The CyberWire Daily Briefing 3.12.19

Cyber Attacks, Threats, and Vulnerabilities

The Evolving Threat Landscape: Nation States, Third Party Attacks, and the Dark Web (InfoArmor) Dark Web Intelligence Alone Is Complicating Efforts for Nation-State Attribution, Creating a New Reality with Cross-Industry Collaboration

Yemeni War Emphasizes Importance of Internet Control in Statecraft and Conflict (Recorded Future) Insikt Group provides an update on Yemeni access, use, and control of the internet and explores the trend of government-mandated internet shutdowns.

Iranian hackers believed behind big data breach at Citrix (SiliconANGLE) Iranian hackers believed behind big data breach at Citrix - SiliconANGLE

Resecurity reports ‘IRIDUIM’ behind Citrix data breach, 200+ government agencies, oil and gas companies, and technology companies also targeted. (Security Boulevard) Last week, Citrix, the American cloud computing company, disclosed that it suffered a data breach on its internal network. They were informed of this attack through the FBI. In a statement posted on Citrix’s official blog, the company’s Chief Security Information Officer Stan Black said, “the FBI contacted Citrix to advise they had reason to The post Resecurity reports ‘IRIDUIM’ behind Citrix data breach, 200+ government agencies, oil and gas companies, and technology companies also targeted. appeared first on Packt Hub.

Are we underestimating Iran's cyber capabilities? (TheHill) We downplay this evolving menace at our peril.

No End in Sight to Venezuela’s Blackout, Experts Warn (New York Times) Four days after the country’s neglected power system went down, the government has pointed fingers but done little else to restore electricity.

Anatoly Kurmanaev on Twitter (Twitter) “I went to the heart of Venezuela’s transmission system in Guarico to try to find out what’s going on with the grid. Here’s why partial blackouts are unfortunately likely to persist for a while. I sincerely hope I’m wrong.”

Venezuela Parliament Declares State of 'Alarm' Over Blackout - Reports (Sputnik) The blackout swept Venezuela last Thursday as national electricity supplier Corpoelec reported about "sabotage" at the major Guri hydroelectric power plant. Media subsequently reported about power outages in 21 out or 23 Venezuela's states.

Venezuela Enters its 5th Day Without Electricity (Accuracy in Media) CARACAS – As most of the country, including Caracas, enter the fifth day without electricity, looting and havoc continue to grow into unmanageable numbers. Opposition leaders has tallied 21 deaths (six babies) so far as a result of the blackout. Doctor and opposition leader, Jose Manuel Olivares t

Brexit-Twitter (F-Secure Blog) Twitter’s efforts to rein in fake news and disinformation on the site have continued in 2019, but “suspicious activity” remains evident, according to a new research on Brexit Twitter activity on the site conducted by F-Secure. While unusual site activity was observed in favor of both leave and remain, it was far more prominent among …

Brexit-related Twitter mischief supported by global far right (F-Secure Press Room | Global) Facebook, Twitter, and other social media platforms play a big role in shaping popular opinion. But they’ve opened a pandora’s box of potential disinformation and manipulation of the public. After investigating 24 million tweets related to Brexit, cyber security provider F-Secure has identified efforts to amplify pro-leave Brexit views by far-right Twitter users based outside of the United Kingdom.

Analysis Of Brexit-Centric Twitter Activity (News from the Lab) This is a rather long blog post, so we’ve created a PDF for you to download, if you’d like to read it offline. You can download that from here. Executive Summary This report explores Br…

Chinese hacking group backdoors products from three Asian gaming companies (ZDNet) ESET suspects that tens or hundreds of thousands of users have been infected already.

Gaming industry still in the scope of attackers in Asia (WeLiveSecurity) Developers in the Asian gaming industry again targeted in supply-chain attacks distributing malware in legitimately signed software.

Verifications.io breach: Database with 2 billion records leaked (HackRead) Verifications.io breach is one of the largest data breaches but the good news is that it does not involve passwords.

Inside the Emotet Banking Trojan and Malware Distributor (Security Boulevard) What is Emotet? Who is behind it? And how can you deal with malware that targets the weakest link in your security chain: your users themselves?

Triton is the world’s most murderous malware, and it’s spreading (MIT Technology Review) The rogue code can disable safety systems designed to prevent catastrophic industrial accidents. It was discovered in the Middle East, but the hackers behind it are now targeting companies in North America and other parts of the world, too.

