Baltimore: notes from the Global Cyber Innovation Summit
Global Cyber Innovation Summit Recap (Security Weekly) Matt, Jason, and Paul do a recap on the Global Cyber Innovation Summit that was held in Baltimore last week!
Emerging fields for innovation: quantum computing and artificial intelligence (The CyberWire) A look at two trends with the potential to reshape the cybersecurity sector.
Innovator's Showcase: the Disrupt 8 (The CyberWire) Eight innovative companies were selected to represent the future of disruptive innovation. We can talk about seven of them.
Cyber Attacks, Threats, and Vulnerabilities
New leaks of Iranian cyber-espionage operations hit Telegram and the Dark Web (ZDNet) This time no hacking tools were released, but the leakers exposed a previously unknown Iranian APT group.
Russia and Iran expected to conduct disruptive cyber-attacks in Middle East (TechRadar) FireEye expects Pakistan and Turkey to become active this year
Experts Doubt Russian Claims That Cryptographic Flaw Was a Coincidence (Vice) At a recent international standards meeting, experts said they weren’t convinced by a Russian explanation about a potentially flawed new encryption algorithm.
Can NSA Stop China Copying Its Cyber Weapons? (Breaking Defense) China is copying malware the NSA has used against them. Is this preventable or is it an inherent weakness of cyber warfare?
Samsung spilled SmartThings app source code and secret keys (TechCrunch) A development lab used by Samsung engineers was leaking highly sensitive source code, credentials and secret keys for several internal projects — including its SmartThings platform, a security researcher found. The electronics giant left dozens of internal coding projects on a GitLab instance hoste…
How to Exploit EternalBlue on Windows Server with Metasploit (WonderHowTo) Particular vulnerabilities and exploits come along and make headlines with their catchy names and impressive potential for damage. EternalBlue is one of those exploits. Originally tied to the NSA, this zero-day exploited a flaw in the SMB protocol, affecting many Windows machines and wreaking havoc everywhere. Here, we will use EternalBlue to exploit SMB via Metasploit.
Dharma Ransomware Uses Legit Antivirus Tool To Distract Victims (BleepingComputer) A new Dharma ransomware strain is using ESET AV Remover installations as a "smoke screen" technique designed to distract victims while their files are encrypted in the background as detailed by Trend Micro.
Researchers’ Evil Clippy cloaks malicious Office macros (Naked Security) A team of security researchers has exploited Microsoft’s patchy macro documentation to hide malicious code inside innocent-looking macros.
Database With Millions of Indian Personal Records Exposed and Hijacked (Security Discovery) On May 1st, I have discovered an unprotected and publicly indexed MongoDB database which contained 275,265,298 records with personal identifiable information (PII) on Indian citizens, including the following fields: Name Email Gender Education level and area...
Attack of the Killer USBs: Don't Be the Next Victim (Security Boulevard) Analyzing the threat of 'Killer USBs' to a company's sensitive data and networks, as a report shows lack of employee awareness of the risk.
Cybereason’s Nocturnus Research Team Discovers Hackers are Using New, (PRWeb) Cybereason, creators of the leading Cyber Defense Platform, today announced that researchers detected and prevented a new, stealthy, mechanism aimed at delivering Gand
Amazon Hit by Extensive Fraud With Hackers Siphoning Merchant Funds (Bloomberg) Amazon asked U.K. court for bank details linked to hackers. Hackers break into about 100 accounts, according to documents.
China to bid on D.C. Metro rail deal as national security hawks circle (Reuters) China's CRRC plans to bid on a big Washington D.C. subway project as it dou...
Security Patches, Mitigations, and Software Updates
Latest Android security updates, and Google to fix patch delays for Pixel (Naked Security) Google’s May security update for Android is out – but will you be lucky enough to get it this week? If you own one of a Pixel device, then yes.
Google Patches Critical Remote Code Execution Flaws in Android (Threatpost) The Android security update patches 15 bugs, four rated critical, 10 rated high and one ranked moderate in severity.
