Cyber Attacks, Threats, and Vulnerabilities
Pak cyber crooks target Android devices of Indian Defence, Govt officials (Telangana Today) In a note circulated to officials of the Municipal Administration and Urban Development department here, it was said that these cyber crooks were sending specially crafted messages to these officials through SMS/WhatsApp with a link to click
India-Pakistan Rivalry Moves Into Cyber Space With The Support Of Key Allies – Israel & China (Eurasian Times) The India-Pakistan rivalry seems to have found a new battleground. In the technologically advanced 21st century, battlefields aren’t the only settings for launching an attack on each other as is suggested by the growing number of cyberattacks between India and Pakistan. Cyber Attacks in the India-Pakistan rivalry Cyber experts often acknowledge that the rivalry […]
Israel and Iran Just Showed Us the Future of Cyberwar With Their Unusual Attacks (Foreign Policy) A shadow war fought largely in secret has reached a new, more open phase.
Iranian cyberattacks on Israeli facilities thwarted for a year (The Jerusalem Post) Numerous cyber experts warn that the attacks at the hands of Iran are just the beginning, and that a flood of them is expected in the future.
Report: State Dept. uses software that Russia hackers have exploited (NBC News) The cybersecurity firm Area1 says candidates and agencies using the software are vulnerable to the same Russian operatives who hacked Democrats in 2016.
Amid Pandemic and Upheaval, New Cyber Risks to the Presidential Election (New York Times) Fear of the coronavirus is speeding up efforts to allow voting from home, but some of them pose security risks and may make it easier for Vladimir V. Putin, or others, to hack the vote.
Russia's 2020 plan (The Week) Will Russia interfere in the elections again? Almost certainly, experts say.
Security Analysis of the Democracy Live Online Voting System (Internet Policy) Democracy Live’s OmniBallot platform is a web-based system for blank ballot delivery, ballot marking, and (optionally) online voting. Three states—Delaware, West Virginia, and New Jersey—recently
announced that they will allow certain voters to cast votes online using OmniBallot, but, despite the well established risks of Internet voting, the system has never been the subject of a public, independent security review.
Czech Spat With Russia Worsens Over False Poisoning Plot Intel (Bloomberg) Prague expels two Russian embassy personnel in diplomatic row. Russia calls Czech move provacation and vows to retailiate.
Unit 42 discovers over 300 COVID-19-themed malware in public cloud environments (Back End News) Network traffic from all known Prisma Cloud environments was queried using these 20 suspicious IP addresses and domains and a total of 453,074 unique network connections were identified between March 1 and April 7, 2020.
Ongoing eCh0raix ransomware campaign targets QNAP NAS devices (BleepingComputer) After remaining relatively quiet over the past few months, the threat actors behind the eCh0raix Ransomware have launched a brand new campaign targeting QNAP storage devices.
Exploit code for wormable flaw on unpatched Windows devices published online (Ars Technica) Once elusive, remote code execution is looking increasingly likely.
US aerospace services provider breached by Maze Ransomware (BleepingComputer) The Maze Ransomware gang breached and successfully encrypted the systems of VT San Antonio Aerospace, as well as stole and leaked unencrypted files from the company's compromised devices in April 2020.
Top US aerospace services provider suffers breach, loses 1.5 TB of data (HackRead) The hackers behind this breach are Maze ransomware operators who also leaked some of the company’s data as proof of hack.
ST Engineering network here not affected by US cyber attack (The Straits Times) Singapore's biggest defence technology firm ST Engineering yesterday said its IT network in Singapore and its other businesses have not been compromised by a cyber attack on its United States subsidiary.. Read more at straitstimes.com.
Vulnerability discovered in DNS recursive resolvers that can be abused to launch DDoS attacks against any victim (Security Brief) Researchers have discovered a vulnerability in the implementation of DNS recursive resolvers that can be abused to launch disruptive DDoS attacks against any victim.
Beware! New iOS 'Sign In With Apple' Bug Lets Hackers Gain Account Control (Tech Times) How to avoid possible malicious acts on your Apple device.
Exploit code for wormable Windows 10 SMBGhost bug released on Github (Computing) People using the code may see crashes presenting a blue screen of death
Widespread credential stuffing attacks target gaming industry (Back End News) Akamai said the company witnessed over 12 billion credential stuffing attack in the gaming industry alone over the 17-month period from November 2017 to March 2019.
Hackers Target California University Leading Covid Research (Bloomberg) Attackers infiltrated UCSF then posted ransom note June 3. University has contacted law enforcement and security experts.
