Cyber Attacks, Threats, and Vulnerabilities
Single server ties hacked diplomatic cables to Chinese cyberattacks worldwide (ZDNet) Further investigation into a single C2 has revealed some interesting results.
Reaver: Mapping Connections Between Disparate Chinese APT Groups (Threat Vector) New research links an attack featured in a front-page New York Times story about the theft of sensitive European Union diplomatic cables by an alleged Chinese APT to a whole host of additional attacks on internal Chinese political targets thought to have been carried out by different Chinese APT groups.
Speculators Look to ID AVs Hacked by Russia (Infosecurity Magazine) Trend Micro confirms unauthorized access from third party, though McAfee and Symantec say no evidence of breach.
Anti-virus vendors named in Fxmsp's alleged source code breach respond (SC Media) McAfee, Symantec and Trend Micro are reportedly the antivirus companies whose source code the cybercriminal group Fxmsp claims to have stolen.
Over 460,000 E-Retailer User Accounts Hacked (Infosecurity Magazine) Asia's largest retailer suffered a breach exposing account information of nearly half a million users
New Class of Vulnerabilities Leak Data From Intel Chips (SecurityWeek) ZombieLoad, RIDL and Fallout: Intel processors are vulnerable to more speculative execution side-channel attacks that can allow malware to obtain sensitive data.
New speculative execution bug leaks data from Intel chips’ internal buffers (Ars Technica) Intel-specific vulnerability was found by researchers both inside and outside the company.
Meltdown Redux: Intel Flaw Lets Hackers Siphon Secrets from Millions of PCs (WIRED) Two different groups of researchers found another speculative execution attack that can steal all the data a CPU touches.
BitDefender researchers discover terrifying security vulnerability in Intel CPUs (The Next Web) The specter of Spectre looms.
Intel melts down again – new CPU data leaks revealed (CRN Australia) Fixes flow but Microsoft warns Active Directory data could be pinched.
The second Meltdown: New Intel CPU attacks leak secrets (CSO Online) Intel has done some mitigations for these vulnerabilities that can leak secrets from virtual machines, secure enclaves and kernel memory. Here's how the attacks work.
Microsoft warns of major WannaCry-like Windows security exploit, releases XP patches (The Verge) Windows 10 and Windows 8 are safe
Critical Update: Windows Remote Desktop Services Vulnerability (Zscaler) Zscaler security research team found a critical vulnerability in Microsoft Windows Remote Desktop Services. Zscaler Cloud Sandbox provides proactive coverage against worm payloads and advanced threats like ransomware and our team is actively monitoring for in-the-wild exploit attempts to ensure coverage.
Boost Notification (Boost Mobile) Dear Valued Customer: Boost Mobile is writing to inform you of a recent security incident. We take this matter, and all matters involving customer privacy, very seriously.
Burned After Reading: Endless Mayfly’s Ephemeral Disinformation Campaign (The Citizen Lab) Using Endless Mayfly as an illustration, this highlights the challenges of investigating & addressing disinformation from research & policy perspectives.
WhatsApp Exploit Reveals 'Legalized Hacking' at Work (Info Risk Today) Attackers exploiting a buffer overflow in WhatsApp's signaling software to automatically infect devices with malware - without users even having to answer their
WhatsApp Flaw Used in Targeted, Not Widespread, Attacks (Decipher) A WhatsApp vulnerability has reportedly been used in highly targeted attacks to install spyware on victims’ phones.
WhatsApp hack: Don't believe politicians, it's never been 'impossible to crack' (The Telegraph) The WhatsApp hack is not the first, and will not be the last time that supposedly “invulnerable” encrypted systems prove to be anything but.
Plead malware distributed via MitM attacks at router level, misusing ASUS WebStorage (WeLiveSecurity) ESET research shows how cybercriminals behind the Plead malware have been using compromised routers and MitM attacks against ASUS WebStorage to spread the backdoor.
Uniqlo Says 460,000 Online Accounts Accessed in Japan Hack (Bloomberg) Fast Retailing urges customers to change their passwords. Personal information, purchase history may have been accessed.
Hackers Add Security Software Removal to Banload Banking Malware (SecurityWeek) SentinelOne has analyzed a new development within perhaps the most prolific Brazilian banking malware, Banload, that highlights the hackers' adaptability.
Remote Code Execution Vulnerability Impacts SQLite (SecurityWeek) A use-after-free vulnerability (CVE-2019-5018) in SQLite could allow an attacker to send a specially crafted SQL command to execute code remotely.
