Cyber Attacks, Threats, and Vulnerabilities
Is 5G safe? The cloud hanging over the network’s launch (The Telegraph) 5G is here.
Russia Linked To Cyberattacks On Bellingcat Researchers Investigating GRU (Updated) (Forbes) According to a new report, Russian hackers—likely associated with GRU military intelligence—have mounted a highly-sophisticated cyberattack on the end-to-end encrypted accounts of journalists covering the country's activities.
Bellingcat journalists targeted by failed phishing attempt (TechCrunch) Investigative news site Bellingcat has confirmed several of its staff were targeted by an attempted phishing attack on their ProtonMail accounts, which the journalists and the email provider say failed. “Yet again, Bellingcat finds itself targeted by cyber attacks, almost certainly linked to …
Cyber attack targets world's most secure Protonmail; Firm terms it a failed phishing attack (International Business Times, Singapore Edition) These cyber attackers targeted investigative journalists and other experts who are exploring Russian intelligence activities.
Statement on the attempted phishing attack against Bellingcat (ProtonMail Blog) Earlier this week, investigative journalists at Bellingcat were targeted by a sophisticated phishing attack. As there has been some incorrect reporting about the incident, we are releasing a statement to provide clarification. On July 24, investigative journalists at Bellingcat, which utilize ProtonMail to secure their communications, were targeted by a sophisticated phishing attack that attempted …
Facebook Cancels Russia-Linked Fake Accounts Focusing on Ukraine (BleepingComputer) Facebook this week announced that it removed multiple Pages, Groups, and accounts on its social networking platforms tied to Russian actors intending to manipulate public opinion ahead of the election in Ukraine.
Mueller's testimony clear: Russian election meddling ongoing (SC Media) Despite Special Counsel Robert Mueller’s slow, halting cadence, and apparent difficulty hearing or understanding some questions put to him by members
The Unsexy Threat to Election Security (KrebsOnSecurity) Much has been written about the need to further secure our elections, from ensuring the integrity of voting machines to combating fake news. But according to a report quietly issued by a California grand jury this week, more attention needs to be paid to securing social media and email accounts used by election officials at the state and local level.
State election offices made for an easy target for Russian hackers (Fifth Domain) A new Senate report shows Russian-backed hackers targeted U.S. states through lax security, documenting holes in state networks and by infiltrating voter registration databases.
Browser plug-ins peddled personal data from over 4m browsers (Naked Security) Nacho Analytics gathered data like passwords, tax and prescription data from browser add-ons – and those who bought it can keep it.
Hackers Inject Multi-Gateway Card Skimmer via Fake Google Domains (BleepingComputer) Attackers are using fake Google domains spoofed with the help of internationalized domain names (IDNs) to host and load a Magecart credit card skimmer script with support for multiple payment gateways
Newton Tech4Dev Research Identifies Ad and PR Executives as "Chief Architects" of Fake News Production and Social Media Trolling (Newton) Researchers from the University of Massachusetts Amherst and the University of Leeds (U.K.) have released a new research report that sheds light on the network of digital workers designing political disinformation campaigns, authoring fake news and fanning the flames of public discontent in the Philippines. The report, “Architects of Networked Disinformation: Behind …
IT suppliers forced to close after procurement scam (CRN Australia) Cyber crims have made off with $700,000 already.
Instagram Porn Bots Evolve Methods for Peddling Adult Dating Spam (Tenable®) Incentivized by affiliate programs, scammers are evolving how they utilize fake Instagram accounts to target users on the popular social media platform.
MyDoom: The 15-year-old malware that's still being used in phishing attacks in 2019 (ZDNet) A decade-and-a-half from when it emerged and held the title of the most destructive computer virus of all time, MyDoom still persists.
Notorious MyDoom Worm Still on AutoPilot After 15 Years (BleepingComputer) The notorious Mydoom email worm, considered to be one of the most damaging malware strains ever developed, is still doing rounds on the Internet, working on autopilot and actively targeting email users all over the world.
