Cyber Attacks, Threats, and Vulnerabilities
Comodo Forums Breached, Data of Over 170,000 Users Up for Grabs (BleepingComputer) Account data belonging to more than half of all Comodo Forums users has been stolen and is now traded online. The breach was possible by exploiting a vulnerability in the software that powers the forum.
Fighting Russian Disinformation (Foreign Policy) Brookings scholar Alina Polyakova on why the United States needs to go on the offense.
Checkm8: 5 Things You Should Know About The New iOS Boot ROM Exploit (SentinelOne) Is your iOS device vulnerable to checkm8 vulnerability? What should you do if it is? Can malware defeat iPhone, iPad & Apple Watch security? Find out here.
The Price of Influence: Disinformation in the Private Sector (Recorded Future) Insikt Group analyzed threat actors offering disinformation as a service on underground forums to understand how disinformation is used by cybercriminals.
Cequence Security Discovers Vulnerability in Leading Web Conferencing Platforms (BusinessWire) Cequence Security Discovers Vulnerability in Leading Web Conferencing Platforms; Prying-Eye vulnerability potentially exposes millions to snooping
GhostCat-3PC: Malware Targets Well-Known Publishers and Slips Through Their Blockers (The Media Trust) The Media Trust discovers new, dynamic malware that targets specific publications.
Warning over Divergent/Nodersok malware that turns PCs into cyber crime accomplices (Computing) The fileless malware identified by Microsoft and Cisco Talos has already infected thousands of PCs across the US and Europe
Smominru Botnet Indiscriminately Hacked Over 90,000 Computers Just Last Month | National Cyber Security | Hacker News (National Cyber Security) World Largest Source Of Security News.
Magecart hits again, leveraging compromised sites and newly registered domains (Zscaler) Zscaler ThreatLabZ researchers monitored Magecart skimming activity over 90 days, analyzing its behavior, PII and credential theft, and payment card skimming using compromised websites and newly registered domains to host skimmer scripts.
Vulnerability Summary for the Week of September 23, 2019 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Social media manipulation as a political tool is spreading (Naked Security) Researchers say ‘cyber troops’ in 70 countries are using it to automate suppression, mount smear campaigns, or spread disinformation.
Checkm8 jailbreak and AltStore put cracks in Apple’s walled garden (Naked Security) People are taking different tacks to get around Apple’s tightly controlled phone rules.
Capital One beach: How about a cessation of misconfigurations? (SC Magaine) Capital One's breach isn't a cloud-specific issue, but rather one based on a mundane and common but mission-critical security challenge facing IT and security teams
Airbus Says Taking 'Appropriate Measures' Against Hackers (SecurityWeek) Airbus played down the risk of cyberattacks and said it had "appropriate measures" to mitigate any danger after an AFP investigation revealed a series of hacking incidents targeting the European aerospace giant.
Legit-Looking iPhone Lightning Cables That Hack You Will Be Mass Produced and Sold (Vice) Their creation has been successfully fully outsourced to a factory, the security researcher behind the cables said.
Porn ‘Cyberattack’ Hits Major Sportswear Brand—In Public (Forbes) A new twist on the usual porn-related cyberattacks.
Victorian hospitals lock down IT systems after ransomware attack (ABC News) The Victorian Government investigates the scale of a ransomware attack by sophisticated cyber criminals on some of the state's major regional hospitals.
Rheinmetall Investigating Malware Attack at Three Plants (BankInfo Security) An unspecified malware attack against the IT systems of Rheinmetall's automotive division in Brazil, Mexico and the U.S. is costing the company an estimated $4
Security Patches, Mitigations, and Software Updates
Outlook on the web bans a further 38 file types (Naked Security) Microsoft is about to put another 38 file extensions on its ‘too risky to receive’ blocklist.
Critical Remote Code Execution Vulnerability Patched in Exim Email Server (SecurityWeek) A Critical vulnerability in the popular open-source email server Exim could allow an attacker to execute code remotely on a vulnerable server.
Apple Releases iOS 13.1.2 and iPadOS 13.1.2 with Fixes for Camera, iCloud Backup, HomePod Shortcut, and Flashlight Bugs (Mac Rumors) Apple today released iOS and iPadOS 13.1.2, updates to the iOS and iPadOS 13.1.1 software that was released on Friday.
The iOS and iPadOS 13.1.2...
