Cyber Attacks, Threats, and Vulnerabilities
Attacks by Silence (Group-IB) A comprehensive technical analysis of this small cybercriminal group’s tools, tactics, and evolution. This is the first time Group-IB’s reports of this kind have been made publicly available.
US troops may be victims of massive credit card hack in South Korea, military says (Stars and Stripes) The thefts targeted unspecified business and financial entities in South Korea and included information on at least 38,000 U.S.-issued payment cards, according to an alert distributed by the Eighth Army.
After Twitter and Facebook blame China for Hong Kong disinformation, government defends its right to online speech (Washington Post) China pushed back against claims by Twitter and Facebook that the government had run disinformation operations aimed at the Hong Kong protests. The comments underscored the challenging of setting global standards for online speech.
China cries foul over Facebook, Twitter block of fake accounts (Reuters) China said on Tuesday it had a right to put out its own views after Twitter and ...
Severe Flaws in Kubernetes Expose All Servers to DoS Attacks (BleepingComputer) Two high severity security flaws impacting the Kubernetes open-source system for handling containerized apps can allow an unauthorized attacker to trigger a denial of services state remotely, without user interaction.
Scammers use bogus search results to fool voice assistants (Naked Security) The Better Business Bureau reports that scammers have worked out how to game search results for company customer support telephone numbers.
No REST for the wicked: Ruby gem hacked to siphon passwords, secrets from web devs (Register) Developer account cracked due to credential reuse, source tampered with and released to hundreds of programmers
New Phishing Campaign Bypasses Microsoft ATP to Deliver Adwind to Utilities Industry (Cofense) The CofenseTM Phishing Defense CenterTM has observed a new phishing campaign that spoofs a PDF attachment to deliver the notorious Adwind malware. This campaign was found explicitly in national grid utilities infrastructure. Adwind, aka JRAT or SockRat, is sold as a malware-as-a-service where users can purchase access to the software for a small subscription-based fee. The malware boasts the following features: Takes screen shots Harvests credentials from Chrome, IE and Edge Accesses the webcam, record video and take photos Records audio from the microphone Transfers files Collects general system and user information Steals VPN certificates Serves as a Key Logger Email Body Fig1. Email Body...
Uncovering a MyKings Variant With Bootloader Persistence via Managed Detection and Response (TrendLabs Security Intelligence Blog) When we first investigated MyKings in 2017, we focused on how the cryptominer-dropping botnet malware used WMI for persistence. Like Mirai, MyKings seems to be constantly undergoing changes to its infection routine. The variant we analyzed for this incident did not just have a single method of retaining persistence but multiple ones, as discussed in the previous section. In addition to WMI, it also used the registry, the task scheduler, and a bootkit — the most interesting of which is the bootkit (detected by Trend Micro as Trojan.Win32.FUGRAFA.AB).
Criminals on the Hunt For Ransomware on Underground Forums (Threatpost) A detailed look at underground forums shows that cybercriminals aren't sure where to look on the heels of the GandCrab ransomware group shutting its doors – and low-level actors are taking advantage of that by developing their own strains.
Dissecting BioStar2's Vulnerabilities: Biometric Databases as the New Target (Frost & Sullivan) BioStar 2 has become the first major example of how biometric access still has its own vulnerabilities that vendors, integrators, and end users must be aware of before implementing any of these solutions within their organization.
MoviePass security lapse exposed customer card numbers (TechCrunch) Movie ticket subscription service MoviePass has exposed tens of thousands of customer card numbers and personal credit cards because a critical server was not protected with a password. Mossab Hussein, a security researcher at Dubai-based cybersecurity firm SpiderSilk, found an exposed database on …
Apple accidentally reopens security flaw in latest iOS version (the Guardian) Vulnerability could be exploited to gain control of iPhone, users are warned
Sierra Wireless AirLink ALEOS (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.1
ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available
Vendor: Sierra Wireless
Equipment: AirLink ALEOS
Vulnerabilities: OS Command Injection, Use of Hard-coded Credentials, Unrestricted Upload of File with Dangerous Type, Cross-site Scripting, Cross-site Request Forgery, Information Exposure, Missing Encryption of Sensitive Data
2.
Siemens SCALANCE X Switches (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.6
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: SCALANCE X switches
--------- Begin Update A Part 1 of 2 ---------
Vulnerability: Insufficient Resource Pool
--------- End Update A Part 1 of 2 ---------
Zebra Industrial Printers (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 5.3
ATTENTION: Low skill level to exploit
Vendor: Zebra
Equipment: Industrial Printers
Vulnerability: Insufficiently Protected Credentials
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow a remote attacker to send specially crafted packets to a port on the printer, resulting in the retrieval of a front control panel passcode.