Exposed password gave hacker access to Comodo internal files (TechCrunch) A hacker gained access to internal files and documents owned by security company and SSL certificate issuer Comodo by using an email address and password mistakenly exposed on the internet. The credentials were found in a public GitHub repository owned by a Comodo software developer. With the email…
Citrix hack caused by weak passwords, lax infosec (CRN Australia) Vendor couldn't combat a brute force password spraying attack.
CYBERSECURITY: 'Ransomware' hackers disrupt South African grid (E&E News) A major electric utility in South Africa said it suffered a crippling "ransomware" attack on its business networks this week, as multiple customers reported power outages in the resulting turmoil.
Ransomware attack leaves Johannesburg residents without electricity (Help Net Security) A ransomware attack aimed at City Power, the electricity provider for Johannesburg, has resulted in some residents being temporarily without power.
Johannesburg Utility Recovering After Ransomware Attack (InfoRisk Today) City Power, the local electrical utility that powers Johannesburg in South Africa, is recovering Friday after an unknown ransomware variant that locked-up the
Apple contractors 'regularly hear confidential details' on Siri recordings (the Guardian) Workers hear drug deals, medical details and people having sex, says whistleblower
Siri records fights, doctor’s appointments, and sex (and contractors hear it) (Ars Technica) In a new report, Apple takes its turn in the crosshairs over how it reviews user recordings.
Apple responds to Guardian report about contractors hearing private conversations while 'grading' Siri (9to5Mac) A report today from The Guardian details claims from one of Apple’s contractors about the conversations that are heard as interactions with Siri are reviewed and analyzed. The report brings up privacy and transparency concerns and Apple has released a statement addressing the matter. The Guardian’s source for this latest report is said to be a …
Privacy - Approach to Privacy (Apple) Apple is committed to keeping your personal information safe on your device and in your personalized experiences.
Apple to start ad campaign on data privacy, plans to clean-up allegations on Siri (International Business Times, India Edition) The campaign scheduled to start in India on July 28 will point out Apple's longstanding focus on the privacy of its consumer data and iPhones.
Hey Siri, why are humans reviewing our voice files? (iMore) Digital assistants like Alexa, Google, and Siri use humans to help train them. This has been going on since the beginning but it's only hit the mainstream media and consciousness this year. So, what's going on?
Hey, Siri, I’d like you to leave me alone now (Times) Within three years there will be as many virtual-assistant “bots” on earth as people, the industry predicts. As artificial intelligence is skilfully honed, their slavish behaviour becomes a global...
Georgia State Patrol hit with ransomware attack (CBS46 News Atlanta) ATLANTA, Ga (CBS46) CBS46 obtained exclusive information that Georgia State Patrol has become the latest state agency hit by a ransomware attack.
Wayne County, Ohio, Agencies Hit by Recent Cyberattacks (Government Technology) The Wayne County, Ohio, Commissioners and the Wayne County Board of Developmental Disabilities both fell victim to separate ransomware attacks earlier this month, leaving officials to deal with the aftermath.
Springhill Medical Center's cyber attack (FOX10 News) Springhill Medical Center still recovering after a cyber attack. Mobile Police confirming an ongoing investigation after the hospital was hit with ransomware.
Fraudsters Increasingly Using Email To Target Law Firms And Their Clients (Today's Conveyancer) The Solicitors Regulation Authority (SRA) has issued eight email scam reports in July alone as cyber criminals target the rich and sensitive information held by legal service providers.
Cyber Trends
No environment immune to cyber attacks: Check Point (ETCIO.com) According to a Check Point Software report, no environment is immune to cyber attacks as cybercriminals are constantly developing new tools sets and t..
Damaging insider threats rise to new highs in the past year (Help Net Security) The most damaging security threats are often not originating from malicious outsiders or malware but from trusted insiders with access to sensitive data.
