Cyber Attacks, Threats, and Vulnerabilities
Six US government agencies targeted in DNS hijacking attacks (Computing) US Department of Homeland Security emergency order issued in response to claims of Iranian DNS hijacking attacks,
Rep. Langevin: We need a DHS briefing to understand extent of DNS hijacking threat - CyberScoop (CyberScoop) A key House Democrat wants the Department of Homeland Security to brief lawmakers “as soon as possible” on a new domain name system hacking threat to federal computer networks, and the emergency order the department issued in response.
‘Nearly all’ American networks will be susceptible to cyberattacks (Fifth Domain) “Nearly all information, communication networks, and systems will be at risk for years to come,” according to the 2019 national intelligence strategy.
It Looks Like Russian Hackers Are Still At It In 2019 (BuzzFeed News) A British think tank that counters Russian information operations has been hacked — and Russian media outlets are all over the leaked material.
Securonix Threat Research: Detecting Persistent Cloud Infrastructure/Hadoop/YARN Attacks Using Security Analytics: Moanacroner, XBash, and Others - Securonix (Securonix) In recent months, we have been observing an increase in the number of automated attacks targeting exposed cloud infrastructure/Hadoop/YARN instances. Some of the attacks we have been seeing – for…
Millions of bank loan and mortgage documents have leaked online (TechCrunch) A trove of more than 24 million financial and banking documents, representing tens of thousands of loans and mortgages from some of the biggest banks in the U.S., has been found online after a server security lapse. The server, running an Elasticsearch database, had more than a decade’s worth…
Code Execution Vulnerability Impacts Linux Package Manager (SecurityWeek) A remote code execution vulnerability (CVE-2019-3462) was recently discovered in APT, the high level package manager used in many Linux distributions.
The politics of ‘Have I Been Pwned’ (CSO Online) Data breaches are not created equal. Business leaders and security managers must beware the dangers of FUD and hype created around notification of old breaches.
PewDiePie-spammers and whale-flingers exploit hole in Atlas game (Naked Security) Last week hackers allegedly compromised an admin’s Steam account and used it to spawn planes, tanks, and whales in Atlas.
Fortnite's Vulnerability: Only the Secure Survive | Check Point Software Blog (Check Point Software Blog) Check Point discovered security vulnerabilities in Fortnite's login process that could have allowed a threat actor to take over the account of any user, view their personal account information, purchase virtual in-game currency and eavesdrop on in-game chatter as well as home conversations.
Hijacked Nest cam broadcasts bogus warning about incoming missiles (Naked Security) A hacked Nest camera broadcast the fake warning about incoming North Korean missiles, sending a family into “five minutes of sheer terror.”
Hackers yell, curse at family after accessing security camera account, couple says (Q13 FOX News) AUBURN, Wash. -- If you have security cameras connected to the internet inside your home, you’re going to want to play close attention to this story. A local family says someone hacked their account and watched them for weeks inside their home; even yelling and cursing at their children.
They only moved in three months ago, but Abby Laguidao and Conrado Casallo say they’re uncomfortable inside their Auburn home. The family installed security cameras, which are connected to the internet and, they say that’s when they started hearing things.
Security Patches, Mitigations, and Software Updates
Apple Patches Dozens of Vulnerabilities in iOS, macOS (SecurityWeek) Apple has released new updates for iOS (12.1.3) and macOS (10.14.3) to address tens of security vulnerabilities and other bugs in the two platforms.
Cyber Trends
2019 State of the Phish (Proofpoint) Our 2019 State of the Phish Report provides the latest data and analysis on phishing attacks, ransomware and end-user risk management.
Microsoft remains the most impersonated brand, Netflix phishing spikes (Help Net Security) Although Microsoft remains the most impersonated brand, Netflix saw an incredible surge, making it the second most impersonated brand in Q4 2018.
Cyberattacks fueled by geopolitical tension are increasing (Help Net Security) Cyberattacks fueled by geopolitical tension are increasing. Carbon Black has discovered how clever attackers have become in evolving to remain undetected.
Security Concerns are Preventing Cloud and SaaS Adoption According to Latest Ping Identity Survey (Ping Identity) Three-Quarters of IT and Security Professionals Say at Least a Portion of Their IT Infrastructure is Hybrid; Only One-Fifth Say Majority is Hosted in the Public Cloud
Healthcare Cyberattacks Cost $1.4 Million on Average in Recovery (HealthITSecurity) Healthcare organizations spend about $1.4 million on average to recover from a cyberattack, which is directly tied to damage to reputation, a loss of productivity, and service disruption.
