Cyber Attacks, Threats, and Vulnerabilities
Chinese hacking group targets Southeast Asian governments with data-stealing malware (The Next Web) A threat group responsible for a series of malware-based espionage attacks has been increasingly targeting the Southeast Asian government sector to steal confidential data.
Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC (Vice) A new threat actor Kaspersky calls SandCat, believed to be Uzbekistan’s intelligence agency, is so bad at operational security, researchers have found multiple zero-day exploits used by the group, and even caught malware the group was still developing.
Energy sector under attack from malware combo attacks (SC Magazine) Kaspersky products were triggered on 41.6 percent of ICS computers in the energy sector globally in just the first six months of 2019.
AVIVORE – Hunting Global Aerospace through the Supply Chain | Context Information Security UK (Context Information Security UK) Context has identified a new threat group behind incidents targeted at the aerospace and defence industries.
CrowdStrike says an aviation industry hacker had significant high-level access to secrets (CNBC) Nation-state hackers often target these companies to gather as much information and intellectual property as possible, while also creating "beachheads" within a company meant to serve as a wide-scale, longer term network observation point.
McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - What The Code Tells Us (McAfee Blogs) Episode 1: What the Code Tells Us McAfee’s Advanced Threat Research team (ATR) observed a new ransomware family in the wild, dubbed Sodinokibi (or REvil),
McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - The All-Stars (McAfee Blogs) Episode 2: The All-Stars Analyzing Affiliate Structures in Ransomware-as-a-Service Campaigns This is the second installment of the McAfee Advanced Threat
Vulnerabilities exploited in VPN products used worldwide (NCSC) APTs are exploiting vulnerabilities in several VPN products used worldwide
Multiple zero-day vulnerabilities found medical IoT devices: CISA (SC Magazine) CISA issues advisory, warning of vulnerabilities in several medical IoT devices that could lead to remote code execution
Urgent11 flaws affect more medical, industrial devices than previously thought (Help Net Security) Urgent11 vulnerabilities are also present is some versions of Real Time Operating Systems by ENEA, Green Hills, Mentor, TRON Forum and IP Infusion.
Attacker breaches Comodo forums by first exploiting vBulletin flaw (SC Media) More than 170,000 users of Comodo Group's online forums had their data stolen by a malicious actor who exploited a flaw in vBulletin forum software.
Cybersecurity giant Comodo can’t even keep its own website secure (TechCrunch) Comodo, which bills itself as a “global leader in cybersecurity solutions,” said its forum was hacked. The admission came in no less than a forum post, which confirmed a hacker exploited a recently disclosed vulnerability in vBulletin, a popular forum software used by Comodo. The flaw, …
Browser-hijacking Ghostcat malware haunts online publishers (SC Magazine) Ghostcat-3PC, a malvertising operation designed to infect online publishers with browser-hijacking malware, launches at least 18 separate infection campaigns in three months
Criminals' security lapses enable discovery of Geost mobile banking trojan (SC Magazine) Researchers uncover large Android banking trojan scheme that may have impacted hundreds of millions of Russians
Geost Botnet (Virus Bulletin Conference) The story of the discovery of a new Android banking Trojan from an OPSEC error.
PDFex attacks can exfiltrate content from encrypted PDF documents (Help Net Security) Researchers have devised new attacks allowing them (and potential attackers) to recover the plaintext content of encrypted PDF documents.
The 5 biggest examples of executive threats and how to prevent them (Help Net Security) Many executives focus their security efforts solely on physical threats, but attacks targeting an executive's digital presence can be just as dangerous.
ANU cyber attack began with email to senior staff member (Australian Financial Review) Staff, students' and graduates' private information was stolen in a cyber attack on one of Australia's most prestigious institutions.
Hacking 2020 voting systems is a ‘piece of cake’ (Naked Security) That’s how Senator Wyden described the results of DefCon’s Voting Village, where all of 100 voting systems were easily picked apart by hackers.
5 emerging customer identity threats (SecurityInfoWatch) How you can protect your organization from data breaches and identity theft
Cyber Trends
Of All State-Backed Hackers, the Chinese Hit Most Industries (BleepingComputer) Hackers working for the Chinese government deployed attacks against the largest number of industry verticals in the first half of the year.
