Cyber Attacks, Threats, and Vulnerabilities
Massive manipulation, foreign influence campaign and cyber: The threats to Israel's election (Haaretz) What's behind the Shin Bet chief warning that a 'foreign country' intends to intervene in the Israeli election
The Dark Overlord was recruiting employees and looking for attention before 9/11 data dump (CyberScoop) Months before The Dark Overlord claimed it stole a trove of sensitive documents about the 9/11 terrorist attacks, the hacking group was struggling to live up to its own reputation.
ICEPick-3PC: New Malware Steals Device IP En Masse (The Media Trust) A new malware collects device IPs.
Israel says it can foil foreign election meddling amid scare (AP NEWS) Israel's Shin Bet security service assured the public Wednesday it was well prepared to thwart any foreign intervention in the country's upcoming elections, after its director warned such efforts were being made by a world power, with suspicions immediately falling on Russia. The unusual Shin Bet statement followed a TV report that Shin Bet chief Nadav Argaman recently told a closed audience that a foreign country was trying to intervene in the April elections and that operatives were trying to meddle via hackers and cyber technology.
Housewares giant OXO finds another data breach, looks like Magecart (CyberScoop) OXO's parent company has had to issue data breach notification letters multiple times in the past few months.
Some Android apps are secretly sharing your data with Facebook (Naked Security) Apps have been secretly sharing usage data with Facebook, even when users are logged – or don’t have an account at all.
How Apps on Android Share Data with Facebook (even if you don’t have a Facebook account) (Privacy International) Previous research has shown how 42.55 percent of free apps on the Google Play store could share data with Facebook, making Facebook the second most prevalent third-party tracker after Google’s parent company Alphabet.
T-Mobile, Sprint, and AT&T still selling your location data, report says (Ars Technica) Phone location data is sold on black market, Motherboard investigation finds.
Facebook is the new crapware (TechCrunch) Welcome to 2019 where we learn Facebook is the new crapware. Sorry #DeleteFacebook, you never stood a chance. Yesterday Bloomberg reported that the scandal-beset social media behemoth has inked an unknown number of agreements with Android smartphone makers, mobile carriers and OSes around the world…
LinkedIn now requires phone number verification for all users in China (TechCrunch) LinkedIn’s China site looks and functions just like LinkedIn everywhere else, except now it asks users in the country to verify their identities through phone numbers. The American company is requiring both new and existing users with a Chinese IP address to link mobile phone numbers to their…
New 'Crypto Dusting' Attack Gives Cash, Takes Reputation (Dark Reading) This new form of crypto wallet fraud enlists unwary consumers and companies to help defeat anti-money laundering methods for law enforcement and regulators.
$7,500 Steam Weakness Let Hackers Take Remote Control Of Gamers' PCs (Forbes) Steam Chat software could've been hacked to hand over control of users' PCs, a security researcher warns.
A photo will unlock many Android phones using facial recognition (Naked Security) How easy is it to bypass the average smartphone’s facial recognition security? In the case of Android, a lot easier than owners may think.
Notice of Data Breach (OXO) We are writing to tell you about an unfortunate data security incident involving sophisticated criminal activity that may have exposed some of your personal information. We take the protection and proper use of your information very seriously. For this reason, we are contacting you directly to explain the circumstances of the incident.
Dirt-Cheap, Legit, Windows Software: Pick Two (KrebsOnSecurity) Buying heavily discounted, popular software from second-hand sources online has always been something of an iffy security proposition.
Hacker sent messages to thousands of Australians after compromising early warning system (Computing) Subscribers to Queensland Early Warning Network told: Your personal data is not safe
Detection Limited Hacker Access to EWN Database (Infosecurity Magazine) Australia's Early Warning Network says staff quickly shut down systems upon detecting intruder
Automated phishing attack tool bypasses 2FA protection (Graham Cluley) Modlishka may help raise awareness of the danger of reverse proxy phishing attacks, but it's easy to imagine that many criminals will be tempted to put it to malicious use.
