Cyber Attacks, Threats, and Vulnerabilities
TAU Threat Intelligence Notification: New macOS Malware Variant of Shlayer (OSX) Discovered (Carbon Black) Carbon Black’s Threat Analysis Unit (TAU) recently discovered a new variant of a family of macOS malware which was first discovered in February of 2018 by researchers from Intego. TAU has obtained new samples of this malware and observed downloads of the malware from multiple sites, primarily disguised as an Adobe Flash software update. Many of the …
GreyEnergy Malware Research Paper: Maldoc to Backdoor (Nozomi Networks) Attention Security Analysts: don’t miss this GreyEnergy Research Paper which covers the reverse engineering of maldoc to backdoor stages.
Nozomi Networks' White Paper, GreyEnergy: Dissecting the Malware from Maldoc to Backdoor, Comprehensive Reverse Engineering Analysis (Nozomi Networks) Read the new White Paper, "GreyEnergy: Dissecting the Malware from Maldoc to Backdoor, Comprehensive Reverse Engineering Analysis"
GreyEnergy malware has 'massive amounts of junk code' meant to confuse researchers (CyberScoop) The investigation of the network of hackers generally associated with the seminal 2015 cyberattack on the Ukrainian power grid continues.
Siemens Warns of Critical Remote-Code Execution ICS Flaw (Threatpost) The affected SICAM 230 process control system is used as an integrated energy system for utility companies, and as a monitoring system for smart-grid applications.
APT Groups Moving Down the Supply Chain (Decipher) A recent intrusion at Norwegian MSP Visma that researchers attribute to APT10 demonstrates the changing tactics of some advanced attack groups.
Manipulating an Indian politician’s tweets is worryingly easy to do (TechCrunch) Here’s a concerning story from India, where the upcoming election is putting the use of social media in the spotlight. While the Indian government is putting Facebook, Google and other companies under pressure to prevent their digital platforms from being used for election manipulation, a jou…
IBM Warns Retailers of Trojan Threat (Security Boulevard) IBM has issued a cybersecurity advisory warning about an attack method originally developed for defraud banks that now is being applied to the retail
Dunkin' Donuts Issues Alert for Credential Stuffing Attack, Passwords Reset (BleepingComputer) Dunkin' Donuts has issued a security notification alerting users of their DD Perks reward program that their accounts may have been involved in a credential stuffing attack. This attack may have allowed third-parties to gain access to some of their account information.
What the “Fortnite” Vulnerability Reveals About the Cybersecurity Risks of Online Gaming (Irish Tech News) From “Gears of War” to “Call of Duty,” online gaming can bring people from all over the world together for some mostly harmless warmongering. And these [...]
Kids as young as eight falling victim to online predators (Naked Security) A UK children’s charity has found that children as young as eight are being sexually exploited online via social media.
Brave browser explains Facebook whitelist to concerned users (Naked Security) Brave is playing down fears after the revelation of what looked like a whitelist in its code allowing it to communicate with Facebook.
G DATA warnt vor gefährlichem Liebesbetrug zum Valentinstag (Presseportal.de) Jeder dritte Deutsche geht im Internet auf Partnersuche und nutzt digitales Dating, um eine neue Liebe zu finden (Quelle: Bitkom), aber nicht jeder meint es dabei...
Instagram confirms that a bug is causing follower counts to change (TechCrunch) Instagram confirmed today that an issue has been causing some accounts’ follower numbers to change. Users began noticing the bug about 10 hours ago and the drastic drop in followers caused some to wonder if Instagram was culling inactive and fake accounts, as part of its fight against spam. We’re a…
Security Patches, Mitigations, and Software Updates
Patch Tuesday, February 2019 Edition (KrebsOnSecurity) Microsoft on Tuesday issued a bevy of patches to correct at least 70 distinct security vulnerabilities in Windows and software designed to interact with various flavors of the operating system.
Microsoft February Patch Tuesday fixes 77 security flaws, including IE zero-day (ZDNet) Microsoft's February security updates address 76 bugs, 20 of which have been classified as "critical."
Adobe Releases Security Fixes for Flash Player, ColdFusion, and More (BleepingComputer) Adobe has published their monthly Patch Tuesday updates for the month of February 2019. These updates are for Flash Player, Creative Cloud Desktop Application, and ColdFusion.