Siemens SIMATIC, SINUMERIK, and PROFINET IO (Update C) (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 5.3ATTENTION: Exploitable from an adjacent networkVendor: SiemensEquipment: SIMATIC, SINUMERIK, and PROFINET IOVulnerability: Improper Input Validation2.
Siemens S7-400 CPUs (Update A) (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 8.2ATTENTION: Exploitable remotely/low skill level to exploitVendor: SiemensEquipment: S7-400 CPUsVulnerabilities: Improper Input Validation2. UPDATE INFORMATIONThis updated advisory is a follow-up to the original advisory titled ICSA-18-317-02 Siemens S7-400 CPUs that was published November 13, 2018, on the NCCIC/ICS-CERT website.
WIBU SYSTEMS AG WibuKey Digital Rights Management (Update D) (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 10.0ATTENTION: Exploitable remotely/low skill level to exploit/public exploits availableVendor: WIBU-SYSTEMS AGEquipment: WibuKey Digital Rights Management (DRM)Vulnerabilities: Information Exposure, Out-of-bounds Write, Heap-based Buffer Overflow2.
Siemens CP, SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM (Update A) (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 7.5ATTENTION: Exploitable remotely/low skill level to exploitVendor: SiemensEquipment: CP, SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIMVulnerability: Out-of-bounds Read2.
Siemens SIMATIC Panels and WinCC (TIA Portal) (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 6.5ATTENTION: Exploitable remotely/low skill level to exploitVendor: SiemensEquipment: SIMATIC WinCC Runtime Advanced, WinCC Runtime Professional, WinCC (TIA Portal); HMI PanelsVulnerabilities: Use of Hard-coded Credentials, Insufficient Protection of Credentials, Cross-site Scripting2.
Siemens Industrial Products with OPC UA (Update A) (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 7.5ATTENTION: Exploitable remotely/low skill level to exploitVendor: SiemensEquipment: SIMATIC, SINEC-NMS, SINEMA, SINEMURIK Industrial Control Products with OPC UAVulnerability: Uncaught Exception2.
Siemens SIMATIC PCS 7, WinCC, TIA Portal (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 9.1ATTENTION: Exploitable remotely/low skill level to exploitVendor: SiemensEquipment: SIMATIC PCS 7, WinCC Runtime Professional, WinCC (TIA Portal)Vulnerabilities: SQL Injection, Uncaught Exception, Exposed Dangerous Method2. RISK EVALUATIONSuccessful exploitation of these vulnerabilities could allow an attacker to execute arbitrary commands on the
Siemens SINAMICS PERFECT HARMONY GH180 Fieldbus Network (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 7.5ATTENTION: Exploitable remotely/low skill level to exploitVendor: SiemensEquipment: SINAMICS PERFECT HARMONY GH180 Fieldbus NetworkVulnerability: Improper Input Validation2. RISK EVALUATIONSuccessful exploitation of this vulnerability could cause a denial-of-service condition.
Siemens SINAMICS PERFECT HARMONY GH180 Drives NXG I and NXG II (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 7.5ATTENTION: Exploitable remotely/low skill level to exploitVendor: SiemensEquipment: SINAMICS PERFECT HARMONY GH180 Drives NXG I and NXG IIVulnerability: Uncontrolled Resource Consumption2.
Siemens LOGO!8 BM (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 9.4ATTENTION: Exploitable remotely/low skill level to exploitVendor: SiemensEquipment: LOGO!8 BMVulnerabilities: Missing Authentication for Critical Function, Improper Handling of Extra Values, Plaintext Storage of a Password2.
Siemens SIMATIC WinCC and SIMATIC PCS 7 (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 9.8ATTENTION: Exploitable remotely/low skill level to exploitVendor: SiemensEquipment: SIMATIC WinCC and SIMATIC PCS 7Vulnerability: Missing Authentication for Critical Function2. RISK EVALUATIONSuccessful exploitation of this vulnerability could allow an unauthenticated attacker with access to the affected devices to execute arbitrary code.
Siemens SCALANCE W1750D (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 9.8ATTENTION: Exploitable remotely/low skill level to exploitVendor: SiemensEquipment: SCALANCE W1750DVulnerabilities: Command Injection, Information Exposure, Cross-site Scripting2.
Omron Network Configurator for DeviceNet (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 7.3ATTENTION: Low skill level to exploitVendor: OmronEquipment: Network Configurator for DeviceNet Vulnerability: Untrusted Search Path2. RISK EVALUATIONSuccessful exploitation of this vulnerability could allow an attacker to achieve arbitrary code execution under the privileges of the application.