Chrome users ignoring warnings to change breached passwords (Naked Security) If you were told that the password you had just entered was known to have been compromised in a data breach, what would you do?
Texas agency blames 'single threat actor' for recent ransomware attacks (TheHill) The Texas Department of Information Resources (DIR) pointed to a “single threat actor” on Tuesday as being responsible for a recent spate of ransomware attacks on small local governments and other state entities.
Ransomware is everywhere — even in this sleepy Texas town (Los Angeles Times) When a ransomware attack hit Keene, Texas, no one noticed.
Expect more ransomware attacks like Texas (StateScoop) Hackers are tweaking their malware to create more sophisticated attacks against state and local governments, a cybersecurity expert said.
7 Florida municipalities have fallen prey to cyber attacks since last year (Naples Daily News) In Florida, seven municipalities have reported phishing or ransomware attacks on computer systems since December 2018.
Following crippling cyberattack, Tangipahoa School employees to receive limited paychecks (The Advocate) Tangipahoa Parish School System employees will receive a paycheck this week despite the district’s payroll system being disabled during a recent cyberattack, but it will be limited in that it
‘Iranian Hackers’ Claim Hack on Macon County, Ill., Website (Government Technology) The cyberincident Sunday night targeted the Circuit Clerk’s Office, hijacking control of its main web page. The perpetrator claimed to be Iranian in a message accompanied by an image of a Guy Fawkes mask.
Security Patches, Mitigations, and Software Updates
‘Kaspersky-in-the-Middle’ bugs triaged (The Daily Swig) UXSS flaw raises concerns about security software intercepting encrypted connections
Cyber Trends
Kaspersky Report Finds Nearly a Third of Healthcare Employees Never Received Cybersecurity Training (BusinessWire) A new report from Kaspersky finds employees of healthcare organizations in the U.S. and Canada are lacking cybersecurity education and awareness in th
Beyond Compliance: Cyber Threats and Healthcare (FireEye) The healthcare vertical faces a range of threat actors and malicious activity. Given the critical role it plays within society and its relationship with our most sensitive information, the risk to this sector is especially consequential.
Hacking for Good: The Cult of the Dead Cow and the Rise of Hacker Culture (Decipher) Members of the Cult of the Dead Cow are joined by fellow hackers and security leaders Dug Song, Katie Moussouris, and Heather Adkins to trace the origins of hacker culture and its lasting influence.
Marketplace
Army faces familiar workforce woes in cyber, electronic warfare units (FCW) The Government Accountability Office warned the Army's rapid integration of cyber and electronic warfare force components poses staffing and training concerns.
Make Room for Unconventional Cyber Warriors (SIGNAL Magazine) International officials recommend introverts, students on the autism spectrum and middle-aged career changers for the cyber workforce.
AKUA enters Silicon Valley logistics and supply chain accelerator (Technical.ly Baltimore) The locally rooted company with a team at Spark Baltimore is one of 22 selected for the Plug and Play program, which prioritizes connecting corporations and startups.
PerimeterX Expands Offerings for eCommerce with Acquisition of PageSeal (PerimeterX Bot Defender) New Product, PerimeterX Page Defender, Now Available
CyberRisk Alliance acquires US Cybersecurity Collaborative establishing its Peer Council Business Platform (SC Media) CyberRisk Alliance ("CRA"), the holding company of SC Media, has acquired Cybersecurity Collaborative in the US, a peer council platform for Chief Information Security Officers (CISOs) and other senior-level security executives from Stuart Cohen, the company’s founder and CEO. Stuart will continue to lead the business as its chief executive.
Gemini crypto exchange led by Winklevoss names Damato as CSO (Mobile Payments Today) Gemini Trust Co., a cryptocurrency exchange led by the Winklevoss brothers, has named David Damato, the former chief security officer at Tanium, as its new CSO. While at Tanium, Damato was in charge of building and managing a team that...
ZeroNorth Names John Worrall as CEO (Yahoo) ZeroNorth, the industry’s only provider of risk-based vulnerability orchestration, announced today that John Worrall has been named chief executive officer. Worrall brings more than 25 years of leadership, strategy and operational experience to the role, across early stage and established cybersecurity
IOMAXIS Announces Paul Barboza as Chief Operating Officer (PR Newswire) IOMAXIS, LLC announced that Paul Barboza has joined the company as the Chief Operating Officer. With management...