Hackers use Slack to hide malware communications (CSO Online) A watering hole attack used Slack for its command-and-control communications to avoid network and endpoint detection.

Forget fake news stories. False text posts are getting massive engagement on Facebook. (Poynter) When Facebook started letting users post text on top of colored backgrounds in 2016, it seemed like a fairly benign way to get people to share more personal thoughts on the platform.

Bulletin (SB19-070) Vulnerability Summary for the Week of March 4, 2019 (CISA) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT).

More than Half of Android apps ask for dangerous permissions. Is yours among? (HackRead) It wasn’t very long ago that I revealed that most free VPN services are provided as a front for the big corporations running them to collect user that. Spurred by the findings of that study, I decided to dig deeper to see how much of a threat, especially when it comes to user data, Android VPN services in general are – The results were shocking.

Applicants data of 3 elite US colleges hacked for ransom (HackRead) Recently it was reported that Chinese hackers are aiming to target around 26 leading research academies to steal research about maritime technology, the majority of which happen to be based in the USA. In the same week, three mainstream private colleges have claimed that their systems were hacked and hackers managed to gain access to sensitive student data and asked for a ransom in exchange for the files.

Fake Bitcoin investment scam delivers malware (My Online Security) This is a weird one and I can’t determine what the final payload does via running the files in an online sandbox. I really don’t know if the bad actor has messed up or whether it is an anti-vm or…

Box links are leaking sensitive data and documents from more than 90 companies, warn security specialists (Computing) Technology prototypes and design files, bank account numbers and passwords among the data inadvertently publicly shared over Box

The reality of container escapes (Help Net Security) In this Help Net Security podcast recorded at RSA Conference 2019, Brandon Edwards, Chief Scientist at Capsule8, talks about container escapes. Here’s a

Hidden third-party tags could be leaving Fortune 100 companies at risk (Help Net Security) Crownpeak found more than 1,700 tag redirectson websites belonging to companies in the Fortune 100. These leave the sites open to potential data breaches.

Zscaler charts sharp increase in SSL threats like phishing, botnets (SearchSecurity) According to a recent Zscaler report, cybercriminals are increasingly using encryption protocols to launch attacks like phishing scams. Security experts sound off on factors fueling the rise in SSL threats.

STOP Ransomware Installing Password Stealing Trojans on Victims (BleepingComputer) In addition to encrypting a victim's files, the STOP ransomware family has also started to install the Azorult password-stealing Trojan on victim's computer to steal account credentials, cryptocurrency wallets, desktop files, and more.

Forrester: Ransomware Set to Resurge As Firms Pay Off Attacks (Threatpost) In this video, Josh Zelonis, senior analyst at Forrester Research, discusses the next great security threats to enterprises.

Facebook temporarily removes Elizabeth Warren's ads calling for breakup of Facebook (CNET) The social network says it pulled down the ads for using Facebook's corporate logo.

Facebook backtracks after removing Warren ads calling for Facebook breakup (POLITICO) A Facebook spokesperson said the company is in the process of restoring the ads.

Writing a Basic Keylogger for macOS in Python by Andrew Scott (Hakin9 - IT Security Magazine) This post is for educational purposes only. A keylogger is probably one of the last things you want on …

Vulnerabilities in industrial Ethernet switches allow for credential theft, denial-of-service attacks (TechRepublic) Industrial Ethernet switches from Moxa were found to lack basic security measures, making it possible to brute-force access to the switch management console, according to Positive Technologies.

Insert Skimmer + Camera Cover PIN Stealer (KrebsOnSecurity) Very often the most clever component of your typical ATM skimming attack is the hidden pinhole camera used to record customers entering their PINs.

Cryptominers Remain Top Threat but Coinhive's Exit Could Change That (Dark Reading) Coinhive has remained on top of Check Point Software's global threat index for 15 straight months.

Data breach may have exposed the personal, medical information of 600,000 in Michigan (Washington Post) Hackers accessed the names, addresses, social security numbers and medical information of customers of several Michigan healthcare companies in a ransomware attack.

Researchers unveil February 2019's most wanted malware (Help Net Security) Check Point’s researchers confirm Coinhive holds the top position in February’s Top Malware index for 15th successive month before it shut down.

