Cyber Attacks, Threats, and Vulnerabilities
Palestinians might carry out cyberattacks in response to annexation (The Jerusalem Post) While it’s not the number one threat, Yuval Diskin, the former head of Israel’s Shin Bet internal security agency warned that it’s one that the defense establishment should prepare for.
'Thanos' ransomware weaponizes research tool against Windows users (CyberScoop) Scammers on cybercriminal forums are marketing a new strain of ransomware, dubbed “Thanos,” aiming to infiltrate computers running Microsoft Windows.
Thanos ransomware auto-spreads to Windows devices, evades security (BleepingComputer) The Thanos ransomware is the first to use a researcher-disclosed RIPlace anti-ransomware evasion technique as well as numerous other advanced features that make it a serious threat to keep an eye on.
Increased Use of Mobile Banking Apps Could Lead to Exploitation (FBI) As the public increases its use of mobile banking apps, partially due to increased time at home, the FBI anticipates cyber actors will exploit these platforms.
Expert Insight On FBI Alerts Of Increased Hacking Targeting Mobile Banking Apps (Information Security Buzz) In response to an FBI alert issued today that warned mobile banking app users that they will be increasingly targeted by hackers trying to steal their credentials and take over their banking accounts, cybersecurity experts offer perspective.
Vast hack‑for‑hire scheme targeted thousands of people, organizations (WeLiveSecurity) A hack-for-hire group has for years targeted thousands of people and hundreds of organizations across six continents, according to a report by Citizen Lab.
Honda in Recovery Mode after Monday’s Cyberattack (Autoweek) Honda Global was hit with a ransomware attack, but no personal info is in jeopardy, says the company.
()
AP Exclusive: Police officers’ personal info leaked online (Washington Post) The U.S. Department of Homeland Security is warning police departments across the country that the personal information of officers is being leaked online amid demonstrations across the U.S. over the death of George Floyd and others
Billions of devices affected by UPnP vulnerability (Naked Security) Stop us if you’ve heard this before but a researcher has uncovered a new security vulnerability affecting many devices running the Universal Plug and Play (UPnP) protocol.
CrossTalk: First Speculative Execution Attack Allowing Data Leaks Across Intel CPU Cores (SecurityWeek) SRBDS/CrossTalk: Intel has released patches for another speculative execution vulnerability affecting many of its processors
Bogus 'Contact Tracing' Apps Deployed to Steal Data: Researchers (SecurityWeek) Fake"contact tracing" apps designed to look like official software to track coronavirus infections have been deployed globally to spread malware and steal user data.
Bitcoin scammers take YouTube channels for a SpaceX ride (Naked Security) Multiple hijacked YouTube accounts impersonated Elon Musk’s Space X channel in a Bitcoin scheme that ripped off a total of more than $163,000.
Gamaredon group hackers target Microsoft Outlook and Office - Verdict (Verdict) Researchers at antivirus company ESET have discovered Gamaredon group has developed new tools to target Microsoft Outlook and Office.
Gamaredon group grows its game (WeLiveSecurity) ESET research discovers several previously undocumented post-compromise tools used by the highly active Gamaredon APT group in various malicious campaigns.
Hackers breached A1 Telekom, Austria's largest ISP (ZDNet) A1 needed more than six months to kick the hackers off its network. Whsitleblower claims the intruders were Chinese hackers.
Fake Black Lives Matter voting campaign spreads Trickbot malware (BleepingComputer) A phishing email campaign asking you to vote anonymously about Black Lives Matter is spreading the TrickBot information-stealing malware.
Compromising Android Applications with Intent Manipulation (Trustwave) As a mobile app tester, I have encountered numerous varied vulnerabilities. During one of my mobile engagements, I was able to achieve an Authentication Bypass by simply invoking each exposed Activity component of the Android application. Read More ...
What is a Website Defacement? (Sucuri Blog) Website defacement is the most obvious sign of a hack. In these cases, bad actors who have gained access to an environment leave their mark through digital vandalism. For website owners, it means trying to
Telehealth company Babylon Health exposes customer consultations in data breach (SiliconANGLE) Telehealth company Babylon Health exposes customer consultations in data breach - SiliconANGLE
()
Babylon Health breach sees software error expose patient videos (Verdict) Babylon Health's GP appointment app has suffered a data breach, and health secretary Matt Hancock is among the app's users.
