jul 2019
OPM Cuts Security Clearance Backlog in Half, But Processing Delays Spell Trouble for Pentagon (Government Executive) The National Background Investigations Bureau is barreling through the backlog of clearance applications as the Defense Department prepares to take over the function in October.
Analysis | The Cybersecurity 202: Democrats call for harsher data breach penalties after Equifax settlement (Washington Post) The bills face long odds, though.
Lawmakers Propose Bills to Secure Connected Planes, Trains and Automobiles (Nextgov.com) The legislation would set “reasonable” security measures for the numerous IT systems that power our increasingly connected vehicles.
Trump met with Nunes to talk intel chief replacements (POLITICO) The president's get-together with the top House Intelligence Republican has fueled more chatter that Dan Coats may be on his way out.
Litigation, Investigation, and Law Enforcement
Leaked documents reveal Huawei’s secret operations to build North Korea’s wireless network (Washington Post) The company, which faces growing scrutiny and suspicion, worked with another Chinese firm to funnel equipment across the border for nearly a decade, internal documents say.
Huawei reportedly helped North Korea build out 3G network in secret (TechCrunch) A new report could ultimately prove another bombshell in Huawei’s ongoing conflicts with the U.S. government. New documents obtained by The Washington Post tie the Chinese hardware giant to North Korea’s commercial 3G wireless network. If proven, the ties would be yet more fodder for the U.S., whic…
Iran says it arrested 17 Iranians allegedly recruited by CIA (Military Times) Iran on Monday announced the arrest of 17 Iranians accused of spying on the country’s nuclear and military sites for the CIA and said some of them have been sentenced to death. President Donald Trump called it “another lie” from Iran.
$700 Million Equifax Fine Is Still Too Little, Too Late (WIRED) For not keeping Social Security and card numbers safe, Equifax will pay—but not enough, experts say.
Equifax’s data breach settlement cost $5 per hacked customer (Verdict) Equifax will pay up to $700m as part of a settlement for a 2017 data breach in which at least 127 of its customers had their personal data stolen.
Proving you deserve $20,000 from the Equifax settlement will be nearly impossible (CNBC) Equifax will give consumers a range of options for monitoring their credit or making claims of fraud or data misuse, part of a $425 million restitution fund.
Equifax to Pay New York $19.1 Million as Part of Settlement Over Data Breach (New York Law Journal) State officials in New York announced their part in the global settlement Monday after court papers were filed on the agreement in Atlanta.
Md. to receive $5.7M share of settlement with Equifax over data breach (Maryland Daily Record) Equifax will pay up to $700 million to settle with the U.S. and states over a 2017 data breach that exposed Social Security numbers and other private information of nearly 150 million people.
Facebook will have to pay a record-breaking fine for violating users’ privacy. But the FTC wanted more. (Washington Post) The settlement the FTC brokered marks the most significant privacy punishment ever levied against a tech giant. But the story behind it — described by 10 people familiar with the matter — illustrates the challenges facing a 105-year-old agency tasked with watching some of the most powerful digital players in the global economy.
UK ICO Cites Inadequate M&A Data Protection Due Diligence as a Factor in Proposing $125M Breach Fine (Cooley) On July 9, 2019, the UK Information Commissioner’s Office (ICO) publicly announced its intent to impose a £99M (approximately $123M) GDPR fine on Marriott in connection with the discovery and notif…
The Definitive Congressional Guide to Robert Mueller’s Mind (WIRED) Here’s what members of Congress should know before they question the former special counsel.
Leaked Emails Show Frantic Response to Border Patrol Data Breach (Vice) The emails show that CBP didn't know what was in the Perceptics breach until weeks after the media initially reported it.
Siemens contractor pleads guilty to planting logic bomb in company spreadsheets (ZDNet) Logic bomb would crash spreadsheets after a certain date, resulting in Siemens hiring the contractor to fix the latest bugs.
William Dameron, the man that everyone wanted to date (Times) When the first odd message landed from a stranger, asking if he was familiar with the online dating site Plenty of Fish, William Dameron responded as one would expect: blocking the woman and...
GA Man gets 3 Years for Identity Theft (ISSSource) A Georgia man is facing three years and one month in prison and ordered to pay $697,270 in restitution after his sentencing Thursday in federal prison for hacking into more than 100 Apple accounts belonging to high-profile professional athletes and rappers and spending nearly $325,000 using stolen financial information from several of these victims.
Shanann Watts’ father pleads for end to cyber bullying, harassment (FOX31 Denver) At a press conference Monday, Shanann Watts' father pleaded for an end to the cyber bullying and harassment his family has received since his daughter and granddaughters were killed.