Cyber Attacks, Threats, and Vulnerabilities
U.N. Weathers Storm of Emotet-TrickBot Malware (Threatpost) A concerted, targeted phishing campaign took aim at 600 different staffers and officials, using Norway as a lure.
United Nations Targeted With Emotet Malware Phishing Attack (BleepingComputer) Pretending to be the Permanent Mission of Norway, the Emotet operators performed a targeted phishing attack against email addresses associated with users at the United Nations.
Proof-of-concept exploits published for the Microsoft-NSA crypto bug (ZDNet) Two proof-of-concept exploits published for the CurveBall (CVE-2020-0601) vulnerability.
Five Key Things To Know About NSA-Microsoft Issue (Avast) Learn how this flaw could have undermined a key trust mechanism, and why the spy agency took an unusually public step to point it out.
Response to Windows 10 bug 'overblown' - channel reacts (CRN) Microsoft issues patch to cover flaw that could affect hundreds of millions of Windows 10 devices
Applying threat intelligence to Iranian cyberattack risk (Sophos News) As geopolitical interest increases, discussions of threat intelligence increase which increases pressure on security operations teams to provide answers to customers and to senior leadership.
DHS Bulletin to Hazardous Chemical Sector: Beef Up Cyber, Physical Security at Facilities (Homeland Security Today) The Insights bulletin notes that Iran has targeted a variety of industries and organizations in the past, and said CISA
Enhancing Chemical Security During Heightened Geopolitical Tensions (CISA Insights) In light of recent international events with the potential for retaliatory aggression against the U.S. and our critical infrastructure, CISA urges facilities with chemicals of interest (COI)—whether tiered or untiered under the Chemical Facility Anti-Terrorism Standards (CFATS) program—to consider enhanced security measures to decrease the likelihood of a successful attack.
Hacking of company at center of impeachment done with an old, familiar trick (NBC News) Email-based cyberattacks remains a tried-and-true way for hackers to try to obtain access to computer systems and files.
‘Not This Time, Satan’: Hillary Clinton Gets Dragged for Pushing Russian Hacking Conspiracy – Again (Sputnik) Former secretary of state Hillary Clinton never gets tired of playing the ‘Russian hackers’ card. With the 2016 election interference argument wearing out a bit over the past four years, the same people are pushing the same conspiracy theory, although this time in a different set-up.
Google removes WhatsGap from app store (ZDNet) The search engine giant claims the 'sensitive content' on WhatsGap violated the company's content policy.
More than 600 million users installed Android 'fleeceware' apps from the Play Store (ZDNet) A new set of 25 Android apps caught illegally charging users at the end of a trial period.
PayPal Confirms Password Vulnerability (Security Magazine) A security researcher discovered a high-severity bug affecting PayPal’s most visited pages: the login form.
Bitcoin sextortionists target Google Nest cameras in latest campaign (Hard Fork | The Next Web) Bitcoin-hungry criminals are targeting Google Nest home security camera owners in their latest sextortion campaign — but there's a catch!
Peekaboo Moments baby-recording app has a bad database booboo (Naked Security) No need to wait until you’ve gurgled out of your mother’s womb to experience the joys of having your privacy breached.
Families of deployed paratroopers received ‘menacing’ messages, warned to double-check social media settings (Military Times) Separately, a U.S. source told Military Times the WiFi access was suspended over fears of a potential hacking and leak of sensitive contact information.
Q4 2019 KnowBe4 Finds Security-Related and Giveaway Phishing Email Sub (PRWeb) KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, revealed the results of its Q4 2019 top-clicked
St. Landry Parish School system offline following cyber attack (KATC) All computers in the district have been taken offline and shut down accord to school superintendent Patrick Jenkins.
Cyber attack on St. Landry Parish School System under investigation (KLFY) “We’re going to try and be as normal as possible in terms of day to day operations until this situation is resolved.” -Patrick Jenkins, St. Landry school system superintendent LAF…
Security Patches, Mitigations, and Software Updates
Oracle addresses 334 security vulnerabilities in Q1 Critical Patch Update (Computing) Oracle issues another monster collection of security patches - and urges users to update ASAP, if they know what's good for them
Windows 7 end of support: Separating the bull from the horns (Computerworld) There’s a lot of misinformation about Win7 end-of-life bouncing around the blogosphere. While the last free official Win7/Server 2008 R2 patch appeared yesterday, there’s more to the story. No need to go running to the nearest soothsayer with your wallet open, in spite of what you may have read.
