Cyber Attacks, Threats, and Vulnerabilities
Twitter, Facebook Target Accounts Spreading Misinformation on Hong Kong Protests (Wall Street Journal) Twitter took down more than 900 accounts that it said were part of a Chinese government campaign to discredit protesters in Hong Kong by spreading misinformation.
Information operations directed at Hong Kong (Twitter) We are disclosing a significant state-backed information operation focused on the situation in Hong Kong, specifically the protest movement and their calls for political change.
Removing Coordinated Inauthentic Behavior From China (Facebook Newsroom) We removed seven Pages, three Groups and five Facebook accounts as part of a small network that originated in China and focused on Hong Kong.
India sees dramatic rise in cyber attacks post-Kashmir decision: Kaspersky (Express Computer) There has been a rise in cyber attacks on Indian institutions after the abrogation of Article 370 and 35A and the country needs to be extra careful when it comes to the security of websites and critical infrastructure
The Rise of “Bulletproof” Residential Networks (KrebsOnSecurity) Cybercrooks increasingly are anonymizing their malicious traffic by routing it through residential broadband and wireless data connections.
Vulnerabilities in Google Nest Cam IQ can be used to hijack the camera, leak data (ZDNet) The indoor security device was subject to bugs which threatened user privacy.
Vulnerability Spotlight: Multiple bugs in OpenWeave and Nest Labs Nest Cam IQ indoor camera (Cisco Talos) A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
61 impacted versions of Apache Struts left off security advisories (Naked Security) Researchers found that 24 security advisories inaccurately listed affected versions for the open-source development framework.
Hacker Releases First Public Jailbreak for Up-to-Date iPhones in Years (Vice) Apple accidentally unpatched a vulnerability it had already fixed, making current versions of iOS vulnerable to hackers.
Apple's iOS 12.4 Has a Bug That Enabled a Jailbreak (Digital Trends) It appears iOS 12.4 may not be the safest version of iOS, according to a new report. Apparently, Apple accidentally unpatched a security flaw that was previously fixed in iOS 12.3 -- and the result is that any phone with iOS 12.4 can now be jailbroken. We don't recommend users jailbreak their iPhones.
You Can Jailbreak Your iPhone Again (But Maybe You Shouldn’t) (WIRED) Apple reintroduced a previously fixed bug in iOS 12.4, which has led to a jailbreak revival.
Adult website data leak connected private users to content uploads (ZDNet) An open database provided full access to user emails and the content they uploaded, liked, and shared.
Report: Data Breach in Adult Site Compromises Privacy of All Users (vpnMentor) Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a data breach in adult site Luscious. Luscious is a niche pornographic image site ...
Hackers Use Fake NordVPN Website to Deliver Banking Trojan (BleepingComputer) The attackers who previously breached and abused the website of free multimedia editor VSDC to distribute the Win32.Bolik.2 banking Trojan have now switched their tactics.
Vulnerability Summary for the Week of August 12, 2019 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available
Texas Cyber Attack Has Taken 23 Government Agencies Offline (Forbes) The Texas Department of Information Resources (DIR) has confirmed that 23 government agencies have, so far, been taken offline by a ransomware attack over the weekend.
Alarm in Texas as 23 towns hit by 'coordinated' ransomware attack (CNBC) The attacks come after state and local ransomware attacks in New York, Louisiana, Maryland and Florida resulted in the loss of significant sums.
Glenwood schools recovering from cyber attack (KMAland.com) Glenwood's School District starts the new academic year with a major technology-related hangover.
Software bug caused CBP airport system outage (FCW) A computer system outage that led to long passenger lines at international airports across the country on Aug. 19 was caused by a software bug, according to Customs and Border Protection.
Security Patches, Mitigations, and Software Updates
VLC Vulnerabilities Discovered by the Semmle Security Research Team () Semmle’s security research team discovers 11 bugs in VLC, the popular media player. The VLC vulnerability CVE-2019-14438 could potentially allow an attacker to take control of the user’s computer.
