Cyber Attacks, Threats, and Vulnerabilities
Earth Empusa threat group distributing Android 'ActionSpy' spyware to target minority group in Tibet and Turkey (Computing) ActionSpy supports numerous modules which enable hackers to collect confidential information from compromised devices, including device IMEI, user phone number and contacts
Atlanta police site goes down, hacker group claims responsibility (Atlanta Journal Constitution) The internet hacking group Anonymous claimed responsibility for an attack against Atlanta police Sun...
Anonymous Hackers Target U.S. Police Again: ‘No More Impunity’ (Forbes) Social media accounts affiliated with Anonymous have claimed responsibility for an attack on Atlanta PD's website, following the death of Rayshard Brooks.
Italian company exposed as a front for malware operations (ZDNet) Italian company CloudEyE is believed to have made more than $500,000 from selling its binary crypter to malware gangs.
NHS Digital says over hundred NHSmail mailboxes hit by phishing attack (Government Computing Network) NHS Digital said that more than a hundred NHSmail mailboxes were compromised through which malicious emails were sent to external recipients recently.
Black Kingdom ransomware hacks networks with Pulse VPN flaws (BleepingComputer) Operators of Black Kingdom ransomware are targeting enterprises with unpatched Pulse Secure VPN software or initial access on the network, security researchers have found.
Cyber-Attacks on Honda, Enel Group (Radiflow) Over the past few days we have witnessed an extraordinary increase in high-profile cyber attacks on multinational manufacturing corporations and critical infrastructure providers.
Honda Hackers May Have Used Tools Favored by Countries (New York Times) A recent cyberattack that disrupted the operations of the company may have been the first time criminals used sophisticated software previously known to be used by state agents.
Honda resumes production at plants hit by suspected cyber attack (The Standard) The suspected attack was the second on Honda’s global network
Privnotes.com Is Phishing Bitcoin from Users of Private Messaging Service Privnote.com (KrebsOnSecurity) For the past year, a site called Privnotes.com has been impersonating Privnote.com, a legitimate, free service that offers private, encrypted messages which self-destruct automatically after they are read. Until recently, I couldn't quite work out what Privnotes was up to, but today it became crystal clear: Any messages containing bitcoin addresses will be automatically altered…
Attackers impersonate secure messaging site to steal bitcoins (BleepingComputer) In what can be described as the case of both cybersquatting and phishing, threat actors have created a site that imitates the legitimate secure note sharing service privnote.com to steal bitcoins.
Hackers spotting exposed Elasticsearch servers faster than search engines (SC Magazine) Hackers have been finding unprotected Elasticsearch servers exposed on the internet quicker than search engines can index them, new research from Comparitech has found.
Hackers are quick to notice exposed Elasticsearch servers (BleepingComputer) Bad guys find unprotected Elasticsearch servers exposed on the web faster than search engines can index them. A study found that threat actors are mainly going for cryptocurrency mining and credential theft.
The flaw in Facebook Messenger App allows running persistent malware (2Spyware) Messenger version for Windows had a vulnerability that could allow attackers to hijack a call and inject malware. Researchers reveal a critical bug in the
Palo Alto Networks reveals D-Link home router vulnerabilities (CyberScoop) Taiwanese consumer technology manufacturer D-Link has issued security fixes for a series of bugs that, if exploited, could have enabled hackers to steal passwords and other sensitive data from home internet routers during the coronavirus pandemic.
Business grant phishing scam targets UK firms posing as the government (NS Tech) <p>A phishing scam targeting UK businesses posed as the government approving a business grant application and directed recipients to an imitation government portal where users were prompted to enter t
Botnet threat: 100,000 wireless cameras in UK vulnerable to hackers (SC Magazine) More than 100,000 wireless active cameras in UK businesses and homes may be vulnerable to hackers due to a combination of security flaws, an investigation has found.
Spies Can Eavesdrop by Watching a Light Bulb's Vibrations (Wired) The so-called lamphone technique allows for real-time listening in on a room that's hundreds of feet away.
City Pays Ransom Despite Pre-Ransomware Outbreak Hack Alert (GovInfo Security) The attack sounds ripped from an episode of TV show "24": Hackers have infiltrated a government network, and they're days away from unleashing ransomware.
Lion gives update about cyber attack (The Shout) The cyber attack was caused by ransomware and may cause temporary product shortages.
Ransomware: Cyber attack shuts Australia's biggest brewer just as pubs reopen (RTL) A ransomware attack has shut down the biggest brewer in Australia and New Zealand, cutting supplies to pubs and restaurants just as the countries emerge from coronavirus lockdown, the company said Friday.
Hacked: Aussie websites for sale on dark web (Australian Financial Review) ASX-listed companies, financial services firms and law firms are among hundreds of Australian websites for sale on the dark web.