Facebook Will Now Remind You When It's Not the Only One Looking at Your Data (Gizmodo) Even if you’re a hardcore #DeleteFacebook-er, you’re probably guilty of using your worn out Facebook account to log into the occasional app—just for the convenience factor alone. Now, the company’s offering a bit more insight into how these tools function.
The growing cyberthreat to utilities - and how they should respond (World Economic Forum) More than half of utility companies expect a cyberattack on their critical infrastructure within the next 12 months. The threat is present and growing - so how should the sector prepare?
Netwrix reveals top seven IT predictions for 2020 (Netwrix) Netwrix analysts named targeted ransomware, attacks on AI-based solutions and data privacy challenges as the top three IT trends that will affect businesses in the next 12 months.
60% of US politicians haven’t upgraded their cybersecurity since 2016 (MIT Technology Review) Most American politicians haven’t seriously upgraded their cybersecurity since the 2016 hacks of the Democratic National Committee and Hillary Clinton’s campaign, according to a new poll from Harris and Google.
5G: Southeast Asia favours Samsung, unsure of Chinese tech brands (South China Morning Post) A poll finds Samsung is Southeast Asia’s preferred choice of 5G developer, beating US and Chinese rivals such as Huawei.
Lorca announces new cohort of 20 security scaleups (ComputerWeekly.com) 20 startups will focus their attention on automation, zero trust and supply chain security.
Security Compass Secures Growth Equity Funding from FTV Capital (BusinessWire) Security Compass, a leading provider of enterprise DevSecOps software solutions, announces it has secured growth equity funding from FTV Capital.
Data Layer Security Startup Cyral Announces $15.1 Million in Funding (Yahoo) Cyral, the first cloud service for enabling security policies at the data layer, today announced the close of an $11 million Series A funding round led by Redpoint Ventures with participation from A.Capital, Costanoa VC, Firebolt, SV Angel and Trifecta Capital.
Apple acquires edge-based artificial intelligence startup Xnor.ai for $200M (AppleInsider) Apple's acquisition of Xnor.ai suggests that the machine learning tools developed by the company may appear natively on iPhones and iPads in the future, with processing on-device instead of in the cloud.
Is 5G the Security Silver Bullet for System Integrators in the West? (Radware Blog) Cisco, Ericsson, Nokia and other non-Chinese vendors have a unique opportunity to lead with security in their 5G MEC applications.
Mountain View-based Mozilla lays off around 70 workers amid revenue shortfall (Silicon Valley Business Journal) Executive Chairwoman Mitchell Baker told employees Wednesday that the company had underestimated how long it would take to build and ship revenue-generating products.
Army Cyber looking for talent locally and to grow the workforce (The Augusta Chronicle) U.S. Army Cyber Command, which will complete a move of its headquarters to Fort Gordon later this year, is looking for talent locally and into the future,
Kenna Security Turns HSBC From Client to Investor (Yahoo) Kenna Security, the enterprise leader in risk-based vulnerability management, announced that HSBC, one of the world’s largest banking.
Cybersecurity Threats and Process Safety Requirements Fuel Record Growth for PAS Global (PR Newswire) PAS Global LLC, the leading solution provider of industrial control system (ICS) cybersecurity, process safety, and asset reliability in the...
Could Elastic Be a Millionaire Maker Stock? (The Motley Fool) Given its modest revenue base in expanding markets, the search company still has plenty of room to grow. But its stock price may follow a different trajectory.
CMO interview: How this marketing leader approached an IPO (CMO) Becoming the Salesforce or Workday of security is firmly in the sights of cybersecurity company, CrowdStrike. And judging by its successful initial public offering (IPO) last June, valuing the business at nearly US$7 billion, the market agrees the cloud native provider has the goods to achieve its mission.
