Cyber Attacks, Threats, and Vulnerabilities
Bad actors increasingly spreading misinformation via social media ahead of EU elections (Help Net Security) Bad actors are amplifying misinformation content directed at EU member states to shape public perception, a report by SafeGuard Cyber reveals.
EU Election Security Report (SafeGuard Cyber) This report outlines our investigation into Russian Twitter bot disinformation campaigns in the EU parliamentary elections.
Researchers discover highly stealthy Microsoft Exchange backdoor (Help Net Security) The LightNeuron Microsoft Exchange backdoor can read, modify or block emails going through the compromised server, and even compose and send new emails.
Russian cyberspies are using one hell of a clever Microsoft Exchange backdoor (ZDNet) Turla APT found exploiting LightNeuron backdoor, a first of its kind targeting Microsoft Exchange email servers.
Russian Nation-State Group Employs Custom Backdoor for Microsoft Exchange Server (Dark Reading) Turla hacking team abuses a legitimate feature of the Exchange server in order to hide out and access all of the target organization's messages.
Hackers steal $41 million worth of bitcoin from Binance... (Reuters) Hackers stole bitcoin worth $41 million from Binance, one of the world's la...
Hackers Steal $40.7 Million in Bitcoin From Crypto Exchange Binance (CoinDesk) Crypto exchange Binance has disclosed a 7,000 BTC loss following the discovery of what it called a "large scale security breach."
Hackers Steal $40 Million Worth of Bitcoin From Binance Exchange (Bloomberg) Deposits and withdrawals suspended pending security review. Binance says hackers may still control some user accounts.
MegaCortex ransomware distracts victims with Matrix film references (Naked Security) One moment, the defenders’ network looked secure but the next, as if out of nowhere, the ransom note pops up.
iTWire - Ex-NSA man slams Israel for strike on alleged Hamas cyber attackers (ITWire) Israel has crossed the Rubicon with its attack on alleged cyber attackers belonging to the Palestinian group Hamas, a well-known information security...
Flaws in the design of IoT devices prevent them from notifying homeowners about problems (Help Net Security) Design flaws in “smart home” Internet-of-Things (IoT) devices that allow third parties to prevent devices from sharing information have been identified.
Cyberattack cripples Baltimore’s government computer servers (Fifth Domain) The Tuesday problems come just over a year since another ransomware attack hit Baltimore's 911 dispatch system, prompting a worrisome 17-hour shutdown of automated emergency dispatching.
Baltimore city government computer network hit by ransomware attack (Baltimore Sun) Baltimore City government computers were infected with ransomware Tuesday, the mayor's office said, shutting down many technology systems while officials battle the attack.
Mayor Young’s Statement on Baltimore City IT Issue (Baltimore City Hall) Baltimore City core essential services (police, fire, EMS and 311) are still operational but it has been determined that the city’s network has been infected with a ransomware virus.
Cyber attack leaves Huntington voters concerned during primary election (WPTA) A cyber attack left a few Huntington voters concerned during Tuesday's primary election.
Report: Freedom Mobile Customer Data Breach Exposes 1.5 Million Customers (vpnMentor) vpnMentor‘s research team recently discovered that Freedom Mobile experienced a huge data breach. Led by hacktivists Noam Rotem and Ran Locar, ...
Security Patches, Mitigations, and Software Updates
Google to enable Chrome users to block tracking cookies (Computing) Google Chrome clampdown on tracking cookies unlikely to affect Google's own user tracking
We are too lazy to protect our privacy - and Google knows it (The Telegraph) Nobody imagined they would be wed to Google for their entire life.
Verizon Galaxy S10, S10+, S10e Updated With April Security Patch (Droid Life: Just Doing Android News, Man.) Verizon is shipping out the April security patch to the Galaxy S10, Galaxy S10+, and Galaxy S10e today...
Cyber Trends
Over 1,900 breaches reported in the first three months of 2019, a new Q1 record (Risk Based Security) Risk Based Security today announced the release of its Q1 2019 Data Breach QuickView Report, which found that there were 1,903 publicly disclosed data compromise events in the first three months of the year, exposing over 1.9 billion records...
Webroot Releases Report Ranking U.S.A. (Webroot) Top 5 Risky States Are Mississippi, Louisiana, California, Alaska, and Connecticut
2019 Data Breach Investigations Report (Verizon) The Verizon Data Breach Investigations Report (DBIR) provides you with crucial perspectiveson threats that organizations like yours face.