German Task Force for COVID-19 Medical Equipment Targeted in Ongoing Phishing Campaign (Security Intelligence) IBM X-Force Incident Response and Intelligence Services uncovered a precision-targeting phishing campaign exploiting the race to secure essential PPE.
Hackers target senior executives at German company procuring PPE (CyberScoop) On March 30, as the novel coronavirus swept through Germany, the country’s government tasked nine multinational companies, including pharmaceutical giant Bayer and automaker Volkswagen, with procuring personal protective equipment to make up for a lack of gear.
Why would someone want to hack Germany's PPE supply chain? We're glad you masked (Register) IBM says phishing operation could be effort to get upper hand in negotiations
Bail organizations, thrust into the national spotlight, are targeted by online trolls (NBC News) The network protection firm Cloudflare wrote in a blog post this week that attacks on advocacy sites have experienced a 1,120 percent increase from the month prior.
Criminals stealing unemployment benefits as claims surge (AP NEWS) Criminals are seizing on a surge in job losses to steal unemployment benefits from Americans nationwide. This complicates an already tough situation for millions of financially strapped Americans...
Phishers Hide #COVID19 Malware in CVs and Medical Leave Forms (Infosecurity Magazine) Check Point data finds attack levels on the rise as businesses re-open
Cyber-Criminals Revive W-2 Scams Ahead of Extended Tax Deadline (Lexology) During the first few months of the COVID-19 pandemic, cyber-criminals introduced companies to an assortment of clever phishing attacks that exploited…
The IRS’s Extended Tax Deadline Fuels Email Phishing (INKY) One plus that has come from the Coronavirus pandemic is an extended tax deadline. Though what may be good for taxpayers is also extending the opportunity for tax-time hackers. Learn what to look for before you file.
Dorset Police warn on phishing emails relating to NHS Test and Trace (Bournemouth Echo) DORSET Police has warned about phishing emails relating to the NHS Test and Trace programme.
Cyber Security Philippines says FB fake account 'attackers' reference 'work, school', urges to report issue to the NPC (GMA News Online) As of this writing, FAKE ACCOUNTS is on the top trending list in Philippine Twitter with over 80,000 tweets from netizens who were alarmed and complaining over surfacing fake and empty accounts on Facebook.
S'pore woman loses S$94,000 to scammers over 3 days, only realises when police calls to tell her (Mothership) The scammers identified themselves as officers from Singtel and the CSA, and sought her cooperation to catch hackers who supposedly compromised her IP address.
San Beda student portal hacked, personal data of thousands stolen (Rappler) San Beda University seeks the help of the National Bureau of Investigation and the National Privacy Commission to track down the hacker
Amid investigation, alleged San Beda hackers release '16gb database of San Beda' (Rappler) While San Beda is working with authorities, the alleged hackers' web page remains accessible. A new Twitter page also appears, claiming the public release of all the stolen data.
City of Florence computer system hit with cyber attack (TimesDaily) Mayor Steve Holt confirmed Friday that the city was hit with a cyberattack that shut down the city's email system.
Fears patient files at city GP surgery hacked - urgent probe launched (Birmingham Mail) Staff at Hockley Medical Practice, Birmingham, have acted swiftly after being made aware of the possible cyber attack.
BREAKING: Columbia student information at risk in ransomware attack (The Columbia Chronicle) Updated Saturday, June 6 at 9 a.m. with information from Chief of Staff Laurent Pernot. Columbia is the latest victim in an attack by a group of data hackers known as NetWalker that is threatening to publish students’ private data and sell their personal information on the dark web. NetWalker is a “family” of ransomware,...
University of Utah Health patient info was breached through ‘phishing schemes’ (Deseret News) University of Utah Health announced it has fallen victim to a phishing scheme in which an outside party accessed patient information such as birthdates, names and clinical information though employee email accounts.
ZEE5 Refutes Report of Data Breach After Hackers Threaten to Leak Customers' Info Online (News18) A hacker identifying himself as John Wick has claimed to have accessed the network of popular streaming service ZEE5, allegedly stealing over 150GB of user data.
Third of UK internet users report worse service since lockdown (ComputerWeekly) Even though operators assured at beginning of lockdowns that their infrastructures could cope with the extra strain on home networks, UK internet users say the quality of their online experiences has demonstrably worsened
Security Patches, Mitigations, and Software Updates
Apple Just Made A Striking New Security Move That Will Impact All Users (Forbes) Apple has made a striking password security move that will impact all users, for the better.
uBlock Origin ad blocker now blocks port scans on most sites (BleepingComputer) A recent update to an ad block filter list now allows the uBlock Origin extension to block most of the known sites that perform port scans of your local Windows computer.
