Cyber Attacks, Threats, and Vulnerabilities
Iranian Hackers Update Spear-Phishing Techniques in Recent Campaign (SecurityWeek) The Iranian state-sponsored threat actor known as Charming Kitten employed new spear-phishing methods in a recent campaign.
Microsoft Identifies Targeted Attacks on Presidential Campaign, Government Officials (Decipher) An attack group known as Phosphorus that is linked to the Iranian government has targeted email accounts of U.S. government officials and people associated with a presidential campaign.
Copy-and-paste sharing on Stack Overflow spreads insecure code (Naked Security) It’s the time-saving technique employed by many coders – copy and paste code from crowd-sourcing ‘Q&A’ websites. But is it always secure?
An Empirical Study of C++ Vulnerabilities in Crowd-Sourced Code Examples (Arxiv) Software developers share programming solutions in Q&A sites like Stack Overflow. The reuse of crowd-sourced code snippets can facilitate rapid prototyping. However, recent research shows that the shared code snippets may be of low quality and can even contain vulnerabilities.
European risk report flags 5G security challenges (TechCrunch) European Union Member States have published a joint risk assessment report into 5G technology which highlights increased security risks that will require a new approach to securing telecoms infrastructure. The EU has so far resisted pressure from the U.S. to boycott Chinese tech giant Huawei as a 5…
Member States publish a report on EU coordinated risk assessment of 5G networks security (European Commission) Today, Member States, with the support of the Commission and the European Agency for Cybersecurity published a report on the EU coordinated risk assessment on
Human Rights Activist Allegedly Targeted With NSO Malware Says His Life Is ‘Hellish’ (Vice) Amnesty International details attacks against two Moroccan human rights activists allegedly carried out with NSO Group’s spyware.
Dutch website hack reveals data of 250,000 sex workers' clients: report (Netherlands Times) The account details of the 250 thousand users of Dutch website Hookers.nl have leaked out after a vulnerability on the website was exploited. A hacker captured the members' data and is offering it for sale, NOS reports based on its own research after an anonymous tip. The website is popular among clients of sex workers, who exchange tips, reviews and experiences in the sex industry. The problem extends beyond clients of sex workers. Sex workers themselves are also active on the website. They also may want to not be known as a sex worker with their real names.
Cookie monster eats data from Sesame Street store (BBC News) Malicious software has been stealing credit card details from thousands of online stores, say researchers.
PVH reports cyber attack (Gallipolis Daily Tribune) Pleasant Valley Hospital (PVH) recently released information regarding a reported cyber attack.The statement read as follows:
Monroe superintendent talks progress, cyber attacks at MCS Update Luncheon (KNOE) On Wednesday, Monroe City School Superintendent Dr. Brent Vidrine gave the keynote address at the district's annual update luncheon. Vidrine spoke about the district's progress in 2019, and also addressed the recent cyber attacks
DTExpo: "I know I can't hack a bank, but I can hack a person," says ethical hacker (Computing) Why hack your way in when you can simply talk your way in?,Security,Leadership ,Security,ethical hacker,DTExpo
Security Patches, Mitigations, and Software Updates
Signal immediately fixed FaceTime-style eavesdropping bug (Naked Security) Remember the FaceTime bug that allowed a caller to eavesdrop on your phone? Researchers just discovered another – this time in Signal.
Cyber Trends
2019 Healthcare Industry Report on Cyberattacks Released (Proofpoint US) Few industries can claim a mission more critical, data more sensitive, or operations more complex than healthcare. Unfortunately, these characteristics mean healthcare companies are challenging to protect. Cyberattacks expose personal health data. Ransomware shuts down emergency rooms. Fraudulent emails defraud business associates, patients, and clinical staff. These threats hurt the healthcare industry’s ability to care for patients.
Sila and Ponemon Institute Study Finds Rampant Lapses in Securing Access to Sensitive Information (Yahoo) Sila Solutions Group, a North American technology and management consulting firm, in partnership with the Ponemon Institute, a leading research organization on data protection and emerging information technologies, today released the results of The 2019 Study on Privileged Access Security. The primary
Global Survey Reveals How Cyber Security Teams Measure Success, Secure Budget and Minimize Stress (PR Newswire) Thycotic, provider of privileged access management (PAM) solutions to more than 10,000 organizations, including 25...
