Cyber Attacks, Threats, and Vulnerabilities
An Egyptian cyber attack on Ethiopia by hackers is the latest strike over the Grand Dam (Quartz Africa) The animosity has seen Ethiopia enter the crosshairs of Egyptian hackers numerous times in recent years.
Pegasus Spyware Targets Moroccan Journalist (Voice of America) Omar Radi wasn’t surprised to find he was the target of apparent surveillance by Moroccan authorities. The freelance investigative journalist has been threatened and arrested for his coverage of the government, and was most recently summoned by police on June 24. “The situation of journalists in Morocco is very tough,” Radi told VOA earlier this week.
Morocco Rejects Amnesty’s Allegations on Spying on Journalist (New York Times) Moroccan authorities on Friday rejected an Amnesty report saying they have spied on journalist Omar Radi using Israeli-made technology.
Chinese malware used in attacks against Australian orgs (BleepingComputer) The Australian government released an advisory late last week about increased cyber activity from a state actor against networks belonging to its agencies and companies in the country.
TikTok: Beneath Its Fun Exterior Lies A Sinister Purpose (Forbes) TikTok is a very irresponsible company, dangerous by design. It’s the application of Chinese philosophy on the internet — we want to see everything, know everything, analyze everything without limits — to a West where, apparently, we’re trying to put some kind of limits on it.
Domestic disinformation, foreign focus on George Floyd's death create a tinderbox for unrest (Star Tribune) Fake domestic reports and increased scrutiny by foreign sources add to a tinderbox of instability during an election year that intelligence officials had already warned would be rife with attempts both inside and out to sow division.
Russian hackers Evil Corp target US workers at home (BBC News) Hackers are using a new computer virus to hold company files to ransom for millions of dollars.
Evil Corp blocked from deploying ransomware on 30 major US firms (BleepingComputer) The Evil Corp gang was blocked from deploying WastedLocker ransomware payloads in dozens of attacks against major US corporations, at least of them being Fortune 500 companies.
Warning: Russian hackers may be trying to target you with ransomware. Here's how (Fortune) Security firm Symantec has notified businesses that Russian hacking group Evil Corp has targeted remote employees with so-called ransomware attacks.
DarkCrewFriends Returns with Botnet Strategy (Threatpost) The botnet can be used to mount different kinds of attacks, including code-execution and DDoS.
Barracuda Networks observes new cryptominer malware 'Golang' targeting Windows & Linux machines (CXOToday.com) The malware targeting both Windows and Linux machines attacks web application frameworks, application servers, and non-HTTP services such as Redis and MSSQL
Report: Educational Platform Exposes Private Data of Over 1 Million Students across North America (vpnMentor) Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a data breach belonging to the e-Learning platform OneClass. OneClass is a remote
Hackers breach E27, want "donation" to reveal vulnerabilities (BleepingComputer) Asian media firm E27 has been hacked, and attackers ask for a small "donation" to provide information on the vulnerabilities used in the attack.
N-Power portal not hacked, no data breach ― FG (Vanguard News) The federal government on Sunday has debunked reports that the N-Power portal had been hacked. Rather, not only secured but not compromised.
J&K Power Dept Comes Under Cyber Attack, 4 Servers Hit (Kashmir Observer) A cyberattack was launched on the servers of the Jammu and Kashmir Power Development Department (JKPDD) but the threat has been contained, an official said on Friday
Cyber attack cripples PDD web platforms (Greater Kashmir) Cyber attack cripples PDD web platforms Greater Kashmir | The cyber attack on Power department has crippled its online platforms rendering online billing app ‘PDD bill Sahuliyat’ and other online services
Hacker Drains Over $450,000 from Balancer Pools (Finance Magnates) The protocol developers were unaware of the possibility of such type of attacks.
California University Paid $1.14 Million After Ransomware Attack (Bloomberg) The University of California, San Francisco paid criminal hackers $1.14 million this month to resolve a ransomware attack.
University of California: We Paid a £1 Million Ransom (Computer Business Review) The University of California says it made the "difficult decision" to pay a ransom of $1.14 million after a "Netwalker" ransomware attack this month.
How hackers extorted $1.14m from a US university (BBC News) BBC News witnesses a negotiation between ransomware hackers and a 'cash-strapped' university.
Knoxville expects it won't need to pay ransom after IT systems held hostage in cyber attack (WBIE) The city is currently working to have all employee computers up and running within the next 10 days after restoring core system functionality.
DDoS attack on online voting system registered on Saturday - mayor’s office (TASS) No disruption in voting occurred
Cyber attack disrupts Israeli Philharmonic Orchestra virtual concert (The Forward) Viewers attempting to watch the concert were unable to log in due to the sabotage, suspected to be ideologically motivated.
