Cyber Attacks, Threats, and Vulnerabilities
Cyberattacks against industrial targets have doubled over the last 6 months (ZDNet) 12,000 workstations on average will be damaged in cases of destructive malware.
From State-Sponsored Attackers to Common Cybercriminals: Destructive Attacks on the Rise (Security Intelligence) Destructive attacks have been on the rise, posing a growing threat to a wide variety of businesses who may not consider themselves an obvious target of cybercriminals.
Chinese state-backed hackers APT10 behind cyber attack on US utilities? (International Business Times, Singapore Edition) Proofpoint researchers broke the news and explained how the Chinese state-backed hacking groups targetted US utilities.
What You Need to Know About LookBack Malware & How to Detect It (Nozomi Networks) A new spearphishing campaign targetting U.S. utility companies used a malware called “LookBack.” Learn more about LookBack malware and how you can detect it
Over Two Million Online Records Held to Ransom (Infosecurity Magazine) Mexican bookstore suffers compromise after leaving MongoDB database exposed
Capital One Data Breach: Cyberint's Take (Cyberint) Facts: On July 29th, 2019 Capital One Financial Corporation, a US-based bank holding company specializing in banking, credit cards, loans and savings, today released a statement regarding the detection of a breach resulting in unauthorized access to personal data pertaining to over 100 million Canadian and US credit card applicants and customers.
StockX was hacked, exposing millions of user records (TechCrunch) It wasn’t “system updates” as it claimed. StockX was mopping up after a data breach, TechCrunch can confirm. The fashion and sneaker trading platform pushed out a password reset email to its users on Thursday citing “system updates,” but left users confused and scrambl…
StockX Password Reset Emails Are Legit, Suspicious Activity Detected (BleepingComputer) The StockX sneaker and streetwear resale site has started sending out emails to all of their users stating that they need to reset their passwords due to a system update. While these emails are legitimate, as they do not provide much details, users have been concerned that they are phishing attempts or their accounts are being hacked
New version of MegaCortex targets business disruption (Accenture) iDefense engineers have identified and analyzed a recently updated version of the dangerous ransomware MegaCortex, which is known to have previously caused costly incidents across various industries in Europe and North America.
Misconfigured JIRA Servers Leak Info on Users and Projects (BleepingComputer) Misconfigured Jira servers from big names in the tech industry exposed information about internal projects and users that could be accessed by anyone with a good command of advanced search operators.
New Dragonblood vulnerabilities found in WiFi WPA3 standard (ZDNet) Two new Dragonblood bugs allow attackers to recover passwords from WPA3 WiFi networks
DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords (Security Affairs) Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. passwords. A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen)devised new methods to hack WPA3 protected WiFi passwords by exploiting two new vulnerabilities dubbed Dragonblood flaws. We first met this team of experts […]
Warning over GermanWiper ransomware that erases victim's data but still asks for ransom (Computing) Victims have been advised not to pay ransom that that won't help them recover their files
GermanWiper Ransomware Erases Data, Still Asks for Ransom (BleepingComputer) Multiple companies were off to a rough start last week when a phishing campaign pushing a data-wiping malware targeted them and asked for a ransom. Researchers call it GermanWiper.
Apple Suspends Siri Program After Privacy Backlash (Threatpost) Apple's Siri follows Amazon Alexa and Google Home in facing backlash for its data retention policies.
Amazon schickt Alexa-Gespräche an Heimarbeiter in Polen (Welt) Millionen von Alexa-Sprachbefehlen werden von Zeitarbeitern in Polen ausgewertet – und das auch in Heimarbeit. Nutzerdaten sind dabei praktisch ungeschützt. Amazon zieht jetzt die Notbremse.
Alexa: Amazon lässt Mitschnitte von Zeitarbeitern in Polen auswerten (Die Welt) Millionen von Alexa-Sprachbefehlen werden von Zeitarbeitern in Polen ausgewertet – und das auch in Heimarbeit. Nutzerdaten sind dabei praktisch ungeschützt. Amazon zieht jetzt die Notbremse.