Modern Bank Heists’ report finds increased risk of Cyber Attacks (Whatech) Report reveals the cyber threats keeping financial CISOs awake at night, including Emotet, Steganography and Hidden Cobra

Creepy Database Lists 'BreedReady' Status for 1.8 Million Women (BleepingComputer) A database left unprotected online reveals a creepy set of details collected on more than 1.8 million women in China. Apart from the regular info one would expect, like name, age, and date of birth, the data set also includes a "BreedReady" status.

Weapons of mass distraction: The seven ways social media keeps you hooked – and how to beat them (The Telegraph) Tech firms have developed an arsenal of psychological techniques to encourage habitual use

Security Patches, Mitigations, and Software Updates

Google Patches Critical Bluetooth RCE Bug (Threatpost) In all, Google reported 45 bugs in its March update with 11 ranked critical and 33 rated high.

Cyber Trends

Thirty years after he invented the World Wide Web, Tim Berners-Lee says we all must act to save it (Quartz) "If we give up on building a better web now, then the web will not have failed us. We will have failed the web."

The original proposal of the WWW, HTMLized (w3 Archive) This document was an attempt to persuade CERN management that a global hypertext system was in CERN's interests. Note that the only name I had for it at this time was "Mesh" -- I decided on "World Wide Web" when writing the code in 1990.

World Wide Web: A warning from history – leader comment (Scotsman) No one should underestimate the extent of the extraordinary changes – for good and ill – that have been taking place since the invention of the World Wide Web.

Berners-Lee says World Wide Web, at 30, must emerge from ‘adolescence’ (Star Online) The fraying World Wide Web needs to rediscover its strengths and grow into maturity, its designer Tim Berners-Lee said on March 11, marking the 30th anniversary of the collaborative software project his supervisor initially dubbed "vague but exciting".

Governments must act to prevent 'malicious' behaviour online, says British inventor of web (The Telegraph) The inventor of the web Tim Berners-Lee has said governments must "translate" laws for the digital age to prevent "malicious" behaviour online.

The World Wide Web Turns 30. Where Does It Go From Here? (WIRED) Thirty years ago, Tim Berners-Lee published a proposal that led to the World Wide Web. Today, he reflects on its history—and its future.

The Guardian view on the world wide web: we wove a tangle (the Guardian) Editorial: Thirty years ago, a physicist dreamed up a way to organise information from multiple computers all on one screen. The world will never be the same

What happened to trust and transparency in cybersecurity? (Help Net Security) The security team needs to move beyond the mindset of they protect everyone and incorporate ways to empower people to protect themselves.

Top 10 Takeaways from RSA Conference 2019 (eSecurity Planet) After five days of sessions, events and demos, what were the key cybersecurity themes that emerged at RSA Conference 2019?

The buzz at RSA 2019: Cloud security, network security and more (CSO Online) The buzz at RSA 2019 included talk about cybersecurity and business leaders coming together, managed services, cloud security, network security and more.

RSA Conference and the dismal nature of cybersecurity (Reporter's Notebook) (ZDNet) The RSA Conference gets larger every year: cybersecurity industry is booming, and so is cybercrime. There's a disconnect here.

Google 'Moonshot' and NSA Toolkit Rise Above the Marketing Deluge at RSA Conference (Fortune) Two cybersecurity products eclipsed the rest.

IT managers can't ignore endpoints because most cyberattacks start there (Help Net Security) IT managers are more likely to catch cybercriminals on their organization’s servers and networks than anywhere else, according to Sophos.

Booz Allen Hamilton CEO talks tech's role in society with Ash Carter at SXSW (Austin Business Journal) Former Defense Secretary Ash Carter and Booz Allen Hamilton CEO Horacio Rozanski talked about the vast promise — and potential pitfalls — of technology.

Cybersecurity: Why bosses are confident, and tech workers are scared (ZDNet) How well protected is your business, really? It depends who you ask.

Small businesses are a big target for hackers (WKYC) And when they get hit, so do shoppers.

Marketplace

Nvidia to Buy Mellanox for $6.9 Billion in Data Center Push (Bloomberg) Mellanox holders offered $125-per-share in all-cash deal. Graphics chipmaker trying to further embed itself in servers.

Former Google CFO to coach British spinouts in becoming the next tech winners (The Telegraph) Google's former finance chief said universities were waking up to the fact their researchers could create the next wave of tech giants, as he launched a new startup incubator to help coach academics through setting up their own businesses.

