Cyber Attacks, Threats, and Vulnerabilities
'Assange supporters' claim council hacks (BBC News) Hacking groups claim to have taken down Barnsley and Bedale council websites.
AP Exclusive: Undercover spy targeted Kaspersky critics (Washington Post) An undercover operative has been targeting cybersecurity experts in an apparent effort to gather intelligence about critics of Kaspersky Lab, the Russian antivirus firm
This malware campaign is targeting the military with phony emails from a defence contractor | ZDNet (ZDNet) Spear-phishing attacks against Ukraine are part of a cyber-espionage campaign by a group with potent capabilities.
Spear Phishing Campaign Targets Ukraine Government and Military;Infrastructure Reveals Potential Link to So-Called Luhansk People's Republic (FireEye) FireEye Threat Intelligence identified a spear phishing email targeting government entities in Ukraine.
Analysis | The Cybersecurity 202: Why a hacking operation by a proto-state in Ukraine could spell trouble for the U.S. (Washington Post) The Luhansk People’s Republic has a sophisticated hacking army. Others will soon follow.
Hacker Group Uses RATVERMIN Backdoor to Target Ukrainian Military (BleepingComputer) Multiple Ukrainian military departments were targeted by a spear phishing campaign which attempted to drop a RATVERMIN backdoor as part of a second-stage payload delivered with the help of a Powershell script.
Moscow Server Hosted WikiLeaks and Iran’s Hackers Weeks Apart (The Daily Beast) The year was 2015, and weeks after a group of brazenly persistent hackers hit over 500 targets, WikiLeaks dumped thousands of Saudi diplomatic cables. Coincidence, or connection?
Over 100 Million JustDial Users' Personal Data Found Exposed On the Internet (The Hacker News) Popular JustDial Local Search Engine Site Exposing Data On Over 100 Million Users
Malware Authors Have Already Won the Iron Throne (Zscaler) With the much-anticipated premiere of the final season of HBO's Game of Thrones, you can bet that malware authors are ramping up their efforts to infect viewers anxious to stream the series.
Decoding a 'New' Elite Cyber Espionage Team (Dark Reading) Stealthy and well-heeled hacking group went undetected for five years and wields a massive attack framework of some 80 different modules.
Wipro investigates security breach believed to be perpetrated by state-sponsored attacker (Computing) Wipro systems compromised following phishing campaign used to target 'at least a dozen' clients, according to insiders
Wipro confirms breach, says customers are 'anxious' (CRN Australia) CEO says firm responded “quite fast” to security breach, disputes details.
Wipro hires forensic firm to probe cyberattack (The Economic Times) IT company confirms zero-day attack, could be liable for damages if client information found to be compromised.
The Wipro Breach: Why Managed Service Providers Are At Risk (CRN) The Wipro breach is just the latest sign that solution providers, managed service providers and other IT service providers are now plum targets for nation-state hackers
Windows Zero-Day Emerges in Active Exploits (Threatpost) Patched just last week, the Windows kernel bug is being used for full system takeover.
Kaspersky claims credit for finding critical Windows security flaw being actively exploited in the wild (Computing) While patched last week, Kaspersky claims attackers are exploiting the flaw in a string of new attacks to take full control of targets' PCs
Notre Dame Disaster Causes FireStorm Of Social Engineering And Misinformation (KnowBe4) Notre Dame Disaster Causes FireStorm Of Social Engineering And Misinformation
WAGO Series 750-88x and 750-87x (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 9.8ATTENTION: Exploitable remotely/low skill level to exploitVendor: WAGOEquipment: Series 750-88x and 750-87xVulnerability: Use of Hard-coded Credentials2. RISK EVALUATIONThis vulnerability allows a remote attacker to change the settings or alter the programming of the device.
PLC Cycle Time Influences (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 7.5ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are availableVendors: ABB, Phoenix Contact, Schneider Electric, Siemens, WAGOEquipment: Programmable Logic ControllersVulnerability: Uncontrolled Resource Consumption2.