Babylon Health apologises for patient data breach (ITIJ) UK-based health service provider Babylon Health has reported a data breach in which patients were able to access video recordings of other patients’ consultations
Report: Tycoon Ransomware Targets Windows, Linux Systems (BankInfo Security) A sophisticated strain of ransomware called Tycoon has been selectively targeting education and software companies since December 2019, according to a joint report
Alabama City to Pay Cyber-Ransom (Infosecurity Magazine) Florence to pay cyber-criminals a $291,000 ransom after suffering ransomware attack
()
The Real Cost Of Ransomware And How We Stop Paying It (Forbes) Ransomware attacks are never far from the headlines and the impact of a successful hit can be devastating. Paying the ransom saves you nothing, in fact, the cost nearly doubles.
Australian drinks manufacturer Lion suffers cyber attack (Verdict Drinks) Australian beverage maker Lion has confirmed that it has been hit by a cyber attack and had to shut down its operational and manufacturing systems briefly.
Hackers take credit for allegedly taking down City of Austin's website (KVUE) This came hours before the city council's special meeting to discuss the Austin protests and the APD's response.
Security Patches, Mitigations, and Software Updates
Decade-old vulnerability among 129 Patch Tuesday fixes (ComputerWeekly) A 10 year-old bug in Windows Group Policies could easily enable attackers to gain highly privileged user status on target systems, open the doors to a wave of cyber attacks
Microsoft ships hefty patch load this month (WeLiveSecurity) Microsoft’s Patch Tuesday for June 2020 includes fixes for a whopping 129 security flaws, including 11 rated as critical and 3 flaws in the SMB protocol.
Cyber Trends
Is AI now essential for cybersecurity? (Computing) The increasing sophistication and automation of attacks is leading to an AI arms race, but RoI is hard to prove
Compliance in the Era of Digital Transformation (Coalfire) Transform compliance into an efficient and empowering program with assessment coordination, automation, and ongoing visibility for risk and cost reduction.
The 'new normal' as cyber-spies navigate pandemic (BBC News) How countries have had to change focus to fight the new threat of Covid-19.
Government is spying on you: ways to protect yourself (2Spyware) Information gathering is a common practice. It might not come as a surprise that advertisers, tech companies, websites, or social networks are gathering information about
IBM Puts $50K Per Hour Price Tag on Cloud Breaches (SDXcentral) Cloud security breaches can cost companies more than $50,000 in less than an hour, according to a new IBM Security report.
Cybersecurity must take centre stage in the gig economy (ITProPortal) In the UK, the gig economy now accounts for more than 4.7 million workers – and employs 1 in 10 working-age adults.
Marketplace
Cybersecurity Firm Buys IT Service Provider: Cyemptive Acquires Interpreting Technology (MSSP Alert) Cyemptive Technologies acquires Interpreting Technology. M&A deal unites cybersecurity firm & an IT services company featuring ethical hacker expertise.
Wipro Partners with and Invests in CloudKnox Security to Secure Multi-Cloud and Hybrid Cloud Infrastructure (EquityBulls) Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO), a leading global information technology, consulting and business process services company, today announced a partnership with CloudKnox Security. The Wipro and CloudKnox joint solution off
Palo Alto Networks’ $2 Billion Convertible Senior Notes Offering (Global Legal Chronicle) Davis Polk advised the representatives of the several initial purchasers in connection with the offering. Palo Alto Networks, Inc. executed an offering of an aggregate principal …
Booz Allen Secures $800M Contract to Support JAIC JWNMI; Steve Escaravage, Emily Murphy Quoted (ExecutiveBiz) Booz Allen Hamilton has been awarded a five-year, $800 million contract by the GSA’s Federal Systems Integration and Management Center (FEDSIM) and the Department of Defense (DoD) to provide artificial intelligence (AI) services to support the Joint AI Center (JAIC), the company reported on Wednesda
Cybersecurity Push By Microsoft, Amazon Comes As Cloud Computing Grows | Investor's Business Daily (Investor's Business Daily) Amazon and Microsoft are poised to grab share in cybersecurity as companies move more business workloads to their cloud computing services.