Secure Technology Alliance Highlights 2019 Council Accomplishments, Announces 2020 Board and Executive Leadership (Globe Newswire) Alliance publishes notable achievements, activities, programs and more in Annual Review
Zscaler channel chief jumps to security training vendor KnowBe4 (CRN Australia) Dilshan Sivalingam to help build up vendor's ANZ channel.
Cybereason bolsters Southeast Asia ranks with double hire (Channel Asia) Cybereason has made a double appointment designed to act on channel growth aspirations in Southeast Asia.
Vislink Technologies Inc. Names Carleton M. Miller as Chief Executive Officer (Yahoo) The Board of Directors of Vislink Technologies Inc (VISL) announced today that it has named Carleton M. Miller as the company’s chief executive officer and a member of the Board of Directors, effective January 15, 2020. Carleton is a proven leader and an experienced CEO who has built global technology
Pete Buttigieg’s Campaign Cybersecurity Chief Resigns (Wall Street Journal) The cybersecurity chief for Pete Buttigieg’s campaign has resigned, amid warnings from intelligence officials and cybersecurity experts that presidential campaigns face challenges in thwarting cyberattacks and disinformation campaigns.
Mick Baccio, Pete Buttigieg's camaign CISO, has resigned (CyberScoop) The Chief Information Security Officer for Democratic presidential candidate Pete Buttigieg’s campaign, Mick Baccio, has resigned.
Pete Buttigieg's top cybersecurity staffer explains why he left the campaign (Mother Jones) His job was "to make sure 2016 doesn't happen again."
Products, Services, and Solutions
Fugue Open Sources Regula to Help Engineers Validate Terraform for Policy Compliance (Fugue) Fugue, the company empowering engineers to build and operate secure cloud systems that are compliant with enterprise policies, today announced it has open sourced Regula, a tool that evaluates Terraform infrastructure-as-code for security misconfigurations and compliance violations prior to deployment.
Versasec vSEC:CMS Added to Envoy Data Corporation's GSA Schedule (Versasec) Versasec announced today it has been added to Envoy Data Corporation's General Services Administration (GSA) schedule, facilitating access to vSEC:CMS solutions for hundreds of federal, state, local and higher education customers within the U.S. The $40+ billion GSA schedule's program offers government and higher education organizations pre-negotiated, fair and reasonable prices and expedites the procurement cycle of technology and other goods for these organizations.
Dun & Bradstreet And QOMPLX Join Forces To Provide Defense Contractors With Fast And Reliable Cybersecurity Maturity Model Certification (PR Newswire) Dun & Bradstreet, a leading global provider of business decisioning data and analytics, and QOMPLX™, an intelligent decision platform provider,...
To Combat Rising State-sponsored Cyberattacks, WhiteHat Security Offers Free Application Scanning Services to Public Sector Organizations (BusinessWire) WhiteHat Security today announced that it will offer free application scanning services to federal, state and municipal agencies in North America.
U.S. Dept. of the Interior Awards CenturyLink $1.6 Billion EIS Network Services Win (Yahoo) CenturyLink, Inc. (NYSE: CTL) announced that it won a task order, worth up to $1.6 billion, to provide secure network services and IT modernization solutions to the U.S. Department of the Interior (DOI) via the General Services Administration's Enterprise Infrastructure Solutions (EIS) program.
Tenable Selected as Partner of Choice as BeyondTrust Exits Vulnerability Management Market (Yahoo) Tenable®, Inc., the Cyber Exposure company, today announced it has entered into an exclusive partnership with BeyondTrust, a worldwide leader in Privileged Access Management (PAM), that names Tenable as the preferred vulnerability management partner for BeyondTrust Enterprise Vulnerability Management
Swan Island Networks Launches TX Global Subscription Service Delivering Breakthrough Security Intelligence Alerting (Blue Mountain Eagle) Swan Island Networks, a leading SaaS security intelligence provider, today announced TX Global, a breakthrough global intelligence alerting service.
Kaspersky pens a partnership deal to secure digital identities (CIO East Africa) Kaspersky has partnered with jewellery designer to protect unique human biometrics in the digital world. How can people continue to use biometric based authentication on their favourite devices without worrying about their unique data being stolen and misused? To answer this question, Kaspersky has teamed up with a 3D accessory designer from Stockholm and together …
Facebook has no Immediate Plans to Implement End-to-End Encryption on Messenger App; Should you move to a Different Platform? (Digital Information World) The reason behind it is said to be the enormous technicalities associated with the proposed change.