Can Google's security push overcome the public's eroded trust? (CyberScoop) Google, in the coming months, will embark on a campaign to raise awareness about a service the company says will better protect people on websites.

This Big Facebook Critic Fears Tech’s Business Model (WIRED) Roger McNamee was a mentor to Mark Zuckerberg and an early investor in Facebook. Now he has written a book about the "Facebook catastrophe."

Zuckerberg Wants Facebook to Build a Mind-Reading Machine (WIRED) If the Facebook CEO's reflection tour has revealed anything it is that even as he wrestles with the harms the platform has wrought, he is busy dreaming up new ones.

Zuckerberg’s view of privacy is self-serving (Times) Mark Zuckerberg runs a company whose users comprise about a quarter of the people on Earth. Any big political campaign anywhere in the world will spend millions on a site that has become the...

New Army Programs of Record Emphasize Cyber (SIGNAL Magazine) The new Army capabilities bring cyber into the fold, enhancing multidomain awareness for commanders.

GIF Attack on Facebook Messenger Earned Hacker $10,000 (SecurityWeek) A white hat hacker earned $10,000 last year for a Facebook Messenger vulnerability that could have allowed an attacker to randomly obtain other users’ images.

Attack scale dictates 'zero-trust' cybersecurity approach for Palo Alto Networks - SiliconANGLE (SiliconANGLE) Attack scale dictates 'zero-trust' cybersecurity approach for Palo Alto Networks

How PA Networks Realigned Partner Program to Changing Nature of Security (eWEEK) TREND ANALYSIS: Most businesses standardize on couple of server, network and storage vendors but are forced to use dozens of security vendors. Palo Alto Networks uses its platform security approach to enable partners to add their IP under the umbrella of a single provider.

Why Fortinet Stock Jumped 13% Last Month (The Motley Fool) Investors were happy with the network security company's latest quarterly results.

Moraco retiring from SAIC; successor named (Washington Business Journal) Nazzic Keene, left, will succeed Tony Moraco as CEO of Science Applications International Corp. effective July 31.

Former NSA Cyber Leader Now Leads Security For Fortinet (Forbes) Phil Quade saw the worst of the worst in the cyber crime field as a cyber czar at NSA. In early 2017, he left the agency to join Fortinet as the company's chief information security officer. He believes the combination of public and private sector experience has been a tremendous advantage.

Products, Services, and Solutions

D3 Security and Veracomp Partner to Provide Security Orchestration, Automation and Response (SOAR) Technology for Central and Eastern European Markets (BusinessWire) D3 Security today announced a strategic partnership with Veracomp, one of the largest IT distributors in Poland.

Ivanti Cloud Unifies IT Operations and Security Processes So Organizations Can Quickly Discover, Gai | Ivanti (Ivanti) New Cloud-Based Platform Provides Real-Time Device Analytics and Prescriptive Advice while Bridging Insight and Processes Across IT Operations and Security Teams

Identify3D Deploys Gemalto Solution to Ensure Protection of Its Customers’ IP and Manufacturing Data (BusinessWire) Gemalto, the world leader in digital security, today announced that Identify3D, the most advanced security solution for digital manufacturing supply c

Carbon Black integrates with Chronicle security analytics platform (IT Brief) Backstory will correlate telemetry from Carbon Black’s endpoint detection and response (EDR) solution to deliver incident investigation and threat hunting.

Virtru Data Security Platform Gets FedRAMP Certification (ExecutiveBiz) Virtru has obtained Federal Risk and Authorization Management Program certification for a technology platform designed to help government users protect data across networks.

Scytale Delivers ‘Frictionless’ Service Authentication for Hybrid & Cloud-Native Enterprises (Idevnews) Scytale, a founding contributor to Cloud Native Computing Foundation, has launched a platform to deliver frictionless services authentication -- across containers, cloud and on-premise environments. Scytale Enterprise supports secure authentication for a range of cloud-native services.

Digimarc Unveils New, Faster Piracy Reporting Portal at London Book Fair (PR Newswire) Digimarc Corporation (NASDAQ: DMRC), the inventor of the Intuitive Computing Platform (ICP™)...

Google Launches New Cloud Security Services (SecurityWeek) Google has introduced a new set of services to provide cloud customers with improved protection from unsafe websites, DDoS attacks, and other threats.