Accessories store Claire’s hit by Magecart credit card fraudsters (ComputerWeekly) Attackers gained access to retailer’s website as long ago as March.
Security Patches, Mitigations, and Software Updates
Intel patches chip flaw that could leak your cryptographic secrets (Naked Security) Intel chip features that were intended to help you do cryptography better could have leaked your inner secrets.
Microsoft's latest Windows 10 updates come with nasty printer bugs (Engadget) The latest updates for Windows 10 give the platform’s security a boost, but they unfortunately come with nasty bugs that make printing impossible, as well. Microsoft has published a notice acknowledging that update KB4557957 may render certain printers unable to print.
Cyber Trends
Three years after WannaCry, what have we learned? (Help Net Security) Three years ago, the WannaCry ransomware worm wreaked havoc on hundreds of thousands of organizations worldwide, ranging from hospitals that had to pause
Shared Assessments’ and Ponemon’s Fourth Annual IoT Risk Study: A New Roadmap for Third Party IoT Risk Management (BusinessWire) The Shared Assessments Program, authorities in risk management, today released results of the Fourth Annual Ponemon Institute’s Third Party Internet o
One in three Britons targeted by scammers since the start of coronavirus crisis, Citizens Advice reveals (Computing) Legal charity has seen a 19 per cent spike in the number of visitors coming to its website in recent months looking for advice from experts
Financial fraud reports in the US jumped by 104% in 2020 Q1 (Atlas VPN) According to data extracted and analyzed by Atlas VPN, financial fraud complaints in the US jumped by over 104% in 2020 Q1 compared to 2019 Q1. Financial identity theft occurs when fraudsters gain access to the victims’ financial information and use it for their gain whilst pretending to be the victim.
New North American Consumer Research by PCI Pal Shows Significant Financial Consequences for Businesses That Suffer COVID-19 Related Data Breaches (BusinessWire) Since the onset of COVID-19, the FBI’s Internet Crime Complaint Center, the IC3, reported a significant uptick in cybercrime targeted at individuals,
Security drift – the silent killer (ITProPortal) Global spending on cybersecurity products and services are predicted to exceed $1 trillion during the period of five years.
Marketplace
Army releases $1B cyber training request (Fifth Domain) The Army released the request for proposals for the Cyber TRIDENT contract, which includes the Persistent Cyber Training Environment (PCTE).
CyTech Services confirms assistance in OPM breach response (Intelligence Community News) On June 15, Herndon, VA-based Novetta announced the acquisition of WaveStrike, based in Annapolis Junction, MD. Novetta's acquisition of WaveStrike deepens its
TitanHQ secures huge Livingbridge backing (Times) The Galway-headquartered cloud security company TitanHQ has secured a multimillion-euro investment from the British private equity firm Livingbridge.With offices in Ireland and Florida, TitanHQ
Wipro Ventures Invests In CloudKnox Security The Cybersecurity Firm (BW Disrupt) IT major Wipro on Thursday said its speculation arm has put resources into cybersecurity firm CloudKnox Security. , , Wipro Ventures, CloudKnox Security, Sheetal Mehta, Biplab Adhya, Venu Pemmaraju
First Trust Nasdaq Cybersecurity ETF: Momentum Secured (Seeking Alpha) CIBR is an ETF that is focused on the cybersecurity sector.
Zoom Promises To Do Better After Banning Tiananmen Square Protests—Then Builds Tech To Help China’s Censorship (Forbes) Zoom reinstates accounts of Tiananmen Square commemoration organizers, but is creating tech to ensure mainland Chinese users can be censored.
Trump's sanctions won't put Huawei out of business (Nikkei Asian Review) Even chip unit HiSilicon can survive drive to stifle China's 5G champion
WatchGuard getting partners up to speed on Panda (MicroscopeUK) The security player has launched an early access programme so its channel base can quickly get their hands on the fruits of its latest acquisition
Why it's Inevitable That BlackBerry Will Get Acquired (The Motley Fool Canada) The cheaper that BlackBerry Ltd (TSX:BB)(NYSE:BB) shares get, the more attractive of an acquisition the stock becomes.
Illusive Networks Hires Nicole Bucala as VP of Business Development #105503 (New Kerala) Business World: Illusive Networks Hires Nicole Bucala as VP of Business Development - Illusive Networks, the leader in deception-based cyber defense solutions, today announced the hiring of Nicole Bucala as vice president of business development....
Products, Services, and Solutions
Intel will soon bake anti-malware defenses directly into its CPUs (Ars Technica) Control-Flow Enforcement Technology will debut in Tiger Lake microarchitecture.
Intel CET Answers Call to Protect Against Common Malware Threats (Intel Newsroom) The security of our customers’ data is a top priority at Intel. As part of Intel’s Security First Pledge, our engineers continue to
Gigamon Delivers Comprehensive Visibility for Nutanix Powered Private Cloud Architectures (Citizen Tribune) Gigamon, the company providing network visibility and analytics on all information-in-motion, today announced the general availability of its GigaVUE Cloud Suite for Nutanix.