Spiceworks Study Reveals Aging Technology Infrastructure and Growing Security Concerns Will Drive IT Budget Increases in 2020 (PR Newswire) Today at SpiceWorld 2019, Spiceworks announced its annual 2020 State of IT study examining technology budget...
2020 State of IT: Tech Budgets, Trends, and Purchase Drivers (Spiceworks) Based on a survey of 1,000+ IT decision makers, the annual State of IT uncovers how businesses are spending their technology budgets. Find out what's driving budgets to increase in 2020.
Cybercrime is maturing, shifting its focus to larger and more profitable targets (Help Net Security) The Europol's annual assessment of the cybercrime threat landscape highlights the persistence and tenacity of a number of key threats.
Why CEOs Of SMBs Make Easy Cyber Targets (Forbes) Most small and midsize businesses will experience a cyberattack this year, but few CEOs have a clue what to do.
Research: SMB Cyberattacks Spike, Getting More Sophisticated (Channel Partners) Attacks against U.S., U.K. and European businesses are growing in both frequency and sophistication, and nearly half of the survey respondents described their organization’s IT security as ineffective, with 39% reporting they have no incident response plan in place.
Many in Utilities Sector Expect Attacks on Critical Infrastructure: Survey (SecurityWeek) A survey of over 1,700 individuals in the utilities sector shows that 56% have reported at least one shutdown or operational data loss, and 54% expect an attack on critical infrastructure in the next year.
The State of USB Data Protection 2019 pt. II (Apricorn) Data protection is critical across industries – but the obstacles to ensuring it are more challenging than ever.
Most Americans Fail Cybersecurity Quiz (Threatpost) Study participants fail to correctly identify core security concepts and tools to help them stay safe online.
“Disconnected” CISOs struggling to assert security’s relevance to the business (CSO) Stressed-out security practitioners feel distanced from business strategy, unsupported by executives
Marketplace
Melbourne cyber conference organisers pressured speaker to edit 'biased' talk (the Guardian) After two speakers were banned, a third says organisers tried to edit his presentation
Berlin-based EMnify snags €8 million Series A for IoT security SaaS (Tech.eu) EMnify, a German startup based in Berlin and Würzburg, announced its existing investors have funded an €8 million Series A round to help scale the company’s unique Internet of Things cloud technology. EMnify provides a SaaS product that allows users to securely operate IoT data networks around the world. In fact, the company claims to …
Akamai Technologies Accelerates Development of Solution to Protect Websites from Magecart and Credit Card Skimming with Planned Acquisition of ChameleonX (Seeking Alpha) Akamai Technologies, Inc. (AKAM), the intelligent edge platform for securing and delivering digital experiences, today announces that the company has entered into an agreement to acquire ChameleonX, an Israel-based company with a unique solution to protect websites from an increasingly publicized and insidious form of attack that entails credit card skimming and user credential theft via malicious or compromised third-party scripts.
Defence hands Data#3 $80 million for Microsoft licences (CRN Australia) New three-year deal for software licences and assurance services.
UK Specialist Insurer Acquires Texas Cyber Response Co. (Law360) Specialist cyber insurer CFC Underwriting Ltd. announced Tuesday that it has bought Texas-based Solis Security, which provides incident response services.
Artificial Intelligence Startup SparkCognition Raises $100 Million in Additional Funding (SiliconHills) SparkCognition announced Tuesday that it has raised $100 million in additional VC funding. March Capital Partners led the Series C round. To date, the Austin-based startup, founded in 2013, has raised $175 million. “In a short few years, SparkCognition has proven itself to be one of the leading industrial AI companies in the world,” Sumant …
Duo Security Founder Dug Song on Building a Unicorn (Middle Market Growth) On the podcast, Dug Song spoke about the origins of Duo, the decision to sell to Cisco, and how Duo helped draw venture capital investors to Michigan.
FireEye: Struggler (Seeking Alpha) FireEye released preliminary Q3 numbers above previously reduced guidance. The numbers aren't impressive for a slow-growing company generating limited free cash
VMware says channel can feast on Carbon Black (CRN Australia) Acquisition formally closes and creates new VMware security BU.
