Cyber Attacks, Threats, and Vulnerabilities
EU agency says Iran likely to step up cyber espionage (Reuters) Iran is likely to expand its cyber espionage activities as its relations with We...
North Korea could accelerate commercial espionage to meet Kim's economic deadline - CyberScoop (CyberScoop) Perhaps more than any other nation-state, North Korea-linked hackers have shown no limits in what they will target – from a Hollywood entertainment company to a Bangladeshi bank.
Major iPhone FaceTime bug lets you hear the audio of the person you are calling … before they pick up (9to5Mac) A significant bug has been discovered in FaceTime and is currently spreading virally over social media. The bug lets you call anyone with FaceTime, and immediately hear the audio coming from their …
Apple says it has taken Group FaceTime offline in attempt to resolve calling exploit (9to5Mac) Following the exposure of a major FaceTime security hole earlier today, Apple has now taken Group FaceTime completely offline. This comes after the company said a fix for the FaceTime calling bug i…
Apple Bug Enables Eavesdropping on FaceTime Users (Wall Street Journal) Apple scrambled to fix a bug in its FaceTime video-chat system that lets callers eavesdrop on users of iPhones, iPads, and Macs, an embarrassing setback for a company that has touted its commitment to privacy.
Apple FaceTime bug lets anyone eavesdrop on your private conversations (The Telegraph) An iPhone bug that allows users to spy on people by video calling them has been discovered.
Info-Stealer FormBook continues activity using a new file hosting service (Deep Instinct) Background FormBook is an info-stealer which first appeared on the scene as early as 2016. This malware has been marketed …
Apple to fix FaceTime bug that allows eavesdropping (Washington Post) Apple has made the group chat function in FaceTime unavailable after users said there was a bug that could allow callers to activate another user’s microphone remotely
UK cyber security agency investigates DNS hijacking (ComputerWeekly.com) NCSC is probing the large-scale DNS hijacking campaign that has reportedly affected government and commercial organisations worldwide, and has issued defence advice.
How my Instagram account got hacked (Naked Security) After years of embarrassment, I’m finally ready to admit how and why my Instagram account got hacked.
A sneak peek into recent IoT attacks (Zscaler) An analysis of recent attacks on IoT devices, including the RIFT botnet, Shaolin botnet, ThinkPHP, and D-Link router exploitation
Emotet: A veritable Swiss Army knife of malicious capabilities (Help Net Security) Formerly just a banking Trojan, Emotet is now one of the most dangerous and multifaceted malware out there - a Swiss knife of malicious capabilities.
Thieves’ names and descriptions made public on B&Q database (Naked Security) DIY giant B&Q reportedly suffered an Elasticsearch database breach this week that gave up information on around 70,000 shoplifters.
Hackers Target Cisco Routers via Recently Patched Flaws (SecurityWeek) Hackers have been scanning the Internet for Cisco Small Business RV320 and RV325 routers affected by recently patched vulnerabilities. Attacks started shortly after disclosure and release of PoC exploits.
BGP secure routing experiment ends in online row (Naked Security) An experiment to make the internet safer ended up breaking parts of it last week.
YouTube subscribers getting spammed by celebrity imposters (Naked Security) YouTube personality Philip DeFranco warned that the messages pretending to be from him and other top influencers are scams.
Twitter scammers jump in on real-time complaints to companies (Naked Security) ”Hi there,” said the polite (and fake) help desk, leading to a back-and-forth between a lying scammer and a lying security analyst.
Credential-stuffing attack prompts Dailymotion password reset (Naked Security) Dailymotion is resetting the account passwords of an unknown number of users after being hit by a “large-scale” credential stuffing attack.
Why America is not prepared for a Stuxnet-like cyber attack on the energy grid (CSO Online) The U.S. energy grid continues to be vulnerable to Aurora-like attacks that could cause blackouts lasting a year or more.