February Patch Tuesday: Batch Includes 77 Updates That Cover Flaws in Internet Explorer, Exchange Server, and DHCP Server - TrendLabs Security Intelligence Blog (Threatpost) Microsoft released 77 updates, along with three new advisories, in this month’s Patch Tuesday. The bulletin patches four publicly known bugs, rated Important, and one that is under active attack. It includes fixes for ChakraCore, Edge, Exchange Server, Internet Explorer (IE), Microsoft Windows, Office and Microsoft Office Services and Web Apps, Azure, Team Foundation Services, and the .NET Framework.
Linux container bug could eat your server from the inside – patch now! (Naked Security) Crooks could take over your network thanks to a critical bug in a popular Linux containerisation toolkit… here’s what you need to know.
2019 Cybersecurity Almanac: 100 Facts, Figures, Predictions and Statistics (Cybercrime Magazine) Published by Cisco and Cybersecurity Ventures
The State of the Federal IT Landscape (OneLogin) For the State of the Federal IT Landscape report, OneLogin commissioned CITE Research to conduct an online, in-depth survey of 150 federal IT professionals in the United States. The goal of the survey was to understand: The current federal IT landscape; Security concerns and challenges facing federal agencies; IT plans with regard to the cloud; Technologies in use or being considered to address concerns
What Cybersecurity Pros Wish Businesses Would Understand (Bricata) Cybersecurity professionals want business leaders to know they exist to protect the business, they need budget and resources to do that effectively, and that security world is highly dynamic so things can and do change.
2019 Healthcare Report (SecurityScorecard) SecurityScorecard looked at over 26,000 healthcare companies in 2018. Some struggles continue within the healthcare industry as companies fail to protect patient and organizational data, creating vulnerabilities that need to be patched to improve their security posture.
While The Majority Of Americans Are Still Worried About Identity Theft, It's Now Become A Global Concern - And Few Know How To Properly Protect Against It (PR Newswire) BETHESDA, Md., Feb. 13, 2019 /PRNewswire/ -- According to Generali Global Assistance's first global consumer survey conducted by LEXIS, 57 percent of Americans ...
Impersonation, sender forgery and corporate email spoofing top the charts (Help Net Security) Q4 of 2018 was a busy period for phishing scammers as people use email to gather their receipts from online shopping, shipping notifications, returns, etc.
Virtual Assistants and Consumer AI (Clutch) People use virtual assistants such as an Amazon Echo or Google Home for simple tasks such as playing music and benefit from access to information. The value of virtual assistants will increase, however, when the technology becomes more in-tune to the context of voice commands and when connected to other devices. Read More
SMBs spending a day each week dealing with cybersecurity issues (Help Net Security) Almost half of UK small to medium-sized businesses (SMBs) believe a cyberattack would put their business at risk of closure.
No need for trenches in cyber-warfare, when all you need is a computer (Arab News) Cyber-warfare allows anyone to hack and take over billboards, television stations and even speeches far from where the conflict is and from the comfort of their own homes, warned information security researcher and analyst Rodrigo Bijou on Tuesday. “Cyberfare goes beyond just hacking a few computers and systems, it is the manipulation of the very fabric of society, online and offline,” Bijou told audience members at a packed hall Dubai’s World Government Summit.
Experian study: why organisations think they have bad data (Information Age) How bad is bad data? According to a recent study from Experian, bad data is creating bad customer experience
1 in 3 Americans Suffered Severe Online Harassment in 2018 (WIRED) And roughly 80 percent of Americans say tech companies should do more to prevent it, according to a new survey from the Anti-Defamation League.
2018 really was more of a dumpster fire for online hate and harassment, ADL study finds (TechCrunch) Around 37 percent of Americans were subjected to severe hate and harassment online in 2018, according to a new study by the Anti-Defamation League, up from about 18 percent in 2017. And over half of all Americans experienced some form of harassment according to the ADL study. Facebook users bore th…
Strategic buyers secure the cloud through dealmaking (Mergers & Acquisitions) There is lots of room for growth in the cybersecurity sector, which opens up M&A opportunities for companies including Akamai, BlackBerry and Zix.
ShiftLeft Raises $20 Million Series B Funding to Accelerate Adoption of Automated Application Security (BusinessWire) ShiftLeft™ Inc., an innovator in application-specific cloud security, today announced it has raised $20 million in Series B funding.