'You've caused an international incident': how my work mistake came back to haunt me (the Guardian) It was the Observer’s big scoop of 2003, and as a young journalist, I was asked to type up a top-secret memo. Now my mess-up has made it to the big screen
The Terrible Anxiety of Location Sharing Apps (WIRED) Google Maps, Find My Friends, and other such apps promise peace of mind. Instead, monitoring our loved ones becomes a nail-biting exercise in anxiety.
Marketplace
Microsoft-Owned GitHub Blocks Devs in US Sanctioned Countries (BleepingComputer) A developer in the Eastern European region of Crimea has found himself at the receiving end of limitations to his GitHub account due to trade control regulations imposed by the US.
Google Continues Investments in Military and Police AI Technology Through Venture Capital Arm (The Intercept) Google promises interested firms access to its own AI training data and sometimes places Google engineers within the companies as a resource.
Intel CEO Bob Swan: Huawei is an 'important customer’ but Intel has to abide by the law (Yahoo) A flashpoint in the U.S.-China trade war, Chinese tech company Huawei is a security threat to some and an innocent bystander to others. For Intel CEO Bob Swan, it’s first and foremost a major customer.
BlackRock is in talks to take over Cofense after US security concerns: Sources (CNBC) BlackRock, an investor in Cofense, is in advanced talks to take over the U.S. cybersecurity firm.
Railway Cybersecurity Firm Cervello Raises $4.5 Million (SecurityWeek) Israel-based Cervello, a company focused on cybersecurity solutions for rail and Metro signaling systems, has raised $4.5 million in a seed funding round.
VMWare acquires Uhana in AI mobile innovation, automation push (ZDNet) VMWare wants to capitalize on the emerging AI and automation solutions market for carriers.
Verizon Hiring Blockchain Experts for ‘Distributed Network’ Project (Bitcoinist.com) U.S. telecom giant Verizon appears ready to join the blockchain space as its website currently lists 35 vacancies requiring ‘blockchain technology knowledge’.
The 10 Biggest Cybersecurity Stocks (The Motley Fool) When looking to invest in this high-growth industry, start with the biggest names on the block.
Check Point Going Nowhere Fast (Seeking Alpha) Revenue and margins were basically on target, but minimal billing growth is going to revive chatter about whether Check Point's revenue is going to decelerate further.
Brigantia Partners bolsters team after strong H1 sales growth (PCR) Ripon-based cyber security distribution business Brigantia Partners has reported a strong first half
Carbonite After Mohamad Ali: Firm Searches For New CEO While Absorbing Webroot (CRN) Steve Munford, now serving as interim CEO, does not want the permanent CEO role.
Versasec Expands APAC Presence (Versasec) Leading IAM provider Versasec expands APAC presence and wins prestigious internationalization grant
Arent Fox Expands Boston Office with Addition of Privacy, Cybersecurity & Data Protection Partner Julia B. Jacobson (Arent Fox) Arent Fox LLP is pleased to announce the expansion of its Privacy, Cybersecurity & Data Protection practice with the addition of Partner Julia B. Jacobson.
Products, Services, and Solutions
New infosec products of the week: July 26, 2019 (Help Net Security) Featured infosec products of the week include releases from: ESET, Centrify, Collibra, STEALTHbits, Bitdefender, Netography, and WatchGuard.
Qualys Announces a New Prescription for Security (Qualys) Free Global IT Asset Discovery and Inventory cloud service spans on-premises, endpoints, multi-cloud, containers, OT and IoT environments
King & Union's Avalon and FireEye Threat Intelligence will Now be Functioning Together (Enterprise Security) FireEye Threat Intelligence and the Avalon SaaS Cyber Analysis Platform by King & Union will be functioning together.
Baffin Bay Networks unveils new version of its threat protection service (Help Net Security) Baffin Bay Networks, the cloud-native cybersecurity experts, announced the latest version of their threat protection service.