Products, Services, and Solutions
Grupo Tecno Teams with Trustwave to Bring Cybersecurity Services to Enterprises in Mexico (Trustwave) Trustwave and Grupo Tecno, a large information technology integrator, announced an alliance to offer Trustwave Managed Security Services and cybersecurity technologies to enterprises and other institutions in Mexico and other Spanish speaking countries in Latin America.
Veracode Releases Advanced Software Composition Analysis Solution Decreasing Open Source Risk with the Power of Machine Learning and Automated Fix Information (West) Cloud-based solution helps developers prioritize and remediate open source vulnerabilities quickly within DevSecOps environments
ThreatConnect Releases Enhanced Integration with Flashpoint (Market Screener) ThreatConnect users can access near real-time Finished Intelligence and Technical Data from Flashpoint ...
YubiKey 5Ci, a Lightning/USB-C security key, eases 2-factor authentication (Cult of Mac) The first of its kind, YubiKey 5Ci provides iPhone or Mac users with very strong security access to password managers like Dashlane, etc.
ReversingLabs Launches Channel Partner Optimization Program (Yahoo) CAMBRIDGE, Mass., Aug. 20, 2019 -- ReversingLabs, a leading provider of destructive object insights delivering enterprise-scale file analysis, threat hunting, and malware.
Visa Adds New Threat Detection to Prevent Payment Fraud (BleepingComputer) Visa announced the addition of new fraud threat detection and blocking tech designed to boost transaction security and, implicitly, the integrity of its payments ecosystem.
QuintessenceLabs Developing Miniature Quantum Random Number Generator, Broadening Access to Quantum Safe Cybersecurity (Yahoo) Australian Government supports micro-chip development
Technologies, Techniques, and Standards
U.S. Cities Rethink Data Relationship With Residents (Wall Street Journal) Cities across the country are measuring everything from air quality to traffic. Privacy rules and hackers’ interest in such information are prompting city officials to think carefully about how that information is managed.
As homomorphic encryption gains steam, experts search for standards (CyberScoop) As homomorphic encryption gains greater traction, practitioners need a set of agreed parameters for implementing the algorithms.
Victimology: in the shoes of a cybersecurity analyst (ThreatQuotient) When a threat arises, the security team role is to investigate and determine the reality of an attack and its severity. This investigation makes it possible to set up a plan to defeat the offensive and, generally, better protect against certain type of attacks.
Cybersecurity Tech Accord Adopts Bug Disclosure Policies (SDxCentral) The 111 Cybersecurity Tech Accord companies all agree on the big picture: protecting customers and users and improving cybersecurity.
Keeping cameras cyber safe: The perils of wireless connectivity (The Financial Express) Since modern cameras no longer use film to capture and reproduce images, the International Imaging Industry Association devised a standardised protocol known as Picture Transfer Protocol (PTP) to transfer digital images from camera to PC.
To pay or not to pay ransomware: A cost-benefit analysis of paying the ransom (Emsisoft | Security Blog) An in-depth look at the direct and indirect costs of ransomware and what organizations need to consider before paying the ransom.
Design and Innovation
In New Facebook Effort, Humans Will Help Curate Your News Stories (New York Times) A news section inside Facebook’s mobile app will be run by journalists and not just algorithms, the company said.
Facebook’s Clear History privacy tool finally begins rolling out in three countries (The Verge) But the United States isn’t one of them.
Cloudflare uses lava lamps to generate a fundamental resource: Randomness (Quartz) Humans and computers are horrible at making random numbers, so Cloudflare turns to natural processes.
Intel unveils first artificial intelligence chip Springhill (Reuters) Intel Corp on Tuesday unveiled its latest processor that will be its first using...
Analysis | The Cybersecurity 202: L.A. County voting system pits cybersecurity vs. disability advocates (Washington Post) The new $250 million ballot-marking device was developed over a decade to be ultra-accessible
Research and Development
Preventing privacy leaks when online data can be gathered publicly (MU News Bureau) MU researcher shares a $1.2 million grant from the National Science Foundation with the University of Illinois-Chicago and University of Illinois Urbana-Champaign
Photons entangled in terms of radial quantum states (Physics World) Radial position and momentum of light could be used to create new quantum technologies
Academia
CSM employees advance in national cybersecurity competition (SoMdNews.com) Two former College of Southern Maryland cybersecurity students who now work at the college have earned $500 scholarships and guaranteed their spots as semi-finalists in the national Cyber FastTrack competition.