Cyber Trends
Is a ‘Cyber Pandemic’ Coming? (Government Technology) Over the past week, multiple global business leaders warned of a coming cyberattack with devastating impacts. Is this just FUD or current reality? Let’s explore.
Gigamon Sponsored Report Highlights IT Security Professionals Perception of Cyberthreats, the Challenges They Face and Their Plans to Overcome Them (Gigamon) 2020 Cyberthreat Defense Report findings show a rise in diverse cyberattacks and a shortage of skilled IT teams, signaling the need for automated security solutions
Third of people ‘hold chief executive personally responsible for cyber attacks' (Evening Express) Chief executives should be held personally responsible for cyberattacks, with many users believing they should also be compensated for such breaches, new research suggests.
80% of Australian companies think cybersecurity investments 'failing' (Security Brief) A new report from Accenture finds that 70% of Australian organisations are in a 'constant battle' with cyber attacks, while costs are spiralling out of control.
WFH: Nearly half of Arab online users did not receive cybersecurity guidelines from employers (AME Info) Kaspersky conducted a recent survey in collaboration with popular Arabic technology news portal AITnews, aiming to understand if employees working from home are equipped to protect themselves from the increased attacks on networks and mobile devices.
Don't pay ransoms, but if our data is compromised pay £678 say consumers (SC Magazine) Some 80 percent of UK consumers believe organisations should refuse to pay ransoms, but still hold companies financially liable for their personal data, a Veritas Technologies report shows.
Marketplace
NHS Covid-19 datastore contracts published under pressure from privacy groups (ComputerWeekly.com) The government has published the contracts with Palantir, Faculty, Microsoft, and Google for the controversial NHS Data Store ahead of court proceedings initiated by civil liberties organisation OpenDemocracy.
Dublin cybersecurity firm Edgescan raises €10.5m (Silicon Republic) With investment from BGF, Dublin cybersecurity firm Edgescan plans to accelerate its international expansion and new product development.
BGF invests €10.5m in Dublin cybersecurity company (The Irish Times) Investment is the fourth by state-backed BGF in the Republic
National Grid Partners invests in two cybersecurity firms (Daily Energy Insider) National Grid Partners (NGP), the investment arm of the National Grid, is investing in two leading online data and cybersecurity companies.© Shutterstock “In these uncertain times, few things are more mission-critical than data security,” Lisa ... Read More »
Northstar invests in PKWARE (PE Hub) Northstar Capital has made an investment in PKWARE, a creator of the .ZIP file format.
Sophos Confirms Restructuring Plans, Denies Blog Closure (Infosecurity Magazine) Sophos confirms it is implementing some internal restructuring
“Covid-19 did more good than ill. We refrained from layoffs and cutting salaries. We’re hiring” (CTECH) Dorit Dor, the number 2 executive at cybersecurity giant Check Point talks about the impact of coronavirus on the company
Ericsson seeks to strengthen its long position in China; Huawei goes on UK charm offensive (Mobile Europe) Mobile Europe & European Communications is the leading B2B title for the telecoms industry, exploring operators' technology strategies and providing CTOs and their teams with news, analysis and opinion about the latest developments in the sector.
Crossword Cybersecurity Consulting Division signs three-year deal with Agria Pet Insurance Ltd to become its trusted cyber security partner (RealWire) Crossword Cybersecurity PLC (AIM:CCS, “Crossword”, the “Company” or the “Group”), the technology commercialisation company focused solely on cyber security and risk, has today announced that its Consulting division has signed a three year contract with Agria Pet Insurance Ltd, the award winning lifetime pet insurer, working as its trusted cyber security partner
Steven Carlotto Joins Cyber Defense Labs As General Counsel (EnterpriseTalk) Cyber Defense Labs, a full lifecycle information security service provider helping companies manage, detect and respond to today’s cyber risks, has named Steven Carlotto as General Counsel and member of the company’s executive leadership team. In this role, Mr. Carlotto will oversee all corporate legal affairs and serve as a counselor and advisor to the company’s senior […]
Products, Services, and Solutions
IBM launches new toolkit to put fully homomorphic encryption in developers’ hands (SiliconANGLE) IBM Corp. on Thursday released a free toolkit meant to make it practical for developers to implement fully homomorphic encryption, an emerging cryptography scheme with the potential to be safer than current methods and more resistant to quantum computers.
Introducing BotSight: A New Tool to Detect Bots on Twitter in Real-Time (Norton LifeLock) Quantifying Disinformation on Twitter, one Tweet at a Time
ESET Removes Social Media Scanner from Product Portfolio (IT News Online) Cybersecurity provider ESET announced that it has removed the ESET Social Media Scanner from its product portfolio, due to increased restrictions on third-party API applications.
