Cyber Attacks, Threats, and Vulnerabilities
Hacker leaks data on Angela Merkel and hundreds of German lawmakers (TechCrunch) A hacker has targeted and released private data on German chancellor Angela Merkel and other senior German lawmakers and officials. The data was leaked from a Twitter account, since suspended, and included email addresses, phone numbers, photo IDs and other personal data on hundreds of senior polit…
German politicians suffer massive hack of personal details and private communications (Graham Cluley) The private communications, emails, contact details, mobile phone numbers, memos, and financial information of hundreds of politicians have been published online.
Hackerangriff auf Politiker: Analysen laufen (BSI - Presseinformationen des BSI) Das BSI prüft den Fall derzeit in enger Abstimmung mit weiteren Bundesbehörden intensiv. Das Nationale Cyber-Abwehrzentrum hat die zentrale Koordination übernommen. Nach jetzigem Erkenntnisstand liegt keine Betroffenheit der Regierungsnetze vor.
Hackers seize dormant Twitter accounts to push terrorist propaganda (Engadget) Terrorists are using an old Twitter exploit to revive dead accounts and spread their hateful message.
ISIS Message After Barcelona Warning: Kill Pedestrians at 'Very Busy and Full of Disbelief' Location (Homeland Security) "A vehicle is equally powerful or even more than a bomb... hit with all the force at the first moment," says terror directive.
Detailed: How Russian government's Fancy Bear UEFI rootkit sneaks onto Windows PCs (Register) ESET sheds new light on 'Lojax' firmware infection
Feds Warn Chinese Hackers Launching Targeted Cyber Attacks (HealthITSecurity) DOJ and Homeland Security are warning Chinese hackers are targeting IT service providers and others with malware attacks to exfiltrate data. Healthcare and biotech companies are among the victims.
Analysis | How China’s Spies Became Key Players in the Trade War (Washington Post) China’s main intelligence agency, the shadowy Ministry of State Security, has found itself thrust into the global spotlight as political and trade tensions between the U.S. and China flare. Two of its alleged assets have been publicly named in a sweeping U.S. indictment involving hacking on a global scale. After a top executive of Huawei Technologies Co. was arrested in Canada on a U.S. extradition request, it was MSS agents who abruptly detained two Canadians in China, sparking a diplomatic feu
Spyware Disguises as Android Applications on Google Play (TrendLabs Security Intelligence Blog) Recently discovered spyware disguises itself as legitimate Android applications to gather information from Google Play users.
New Android malware hit more than 100,000 users in 196 countries (Cyware) A new Android malware was hidden behind six different Android applications that were available in Google Play, out of which five apps were removed from Google Play in February 2018. The applications have been downloaded 100,000 times by users in 196 countries, with the majority of victims residing in India.
MobSTSPY spyware weaseled its way into Google Play (SC Magazine) Once again a spyware disguised as Android applications has made its way into the Google Play store with some of the malicious apps being downloaded more than 100,000 times by users across the globe last year.
New Crypto-Mining Attacks Leverage NSA-Linked EternalBlue Exploit (SecurityWeek) A new version of the NRSMiner is actively spreading in the southern region of Asia and using the EternalBlue exploit to infect systems.
Emotet Malware Gets More Aggressive (Dark Reading) Emotet's operators have been adding new capabilities, making the malware now even more dangerous to its enterprise targets.
A Dozen Flaws in Popular Mac Clean-Up Software Allow Local Root Access (Threatpost) All of them arise from improper input validations.
Phishing template uses fake fonts to decode content and evade detection (Proofpoint) Proofpoint researchers describe a new phishing template that uses a previously undocumented font trick to decode and display pages.
Apple Phone Phishing Scams Getting Better (KrebsOnSecurity) A new phone-based phishing scam that spoofs Apple Inc. is likely to fool quite a few people.
Hackers Attempt to Sell Stolen 9/11 Documents (SecurityWeek) A group of hackers is claiming to be offering a large number of confidential documents for sale that are related to the September 11 terrorist attacks.