Symantec Buys Startup Luminate Security To Aid Application Defense (CRN) Symantec said its acquisition of Luminate will make it easier to deliver private secure application access, granting user connections only to the specific applications and resources for which they are authorized.
Elevate Security announces $8M Series A to alter employee security behavior (TechCrunch) It’s well understood that many network breaches begin with phishing emails designed to trick users into giving hackers their credentials. They don’t even have to work to find a vulnerability, they can just waltz in the front door. Elevate Security, a San Francisco startup, wants to chan…
Baffin Bay Networks acquires Loryka (CISO MAG) The U.S.-based startup provides useful data points for researchers to innovate and make technological advancements.
Applied Insight acquires two more government contractors (Washington Business Journal) The acquisitions bring Applied Insight to about $140 million in revenue and 500 employees.
Qualys Buys Software Assets Of Cloud Security Startup Adya (CRN) Qualys says its acquisition of cloud security startup Adya will help with managing license costs across SaaS applications, setting and enforcing security policies in a single place, and auditing all activity using a single tool.
Trust Automation Launches New Cyber Defense Division (Trust Automation) Trust Automation Inc., a supplier of automation systems for defense and industrial applications, has created a new operating division that will develop and deliver the next generation of cyber defense technologies.
INSA Elects New Board Members (Washington Executive) Six new members have joined the Intelligence and National Security Alliance 2019 board of directors, the organization announced.
Products, Services, and Solutions
Trustworthy Accountability Group Launches New Anti-Piracy Initiative to Protect European Brands (Business Journals) The Trustworthy Accountability Group (TAG), an advertising industry organization that fights criminal activity in the digital advertising supply chain, today launched Project Brand Integrity, a new initiative to protect European brands from association with illegal stolen content by alerting advertisers or their agencies to ads running on pirate sites in Europe.
Spire Solutions, CyberX team up to bolster industrial and critical infrastructure security in the Middle East (Zawya) Disruptive VAD partners with CyberX to address complex and interconnected challenges across OT assets, vulnerabilities, and threats
IDEMIA and Kudelski Group Launch Global Partnership to Simplify IoT Connectivity and Security (Kudelski IoT Security Suite) The companies will integrate Kudelski’s IoT Security Platform into IDEMIA’s DAKOTA IoT (eUICC) and TSM (Trusted Service Management) solutions. The joint solution provides combined network connectivity management and IoT security in a single eUICC (embedded Universal Integrated Circuit Card) for IoT devices. This will allow IoT device manufacturers to simplify the integration process and speed …
OneSpan Launches AI-Based Risk Analytics to Stop Account Takeover and New Account Fraud (GlobeNewswire News Room) New solution uses machine learning to protect online and mobile channels, as well as meet PSD2 compliance requirements for transactional risk analysis
OMX3200 100G+ Network Visibility Announcement (NetQuest) NetQuest OMX3200 Delivers High-Density 100G+ Network Visibility for Optimizing Security and Network Operations Modular 100G+ packet processing solution enables deep visibility for optimizing cyber security and network monitoring tools
Vulnerability Management Solution Tripwire IP360 Now Discovers More Than 200000 Conditions (Tripwire) Tripwire, Inc, a leading global provider of security and compliance solutions for enterprises and industrial organizations, today announced that vulnerability management solution Tripwire® IP360™ now discovers more than 200,000 conditions, including vulnerabilities, configurations, applications and operating systems.
IRONSCALES AI Powered Anti Phishing Threat Protection Platform Now Acc (PRWeb) IRONSCALES, the world’s first automated phishing prevention, detection and response platform, today announced that its AI Powered anti phishing threat ...
Canon Solutions America Offers Customers Enhanced Network Security Capabilities Through EventSentry (PR Newswire) Canon Solutions America, Inc., a wholly owned subsidiary of Canon U.S.A., Inc., today announced the addition of...
Canon Solutions America Links Up With Barracuda Networks To Combat Email-Delivered Threats (PR Newswire) Canon Solutions America, Inc., a wholly owned subsidiary of Canon U.S.A., Inc., today announced its collaboration ...
NeuVector adds critical network layer of security to the Istio and Linkerd2 service meshes (Help Net Security) NeuVector announced a new platform integration with the Istio and Linkerd2 service meshes that expands NeuVector’s security capabilities.