Lion Believes the Beers Are Back on After Ransomware Attack (Gizmodo Australia) Lion has said its breweries are back in action after an alleged ransomware attack crippled its IT systems and production efforts earlier in June.
REvil operators threaten to leak files stolen from Australian firm Lion (Security Affairs) Australian beverage company Lion announced that it has found no evidence that hackers have stolen information from its systems. The Australian brewery and dairy conglomerate Lion suffered two cyber attacks in a few days this month. Lion is a beverage and food company that operates in Australia and New Zealand, and a subsidiary of Japanese beverage […]
Big-name Connecticut legal firm takes a hit from Sekhmet ransomware (IT Wire) A gang of hackers has used the Sekhmet ransomware to attack the site of Coles, Baldwin, Kaiser & Creager, a legal firm based in Connecticut, that has a long list of well-known clients. The company, which is also known as CBK Law, describes itself as having a national experience base with its law...
Security breach impacts Maine State Police database (Boston.com) State police said the most common documents shared on the database are crime information and situational awareness bulletins.
GitHub is down for developers across the world (Computing) GitHub says it has found the problem and is working to resolve it.
Tech giants red-faced over virtual derailments (TimesLIVE) Many events were bedevilled by the poor home connections of presenters, resulting in video and audio breaking up
Cyber Trends
Sponsored content: What treadmills tell us about the state of the office during Covid-19. (The CyberWire) (This article was contributed and sponsored by Extrahop.) Everything from IP phones to printers to treadmills in your office gym connect to a network somewhere—except now there’s nobody in the building to turn them off. A recent security report from ExtraHop did find that most businesses remembered to shut down the exercise equipment when shuttering their doors in an attempt to slow the spread of COVID-19, but can the same be said for other connected devices?
1Password Launches Domain Breach Reports (PR Newswire) 1Password, the world's most trusted enterprise password manager, today announced it is launching a first-of-its-kind domain breach report. Now,...
VPN Consumer Usage, Adoption & Shopping Study: 2020 (Security.org) Last Updated: June 29th, 2020 By Gabe Turner and the Security.org Research Team Even though versions of Virtual Private Network (VPN) technology have been around since the mid-1990s, it hasn’t been until recent years that use of VPNs has become more mainstream, particularly for non-work-related purposes. Personal use has been attributed in part to the increase … Continued
Report says remote working boosts cybersecurity investments in Q1 2020 (Back End News) According to Canalys, the total investment reached $10.4 billion, which includes network security, endpoint security, web and email security, data security, and vulnerability and security analytics…
Insurance fraud trends in 2020: Much the same, yet completely new (BAE Systems) Discover the best practices insurance leaders can take to counter the evolving, evasive world of financial services fraud as we begin a new decade.
The “mobius strip” of cyber security (Global Banking & Finance Review) Over the last few years, cyber criminals have become more agile and possess a higher quality of skill than ever before.
The lack of women in cybersecurity puts us all at greater risk (The Next Web) Women are highly underrepresented in the field of cybersecurity. In 2017, women’s share in the U.S. cybersecurity field was 14%, compared to 48% in the general workforce. The problem is more acute outside the U.S. In 2018, women accounted for 10% of the cybersecurity workforce in the Asia-Pacific region, 9% in Africa, 8% in Latin …
Cybersecurity skills crisis (BAE Systems) Five ways we can crack the cybersecurity skills crunch
Marketplace
Maryland Cybersecurity Buyer's Guide 2020 (Cybersecurity Association of Maryland,) Cybersecurity fatigue exists and may be harming your business
Cerberus Sentinel commences public trading (GlobeNewswire) U.S. cybersecurity services firm starts trading under the symbol “CISO”
Spanish Indra to Lead Key European Defense Projects (Defense World) Spanish Indra to Lead Key European Defense Projects
Forget Trump And Google—Huawei Now Has A Critical New Problem In China (Forbes) Huawei's "darkest secret" has just become a major new threat to the company.
WSJ News Exclusive | Facebook Tightens Controls on Speech as Ad Boycott Grows (Wall Street Journal) Under mounting pressure from advertisers, Facebook said it would start labeling political speech that violated its rules and take other measures to prevent voter suppression and protect minorities from abuse.
Coca-Cola pauses advertising on all social media platforms globally (CNBC) Coca-Cola on Friday announced it will be pausing advertising on all social media.
Starbucks is the latest company to pause advertising across social media platforms (CNBC) Starbucks is the latest company said it will pause advertising on "all social media platforms" and promises to have discussions internally and with media partners and civil rights organizations to stop the spread of hate speech.