Pentagon cyber security capabilities trail growing capabilities of potential adversaries (Computing) Vulnerabilities in the latest F-35 aircraft remain unaddressed, while veterans' medical records systems are wide open to hackers,Security ,Pentagon's cybersecurity,weapons systems,US Defence Department,Robert Behler,Genesis,Dana Deasy,Defence Department Inspector General
France's Altran Tech says it was hit by cyber attack (CNBC) Jan 28- French engineering consulting firm Altran Technologies was the target of a cyber attack on Thursday that hit operations in some European countries, it said. Altran said on Monday it had shut down its IT network and applications and a recovery plan was under way. Britain's National Cyber Security Centre announced on Friday it was investigating a...
Even Microsoft can’t escape ‘reply all’ email storms (Naked Security) Of all the calamities that befall email users, few are more dreaded than the ‘reply all’ storm.
Exclusive: Snapchat weighs what was once unthinkable - permanent snaps (Reuters) Snap Inc is considering changes to its Snapchat app, known for disappearing phot...
Cyber Trends
Private Messages Are the New (Old) Social Network (WIRED) The sudden fall of Facebook sharing has led to the rise of something else: private messaging.
Boardrooms Are Still Not Singing the Security Song (SecurityWeek) While boards accept that cybersecurity should be a priority, a survey found that less than 50% of companies have a CISO position with a seat at the board.
Industry Reactions to Data Privacy Day (SecurityWeek) Industry professionals comment on Data Privacy Day, the international holiday whose goal is to raise awareness and promote privacy and data protection best practices.
Marketplace
IARPA announces Proposers’ Day for SAILS, TrojAI (Intelligence Community News) On January 25, the Intelligence Advanced Research Projects Activity announced a Proposers’ Day Conference for the Secure, Assured, Intelligent Learning Systems (SAILS) and Trojans in Artificial Int…
SIA Leads Security Industry Toward Data Privacy Awareness, Action (Security Industry Association) The Security Industry Association (SIA) is marking Data Privacy Day on Monday by continuing its efforts to help its members understand and manage the critical issue of protecting consumer data.
TPG scraps mobile network build due to Huawei ban (CRN Australia) No upgrade path to 5G.
Akamai Completes Acquisition Of CIAM Company Janrain Inc. (MarTechSeries) Akamai Technologies, the intelligent edge platform for securing and delivering digital experiences, announces the company has completed its acquisition of Janrain,
Demand for client assurance is propelling Hudson startup SubRosa (Crain's Cleveland Business) From Crain's Akron Business: Focusing on small- and midsize companies, the cybersecurity startup has been buoyed by its vendor risk and due diligence services, and has seen its business take off in the past six months.
RANK Software Ends 2018 with 111 Percent Revenue Growth (GlobeNewswire News Room) AI Cybersecurity Platform Provider Added Key Customers, Expanded Market Coverage, and Grew Platform Capabilities
BlackBerry taps former Cisco exec Bryan Palma for COO role (ZDNet) Palma is set to play a key role in integrating Cylance into BlackBerry's products.
Products, Services, and Solutions
State of Utah Projected to Save Millions of Dollars with Forescout’s Integrated ServiceNow Solution (GlobeNewswire News Room) Orchestrated security approach delivers improved asset intelligence through device visibility and real-time reporting for rapid time to value
SyncDog Inc. Enables Mobile Workforce Productivity Through Data Loss Prevention Application (BusinessWire) SyncDog Inc. Enables Mobile Workforce Productivity Through Data Loss Prevention Application.
Symantec Introduces Advanced EDR Tools and Fully-Managed Service to Stop the Most Dangerous Cyber Threats (BusinessWire) Symantec Corp. announces a new Managed Endpoint Detection and Response (MEDR) service and enhanced EDR 4.0 technology.
Symantec Delivers Advanced Protection and Hardening Capabilities with Complete Endpoint Defense (BusinessWire) Symantec Corp. announces new enhancements to its endpoint security portfolio with advanced endpoint protection and hardening capabilities.
nuPSYS & Cisco Sign Global Reseller Agreement to Deliver Data Center Automation & Visualization Solutions (PR Newswire) nuPSYS, an innovation leader in data center & 5G / cell site automation & visual tools, announced it has...