Zscaler: Eye-Watering Valuation Clouds Business Potential (Seeking Alpha) Zscaler recently announced several initiatives including a partnership with CrowdStrike and three new products. The company's competitive differentiation lies i
Acronis SCS Launches SCSVets Initiative as It Opens Arizona-based Headquarters (Yahoo) Acronis SCS, a leading American cyber protection and edge data security company, yesterday opened its new headquarters in Scottsdale, Arizona. The company welcomed many state and local dignitaries, partners, employees, veterans and community members for
Ascent adds cyber duo to meet rising North America demand (Insurance Day) Double underwriting hire reflects "strong demand for cyber products in North America"
Products, Services, and Solutions
Rohde & Schwarz Cybersecurity and Pradeo launch a unified application security offer (Rhode & Scwarz) Rohde & Schwarz Cybersecurity and Pradeo, leaders of IT security and mobile security respectively, are shedding the light today on a joint offer, dedicated to protecting web and mobile applications with an end-to-end approach.
Tech Data Forms Partnership with Akamai Technologies to Provide Defense-in-Depth Capabilities (BusinessWire) Tech Data Forms Partnership with Akamai Technologies to Provide Defense-in-Depth Capabilities
Accellion and FireEye Collaborate to Prevent Cyber Attacks From Crippling Critical Business Operations (Yahoo) Accellion, Inc., provider of the secure content communication platform that prevents data breaches and compliance violations from third.
Nerds on Site Launches CyberSecurity Incident Response (Yahoo) Nerds On Site Inc. ("NERDS" or the "Company") (NERD.CN) (3NS.F) (OTCQB: NOSUF), a mobile IT solutions company servicing the SME marketplace, launches its CyberSecurity Incident Response, designed to address cyberattacks with minimal damage, recovery
10 Hot New FireEye Tools Unveiled At FireEye Cyber Defense Summit (CRN) From automating attack simulations to monitoring malicious content in real-time to finally running on AWS, here’s a look at 10 of the most interesting FireEye tools debuting at FireEye Cyber Defense Summit 2019.
FireEye is partnering with a leading cloud security company (Technical.ly DC) The Reston-based cyber company is partnering with iboss to bring its network security offerings to the iboss cloud platform.
Technologies, Techniques, and Standards
Internal security operations centers in large companies halve the financial impact of data breaches (Business Review) Companies with an internal security operation center (SOC) estimate the financial damage caused by a cyber attack at USD 675,000, which represents less
If you have a security alert, I feel bad for you, son – you got 99 problems but a hack ain't one (Register) Nearly all admin warnings are false alarms, says Kaspersky, and that's not a bad thing
Stories from the front line: The secrets of the Red Team revealed (IT PRO) White hat hackers expose why firewalls and phishing-awareness aren't enough in the face of a motivated attacker
MSPAlliance Develops Cyber Risk Rating for Cloud and Managed Service Providers (PR Newswire) The International Association of Cloud & Managed Service Providers (MSPAlliance®) today announced that is has...
Think Safety When Using Social Media (Forbes) One of the biggest problems people make with social media is a desire to connect with seemingly the entire world.
Design and Innovation
How Blockchain Will Solve Some of IoT's Biggest Security Problems (SecurityWeek) Because blockchain can process millions of transactions accurately and in the right order, it can protect the data exchanges happening between IoT devices.
Research and Development
NIST is Hunting for Tech to Secure the Energy Sector’s Network (Nextgov.com) Officials want to help power companies bolster their digital defenses as renewable energy resources like solar panels and wind turbines introduce more vulnerabilities to the grid.
Academia
Kentucky Cybersecurity Program Receives National Accolade (Government Technology) Owensboro Community & Technical College's computer and IT program has been named a National Center of Academic Excellence in Cyberdefense Education by the National Security Agency and the Department of Homeland Security.
UTD-Backed Research Center Gets NSF Designation (Dallas Innovates) The Center for Hardware and Embedded Systems Security and Trust has been designated a National Science Foundation Industry-University Cooperative Research Center.
Legislation, Policy, and Regulation
Apple pulls police-tracking app used by Hong Kong protesters after consulting authorities (Reuters) Apple Inc has removed an app that helped Hong Kong protesters track police movem...
Apple bowed to China by removing a Hong Kong protests map from its app store (Quartz) The real-time, crowd-sourced map was accused of being used in ways that "endanger law enforcement and residents in Hong Kong."
China lashes out at Western businesses as it tries to cut support for Hong Kong protests (Washington Post) China has long been sensitive about its image at home, controlling what it allows Western businesses and its own citizens to say or do there. Now, however, with Hong Kong in its fourth month of street protests, China is increasingly imposing the same strictures on what’s said about it beyond its borders.
