Cyber Attacks, Threats, and Vulnerabilities
US girds for cyber threats from Iran as military clash fears ebb (Space Daily) Iran is widely expected to ramp up cyberattacks against the United States in response to the US killing of a top Iranian leader this month even as fears have receded about a military confrontation between the two countries.
Theresa Payton: Iranian Cyber Attacks Still Concerning (News 1110am 99.3fm WBT - Charlotte) Theresa Payton, Cyber Security Expert, Fortalice Solutions talks with Bo. Heightened tensions in the aftermath of the Suleimani killing have U.S. cyber experts worried about Iran-backed cyber attacks in the months to come. Cyber security and voting with a caucus.
Iranian Cyber Capabilities and Threats_Report (Cyberint) This report provides an overview of ten suspected Iranian nation-state sponsored threat groups, referenced by their MITRE ATT&CK™ identifiers, along with their common TTP.
Expect the unexpected from Iran (TheHill) Iranian strategy could quickly change from “poking the bear” to "overwhelming the opponent” — possibly with Russia's assistance.
Beware of hackers trying to appear like they're from Iran (Fortune) Cybersecurity experts warn that nation states like Russia could use the cover of Iranian cyberattacks as false flags for their own hacking.
CYBERSECURITY UPDATE: Big news if it's true (E&E News) A U.S. cybersecurity firm issued a report this week claiming that a Russian military intelligence agency hacked Burisma Holdings Ltd., a Ukrainian natural gas company that has featured heavily in President Trump's impeachment.
FBI: Nation-state actors have breached two US municipalities (ZDNet) The SharePoint CVE-2019-0604 vulnerability has been one of the most targeted security flaws.
NSA and Github ‘rickrolled’ using Windows CryptoAPI bug (Naked Security) We said, “Assume that someone will find out how to do it pretty soon,” and that’s exactly what happened.
Alert Regarding Vulnerability (CVE-2019-19781) in Citrix Products (JPCERT/CC) JPCERT/CC confirmed that information including Proof-of-Concept code about a vulnerability (CVE-2019-19781) in Citrix Application Delivery Controller and Citrix Gateway has been made public. A remote attacker leveraging this vulnerability may execute arbitrary code.
Expert: Georgia election server showed signs of tampering (Washington Post) A computer security expert says he found that a forensic image of the election server central to a legal battle over the integrity of Georgia elections showed signs that the original server was hacked.
Emotet Returns After Holiday Break with Major Campaigns (Proofpoint US) Threat actor group TA542, the group that’s behind Emotet, is back from their Christmas holiday. Based on past activity and what we’re seeing in just three days, one of the world’s most disruptive threats is back to work and everyone around the world should take note and implement steps to protect themselves.
TrickBot Now Uses a Windows 10 UAC Bypass to Evade Detection (BleepingComputer) The TrickBot Trojan has received an update that adds a UAC bypass targeting the Windows 10 operating system so that it infects users without displaying any visible prompts.
Beware of this sneaky phishing technique now being used in more attacks (ZDNet) Security company researchers warn of a large increase in conversation-hijacking attacks. Here's what they are and how to spot them.
Conversation-hijack threat gets personal: security professionals speak out (SC Magazine) Unlike your typical business email compromise (BEC) attack, hackers get an insider view into organisation and business deals, with the potential to lead to similar impacts to BEC, but via a different route
Attacking the Gatekeepers (Dark Cubed) The first comprehensive analysis of attacks against the Managed Service Providers on the front lines of today’s cyber battlefield
CVE-2020-0601, Are You Vulnerable? (IT Security Guru) What is it? A man-in-the-middle/spoofing vulnerability exists in Windows 10, Windows Server 2016/2019 – when an authenticated attacker is on the target sys
The Crime-Fighting App That Caused a Phone-Hacking Scandal in Italy (BloombergQuint) The Crime-Fighting App That Caused a Phone-Hacking Scandal in Italy
Security app causes phone-hacking scandal in Italy (AlKhaleej Today) Security app causes phone-hacking scandal in Italy
Bitdefender, Sophos uncover more dangerous apps in Google Play | SC Media (SC Media) Two new batches of malicious apps have been found on the Google Play store with one group possibly having been downloaded hundreds of millions of times and the other having the ability to dodge Google vetting system.
Apps are sharing more of your data with ad industry than you may think (Naked Security) Apps like Grindr, Tinder and Happn are (over-)sharing data about sexuality, religion, and location with a shadowy network of data brokers. And it’s not just dating apps that are doing it̷…
Cyber Attack On Major Bank Could Spread Quickly, New Fed Research Shows (Forbes) A well-timed cyber attack on a single large bank could spread rapidly through the U.S. financial system by dramatically impairing the flow of credit between financial firms, according to new research from the Federal Reserve Bank of New York.