Delta Industrial Automation CNCSoft (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 7.8ATTENTION: Low skill level to exploitVendor: Delta Electronics (Delta)Equipment: Delta Industrial Automation CNCSoftVulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Out-of-bounds Read2.
If hackers can hide tumors in scans, what else can they hide? (C4ISRNET) Researchers demonstrate a novel attack on medical devices by using deep learning.
QR Codes locken in die Phishing-Falle (UNITED NEWS NETWORK GmbH) G DATA Mobile Internet Security iOS ab sofort mit QR Code Scanner
FBI Head Of Cybersecurity In San Francisco Warns: Look To Inside Threats (Forbes) The arrest of Wikileaks founder Julian Assange marks the first step toward trying one of the most prominent cyber crimes in American history and his charges to commit computer intrusion are more common theses days than one would think.
Security Patches, Mitigations, and Software Updates
Security flaw in EA’s Origin client exposed gamers to hackers (TechCrunch) Electronic Arts has fixed a vulnerability in its online gaming platform Origin after security researchers found they could trick an unsuspecting gamer into remotely running malicious code on their computer. The bug affected Windows users with the Origin app installed. Tens of millions of gamers use…
Oracle releases Critical Patch Update addressing 296 vulnerabilities (Computing) MySQL alone accounted for fixes for 44 vulnerabilities in Oracle's latest patch batch, while Fusion Middleware has 53 security flaws patched
Cyber Trends
2019 Endpoint Security Trends Report (Absolute) New data security threats revealed from global study of six million devices
Measuring Progress: Expanding the Horizon | 2019 Annual Report (Cybergistic) CynergisTek's second annual report analyzed the results of assessments at hundreds of healthcare organizations against NIST CSF and the HIPAA Privacy and Security Rules.
Small Business App Features and Security in 2019 (Clutch) Small businesses prioritize social media integration in their apps but don't invest enough in app security or personalization. Read More
OTA’s Online Trust Audit Scores Consumer-facing U.S. Government Websites (PRWeb) The Internet Society’s Online Trust Alliance (OTA), which identifies and promotes security and privacy best practices that build consumer confidence in the Inte
Distil Networks’ Sixth Annual Bad Bot Report Finds Bad Bot Arms Race Rages On (Distil Networks) Industry breakdown available in the sixth annual report from Distil Networks titled Bad Bot Report 2019: The Bot Arms Race Continues.
Cyber security forensic checks come to the fore in mergers and acquisitions processes | Voxy.co.nz (Voxy.co.nz) Imagine you’re buying a business. The first step would of course be to carry out financial due diligence to help assess the risk and return profile of the business.
Marketplace
Self Probe Won’t Cut it for Israeli Spyware Company NSO, Says Citizen Lab Researcher (CTECH) Bill Marczak, a senior fellow researcher at the University of Toronto's Citizen Lab, a digital and human rights research group, spoke Thursday at Calcalist’s Mind the Tech Conference in New York
Huawei's employee ownership claims are a sham covering up possible Communist control, research finds (The Telegraph) New research has rubbished Huawei's claim to be owned and controlled by its employees, calling it "misleading" and "a myth".
Huawei warns 'politicising' cyber security will create trade problems (The Sydney Morning Herald) Huawei's deputy chairman and rotating chairman, Ken Hu, called on global governments to create independent standards to determine which companies should be trusted.
Huawei cyber security chief John Suffolk: It’s not our culture to be aggressive (ComputerWeekly) John Suffolk, global cyber security and privacy officer at China-based telecoms equipment supplier Huawei, tells Huawei Analyst Summit growth is the best answer to US criticism.
The U.S. Wants to Ban Huawei. But in Some Places, AT&T Relies On It. (Wall Street Journal) U.S. officials have told telecom executives around the world to steer clear of Huawei Technologies, calling the company a national-security threat, but that hasn’t prevented AT&T from using the Chinese company’s equipment in Mexico.