Popular Weather App Collects Too Much User Data, Security Experts Say (Wall Street Journal) A weather-forecasting app from TCL Communication Technology Holdings—maker of Alcatel smartphones—asks for data beyond what’s normal for a weather program, a security firm says.
Over 3,000 Luas users may have had records compromised in cyber attack (Irish Examiner) The Luas website has been hacked, with the tram operator being held to ransom for one Bitcoin.
Website of Dublin Tram System Hacked (SecurityWeek) A hacker defaced the website of Luas, the tram system in Dublin, Ireland. The attacker has threatened to leak data unless he is paid 1 bitcoin.
Netflix urges fans not to try the ‘Bird Box’ challenge after videos emerge of people driving while blindfolded (The Telegraph) Netflix has urged fans not to take part in a viral challenge inspired by its new sci-fi horror film Bird Box.
Hackers hijack thousands of Chromecasts to warn of latest security bug (TechCrunch) Hackers have hijacked thousands of exposed Chromecast streaming devices to warn users of the latest security flaw to affect the device. But other security researchers say that the bug — if left unfixed — could be used for more disruptive attacks. The culprits, known as Hacker Giraffe and J3ws3r, ha…
Hacker Promoting PewDiePie Stops Hacking Because They’re Getting Harassed (Motherboard) "Well, here I am, burned and roasted, awaiting my maybe-coming end,” HackerGiraffe wrote.
Don’t fall victim to the Chromecast hackers – here’s what to do (Naked Security) First they came for your printer… and then they came for your Chromecast – learn how to tighten up your router security.
Security Patches, Mitigations, and Software Updates
Two Critical Flaws Patched in Adobe Acrobat, Reader (SecurityWeek) Two critical vulnerabilities have been patched by Adobe in its Acrobat and Reader products, but administrators don’t need to rush to install the updates.
Adobe Issues Emergency Patch Following December Miss (Dark Reading) The company released an out-of-band update to head off vulnerabilities exposed in Acrobat and Reader, one of which had been patched by the company in December.
Symantec Data Loss Prevention Enforce Server Administration Console Cross-site Scripting, Cross-site (Symantec) Symantec's Data Loss Prevention (DLP) Management Console is potentially susceptible to persistent cross-site scripting (XSS) issues and a possible cross-site request forgery (CSRF) in the Enforce Server administration console. Successful exploitation could result in potential unauthorized actions directed against the console potentially with elevated privileges.
Microsoft to add two new Microsoft 365 security, compliance bundles to its line-up (ZDNet) Microsoft is adding new Microsoft 365 packages to its subscription-service roster, as well as expanding availability of its MyAnalytics 'fitness tracker for work' service.
Cyber Trends
On the Cyber Edge of History (SIGNAL Magazine) Legislation, strategies, policies, authorities and a spirit of cooperation across government and the international community align to meet the cyber threat.
A 2018 retrospective on control system cyber security – we aren’t as far along as many people think (Control Global) During 2018, Operational Technology (OT) cyber security and threat hunting vendors flourished. There also were many control system cyber vulnerabilities, multiple unintentional control system cyber incidents, multiple control system cyber attacks. What is still missing is adequately addressing the control system field devices.
The Unhackable Election (Foreign Affairs) Malign foreign powers, led by Russia, are weaponizing the infrastructure that underpins democratic societies. Europe and the United States need to work together to craft a bipartisan, transatlantic response to protect democratic elections.
Has GDPR improved privacy - (Enterprise Times) Jake Olcott, Vice President, Communications and Government Affairs at BitSight talks about how GDPR has improved data security
Good Privacy Requires Tech, Cultural Change (Wall Street Journal) Privacy is not a four-letter word, but for some CIOs it has felt that way.
Top 5 Security Trends That Will Continue in 2019 (SecurityWeek) Five trends observed across the security industry in 2018 that are expect to remain strong in 2019.