Got an SMS offering $$$ refund? Don’t fall for it… (Naked Security) Sometimes, the limited length of an SMS makes it easier for the crooks to ‘get it to look right’ and reel you in to a phishing site…
The cyber-attack that sent an Alaskan community back in time (BBC) In 2018, a remote Alaskan community’s infrastructure was hit by a malware attack which forced it offline. It was only then they realised how much they depended on computers.
Security Patches, Mitigations, and Software Updates
Microsoft Issues Multiple Critical Patches for Edge Browser (Threatpost) Microsoft January Patch Tuesday roundup includes four critical patches for its Edge browser.
Remote Code Execution Bugs Are Primary Focus of January Patch Tuesday (Dark Reading) This month's security update includes seven patches ranked Critical and one publicly known vulnerability.
Patch Tuesday, January 2019 Edition (KrebsOnSecurity) Microsoft on Tuesday released updates to fix roughly four dozen security issues with its Windows operating systems and related software
Patch Tuesday: Here's what's new for Windows 7 and Windows 8.1 (Neowin) As the first Patch Tuesday of the year arrives, all supported versions of Windows are receiving cumulative updates, including Windows 7, Windows 8.1, and the corresponding Windows Server versions.
Cyber Trends
13 Grounded and Realistic Cybersecurity Predictions for 2019 [Roundup] (Bricata) “The AI security software has malicious intent.” That was Kelly Shortridge’s second prediction on a humorous list of 2019 predictions for cybersecurity published on Medium. The effort at levity was aimed not just at cybersecurity predictions but...
The biggest security stories of 2018 (CRN Australia) Take a look back at all the major data breaches, legislation and products.
The State of Web Application Vulnerabilities in 2018 (Imperva) This blog provides an analysis of all web application vulnerabilities throughout the year, view trends, and notice significant changes in the security landscape. This look back at 2018 helps readers to understand the changes and trends in web application security over the past year.
Marketplace
New Data on Cybersecurity in the Manufacturing Industry Shows Small Manufacturers Play Critical Role in Securing the Supply Chain (BusinessWire) Though the manufacturing sector does not attract the sheer volume of total cyberattacks as other areas of the economy, research has shown that coordin
Pressed for Tech Talent, Hiring Managers Consider Online Credentialing (Wall Street Journal) A novel approach to technology learning, called digital badges, is beginning to garner attention among hiring managers, says CIO Journal Columnist Gary J. Beach
SAIC sheds light on how contractors feel shutdown pinch (Washington Technology) In the case of SAIC, a slight quarterly revenue hit may be a slight blip but what the company revealed Monday also illuminates what others in the market are likely experiencing.
3 Top Cybersecurity Stocks to Buy in 2019 (The Motley Fool) Defending against cybercrime is big business. Here's how to profit.
Industry Veterans Launch New Company to Address Next Generation Security Challenges (PR Newswire) Security, intelligence, and technology industry experts Matt Devost and Bob Gourley have launched a new company to...
BlackBerry Turns Focus to IoT Security (Decipher) BlackBerry is offering a new set of services for IoT manufacturers to help them build more secure devices.
ObserveIT Closes Out 2018 with Record Growth (BusinessWire) ObserveIT, the leading insider threat management provider with more than 1,800 customers around the world, today announced a record 2018.
Diamond Key Security Names Russ Housley to Advisory Council (PR Newswire) Diamond Key Security (DKS) is pleased to welcome Russ Housley, Founder and Owner of Vigil Security, LLC, to its Advisory...
Forcepoint Names Matt Preschern as Chief Marketing Officer (PR Newswire) Global cybersecurity leader Forcepoint today announced that veteran technology marketing executive Matt Preschern...