Microsoft releases buggy Office 2016 Patch KB4462238 (gHacks Technology News) Office 2016 applications may stop responding after installing the update KB4462238 and clicking on any hyperlink.
Cyber Trends
Cyber Espionage Targeting Public Sector Rose 168% In 2018 (Nextgov.com) “Government incident responders must either be cape-and-tights-wearing superheroes, or so stressed they’re barely hanging on by their fingernails.”
The Future of Cybersecurity Budgeting (Inside Out Security) How has spending on cybersecuirty changed over the years? See what companies are prioritizing in their budgets and our tips for managing your own budget.
Information Security Professionals – Today’s Unsung Heroes (Lastline) Our 2019 RSA Conference survey highlights what information security professionals – today’s unsung heroes – must deal with. But as a group, they soldier on, against stiff odds, driven by some very compelling and admirable goals.
Infoblox Reveals Top Cybersecurity Challenges in Healthcare Organizations (PR Newswire) Almost two years since WannaCry, the ransomware attack that brought the NHS (National Health Service) to a...
Is curiosity killing patient privacy? (Help Net Security) With the growth of electronic health records and online patient portals, a wealth of sensitive medical information can negatively impact patient privacy.
Marketplace
Cybersecurity Jobs Abound. No Experience Required. (Wall Street Journal) Companies like IBM and Palo Alto Networks are scrambling to hire hundreds of thousands of corporate hackers to defend their networks and data, pursuing workers without traditional four-year degrees or formal experience.
Immigration Cops Just Spent A Record $1 Million On The World's Most Advanced iPhone Hacking Tech (Forbes) The GrayKey promises access to locked iPhones. And ICE is its biggest fan.
Huawei Sends Blunt Message To U.S., Announcing High-Tech Chip Plant In U.K. (Forbes) Huawei has announced plans to build a high-tech chip plant near to ARM's HQ in the U.K. They have also let it be known that the plant may also develop AI. Coming shortly after the U.K.'s decision on 5G and with Xinjiang in the news, this will be seen as a blunt message to Washington.
‘Not a single issue’: Huawei touts 10-year security record in Canada amid Ottawa’s 5G review (Financial Post) Chief security officer Olivera Zatezalo said Huawei has been working closely with the government and provided it with the information needed to conduct its risk assessment
Google Wanted to Rule the World. Now They’re Just Here to Help (WIRED) Google executives outlined new privacy-focused services at its annual I/O conference—while omitting that they still need to make money.
Facebook talked privacy, Google actually built it (TechCrunch) (Quartz) Mark Zuckerberg: “The future is private”. Sundar Pichai: ~The present is private~. While both CEO’s made protecting user data a central theme of their conference keynotes this month, Facebook’s pro...
Google Fights Back (Stratechery by Ben Thompson) At Google I/O, Google was the opposite of defensive: the company set out to make the case that its approach made for better products that makes people’s lives better
Instagram is working on new rules for banning accounts (Engadget) Instagram is working on a new policy for removing accounts.
Instagram still doesn't have vaccine misinformation under control (CNN) Two months after Facebook pledged to fight vaccine misinformation on its platforms, Instagram is still serving up posts from anti-vaccination accounts.
Facebook's EU elections operation centre based in Dublin (TechCentral.ie) In the run up to this month’s local and European elections and divorce referendum, Facebook’s Dublin centre will attempt to tackle misinformation, foreign interference and coordinated inauthentic behavior. Similar centres have previously been set up in the United States, Brazil and India in an effort to prevent wide-scale election influencing campaigns. With specialists from all [&hellip
Zix Acquires the Assets of Email Security Provider DeliverySlip (Yahoo) Zix Corporation (Zix) (ZIXI), a leader in email security, has acquired the assets of Cirius Messaging Inc. and wholly owned subsidiary, DeliverySlip Inc. related to the DeliverySlip product. DeliverySlip is a provider of email encryption, e-signatures and secure file sharing solutions. The asset
After massive acquisition, Dallas tech company is shopping again, but spending less (Dallas Business Journal) Zix Corp. is making another acquisition — just not one that transforms its size this time.