Major Companies Shared Vulnerability Used in Travelex Cyberattack (Wall Street Journal) A vulnerability at Travelex that was exploited by hackers to disrupt the money-exchange company existed at dozens of major companies and institutions, potentially leaving them open to similar breaches, according to a cybersecurity firm.
Ransomware attack on Travelex has alarming implications (Texarkana Gazette) As ransomware attacks go, the cyber intrusion at Travelex that emerged on New Year's Eve could have lasting consequences - and ones that shouldn't be just a worry to the currency dealer.
70,000 Tinder Photos Of Women Just Got Dumped On A Cyber-Crime Forum (Gizmodo Australia) More than 70,000 photos of Tinder users are being shared by members of an internet cyber-crime forum, Gizmodo has learned, raising concerns about the potential for abusive use of the photos. Ominously, only women appear to have been targeted....
Online Pharmacy PlanetDrugsDirect Discloses Security Breach (BleepingComputer) Canadian online pharmacy PlanetDrugsDirect is emailing customers, notifying them of a data security incident that might have impacted some of their sensitive personal and financial information.
One in seven public sector computers still running Windows 7 (CRN) Despite extended support ending today, many public sector organisations have swathes of machines running Windows 7 as they struggle with budget constraints and migrating legacy applications, CRN FoI requests reveal
A quarter of users will fall for basic phishing attacks (ComputerWeekly.com) Phishing emails that appear to be security alerts are the most effective method of compromise, says KnowBe4.
These subject lines are the most clicked for phishing (TechRepublic) The most successful email lures don't promise riches, but issue imminent cybersecurity warnings or urgent office messages, a report reveals.
Schneider Electric Modicon Controllers (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Schneider Electric
Equipment: Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium
Vulnerability: Improper Check for Unusual or Exceptional Conditions
2. RISK EVALUATION
Successful exploitation of this vulnerability could result in a denial-of-service condition.
Bill for New Orleans Cyber-Attack $7m and Rising (Infosecurity Magazine) Cyber-attack on New Orleans will cost the city over $7m to fix
Security Patches, Mitigations, and Software Updates
Dutch Govt Suggests Turning Off Citrix ADC Devices, Mitigations May Fail (BleepingComputer) Mitigation recommendations for CVE-2019-19781, a currently unpatched critical flaw affecting Citrix Application Delivery Controller (ADC) and Citrix Gateway, do not have the expected effect on all product versions.
Update now! Popular WordPress plugins have password bypass flaws (Naked Security) Researchers have discovered bad authentication bypass vulnerabilities affecting two WordPress plugins which should be patched as soon as possible.
Cyber Trends
With International Tensions Flaring, Cyber-Risk Is Heating Up for All Businesses (Dark Reading) Risks of nation-state attacks go beyond Iran, and the need for awareness and security don't stop at any national border.
Alarming Trend: More Ransomware Gangs Exfiltrating Data (GovInfo Security) As if ransomware wasn't already bad enough, more gangs are now exfiltrating data from victims before leaving systems crypto-locked. Seeking greater leverage against
Why #NeverWarren should make you nervous about 2020 (Vox) How Twitter made the Elizabeth Warren-Bernie Sanders dustup worse.
Bad Algorithms Didn't Break Democracy (Wired) And better ones won't save it. To get past misinformation and tribal rancor online, we need to face why people really want misinformation and rancor.
Cyberawareness in Australia: The good and the bad | WeLiveSecurity (WeLiveSecurity) An ESET-commissioned survey sheds light on Australians' browsing habits, revealing what measures they take, and don't take, to protect themselves online.
Marketplace
Momenta Ventures invests in Akua – End-to-End, Secure, IoT supply chain logistics (PRWeb) Momenta Ventures is pleased to announce its recent investment in Akua. Akua provides supply chain logistics services through its Software-as-a-Se
Skyview Capital, LLC Acquires Fidelis Cybersecurity (WFMZ) Global private investment firm Skyview Capital, LLC (www.skyviewcapital.com) has added to its software technology portfolio with the acquisition of Bethesda, MD-based Fidelis Cybersecurity
Acronis buys 5nine | PE Hub (PE Hub) Acronis has acquired 5nine, a provider of virtualization security and management software for the Microsoft Cloud.