Ubisoft Chooses Anomali to Secure Its Global IT Infrastructure (Yahoo) Anomali, a leader in intelligence-driven cybersecurity, announced today that Ubisoft chose the Anomali Altitude integrated solutions.
Google finally brings its security key feature to iPhones (TechCrunch) More than half a year after Google said Android phones could be used as a security key, the feature is coming to iPhones. Google said it’ll bring the feature to iPhones in an effort to give at-risk users, like journalists and politicians, access to additional account and security safeguards, …
Technologies, Techniques, and Standards
Resilient Governance for Boards of Directors: Considerations for Effective Oversight of Cyber Risk (UC Berkeley Center for Long-Term Cybersecurity) A new report released today from UC Berkeley’s Center for Long-Term Cybersecurity and Booz Allen Hamilton provides an innovative framework to help boards take a dynamic approach to cybersecurity governance and oversight.
The Impact of Security Alert Overload (CRITICALSTART) CRITICALSTART conducted a survey of more than 50 Security Operations Center (SOC) professionals across enterprises, Managed Security Services Providers (MSSP) and Managed Detection & Response (MDR) providers to evaluate the state of incident response within SOCs. The survey was fielded Q2 2019.
Hack the Army 2.0 brings 146 new security vulnerabilities to light (FedScoop) The Department of Defense and bug-bounty platform HackerOne unveiled the results of their joint Hack the Army 2.0 initiative on Wednesday.
How Can You Protect What You Can't See? (Radware Blog) Radware’s 2019–2020 Global Application & Network Security Report combines statistical research and front-line experience to identify cybersecurity trends.
How To Stop Cyberattacks With Security-Minded Company Culture (Forbes) Assessing security risks makes it easier to see where the weaknesses are, helping to create targeted training for employees.
Compiling open source threat intelligence for threat hunts (Sophos News) In addition to normal tradecraft adaptations, any time a change in the geopolitical landscape takes place, cyberattack campaigns and adversary behaviors typically shift as well. The recent events w…
Design and Innovation
It’s time to take network defense to a new level (Fifth Domain) Maj. Gen. Scott L. Pleus argues that if the Department of Defense can implement modern tools, it can field the networks war fighters need with cybersecurity that actually works.
Inside Google's struggle to control its 'racist' and 'sexist' AI (The Telegraph) It was a cunning plan to keep its unruly artificial intelligence under control.
Research and Development
Patent issued for securing Intelligent Electronic Device (IED) networks (Control Global) There continues to be a significant gap in understanding of the Aurora vulnerability and other physics-related issues.
Where to store all this intelligence data? How about DNA? (C4ISRNET) Could synthetic DNA hold the key to storing massive amounts of data at scale?
Could we ever great an AI as smart as the human brain? (The Telegraph) In 1990 a paper curiously-titled “Elephants don’t play chess”, published by Australian roboticist Rodney Brooks, ushered in the idea that artificial intelligence could become smarter by learning as the human brain does.
Legislation, Policy, and Regulation
China’s Rights Abuses in Xinjiang Could Provoke a Global Terrorist Backlash (Foreign Affairs) Washington should help Beijing fight extremism without resorting to repression.
House Democrats request briefings on Iranian cyber threats from DHS, FCC (TheHill) The Democratic leaders of the House Energy and Commerce Committee on Wednesday requested briefings from two key federal agencies on efforts to secure the nation’s telecommunications against potential Iranian cyberattacks, as another Hou
Iran accuses Europe of yielding to 'high school bully' Trump in nuclear row (Reuters) Iran said on Thursday three European states had succumbed to "high school b...
Here are the NSA general counsel’s cybersecurity warnings (Fifth Domain) As he prepares to leave the National Security Agency, Glenn Gerstell laid out the intelligence community's cybersecurity challenges in the face of emerging technology.
Trump's action deterred Iran — now we must do so in cyberspace (TheHill) Cyber attacks provide plausible deniability for Iran, which might want to be seen as responding but also to have some cover.
