Cyber Attacks, Threats, and Vulnerabilities
Abu Bakr al-Baghdadi death: Jihadists have chance to regroup under new leader (Times) The death of Abu Bakr al-Baghdadi, the leader of Islamic State, marks a turning point for the militant group that rose from the prison camps of Iraq to command a wealthy cross-border pseudo-state.
Georgia hit by massive cyber-attack (BBC News) Two thousand websites, as well as the national TV station, were targeted.
Russia’s Fancy Bear hackers conduct “significant cyberattacks” on anti-doping agencies (Ars Technica) Hacking blitz directed at 16 organizations since September 16, Microsoft says.
Russian Hackers Are Still Targeting the Olympics (Wired) Fancy Bear has attacked 16 anti-doping agencies around the world, indicating that its Olympics grudge is far from over.
Russian hacking group Fancy Bear strikes sports and anti-doping organizations (Axios) Fancy Bear's targeting of sports groups has become a near-annual event since 2016.
Hiding in Plain Sight: New Adwind jRAT Variant Uses Normal Java Commands to Mask its Behavior (Menlo Security) Malicious actors are learning how to use the same concept as 'hiding in plain sight' to sneak malware past traditional cybersecurity tools and onto users’ computers. And, it’s causing havoc on two fronts: enterprise security and user productivity
Nasty PHP7 remote code execution bug exploited in the wild (ZDNet) New PHP7 bug CVE-2019-11043 can allow even non-technical attackers to take over servers.
Adobe database exposes 7.5 million Creative Cloud users (Naked Security) Adobe has become the latest company to be caught leaving an Elasticsearch database full of customer data exposed on the internet.
Joburg refuses to pay cyber attack ransom, gets help from 'international partners' (SowetanLIVE) The city of Johannesburg has roped in international partners to deal with a cyber attack, and will not concede to a R400,000 ransom demand by the Shadow Kill Hackers.
Ransomware with a difference as hackers threaten to release city data (Naked Security) Johannesburg spent the weekend struggling to recover from its second malware attack this year as it took key services systems offline.
American Cancer Society hit by credit card stealing malware (TechCrunch) The American Cancer Society’s online store has become the latest victim of credit card-stealing malware. Security researcher Willem de Groot found the malware on the organization’s store website, buried in obfuscated code designed to look like legitimate analytics code. The code was des…
California blackouts hit cellphone service, fraying a lifeline (Silicon Valley Business Journal) For years, state and federal regulators have pressed the cellular companies to better reinforce their networks for emergencies. The Federal Communications Commission said Monday that it was conducting “a comprehensive review of the wireless industry’s voluntary commitment to promote resilient wireless communications during disasters.”
Hullinger Shares Details of Alphabroder’s Cyber Attack (ASI) In a Power Summit session, the CEO explained how the promotional products industry’s largest...
Vulnerability Summary for the Week of October 21, 2019 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Cyber Trends
State of Retail Cybersecurity: Saying IDONT to IDOR this Holiday Season | Bugcrowd (Bugcrowd) November is right around the corner, and so is the holiday shopping season. As consumers prepare to loosen their wallets, retailers are preparing to tighten the
iovation Financial Services Report: Fraudsters Go Mobile 50% of Time, Security and Privacy Drive Consumer Banking Choices (iovation) Risky transactions on mobile devices increase 138% since 2017; Security and privacy top priority for 72% of consumers selecting a bank or credit card
Adlib Software Finds Banking & Insurance Customers Rate Sensitive Data Protection as Top Priority During Client Onboarding (Yahoo) Adlib Software, a global leader in file analytics and data enrichment solutions, today announced survey results that reinforce the importance of.
'We're losing our ability to think': Internet pioneer Leonard Kleinrock on how his creation has transformed the world (The Telegraph) To some extent computers are the worst enemy of critical thinking," says Leonard Kleinrock.
Perspective | This might surprise you. Seniors are not more susceptible to scams; younger adults are. (Washington Post) The Federal Trade Commission debunks a myth that seniors are more likely to lose money to a scam.