Cyber Trends
5 Network Security Takeaways from the 2019 Threatscape Report (Bricata) The new threatscape report by Accenture iDefense highlights five factors shaping the cyberthreat landscape – and we reviewed it to surface those most related to network security.
Bitglass Fortune 500 Cybersecurity Report: Leading Companies Failing to Demonstrate Commitment to Cybersecurity (BusinessWire) Bitglass releases findings from its latest report analyzing cybersecurity initiatives among the Fortune 500
Threat Hunting Report Finds Increase in eCrime (CrowdStrike) The Falcon OverWatch report is filled with compelling stories that provide insight into the threat landscape and adversary tactics used during the first half of 2019.
2019 Mid-Year Observations From the Front Lines (CrowdStrike) Download the Falcon OverWatch team's annual report to get unique insights into the state-sponsored and criminal campaigns the team has faced in 2019.
Hacked Off! 2019 (Bitdefender) Introducing Bitdefender Hacked Off! A comprehensive study into the cybersecurity attitudes of infosecurity professionals around the world
More than 600 US government entities hit with ransomware so far this year - and it's only going to get worse (Computing) Emisoft warning over rising ransomware epidemic that has overwhelmed public sector organisations, school districts and healthcare providers
Rogue fears rise inside corporations as hacks evolve into 'home invasions' (CNBC) Hacks like the Capital One data breach — confirmed to be the work of an Amazon employee who took advantage of cloud services technology — has increased corporate fears about cybersecurity risks posed by rogue employees, and even rogue vendors.
Marketplace
Kenna Security Raises $48 Million to Revolutionize the Risk-Based Vulnerability Management Market (West) Sorenson Capital and Citi Ventures Join Existing Investors in New Funding Round
KnowBe4 Acquires Twist and Shout Group to Enhance High-Quality Video Production Capabilities (PR Newswire) KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today...
PC Matic Announces Consolidation With Its Parent Company, PC Pitstop (PR Newswire) Today, PC Matic, the world's only 100% American-made antivirus software, announced strategic consolidation...
DivvyCloud Expands to New Corporate HQs in Arlington, VA With Plans to Double Workforce Over Next Year (BusinessWire) DivvyCloud announces the opening of their new corporate HQ in Arlington, Virginia.
Generali Global Assistance Combats Cyber Identity Theft through Partnership with the National Cyber Security Alliance (PR Newswire) Generali Global Assistance (the Company), a leader in the assistance industry since its founding in 1983, and the...
Products, Services, and Solutions
Plixer announces support for multi-vendor SD-WAN visibility (Yahoo) Plixer, the company that enables security and network teams to effectively collaborate and solve real-world challenges, today announces multi-vendor SD-WAN visibility available within its network and security intelligence platform, Scrutinizer. Supported vendors include VMware SD-WAN by VeloCloud, and
ExpressVPN will now come preinstalled on select HP PCs (Techaeris) The preinstallation will include 30-days of free service from ExpressVPN and the service will come on only certain HP PCs.
Q6 Cyber Partners with Anomali to Deliver E-Crime Intelligence Via Anomali ThreatStream (PR Newswire) Q6 Cyber, a leading provider of e-crime intelligence, and Anomali, a leading provider of intelligence-driven...
Interest Grows in BIO-key’s Multifactor Biometric Election Security Capabilities as Additional Florida Counties Adopt the Solution (West) BIO-key International, Inc. (NASDAQ: BKYI), an innovative provider of biometric authentication and security solutions, today announced two additional County Election Boards in Florida have selected BIO-key solutions to enhance the security of their identification and authentication process for staff members and volunteers involved in managing the voting process. The Election Boards are acting to enhance security for the upcoming 2019 regional elections and the 2020 presidential election.
Titan IC to Accelerate Pattern and String Matching on Mellanox’s New BlueField®-2 I/O Processing Unit (IPU) Device (BusinessWire) Titan IC to Accelerate Pattern and String Matching on Mellanox’s New BlueField®-2 I/O Processing Unit (IPU) Device
ImageWare® Systems Launches Biometric Authentication System for macOS (West) Desktop and laptop macOS users will now have access to frictionless, anti-spoofing biometric authentication
Government Technology Agency Launches Vulnerability Disclosure Programme with HackerOne Following Successful Bug Bounty Programmes (BusinessWire) HackerOne, the number one hacker-powered pentesting and bug bounty platform, Singapore’s Government Technology Agency (GovTech) and Cyber Security Age
ERP Maestro Launches Free Prevention and Training Guide and Toolkit for Insider Cyber Risks (PR Newswire) ERP Maestro, provider of automated and cloud-based controls for access, security and GRC, announced today that...
