Cyber Attacks, Threats, and Vulnerabilities
Taiwan government database leaked on dark web (Taiwan News) Leak contains personal information on more than 20 million Taiwanese
Cyber attack on two govt. websites (Daily News) The Cyber Security Centre of Sri Lanka Air Force said that, the websites of two government entities have come under a cyber attack this morning. Earlier this month, five websites containing the
Wider inquiry on cyber attack on two state websites (Hiru News) Wider inquiry on cyber attack on two state websites . Most visited website in Sri Lanka.
No data breach occured in cyber-attack attempts - SLCERT (Sri Lanka News) Sri Lanka CERT|CC has confirmed a couple of websites in Sri Lanka were defaced by a group of activists. The Defence Ministry is a - Get the latest breaking news and top stories from Sri Lanka, the latest political news, sports news, weather updates, exam results, business news, entertainment news, world news and much more from News 1st, Sri Lanka's leading news network.
Special forces thwart cyber attack as hackers spread fake news to damage US-Polish relations (First News) Polish news websites have come under cyber-attack aimed at damaging Poland’s military alliance with the United States.
Minneapolis city and police websites taken down in alleged 'Anonymous' hack (Bring Me The News) The infamous hacker group also released a video criticizing the MPD.
MN state computers under attack, officials say. So far, cyber-attacks have been repelled. (Twin Cities) Minnesota is fending off cyber-attacks aimed at crippling the state’s computer systems, officials announced Sunday afternoon. Officials haven’t explicitly said that the attacks are conn…
Analysing the (Alleged) Minneapolis Police Department "Hack" (Troy Hunt) The situation in Minneapolis at the moment (and many other places in the US) following George Floyd's death is, I think it's fair to say, extremely volatile. I wouldn't even know where to begin commentary on that, but what I do have a voice on is data breaches which prompted
Should You Trust Contact Tracing Apps? (Security Boulevard) If the devastating health and economic ramifications weren’t enough, individual privacy is also in the throes of being profoundly and permanently disrupted by the coronavirus pandemic.
An advanced and unconventional hack is targeting industrial firms (Ars Technica) Steganography? Check. Living off the land? Yep. Triple-encoded payloads? Uh-huh.
Nworm: TrickBot gang’s new stealthy malware spreading module (BleepingComputer) The Trickbot banking trojan has evolved once again with a new malware spreading module that uses a stealth mode to quietly infect Windows domain controllers without being detected.
Hacker leaks database of dark web hosting provider (ZDNet) Leaked data contains email addresses, site admin passwords, and .onion domain private keys.
Valak malware steals credentials from Microsoft Exchange servers (BleepingComputer) Classified initially as a malware loader, Valak has morphed into an information stealer that targets Microsoft Exchange servers to rob email login credentials and certificates from enterprises.
Hackers target Google Docs, Microsoft Sway to steal user credentials (ETCIO.com) Cybersecurity researchers on Friday said they have identified a new type of impersonation attack that is using Google file sharing and storage website..
List of well-known web sites that port scan their visitors (BleepingComputer) Many well-known and heavily used web sites are using a fraud protection script that port scans your local computer for remote access programs.
Amtrak resets user passwords after Guest Rewards data breach (BleepingComputer) The National Railroad Passenger Corporation (Amtrak) disclosed a data breach that led to the exposure of personal information of some Guest Rewards members.
NTT Communications Data Breach: Emerging Details (MSSP Alert) NTT Communications apparently suffered a data breach. Hackers used Microsoft Active Directory as a stepping stone in the remote attack, initial NTT analysis suggests.
Hackers demand millions in ransom for stolen Stadler Rail documents (SWI swissinfo.ch) The hackers who stole data from Swiss train manufacturer Stadler Rail in early May have demanded payment of a ransom of $6 million in Bitcoin.
Abandoned Apps May Pose Security Risk to Mobile Devices (Dark Reading) Mobile providers don't often update users when applications are not supported by developers, security firm says.
5GBioShield: Dropship scam alert! Steer clear of this anti-5G USB key (AndroidPIT) A €£339 scam that nets you a 128MB USB key which preys on the gullible who thrive on the COVID-19 and 5G antenna link conspiracy theory.