Siemens LOGO! Soft Comfort (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 7.8ATTENTION: Low skill level to exploitVendor: SiemensEquipment: LOGO! Soft ComfortVulnerability: Deserialization of Untrusted Data2. RISK EVALUATIONSuccessful exploitation of this vulnerability could allow an attacker to execute arbitrary code if the attacker tricks a legitimate user into opening a manipulated project.
Real estate deals are impacted by ransomware attack in Baltimore (WBAL) New impacts revealed about the computer virus attack that's shut down much of Baltimore City government's ability to do business as usual.
Baltimore warnings about deadly street drugs aren't working because of ransomware attack (Baltimore Sun) The text alert system that warns drug treatment providers and users in Baltimore about potentially deadly street drugs is offline.
UPDATE: ACHD computers back up following cyber attack (Idaho Press) The Ada County Highway District is back online after experiencing a cyber attack.
Security Patches, Mitigations, and Software Updates
Intel Side Channel Vulnerability MDS (Intel) MDS is similar to previously disclosed speculative execution side channel vulnerabilities.
New Intel security flaws could slow some chips by nearly 20% (Reuters) Intel Corp and a group of security researchers on Tuesday said they had found a ...
Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003 (KrebsOnSecurity) Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003, citing the discovery of a “wormable” flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.
Microsoft May 2019 Patch Tuesday arrives with fix for Windows zero-day, MDS attacks (ZDNet) Microsoft patches 79 security flaws in the May 2019 Patch Tuesday update train.
CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability (MSRC) A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests.
Prevent a worm by updating Remote Desktop Services (CVE-2019-0708) (MSRC) Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from...
Apple Patches Intel Side-Channel Bugs; Updates iOS, macOS and More (Threatpost) A massive update addresses the breadth of the computing giant's product portfolio.
Apple Patches 21 Vulnerabilities in WebKit (SecurityWeek) Security updates Apple released for iOS, macOS, Safari, tvOS and watchOS include patches for 21 vulnerabilities that affect open source web browser engine WebKit.
Adobe Patches Over 80 Vulnerabilities in Acrobat Products (SecurityWeek) Adobe patches a critical vulnerability in Flash Player and over 80 flaws in its Acrobat products.
Worried about the WhatsApp hack? Here’s how to update your app. (Washington Post) Update your WhatsApp if you haven't already.
Siemens Addresses Vulnerabilities in LOGO, SINAMICS Products (SecurityWeek) Siemens’ May 2019 Patch Tuesday advisories address over a dozen vulnerabilities, including serious flaws affecting LOGO and SINAMICS Perfect Harmony products.
Cyber Trends
Apricorn Report Reveals Majority of Employees Use Non-Encrypted USB Drives – Even Though 91% Say Encrypted USB Drives Should Be Mandatory (BusinessWire) Apricorn, the leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB data storage devices, today announced results of its lates
Phishtales From The World’s Largest Security Awareness User Conference (Cybercrime Magazine) Patching employees and other cutting edge strategies from KnowBe4’s 2019 KB4-CON event
6 Biggest Cybersecurity Risks to Utilities (ABI Research) This evolution to “smart infrastructure†represents a positive, paradigm shift for the utilities industry. However, the security policies of many utilities have not evolved along with it, leaving them incredibly vulnerable.
Prioritizing risks in a climate of geopolitical threats (Help Net Security) The cybersecurity landscape has become increasingly hostile in recent years, with a growing threat from common cybercriminals as well as the looming
UK stung by 140% increase in cyber-attacks (Consultancy) Cyber-attacks in the UK spiralled upwards by 140% in 2018, according to a shocking cyber-threat landscape report.
Marketplace
Meet the shadowy security firm from Israel whose technology is believed to be at the heart of the massive WhatsApp hack (Business Insider) The NSO Group's Pegasus software is believed to be at the heart of a major new spyware attack that affects billions of people.
Who is NSO, the company tied to the WhatsApp security breach? (CNN) WhatsApp has just pushed a significant update to its 1.5 billion users. That's because the messaging service has discovered a security flaw that enabled attackers to remotely install spyware, possibly without the target of the surveillance even being aware of it.
Huawei in bid to grow enterprise business amid scrutiny on key... (Reuters) Huawei Technologies unveiled on Wednesday a new database management system, in a...
Huawei willing to sign 'no-spy' agreements (BBC News) The Chinese telecoms firm has drawn international scrutiny amid concerns it poses a security risk.