Intel quits 5G smartphone modems after Apple reaches a settlement with Qualcomm (Computing) Chip giant says it will focus on the broader 5G infrastructure business after Apple settles differences with Qualcomm
How BlackBerry Has Become a Cyber-Security Player (eWEEK) BlackBerry CTO Charles Eagan explains where his company's cyber-security efforts are headed and why, after 35 years and many technological changes, BlackBerry is fundamentally on the same mission.
Gemalto to delist from Amsterdam and Paris exchanges as Thales buys out remaining shares (Biometric Update) Gemalto will be delisted from the Euronext Amsterdam and Euronext Paris stock exchanges shortly after the company’s annual general meeting on May 28, 2019, as part of its merger with Thales. Thales…
The GLI Group (GLI®) Acquires SeNet International Corporation, Bringing Expanded Information Technology Security Capabilities to U.S. Clients (PR Newswire) The GLI Group (GLI®) has acquired SeNet International Corporation ("SeNet"), bringing expanded cybersecurity and ...
Class in Session for Federal Cyber Reskilling Academy (Nextgov) Demand drove an increase in cohort size.
Forcepoint Opens New State-of-the-Art Cyber Experience Center in Boston’s Seaport District (Forcepoint) Facility to serve as the new Forcepoint Global Center of Excellence for Behavioral Analytics driving cyber innovation and product development in understanding human behavior in partnership with Forcepoint X-Labs research division Forcepoint’s Cyber Experience Center, a multi-million dollar investment, uniquely delivers an immersive experience that brings to life today’s evolving threat landscape for enterprises and government agencies
Products, Services, and Solutions
Telos Ghost® Provides New Capabilities for Cloud-Based Secure and Anonymous Networking Solutions (BusinessWire) Telos Corporation announces a new version of Telos Ghost, its system for private, secure, and anonymous operations on the internet, with advanced capa
The crowdsourced platform teaching the cybersecurity workforce new skills (CyberScoop) Ralph Sita, CEO of Cybrary, talks with CyberScoop Editor-in-Chief Greg Otto about his company's platform and why its taking off inside bigger corporations.
BAE Systems enhances its NetReveal platform improving financial crime investigator efficiency (Help Net Security) BAE Systems unveiled a major enhancement to its NetReveal platform at the ACAMS 24th annual International AML and Financial Crime Conference.
Technologies, Techniques, and Standards
What the Army learned from a February cyber exercise (Fifth Domain) Cyber teams are beginning to use a new training environment that will allow staffers to rehearse for specific missions.
What the Air Force learned from insurgents’ networks (C4ISRNET) Air Force leaders plan to experiment this summer with a mesh network that would allow military users in hard-to-reach areas to connect to the service’s top secret network and share intelligence information without the fear of losing service.
TPM & TEE – working together in harmony (Global Platform) As the line between mobile devices and computers becomes increasingly blurred, security architectures from two previously separate worlds are also converging.
Not appointing a CRO? Might be risky business (ZDNet) New report makes the case for welcoming chief risk officers to the C-suite.
5 Things You Need to Know About API Protection (SC Media) Whether you realize it or not, APIs are everywhere in your organization and they’re growing in numbers. In fact it’s estimated that the average
Design and Innovation
AI & ML latest: Google disbands another AI ethics committee (Computing) Tricky stuff, ethics
Goodbye, Jeff and Tina: Cyber Awareness Challenge ditches beloved-but-corny characters (Stars and Stripes) The new edition of the Department of Defense’s annual computer security training means that it's time to say farewell to some familiar faces.
Academia
RMIT University launches new cybersecurity course (PACE) RMIT has developed a new cybersecurity course in partnership with industry to arm people with the skills needed to protect their digital assets.