ClearDATA introduces multi-cloud Kubernetes solution for healthcare (Help Net Security) ClearDATA, a leading healthcare cloud, security and compliance expert, announced its Kubernetes solution for healthcare and life sciences organizations.
CI Security launches Insight Partner Program (Help Net Security) To reach that wider range of customers, CI Security is announcing that it is expanding by launching the Insight Partner Program.
Barac Plugs Gap in Encrypted Malware Detection Created by New TLS 1.3 (PRWeb) LONDON (PRWEB) February 13, 2019
Pioneering cybersecurity start-up, Barac, today announced it has extended the capabilities of its Encrypted Traffic Visibility Platform to support version 1.3 of
Akamai and MUFG Announce Joint Venture for Blockchain-Based Online Payment Network (PR Newswire) Akamai Technologies, Inc. (NASDAQ: AKAM), the intelligent edge platform for securing and delivering digital...
Kaspersky Lab automates training platform (IT-Online) In 2017, 59% of South African companies attributed weaknesses in their IT security strategy to the careless actions of employees. With staff training seen as an important way to reduce cybersecurity incidents, finding the most efficient approach remains a pain point for many IT departments. To help companies address the issue, Kaspersky Lab has developed …
NeuVector First to Deliver In-Depth Service Mesh Container Discovery, Visualization and Run-Time Protection (GlobeNewswire News Room) Adds critical network layer of security to the Istio and Linkerd2 service meshes for production Kubernetes deployments
Palo Alto Networks Introduces Fastest-Ever Next-Generation Firewall and Integrated Cloud-Based DNS Security Service to Stop Attacks (APN) Palo Alto Networks,the global cybersecurity leader, underscored the need for increased IT security by releasing several new capabilities that predict malicious attacks and use automation to stop them in progress. Beginning today, next-generation firewall customers who upgrade to PAN-OS® version 9.0 will get access to these new security capabilities, over 60 new features […]
SIRIN LABS partners with KoolSpan to ensure secure communication on blockchain smartphone (CoinReport) Switzerland-headquartered SIRIN LABS, the creator of FINNEY, the world’s first and most secure blockchain smartphone, has entered into a partnership with KoolSpan to empower FINNEY users with secur…
Peraton Included in NSA’s Trusted System Integrators Program; Roger Mason Quoted (Executive Biz) Peraton has been certified as a trusted integrator for the National Security Agency/Central Security Service’s Commercial Solutions for Classified program.
Qualys Introduces Patch Management App to Help IT and Security Teams Streamline and Accelerate Vulnerability Remediation (PR Newswire) Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based security and compliance...
Siemens to digitalize, cybersecure UAE gas plant (Electric Light & Power) Siemens today announced it has signed a deal to maintain and digitalize the 1500 MW Shuweihat S2 combined-cycle power plant in Abu Dhabi.
Encryption is for amateurs: IBM offers security tools for key management and app protection (SiliconANGLE) Encryption is for amateurs: IBM offers security tools for key management and app protection
Technologies, Techniques, and Standards
Two cybersecurity myths you need to forget right now, if you want to stop the hackers (ZDNet) The wrong attitudes towards risk and complexity could leave you open to attack.
Healthcare Industry’s Cybersecurity Best Practices Resource to be Featured at HIMSS19 (BusinessWire) Zingbox, the provider of the most widely deployed Internet of Things (IoT) analytics platform in healthcare and a leader in healthcare IoT research, t
CIS Controls™ Cloud Companion Guide (CIS) The CIS Controls Cloud Companion Guide provides guidance on how to apply the CIS Controls Version 7 to cloud environments.
How can manufacturers beat cybercrime? (Property Observer) Why is the manufacturing industry a target for cyber criminals?
The woman who hacks into banks for a living (and never takes anything) (Times) Sherri Davidoff was hunched over her laptop in a crowded coffee shop, her fingers flying over the keyboard and her eyes glued to the screen. Most people who looked her way probably thought she was...