Zscaler Cloud Security, CrowdStrike Endpoint Protection Partner (MSSP Alert) Zscaler integrates its cloud security platform with the CrowdStrike Threat Graph breach prevention engine to deliver threat detection for joint customers.
Technologies, Techniques, and Standards
Cyber Storm 2020 could be DHS's most rigorous drill for critical infrastructure yet (CyberScoop) Every two years, the Department of Homeland Security hosts a large-scale exercise to test critical infrastructure companies’ ability to respond to a disruptive, hypothetical cyberattack.
Ransomware attacks against small towns require collective defense (Help Net Security) There is a war hitting small-town America. Hackers are not only on our shores, but they’re in our water districts, in our regional hospitals, and in our
What’s the latest on multi domain command and control? (Defense News) The Air Force's chief of staff sits down with Valerie Insinna to talk one of his top priorities.
IBM outlines why the 'boom' moment is key to better security (Security Brief) “Often I’m talking with people on the worst day of their business’ life.
Design and Innovation
BlackBerry's new lab wants to add more machine learning to security (ZDNet) New unit will focus on research and development in security technologies.
Facebook to Create Fact-Checking Exemptions for Opinion and Satire (Wall Street Journal) Facebook plans to allow opinion pieces and satire to be exempted from its fact-checking program, according to people familiar with the matter, as the social-media giant grapples with how to stop the spread of falsehoods while maintaining its own neutrality.
Is the era of social media Likes over? (Naked Security) Instagram’s testing a program to hide the Likes that have created a toxic cyberbullying environment. Now, Facebook is as well.
YouTube moderation bots punish videos tagged as "gay" or "lesbian," study finds (The Verge) A YouTube spokesperson states this isn’t the case.
Reddit has broadened its anti-harassment rules and banned a major incel forum (The Verge) Reddit says the "narrowness" of its old rules was a problem.
Twitter Is OK With A Pro-Trump Militia's Tweets About A "Full-Blown 'Hot' Civil War" (BuzzFeed News) When is promoting violent extremism not promoting violent extremism? When Twitter says so.
Research and Development
A Big Question About Prime Numbers Gets a Partial Answer (Wired) The twin primes conjecture has bedeviled mathematicians for more than a century. Now there's a solution for one version of it.
Academia
Teen Hackers Try to Convince Parents They Are Up to Good (Wall Street Journal) Teenagers across the country are forming hack clubs and trying to spread the word that hacking doesn’t always mean breaking into government servers or stealing bank data. Convincing teachers and parents of that isn’t always easy.
Legislation, Policy, and Regulation
Cyber eliminates distinction between war and peace (SC Magazine) "I feel I am now at war" says General Sir Nick Carter, UK chief of defence staff, as UK ups investement in offensive cyber-capabilities and Nato says ""Cyber-attack on one NATO state is an attack on all"
The New Cold War in Cyberspace (CIOReview) The New Cold War in Cyberspace By Liza Massey, CIO, County of Marin - During my 30+ years in the IT industry, most spent as a tech executive, I have watched with fascination and irritation the arms...
Maduro's cyber troops control the Internet (TheBL.Com) Maduro's cyber troops control the Internet A study reveals that Venezuela is among the main countries that manipulate th
Huawei Scores Major New Victory Against Trump’s Blacklist (Forbes) As the media storm over the Mate 30 launch settles down, Huawei has quietly won a major blacklist victory over the U.S.
Europe Overly Dependent on Outside Technology, EU Memo Warns (Bloomberg) Urgent steps proposed to attain ‘technological sovereignty. Briefing book may reflect direction under von der Leyen.
France’s new cyber defense ‘conductor’ talks retaliation, protecting industry (Fifth Domain) Maj. Gen. Didier Tisseyre is France’s new cyber defense force commander — the “conductor” of an orchestra made up of military officials and the domestic defense industry, as he puts it.
The primary use of mobile money in Zimbabwe has been shut down by the central bank (Quartz Africa) The disabling of cash-in and cash-out options on the mobile money menus of the Zimbabwean operators has drawn heavy criticism for the governmen
NSA launches new cyber defense directorate (Washington Post) Its focus is on classified and defense-company networks, but some hope it can better partner with DHS to shield critical private-sector systems.