Amazon Alexa voice recordings sent into Polish homes (Deutsche Welle) Private voice commands told to Amazon's virtual assistants are being transcribed by agency workers, a newspaper reports. Numerous cases have emerged of smart speakers spying on users breaking the law or having sex.
Amazon quietly adds ‘no human review’ option to Alexa settings as voice AIs face privacy scrutiny (TechCrunch) Amazon has tweaked the settings for its Alexa voice AI to allow users to opt out of their voice recordings being manually reviewed by the company’s human workers. The policy shift took effect Friday, according to Bloomberg, which reports that Alexa users will now find an option in the setting…
New Lord exploit kit is spreading 'Eric' ransomware, according to Malwarebytes (Computing) Lord EK part of malvertising chain spread via PopCash ad network, exploiting security flaws in Flash Player
Latest Trickbot Campaign Delivered via Highly Obfuscated JS File (TrendLabs Security Intelligence Blog) We have been tracking Trickbot banking trojan activity and recently discovered a variant of the malware (detected by Trend Micro as TrojanSpy.Win32.TRICKBOT.TIGOCDC) from distributed spam emails that contain a Microsoft Word document with enabled macro. Once the document is clicked, it drops a heavily obfuscated JS file (JavaScript) that downloads Trickbot as its payload. This malware also checks for the number of running processes in the affected machine; if it detects that it’s in an environment with limited processes, the malware will not proceed with its routine as it assumes that it is running in a virtual environment.
Cofense Labs Publishes Database of Over 200 Million Compromised Accounts Targeted by Sextortion Email Campaigns (PR Newswire) Cofense™, the global leader in intelligent phishing defense solutions, today published a database of over 200...
Beware of Emails Asking You to "Confirm Your Unsubscribe" Request (BleepingComputer) A long-running scam email campaign that pretends to be an unsubscribe confirmation request has seen an uptick recently. These emails should never be clicked on or responded to as they are designed to harvest working email addresses or to perform some other type of scam.
Keeping a Hidden Identity: Mirai C&Cs in Tor Network (TrendLabs Security Intelligence Blog) We found new samples of Mirai targeting IP cameras and DVRs with exposed ports and default credentials. Like its predecessors, it allows attackers remote access and the use of infected devices to form a botnet for DDoS attacks. However, the C&Cs were traced back to the Tor network, keeping the cybercriminals' identities anonymous and protecting the servers from being shut down despite discovery.
A-level students at risk of email fraud, warn cyber security experts (Metro) Many top universities are not following basic best practice
How Over 25 People Got Scammed Into Working At A Nonexistent Game Company (Kotaku) Brooke Holden had all but given up on breaking into the video game business.
When Hardware Comes With Malware (Embedds) Building a device from the motherboard up is a rewarding, albeit frustrating endeavor.
Security Patches, Mitigations, and Software Updates
Siemens Fixes VxWorks Holes (ISSSource) Siemens has updates for multiple vulnerabilities involved in the embedded VxWorks in its SIPROTEC 5 Ethernet plug-in communication modules and devices, according to a report from Siemens ProductCERT.
Cyber Trends
Is the world's growing reliance on a handful of cloud computing giants setting us on a path to disaster? (The Telegraph) It was the day the internet suffered a meltdown.
A dismal industry: The unsustainable burden of cybersecurity (ZDNet) Cybersecurity spending is the fastest-growing segment in IT budgets, but it provides no productivity gains or protection against more advanced exploits.
Extortion Emails on the Rise: A Look at The Different Types (BleepingComputer) Since 2018, a constant stream of extortion email scams have been targeting users with fake threats designed to scare you into sending a payment in bitcoins to avoid an embarrassing leak or threat of legal action.
Report: $1.2M Earned Through Bitcoin ‘Sextortion,’ Bomb Threat Scams (Cointelegraph) Cybercriminals earned $1.2 million in Bitcoin through “sextortion” and bomb threat email scams in the last 12 months, according to a recent report.