The SSL Store™ Announces All-in-One Cybersecurity Solution cWatch Web (PRWeb) The SSL Store™—the world’s largest premium SSL/TLS service, today announced a new addition to their reseller program—cWatch Web. This all-in-one cloud-
CIS launches new free self-assessment tool for the CIS controls (CIS) Free Web Application Tracks and Prioritizes Implementation East Greenbush, N.Y., January 28, 2019 CIS® (Center for Internet Security, Inc.®) today announced the launch of the CIS Controls® Self-Assessment Tool, or CIS CSAT, to enable security leaders to track and prioritize their implementation of the CIS Controls. “CIS CSAT helps organizations regardless of size or resources, …
CHEQ and RiskIQ Partner to Combine Autonomous Ad Verification with Digital-Threat Prevention for End-to-End Solution (PR Newswire) Military-grade ad-verification company CHEQ, and RiskIQ, the global leader in attack-surface...
InfoSec Global (ISG) to license AgileScan, ISG's Cryptographic Threat Management Solution to Entrust Datacard Customers (PR Newswire) InfoSec Global has licensed its AgileScan ...
Netcraft Launches Anti-Phishing Mobile App (SecurityWeek) Netcraft launches mobile app designed to protect users against phishing and other attacks. Android version available and iOS version coming soon.
Facebook Launches Privacy and Data Use Business Hub (SecurityWeek) Facebook marks Data Privacy Day with launch of Privacy and Data Use Business Hub, which should help businesses understand how they can protect private information.
Technologies, Techniques, and Standards
Where To Begin With MITRE ATT&CK Matrix (SecurityWeek) Cybersecurity teams frequently use the MITRE ATT&CK matrix as a framework to show where the organization has good visibility protections, and where identified weaknesses can be addressed.
Analysis | The Cybersecurity 202: Medical devices are woefully insecure. These hospitals and manufacturers want to fix that (Washington Post) But their new plan is purely voluntary.
Fileless Malware: What Mitigation Strategies Are Effective? (BankInfo Security) As the threat of fileless malware continues to persist worldwide, security professionals are devising targeted risk management strategies.. BankInfoSecurity
Why note cards can’t simulate a cyberattack (Fifth Domain) The Pentagon's rudimentary training methods to prepare for cyberwar have raised concern that the United States will not be prepared for future battles.
How the intel community could use machines and AI (C4ISRNET) The intelligence community's
How privacy and security concerns affect password practices (Help Net Security) Yubico announced the results of the company’s 2019 State of Password and Authentication Security Behaviors Report, conducted by the Ponemon Institute.
Design and Innovation
Facebook Opens New Fronts to Combat Political Interference (Wall Street Journal) Facebook is planning a dedicated effort to fend off interference in the European Union’s parliamentary election campaign this spring, part of a broader effort to defend against political interference.
Research and Development
Defending against cyberattacks by giving attackers ‘false hope’ (MU News Bureau) MU researchers develop artificial intelligence to quarantine cyberattackers until a more sophisticated defensive strategy can be devised
Inside the Pentagon’s race against deepfake videos (CNN) Advances in artificial intelligence could soon make creating convincing fake audio and video – known as “deepfakes” – relatively easy.
Academia
University of Tulsa takes lead in Cyber District vision (Tulsa World) The crux of the proposal is the creation of a Tulsa Enterprise for Cyber Innovation, Talent and Entrepreneurship, which will allow industry, federal agencies and TU to work together to
KnowBe4 CEO Stu Sjouwerman Joins University of South Florida Cybersecu (PRWeb) KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced that its CEO Stu Sjouwerman has
Legislation, Policy, and Regulation
Opinion | Strike Back Against Every Cyberattack (Wall Street Journal) The U.S. can keep foreign hacks at bay by showing its ability and will to retaliate.
Senate Dems Prepping Letter Questioning Shutdown’s Cybersecurity Impact (Meritalk) Senate Democrats are circulating among their offices text of a letter they may send to senior Federal cybersecurity leaders questioning the impact of the partial Federal government shutdown on the security of government networks, MeriTalk has learned.