What Is The CyberSec First Responder (CFR) Certification? (Security Boulevard) Phoenix TS adds CertNexus’ CFR Certification to Maryland, Virginia & Online Training Schedule. CyberSec First Responder (CFR) is the “blue team” certification for cybersecurity and validates a professional’s ability to: Assess information security risk in computing and networking environments Analyze the cybersecurity threat landscape Analyze post-attack techniques on computing and network environments Collect cybersecurity intelligence Analyze The post What Is The CyberSec First Responder (CFR) Certification? appeared first on Phoenix TS.

Technologies, Techniques, and Standards

Preserving the privacy of large data sets: Lessons learned from the Australian census (CSO Online) Preserving the privacy of large data sets is hard, as the Australian Bureau of Statistics found out. These are the big takeaways for the upcoming U.S. census and others dealing with large amounts of personal data.

Study: How can you detect and prevent insider threats? (Chain Store Age) Retailers face potential internal security challenges, but can take steps to identify and impede them.

Four Steps to Begin Better Managing Your Digital Risk (SecurityWeek) By understanding where assets are exposed, their value to attackers, and how attackers target this data, organizations can make better decisions about their defenses and improve them over time.

New Film Shows How Bellingcat Cracks the Web's Toughest Cases (WIRED) Truth in a Post Truth World takes a closer look at a team of remarkably resourceful investigative journalists.

RSA Conference 2019: How to create a security awareness plan (IT World Canada) There's lot of advice how to improve employee security awareness: E-mail reminders, videos. newsletters. intranet, posters, games ... One

Cybersecurity Governance for Maturing Companies (Cooley) Public and high-growth private companies need internal cyber/data/privacy governance structures that protect the integrity and value of digital assets and customer data and mitigate related risk an…

Free decrypters for BigBobRoss ransomware released (Help Net Security) Here's some good news for users whose files have been encrypted by the BigBobRoss ransomware: both Avast and Emsisoft have released decrypters.

3 Places Security Teams Are Wasting Time (Dark Reading) Dark Reading caught up with RSA Security president Rohit Ghai at the RSA Conference to discuss critical areas where CISOs and their teams are spinning their wheels.

Design and Innovation

Infinity Optics says new biometric cryptography technology is unhackable with no error rate (Biometric Update) Infinity Optics has developed a platform for Biometric Cryptography, which uses iris, fingerprint, and 2D or 3D facial images to generate a stable biometric code to use in key management solutions …

Research and Development

Cracking the Code on Adversarial Machine Learning (SIGNAL Magazine) The vulnerabilities of machine learning models open the door for deceit, giving malicious operators the opportunity to interfere with machine learning systems.

Quantum computing could change the way the world uses energy (Quartz) Classical computing will require more energy than our entire energy grid by 2040.

Could quantum cryptography help secure 5G networks? (NS Tech) Researchers have devised a way to embed quantum cryptography into 5G networks, protecting the next-generation telecoms infrastructure from cyber attacks. A team of scientists at the University of Bris

Quantum Cryptography Demystified: How It Works in Plain Language (ExtremeTech) Once quantum computers become a commercial reality, they will change the ground rules for cryptography. Able to break many current systems, they threaten to allow the pilfering of massive amounts of encrypted data. However, they also hold promise for enabling us to better secure our data using quantum computing technology.

Galois Supporting DARPA's SSITH Program (SIGNAL Magazine) Galois Inc., Portland, Oregon, was awarded a $9,925,508 modification to previously awarded contract HR0011-18-C-0013 for the System Security Integrated Through Hardware and firmware (SSITH) program. The modification brings the total cumulative face value of the contract to $16,553,298 from $6,627,790.

Academia

Tufts expelled a student for grade hacking. She claims innocence (TechCrunch) As she sat in the airport with a one-way ticket in her hand, Tiffany Filler wondered how she would pick up the pieces of her life, with tens of thousands of dollars in student debt and nothing to show for it. A day earlier, she was expelled from Tufts University veterinary school. As a Canadian, [&…

Legislation, Policy and Regulation

Analysis | The Cybersecurity 202: Security pros once worried Trump would be a loose cannon in cyberspace. Now, they praise his policies. (Washington Post) Trump's policies are actually a lot like Obama’s -- and experts welcome a more robust approach.