Led by F5 founder, Seattle cybersecurity startup Tempered Networks raises $17M (GeekWire) Seattle-based Tempered Networks has raised an additional $17 million to invest in engineering, sales resources, and partnerships. The company confirmed the new funding to GeekWire this week. The fresh…
Virtual Infrastructure Provider HyperQube Closes Seed Round of $500k (HyperQube) HyperQube to use funds to meet immense demand for simplified and automated web-browser based virtualization services.
Sumo Logic joins unicorns after pinning down $110M in new funding (Silicon Valley Business Journal) Redwood City-based cloud analytics business Sumo Logic passed $1 billion in valuation in a new $110 million funding round.
San Jose unicorn Cohesity expands backup offerings with first acquisition (Silicon Valley Business Journal) Cohesity has been expanding rapidly since moving into its downtown San Jose headquarters. Its global workforce has more than tripled to 1,000 in the past year and it hit a valuation of $1 billion last year.
Indian origin cybersecurity startups seek Singapore funding (The Economic Times) The latest cohort of startups was chosen to participate in the three-month ICE71 Accelerate programme, supporting the development and acceleration of their growth, Edgar Hardless, CEO of Singtel Innov8, said.
HackerOne CEO Mårten Mickos on the Devil, Zero Days, and White Hats (Computer Business Review) "We're building a hacker army!" says Mårten Mickos and it’s briefly tempting to imagine the HackerOne CEO seeking the Iron Throne for himself.
SailPoint’s Cam McMartin Assumes Role of Chief Operating Officer and Jason Ream to be Appointed Chief Financial Officer (AP NEWS) SailPoint Technologies Holdings, Inc. (NYSE: SAIL), the leader in enterprise identity governance, today announced that Cam McMartin will transition from Chief Financial Officer to Chief Operating Officer. Jason Ream will join the organization as incoming Chief Financial Officer, effective June 10, 2019.
Threat Stack Hires Matt Knutsen as SVP of Sales (Sys-Con Media) SYS-CON Media, NJ, a leading technology and computing media company on breaking news in the Cloud.
Products, Services, and Solutions
Connecting Software Launches Outlook Content Censor, an Innovative Solution to Secure Internal Data (StartUp Beat) Connecting Software, a technological innovator providing integration, synchronization and productivity solutions, announced the launch of the Outlook Content ...
MobileIron announces zero trust platform making the world’s most ubiquitous product – the mobile device – your ID and secure access to the enterprise (MobileIron) Introduces zero sign-on technology to eliminate passwords9 out of 10 security leaders believe that mobile devices will soon serve as digital ID to access enterprise services and data
Botnet-led DDoS Attacks Are Hitting Record Intensities. Imperva is Mitigating All of Them. (Imperva Blog) DDoS attacks are usually ranked by the amount of bandwidth involved, such as the 2018 GitHub attack that peaked at 1.35 Terabits per second and is often cited as the largest DDoS attack ever. From Imperva’s long history of successfully mitigating DDoS attacks, we know that the TRUE measure of attack intensity is something else …
F-Secure Security Engineering Awarded IEC 62243 Certifications (Financial IT) Cyber security provider F-Secure has earned two new International Electrotechnical Commission (IEC) certifications that recognize the company’s expertise in developing secure components for industrial control systems (ICSs). The certifications, IEC-62243-4-1 and IEC-62243-4-2, define the cyber security requirements for the development lifecycles and products used in industrial control and automation systems.