Amazon bans police use of facial recognition technology for one year (CNBC) Amazon said on Wednesday that it's putting in place a one-year moratorium on police use of Rekognition.
IBM wins praise for halting sales of its facial recognition tech, but experts say it may have left itself a loophole (Business Insider) IBM has promised to stop selling "general purpose" software, but this leaves it wiggle-room to keep making custom-built tech.
Facebook Deplatforms Hundreds of Anti-Racist Skinheads and Musicians (One Zero) ‘They wanted to see my ID before they would give me my account back’
Young Conaway Team Advises Oversight Board LLC (PR Newswire) A multi-disciplinary team has been assembled by Young Conaway Stargatt & Taylor, LLP to advise Oversight Board LLC ("Oversight Board"), a...
NT Concepts Welcomes Brandon Ginsburg to Leadership Team (WashingtonExec) NT Concepts has added Brandon Ginsburg as senior vice president and chief growth officer, a role in which he will continue to accelerate the company’s
Risk Intelligence A/S : appoints new directors and strengthens client relations and sales (Marketscreener) Risk Intelligence A/S announces today that the company has appointed Jan Michelsen as Client and Business Development Director and Jim Pascoe as Sales Director. With the appointment of the two...
Code Dx Adds Dr. Gary McGraw as Strategic Advisor (PR Newswire) Code Dx, Inc., a provider of an award-winning application security workflow management solution that automates and accelerates the discovery,...
Products, Services, and Solutions
Leading HR Platform Provider Namely Taps StackRox for Security in Amazon Elastic Kubernetes Service (StackRox) StackRox Kubernetes Security Platform delivers DevSecOps across build, deploy, and runtime for Namely’s cloud-native applications
YouAttest Launches First Cloud-Based Identity Auditing and Compliance Solution for Okta's Identity Cloud (PR Newswire) YouAttest, an innovator in the Identity Governance & Administration (IGA) market today announced the general availability of YouAttest's...
Pulse Secure Extends Pulse Cares Program to Assist Global Shift to New Remote Workstyle and Digital Business Acceleration (GlobeNewswire) Surge in secure access sales supports research bellwether for long-term workplace flexibility, and increased hybrid IT application infrastructure capacity for WFH workloads and cloud services
HelpSystems Adds New MFTaaS Solution and Enhances Secure File Collaboration (GoAnyWhere) HelpSystems today announced a new release of its award-winning secure managed file transfer (MFT) software GoAnywhere MFT. The new version includes a release of the HelpSystems SaaS solution, as well as more robust collaboration via secure email and forms.
NAVEX Global Launches Risk Management Solution Packages to Address Third Party, Business Continuity and Privacy Risk Management Needs (BusinessWire) NAVEX Global®, the leader in integrated risk and compliance management solutions, today announced the availability of three new offerings designed to
Zerto to Transform Global Data Protection Market by Offering Continuous Data Protection to All Application Tiers (BusinessWire) Zerto plans to transform the global data protection market by opening up the benefits of its CDP through a single platform to all application tiers.
Zerto Announces Plans to Extend IT Resilience Platform to Next-Gen Applications (Zerto) Zerto to provide disaster recovery, continuous data protection, and mobility in a single, simple, scalable IT Resilience Platform for on-premises, cloud, and Kubernetes applications
Menlo Security partners with Microsoft to provide defenses to customers faster (Help Net Security) Menlo Security is partnering with Microsoft to obtain advance vulnerability information through the Microsoft Active Protections Program (MAPP).
RiskIQ Analyzes Millions of Internet Observations to Map the Enterprise Attack Surface (GlobeNewswire) New Report Details Five Ways Hackers are Exploiting Organizations Outside the Firewall
ESET Offers Free Cybersecurity Awareness Training for Business (PR WIre) ESET, a global leader in cybersecurity, has released a free online cybersecurity training tool for businesses.
Q6 Cyber Partners with Alfa Group to Offer E-Crime Intelligence in the EU and UK (PR Newswire) Q6 Cyber, a leading provider of e-crime intelligence, and Alfa Group, a leading European provider of cybersecurity and fraud prevention...