Healthcare Cybersecurity in a Future of Connected Medical Devices (Security Intelligence) What can health care companies do to mitigate the risks inherent in the future of health care cybersecurity?
Black hats are great for language diversity, says Eugene Kaspersky (Register) Also reckons Russian hackers go quiet over the Christmas holidays
Cyber Security in 2019 – Positive Developments or More of the Same? (TechNative) As 2019 commences, computer security starts off the new year at pretty much where it left off in 2018 – the talk about the need for improved security in industrial control systems, the supply chain, risks of insider threats, state espionage, increasing cyber crime, and the expanded attack surface that the Internet of Things provides Internet governance, cyber norms of state behavior, and state involvement in election meddling continue to cast a long shadow over cyber security, and if statistics provide a barometer of where we're at, fairly straight forward security considerations such as better passwords, patch management, user education and security awareness (spear phishing, anyone?) remain a challenge.
Marketplace
Let us into 5G and we could pay millions for NZ cyber lab, says Huawei (Stuff) Chinese giant could pay 'millions' for NZ experts to vet its gear, but GCSB responds coolly.
How Huawei Wooed Europe With Sponsorships, Investments and Promises (New York Times) As the Chinese telecommunications giant faces scrutiny over its security, its careful cultivation of European governments and customers is at risk of unraveling.
Humio Secures $9M Series A Led By Accel To Accelerate Expansion Of Logging Platform For Live Observability (PR Newswire) Humio, the only solution enabling live observability through fast, efficient and easily scalable log...
Adjust Announces Acquisition of Cyber Security and AI Company Unbotify (PR Newswire) Behavioral Biometrics Bot Detection Functionality to Help Marketers Combat Advertising and In-App...
FRANCE : Thales/Ercom deal heralds further concentration in French cyber sector (Intelligence Online) Thales impending takeover of Ercom is forcing other interception and cyberintelligence firms to find new strategies.
Healthcare Specific MSP Medicus IT Acquires Phoenix Based ISDesign (PR Newswire) Atlanta based Medicus IT and Phoenix based Information Strategy Design (ISD) joined forces January 17th, 2019. By...
Jonathan Aberman: We're not Silicon Valley. We should stop using its entrepreneurship model. (Washington Business Journal) Our region’s prevailing view of entrepreneurship discourages many who have entrepreneurial personalities and reduces our economic potential. We need to chart a new course.
nCipher Security delivers trust, integrity and control to business critical information and applications | nCipher Security (nCipher) Newly formed organization preserves competition and ensures continued innovation in general purpose HSM market
nCipher Security, the provider of trust, integrity and control for business critical information and applications, officially launched today creating a new leader in the general purpose hardware security module (HSM) marketplace.
This Indian cybersecurity startup wants to repeat its winning strategy abroad (Techcircle) Saket Modi was always interested in knowing how technologies are created and how they can be broken.
Fortinet’s Ken Xie to Lead World Economic Forum Centre for Cybersecurity Cyber Workforce Session at Upcoming Annual Meeting (AP NEWS) Ken Xie, Founder, Chairman of the Board, and CEO, Fortinet“We are proud to have been the first cybersecurity company named a founding partner of the World Economic Forum Centre for Cybersecurity. As a member of the Advisory Board, I look forward to the opportunity to collaborate with global leaders from the private and public sectors on our shared commitment to collectively respond to the growing global cybersecurity threat. The continued collaboration and effort also advances Fortinet’s mission to secure the largest enterprise, service provider, and government organizations in the world.”
JP Morgan Portfolio Company Partners With Blockchain Startup Run By Former Deloitte Boss (Forbes) Former Deloitte boss turned Citizens Reserve head, Eric Piscini, confirmed a partnership with Smartrac, a JP Morgan portfolio company dealing in the product digitization space. Citizens Reserve will use its blockchain-powered SUKU supply chain platform to integrate with Smartrac.
Anthony E. Zeruto Named New President & CEO of Network Designs, Inc. (NDi) (PR Newswire) Network Designs, Inc. (NDi) announced today that Anthony E. Zeruto (Col, U.S. Army, RET) is its new President and...