WatchGuard updates ThreatSync platform for MSPs (Security Brief) “These new ThreatSync capabilities arm managed service providers with the tools they need to provide malware detection and response (MDR) services by detecting breaches in minutes and automatically mitigating advanced attacks for their customers.
Technologies, Techniques, and Standards
Mossad Chief: 'Cyber Intelligence is Most Important Counter-terror Tool' (OpsLens) The ability to access channels of digital communications, otherwise known as cyberintelligence, has become objective central for the intelligence business
New York authorities test their defenses against cyber attacks (KTVQ.com) Two days after Louisiana officials declared a state of emergency following a massive cyber attack, authorities from New York conducted a “digital fire drill” to see how critical infrastructure would hold up during a security breach. The tabletop exercise, hosted by IBM at its training facility in Boston on Friday, puts leaders from law enforcement, …
Using Threat Trends to Protect Network Resources (SecurityWeek) Analyzing threat trends – especially those collected from live production environments – can provide security teams with insights into how to better protect their organizations from the latest cyber threats.
Fact vs Fiction: The Truth About Breach and Attack Simulation Tools (SecurityWeek) Breach and Attack Simulation (BAS) tools aid in maintaining a fundamental level of security assurance more quickly and cost effectively than traditional approaches.
How Cyber-Ontology Knowledge Boosts Cybersecurity Job Prospects (Dice Insights) Ontology might seem like a weird thing to consider if you're applying to cybersecurity jobs, but it's a mindset that can differentiate you as a candidate.
What To Do When You Get A Suspicious Email | Avast (Avast) Desc: Learn what to do when you get a suspicious email in this step-by-step guide with key warning signs and handy resources.
91st Cyber Brigade completes rollout of ShadowNet enterprise solution (www.army.mil) The Virginia National Guard's Bowling Green-based 91st Cyber Brigade completed the nationwide rollout of its ShadowNet enterprise solution July 19, 2019, with the integration of the 125th Cyber Protection Battalion into the solution's virtual private...
Design and Innovation
Facebook's Ex-Security Chief Details His 'Observatory' for Internet Abuse (WIRED) Alex Stamos' Stanford-based project will try to persuade tech firms to offer academics access to massive troves of user data.
Save The Artificial Intelligence Party For When It's Actually Intelligent (The Federalist) Despite its public image, artificial intelligence software cannot yet match the versatile skills of even the most primitive mammals in the real world.
Legislation, Policy, and Regulation
Home Secretary hosts ‘Five Eyes’ security summit (GOV.UK) Key allies meet to agree joint action to counter current and emerging security threats.
Beijing’s press conference on Hong Kong was thankfully very boring (Quartz) The Hong Kong and Macau Affairs Office made mostly predictable and hackneyed remarks, while batting away a question about the possibility of sending in troops.
Australia to 'lift veil' on Facebook, Google algorithms to protect privacy (CRN Australia) Could potentially set a precedent for global lawmakers.
Sustained Action Needed to Protect Canada in Cyberspace (NetNewsLedger) Size apparently does not always matter in cyberspace, but the lack of cybersecurity always will. Such is the case with Canada, ranked just 38th in the world in population but, as of mid-2018, recorded the third most cyber incidents in the world, according to a 2018 report. As alarming as what we know about cyber …
Opinion | The U.S. government needs to protect against 2020 election meddling (Washington Post) States can’t defend themselves without congressional help.
Has World War 3 already begun? The NSA may know something (American Thinker) This week, the National Security Agency (NSA) made a major announcement regarding America's plan to combat international threats in the midst of an ongoing and seemingly never-ending series of cyber-skirmishes.
Richard Clarke is sounding the alarm about another kind of 9/11 (Fast Company) The U.S.’s first counterterrorism czar says the country desperately needs a new approach to defending itself from—and waging—cyberattacks.
Two White House cyber veterans imagine what a hacker-fueled war would look like (Fast Company) In their new book, ‘The Fifth Domain,’ Richard Clarke—the first White House cyberczar—and Robert Knake imagine the kind of war that few people want to think about.