Products, Services, and Solutions
Unbound Tech and Enveil Partner to Safeguard Encryption Keys and Provide Nation-State Level Security for Data In Use (GlobeNewswire News Room) Recognized security innovators offer joint solution to protect data through never-before-offered combinations of multiparty computation technology and homomorphic encryption
Cybersecurity Podcasts You Should Be Listening To (TrendinTech) Podcasts are amongst of the easiest and most expedient means to find out the most up-to-date information and news. Cybersecurity podcasts did not have an exacting influence on the flourish of podca…
Wind River introduces its next-generation software framework for connected and autonomous cars (Help Net Security) Wind River automotive and edge cloud computing technologies enable carmakers to evolve cost structures and bring autonomous driving to scale.
Inside Secure debuts software-only solution for HDCP 2.3 (Help Net Security) Inside Secure's HDCP 2.3 offers integrators an anti-piracy approach for HD movies, pay-per-view TV or music on PCs, smartphones and other devices.
Avnet advances IoT security with Azure Sphere Starter Kit (Help Net Security) Avnet Azure Sphere MT3620 Starter Kit supports prototyping of IoT implementations using Microsoft’s Azure Sphere for creating Microcontroller devices.
NNT Introduces New Vulnerability Tracker™ to its Secure Ops Integrity Management Suite (PR Newswire) New Net Technologies (NNT), today's thought leader in security and IT service management, announced significant...
A Secure Solution for Streamlined Processes with Egnyte Connect (Inside SAP) Egnyte is a secure solution that will not only make an impact on streamlining your workload, but will help people work more efficiently.
Coalfire Achieves Amazon Web Services Healthcare Competency Status (PR Newswire) Coalfire, a provider of cybersecurity advisory and assessment services, announced today that it has achieved...
AttackIQ FireDrill review: Watching the watchers (CSO Online) This penetration testing tool is configured to operate from the inside, with the primary goal of identifying flaws, misconfigurations and outright shortcomings in all other cybersecurity defenses.
Technologies, Techniques, and Standards
HHS Issues Cybersecurity Guidance for Healthcare Organizations (Lexology) Cyberattacks continue to rise across industries, and healthcare is no different. Eighty percent of U.S. physicians reported having experienced some form of cyberattack.
How to spot a social media hoax (Naked Security) Stop shaking your head about “WhatsApp Gold” flimflam and start spreading these REAL nuggets of hoax-clobbering advice!
6 Ways to Beat Back BEC Attacks (Dark Reading) Don't assume your employees know how to spot business email compromises - they need some strong training and guidance on how to respond in the event of an attack.
Battling attacks from global criminal networks in the financial sector (Help Net Security) Every now and then, banks and financial institutions (and their customers) are targeted by opportunistic hackers, but they are much more worried about
Popular coding advice doesn't necessarily equal secure coding advice (Help Net Security) Can novice coders rely on Stack Overflow's user community to help them differentiate secure from insecure coding choices and advice?
SIM Swapping Victims Who Lost Millions Are Pressuring Telcos to Protect Their Customers (Motherboard) A small group of victims of SIM swapping hacks is trying to raise awareness, teach people about the scam, and put pressure on cell phone providers to step up their efforts against cybercriminals.
Academia
Augusta University Launches State’s First Cybersecurity Engineering Degree Program (Ed Tech) The new curriculum will teach hardware, software and human components of cybersecurity.
Legislation, Policy, and Regulation
Russia: Expect a National AI Roadmap by Midyear (Defense One) Moscow is starting to put financial and logistical muscle behind its efforts to develop artificial intelligence.
Encryption backdoors open a Pandora's Box for cybersecurity (Help Net Security) A move towards default encryption is a major change, and while it’s a great thing for privacy, it’s a challenge for enterprise and governmental security.
SECURITY: Shutdown sets back U.S. cyber defenders (E&E News) A popular cyber technology showcase is the latest casualty of a partial government shutdown that's taking a toll on U.S. cybersecurity.
Analysis | The Cybersecurity 202: How the shutdown could make it harder for the government to retain cybersecurity talent (Washington Post) There’s already a shortage of workers in this specialized field.