U.S. online privacy rules unlikely this year, hurting big tech (Reuters) A U.S. online privacy bill is not likely to come before Congress this year, thre...
Washington idle as ransomware ravages cities big and small (POLITICO) Lawmakers have offered few ideas on how to respond to the wave of ransom-seeking cyberattacks that have struck at least 80 state and local government agencies.
New York’s Smart IDs Are the Latest Mass Surveillance Nightmare (The Daily Beast) With a chip that can track your every move, New York’s city-issued ID cards are about to take a seriously dystopian turn.
Indiana Putting $10 Million Toward Election Security (Government Technology) One in 10 direct recording electronic voting machines will have a small black box attached that will let voters see a printout of ballots, providing a paper trail that can be used in post-election audits.
Litigation, Investigation, and Law Enforcement
Iran sentences man to death for spying for the CIA (Reuters) Iranian courts have sentenced one person to death for spying for the CIA and jai...
Opinion | What happened on the way to Khashoggi’s horrifying final seconds? (Washington Post) This is a murder story that hasn’t died for a simple reason.
Saudis are still covering up Jamal Khashoggi’s murder, claims Erdogan (Times) The men who killed the journalist Jamal Khashoggi are still enjoying their freedom thanks to Saudi Arabia’s “shadow state-within-a-state”, President Erdogan said yesterday. The Turkish leader...
House Subpoenas Giuliani, Trump’s Lawyer, for Ukraine Records (New York Times) Rudolph W. Giuliani is at the center of an alleged pressure campaign to enlist Ukraine’s help in investigating the president’s political rivals.
Pompeo was on Trump call with Ukrainian President (CNN) Secretary of State Mike Pompeo was on the July 25 phone call between President Donald Trump and Ukrainian President Volodymyr Zelensky that has come under scrutiny following last week's release of a whistleblower complaint dealing, in part, with circumstances surrounding that conversation, a source familiar told CNN.
Barr personally asked foreign officials to aid inquiry into CIA, FBI activities in 2016 (Washington Post) The attorney general has made face-to-face overtures to British and Italian officials as part of the effort, people familiar with the matter say.
The Extra-Secret White House Computer System, Explained (New York Times) A whistle-blower said advisers improperly restricted access to a record of President Trump’s Ukraine call. Here is how that storage system works.
Analysis | The Cybersecurity 202: Trump’s embrace of conspiracy theories could endanger 2020 (Washington Post) Voters may lose confidence in the safety of their ballots.
Probe continuing on Clinton emails (Arkansas Online) The State Department is continuing an investigation of email use among employees who worked for Hillary Clinton, former secretary of state, asking scores of current and former officials to submit to questioning by the bureau overseeing diplomatic security, former officials said Sunday.
Northern California Resident Charged with Acting as an Illegal Agent (US Department of Justice) The Department of Justice unsealed charges today in a criminal complaint charging Xuehua Peng, also known as Edward Peng, 56, for acting as an illegal foreign agent in delivering classified United States national security information to officials of the People’s Republic of China’s Ministry of State Security (MSS).
A San Francisco tour guide was accused of spying for China (Quartz) It's the first reported arrest stemming from a four-year FBI operation.
US Treasury goes after the planes and yacht of Russia's troll farm founder (ZDNet) US Treasury takes new approach to imposing sanctions on IRA's owner.
Here’s who got hit with new election interference sanctions (Fifth Domain) All U.S. residents are barred from possessing or engaging in transactions with the identified assets.
Edward Snowden claims private contractors responsible for US intelligence’s 'creeping authoritarianism' (The Independent) Russia-based whistleblower promoting new memoir
The Internet Is Overrun With Images of Child Sexual Abuse. What Went Wrong? (New York Times) Online predators create and share the illegal material, which is increasingly cloaked by technology. Tech companies, the government and the authorities are no match.
Engineer admits hacking Yahoo accounts searching for images (Washington Post) A former Yahoo software engineer has pleaded guilty to hacking into the accounts of some 6,000 Yahoo users in search of sexual photos and videos
Qld vulnerable to cyber attack: audit (7NEWS.com.au) A Queensland government audit has found the state's cyber security systems could be vulnerable to attack.