Multiple HTTP/2 DoS flaws found by Netflix (Naked Security) Netflix has identified several denial of service (DoS) flaws in HTTP/2, a popular network protocol that underpins large parts of the web. Exploiting them could bring servers grinding to a halt.
Cyber Trends
Top 100 Global Fintech Startups Have Exploitable Security Vulnerability (ValueWalk) 8 main websites and 64 subdomains have at least one publicly disclosed and exploitable security vulnerability of a medium or high-risk.
State of Application Security at Top 100 Global Fintech Startups (Immuniweb) 98 of 100 most prominent and well-funded fintech startups are vulnerable to phishing, web and mobile application security attacks.
Lack of Critical Infrastructure Cybersecurity Investments in Smart Cities Will Seed the Future IoT Vulnerabilities (BusinessWire) Urban population is on the rise worldwide and smart city development projects are harnessing the power of the Internet of Things (IoT) to develop more
FISMA report tells how tools, capabilities, data protecting against cyber attacks | Federal News Network (Federal News Network) In the annual Federal Information Security Management Act (FISMA) report to Congress, which the administration made public on Aug. 16, OMB says the number of cyber incidents dropped by 12%
What Americans Think About Ransomware (Dark Reading) New Harris Poll survey says most will weigh candidates' cybersecurity positions.
Marketplace
Updating our advertising policies on state media (Twitter) Today, we are updating our advertising policies with respect to state media. Going forward, we will not accept advertising from state-controlled news media entities.
Instagram Launches Bug Bounty for Apps that Steal User Data (Vice) On Wednesday, Facebook expanded beyond its bounties for third party apps stealing user data to also apply to Instagram.
Enhancing Instagram Security (Facebook) We know how important it is to have the best talent in the security community helping us keep our apps safe
FTC chairman says Facebook's plan to merge brands may make it... (U.S.) Facebook Inc's plan to integrate Instagram and WhatsApp more closely could ...
How Honeywell is eliminating IT/OT cybersecurity roadblocks (ETCIO.com) Ashish Gaikwad, Managing Director, Honeywell Automation India Limited shares his views on why industrial cybersecurity has to emerge as the frontline ..
Zscaler Stock Plunges On Downgrade, As The Cybersecurity IPO Cools Off (Investor's Business Daily) Zscaler stock plunged on Monday despite a broad rally in technology companies, as reports said OTR Global downgraded the cybersecurity firm to negative.
David Damato Joins Gemini as Chief Security Officer (PR Newswire) Gemini Trust Company, LLC (Gemini), a leading cryptocurrency exchange and custodian, announced today that David Damato...
RiskIQ Taps FireEye Veteran Dean Ćoza to Lead Product, Technology Teams (Yahoo) RiskIQ, the global leader in attack surface management, today announced the appointment of Dean Ćoza to its leadership team as Chief Product Officer. Most recently the Executive Vice President at Absolute Software, Ćoza brings over 20 years of experience leading product and technology teams at industry
Products, Services, and Solutions
101domain Launches MMX & ICM Registry's New AdultBlock Service (Yahoo) Blocks Registrations in .ADULT, .PORN, .SEX and .XXX VISTA, Calif. , Aug. 19, 2019 /PRNewswire/ -- 101domain , the domain registrar known for carrying the largest selection of top-level domains in the ...
IGI Launches Next Generation of Nodeware™ Vulnerability Management Platform (Infinite Group, Inc.) The latest version of Nodeware offers the same powerful vulnerability management technology with the addition of an industry-leading scanning engine and other improved functions PITTSFORD, N.Y., August 14, 2019 — IGI (OT
BAE Systems Raises the Bar for Multi-Domain Cybersecurity with XTS Guard 7 (Yahoo) BAE Systems has launched its next-generation XTS® Guard 7, which provides U.S. intelligence organizations with secure access to geospatial imagery and data through multi-directional transfer of different data types across classified and unclassified domains.
Law In Order uses Darktrace AI platform for ‘sensitive’ document protection (ITWire) Australian and Asian legal document and digital solutions provider Law In Order is using security firm Darktrace’s cyber AI platform to protect sensitive client information.