Litigation, Investigation, and Law Enforcement
Exclusive: How a Russian firm helped catch an alleged NSA data thief (POLITICO) The U.S. has accused Kaspersky Lab of working with Russian spies. But sources say the company exposed a massive breach that U.S. authorities missed.
German cyber-attack: man admits massive data breach, say police (the Guardian) Man, 20, driven by ‘annoyance’ at statements made by politicians and celebrities
Politicians who block social media users are violating First Amendment (Naked Security) The difference between a personal vs. an official social media account was at the crux of the case decided on Monday.
Disgruntled Man Behind German Cyber-Attack (Infosecurity Magazine) 20-year-old arrested in German data breach said he was annoyed with government officials
20-year-old man arrested in connection with German cyber-attack (Computing) The man confessed to be responsible for leaking private information of hundreds of politicians and celebrities
Vietnam says Facebook violated controversial cyber-security law (The Straits Times) Facebook has violated Vietnam's new cybersecurity law by allowing users to post anti-government comments on the platform, state media said on Wednesday (Jan 9), days after the controversial legislation took effect in the communist-ruled country.. Read more at straitstimes.com.
Facebook on Notice as Vietnam Tightens Grip on Social Media (Wall Street Journal) Just a few days after Vietnam launched its latest campaign against social media with a new cybersecurity law, the communist regime accused Facebook of not taking down antigovernment comments.
Vietnam threatens to penalize Facebook for breaking its draconian cybersecurity law (TechCrunch) Well, that didn’t take long. We’re less than ten days into 2019 and already Vietnam is aiming threats at Facebook after it violating its draconian cybersecurity law which came into force on January 1. The U.S. social network stands accused of allowing users in Vietnam to post “sla…
Facebook rebuts Vietnam claims over alleged illegal content (Houston Chronicle) Facebook was defending itself Wednesday against allegations that it allows illegal content in violation of Vietnam's new cybersecurity law. The social media giant said it has restricted illegal content and is in discussions with the government. "We have a clear process for governments to report illegal content to us, and we review all those requests against our terms of service and local law," the company said in a statement. "We are transparent about the content restrictions we make in accordance with local law in our Transparency Report ," it said.
Kremlin-Linked Russian Lawyer Charged by SDNY With Obstruction of Justice (New York Law Journal) The charges against Natalia Veselnitskaya who was one of the key people in a June 2016 meeting with Trump campaign officials stem from an unrelated money laundering probe.
Manafort Allegedly Shared 2016 Polling With Associate Linked To Russian Intelligence (NPR) Paul Manafort's lawyers botched redactions in a court filing, revealing the information. Separately, the Supreme Court denied a request believed to be a challenge to special counsel Robert Mueller.
Supreme Court rules against mystery corporation from ‘Country A’ fighting subpoena in Mueller investigation (Washington Post) It is thought to be the first time that an aspect of special counsel Robert S. Mueller III’s probe into Russian interference in the 2016 campaign has reached the high court.
Quiet Lawsuit in Pennsylvania May Create a Groundbreaking Data Security Priority Shift. Are You Ready? - Security Boulevard (Security Boulevard) Personally, I find the daily announcement of a company losing control of their employees’, partners’, or customers’ data depressing. My... The post Quiet Lawsuit in Pennsylvania May Create a Groundbreaking Data Security Priority Shift. Are You Ready? appeared first on Data Security Blog | Thales eSecurity.
Google worker behind 'anti-diversity memo' claims role in censored Chinese search engine (The Telegraph) A Google worker fired for “perpetuating gender stereotypes” has claimed he was working on the company’s controversial Chinese search engine before he was sacked.
Jurors at El Chapo trial hear him on intercepted phone calls (AP NEWS) Infamous Mexican drug lord Joaquin "El Chapo" Guzman didn't sound pleased on a 2011 phone call as he listened to his chief enforcer for his cartel try to justify a beat down he gave some crooked police officers.