Control system cyber security conferences are actually impacting control system cyber security (Control Global) There is a need for cyber security conferences for control system engineers that focus on control systems and control system impacts. OT network cyber security and OT network cyber security conferences are important but still leave a gaping hole - the control system devices.
Ponemon’s Third Annual Study on Third Party IoT Risk: Companies Don’t Know What They Don’t Know (BusinessWire) Ponemon’s Third Annual Study on Third Party IoT Risk: Companies Don’t Know What They Don’t Know; Third Party Risk Factors Require More Attention
C-Suite execs and policy makers find cybersecurity technology investments essential (Help Net Security) The majority of C-Suite executives and policy makers in the United States believe the government should invest more in advanced cybersecurity technology.
Marketplace
Proofpoint To Buy Cybersecurity Startup Meta Networks For $120M (CRN) Proofpoint has agreed to purchase cybersecurity startup Meta Networks to help customers better protect people, applications and data as they move beyond the traditional perimeter.
Orange Signs an Agreement to Acquire SecureLink and Accelerate Its Leadership in the European Cybersecurity Industry (BusinessWire) On 7 May 2019, Orange entered into an agreement with Investcorp to acquire 100% of SecureLink on a €515m Enterprise Value basis. SecureLink, based in
LexisNexis Risk Solutions Acquires Lumen from Numerica Corporation (Yahoo) LexisNexis® Risk Solutions today announced it is further expanding its public safety solutions with the acquisition of all Lumen assets, a product line owned by Numerica Corporation, a Colorado-based company. Lumen is an integrated data platform leveraged
San Mateo 'Splunk killer' scores second big funding in 8 months (Silicon Valley Business Journal) The San Mateo cybersecurity company [Exabeam] is on track to more than double its workforce by the end of 2019 compared to where it was a year ago.
Synack Veterans Referral Program (Synack) Every year, 250,000 servicemen and women leave the armed forces. Of those who leave, 65% struggle to find jobs, despite their highly specialized skill sets in fields like cybersecurity. In my view, active duty military, veterans, and spouses comprise a largely untapped market for technology companies and startups. Their hands-on training in cybersecurity, particularly in […]
Skybox Security and Indegy join hands to boost cybersecurity in critical infrastructure (CISO MAG | Cyber Security Magazine) The technical integration of Skybox and Indegy will help organizations see and understand risks in connected IT and operational technology networks.
Products, Services, and Solutions
Allure Security Introduces Data Loss Risk Monitoring for Critical Visibility into Microsoft Office365 Activity (PR Newswire) Allure Security, the data loss detection and response company, now offers data loss risk monitoring for Microsoft...
Digital Reasoning Announces Managed Hosted Conduct Surveillance Solution on Google Cloud and Amazon Web Services | Digital Reasoning (Digital Reasoning) Digital Reasoning, a leader in Artificial Intelligence (AI) that understands human intentions and behaviors, today announced the availability of a managed hosted version of its market-leading Conduct Surveillance solution on Google Cloud Platform (GCP) and Amazon Web Services (AWS). Developed with Digital Reasoning’s banking partners, it brings the firm’s …
Quad9 Offers Owners of Android-based Mobile Devices Domain Name Service (DNS) Security Protections for Free (Quad 9) Today Quad9 released Quad9 Connect - a mobile app allowing the more than 2.5 billion global users of smartphones built on Android to use the free security and privacy driven recursive domain name service (DNS) to block access to malicious websites and maximize web browsing privacy while using an Android mobile device.
New Solution from Shape Security brings Enterprise-grade Online Fraud Protection to the Mid-Market (Shape Security) Shape Connect™ Provides Industry's Highest Level of Defense for Mid-market Organizations at Unrivaled Value to Defeat Fake Traffic Online
DLT Solutions to Offer Pulse Secure Cybersecurity Solutions for Secure Access to Public Sector (Pulse Secure) Partnership to accelerate channel growth and help government organizations and critical infrastructure operators fortify hybrid IT defenses and progress Zero Trust access controls
ArcBlock Releases Forge SDK, The Easiest Way to Build Blockchains and Decentralized Applications (PR Newswire) ArcBlock has officially released the ArcBlock Forge Software Developer Kit (SDK). The Forge SDK is a...
VinaPhone Selects KoolSpan to Power ProCall Secure Communications Solution (AP NEWS) VinaPhone ( http://vinaphone.com.vn ), the leading provider of advanced telecommunications technologies and services to government, enterprise, small & medium-sized business, and consumers in Vietnam announces its partnership with KoolSpan..., to power VinaPhone ProCallTM,..., the secure mobile communications solution for Vietnam.