Attivo Networks names Chris Roberts as chief security strategist (Help Net Security) Roberts will develop and define strategy and processes for the company’s customers on issues related to cybersecurity strategy, and incident response.
Longtime federal contracting exec tapped by Applied Insight to be CEO (Washington Business Journal) He held top posts with TASC Inc. and Engility Holdings and will now helm the pursuit of building a leading mid-market government contractor operating at a challenging nexus.
Radiflow Adds Michael Langer as Chief Product Officer (LivePR) New executive to lead expansion of company’s industrial cybersecurity portfolio
Products, Services, and Solutions
Check Point Launches Maestro, the Industry’s First Hyperscale Network Security Solution, and New Ultra-Scalable Gateways | Check Point Software (Check Point Software) Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber security solutions globally, has today introduced Check Point Maestro, the industry’s first truly hyperscale network security solution. Check Point Maestro is a revolutionary new architecture that enables businesses of any size to enjoy the power of flexible cloud-level security platforms, and to seamlessly …
DFLabs Community Development Incentive Program Extends Open Approach to Security Orchestration and Automation (BusinessWire) CDI Program supports the sharing of innovations for the DFLabs IncMan SOAR platform, and extends company's open approach to security integration.
Authenticator -- First Two-Factor Authentication (2FA) Solution With One-Step New Phone Account Recovery (PR Newswire) Rivetz, a leader in embedded, decentralized cybersecurity for mobile, today announced the launch of its...
Nucleus Cyber Partners with Namtek to Grow Presence in Federal Government (Nucleus Cyber) Facebook Twitter LinkedIn Namtek to distribute the NC Protect™ AI-driven data security solution to the US Government through federal contracts and partners BOSTON – Jan. 24, 2019 – Nucleus Cyber, the AI-driven data security company for the intelligent workplace, today announced a partnership with Namtek to distribute its NC Protect™ solution for AI-driven data …
NTT DATA Corporation Chooses Exabeam’s SIEM Solution to Strengthen its Global Cyber Defense Posture (BusinessWire) Exabeam, the next-gen SIEM company, today announced that NTT DATA Corporation (NTT DATA), its partner and one of the world’s leading providers of tech
Cohesity backup solution prevents, detects, and responds to ransomware attacks (Help Net Security) Cohesity Anti-Ransomware Solution offers the set of capabilities with a multi-layered approach that can prevent, detect, and respond to attacks.
ThrottleNet’s new managed IT+Security services deliver business continuity (Help Net Security) ThrottleNet’s IT+Security protects against data loss and security threats such as hacking, ransomware and phishing attacks.
What's a Pop-Up SOC, and Who Needs One? (Security Boulevard) A pop-up SOC is essentially a temporary time- or event-based security operations center with a number of benefits in multiple environments.
CrowdStrike Falcon Available to Government Entities Nationwide Through California Software Licensing Program PLUS (BusinessWire) CrowdStrike® Inc., the leader in cloud-delivered endpoint protection, today announced that it is now available for purchase through the California Sof
PrivacyCheq's Privacy Facts Interactive Solves Tech Industry's "Transparency" Problem (PR Newswire) Today, PrivacyCheq announced the immediate availability of Privacy Facts Interactive (PFIN), its new privacy notice...
Securitec Launches Integrated Continuous Monitoring Service for CRAs & Risk Alerting Firms (PR Newswire) Securitec Screening Solutions, the background screening industry's leading 100% wholesale Court Data as a Service...
Technologies, Techniques, and Standards
Inside Google’s Team Fighting to Keep Your Data Safe From Hackers (Wall Street Journal) Google’s 27-person Threat Analysis Group, staffed in part by former government agents, leverages access to Gmail and other Google products to fend off attempts to intrude into the company’s vast data store.
Crypto-Assets and Blockchain Technology (Marsh & McLennan | FireEye | Circle) It has been 10 years since the world was introduced to bitcoin and its underlying blockchain technology. Bitcoin has become a household name and has spawned hundreds of other crypto-assets. At its peak in January 2018, the total market cap of crypto-assets equaled one-tenth of the value of all the gold in the world.