LogicMonitor acquires Unomaly (App Developer Magazine) LogicMonitor acquires Unomaly to enhance observability, and drive intelligent action. Unomaly's artificial intelligence (AI) capabilities provide insights to ITOps and De.
Who won Interior’s $1.6B secure network contract? (Federal Times) The contractor will provide modernization and management services for Interior's enterprise infrastructure.
Alphabet Becomes Fourth U.S. Company to Reach $1 Trillion Market Value (Wall Street Journal) Google’s parent company joins Apple, Amazon and Microsoft as the only companies to hit a $1 trillion valuation, highlighting the technology sector’s steady market leadership.
ZTE plans to raise 11.5 billion yuan from share sale to fund 5G R&D (South China Morning Post) The Shenzhen-based company is set to issue more than 381 million A shares to independent third-party investors whose identities have not been disclosed.
WSJ News Exclusive | Facebook Backs Off Controversial Plan to Sell Ads in WhatsApp (Wall Street Journal) The social-media giant disbanded a team that was working to integrate ads in its messaging service, marking a retreat from a controversial plan that had driven the platform’s creators to resign.
Brief Recap of Open Bug Bounty’s Record Growth in 2019 (Open Bug Bounty) With almost half-a-million vulnerability reports today, we are happy to present you a brief recap of our relentless and steady growth in 2019 attained with your valuable support and contribution that we greatly appreciate:
Rapid7 expands Boston headquarters to make room for 400 workers (Boston Business Journal) Rapid7 Inc. plans to expand its headquarters by 67,000 square feet at The Hub on Causeway by late 2021.
Experienced Cybersecurity Leader Christine Vanderpool Appointed to Wolf Hill Group Advisory Board (Wolf Hill Group) Wolf Hill Group announced today that Christine Vanderpool, Chief Information Security Officer (CISO) at Florida Crystals, has been appointed to its Advisory Board.
Cybersecurity firm McAfee names new CEO (ZDNet) Chris Young is stepping down as CEO of the cybersecurity company.
McAfee CEO steps down, to be replaced by former CEO of BMC Software (Silicon Valley Business Journal) Christopher Young is stepping down from his role as CEO of McAfee, LLC after two and a half years. Replacing him is former BMC Software CEO Peter Leav.
Dave DeWalt Joins Cybereason as Vice Chairman of its Advisory Board (PRWeb) Cybereason, creators of the leading Cyber Defense Platform, today announced that Dave DeWalt has joined the company as Vice Chairman of its Advisory Board. In his
Exclaimer hires former Clearswift CEO (Insider Media Ltd) Exclaimer, which provides email signature management services, has appointed a new chief executive.
Products, Services, and Solutions
Smarsh Announces Connected Capture Enhancements for Office 365 at London Microsoft Ignite Event (Yahoo) Smarsh®, helping customers get ahead – and stay ahead – of the risk within their electronic communications, today announced a series of enhancements to Connected Capture for Microsoft Office 365 at Microsoft Ignite The Tour.
Darktrace steps up cyber battle against digital fakes (Business Weekly) Cyber AI specialist Darktrace has expanded its armoury to help clients thwart digital fakes. It has grown its platform to cover additional email systems including G Suite and Microsoft Exchange. The company’s Antigena Email, launched last year for Office 365, has proven a powerful defence against a wide variety of digital fakes as well as account hijacking, email spoofing,
BeyondTrust Chief Technology Officer Releases Final Book in Attack Vectors Series (Yahoo) BeyondTrust, the worldwide leader in Privileged Access Management (PAM), today announced the availability of the final book in the attack vectors series, Identity Attack Vectors: Implementing an Effective Identity and Access Management Solution. The book, co-authored by BeyondTrust’s Chief Technology
Technologies, Techniques, and Standards
SIM Swap Attacks are making SMS Two-Factor Authentication Obsolete (PhishLabs) SMS-based two-factor authentification is accessible and improves security, but unfortunately, social engineering can allow threat actors to skip through through it with SIM swapping.
Top 5 Mistakes in Cybersecurity Vendor Management (Panorays) Cybersecurity vendor management is a top priority for enterprises and getting it right is critical. Here are the five most common mistakes to be avoided.
Paradise Ransomware decryption tool (Bitdefender Labs) We're happy to announce a new decryptor for Paradise Ransomware. Paradise Ransomware, initially spotted in 2017, has been aggressively marketed as a service to interested affiliates. After infection, it checks whether the keyboard language is set to... #BitdefenderRansomwareRecognition #decryptor
I’m still on Windows 7 – what should I do? (the Guardian) Support for Windows 7 has ended, leaving Marcy wondering how they can protect themselves
Design and Innovation
Airbus researcher explores ‘Stuxnet-type attack’ for security training (CyberScoop) Stuxnet, the potent malware reportedly deployed by the U.S. and Israel to disrupt an Iranian nuclear facility a decade ago, helped change the way that many energy-infrastructure operators think about cybersecurity.