Technologies, Techniques, and Standards
5G may increase cybersecurity risks in the near term: Darktrace (CNBC) Nicole Eagan, co-CEO of Darktrace, discusses the use of artificial intelligence in cybersecurity. She also says the world needs to be prepared to deal with cyber attacks having physical consequences.
Securing Maritime Assets Demands a New Approach (All About Shipping) At this moment, cyber-attacks threaten thousands of vulnerable cargo ships, which carry billions of dollars’ worth of goods.
Control system cyber incident hunting – input for a playbook on control system cyber incident investigations (Control Global) It is important to train engineers and IT/OT and expand the scope from network threat hunting to include ICS incident hunting. Perhaps we as an industry could collaborate on this important, but missing, task.
Big Data On The Army Front Line: DCGS-A Upgraded (Breaking Defense) The Army is upgrading its intelligence system to give forward commanders full access to the cloud -- and work when the enemy takes the network down.
Design and Innovation
Can government hasten requirements to meet cyber challenges? (C4ISRNET) C4ISRNET sat down with Todd Hicks, Leonardo DRS’ chief technology officer to discuss the challenges in the cyber domain, and how industry is working to combat them.
4 big problems the intelligence community faces moving to a new data system (C4ISRNET) The Defense Intelligence Agency wants to move quickly in developing the Machine-assisted Analytic Rapid-repository System, but the massive project which will transform how the intelligence community uses data faces some hard problems.
DIA chief: Take ‘proprietary’ out of your vocabulary (C4ISRNET) Defense Intelligence Agency Director Lt. Gen. Robert Ashley said one of the biggest problems his agency faces is interoperability.
Peter Cochrane: AI and the emergent properties of good, bad and evil (Computing) Forget Asimov's 'Three Laws of Robotics', robots will almost certainly go off the rails at some point in the future - but they still won't be as bad as human beings.
Research and Development
MIPT and HUAWEI started cooperation in the field of artificial intelligence (Eurekalert) Russia's Center for Artificial Intelligence (AI) Research under the National Technology Initiative based on MIPT and Huawei agreed to cooperate.
The quantum revolution is coming, and Chinese scientists are at the forefront (Washington Post) A Shanghai conference reveals the extent of the Chinese research commitment to a field with big economic and military applications.
Academia
GV creates new biomedical & cybernetic engineering degrees (Grand Valley Lanthorn) Grand Valley State University works hard to be an adaptive and advancing school, often creating new degrees to satisfy a changing job market and economy. As both of these things change, GVSU has created news degrees in biomedical science like Biomedical Engineering with electrical emphasis, which is for students who will apply the fundamentals of...
UWF Center for Cybersecurity launches Cybersecurity for All program to enhance workforce development - University of West Florida Newsroom (University of West Florida Newsroom) The University of West Florida Center for Cybersecurity is launching the Cybersecurity for All® program, an innovative program to enhance readiness for evolving cybersecurity work roles and address the critical shortage of cybersecurity professionals. Courses and advanced certificates will be available for organizations and individuals starting in September. Cybersecurity job openings top 13,000 in Florida …
DarkMatter and Khalifa University launch new research award (Intelligent CIO Middle East) DarkMatter Group, a leading digital and cyber transformation firm, and Khalifa University of Science and Technology, have announced the launch of a US$1.5 million Cyber Security Research Award (CRA).
Legislation, Policy, and Regulation
Afghanistan vows to crush Islamic State havens after attack (Military Times) President Ashraf Ghani's comments came as Afghanistan mourns at least 63 people, including children, killed in the Kabul bombing at a wedding hall late Saturday night.
A look at the Islamic State affiliate’s rise in Afghanistan (Military Times) A suicide bombing at a wedding party in Kabul claimed by a local Islamic State affiliate has renewed fears about the growing threat posed by its thousands of fighters, as well as their ability to plot global attacks from a stronghold in the forbidding mountains of northeastern Afghanistan.
Putin tells Macron: ‘I don’t want yellow vests in Russia’ (Times) President Putin raised France’s yellow-vest protest movement to deflect a lecture on democracy from his French host and said that Moscow would never tolerate such demonstrations. The Russian leader...