Marketplace
Analyzing the Black Hat USA 2019 Business Hall (Swagitda) Prerequisite plug that you should come see my talk with Dr. Nicole Forsgren at Black Hat next week (16:00 in South Pacific)!
What type of vendors are showing themselves off in the Business Hall? Are they mostly startups? Exactly like last year, 46% of the vendors in the Business Hall are startups backed by venture capital (VC) firms. Private companies represent only 13% of total vendors this year (vs. 17% last year), and there are far more acquired companies (“M&A” within the chart) this year (8% vs.
A cyber solution to secure our networks and close the workforce gap (TheHill) The nation is at risk for a potential cyber shutdown.
Is your boss spying on you? How office ‘snooptech’ has become a £2.7bn industry (The Telegraph) When Rebecca Saunders was called to one side by her manager to check if she was planning to resign, she knew something was up.
AI startup Behavox targets 'unicorn' status with $100m funding round (The Telegraph) The boss of British artificial intelligence start-up Behavox could soon be worth more than $400m after it emerged his company is targeting "unicorn" status in an upcoming funding round.
Huawei joins ‘Paris Call’ for trust, security in cyberspace (Dhaka Tribune) Huawei believes in better security as the foundation of their existence
Rhipe acquires encryption and cyber security company (Business News Australia) Business News Australia reports on national business news with a special focus on Sydney, Melbourne, Brisbane, Adelaide and the Gold Coast.
Products, Services, and Solutions
whiteCryption Secure Key Box for Transport Layer Security is available for app developers (Help Net Security) whiteCryption announced that whiteCryption Secure Key Box (SKB) for Transport Layer Security (TLS) is available for app developers.
SentinelOne integrates the MITRE framework with its ActiveEDR and Ranger IoT capabilities (Help Net Security) SentinelOne, the endpoint protection company, announced new EDR capabilities that take its integration with the MITRE ATT&CK framework to the next level.
Women in cyber security to gather at new International Spy Museum for annual celebration (PR Newswire) For the 6th consecutive year, the CyberWire will be bringing together women from around the region and across the...
Technologies, Techniques, and Standards
Google Project Zero: 95.8% of all bug reports are fixed before deadline expires (ZDNet) Google Project Zero: Disclosing technical bug reports and PoCs help defenders more than attackers.
This hacker will trick you, and you'll be glad she did (CNET) Watch as IBM X-Force Red’s best social engineer reveals our hidden passwords, cracks our keyfobs and hacks our phones.
Design and Innovation
Quantum cybers land in Vault Cloud thanks to QuintessenceLabs (ZDNet) The offering has been touted as the world's first secure and scalable package for enterprise file synchronisation and sharing systems.
How an Ex-NSA mathematician changed the way Covenant Eyes monitors porn use (Christian Post) The online pornography accountability service Covenant Eyes implemented this year a new software designed mostly by a former National Security Agency data scientist that makes it nearly impossible for users to take advantage of loopholes in order to view pornography undetected.
Academia
Cybersecurity competition winners to represent Oman at regional conference (Times of Oman) The third edition of cyber stars competition, organised by the Arab Regional Cybersecurity Center and Silensec and sponsored by Ernst & Young, has concluded
Williston State College students win trip to cybersecurity conference (Williston Herald) Two Williston State College students spent the week in Bossier City, Louisiana at the 2019 Community College Cyber Summit.
Legislation, Policy, and Regulation
US Falls Behind EU in Responding to Disinformation Campaigns (The Globe Post) The United States has fallen behind the European Union in efforts to fight Russian disinformation, according to expert organizations studying the topic.
Battle Of Wits: US-Iran Cyber Escalation – OpEd (Eurasia Review) Through the darkness of the pathways that we march, evil and good live side by side and this is the nature of life. We are in a continuous imbalance and inequivalent confrontation between democraci…
Barr says the US needs encryption backdoors to prevent “going dark.” Um, what? (Ars Technica) "The FBI says they're 'going dark.' Well yeah, because they've been staring at the sun."