Security Patches, Mitigations, and Software Updates
Google Takes Action Against Misleading and Malicious Notifications in Chrome (SecurityWeek) Google announced that it’s taking action against misleading and malicious notifications with the release of Chrome 84
Cyber Trends
Bitglass Remote Work Report: 84% of Organizations Will Continue to Support Work From Home, But Most Aren’t Equipped to Do So Securely (BusinessWire) Bitglass, the Next-Gen Cloud Security Company, has just released its 2020 Remote Work Report, which analyzes how organizations have adjusted to suppor
Redgate Database Monitoring Survey Highlights The Challenges of The New Remote Working Era (BusinessWire) Redgate’s third annual State of Database Monitoring Report found that businesses are reprioritizing cloud adoption and automated database monitoring d
Cyber Warfare Growing: From Academic Background to Current Events (Government Technology) As I read the new book, “Cyber Warfare — Truth, Tactics, and Strategies” by Chase Cunningham, global cyberattacks can be seen all around us now, if we look in the right places. Here’s my review of the topic, and the book.
Marketplace
Zscaler Acquires Network Security Startup (EnterpriseAI) Zscaler Inc. is doubling down in its drive to dominate the market for “zero trust” security frameworks with its second acquisition in about six weeks. The
LookingGlass Cyber Solutions Announces Plans to Relaunch the Cyveillance Brand (BusinessWire) LookingGlass Cyber Solutions, a leader in intelligence-driven risk management, today announced plans to relaunch the Cyveillance brand, a trusted name
What's Behind Syncsort’s Rebranding As Precisely? (IT Jungle) Syncsort, the company that merged with Vision Solutions three years ago and acquired several IBM i security firms, has changed its name to Precisely. According to chief executive officer Josh Rogers, the new name is a better reflection of what the company has become following its acquisition of Pitney Bowes’ data and software business: laser-focused
Huawei's ambitions for Canada stalled by rift with China, security expert says (BNN) Huawei Technologies Co.'s push to become a leading supplier of 5G technology in Canada appears to be in jeopardy after the Chinese tech giant's CFO suffered a legal setback in a B.C. court, prompting an angry response from Beijing.
Microsoft lays off journalists to replace them with AI (The Verge) Robots will now pick news stories for MSN and Microsoft News
Malwarebytes Recruits Dariusz Paczuski as Senior Vice President of Marketing (Malwarebytes Press Center) Malwarebytes today announced that it has hired Dariusz Paczuski as senior vice president of marketing, to help scale the company’s consumer and enterprise businesses.
Skybox Security appoints Charlie Velasquez as CFO (Accountancy Today) Global cybersecurity management company, Skybox Security, has announced the appointment of Charlie Velasquez as chief financial officer (CFO).
Products, Services, and Solutions
World’s Most Secure Cryptocurrency Hardware Wallet Beats Pre-Order Goal In 15 minutes (GlobeNewswire) NGRAVE ZERO - "The Coldest Wallet" - tops 400 backers in the first 24 hours of its Indiegogo campaign
nCipher supports launch of new key import method for Azure Key Vault (MarketWatch) nCipher Security, an Entrust Datacard company, and a world leader in hardware security modules (HSMs), announces its support for new key import method (BYOK)...
The Cloud-First WAN For Dummies | E-Book (Aryaka) This eBook consists of five chapters to introduce readers to the new WAN technology and explains the impact of WAN on digital transformation. Download now.
Southern Company Joins Fortress Asset To Vendor Network (Fortress Information Security) Southern Company will be the first new partner of the Fortress Asset to Vendor Network for utilities (A2V), a collaborative cybersecurity network to secure the power grid supply chain and critical infrastructure
Orca Tech signs distie agreement with cyber security ISV ItsMine (ARN) Distributor Orca Technology has signed a distribution agreement with Israel-based independent software vendor ItsMine in what it claims is an exclusive arrangement for Australia.
Blackpoint Cyber launches 365 Defense, a Microsoft 365 security add-on for its MDR service (Help Net Security) Blackpoint Cyber released 365 Defense – a Microsoft 365 security add-on for its true Managed Detection and Response (MDR) service.
Technologies, Techniques, and Standards
Cyber Essentials (CISA) Your success depends on cyber readiness. Both depend on you. CISA’s Cyber Essentials is a guide for leaders of small businesses as well as leaders of small and local government agencies to develop an actionable understanding of where to start implementing organizational cybersecurity practices.
Wireless Broadband Alliance calls for single global Wi-Fi network (ComputerWeekly) Global wireless ecosystem consortium unveils WBA OpenRoaming to offer automatic and secure connection of billions of devices to millions of Wi-Fi networks.