Onapsis and Verizon Join Forces to Accelerate and Secure SAP Customers’ Digital Transformation (Yahoo) Onapsis, the leader in business application cyber resilience, is joining forces with Verizon to accelerate and protect SAP customers’ digital transformation initiatives. Customers of the two companies who are migrating their critical business applications to the SAP S/4HANA
Technologies, Techniques, and Standards
The CIA Sets Up Shop on Tor, the Anonymous Internet (WIRED) Even the Central Intelligence Agency has a so-called onion service now.
The CIA Will Use its New Dark Web Site to Collect Anonymous Tips (Vice) The intelligence agency is stoked about its new Onion site on the dark web: "Our onion site is one of several ways individuals can contact the CIA."
App Developers Must Consider Platform Rules in Addition to Legal Requirements (Cooley) Recently, app store providers have become increasingly active in imposing and enforcing privacy requirements for developers. For example, both Apple and Google have threatened removal of apps from …
5 Emerging Vectors of Attack and Recommendations for Mitigating the Risks (Security Boulevard) DNS manipulation, domain fronting, targeted cloud individual attacks, HTTPS and encryption, and the exploitation of hardware features are among the emerging challenges adversaries can exploit according to cybersecurity experts at SANS.
The Problem with Too Many Security Options (CSO Online) For organizations looking to expand or upgrade their security, there is literally too much information to consume.
DISA Seeks Info on Quantum-Resistance Cryptography (ExecutiveBiz) The Defense Information Systems Agency is in need of industry-based information regarding the use of quantum-safe algorithms for cybersecurity. DISA said Monday in a FedBizOpps notice that it intends to evaluate the use of these algorithms and cryptographic approaches to protect the Department of De
Design and Innovation
SolarWinds: Looking beyond DevOps to fix cybersecurity (Data Center News) The role of DevOps in security has seen increasing popularity due to its sound philosophy around productivity and adaptability.
Research and Development
Cryptographic breakthrough allows using handshake-style encryption for time-delayed communications (Help Net Security) Researchers have solved a 15-year-old problem that allows handshake-style encryption to be used for time-delayed digital communications such as email.
Unhackable? New chip makes the computer an unsolvable puzzle (Help Net Security) Researchers have developed a new computer processor architecture that could usher in a future where computers proactively defend against threats.
Diamond Key Security Receives Research and Development Grant from Vietsch Foundation (Morningstar) Diamond Key Security Receives Research and Development Grant from Vietsch Foundation, Read most current stock market news, Get stock, fund, etf analyst reports from an independent source you can trust – Morningstar
Legislation, Policy, and Regulation
At nations’ request, U.S. Cyber Command probes foreign networks to hunt election security threats (Washington Post) Officials are increasingly focused on the activities of Russia, China, North Korea and Iran.
Analysis | The Cybersecurity 202: Here's how the military’s hacking arm is gearing up to protect the 2020 election (Washington Post) It includes probing allies' computer networks to glean insights about Russian threats.
Election Assistance Commission loses key tech expert ahead of 2020 (CyberScoop) The top official responsible for certifying voting systems at the federal Election Assistance Commission is stepping down, multiple sources confirmed to CyberScoop.
Senators want answers on expiring NSA surveillance program (FCW) A group of senators are asking the National Security Agency for an update on the current status of its controversial bulk telephony metadata collection program.
The Pentagon Still Buys Software Like It's 1987 (Defense One) The Defense Innovation Board recently discovered that a 32-year-old report "pretty much said it all."
Litigation, Investigation, and Law Enforcement
Everything you need to know before Huawei CFO Meng Wanzhou returns to court Wednesday (The Star) From the extradition battle to the fraud charges to Meng’s lawsuit and the international fallout, this story is far from over.
15 police stations set up to deal with cyber crime: Senate told (The Nation) Minister of State for Parliamentary Affairs Ali Muhammad Khan on Tuesday apprised the Senate that around 15 police stations had been set up across the country
Navy mulls punishment for cyber neglect (FCW) The Navy is looking at punitive measures for careless users to get them to take basic cyber hygiene seriously.
Chelsea Manning says she’ll never testify, seeks release (Army Times) Former Army intelligence analyst Chelsea Manning said in a new legal motion that she will never testify to a grand jury in Virginia investigating the website Wikileaks, and it therefore makes no sense to continue to keep her in jail for refusing to do so.