China Threat to Telecoms Cited in EU Parliament Draft Resolution (Bloomberg) European assembly plans to warn about risks to 5G networks. Initiative reflects growing Western concerns about spying.

The U.S.-Russia Relationship on Cybercrime Is About to Get Even More Strained (Slate Magazine) The Russia-U.S. relationship on cybercrime fighting was already strained. This won’t help.

What are the new China Cybersecurity Law provisions? And how CISOs should respond (CSO Online) New provisions to the China Cybersecurity Law allow the Chinese government access to enterprise networks operating in the country. Although the security risk that presents is unclear, CISOs can take steps to minimize the impact.

Online platforms need a super regulator and public interest tests for mergers, says UK parliament report (TechCrunch) The latest policy recommendations for regulating powerful Internet platforms comes from a U.K. House of Lord committee that’s calling for an overarching digital regulator to be set up to plug gaps in domestic legislation and work through any overlaps of rules. “The digital world does no…

Drop Huawei or See Intelligence Sharing Pared Back, U.S. Tells Germany (Wall Street Journal) The Trump administration has told the German government it would limit the intelligence it shares with German security agencies if Berlin allows Huawei to build Germany’s next-generation mobile-internet infrastructure.

The Huawei Case Is Part of a New US–China Cold War Over Tech (WIRED) US allegations against China's Huawei are less about keeping Huawei out of American networks and more about the rest of the world.

A Budget for a Better America (The White House) Budget of the United States Government, Fiscal Year 2020 contains the Budget Message of the President, information on the President’s priorities, and summary tables.

Trump asks for $9.6 billion to bolster cybersecurity in 2020 budget (Engadget) Trump wants to set up Space Force and back NASA Moon missions with his latest budget.

White House ups DoD cyber budget request (Fifth Domain) The White House is requesting more than last year for Department of Defense cyber initiatives in fiscal 2020.

Trump FY2020 Budget Proposal Highlights Tech Priorities (Meritalk) Although the Trump administration’s FY2020 budget proposal details a plan to broadly modernize the government, the fine lines in each department’s proposed funding show that the White House is more specifically geared toward researching and developing artificial intelligence (AI), cybersecurity, IT systems, and technological infrastructure.

Reader’s Guide to Understanding the US Cyber Enforcement Architecture and Budget (Third Way) Third Way is a centrist think tank that offers fresh thinking and modern solutions to the most challenging problems in U.S. public policy, including the economy, energy, national security and social policies.

Internet of Things (IoT) Cybersecurity Improvement Act of 2019 (Scribd) The Internet of Things (IoT) Cybersecurity Improvement Act of 2019 would require that devices purchased by the U.S. government meet certain minimum security requirements.Full description

FTC’s Proposed Amendments to the GLBA Safeguards Rule Seek to Incorporate Requirements from NY DFS Cybersecurity Regulations (Cooley) On March 5, the FTC announced proposed amendments to the Standards for Safeguarding Customer Information under the Gramm-Leach-Bliley Act (“Safeguards Rule” or “Rule”). The FTC version of the…

Litigation, Investigation, and Enforcement

Treasury sanctions Moscow bank boosting Venezuela's Maduro (Washington Examiner) President Trump is intensifying pressure on Venezuelan strongman Nicolas Maduro by imposing sanctions on a bank jointly owned by Russian and Venezuelan government-owned enterprises, the Treasury Department announced Monday.

BREAKING: Record Fines Imposed Totaling $940,000 for Foreign Interference in Presidential Election by Chinese Corporation (Campaign Legal Center) Biggest FEC fine since Citizens United and third highest fine in history of Federal Election Commission

Equifax Was Aware of Cybersecurity Weaknesses for Years, Senate Report Says (SecurityWeek) The massive Equifax data breach in 2017 was the result of years of poor cybersecurity practices, a new report from the United States Senate’s Permanent Subcommittee on Investigations reveals.

NASA's Cybersecurity Program Gets Failing Grade (SecurityWeek) For a second year in a row, NASA’s cybersecurity program gets failing grade from the Office of Inspector General.

UK porn block: Can cryptocurrency help Brits to dodge controversial sex website law? (Coin Rivet) Brits can get around the controversial UK porn block using cryptocurrency, tech experts have warned.

Games backdoored. Internet control in Yemen's war. Venezuela's blackouts. BigBobRoss decryptors. 30 years of the Web. "Robust debate."