Litigation, Investigation, and Law Enforcement
U.S. Authorities Unveil Sweeping Set of Charges Against China’s Huawei (Wall Street Journal) The Trump administration unveiled a sweeping set of criminal charges against China’s Huawei Technologies in its latest salvo against the telecom giant just days before U.S.-China trade talks are set to resume.
US Prosecutors Unveil Money Laundering, Fraud Charges Against Huawei | New York Law Journal (New York Law Journal) Federal prosecutors in Brooklyn have unsealed a 13-count indictment alleging Chinese telecommunications giant Huawei Technologies took part in a long-running scheme in which it deceived the U.S. government about its business dealings with Iran.
Huawei charged with bank fraud, stealing trade secrets by US (CRN Australia) Vendor accused of violating sanctions against Iran.
The Latest: China urges US to withdraw extradition request (ABC News) China's foreign ministry has called on Washington to withdraw its request for Canada to extradite a Huawei executive to face charges of lying to banks about possible dealings with Iran.
Authorities shut down xDedic marketplace for buying hacked servers (ZDNet) xDedic provided access to more than 85,000 hacked servers in its heyday.
The xDedic Marketplace, A Website Involved In The Illicit Sale Of Compromised Computer Credentials And Personally Identifiable Information, Shut Down (US Department of Justice) U.S. Attorney Maria Chapa Lopez, along with Special Agent in Charge Eric Sporre, FBI-Tampa Division, and Special Agent in Charge Mary Hammond, IRS-Criminal Investigation, today announced the seizure of the xDedic Marketplace, a website that operated for years and was used to sell access to compromised computers worldwide and to personally identifiable information of U.S. residents. The xDedic administrators strategically maintained servers all over the world to facilitate the operation of the website.
xDedic Marketplace Shut Down in International Operation (Europol) On 24 January, the U.S. Prosecutor’s Office for the Middle District of Florida, the FBI and the Internal Revenue Service (IRS) of Tampa (Florida), the Federal Computer Crime Unit (FCCU), the Federal Prosecutor’s Office and the Investigating Judge of Belgium, as well as the Ukrainian National Cyber Police and Prosecutor General’s office of Ukraine, with the support of the Bundeskriminalamt of Germany and Europol seized the xDedic Marketplace.
After seizing a major DDoS-for-hire site, Europol goes after its users (TechCrunch) Last year, Europol and its many law enforcement partners took down and seized webstresser.org, one of the most notorious “booter” sites for launching distributed denial-of-service (DDoS) attacks, which was claimed to have launched millions of attacks. But the coalition of feds isn’…
Authorities across the world going after users of biggest DDoS-for-hire website (Europol) The takedown by law enforcement in April 2018 of the illegal marketplace webstresser.org as part of Operation Power OFF has given authorities all over Europe and beyond a trove of information about the website’s 151 000 registered users.
Privacy Groups Claim Online Ads Can Target Abuse Victims (WIRED) Complaints filed in Europe claim internet companies categorize users based on potentially sensitive browsing habits, and then use those labels to target ads.
Facebook ordered to explain how WhatsApp merger would avoid breaking data laws (The Telegraph) Facebook has been asked to urgently explain to European regulators how its proposed merger of Facebook Messenger, WhatsApp and Instagram into one service would avoid breaking data laws.
Appeals court to hear case of reporter alleging surveillance (Washington Post) A federal appeals court is set to hear arguments in a lawsuit filed by a former CBS News reporter alleging that Obama administration officials violated her constitutional rights by hacking into her computers and other electronic devices
Roger Stone to appear in DC federal court Tuesday (TheHill) Roger Stone, a longtime informal adviser to President Trump, will be arraigned in federal court in Washington, D.C., on Tuesday at 11 a.m.
Webcam Hacker Luis Mijangos (GQ) Every online scam begins more or less the same—a random e-mail, a sketchy attachment. But every so often, a new type of hacker comes along. Someone who rewrites the rules, not just the code. He secretly burrows his way into your hard drive, then into your life. Is he following your every move?