Will cyberthreats from Iran overwhelm the US? (Fifth Domain) Ex-government officials and cyber experts offered advice for how companies and the government can better protect themselves from top cyberthreats.
Turkey Removes Ban on Wikipedia After Almost Three Years (Bloomberg) Wikipedia is available in Turkey again after a nearly three-year ban.
Putin Calls For Systemic Change. The 'System' Quickly Responds. (RadioFreeEurope/RadioLiberty) Russian President Vladimir Putin proposed a raft of constitutional changes interpreted as strengthening the role of Russia's parliament and circumscribing the powers of his eventual successor. It didn't take long to get things moving.
'Technocratic placeholder'? Putin picks low-profile tax chief as Russian PM (Reuters) Mikhail Mishustin, President Vladimir Putin's surprise choice to become Rus...
What was Russia’s Putin up to after the death of Iran’s Soleimani? (Defense News) Russian President Vladimir Putin’s movements since the recent U.S. killing of an Iranian general have underscored one of the most consequential trends driving events in the Middle East.
Mnuchin says Huawei not a 'chess piece' in US-China trade deal (TheHill) Treasury Secretary Steven Mnuchin said that negotiations between the U.S.
Huawei not part of trade deal (The Washington Times) China’s efforts to persuade the U.S. government to drop its criminal prosecution of a senior executive of Huawei Technologies, the global telecommunications giant, as part of a partial trade deal were not successful.
UK Culture Secretary: Security Is Paramount On Huawei Decision (Bloomberg) 5G is vital to the UK’s tech industry, says Nicky Morgan, Secretary of State for Digital, Culture and sport, but whatever decision is made on involving Huawei will depend on security - and it will not be part of the U.K.’s critical national infrastructure.
U.K. Vows to Keep Huawei Out of Key Security Infrastructure (Bloomberg) The U.K. will keep Huawei Technologies Co. out of “critical national infrastructure,” Culture Secretary Nicky Morgan said, as the government weighs up whether the Chinese company can play a role in developing the country’s 5G telecommunications networks. A final decision will come later his month, according to two officials familiar with the matter, who asked not to be named discussing the sensitive issue.
Britain is poised to let Huawei in – and Boris Johnson doesn't have a choice (The Telegraph) The telecoms market is an oligopoly dominated by just three companies:
Trump administration attempts to stop cyber attacks during presidential election (Fox News) White House expects major effort to hack into voting records and machines while experts say the government needs to be pro-active in order to stop the type of hacks that took place in 2016.
Soldiers are getting famous on TikTok, but the US and Australian military aren't fans (ABC News) The #army hashtag on TikTok may have over 11 billion views, but the Australian Defence Department is still not a fan.
Intel agencies push to close threats hearing after Trump outburst (POLITICO) Last year the president told intelligence officials to 'go back to school' after the annual Worldwide Threats hearing.
DOD Aims to Issue Proposed Rule for Certifying Contractors’ Cybersecurity in the Fall (Nextgov.com) Requests for proposals are still expected to include related requirements at that time.
Want Your Personal Data? Hand Over More Please (New York Times) A new California privacy law gives consumers the right to see and delete their data. But getting access often requires giving up more personal details.
Litigation, Investigation, and Law Enforcement
Chinese man arrested after making $1.6 million from selling VPN services (ZDNet) Chinese authorities continue their crackdown against unauthorized VPN services with what appears to be their biggest catch so far.
House Democrats Used Cellebrite to Publish Lev Parnas iPhone Messages (Vice) The released documents include an Apple iPhone “Extraction Report” generated by a Cellebrite product.
The FBI Got Data From A Locked iPhone 11 Pro Max — So Why Is It Demanding Apple Unlock Older Phones? (Forbes) As the FBI claims it can’t access older versions of the iPhone in Pensacola, a case in Ohio shows that the feds have access to hacking tools that can get data from the latest Apple device.
Michael Flynn withdraws guilty plea (The Washington Times) President Trump’s former National Security Adviser Michael Flynn late Tuesday asked a court to let him withdraw his guilty plea for lying to the FBI in the Russia probe.
How the Navy SEALs wound up buying 450 counterfeit radio antennas (Quartz) The cheap Chinese knockoffs came courtesy of a California-based vendor.