Cynet Free IR tool offering empowers responders to know and act against active attacks (Help Net Security) The saying that there are two types of organizations, those that have gotten breached and those who have but just don’t know it yet, has never been more
Introducing the Bromium Threat Insights Report (Security Boulevard) This report is made possible by customers who opted to share their Bromium-isolated threat data with Bromium, which our experts compiled into a Threat Insights Report Bromium Threat Insights Report is designed to share intelligence about the most notable malware that our experts have analyzed, and highlight new techniques used by attackers Learn practical and The post Introducing the Bromium Threat Insights Report appeared first on Bromium.
Technologies, Techniques, and Standards
How Much Will It Cost to Protect America's Electrical Grid? Who Will Pay? (Defense One) The answers are: Likely tens of billions of dollars, and probably us, the electricity customers.
Why ASEAN CIOs must understand GDPR (ETCIO.com) If a firm performs data processing activities in the European Union, the General Data Protection Regulation applies to them, even if that firm is not ..
How the Corps is amplifying intel to prevent terror attacks at Marine training events, birthday balls, 5Ks (Marine Corps Times) An overhauled anti-terrorism program now gives the officers and staff noncommissioned officers a dial-up resource to understand real, recent and relevant threats when planning those events.
Deployment Diversity for DNS Resiliency (Security Boulevard) Fast, reliable, and secure edge services kick start by optimizing DNS for the global edge.
When "Customers" Attack DNS (Security Boulevard) Be real. A Communications Service Provider's (CSP's) customer will not use their home to attack the Domain Name System (DNS). They might as well unplug from the Internet. Yet, customers get infected, CPEs get violated, and miscreants all over the...
This man's job was to hack the Pentagon. Now he invests millions in security startups. (Business Insider) Ron Gula was a hacker for the National Security Agency and now runs the VC firm Gula Tech Adventures with his wife.
Design and Innovation
Calls for "Lightweight" Encryption are Short-Sighted and Dangerous (Private Internet Access Blog) NIST's decision to seek out a standard for a "lightweight" encryption algorithm is dangerous and largely a waste of time with hardware advancements.
Legislation, Policy, and Regulation
ISIS’s Church Attacks Break Mohammed’s Own Pledges (Foreign Policy) Assaults on Christian sites show terrorists are apostates as well as murderers.
US lifts sanctions on Venezuela spy chief to spur Maduro defections (ABC News) Vice President Pence announced that the US lifted sanctions on Venezuela's spy chief after he defected from Nicolas Maduro who maintains power despite US-backed protests
FCC's Pai to Senate: Huawei is National Security Threat (Broadcasting & Cable) Said suspect tech in 5G nets is unacceptable
Huawei Urges US to Adopt German Approach to Security (Light Reading) Under-fire Chinese vendor wants the US to introduce a regime for the testing of 5G products from all vendors as it fights efforts to have it banned from international markets.
Pompeo threatens UK with intel sharing cut-off if they buy Huawei 5G (RT International) US Secretary of State Mike Pompeo has warned the UK that allowing Huawei to bid on 5G contracts could spell the end of the US-UK "special relationship" – and, apparently, the UK's membership in the Five Eyes.
US risks paying high security price with stand on Huawei (South China Morning Post) Without proof of spying claims Washington appears to be fighting a losing battle, and its intelligence-sharing faces further damage as more countries turn to the Chinese tech giant
Analysis | The Cybersecurity 202: It might be time for a grand cybersecurity policy – if Trump’s on board (Washington Post) Cyberspace Solarium Commission plans a ‘contest of wills’ for the best cybersecurity ideas.
New authorities mean lots of new missions at Cyber Command (Fifth Domain) Leaders at U.S. Cyber Command have used new authorities to conduct more cyberspace operations in the last few months than in the previous 10 years, senior Department of Defense officials said.
U.S. Cyber Command Bolsters Allied Defenses to Impose Cost on Moscow (New York Times) Deployments to allied countries give the American military an early look at Russian online weapons and new tactics Moscow may intend to use on the United States.
Big Tech vs Congress: the issues Facebook, Google and Amazon lobby most (VPNMentor) Detailed analysis of the $500m Big Tech have spent lobbying the US government. Discover which issues matter most to Amazon, Apple, Facebook, Google and Microsoft.