Government Encryption Backdoors Still Impossible and Pointless, Experts Say (Tom's Guide) Like chasing 'a rainbow-colored unicorn'
Why we fight for crypto (Errata Security) This last week, the Attorney General William Barr called for crypto backdoors . His speech is a fair summary of law-enforcement's side of t...
Intelligence Director Coats to resign next month, Trump says (Washington Post) Rep. John Ratcliffe, a prominent supporter of the president, has been tapped to replace Coats, who had a tense relationship with Trump.
Trump announces replacement for director of national intelligence as Dan Coats set to leave (The Washington Times) President Trump announced Sunday afternoon that Director of National Intelligence Daniel Coats will be stepping down and that he’s picking a Texas congressman to replace him.
Dan Coats Expected to Step Down as Director of National Intelligence in Coming Days (Wall Street Journal) Dan Coats, the Trump administration’s director of national intelligence, is expected to step down in coming days and Rep. John Ratcliffe (R-Texas) is a likely successor though no final decision has been made, according to a person familiar with the matter.
Dan Coats Spoke Truth to Trump. Now He’s Out. (The Atlantic) The director of national intelligence won plaudits for plainly laying out the intelligence community’s assessments on issues ranging from Iran to Russia, putting him at odds with the president.
Cyberspace would be more complex in near future: Adv Skandan (The Kashmir Monitor) A two-day workshop for Judicial Officers, Investigators, Prosecutors, Law Officers and Officers from Anti-Corruption Bureau on ‘Cyber-Laws including Cyber-Crimes, Cyber-Forensics and Cyber-Security’ commenced today at Jammu and Kashmir State Judicial Academy (JKSJA), Mominabad. The workshop is being jointly organized by J&K e-Governance Agency (J&KeGA) and J&K Information Technology Department in collaboration with […]
New York Passes Law to Update Data Breach Notification Requirements (BleepingComputer) New York Governor Andrew M. Cuomo signed the Stop Hacks and Improve Electronic Data Security (SHIELD) Act into law, with the new consumer privacy policy being designed to protect New Yorkers' private data and strengthen the state's data breach policies.
The Complicated Legal Issues Around Revenge Porn (WIRED) The state of New York officially criminalized the spread of nonconsensual pornography, but WIRED’s Emma Grey Ellis tells the Gadget Lab team this new law is only a partial victory.
Litigation, Investigation, and Law Enforcement
More than 1,000 arrested at Moscow election protest: "Russia will be free!" (CBS News) The dispute comes as the Kremlin is struggling with how to deal with strongly opposing views in its sprawling capital of 12.6 million people
Alexei Navalny: Poisoning fears grow as jailed Putin critic is treated in hospital (Times) Fears were growing over the health of the Kremlin’s most prominent critic last night after he was admitted to hospital and a doctor said he was suffering from contact with a toxic substance. Alexei...
No More Ransom project has prevented ransomware profits of at least $108 million (ZDNet) No More Ransom project is celebrating its three-year birthday today.
Australia Cracks Down on Google, Facebook Face After Probe (Time) The inquiry highlighted concerns about the firms' market power
Coast Guard Details February Cyberattack on Ship (Wall Street Journal) The cyberattack on a merchant vessel that prompted a U.S. Coast Guard warning this month was due to an infection with the Emotet malware, which has been particularly effective in attacking government and corporate networks.
Defense contractors aren't securing sensitive information, watchdog finds (FCW) The Defense Department's inspector general said contractors fail to follow cybersecurity guidelines for controlled unclassified information.
Brexit: key strands of British policing 'in jeopardy' because of no-deal risk (the Guardian) NCA harvesting EU crime databases in attempt to mitigate loss of access to data, leaked report suggests
Venezuela is buying Bitcoin with airport taxes to smuggle in US dollars, report (Hard Fork | The Next Web) Venezuela appears to be leveraging cryptocurrencies as part of a larger effort to bypass US sanctions.