Massive uptick in eCrime campaigns, retail among top targeted industries (Help Net Security) OverWatch has seen a large increase in intrusion activity from eCrime actors in the first half of 2019, accounting for the majority of detected intrusions.
49% of infosec pros are awake at night worrying about their organization’s cybersecurity (Help Net Security) A global survey of more than 6,000 infosec pros reveals that 49% are worried about the cybersecurity readiness of their organization.
Data breaches now cost companies an average of $1.41 million (TechRepublic) IT security budgets now average $18.9 million, up from $8.9 million, with savings credited to internal cybersecurity, according to new Kaspersky report.
Marketplace
Can't Hire Security Talent? Try Growing Your Own (Forbes) If you can’t scale security through direct hiring, you’ve got to find another way. Developing your existing employees into security champions can help close that skills gap.
Kaspersky Anti-Virus Is Still Active in U.S. Government Agencies and the Fortune 500 (CSO Online) Cyberwarfare, hacks, and data breaches — such concerns are present in the minds of today’s citizens and organizations, and rightfully so.
Tesserent acquires PS&C's security division for $16m (CRN Australia) Less than a year after selling off telco business.
Oakton disappears as NTT rebrand sets in (CRN Australia) The company, which DiData bought for $171 million, is no more.
Silicon Valley cybersecurity company FireEye has hired Goldman Sachs for a potential sale, sources tell Business Insider (Business Insider) Money-losing FireEye is looking for a buyer, sources said, and has brought on Goldman Sachs to advise on a possible sale.
FireEye +5.4% after report its mulling a sale (Seeking Alpha) Business Insider sources say FireEye (FEYE +5.4%) has hired Goldman Sachs to advise it on any potential deals with PE firms looking like the most likely buyers.
UBS sees $22/share for potential FEYE sale (FireEye) UBS analyst Fatima Boolani weighs in after yesterday's Business Insider report that FireEye (NASDAQ:FEYE) is considering a sale. Boolani calculates a sum-of-the-parts valuation of $22 per share, using a 5x CY20 estimate of Enterprise value/sales multiple.
Attack data exceeding our power to process it? SC Interview: Florin Talpes (SC Magazine) How to go from central planning research under communism to defending global corporations as head of your own successful cyber-security business - plus, what's next?
Axcient CEO: ‘Our Business Is Essentially The Last Line Of Security' (CRN) Axcient CEO David Bennett says the backup and disaster recovery company’s goal is to eradicate data risk for managed service providers and serve as the “last line of security.”
AttackIQ Strengthens Leadership Team with the Appointment of Chief Financial Officer (BusinessWire) AttackIQⓇ, the leading, independent player in the emerging market of continuous security validation, today announced Danielle Murcray has joined the c
Anomali Announces New Preferred Partner Tier (Yahoo) Anomali, a leader in intelligence-driven cybersecurity solutions, today announced that the Anomali Preferred.
UNITED STATES : Ex-CIA stalwart Edwin Brauchli joins Palantir (Intelligence Online) Edwin Brauchli, a former senior intelligence service executive at the
Products, Services, and Solutions
Cynamics High Network Visibility Offering to Slash Government IT and Cybersecurity Costs by 90% (Cynamics) Smart Cities and Government Entities Will Save Millions with Firm’s Innovative, Cost-Effective Network Visibility Solution
Veeam introduces new Universal licence (CRN Australia) And a new entry-level Starter Backup product building on Community Edition.
Microsoft's secure OneDrive personal vault rolls out worldwide (Engadget) Important files can be protected with an extra verification step.
UW implements multi-factor authentication security measures (The Badger Herald) Nearly 5,000 NetIDs stolen in 2018
McAfee adds new threat intelligence products to enterprise security suite (ZDNet) The cybersecurity company said the new features are meant to give businesses the tools to manage an influx in data and connected devices.
A10 Networks cloud access proxy provides secure access, visibility for SaaS apps (Telecompaper) A10 Networks announced a new Cloud Access Proxy (CAP) platform that provides secure access to software as a service (SaaS) applications, such as Microsoft Office 365.
Technologies, Techniques, and Standards
Information security in loss figures (Kaspersky Daily) We surveyed almost 5,000 business decision-makers willing to share their thoughts on cybersecurity and their firms’ attitudes about cyberthreats.