IBM Releases Security Appliance for Apple Devices (Somag News) IBM released a tool that encrypts while macOS and iOS apps are in use. For now, the tool released for Apple devices is expected to be released for Linux and Android soon. This software developed by IBM also facilitates the use of homomorphic encryption technique. One of the last things we want to see when …
Monnit’s new ALTA advanced edge gateways for IoT security (Ferret) Metromatics presents the ALTA advanced edge gateway, recently released by Monnit Corporation for IoT applications.
Dropbox Launches Invite-Only Password Manager (PCMag UK) Store all your passwords in one place, with one click sign-ins, and zero-knowledge encryption for security.
KnowBe4's "The Inside Man" Series Wins a Silver Telly Award (Benzinga) KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced its security awareness training series "The Inside Man" has been awarded a Silver Telly Award in the non-broadcast: employee communications category.
SafeSend available to VIPRE partners (Security Brief) VIPRE’s reseller partners can now offer SafeSend to their customers to help prevent data breaches caused by employee-error.
Businesses develop apps quickly to manage disruption of Covid-19 (ComputerWeekly) Healthcare companies, insurers, government agencies and big tech companies have used technology from Pegasystems to develop apps to manage the disruption caused by Covid-19 coronavirus.
Bridgecrew streamlines infrastructure security from code to cloud with new developer-first platform (PR Newswire) Bridgecrew transforms how teams secure their public cloud by embedding infrastructure security earlier in development lifecycles. With new...
Technologies, Techniques, and Standards
Protecting COVID IP From Cyber-Spies (Mondaq) The scientific community has been invaluable in the fight against COVID-19. Companies, universities, hospitals and research institutes worldwide have increased their research efforts to try to find effective...
Feds’ Telework Success Paving the way for Modernized Secure Remote Access (Meritalk) The COVID-19 pandemic has driven Federal agencies to leap to maximum telework capacity on short notice. While many were able to kick telework into high gear in only a matter of days because of previous or ongoing IT modernization investments, the requirement to change fast and on the fly underscores the vital need for modernization – in the case of a pandemic or not.
Faking vein scans is doable but maybe only after every single other option is exhausted (Biometric Update) Researchers with access security player Duo Security have written about experiments they have conducted using near infrared light for authentication. They wanted some practical experience with near…
The Case for Using Commercial Tools to Allow Classified Telework (Nextgov) Programs like the National Security Agency’s Commercial Solutions for Classified could be a path to transmit classified information without specialized hardware.
Five signs a virtual CISO makes sense for your organization (Help Net Security) Adding a CISO may be cost-prohibitive for many companies. Here are five signs that a virtual CISO may be right for your organization.
Leading a remote workforce requires different mix of flexibility, empathy, managers say (Federal News Network) The pandemic has changed when and how federal employees work, creating new challenges and opportunities for managers, leaders at several agencies say.
Design and Innovation
Q&A: The Pioneers of Web Cryptography on the Future of Authentication (IEEE Spectrum: Technology, Engineering, and Science News) Martin Hellman, Taher Elgamal, and Tom Jermoluk were instrumental in shaping how the Internet works. Now they're looking at what’s next for web security
Zoom defenders cite legit reasons to not end-to-end encrypt free calls (Ars Technica) Critics say everyone deserves it. Others say safety should be factored in, too.
Facebook’s Zuckerberg Vows to Review Content Policies (Bloomberg) CEO to look at policies on voter suppression, state force. Facebook will launch a voter hub for vetted information.
Facebook tells group admins to consider adding people of color as moderators (The Verge) To better facilitate discussion in Facebook groups
Scientists funded by Zuckerberg sent him a letter calling Facebook’s practices ‘antithetical’ to his philanthropic mission (Washington Post) Dozens of scientists funded by the Chan Zuckerberg Initiative urged Mark Zuckerberg to enforce stricter policies around the spread of misinformation and incitements to violence.
Facebook limits spread of 'Boogaloo' groups amid protests (Reuters) Facebook Inc is making it harder to find user groups associated with the term "Boogaloo," which refers to a potential U.S. civil war or the collapse of civilization, the company said on Thursday.
How Google Docs became the social media of the resistance (MIT Technology Review) In the week after George Floyd’s murder, hundreds of thousands of people joined protests across the US and around the globe, demanding education, attention, and justice. But one of the key tools for organizing these protests is a surprising one: it’s not encrypted, doesn’t rely on signing in to a social network, and wasn’t even…
Twitter removes Trump campaign tribute to George Floyd claiming copyright complaint (TheHill) Twitter on Thursday removed a video tribute to George Floyd posted by President Trump’s reelection campaign, claiming it had run afoul of the website’s policy on copyrighted material.