You cannot save the world alone: This and other lessons we learned at Kaspersky Lab’s Cyber Security Weekend (PCMag India) In a world that gets more fragmented by the day, Balkanisation has become a natural response amongst governments that don’t trust each other
Xconomy: New Year to Bring New Data Security Threats, Cyber Investor Warns (Xconomy) Bob Ackerman is one of the venture capitalists whose funding has long fed the growth of the burgeoning cybersecurity industry. So, you might imagine that
Doctors tell parents to cut children’s screen time (Times) Doctors have issued the first guidance advising parents to limit their children’s access to technology as a study linked heavy social media use by teenagers to signs of depression. Children should...
Marketplace
Profit, Peril And The Internet Of Things (Forbes) The proliferation of IoT devices means more equipment is vulnerable to a security breach than ever before.
The Cybersecurity "Arms Race" Means Double-Digit Profit Opportunities in 2019 (Money Morning) In 2019, everyone is going to wish they bought cybersecurity stocks. That's because there could be some big deals made. There's a lot of money and big profit opportunities ahead...
Long-awaited Cybersecurity industry consolidation might get boost from market correction (ETF Daily News) There are too many cybersecurity companies offering too many solutions to too many problems, with too few qualified workers seeking to help. After years of hoping for a change, it’s possible that the fourth-quarter market correction could…
Facebook Begins New Year in Fixer-Upper Mode (Wall Street Journal) One year ago, Mark Zuckerberg set his sights on “fixing” Facebook. That remains very much a work in progress. At the top of the 2019 to-do list: find a balance between the social-media giant’s deeply held drive for growth and its heightened commitment to improving safety and security across its many platforms.
Apple told to pull iPhones from Germany (BBC News) Apple has been ordered by a court to remove iPhone 7 and iPhone 8 models from its German stores.
Huawei will focus on Cyber Security and Privacy Protection in 2019: Founder (Gizmochina) At a time when most countries are concerned about security aspect related to Huawei’s products, the company’s founder Ren Zhengfei has sent a letter to all its employees talking about...
Huawei enters 2019 swinging with $108.5 billion revenues (Telecoms.com) To say 2018 was a rollercoaster ride for Huawei would be somewhat of an understatement, but the New Year’s message from Rotating Chairman Guo Ping is one of defiance.
Huawei Demotes Workers for Tweeting From an iPhone (Bloomberg) They oversaw agency that tweeted from its official account
LinkedIn backtracks on censorship of Chinese activist (Computing) Another question mark over the influence of repressive regimes on tech firms
TRANSCOM Blazes Cyber Trail to Commercial Cloud (SIGNAL Magazine) The command is making strides in transferring its unclassified systems and is sharing lessons learned that will make the path to cloud usage smoother for others to follow.
Coalfire Federal Appraised at CMMI Maturity Level 3 (PR Newswire) Coalfire, a provider of cybersecurity advisory and assessment services, announced today that Coalfire Federal, ...
Fortinet Serves as a Founding Partner of World Economic Forum’s Centre for Cybersecurity (GlobeNewswire News Room) As first cybersecurity founding partner of the Centre for Cybersecurity, partnership demonstrates Fortinet’s continued commitment to innovation and collaboration to combat global cybercrime
Shared Assessments Program Appoints Risk Management Visionaries as 2019 Steering Committee and Advisory Board Leadership (BusinessWire) Shared Assessments Program Appoints Risk Management Visionaries as 2019 Steering Committee and Advisory Board Leadership
Products, Services, and Solutions
DENSO and Dellfer to Protect Cybersecurity for Connected Cars from the Inside Out (DENSO Media Center) The world’s second-largest mobility supplier DENSO and Dellfer, a cybersecurity company, have entered into a Joint Development Agreement (JDA) to bring ZeroDayGuard 1.0, a cyber security product to market for the automotive industry. The partnership aims to ...