But We Have an Email Gateway... (Akamai) In my previous phishing blogs, I wrote about the evolution of phishing and the industrialization of phishing that's being driven by the availability and low cost of toolkits....
Design and Innovation
Blind Spots in AI Just Might Help Protect Your Privacy (Wired) Researchers have found a potential silver lining in so-called adversarial examples, using it to shield sensitive data from snoops.
Legislation, Policy, and Regulation
Washington takes on China and Huawei via telecommunications standards (Intelligence Online) Fearing Chinese intrusion in US communications systems, the US Congress is trying to influence international norms.
Australia snubbed Huawei and completed its undersea cable project to bring high-speed internet to Pacific Islands (Casper Courier) Australia has completed the laying of undersea cables for its high-speed internet project in the Solomon Islands and Papua New Guinea, a snub to China‘s Huawei which had previously competed for the deal.
White House links Huawei and ZTE to Chinese Muslim 'concentration camps' (Washington Examiner) The White House has accused telecom giants Huawei and ZTE of complicity with “concentration camps” in China, where it claims more than three million Muslims are imprisoned.
Why Europe Won't Combat Huawei's Trojan Tech (The National Interest) Europe is wary of its U.S. counterpart's intentions. But U.S. tech companies will be the least of Europe’s concerns if Huawei hands over European data to the Chinese government.
Who do I escalate my cyber emergency to? (Professional Security) A business continuity and IT disaster recovery company offers advice, on how to escalate a cyber incident in the UK, after the US Senate passes the DHS Cyber Hunt and Incident Response Teams Act.
Senators press tech firms on 'deepfake' technology (Seeking Alpha) Two senators have sent letters to key online media giants, expressing worry about "deepfake" technology allowing for audiovisual fabrications and their use in disinformation campaigns.
CISA's Krebs: 'Decisions We Make Online Can Have Global Implications' (Homeland Security Today) NCSAM 2019 highlights simple and proactive steps everyone can take to enhance their cybersecurity awareness, whether at home, in the workplace or on the go.
New Hampshire CIO Pushes for Independent Cybersecurity Audit (Government Technology) Information Technology Department Commissioner Denis Goulet is recommending a nearly $500,000 statewide cybersecurity assessment. He says the undertaking is too large for the state to handle on its own.
Litigation, Investigation, and Law Enforcement
Whistleblower contacted House Intelligence Committee before filing official complaint (Axios) It partly explains how Adam Schiff knew to press the Trump administration to release the complaint.
Trump triumphant as New York Times report reveals ‘whistleblower’ spoke to ‘Shifty Schiff’ before filing complaint (RT International) The CIA agent accusing President Donald Trump of a quid pro quo with Ukraine spoke to House intel chief Adam Schiff’s staff before filing his whistleblower complaint, sources say – and Trump believes the collusion goes deeper.
E.U.’s Top Court Rules Against Facebook in Global Takedown Case (New York Times) Comments posted on the social network about an Austrian politician became a battle over the reach of European defamation laws on the internet.
Foreign-Exchange Brokers BGC, GFI Settle Probes Over Phony Trades (Wall Street Journal) Two brokerage firms that connect banks in the foreign-exchange market agreed to pay $25 million to settle claims that they fabricated activity on their platforms to lure more trading interest.
European Court: Websites need to obtain explicit users' consent before tracking them with cookies (Computing) Planet49 was accused of using a pre-checked consent box as an authorisation to store cookies on users' machines
Alleged RCMP spy kept a list of passwords written down: source (Global News) The RCMP have said the charges against Ortis are connected to “activities alleged to have occurred during his tenure as an RCMP employee.”
FBI Issues ‘High-Impact’ Cyber Attack Warning—What You Need To Know (Forbes) The FBI is the lead U.S. federal agency for investigating cyber-attacks. When it warns of a "high impact" and ongoing threat, it's best to take notice.
FBI urges organisations not to pay ransomware demands (Computing) Paying a ransom encourages criminals to target more people, FBI warns
Senate summons supervisors on county courthouse capers (Perry News) The members of the Dallas County Board of Supervisors received an invitation Tuesday to travel to the statehouse in Des Moines Friday for a hearing on the alleged burglary of the Dallas County Courthouse Sept 11.