NSA director rebukes Beijing for 'weaponizing' disinformation in Hong Kong protests (CyberScoop) NSA Director Gen. Paul Nakasone issued a rebuke Wednesday of China' recent efforts to spread disinformation online about protests in Hong Kong.
[Letter to NBA Commissioner Silver] (Congress of the United States) Commissioner Silver, We are writing to express our deep concern...
Russia's Disinformation War Is Just Getting Started (Wired) The Internet Research Agency specifically targeted African Americans, and has not stopped trying to influence elections, a Senate intelligence report says.
Pressure mounts in UK to take action over blacklisted Chinese CCTV firm (The Telegraph) Demands are mounting for an official inquiry into NHS and council contracts with a Chinese CCTV firm blacklisted for allegedly spying on persecuted Chinese Muslims.
Trump Green-Lights Some Sales to Huawei (New York Times) The administration plans to issue licenses allowing some American companies to sell nonsensitive products to Huawei, despite its placement on a U.S. blacklist.
Melbourne cyber conference organisers pressured speaker to edit 'biased' talk (the Guardian) After two speakers were banned, a third says organisers tried to edit his presentation
Senators Peters, Johnson, Wyden and Cotton Letter to OMB FASC (Washington Post) Dear Director Mulvaney, We are writing to urge the Federal Acquisition Security Council (FASC) to develop a strategic plan for sharing supply chain security information with Congress and the judiciary...
NSA Chief: DIB is New Cybersecurity Directorate’s First Focus (MeriTalk) Army Gen. Paul Nakasone – who heads both the National Security Agency and U.S. Cyber Command – said today that the first focus of NSA’s recently launched Cybersecurity Directorate will be to shore up protection of companies that make up the nation’s Defense Industrial Base (DIB), and specifically to prevent the theft of intellectual property from DIB companies.
Exclusive: DHS seeks subpoena powers to identify vulnerable systems (TechCrunch) Homeland Security’s cybersecurity division is pushing to change the law that would allow it to demand information from internet providers that would identify the owners of vulnerable systems, TechCrunch has learned. Sources familiar with the proposal say the Cybersecurity and Infrastructure S…
Analysis | The Cybersecurity 202: There's a fight brewing over Homeland Security's push for subpoena power (Washington Post) DHS says it wants to prevent attacks. Privacy advocates see overreach.
EDITORIAL COMMENT: Cyber criminals must be severely punished (The Chronicle) Cabinet on Tuesday approved the Cyber Crime, Security and Data Protection Bill. The proposed law will cover a whole range of issues in relation to the utilisation of cyberspace.
Litigation, Investigation, and Law Enforcement
EU Looks to Tweak Method for Compiling Dirty-Money Blacklist (Wall Street Journal) The European Union is working on a new approach for flagging countries with weak anti-money-laundering laws after the bloc’s previous attempt to create a blacklist failed earlier this year.
Bank of England fires warning shot at Facebook over Libra digital currency (The Telegraph) Facebook's new digital currency must meet the highest standards if it is to go ahead, the Bank of England has said in a significant hardening of its position.
Facebook CEO to Testify at House Panel About Libra (Wall Street Journal) Facebook CEO Mark Zuckerberg is slated to return to Capitol Hill this month to testify before a House panel about the company’s foray into cryptocurrency.
Mark Zuckerberg to testify in US over Libra cryptocurrency (The Telegraph) Mark Zuckerberg will testify about Libra, the cryptocurrency he is building, this month after he was summoned by a committee of US politicians.
Henry Kyle Frese Accused of Leaking Docs to Amanda Macias (Heavy) Henry Kyle Frese is the Pentagon analyst who is accused of leaking documents related to North Korea and China to CNBC's Amanda Macias and another reporter.
Intelligence agent arrested for spilling secrets to journalists (New York Post) The feds busted a Defense Intelligence Agency worker Wednesday for leaking classified national defense information to two journalists in 2018 and 2019 — one of whom he was shacking up with. Henry K…
Mississippi Audit: Agencies Not Complying with Cybersecurity Law (Government Technology) A recent report from the state auditor's office showed widespread noncompliance with routine cybersecurity protections. The gaps could open the state to unnecessary threats as hackers aggressively target government.