Helping Foster Youth Protect Against Identity Theft (Triple Pundit) Identity theft is a nightmare for anyone who falls prey to it, and while everyone is vulnerable, America’s foster youth are particularly at-risk.
Technologies, Techniques, and Standards
ICS Security Experts Share Tales From the Trenches (SecurityWeek) ICS security experts from several companies share interesting stories from the field.
Debunking Common Misconceptions about Third-Party Risk Management (Infosecurity Magazine) Debunking several misconceptions about managing a third-party risk program have emerged in recent years.
New Year's Resolution: Manage Your Third-Party Security Better! (Panorays) Here’s a great New Year’s resolution for every business: Make 2019 the year that you take control of your third parties’ cybersecurity posture. Here are three good reasons why.
Staying relevant in an increasingly cyber world (Federal News Network) As the cyber industry expands, there’s an influx of unique job titles: cybersecurity analyst, cybersecurity manager, even cyber warrior. But, working in the field of cybersecurity doesn’t always mean holding a position with a trendy tech name.
How DevOps may be the answer to cyber-attacks (Chief Technology Officer) SMEs are starting to recognize that their existing cybersecurity solutions are inadequate against the cyber-attacks. This is why they have started revamping their approach to reduce the risks that hackers pose. One of the most significant changes they have made is investing in DevOps
When Open Source And Cyber Security Bonds: Kali Linux, The Go-To OS For Penetration Testing (Analytics India Magazine) A security-focused operating system (OS) has become insanely popular among most of the penetration testers is Kali Linux.
How the ERC-1400 Has Evolved Into a Suite of Interoperable Security Token Standards (The Tokenist) The ERC-1400 security token standard was initially published just three months ago. Since then, the single ERC has evolved into a suite of security token standards. While all standards are self-contained, each one provides a necessary function of security token performance— where they all remain interoperable among each other. Currently, the ERC-1400 standards are partitioned...
Building a ‘cyber-smart’ culture from the C-suite (EJ Insight) Organizations around the world are becoming more conscious about cyber-security. The topic is discussed regularly in the boardrooms nowadays, especially against the backdrop of significant financial and reputational liabilities brought upon by data breaches. Asia has seen its fair share of data breaches. In March 2016, 55 million voter data from the Commission on Elections…
How to create a security-focused work culture (TechRepublic) Learn how to beef up your company's cyberdefenses by training employees on cybersecurity policies and procedures, password management, and phishing.
How automation enables a proactive security culture at Bank of England (CSO Online) The Bank of England security team uses automation to build intellectual capital, freeing up time to be more proactive and to better explain security to business units.
Utah soldiers to deploy in fight against cyberattacks (DeseretNews.com) A squad of Utah soldiers is deploying to aid in the fight against digital warfare. A team of 18 Utah National Guard members from the 174th Cyber Protection unit is scheduled to deploy to Fort...
Here’s the Army’s latest electronic warfare project (C4ISRNET) Dubbed Raven Feather, the Army is taking aim at platforms and vehicles.
Design and Innovation
The Elite Intel Team Still Fighting Meltdown and Spectre (WIRED) One year after a pair of devastating processor vulnerabilities were first disclosed, Intel's still dealing with the fallout.
Microsoft tests feature to allow users to control their personal data (Computing) Microsoft dips a toe into the personal information economy
Architecting Cybersecurity Into Embedded Systems (SIGNAL Magazine) Embedded systems emerge as the latest challenge to secure deployed U.S. military technologies, including those within weapons and flight controllers.
Research and Development
U.S. National Quantum Initiative Act Signed and Delivered – What’s Next? (HPCwire) In case you missed it, the U.S National Quantum Initiative Act was signed into law by President Donald Trump on December 21 just before end-of-year
Are defense contractors investing enough in quantum computing? (Fifth Domain) Quantum computing is set to make existing forms of cybersecurity obsolete, but the coming revolution has not jolted researchers and defense firms to fully invest in the technology,
Legislation, Policy, and Regulation
30 Years After the Rushdie Fatwa, Europe Is Moving Backward (Foreign Policy) Blasphemy laws are more firmly anchored in the EU than ever before.
