Cyber Attacks, Threats, and Vulnerabilities
Dark Overlord hackers release alleged 9/11 lawsuit documents (Naked Security) The extortionists leaked a “small sample” of what they say are 18k classified legal documents containing 9/11 “truth” stolen from a law firm.
US newspapers battle ransomware (Naked Security) On 29 December one of America’s largest publishing groups, Tribune Media, found itself battling a major ransomware attack.
Cyber attack targets US newspapers, printing halted (IT PRO) The distribution of multiple newspapers across the country was delayed as a result
Ryuk Ransomware Suspected in U.S. Newspaper Attack (SecurityWeek) The recent cyberattack that disrupted the delivery of several major US newspapers may have involved Ryuk, a piece of ransomware typically used in targeted operations.
Ryuk Malware: Tailor-Made for Maximum Disruption (Government Technology) The ransomware launched against newspapers nationwide is not your typical malware. Experts say Ryuk is “artisanal” and meant to be used against certain companies for maximum disruption.
2019's First Data Breach: It Took Less than 24 Hours (Computer Business Review) 2019's first data breach was reported less than 24 hours into the New Year, after the details of an estimated 30,000 Australian civil servants were stolen
Cloud Hosting Provider DataResolution.net Battling Christmas Eve Ransomware Attack (KrebsOnSecurity) Cloud hosting provider Dataresolution.net is struggling to bring its systems back online after suffering a ransomware infestation on Christmas Eve, KrebsOnSecurity has learned.
Data of 2.4 million Blur password manager users left exposed online (ZDNet) Company says data breach didn't expose any actual passwords stored inside users' Blur accounts.
Automated System Bypasses Google reCAPTCHA Again (SecurityWeek) The unCaptcha automated system can once again bypass Google’s reCAPTCHA challenges, despite major updates to the security service.
Hacker Streaming PewDiePie Videos on Exposed Chromecast Devices (BleepingComputer) A new hacking campaign is underway that is targeting Chromecast adapters, Smart TVs, and Google Home in order to play a YouTube video promoting PewDiePie's channel.
Warn your friends they can’t bypass Facebook with this hoax (Naked Security) No, none of us can “bypass” Facebook’s newsfeed algorithms by copy-pasting our way past them.
PayPal phishing scam posted as a promoted tweet on Twitter (Cyware Hacker News) Twitter allowed a scammer to post a PayPal phishing scam as a promoted tweet on its social networking site. The phishing page asked visitors to login to their accounts and verify their details to win new year gifts.
Don’t Get Caught in a SMiShing Scam (The State of Security) The word SMiShing may sound like gibberish -- we think it’s a weird one -- but some of the world’s largest enterprises are losing millions of dollars to these scams every year.
Security Patches, Mitigations, and Software Updates
Vulnerability in Chrome for Android Patched Three Years After Disclosure (SecurityWeek) A vulnerabilitiy recently patched by Google in Chrome for Android with the release of Chrome 70 in October 2018 was an information disclosure bug that was originally reported in 2015, security researchers say.
Cyber Trends
2019: Cyber War - Part 3 (Forbes) Cyber war is on its way? Will it be a Happy New Year?
Watch out, cyber fraud cases in banks are spiking (The Economic Times) Spike in cyber frauds is bigger than most other types of bank frauds (5,917) reported in 2017-18
Marketplace
Apple's shock profit warning chills Wall Street as Tim Cook blames China's economic slowdown (The Telegraph) Apple has sent a chill through Wall Street and the tech industry by cutting its sales forecasts for the first time since 2002, blaming a sharper than expected economic slowdown in China.
Stocks Tumble After Apple Sales Warning (Wall Street Journal) The Dow Jones Industrial Average fell more than 2% Thursday, with technology shares coming under pressure after Apple announced a rare cut to its sales forecast for the crucial holiday quarter.
Apple warning pummels markets worried about growth outlook (Yahoo) Stock markets retreated Thursday as China's slowing economy forced Apple to slash its revenue forecast, wiping more than $70 billion from its value and dragging down share prices in the wider technology sector. Apple late on Wednesday cut its revenue outlook for the latest quarter, citing steeper-than-expected
Top secret Israeli cyberattack firm, revealed (Haaretz) Candiru, named after an Amazon fish known to parasitize the human urethra, recruits heavily from 8200 intelligence unit and sells offensive tools for hacking computer systems.
EU to Run Bug Bounty Programs for 14 Free Software Projects (SecurityWeek) The European Union is offering nearly $1 million in bug bounties through the FOSSA project for vulnerabilities in 14 widely used free software projects.