Configuring Your iPhone for Maximum Internet Privacy and Security: Web Browsing (Better Humans) How to protect your web browsing from privacy invasions and the surveillance state
M&E Journal: How Threat Intelligence Enables Cybersecurity (M&E Daily) “Offense informs defense” has been a driving security tenet for a long time and nothing epitomizes this more than threat intelligence.
The Devil You Know - How Idioms Can Relate to Information Security (SecurityWeek) In security, it’s important to know when to stay with what’s comfortable and familiar, and when it’s time to see what else is out there that awaits us.
Georgia official seeks to replace criticized voting machines (AP NEWS) Georgia's new elections chief asked lawmakers Wednesday for $150 million to replace the state's outdated electronic voting machines. In doing so, he all but closed the door on a hand-marked paper balloting system that experts say is cheapest and most secure. Secretary of State Brad Raffensperger told Georgia legislators meeting for budget hearings that a new voting system is his top priority. Cybersecurity experts and voting integrity activists say the touch-screen machines Georgia has used since 2002 are vulnerable to hacking and can't be audited effectively because they produce no verifiable paper record.
Analysis | The Cybersecurity 202: Congress is finally embracing bug bounties. Will it backfire? (Washington Post) Some departments can't yet support ethical hacking contests, one expert warns
Research and Development
Center for Long-Term Cybersecurity Announces 2019 Research Grantees (CLTC) The UC Berkeley Center for Long-Term Cybersecurity (CLTC) is proud to announce the recipients of our 2019 research grants. In total, 30 different groups of researchers will share a total of roughly $1.3 million in funding to support a broad range of initiatives related to cybersecurity and digital security issues...
Legislation, Policy, and Regulation
French diplomat: Spies gonna spy – there aren't any magical cyberspace laws that can prevent it (Register) Pragmatic chap looks at reality of international relations
EU-Japan Deal to Protect Data Exchanges Takes Effect (SecurityWeek) The European Union and Japan launched the "world's largest areas of safe data flows" after finalizing common rules to protect personal information, the EU said.
France aware of Huawei risks, will act when times comes - minister (Reuters) France is aware of the risks of China's Huawei Technologies access to next-...
Taiwan preps China blacklist banning Huawei and ZTE (Nikkei Asian Review) No Chinese smartphones for government employees, cybersecurity chief says
Digital Secretary Jeremy Wright: 'Cause to be cautious' over Huawei's role in Britain's 5G network (The Telegraph) Jeremy Wright has kept a decidedly low profile since taking the helm at the Department for Digital, Culture, Media and Sport last July.
UK telcos under pressure to review Huawei 5G deals after defence secretary airs ‘grave concerns’ (The Telegraph) Some of Britain's largest mobile providers are facing growing pressure to review their links with Huawei after the UK defence secretary voiced "grave concerns" over use of the controversial Chinese company's equipment in the roll-out of 5G telecom networks across the UK, amid espionage fears.
The next big fight is on (Tribuneindia News Service) In the ongoing tussle between the US and China over trade and technology, Huawei occupies a special place.
Detecting Ghosts By Reverse Engineering: Who Ya Gonna Call? (Lawfare) GCHQ’s proposal to allow governments to eavesdrop on encrypted communications with a warrant is a backdoor by another name.
Air Force moves ahead with headquarters-level merger of intel, IT functions (Federal News Network) The Air Force will merge the three-star positions that oversee intelligence and IT into a single position, known as the A2/A6. Lt. Gen. Dash Jamieson is expected to lead the new organization.
Army Cyber To Become Information Warfare Operations Command By 2028 - Defense Daily (Defense Daily) Army Cyber Command (ARCYBER) is likely to be renamed Information Warfare Operations Command by 2028 as the unit looks to expand its capability portfolio to
Litigation, Investigation, and Law Enforcement
Cyber expert's EVM hacking claims a 'hacking horror show' by Congress: BJP - Times of India (The Times of India) India News: NEW DELHI: Rejecting an India cyber expert's claim that the 2014 general election was rigged, the BJP Monday described this explosive allegation as a .
Who allowed FISA surveillance abuse? New attorney general must find out (TheHill) The FBI likely surveilled many others beyond Carter Page in bypassing controls for its Trump-Russia collusion investigation.
Julian Assange launches legal challenge against Trump administration (the Guardian) WikiLeaks founder’s lawyers file urgent application in attempt to prevent extradition to US