Baker College Recognized by National Security Agency and U.S. Department of Homeland Security for Excellence in Cyber Defense Education (Benzinga) Baker College, Michigan's largest, private not-for-profit college and the top private transfer school in the state, has been...
Legislation, Policy, and Regulation
After Twitter and Facebook blame China for Hong Kong disinformation, government defends its right to online speech (Washington Post) China pushed back against claims by Twitter and Facebook that the government had run disinformation operations aimed at the Hong Kong protests. The comments underscored the challenging of setting global standards for online speech.
Trump Gives Huawei 90 Day Reprieve, But Customers Warned To Ditch The Brand (Forbes) The U.S. has agreed to extend Huawei's blacklist lifeline by a further 90 days, despite President Trump's last-minute threat to veto such a move.
AP Explains: US sanctions on Huawei bite, but who gets hurt? (ABC News) AP Explains: US sanctions on Huawei bite, but who gets hurt?
Huawei US-China trade dispute won’t greatly impact Australian operations: John Lord (ABC Radio) Telco giant Huawei has been banned from rolling its 5G network in Australia and "Huawei Australia” is also unable to conduct business with the US. Australian chairman John Lord joins AM for his insights.
Telia raises ‘surveillance’ concerns over new Russian security legislation (Mobile Europe) Mobile Europe & European Communications is the leading B2B title for the telecoms industry, exploring operators' technology strategies and providing CTOs and their teams with news, analysis and opinion about the latest developments in the sector.
Don't Renew Section 215 Indefinitely (Electronic Frontier Foundation) The New York Times reported that the Trump administration wants Section 215, the legal authority that allows the National Security Agency to collect Americans’ telephone records, renewed indefinitely. That’s despite earlier reports the NSA had shuttered its Call Details Record (CDR) Program because...
An Imperative for Action Brings On Cyber Advantages (SIGNAL Magazine) Bureaucracy must step aside to enable information warfare operational success.
Cyber Command head wants name changed (The Augusta Chronicle) U.S. Army Cyber Command is on its way to Augusta, but it might look a little different.During a keynote address at AFCEA’s TechNet Augusta 2019, Lt.
KnowBe4 Applauds Proposed Legislation for Cybersecurity Training Requirement for U.S. House Members (West) On May 10, 2019, U.S. Representative Kathleen Rice (D-NY) introduced legislation that will require House Members to partake in annual cybersecurity training.
Reclaiming the rights to one’s digital persona (The Washington Times) Most individuals keep a pretty firm grip on their possessions — the cars, the house and the stuff inside it. They’ve got a fairly accurate grasp of their money, too, by taking a quick scan of their financial assets online. Personal data, though, is another story. The complexion of the information that tech giants glean from surveilling users’ Internet activities is as murky for most Americans as a trek in the woods after dark. Americans urgently need a more effective means of ensuring that their cyber-persona is not being stalked from the digital shadows by buck-raking marketers.
Litigation, Investigation, and Law Enforcement
Flaws in Cellphone Evidence Prompt Review of 10,000 Verdicts in Denmark (New York Times) Data offered in court was flawed when technical errors linked some phones to the wrong towers or created a less-detailed picture of their locations, officials said.
Trade official for Scottish government ‘held by China’ (Times) A trade official for the Scottish government who works at the British consulate in Hong Kong has been missing for two weeks and is feared to have been detained by Chinese authorities. Simon Cheng...
Facebook's Libra Currency Gets European Union Antitrust Scrutiny (Bloomberg) EU sends questionnaires to groups tied to Libra proposals. Antitrust regulator cites ‘possible competition restrictions’.
The Justice Department is working with states on tech investigation, antitrust chief says (The Verge) "I think we just have to have proper, timely and aggressive enforcement of the antitrust laws."
Exclusive: The results from Facebook's conservative bias audit (Axios) Facebook will release the findings of a roughly year-long conservative bias audit.
Mercedes caught up in privacy storm over car trackers (CNN) Mercedes-Benz is using location sensors to track and repossess vehicles in the United Kingdom when drivers fall behind on payments, raising privacy concerns and leading one prominent politician to call for a government investigation.
Banks do not report most cybercrimes, says top cop (The Times of India) India Business News: According to Maharashtra Police special IGP (cyber) Brijesh Singh, cybercriminals are gradually targeting banks’ infrastructure rather than customers.