Marketplace
Fortinet Bolsters Endpoint Security with enSilo Acquisition (Dark Reading) As companies reduce their vendor count, consolidation will likely continue to accelerate in the next year.
Stardog Raises $9 Million Series B to Expand Product Offerings (BusinessWire) Stardog announced that it has executed a Series B round, securing $9 million in financing
NordVPN Lists 5 Measures to Supercharge Its Security (Dark Reading) NordVPN signs a strategic partnership with VerSprite, a leading cybersecurity consulting firm.
Nomura downgrades China's ZTE, cites slowdown in demand and tech war risks (CNBC) Japanese bank Nomura downgraded Chinese telecommunications firm ZTE on Tuesday, saying there would be a temporary slowdown in demand with the shift to 5G equipment not fully picking up. It also warned of a risk of escalation in the conflict between the U.S. and China in the tech sector.
A Cybersecurity Firm’s Sharp Rise and Stunning Collapse (The New Yorker) Tiversa dominated an emerging online market—before it was accused of fraud, extortion, and manipulating the federal government.
Dissent Erupts at Facebook Over Hands-Off Stance on Political Ads (New York Times) In an open letter, the social network’s employees said letting politicians post false claims in ads was “a threat” to the company.
Cyber reskilled, but in my old job: A common refrain for program graduates (Federal News Network) Margaret Weichert, deputy director for management at OMB, said she is deeply concerned about structural impediments to bring agility to government.
CyberGRX Surpasses 50,000 Companies on Global Third-Party Cyber Risk Exchange (BusinessWire) CyberGRX announces that their Exchange has surpassed 50,000 companies, further propelling the company’s leadership status in TPCRM.
Nixu further expands Benelux operations (Cision) Pure play cybersecurity provider opens second regional office at The Hague Security Delta
JPMorgan's latest tech hire is crazy and wonderful (eFinancialCareers) He once drove a nuclear submarine.
CounterFlow AI Appoints Former FireEye Executive Bill Cantrell as Chief Product Officer (CounterFlow) Company aims to accelerate its next phase of growth, scale portfolio capabilities and partnership ecosystem following launch of flagship solution ThreatEye
Products, Services, and Solutions
Web Filtering Investigation & Discovery | Respond Analyst (Respond Software) A more secure network while using fewer resources. Respond Software adds web filtering investigation & discovery capabilities to its Respond Analyst solution.
Web Filtering in the Respond Analyst | Casting a Wider Net (Respond Software) Respond Analyst now supports top web filtering solutions like Palo Alto Networks & Forcepoint to identify compromised assets communicating with command.
Jumio Launches Real-Time Verification Solution, Powered Exclusively by AI (Jumio) Jumio Go is the first automated solution in the market to spot deepfakes, bots and sophisticated spoofing attacks with certified liveness detection
F5’s BIG-IQ Integrated With Venafi Machine Identity Protection Platform for Superior App Security (BusinessWire) Venafi, the leading provider of machine identity protection, today announced that F5 Networks has built native integration capabilities for the Venafi Machine Identity Protection Platform into the F5 BIG-IQ Centralized Management solution.
Hootsuite taps Proofpoint for AI-powered predictive compliance tool (VentureBeat) Social media management platform Hootsuite and enterprise security company Proofpoint want to help companies in heavily regulated industries.
Pwn2Own Adds Industrial Control Systems to Hacking Contest (Dark Reading) The Zero Day Initiative will bring its first ICS Pwn2Own competition to the S4x20 conference in January.
RCS MediaGroup Selects Pulse Secure to Strengthen Hybrid IT Secure Access at Leading Italian Publishing House (Pulse Secure) Advances remote access to web applications such as Microsoft Office 365 and network resources to help 3,000 staff enjoy a better work-life balance leveraging Pulse Secure
Technologies, Techniques, and Standards
The U.S. Army Didn’t Even Use Tools it Bought from Hacking Team (Vice) A group focused on counterintelligence and insider threats purchased the malware, according to a FOIA response to Motherboard.
AvengerCon IV showed how U.S. Cyber Command is building community (Technical.ly Baltimore) The hackathon, held at Dreamport in Columbia, reflected a growing spirit of collaboration around the Fort Meade-based command.