EU Looks to Reduce Exposure to Chinese 5G Risk: Report (Infosecurity Magazine) Brussels wants a more coordinated response to security challenges
How to Hit Russia Where It Hurts (Foreign Affairs) The United States needs a long-term strategy to ramp up economic pressure.
White House Mulls Jim Webb, Ex-Democratic Senator, as Next Defense Secretary (New York Times) Mr. Webb’s views align closely with President Trump’s drive to pull American troops from the Middle East and confront China more aggressively.
The critical strategic questions for DoD’s cyber force (C4ISRNET) With forces now in place, Cyber Command is beginning to think through tough problems and how to employ its capabilities.
NGA’s outgoing director on how to avoid a cultural ‘backslide’ (C4ISRNET) Robert Cardillo, the outgoing director of the National Geospatial-Intelligence Agency, explained how the agency has evolved during his four years at the helm, why the intelligence community needs to continue to challenge the status quo, and how intel work has changed in the last 30 years.
Cyber-security grant tightens Washington County systems (Olean Times Herald) Washington County is in the first round of recipients awarded a state cyber-security grant that will help county officials better monitor computer systems to prevent intrusions from
Litigation, Investigation, and Law Enforcement
Huawei tit-for-tat: why the US has a more legitimate case than China (South China Morning Post) David Zweig says the Huawei CFO was arrested for an offence committed by her, not her company, and was allowed to hire a lawyer. Canada has treated her more fairly than China is treating two Canadians in detention
Paul Whelan: ex-US marine held in Moscow charged with spying (the Guardian) Whelan faces 20 years if convicted as Russian news outlet claims he had USB drive with classified list of names
Bail sought for Marine vet held in Moscow for alleged spying (Marine Corps Times) The defense lawyer for a former U.S. Marine who was detained in Russia for alleged spying said Thursday that he is trying to get the American released from the Moscow prison where he has coped well with being in custody.
British citizen Paul Whelan held in Russia over ‘spying for the West’ (Times) A British citizen has been detained in Russia on suspicion of spying, The Times has learnt. Paul Whelan, 48, was formally charged with espionage yesterday as it was alleged that he had received in...
Spy or Not? American Who Loves Russia Ensnared in New Cold War (New York Times) Paul N. Whelan, now in a Moscow prison, cut a curious figure. He traveled on Russian trains, collected tea glass holders and cultivated military contacts.
Novi man accused of 'spy mission' in Russia: What we know (Detroit Free Press) Paul Whelan, 48, of Novi, is accused of spying in Russia. Here is what we know about his life, his background and where things stand with his case.
National-security experts say a US Marine veteran detained in Russia doesn’t fit the profile of a spy, but he could be a bargaining chip for a prisoner swap (Business Insider) Paul Whelan's profile doesn't fit that of a spy. But it does fit that of someone President Trump would want to bring home as part of a prisoner swap.
Ex-CIA agent Plame: 'It's not inconceivable' Paul Whelan is a spy (Detroit Free Press) “The Russians are going back to their playbook that they used throughout the Cold War. They’re very aggressive.”
Jerome Corsi's request for specific judge in Mueller lawsuit denied (Fox News) A Washington D.C. federal judge Thursday denied a request by conservative author Jerome Corsi to assign himself to hear Corsi's lawsuit against Special Counsel Robert Mueller alleging illegal and unconstitutional surveillance.
New Documents Suggest The Steele Dossier Was A Setup For Trump (The Federalist) After nearly two years since the Steele dossier was published, it remains the cornerstone of the case for collusion. It has also prompted other operations.
Exculpatory Russia evidence about Mike Flynn that US intel kept secret (TheHill) What many 'Russia collusion' cheerleaders cite as the start of a conspiracy between the Trump campaign and Moscow was, in fact, something very different.