Bill seeks to prevent another Cambridge Analytica (CNET) The legislation seeks to prevent the exploitation of voter data for online targeting.
Litigation, Investigation, and Law Enforcement
DCMS Committee Request Further Facebook Details on Cambridge Analytica Investigation (Infosecurity Magazine) DCMS Committee chair Damian Collins asks Facebook's Nick Clegg for more details
American Graduates Of China's Yenching Academy Are Being Questioned By The FBI (NPR.org) In the last two years, at least five graduates have been approached by agents to gather intelligence on the program and to ascertain whether they have been co-opted by Chinese espionage efforts.
GitHub sued for aiding hacking in Capital One breach (ZDNet) Class-action lawsuit filed in California against Capital One... and GitHub???
Github sued for encouraging hacking in Capital One data breach lawsuit (Computing) GitHub does nothing to stop hacked data and exploits from being uploaded, claims lawsuit
Hacker Accused of Capital One Breach Threatened to 'Shoot Up' Social Media Company, Prosecutors Say (Gizmodo) The individual suspected of being behind the massive Capital One data breach that compromised the data of an estimated 106,000 million people, Paige Thompson, has been accused in a court filing of threatening to “shoot up” a California-based social media company and cause harm to herself and others.
The Capital One breach is more complicated than it looks (The Verge) It can be hard to tell legitimate research from criminal enterprise
Equifax May Not Pay You That $125 Because It Screwed Too Many People (Vice) After “overwhelming” public interest, the FTC now urges users to settle for free credit monitoring instead.
FBI's haunting warning about 'lone offenders' paints a grim picture (USA TODAY) Series of deadly shootings highlight a simmering threat within the USA, a risk nearly on par with the international terror threat
The El Paso Shooting and the Gamification of Terror (Bellingcat) On August 3, 2019, at around 11am local time, initial police reports indicated that a gunman had walked into an El Paso Wal-Mart and opened fire. As of the publication of this article, at least eighteen people have died and several others have been injured. One victim was a four-month old infant. As we’ve seen...
Connor Betts: Twitter Posts on Being a Leftist, Guns (Heavy.com) On Twitter, Connor Betts, the Dayton shooter, called himself a leftist and wrote that he was going to hell. Read more about his politics and social media.
Cyber security company dumps 'cesspool of hate' over Texas rant (The New Daily) Online message board 8chan has been dumped by cyber security firm Cloudflare after being used to post a rant by the suspected El Paso shooter.
Terminating Service for 8Chan (The Cloudflare Blog) The mass shootings in El Paso, Texas and Dayton, Ohio are horrific tragedies. In the case of the El Paso shooting, the suspected terrorist gunman appears to have been inspired by the forum website known as 8chan.
8chan Is a Megaphone for Gunmen. ‘Shut the Site Down,’ Says Its Creator. (New York Times) The site is a venue for extremists to test out ideas, share violent literature, and cheer on the perpetrators of mass killings.
The Problem Isn't 8chan. It’s Young American Men (BuzzFeed News) "If 8chan is shutdown here is what will happen: someone else will spin up a new imageboard, say 20chan or whatever. People will flock to that."
The FTC is looking into the Amazon and Apple deal that crushed small resellers (The Verge) Experts say the deal raises serious antitrust concerns.
BEC Scammers Cost US Universities Over $872K (Infosecurity Magazine) Man pleads guilty after being extradited from Kenya
Navy CNO takes over Gallagher court-martial amid controversy (Navy Times) In a stunning move Saturday, Chief of Naval Operations Adm. John Richardson removed all court-martial authority from Navy Region Southwest, the command that had been weighing a sentence for Special Warfare Operator Chief Edward “Eddie” Gallagher.
Canada’s detention of Huawei executive Meng Wanzhou ‘angered Chinese’ (South China Morning Post) Foreign Minister Wang Yi calls for ‘quick and proper’ resolution to get relations back on track, during meeting with Canadian counterpart Chrystia Freeland.