Israeli airports fend off 3 million attempted attacks a day, cyber head says (Times of Israel) A 24/7 security operation center at Ben Gurion international airport handles cybersecurity threats
Some Equifax credit file locks have expired. Did yours? (KOMO) A heads-up for anyone who signed up for the free credit lock offered by Equifax following their massive data breach in 2017. Your complimentary subscription to TrustedID Premier expired on Jan. 31. That means your account is now unlocked, unless you took steps to re-secure it. Equifax sent subscribers of TrustedID Premier a series of emails about the change and gave them the option to extend for a year, using a different program.
Design and Innovation
Blockchain May Be Overkill for Most IIoT Security (Semiconductor Engineering) Without an efficient blockchain template for IoT, other options are better.
The Real Reason Tech Struggles With Algorithmic Bias (WIRED) Opinion: Humans train the machine-learning and AI systems at Facebook, Google, and Twitter to filter out bias. The problem: they don't know what they're looking for.
IBM's AI 'Miss Debater' Was Strong on Facts, Short on Emotion in Man-Vs.-Machine Debate Challenge (Fortune) Though the female-voiced AI leaned human in her humor.
This Robot Debates and Cracks Jokes, but It's Still a Toaster (WIRED) Domo arigato, debating roboto: An IBM project shows that a computer can carry on a sophisticated—if creepy—argument with a human.
SGS and Graz University of Technology set up Cybersecurity Campus (Help Net Security) SGS and Graz University of Technology (TU Graz), a top IT security research institution, have joined forces to set up Cybersecurity Campus Graz.
Legislation, Policy, and Regulation
Lawmakers back bill to isolate Russian internet (The Times of India) Rest of World News: MOSCOW: Lawmakers on Tuesday backed a bill that could cut off Russia's internet traffic from foreign servers, a move critics say is a step towards cen.
What Happens If Russia Cuts Itself Off From the Internet (WIRED) State media has reported that Russia will attempt to disconnect from the global internet this spring. That's going to be tricky.
MI6 chief Alex Younger set to stay in post over Brexit fears (Times) The head of MI6 is expected to stay in post beyond his retirement date this year to guide the secret intelligence service through the post-Brexit period, The Times has learnt. Alex Younger, 55, is...
Understanding the United States' national AI strategy (Data Center Dynamics) As Trump signs a vague executive order, here's what you actually need to know
The Pentagon Doubles Down on AI–and Wants Help from Big Tech (WIRED) A new Defense Department strategy calls for rapid adoption of AI across the military, and Google, Oracle, IBM, and SAP have signaled interest in a partnership.
Trump expected to issue new order laying groundwork to bar Chinese tech firms from U.S. networks (Washington Post) It would give the commerce secretary power to stop U.S. companies from doing business with foreign suppliers such as Huawei.
Analysis | The Cybersecurity 202: This key House Republican is open to mandates on states for election security (Washington Post) The goalposts are changing with Democrats in charge -- and pushing for an even more sweeping elections overhaul.
OPM will continue company's credit monitoring contract for cyber breach (Federal News Network) Identity theft protection coverage with ID Experts will continue for victims of the Office of Personnel Management's 2015 cyber breaches, the company announced Tuesday.
The Role of the Intelligence Community in Homeland Security: From Competing Agencies to True Community (ClearanceJobs) The threats have changed, but so has the way the Intelligence Community functions. Intelligence Community support of Homeland Security depends on collaboration and information sharing.
Pentagon to funnel tens of millions into cyber training for American soldiers (Fifth Domain) The Pentagon is investing tens of millions of dollars into new cyber training centers, which comes as the American military has pledged to take more offensive operations in cyberspace.
Litigation, Investigation, and Law Enforcement
Huawei Vows to Sue Czech Cyber Watchdog for Naming It a Security Threat (Epoch Times) After a Czech cyber watchdog identified Chinese tech giant Huawei as a security threat, the company is threatening ...
Google and Facebook face a CMA investigation into their stranglehold on digital advertising (The Telegraph) The Government has called on competition watchdogs to examine the stranglehold of Google and Facebook over the £14 bn digital advertising market amid concern that “opaque” practices deny publishers a fair share.
Apple sued for ‘forcing’ 2FA on accounts (Naked Security) Time is money, baby: Jay Brodsky claims that Apple’s 2FA “intermeddling” takes minutes out of his day, causing “economic loss.”
English judge blocks FBI attempt to obtain files from Autonomy lawsuit (The Telegraph) An English judge has blocked US government demands to obtain private documents related to Hewlett Packard’s $5bn (£3.