Microsoft Knocks Zoom Out Of The Park With New Features You Need Now (Forbes) Microsoft has just launched a bunch of new Teams features as it aims to knock Zoom out of the park.
Radware extends cloud protection, adds multi-cloud support (Security Brief) It has also improved its attack detection engine to detect cloud native attack vectors and added a new attack simulation tool.
Firm Unveils Solution for Security Analysts, IT Administrators (THISDAYLIVE) Sophos, a cyber-security firm has unveiled an updated version of its Endpoint Detection and Response (EDR) solution designed for both security analysts and Information Technology (IT) administrators. The firm stated that significant advancements and new capabilities make it faster and easier than ever before for security analysts to identify and neutralise evasive …
WISeKey renews its IoT patent for digital authentication (Paypers) WISeKey International Holding has renewed its strategic IoT patent for the digital authentication method of valuable goods in the US, Switzerland, Australia, Brazil, Canada, Singapore, and India.
Centrify Announces its External Credential Storage Plugin to ServiceNow MID Server for More Secure IT Operations Management (ITOM) | Centrify (Centrify) Centrify, a leading provider of Identity-Centric Privileged Access Management (PAM) solutions, today announced integration of its Privileged Access Service with ServiceNow’s Management, Instrumentation, and Discovery (MID) Server.
HackerOne Brings Hacker-Powered Pentesting to European Organizations (BusinessWire) HackerOne, the number one hacker-powered security platform, today announced the expansion of its penetration testing solution in Europe. This latest p
KIPIC Chooses Honeywell Forge Cybersecurity Software and Assurance 360 Services to Protect and Optimize Operations at Kuwait's Al Zour Complex (PR Newswire) /PRNewswire/ -- Honeywell (NYSE: HON) and Kuwait Integrated Petroleum Industries Company (KIPIC) have extended their strategic collaboration, signing a...
SparkCognition and Siemens announce new AI cyber defence system (World Pipelines) SparkCognition and Siemens to deliver new AI-driven cyber defence system for endpoint energy assets.
Technologies, Techniques, and Standards
What is NERC CIP? (CyberX) Learn what "NERC" is and how the "CIP" standards NERC has developed can help you avoid fines and create a safer and more reliable bulk electric system -- Both in North America and beyond.
The reverse cascade: Enforcing security on the global IoT supply chain - Atlantic Council (Atlantic Council) The Internet of Things (IoT) refers to the increasing convergence of the physical and digital worlds and it affects us all. Hundreds of “things” are being connected to the Internet and each other, with more than fifty billion devices expected to be connected by 2030.
AI-enhanced security: how much is hype? (Computing) IT leaders are cautiously welcoming towards AI-enhanced security tools but seek more clarity, research
Why Securing Endpoints Is The Future Of Cybersecurity (Forbes) Verizon’s DBIR reflects the stark reality that organized crime-funded cybercriminals are relentless in searching out unprotected endpoints and exploiting them for financial gain, which is why autonomous endpoints are a must-have today.
A CMMC Approach to Address Firmware Vulnerabilities and Ensure Device Integrity (Federal News Network) Now, a new whitepaper from Eclypsium helps organizations progress from basic cyber hygiene to protecting from advanced persistent threats.
Design and Innovation
Google experiments with shorter URLs to combat phishing (IT PRO) Tech giant is pushing ahead with plans to clip URL in Chrome to help users spot malicious websites
Facebook contest reveals deepfake detection is still an "unsolved problem" (The Verge) Facebook says deepfakes are not currently a big issue, but it wants to be prepared.
()
What We Learned About Editors vs. Algorithms from 4,000 Stories in Apple News (Medium) Over one hundred million people use Apple News every month. Our study showed key differences in the stories that editors and algorithms…
()
Coronavirus contact tracing apps were tech’s chance to step up. They haven’t. (NBC News) Most states are giving the cold shoulder to smartphone apps, though some developers think there's still a chance for them to catch on.
Research and Development
UCI to lead $10 million NSF-funded center on protecting personal data privacy (UCI News) Researchers will address technical, social and policy challenges of networked world
Academia
Kent academics battle cyberattacks with help of Government grant (InYourArea) Winning research teams will share the £10 million investment
Legislation, Policy, and Regulation
Does the world need a multilateral cyber hotline? (ZDNet) The pace of a cyber attack could match nuclear war, but attribution is hard. Direct communications links like the Cold War's US-Soviet hotline could help de-escalate international cyber tensions.
Beijing reserves right to handle ‘rare’ Hong Kong national security law cases (South China Morning Post) But direct control expected to be utilised in ‘very, very few’ instances, according to Hong Kong and Macau Affairs Office deputy director Deng Zhonghua.