UWF to host national platform for cybersecurity executives (University of West Florida Newsroom) WHAT: Cybersecurity executives in academia, business, government and the armed forces will address the rapidly-evolving cyber threat landscape and critical workforce shortage at the annual Centers of Academic Excellence Executive Leadership Forum. The University of West Florida in partnership with the National Security Agency and Department of Homeland Security will host the forum. Speakers include executives from …
MU gets high schoolers interested in cyber careers (The Herald-Dispatch) High school students interested in such careers as cybersecurity, cyber crime and digital forensics got a taste of what it would be like during the 10th annual
Legislation, Policy, and Regulation
Russian lawmakers approve new Internet law (Reuters) Russia's lower house of parliament approved on Tuesday the third reading of...
Iran labels all US forces in Middle East ‘terrorists’ (Military Times) It remains unclear how the bill’s passage in parliament would affect the Republican Guard’s activities in the Persian Gulf, where the U.S. Navy has in the past accused Iranian patrol boats of harassing American warships.
PPD-20 successor has yielded ‘operational success,’ Federal CISO says (CyberScoop) A revamped policy framework for offensive U.S. cyber operations is much quicker than its predecessor, federal CISO Grant Schneider said Tuesday.
Former top CIA official warns that U.S. intel faces "moment of reckoning" after 2016 failure (CBS News) "The trends it reflects warrant a wholesale reimagining of how the intelligence community operates," Michael Morell and Amy Zegart wrote in an essay in Foreign Affairs
Shed Light on Cryptocurrency 'Dark Matter' Regulation at SEC (Competitive Enterprise Institute) A few days ago, the Trump administration issued a memorandum strongly discouraging what the Competitive Enterprise Institute’s Wayne Crews has called “regulatory dark matter.” The memo instructs federal agencies to submit all policymaking rules to Congress to be vetted under the Congressional Review Act, even if these rules come in the form of informal “guidance.”
Litigation, Investigation, and Law Enforcement
EU: No evidence of Kaspersky spying despite 'confirmed malicious' classification (ZDNet) European Commission "not in possession of any evidence regarding potential issues related to the use of Kaspersky Lab products."
One Month, 500,000 Face Scans: How China Is Using A.I. to Profile a Minority (New York Times) In a major ethical leap for the tech world, Chinese start-ups have built algorithms that the government uses to track members of a largely Muslim minority group.
The Maddening Limbo of Paul Whelan (Foreign Policy) Four months into the former U.S. Marine’s detention in Moscow, Washington is struggling to help free him—or even get him answers.
Inside bikini-photo startup Six4Three’s scrappy battle to put Facebook on trial (NBC News) The David vs. Goliath contest pits a small startup against one of the most powerful technology companies in the world.
Electronic surveillance isn't spying — it's much more powerful (TheHill) The silly semantical jousting over 'spying' versus 'surveillance' is a distraction.
The FBI Wanted a Backdoor to the iPhone. Tim Cook Said No (WIRED) The agency wanted to crack the iPhone of Syed Farook, a suspect in the 2015 San Bernardino shooting. The Apple CEO took a stand.
Apple, Qualcomm Agree to Drop All Patent Litigation (Wall Street Journal) Apple and Qualcomm agreed to dismiss all litigation between the two companies world-wide, on the day the two sides began a courtroom trial to settle their legal dispute.
T-Mobile-Sprint Deal Runs Into Resistance From DOJ Antitrust Staff (Wall Street Journal) Justice Department staffers have told T-Mobile US and Sprint that their planned merger is unlikely to be approved as currently structured, casting doubt on the fate of the $26 billion deal.
Cyber-sec biz Fortinet coughs up $545,000 after 'flogging' rebadged Chinese kit to Uncle Sam – but why so low? We may be able to explain (Register) Rogue employee takes blame, seems he ain't no Fortinet son
Attorney seeks Coast Guardsman’s release since he isn’t facing terrorism charges (Navy Times) A Coast Guard lieutenant accused of stockpiling guns and compiling a hit list of prominent Democrats and network TV journalists is seeking his release from federal custody since prosecutors haven’t charged him with any terrorism-related offenses.
University of Kentucky to increase security after online threat (WLKY) Officials say threat deemed not credible