AB InBev Taps Machine Learning to Root Out Corruption (Wall Street Journal) The company that stands out for taking a data-driven approach to preventing bribery and corruption isn’t part of the tech sector. In fact, its product predates the wheel.
How To Keep Your AI Rational With Abductive Machine Learning? (ValueWalk) Abductive machine learning holds the truth and allows scientists to accurate the results by concentrating on the realistic approach
Legislation, Policy, and Regulation
Meet Russia's New Prime Minister, An 'Enforcer Who Knows Where The Bodies Are Buried' (RadioFreeEurope/RadioLiberty) Mikhail Mishustin implemented significant reforms at Russia's Federal Tax Service during his nearly decade-long tenure at the helm, earning him accolades not only from government officials but also from the business community. Now he has been tasked with running the government as the new prime minister, implementing Putin's National Projects while keeping the elite in line.
Estonia's Elering joins ENCS to bolster EU cybersecurity (Smart Energy International) Elering has become the latest member of European Network for Cyber Security to strengthen the energy sector’s cyber defences.
Iran can take fight beyond its borders, Khamenei says after U.S. strike, unrest (Reuters) The Revolutionary Guards can take their fight beyond Iran's borders, the su...
Why Congress is not serious about the war powers in the Constitution (TheHill) American leaders must exercise their granted authority on this matter.
We differ in our politics. We agree on Congress’s power to declare war. (Washington Post) We are members of Congress whose political ideologies and priorities run the gamut, but we are united in our determination to safeguard the constitutional duty of Congress to declare war and to ensure that the American people have their voices heard. This duty is essential to providing the men and women of our armed forces the support and clarity of mission they deserve.
EU: UK can call Trump's bluff' over Huawei security (the Guardian) Phil Hogan convinced US president will not withdraw intelligence cooperation with UK and EU
In Huawei Battle, China Threatens Germany ‘Where It Hurts’: Automakers (New York Times) VW, Daimler and BMW sell more cars in China than anywhere else and many already cooperate with Huawei — a dependency Beijing is not shy to exploit.
U.S. FCC Extends Comment Deadline on Designation of Huawei, ZTE as Security Threats (In Compliance Magazine) Typically, public comment periods on Reports and Orders are limited to 30 days following their publication in the Federal Register. However, a summary of the Commission’s Report and Order naming Hu…
Inside the Feds’ Battle Against Huawei (Wired) How Washington went to war against the Chinese smartphone giant, and how the runaway conflict could spell the end of a single, global internet.
Barr’s Encryption Push Is Decades in the Making, but Troubles Some at FBI (Wall Street Journal) Attorney General William Barr, a former telecom lawyer, has intensified a long-running fight between law enforcement and technology companies over encrypted communications, potentially setting up a showdown with Silicon Valley.
FBI announces new policy to give election officials 'timely' notification of cyber breaches (TheHill) The FBI on Thursday announced a new policy intended to “clarify and guide timely” notification of state and local election officials of any cyber intrusions, marking a major shift three years after Russian intrusions during the 2016 elections.&nbs
The Cybersecurity 202: FBI pledges more transparency on election hacking but may not go far enough (Washington Post) The FBI has pledged to revamp its policies for sharing information about election breaches, bowing to criticism that it was far too secretive about Russian hacking efforts in 2016.
Cyber Caucus Co-Chair Applauds NSA Disclosure of Microsoft Vulnerability (MeriTalk) Rep. Jim Langevin, D-R.I., co-chair of the Congressional Cybersecurity Caucus, applauded the Federal government’s handling earlier this week of public disclosure by the intelligence community of serious vulnerabilities it found in Microsoft’s Windows 10 and Service 2016 products, for which the company released patches.
Would da Vinci Support the Pentagon’s New Cyber Strategy? (Small Wars Journal) Drawing inspiration from da Vinci’s observations on force, power, and movement – elements in which “all the works of mortals have their beginning and their end” – this article suggests four cyberspace operations principles.
The Army’s cyber school now teaches information operations (Fifth Domain) The Army's Cyber School is working to develop curricula to incorporate information operations.
Worried That Election Results Could Be Hacked? Secretary of State Wyman Has a Plan (The Chronicle) Washington's chief elections official on Wednesday urged the Legislature to approve a bill that she said would make the election system more secure.