SonicWall Advances Network Edge Security, Adda Multi-Gigabit Switch Series, Easy-to-Manage SD-Branch Capabilities (SonicWall) New SD-Branch solution delivers proven security, connectivity and management to dispersed organizations with growing branch locations
Zimperium Announces First and Only Comprehensive Security for Chromebooks (Business Wire) Machine learning-based solution goes beyond detecting known malware; protects against device, network, phishing and malicious app attacks
1Password and Rippling forge alliance to provide enterprise password management to secure HR and IT administration at scale (PR Newswire) 1Password, the world's most loved enterprise password manager, today announced a partnership with Rippling, an employee management platform....
Technologies, Techniques, and Standards
Coronavirus Contact Tracing Apps: managing the pandemic spread, or ending privacy for individuals? (Check Point Software) By Oleg Ilushin - Security Researcher | Jonathan Shimonovich - Group Manager The Coronavirus pandemic has taken a huge toll worldwide for both
5 keys to protecting OneDrive users (Help Net Security) All the security issues tied with using OneDrive are common for most cloud storage services. To minimize security issues, follow strict protocols.
Mitigating Credential Stuffing Attacks in the Financial Sector (Akamai) (If You Think Multi-Factor Authentication Prevents Credential Stuffing, Think Again!) Financial services firms around the world are experiencing credential stuffing attacks at an alarming rate. Cybercriminals are using readily available automation tools, botnets, and compromised account credentials to mount increasingly...
Lessons Learned for Maintaining Attorney-Client Privileged Data Breach Investigation (and other Consultant) Reports (Ad Law Access) This post discusses the background and rationale that led to the Court’s finding and offers our advice concerning steps that should be taken to maximize the potential scope of protection for consultant reports in data breach investigations and other corporate investigations.
()
Why a Marine information warfare unit knows it can win (C4ISRNET) The outgoing commander of a Marine information warfare unit described how his unit is modernizing and adapting to the renewed information environment.
Design and Innovation
‘Bot or Not?’ – a game to train us to spot chatbots faking it as humans (Naked Security) Can you tell whether you’re talking to a human or AI?
Convenience + Security: The Maths of Multi-modal Authentication (Fingerprints) For today’s efficiency-loving consumers, convenience is more important than ever.
Research and Development
Government to fund nine advanced security projects (ComputerWeekly) Nine academic projects have been selected to receive a share of a £10m funding pot as they develop advanced cyber security solutions using prototype chipsets
CyberGraph: mapping cyber threats to prevent the next attack (Techxplore) Although nearly every aspect of our lives relies on technology, our current cybersecurity infrastructure is not prepared to effectively defend our social, economic and political organizations from advancing cyberattacks, said Howie Huang, a professor of electrical and computer engineering in the George Washington University School of Engineering and Applied Science.
Legislation, Policy, and Regulation
Germany Seeks EU Sanctions for 2015 Cyberattack on Its Parliament (Wall Street Journal) Germany is urging other European Union governments to impose the bloc’s first sanctions for hacking on a suspect in a 2015 cyberattack on the German parliament.The Russian hacker in question has also been indicted for interfering in the 2016 U.S. election.
HK national security law 'likely' within one month (Global Times) Setting up a new unit within the Hong Kong Police Force (HKPF) does not necessarily mean the capabilities of the Chinese mainland's affiliated national security agency in the Hong Kong Special Administrative Region (HKSAR) in enforcing the law would be weakened.
COVIDSafe’s legislative framework: an overview (Lexology) A recent amendment to Australia’s privacy laws has enshrined key privacy and data measures to support the operation of COVIDSafe and its centralised…
UK will lose 5G lead if it scraps Huawei, warns Vodafone’s Petty (Mobile News) Comments come as PM faces mounting pressure
US attacks 'fealty' of HSBC as it urges UK to ditch Huawei (Yahoo) US Secretary of State Mike Pompeo issued a statement on what he dubbed China's 'attempted coercion of the United Kingdom'.
FCC Pushed To Cut Off Telecoms Despite China Pressure (Law360) The federal government's spectrum management branch lent support this week to the Federal Communications Commission's efforts to deny subsidies to Chinese equipment vendors that pose potential security risks, as Chinese carriers separately entreated the agency to continue their U.S. operations.