Bipartisan Bill Introduced Would Give Tools to Fight Foreign Interference in Elections (Campaign Legal Center) Today, U.S. Senators Amy Klobuchar (D-MN), Lindsey Graham (R-SC) and Mark Warner (D-VA) introduced the Honest Ads Act, a bill that addresses some of the most pressing vulnerabilities in campaign finance law that Russia exploited in the 2016 election. Campaign Legal Center (CLC) advised on the bill when it was introduced in the last Congress and co-sponsored by the late Senator John McCain (R-AZ). Representatives Derek Kilmer (D-WA) and Elise Stefanik (R-NY) lead companion legislation in the House of Representatives, which has 26 co-sponsors.
Lawmakers Differ on Remedies for Facebook Privacy Breach (Wall Street Journal) A House hearing highlighted differences on how the government should work to strengthen tech companies’ protection of personal information, as a huge fine looms for Facebook.
Video game ‘loot boxes’ would be outlawed in many games under forthcoming federal bill (Washington Post) Video games popular among kids would be prohibited from offering "loot boxes," or randomized assortments of digital weapons, clothing and other items that can be purchased for a fee, under new federal legislation previewed by Republican Sen. Josh Hawley.
Fortnite is free, but kids are getting bullied into spending money (Polygon) The stigma of being a default
Federal agencies move to explore artificial intelligence (AI) ethics and technical policy (Military & Aerospace Electronics) The U.S. Department of Defense recently held a public comment meeting at Stanford University to discuss artificial intelligence ethics.
Imperial County officials to invest in rebuilding network following cyber attack (KYMA) On April 14, Imperial County was notified that their network had been compromised through a cyber attack.
Litigation, Investigation, and Law Enforcement
FBI to meet with Florida delegation to discuss Russian hacking (Politico PRO) Special counsel Robert Mueller last month revealed the suspected hacking in a report on Russian interference in the 2016 election.
Steele's stunning pre-FISA confession: Informant needed to air Trump dirt before election (TheHill) The FBI is keeping secret much of the information in a State Department official's notes about meeting Christopher Steele in October 2016.
Privacy Groups Target Amazon Echo Product in FTC Complaint (1) (Bloomberg Law) Amazon.com Inc.'s Echo Dot Kid digital personal assistant is collecting children’s data without parental consent, privacy advocates are alleging in a complaint to the Federal Trade Commission.
Administrators of DeepDotWeb Indicted for Money Laundering Conspiracy, Relating to Kickbacks for Sales of Fentanyl, Heroin and Other Illegal Goods on the Darknet (US Department of Justice) The alleged owners and operators of a website known as DeepDotWeb (DDW) have been indicted by a federal grand jury sitting in Pittsburgh, Pennsylvania, for money laundering conspiracy, relating to millions of dollars in kickbacks they received for purchases of fentanyl, heroin, and other illegal contraband by individuals referred to Darknet marketplaces by DDW. The website has now been seized by court order.
State Department office manager admits conspiring to hide contacts with Chinese agents (Washington Post) The official pleaded guilty to accepting thousands of dollars in gifts over five years, sharing diplomatic, economic information.
Article 13 threatens video game streamers in the EU: survey (Comparitech) Article 13 of the EU Copyright Directive could have a drastic impact on video game streamers and their fans in Europe, according a recent survey.
School lunch company exec arrested for skewering rival’s site (Naked Security) The Choicelunch CFO is accused of hacking student data out of The LunchMaster’s site and anonymously ratting it out for bad security.
Malvertiser behind 100+ million bad ads indicted in the US (Naked Security) A Ukrainian and his gang allegedly smeared malvertising for 4.5 years and tried to rent out a botnet full of infected computers.
Woman arrested for trespassing at CIA headquarters and asking for ‘Agent Penis’ (Military Times) Hernandez has been charged with trespassing and is being held in Alexandria, Virginia.