CrowdStrike, a cybersecurity unicorn, files to go public (TechCrunch) The SaaS endpoint protection firm submitted documents to the SEC on Tuesday afternoon.
CrowdStrike IPO: 5 things to know about the cybersecurity unicorn (MarketWatch) CrowdStrike Holdings Inc. filed for its long-awaited initial public offering Tuesday, joining a surge of 2019 tech IPOs by companies that have commanded huge...
Crowdstrike files to go public — lost $140 million on $250 million in revenue last year (CNBC) Crowdstrike, a cybersecurity vendor, is the latest tech company seeking to go public in 2019.
Corsica Technologies Announce Acquisition, Expands Services by Adding a Security Operations Center (Yahoo) Corsica Technologies, a globally recognized leader in IT Services has recently acquired EDTS Cyber, a provider of security services, and their sister company EDTS, a leading IT Service Provider. This partnership brings together three world-class technology
This techie aims to put India at the forefront of hack-proof communication (Business Standard) Quantum Cryptography, the technology he is using, comes at a time when enterprises in the country are witnessing increasing cases of sensitive data exposure risks and breaches
Products, Services, and Solutions
SecureAge Integrates Artificial Intelligence Powered APEX Anti-Malware Engine in VirusTotal (Security Boulevard) SecureAge’s APEX engine uses machine learning to recognize zero-day and mutated threats that are traditionally undetectable (NEW YORK) (May 14, 2019) --
Envistacom to Support the Assessment of the Cyber Posture and Interoperability of the NC3 Network (West) Company leveraging their experience with DOT&E cyber assessment program to support Cyber Analytics Systems Threat Lab Environments 2 (CASTLE2) Task Order 20
Nucleus Cyber Expands Data Protection Capabilities to Microsoft Teams and Yammer (Nucleus Cyber) NC Protect now identifies, secures sensitive data for enterprise social communications with intelligent, conditional access and security controls
Ixia and Symantec collaborate to better secure hybrid networks (Help Net Security) Keysight Technologies announced that Ixia, a Keysight Business, and Symantec have extended their collaboration to better secure hybrid networks.
Thales Wins Cybersecurity Excellence Awards for Encryption and Identity and Access Management Solutions (Security Boulevard) Thales’ SafeNet Data Protection on Demand and SafeNet Trusted Access solutions have won the gold award in the Encryption and Identity and Access Management categories of the 2019 Cybersecurity Excellence Awards.
Microsoft, Galois Partner On Election Security (CivSource) Microsoft and Galois have partnered on a new election security solution called ElectionGuard.
RMS launches new risk modelling & data platform, as it sunsets RMS(one) (ReinsuranceNe.ws) Catastrophe risk modelling and analytics firm RMS has announced the launch of a new strategic risk modelling and data platform for the re/insurance
GoTrust ID app users can now simulate USB FIDO Key with smartphone biometrics (Biometric Update) GoTrust ID has developed software to enable smartphones to be used instead of a USB FIDO Key for FIDO 2-step login with popular cloud applications, the first such offering, according to the announcement.
Telxius enhances its Security service with Radware (Yahoo) Telxius, Telefónica Group’s infrastructure company, announced today that it relies on Radware to ensure the protection of its international network from increasingly complex cyberattacks and provide DDoS mitigation services to its customers, helping them mitigate attacks in seconds, compared to hours
Attila Security on NIAP In-Evaluation Product List (PRWeb) Attila Security, a trusted leader of cyber security solutions for government agencies and commercial enterprises, today announced its award-winning GoSilent platform...
Technologies, Techniques, and Standards
G-7 Authorities to War Game Cyber Attack on Bank for First Time (Bloomberg) Simulation will study impact of a disruption of major bank. Test will examine a multi-day outage of an international firm.
A classified DoD network has problems. Now what? (C4ISRNET) The Defense Information Systems Agency identified five areas for improving the Joint Regional Security Stacks.
The Missing Piece of the Cyber Response Plan Puzzle – The Insurance Component (JD Supra) Experts are full of advice about the importance of designing and implementing a robust cyber breach response plan. They opine frequently on its key...
Training, cyber hygiene critical steps for U.S. IoT security (Federal News Network) Zach Butler, director of IoT World, explains why agencies have to do more to mitigate the risks of connected devices.