The activist dismantling racist police algorithms (MIT Technology Review) Hamid Khan has been a community organizer in Los Angeles for over 35 years, with a consistent focus on police violence and human rights. He talked to us on April 3, 2020, for a forthcoming podcast episode about artificial intelligence and policing. As the world turns its attention to police brutality and institutional racism, we…
Research and Development
Google, Apple Struggle to Regulate Covid-19 Tracing Apps (Wall Street Journal) With no national standards, technology giants have become gatekeepers in the coronavirus-tracing market.
Analysis | The Cybersecurity 202: DARPA wants hackers to try to crack its new generation of super-secure hardware (Washington Post) Its offerings a bug bounty for breaching voting machines and medical systems with the new hardware.
Legislation, Policy, and Regulation
European Parliament advised to build its own 'European Internet' to block services supporting unlawful activities (Computing) EU also needs to start a funding programme for European firms to build sophisticated eGovernment services, policy document says
Europe’s Cloud Project Mandates Security, Privacy Compliance (Wall Street Journal) Companies involved in the project, known as Gaia-X, will be required to comply with certain standards and European laws, including the 2018 General Data Protection Regulation. French and German government officials who launched the cloud initiative say it could help protect the continent’s economic interests because U.S. companies dominate the cloud computing market.
France Creates Fund to Protect Tech Startups from Takeovers (Bloomberg) Finance Ministry sets aside up to 500 million euros for fund. Distressed tech firms may become ‘prey’ for foreign bidders.
Iran's Coronavirus Communications Create a Window of Opportunity for America (Yahoo News) Tehran’s leaders are pushing conspiracy theories about the pandemic. Now is Washington's time to strike.
Boris Johnson 'signals shift away from China 'to invest in 5G alternative' (inews) The "Five Eyes' intelligence network has agreed to produce a Western-only alternative to Chinese 5G giant Huawei
HSBC warns of reprisals in China if UK bans Huawei equipment (CityAM) HSBC has reportedly warned Downing Street against a ban on Huawei in 5G telecoms networks, in a further escalation of tensions between Britain and China.
Huawei launches open letter to UK amid new review into 5G role (Yahoo) Huawei said it was 'as committed as ever' to working with network operators amid a fresh probe into its role in 5G networks.
Huawei begins media blitz as UK weighs its 5G role (BBC News) Chinese firm buys online and newspaper ads as officials reconsider if it poses a security risk.
Huawei marks 20 years of UK business with newspaper ad campaign (Mobile News) Ad campaign comes after launch of new NCSC security review
GAO Chides DoD For Absence Of Cybersecurity Requirements (Breaking Defense) Overall, costs of major DoD acquisition programs have grown by 54 percent over their lifetimes and schedule delays average two years, GAO's annual report finds.
DOD Officials, Cybersecurity Accreditation Partners Struggle with the China Question (Nextgov) Officials are also still hammering out conflict-of-interest issues, as watchdogs flag failures in Defense acquisition practices.
Algorithmic Warfare: Undetected Devices May Pose CMMC Issues (National Defense) The defense industry is gearing up for audits as the Pentagon’s highly anticipated set of new cybersecurity standards begin to be implemented this summer. However, undetected hardware and software on company networks may pose challenges.
Army has our back in cyber war (Punchline) With GCHQ and plans for the new Cyber Park in Cheltenham, Gloucestershire is already at the heart of the UK’s cyber war.
Litigation, Investigation, and Law Enforcement
Washington state gets back millions in stolen jobless aid (AP NEWS) Washington officials said Thursday they believe they have recovered about half of the hundreds of millions in unemployment benefits paid to criminals who used stolen...
Electrolux, Others Conned Out of Big Money by BEC Scammer (Threatpost) Kenenty Hwan Kim has pleaded guilty to swindling the appliance giant and other companies in a set of elaborate schemes.
Owners of DDoS-for-Hire Service vDOS Get 6 Months Community Service (KrebaOnSecurity) The co-owners of vDOS, a now-defunct service that for four years helped paying customers launch more than two million distributed denial-of-service (DDoS) attacks that knocked countless Internet users and websites offline, each have been sentenced to six months of community service by an Israeli court.
Shimla: Friends, relatives found involved in most cases of cybercrime (The Times of India) An analysis of complaints received by the state cyber police station, Shimla in 2019-20 revealed that often friends, relatives, employees and servants