How GitHub untangled itself from an 'Octopus' malware that infected 26 projects (CyberScoop) For GitHub, not all reports about malicious software on its platform are of equal importance.
Telco develops cybersecurity blueprint for self-driving cars in the UK (Smart Cities World) O2 worked on the Government-funded BeARCAT project, which examined the cybersecurity vulnerabilities of connected and autonomous vehicles.
COVID-19: the payment card industry’s data security standard (Business Chief) Drew Kilbourne, managing director at the Synopsys Software Integrity Group, discusses the impact of COVID-19 on the payment card industry’s data security standard.
Op-Ed: "The Old Line” state, serving on the front line, needs authority to respond online (DVIDS) In today’s battle against COVID-19, Maryland has great latitude to employ its National Guard in the physical domain, but is hamstrung by policy and perception from fully engaging its cyber force. And while COVID-19 is a biological malady rather than an electronic one, the hobbling of our cyber capabilities will, indeed, cost lives. In fact, in all likelihood it already has.
Design and Innovation
Test and Trace has not passed data protection impact assessment (ComputerWeekly) Public Health England failed to complete the required impact assessment before launching the Covid-19 Test and Trace programme.
Research and Development
()
Academia
UVA Engineering Wins Third Consecutive National Cybersecurity Championship (University of Virginia School of Engineering and Applied Science) When companies need help defending their critical IT systems from disruptions such as cyber attacks or pandemics, they can turn to the University of Virginia.
Legislation, Policy, and Regulation
Britain pushing US to form 5G club of nations to cut out Huawei (Techxplore) Britain said Friday it was pushing the United States to form a club of 10 nations that could develop its own 5G technology and reduce dependence on China's controversial telecoms giant Huawei.
Expanded G7 likely to tackle Huawei's 5G dominance (Australian Financial Review) Donald Trump wants Australia at the G7 but foreign policy experts warn the government should be wary about forming an anti-China bloc.
Tough new takeover rules could rein in foreign swoops on UK tech (The Telegraph) The Bill, expected within the next few weeks, will mean more scrutiny for takeover attempts in the UK
Space Force's Plan for Cyber Warriors (Air Force Magazine) The Space Force is hashing out how to incorporate offensive cyber operations into its future combat plans, as the service charts a path for cyber Airmen.
Trump and Zuckerberg share phone call amid social media furor (Axios) Both sides described the call as productive.
Would the White House consider a national cyber director? (Fifth Domain) The Cyberspace Solarium Commission wants a national cyber director in the White House. Would the White House be open to it?
SHC draws the attention of authorities to data protection laws - (Technology Times) Sindh High Court (SHC) asked what measures have been taken by the administration towards data protection laws.
Councils don't have a consistent view of cyber security, says report (ComputerWeekly) The Ministry of Housing, Communities and Local Government releases findings around security perceptions of local authorities
Litigation, Investigation, and Law Enforcement
Minnesota using 'intelligence support' from US military amid riots (Fox News) Minnesota's governor said Saturday the state is using “intelligence support” from the U.S. military to push back against the alleged organizers of riots that have occurred in the state in response to the death of George Floyd.
Officials blame outsiders for violence in Minnesota but contradict one another on who is responsible (Washington Post) Federal, state and local leaders blamed the far left, the far right and even foreign actors for looting and rioting following George Floyd’s death while in police custody.
Intel chief Ratcliffe declassifies transcripts of Flynn calls (TheHill) Director of National Intelligence John Ratcliffe on Friday announced that he has declassified the transcripts related to Michael Flynn’s conversations with a Russian diplomat during the presidential transition.
Deploying D&O and Cyber Insurance Coverage Against COVID-19 Claims (New York Law Journal) Pandemic-fueled litigation will test the reliability of the insurance coverage many organizations have purchased.
Clearview AI facial recogition sued again – this time by ACLU (Naked Security) Clearview AI, the company that’s scraped billions of images to build a facial recognition system, is getting sued again.
New Yorker Indicted for Stealing Card Data via SQL Injection Attacks (SecurityWeek) DoJ announced this week that a New York City man was charged for his participation in a cybercrime scheme to steal and traffic payment card data
Former IT Administrator Sentenced in Insider Threat Case (GovInfo Security) A former IT administrator for an Atlanta-based building products distribution company has been sentenced to 18 months in federal prison after he sabotaged the firm