UK plans anti-Huawei 5G alliance (Scoop) According to The Times , the UK plans to form an alliance of democratic nations to create a 5G alternative to Huawei.
Huawei says no law can force it to hack your network - see some similar U.S. laws (Gizchina) Huawei says no law can force it to hack your network - some similar U.S. laws. The U.S. has some laws that are just the same as the Chinese Intelligence Law
Analysis | The Cybersecurity 202: Reports of mail-in ballot problems, partisan rancor in Georgia primary spell trouble for November (Washington Post) Activists and county officials discovered uncounted votes but a state official says there's no evidence yet.
()
Coronavirus Privacy Bills Hit Roadblocks in Congress (Wall Street Journal) As authorities and companies explore surveillance tools to fight the coronavirus and reopen the U.S. economy, many federal lawmakers agree that privacy protections are key. But proposals for safeguards unveiled in recent weeks have crashed into two familiar roadblocks in the U.S. Senate.
Senate Democrat introduces legislation to protect US against crippling cyberattack (TheHill) Sen. Gary Peters (D-Mich.) on Friday introduced two bills designed to protect and defend the United States in the event of a nationwide cyberattack that impacts critical systems and cripples the economy.
FCC Republican Questions Trump's Social Media Order (Media Post) FCC Commissioner Michael O'Rielly expressed reservations about President Trump's recent executive order regarding social media companies.
()
Australian Cyber Collaboration Centre set to open with focus on security testing, training (The Daily Swig) Government minister says facility will serve as ‘translator’ between business, government, and security sectors
Litigation, Investigation, and Law Enforcement
Microsoft warns EU anti-terror law is 'unworkable' (The Telegraph) The EU wants member states to be able to fine tech firms if they fail to remove terrorist material from their websites
Military spy agencies did not monitor protesters, Pentagon official says (Washington Post) The assurance by the undersecretary for intelligence and security came in response to questions from Rep. Adam Schiff (D-Calif.).
Canada spy agency warned of 'shock waves' from arrest of Huawei founder's daughter (Reuters) Canada's intelligence agency warned that arresting the daughter of billionaire Huawei founder Ren Zheng would set off global "shock waves" and seriously affect ties with China, just before her detention in Vancouver on a U.S. extradition request, new court documents show.
Marine veteran Paul Whelan sentenced to 16 years in Russia on spying charges (Marine Corps Times) Marine veteran Paul Whelan has insisted on his innocence, saying he was set up.
U.S. Citizen Whelan Sentenced To 16 Years For Spying By Russian Court (RadioFreeEurope/RadioLiberty) A Russian court has found former U.S. Marine Paul Whelan guilty on an espionage charge, a verdict that the top U.S. diplomat in Russia called a "mockery of justice."
Russian Court Sentences Paul Whelan, an American, to 16 Years on Spy Charges (New York Times) The former Marine, who also holds British, Irish and Canadian citizenships, was arrested in December 2018 at a luxury hotel in Moscow, where he was attending a wedding.
Fraudster gets maximum jail time for news site DDoS extortion (BleepingComputer) Iranian-born U.S. citizen Andrew Rakhshan, previously convicted in Canada for fraud, was sentenced to the maximum sentence of five years and ordered to pay over $500,000 after being found guilty of launching several distributed denial of service (DDoS) attacks against news websites.
Justice Gets 15 Guilty Pleas for International Crime Ring that Laundered Money Through Cryptocurrency Exchanges (Nextgov) The case demonstrates law enforcement could be up to the challenge of tackling the anonymity tool, one expert says.
Engineers Found Guilty of Stealing Micron Secrets for China (Wall Street Reporter) A Taiwanese court ruled Friday that current and former engineers from United Microelectronics Corp. stole trade secrets from U.S. chipmaker Micron Technology Inc. and shared them with a government-backed mainland Chinese company, closing one chapter of a global dispute that’s stoked U.S.-Chinese tensions.
As Final Calif. Privacy Regs Drop, Enforcement Fights Loom (Law360) The California attorney general declined to clarify several key ambiguities in his final rules for implementing the state's landmark privacy law, leaving businesses bracing for enforcement battles and putting the spotlight on a likely ballot initiative that is poised to further complicate matters.
Capital One Objects to Magistrate Judge’s Ruling Its Forensic Report Discoverable: Here are the Practical Takeaways (The National Law Review) As has been widely reported, a magistrate judge in the Eastern District of Virginia recently ordered Capital One to produce a forensic report prepared by the cybersecurity firm Mandiant, holding that
()
How correcting a typo got Maria into trouble: The cyberlibel case vs Rappler (ABS-CBN News) Here is everything you need to know about the cyberlibel case versus Rappler, Maria Ressa and Reynaldo Santos, Jr.