The IRS is warning thousands of cryptocurrency holders to pay their taxes (CNBC) The IRS is in the process of sending letters to U.S. citizens who own virtual currency and potentially failed to pay the necessary taxes.
People forged judges’ signatures to trick Google into changing results (Ars Technica) A CBS investigation finds at least 60 examples of fake court orders in takedowns.
Brazil's Top Government Officials Were Hacked by "Spoofing" Attacks | The Rio Times (The Rio Times) Four people were arrested this week during Operation Spoofing by the Federal Police on suspicion of having hacked into the cell phone of Minister Sérgio Moro and other high ranking government officials, including president Jair Bolsonaro and Economy Minister Paulo Guedes.
‘WannaCry hero’ sentenced for selling Kronos malware (TechCrunch) Marcus Hutchins, the malware researcher who became known as an “accidental hero” for stopping the WannaCry ransomware attack in 2017, has been sentenced to supervised release for one year on charges of making and selling the Kronos banking malware. Presiding Judge J. P. Stadtmueller des…
WannaCry hero gets off lightly, avoids prison – was justice done? (Naked Security) Wrote malware for money, went straight, got busted, didn’t go to prison. Has US cybercrime enforcement gone soft?
Cyber Expert Dodges Prison Time in Banking Malware Scheme (Courthouse News) Weighing his prior crimes against his help in stopping a global computer virus two years ago, a federal judge on Friday sentenced a world-famous British cybersecurity expert to time served and a year of supervised release for his role in a major malware scheme.
Teenage hackers are offered a second chance under European experiment - CyberScoop (CyberScoop) The effort, called “Hack_Right,” is aimed at first-time offenders who may be skirting the law from behind their keyboard and not even realize it.
The FBI thinks Long Island Iced Tea’s infamous blockchain pivot was part of a trading scam (Quartz) It’s been two years since Long Blockchain Corp.’s eyebrow-raising pivot, and the FBI still has lots of questions.
Feds: Ex-NSA Employee Cyberstalked and Harassed His Ex-Girlfriend and Her Family for Nearly Two Years (The Daily Beast) Brendon Spann, a current Department of Education employee, allegedly sent at least 400 messages to over 30 people connected to his ex after they broke up.
Ireland-Based Admin of Silk Road Marketplace Sentenced to Prison (SecurityWeek) An Irish man was sentenced to prison for his role in running the online black market Silk Road, the U.S. Department of Justice announced.
Anti-virus pioneer John McAfee holes up in London (Mail Online) John McAfee, 73, was released on Wednesday and left the Dominican Republic on Thursday with his wife. They then had a stop-over in Madrid and are now in Camden, north London.
Sexting, salacious snapshots: Inside SEAL Team 6′s spoofing scandal (Navy Times) It's the latest imbroglio to embarrass the SEALs, the elite special operators once lauded as “silent professionals” who eschewed the shenanigans that snagged headlines.
The Facebook vigilantes who hunt pedophiles (Quartz) "Pedophile hunting" via Facebook is a contemporary version of public punishment, but it's also a messy amalgam of influences ranging from reality TV to tabloid culture.
Scott says he wasn’t told about Russian hacking in 2016 (Washington Post) U.S. Sen. Rick Scott says he was never told in 2016 when he was Florida’s governor that Russian hackers had gained access to voter databases in two Florida counties ahead of the presidential election
Devin Nunes: CIA has 'come clean' but John Brennan remains a concern (Washington Examiner) Rep. Devin Nunes, the top Republican on the House Intelligence Committee, said the CIA has "come clean" for his review of the early stages of the Trump-Russia investigation.
Mueller’s team told Congress his acuity was not an issue. Some lawmakers privately worry it was. (Washington Post) Those familiar with Robert Mueller’s work say he was an engaged leader throughout the investigation.