U.S. lawmakers propose $22.8 billion in aid to semiconductor industry (Reuters) A bipartisan group of U.S. lawmakers on Wednesday introduced a bill to provide more than $22.8 billion in aid for semiconductor manufacturers, aiming to spur the construction of chip factories in America amid a strategic technology rivalry with China.
Analysis | The Cybersecurity 202: Two new developments challenge Justice Department arguments on encryption (Washington Post) Facebook bought a hacking tool to uncover ‘the worst criminal to ever use the platform.'
Congress seeks answers on Juniper Networks breach amid encryption fight (Reuters) A group of U.S. lawmakers preparing to fight a legislative attack on encrypted communications is trying to establish what happened when encryption was subverted at a Silicon Valley maker of networking gear.
Senators ask Juniper for the results of its 2015 NSA backdoor investigation (ZDNet) Thirteen US senators ask Juniper to publish the findings of its 2015 investigation.
Lawmakers want answers on Juniper backdoors (FCW) Members of Congress are pressing Juniper's CEO for details of an internal probe into how modified code for a compromised NSA encryption algorithm wound up in the company's firewall products.
U.S. Officials Ask Juniper Networks About Investigation Into 2015 Backdoor (SecurityWeek) Over a dozen U.S. officials have sent a letter to Juniper Networks to ask about the results of the investigation it launched in 2015 following the discovery of a backdoor in its products
Cost of US Cyber Command Program Quintuples (Infosecurity Magazine) Government watchdog warns Unified Platform will cost five times more than originally estimated
California Privacy Enforcement Gives Companies Rules ‘Headache’ (Bloomberg) Companies are scrambling to prepare for California to start enforcing its sweeping privacy law next month, even though the state attorney general’s compliance rules haven’t been formalized.
Litigation, Investigation, and Law Enforcement
Zoom closed account of U.S.-based Chinese activist “to comply with local law” (Axios) The company's ties to China are under growing scrutiny
Zoom censors video talks on Hong Kong and Tiananmen, drawing criticism (Washington Post) The incidents are reviving concerns about the fast-growing Silicon Valley company’s susceptibility to Chinese government influence.
The rapid increase in pandemic-related cybersecurity claims (PropertyCasualty360) As of the end of March, the FBI has investigated more than 1,200 complaints of COVID-19-related cybercrimes.
Britain briefly suspends sending evidence to U.S. law enforcement, in move some see as a sign of fraying relationship (Washington Post) The countries in recent months have engaged in a tense back-and-forth in some politically charged cases.
Authorities probe radio, website disruptions during protests (Star Tribune) Authorities are investigating interference with police radio communications, websites and networks used by law enforcement and other officials during recent U.S. protests over the death of George Floyd in Minneapolis.
Drone Surveillance of Protests Comes Under Fire (Wall Street Journal) The government’s use of cutting-edge surveillance to monitor protests is coming under scrutiny by lawmakers and activists, including conservatives who see it as a threat to constitutional rights, amid a national rethinking of the role of police.
Drones deployed during marches were not to spy on protesters: Authorities (ABC News) The acting U.S. Customs and Border Protection commissioner told ABC News that CBP drones that were used to monitor protests weren't there to surveil protesters.
Outside Lawyer Recommends Sentencing Michael Flynn on Existing Charge, Criticizes DOJ Conduct (Wall Street Journal) A retired judge tapped to review the case against onetime national security adviser Michael Flynn found evidence of misconduct by the government and Mr. Flynn and urged that the retired general be sentenced for the crime he pleaded guilty to in 2017.
Primary Steele Dossier Source Remains Elusive Six Months After Scathing Watchdog Report (Daily Caller) The identity of the primary source for Christopher Steele remains elusive six months after the Justice Department inspector general's report.
WSJ News Exclusive | Amazon to Face Antitrust Charges From EU Over Treatment of Third-Party Sellers (Wall Street Journal) The EU plans to file formal antitrust charges against Amazon.com, according to people familiar with the matter, the latest step in a nearly two-year probe into the company’s alleged mistreatment of sellers that use its platform.
BST sued by Community Care customers over cyber attack (Times Union) Lawyers for patients of Community Care Physicians that were victimized by a cyber ransomware attack last December are suing the accounting firm that the medical practice hired to protect its customer data, some of which was published online.