As US, China fight trade war, Greece opens up to Huawei's 5G ambitions (ZDNet) Despite some countries' reservations about Huawei, Greece is busy running 5G projects with the Chinese giant.
US Commerce Department adds 46 Huawei affiliates to entity list (TechCrunch) Update: Huawei has responded to the DoC’s move, We oppose the US Commerce Department’s decision to add another 46 Huawei affiliates to the Entity List. It’s clear that this decision, made at this particular time, is politically motivated and has nothing to do with national securit…
Trump says he doesn't want to do business with Huawei due to 'national security threat' (CNET) Despite this, the Commerce Department is apparently extending its reprieve allowing Huawei to do business with US companies.
Analysis | The Cybersecurity 202: Huawei uncertainty continues with three-month ban extension (Washington Post) It’s still not clear if Trump will jettison the ban as part of a trade deal with Beijing.
Announcing the Cyberspace Solarium Commission (Lawfare) A new team is developing strategies to tackle threats from cyberspace—and it wants your ideas.
Getting the Drop in Cyberspace (Lawfare) The idea that the best defense is a good offense is a risky proposition—and there is little evidence that it is actually true.
Cyber Command changed its approach. Is the difference noticeable? (Fifth Domain) Industry representatives in the threat intelligence space said it is too early to tell if Cyber Command's new assertive approach is having a direct effect on cyberspace.
Navy Moving Ahead to Create Special Cyber Office - USNI News (USNI News) The Navy Department will soon create a new office led by a special assistant to the secretary who will have sweeping authority to integrate and manage the critical areas of information management and security, aided by four deputies responsible for buying the right technology, determining strategies to better handle digital information and …
Navy Wrestles With Cyber Policy As China and Iran Hack Away (Breaking Defense) "We’re spending a lot of money in this area right now, but we don’t understand where we’re spending it” says Navy undersecretary Thomas Modly.
Litigation, Investigation, and Law Enforcement
States to Move Forward With Antitrust Probe of Big Tech Firms (Wall Street Journal) A group of state attorneys general is preparing to move forward with a joint antitrust investigation of big technology companies, according to people familiar with the situation, adding another layer of scrutiny to an industry already under a federal spotlight.
Did Facebook know about “View As” bug before 2018 breach? (Naked Security) Even though Facebook protected employees, it failed to fix the vulnerability or to protect most users, a court filing charges.
Trump alleges Google manipulated voters against him (TheHill) President Trump alleged Monday that Google manipulated millions of voters into supporting former Secretary of State Hillary Clinton in the 2016 election, saying the company “should be sued” in his latest attack
Did SEAL Team 6 commit unlawful command influence in catfishing case? (Navy Times) Called the “mortal enemy of military justice,” UCI occurs when superiors utter words or take actions that improperly influence the outcome of court-martial cases, jeopardize the appellate process or undermine the public’s confidence in the armed forces by appearing to tip the scales of justice.
YouTube sues alleged copyright troll over extortion of multiple YouTubers (The Verge) Minecraft and gaming creators were allegedly affected.
Investigating cyber-security at U.S. Central Command (FOX13news) While the college admissions scandal exposed students getting undue help on their exams, FOX 13 started hearing and investigating claims of a different kind of cheating in one of the most sensitive parts of our government.
Fake Cop Allegedly Tricked Phone Companies Into Giving Him People’s Location Data (The Daily Beast) Bail bondsman Matthew Marre is accused of impersonating a law enforcement officer who claimed people were in danger of killing themselves—and Verizon and T-Mobile believed him.
Russian Man Who Tried to Burn Down Offices of Internet Regulator Reportedly Gets Probation (Gizmodo) Earlier this month, a court in Russia’s Ulyanovsk Region sentenced a man to one and a half years’ probation after he reportedly tried not one, not two, but three times to burn down the regional offices of national internet regulator Roskomnadzor, with Interfax reporting (via TorrentFreak) that one local said he had done so to seek revenge over blocking of piracy sites.