Why Startups Desperately Need CISO Guidance (CISO Series) As a preview for the 10-29-19 episode of CISO/Security Vendor Relationship Podcast, Mike Johnson interviews Roger Hale, CISO in residence for YL Ventures about his new role.
Industry Insights: The Basics of Cyber Security for Fire Departments (Firehouse) While the advent of new technologies can keep firefighters safer and better prepared for their job, there is also an increased risk of cyber attacks.
Design and Innovation
Bias, algorithms and buy-in: 3 things to know about Facebook's new News tab (Silicon Valley Business Journal) Facebook is being blasted for its controversial decision to include on its list of News partners right-wing news site Breitbart (along with Fox News and the National Review), which has been criticized for inaccurate and sensationalized reporting.
What's Blockchain Actually Good for, Anyway? For Now, Not Much (Wired) Not long ago, blockchain technology was touted as a way to track tuna, bypass banks, and preserve property records. Reality has proved a much tougher challenge.
Academia
Grand Canyon University Awarded Designation From National Security Agency And Department Of Homeland Security (PR Newswire) Grand Canyon University has been designated by the National Security Agency (NSA) and the Department of Homeland...
Governor Bryant Encourages Mississippi High School Students to Join Innovative Cybersecurity Competition (Mississippi Politics and News - Y'all Politics) Gov. Phil Bryant announced today that Mississippi will be participating in an innovative cybersecurity training partnership with the SANS Institute known as the Girls Go CyberStart challenge, a skills-based competition designed to encourage girls to pursue cyber-based learning and career opportuniti
Legislation, Policy, and Regulation
Cyber 'Pearl Harbour' laws desperately needed, experts say (Australian Financial Review) Security experts back the Morrison government's plan to allow cyber spy agencies to aggressively intervene on behalf of Australian companies.
For Uighur Muslims in China, Life Keeps Getting Harder (Foreign Policy) Concentration camps, surveillance, and spies keep the community under tight control.
TikTok says no, senators, we’re not under China’s thumb (Naked Security) US lawmakers asked intelligence to look into whether the app and others like it could pose a security threat or be used to influence opinion.
FCC proposes rules requiring telcos remove Huawei, ZTE equipment (TechCrunch) The Federal Communications Commission said it will move ahead with proposals to ban telecommunications giants from using Huawei and ZTE networking equipment, which the agency says poses a “national security threat.” The two-part proposal revealed Monday would first bar telecoms giants f…
U.S. regulator to bar China's Huawei and ZTE from government subsidy program (Reuters) The U.S. telecommunications regulator plans to vote in November to designate Chi...
Baroness Kidron: Government uses 'shield and sympathy' of child sexual abuse to access encrypted messages (The Telegraph) A leading child safety campaigner says the Government is using “the shield and sympathy” of child ­sexual abuse as an excuse to access encrypted messages.
You May Not Own Your Data (Avast) Read what chess champion and tech expert Garry Kasparaov says is a legal history of tech outpacing society’s view of property
Litigation, Investigation, and Law Enforcement
Boeing C.E.O. to Tell Congress: ‘We Know We Made Mistakes’ (New York Times) Dennis Muilenburg will face the Senate on the first anniversary of the crash of Lion Air Flight 610. The 737 Max remains grounded seven months after a second crash.
Shashi Tharoor asks government to explain alleged cyber attack at Kudankulam nuclear plant (Scroll.in) Officials at the power plant, however, denied the claim, which was made by a Twitter user.
BlackBerry Says Competitor Poached High-Level Officer (Law360) BlackBerry Corp. filed a complaint late Friday in Delaware Chancery Court alleging one of its former high-ranking officers had violated a noncompete clause by taking a job with protection services software company SentinelOne, in what BlackBerry claims is a continuing effort to poach its talent.
Husband Ordered to Pay Almost $500K After Bugging Tobacco Heiress Wife’s iPhone (The Daily Beast) Jurors ordered Crocker Coulson to pay $100 for each of the 415 days he accessed his wife’s phone, along with other fines.