Design and Innovation
Facebook introduces ‘one strike’ policy to combat abuse of its live-streaming service (TechCrunch) Facebook is cracking down on its live streaming service after it was used to broadcast the shocking mass shootings that left 50 dead at two Christchurch mosques in New Zealand in March. The social network said today that it is implementing a ‘one strike’ rule that will prevent users who…
Twitter launches new search features to stop the spread of misinformation about vaccines (TechCrunch) As measles outbreaks in the United States and other countries continue to get worse, Twitter is introducing new search tools meant to help users find credible resources about vaccines. It will also stop auto-suggesting search terms that would lead users to misinformation about vaccines. In a blog p…
Microsoft Looking To Build Decentralized Identity Network On Top Of Bitcoin Blockchain (Forbes) Microsoft is increasing its work with the mythical decentralised identity, this time by building what it calls a Overlay Network (ION) on top of the Bitcoin blockchain.
Academia
Clearwater cybersecurity firm donates training, money to USF College of Business (Tampa Bay Business Journal) The in-kind training and donation equal $1.75 million, the company [KnowBe4] said.
Legislation, Policy, and Regulation
Jacinda Ardern's ambitious plan to end online extremism after the Christchurch massacre (ABC News) New Zealand's Prime Minister is taking her fight to end online extremism to Europe today, teaming up with Emmanuel Macron to try and curtail the power of tech companies to self moderate.
Russia Ready To Cooperate With United States In Cyberspace - Lavrov (UrduPoint) Russia is ready to cooperate with the United States on a professional level on cyber-related issues, Foreign Minister Sergey Lavrov said on Tuesday
Russian military gains in Ukraine could spell trouble for the US Army, even in a conventional fight (Army Times) Cyber warfare is important, but missiles, artillery, tanks and infantry are still dominating the actual battlefield.
Leaks, Drones, Mystery Attacks: US-Iran Tensions Boil Hot, But… (Breaking Defense) As troops and hardware are on the move in the Gulf, diplomats signal that no one is eager for war.
Military plans to counter Iran include possible 120,000 troop deployment, cyber attack ‘Nitro Zeus’ (Military Times) Experts look to potential flare up from an accident or attack. Plans also call for response to Iran ramping up nuclear program.
Trump is reportedly preparing to sign an executive order that would enable a ban on Huawei in the US (TechCrunch) As the trade war with China intensifies again, President Donald Trump is expected to sign an executive order that would make possible a ban on American companies from using telecommunications equipment from Huawei and other companies that the government believes pose a national security risk, Reute…
The worry about 5G: ‘They control whether or not we communicate’ (Fifth Domain) Chinese company Huawei’s efforts to sell its 5G network equipment to U.S. allies worried members of the Senate Judiciary Committee May 14 about disruptions in global communications, intelligence sharing and military operations
China’s Influence Operations in Asia: Minding the Open Door Challenge (The Diplomat) While attention to Beijing’s conduct is important, addressing the permissive conditions that create an enabling environment for its activities should remain front and center.
Nordic, Baltic Regulators Agree to Share Info on Money-Laundering Threats (Wall Street Journal) Regulators said they plan to develop a coordinated process for sharing information across Denmark, Estonia, Finland, Iceland, Latvia, Lithuania, Norway and Sweden.
The NSA knows its weapons may one day be used by its targets (CyberScoop) The idea that enemies will reverse engineer NSA exploits is one that military brass deals with every day. What's being done to prevent it from happening?
Cyber Solarium sets ambitious goals for U.S. digital strength (Fifth Domain) A group of 14 congressmen, government officials and private sector experts are tasked with developing policies for three far-ranging cybersecurity areas.
New Cyberspace Solarium Commission pledges action on 5G safety (Smart Cities Dive) U.S. Sen. Angus King, I-ME, told reporters that the group will review all cyber threats facing the U.S. and make recommendations by year's end.
Bipartisan group of senators introduce legislation designed to strengthen cybersecurity of voting systems (TheHill) A bipartisan group of senators introduced legislation Tuesday that would require a cybersecurity expert from the Department of Homeland Security (DHS) be included on the committee tasked with developing voluntary voting s
Litigation, Investigation, and Law Enforcement
CIA Joins Barr in Investigating Origins of Trump Campaign Surveillance (National Review) Barr has enlisted the help of the CIA to investigate FBI surveillance of the Trump campaign was motivated by partisan bias.
Cybersecurity experts fear fallout from Apple case (TheHill) Cybersecurity experts are worried about the fallout from a Supreme Court ruling allowing customers to sue Apple over the prices in its App Store, claiming it could eventually lead to more unsecured apps being sold to consumers.
San Francisco Bans Agency Use of Facial Recognition Tech (WIRED) Other cities, including Oakland, and Somerville, Massachusetts, are also considering bans on the technology as a threat to civil liberties.