Bill would make possession of ransomware a crime (Maryland Daily Record) State lawmakers heard arguments Tuesday on a bill that seeks to add criminal penalties for knowingly possessing ransomware with the intent to use it in a malicious way.
News flash from Florida legislators: Telegraph era is over (KOMO) Florida lawmakers are transmitting a news bulletin: The telegraph era is over. Before there was instant messaging, emails and even corded telephones, there was the reliable telegraph to instantaneously transmit messages far and wide. Now, people turn to the internet, text messaging, Twitter, gifs and emojis to write their long-distance notes.
The Cybersecurity 202: Buttigieg's cybersecurity adviser resigns right before Iowa caucuses (Washington Post) Mick Baccio, who served as former South Bend, Ind., mayor Pete Buttigieg's cybersecurity chief, has left the campaign citing “fundamental philosophical differences.” His departure comes just weeks before the Iowa caucuses, the kickoff to the 2020 primary season.
Litigation, Investigation, and Law Enforcement
Concerns About Cloud Security Prompt More Scrutiny from Financial Regulators (Wall Street Journal) Regardless of any arrangements under models that divide responsibility between cloud users and providers, regulators from federal agencies and industry bodies said at a Financial Industry Regulatory Authority conference Tuesday that they consider the companies themselves liable for any breaches.
Ukraine police investigating possible surveillance of Yovanovitch, Russian hacking (ABC11 Raleigh-Durham) Ukraine is opening a criminal investigation into possible illegal surveillance of former U.S. Ambassador Marie Yovanovitch after the release of Lev Parnas' text messages.
Ukraine asks FBI to help probe suspected Russian hack of Burisma (Reuters) Ukraine has asked the FBI in the United States for help to investigate a suspect...
Trump might raise Burisma hacking with Putin: White House (Reuters) U.S. President Donald Trump may discuss the reported hacking of Ukrainian energy...
Parnas' Attorney Wants His Client to Tell Congress All About Ukraine Scheme, in Possible Bid for Reduced Sentence if Convicted (New York Law Journal) Prosecutors in the Southern District of New York, he said, had rebuffed Parnas' earlier requests to provide information related to charges that he had funneled foreign money into U.S. elections, and Parnas was now prepared to take his story public, in the hope that it could help his criminal case.
White House violated law in freezing Ukraine aid says government watchdog (Military Times) The Government Accountability Office said in a report that the Office of Management and Budget violated the law in holding up the aid, which Congress passed less than a year ago.
Prosecutors investigating intelligence analysts is a dangerous idea (Washington Post) John Durham, the federal prosecutor chosen by Attorney General William P. Barr to examine the origins of the Russia investigation, is reportedly reviewing the intelligence community’s conclusions about Russian interference in our election. Although Durham has not confirmed the precise scope of his investigation, if these reports are correct, it is a worrisome development.
NSO Group hearing to play vital role in corporate spyware’s future | Verdict (Verdict) Today a court hearing over the export license of NSO Group will begin what could be a defining point in the development of corporate spyware.
WeLeakInfo.com Seized For Selling Info from Data Breaches, 2 Arrested (BleepingComputer) As a clear indication of how law enforcement views the commercial disclosure of stolen information, the FBI has seized the WeLeakInfo.com domain and arrested two individuals for selling subscriptions to data exposed in breaches.
WeLeakInfo website trading in 12 billion compromised credentials taken down and two men arrested (Computing) Arrests in the Netherlands and Northern Ireland accompany cross-border operation against hacker website trading in compromised credentials,Security ,WeLeakInfo,Security,National Crime Agency ,compromised credentials
German Researchers Accessed Service Members’ Sensitive Medical Data—and One Lawmaker Wants Answers (Nextgov.com) Sen. Mark Warner wants to know what the Defense Health Agency is doing to secure “a significant number” of medical images.
Scottish Police Roll Out Encryption-Busting Cyber Kiosks (Computer Business Review) Technology that allows police to break smartphone encryption and pull user data from them for analysis will be rolled out from Jan 20. The cyber kiosks...
What Do WAWA and Amazon's Ring Have in Common? Lawsuits Involving Consumer Privacy and Protection (ClearanceJobs) Within the span of seven days this month, in two different regions of the country some 2,700 miles apart, class action lawsuits were filed against WAWA, the East Coast convenience store king, and Ring, the maker of the smart doorbell marketed through Amazon. Both of these suits allege negligence against the defendants for failing to maintain and implement security measures to protect the consumer.