Products, Services, and Solutions
Software Security: How To Protect Software From Cyber Security Attacks (PR Newswire) Zeus SW Defender, LLC (http://www.zeusswdef.com) has announced the Zeus Software Defender Technology ("Zeus") for...
CyberX ICS Incident Manager Now Certified in the ServiceNow® Store (GlobeNewswire News Room) First Integration of Industrial Cybersecurity Platform with Market-Leading IT Service Management Solution
Upstream Security and Arilou Partner to Build End-to-End Security for Smart Mobility (NNG) Integration of solutions tackles demand for cybersecurity created by rapid growth in connected vehicles
Inside PolySwarm's Decentralized Threat Intelligence Marketplace (SecurityWeek) PolySwarm's Threat Detection Marketplace adds the collective wisdom of independent malware analysts -- and rewards them.
French Startup Offers Dark Web Compass, But Not for Everyone (SecurityWeek) Over the past five years Aleph Networks has indexed 1.4 billion links and 450 million documents across some 140,000 dark web sites.
National Cyber Security Alliance commits to user education drive (The Daily Swig | Web security digest) Cyber, cyber, cyber
Microsoft Open Sources Homomorphic Encryption Library (Computer Business Review) Microsoft has open sourced a homomorphic encryption library its Cryptography Research group developed,saying the technique is ripe for widespread adoption
Technologies, Techniques, and Standards
Government Shutdown Impacts Enterprise Security (Decipher) The government shutdown isn’t impacting just security professionals working for the federal government. Corporate security teams have to pay attention to what public services are available and what aren’t during this time period.
USB-C upgrade allows cryptography to authenticate connected devices (9to5Mac) An upgrade to the USB-C standard allows cryptography to be used to authenticate connected devices. It will ensure that devices are properly certified, but can also be used to enhance security ̷…
Idaho Lab Protects US Infrastructure From Cyber Attacks (SecurityWeek) In the past decade, The Idaho National Laboratory's cybersecurity work has put it on the leading edge, and it is expanding.
How SMBs can minimize damage from ransomware attacks (TechRepublic) The costs incurred from a ransomware attack can devastate SMBs, but there are ways to minimize the impact.
Design and Innovation
Algorithms in Society: Protecting people v protecting IP (Computing) James Kitching, Solicitor - Corporate, Coffin Mew, discusses the growing controversy around the use of algorithms and AI affecting privacy
Peter Cochrane: We need 'truth engines' (Computing) Civilisations stand or fall on the strength of their truths, warns Professor Peter Cochrane OBE,Cloud and Infrastructure
Research and Development
As quantum computing draws near, cryptography security concerns grow (JAXenter) The new quantum computing leap forward has dizzying security implications for the whole tech ecosystem. Dan Timpson explains why you should be concerned.
Legislation, Policy, and Regulation
Vietnam's Draconian Cybersecurity Bill Comes Into Effect (SecurityWeek) A law requiring internet companies in Vietnam to remove content communist authorities deem to be against the state came into effect Tuesday, in a move critics called "a totalitarian model of information control".
To The Dismay Of Free Speech Advocates, Vietnam Rolls Out Controversial Cyber Law (NPR) The law requires Internet companies to store locals' data in Vietnam and hand over user information if the government asks for it, among other contentious provisions.
Curbs on A.I. Exports? Silicon Valley Fears Losing Its Edge (New York Times) The Commerce Department is considering national security restrictions on artificial intelligence. Some worry they could stunt the industry in the U.S.
Equifax Is Back in Washington’s Crosshairs (Wall Street Journal) House Democrats have put legislation responding to the massive Equifax hack at the top of their agenda, indicating possible changes ahead for how the credit-reporting industry handles consumer information.
Litigation, Investigation, and Law Enforcement
U.S. Citizen Held in Moscow Not Likely a Spy (Foreign Policy) Arrest could be retaliation for U.S. conviction of Russian national in influence operation.
Ex-MtGox Bitcoin Chief Maintains Innocence in Trial Closing Arguments (SecurityWeek) Mark Karpeles, former head of collapsed bitcoin exchange MtGox, apologised for losses that bankrupted the firm but insisted he was innocent of charges including embezzlement at closing arguments in his Tokyo trial.
The FBI’s Interrogation of Reality Winner Was Like a Play — and Has Now Been Turned Into One (The Intercept) The more playwright Tina Satter read of the FBI's interview of Reality Winner, the more it started to seem like a thriller.