Zuckerberg: Facebook will prohibit hate speech in its ads (CNBC) Facebook CEO Mark Zuckerberg on Friday said the company will change its policies to prohibit hate speech in its advertisements.
Facebook Adds Labels for Some Posts as Advertisers Pull Back (New York Times) Posts about voting will direct viewers to accurate information, and violations from important political figures will be marked “newsworthy.”
The hard truth about the Facebook ad boycott: Nothing matters but Zuckerberg (CNN) For years, Facebook has been viewed as one of the only truly indispensable digital advertising platforms for big and small businesses looking to reach the social network's vast audience. Even as the company lurched from one controversy to the next, and endured viral hashtags calling for users to delete the app, its advertising machine kept churning out money, making Facebook seem all but unstoppable.
The advertiser boycott is not going to change Facebook (The Telegraph) Despite pulling the purse strings, advertisers have little power over the social network
Huawei established an Estonian subsidiary (Baltic Times) International technology group Huawei registered private limited company Huawei Technologies Eesti to continue supplying consumer electr...
The geopolitical threat may be catastrophic for the semiconductor industry; several European carriers proactively spoke out in support of Huawei (PR Newswire) The escalating geopolitical tension between China and the US is threatening the security of the global supply chain. As COVID-19 rages...
Fortinet establishes corporate foundation to expand global CSR efforts (Back End News) Fortinet Foundation will be focusing on addressing the cybersecurity skills gap and collaborations to provide security to individuals, organizations, and governments.
Illusive Networks Named to CyberTech100 #114475 (New Kerala) United States News: Illusive Networks Named to CyberTech100 - Illusive Networks, the leader in deception-based cyber defense solutions, announced that it has been selected for the CyberTech100, an annual list of 100 of the worlds most innovative cybersecurity technology companies that are crucial to the financial industry....
Why this internet pioneer moved his cyber firm here with plans to double in size (Orlando Business Journal) Glesec LLC employs 25 people with plans to hire another 26.
XM Cyber Wins 2020 Fortress Cyber Security Award (PR Newswire) The Business Intelligence Group today announced that XM Cyber has won the 2020 Fortress Cyber Security Awards in the threat modeling category....
Norton Rose Nabs BakerHostetler Cybersecurity & Privacy Pro (Law360) Norton Rose Fulbright has hired a seasoned BakerHostetler data protection, privacy and cybersecurity lawyer as a partner in its Houston office, where he will focus on incident response, risk mitigation and compliance.
SentinelOne hires Chuck Fontana as Senior Vice President of Corporate and Business Development (Help Net Security) SentinelOne has announced the appointment of Chuck Fontana as Senior Vice President of Corporate and Business Development.
Products, Services, and Solutions
Digi International Introduces Versatile Digi IX20 Router for Industrial, Remote Location Monitoring and for Unattended Retail and Digital Signage Applications (Digi International) Industrial router provides rugged, right-sized connectivity to support industrial infrastructure, critical assets, digital signage, retail kiosks, and service terminals
Top 10 Bounty Programs 2020 (HackerOne) The biggest, fastest, and most lucrative bounty programs on the HackerOne platform
New Honeywell Forge features ensure business continuity in the face of mounting cyberthreats (Help Net Security) Honeywell announced the latest release of its Forge Cybersecurity Suite that includes several enhancements to help ensure business continuity.
Futurex launches VirtuCrypt financial cloud HSM to support critical payment systems cryptography (Help Net Security) Futurex’s VirtuCrypt financial cloud HSM service supports financial services orgs’ critical payment systems cryptography and key management needs.
Israeli Firm BioCatch Surpasses 150 Million Anonymous Behavioral Profiles (Israel Defense) The firm says it possesses the largest set of behavioral profiles worldwide to eliminate online fraud
Safe-T® Launches its Zero-Trust Secure File Access Solution Received First Order from a Leading Intelligence Unit (GlobeNewswire) The Solution is the First-to-Market SMB Proxy for Windows File Sharing
Microsoft Scores Stunning Strike Against Zoom With Major New Feature (Forbes) Microsoft has just scored a stunning strike against its biggest rival Zoom with a major new Teams feature.
Technologies, Techniques, and Standards
Cyber Threat Scores - What you need to know (EC-Council Official Blog) The ongoing battle of ever-rising cyberattacks has required defenders to innovate new methods to remain ahead of advanced cyber threats. The newest threats require actionable intelligence with reliable threat scores so that they’re thwarted before they damage the infrastructure.
Apple strong-arms entire CA industry into one-year certificate lifespans (ZDNet) Apple, Google, and Mozilla reduce the lifespan for HTTPS certificates to 398 days, against the wishes of Certificate Authorities.
VPN Won’t Keep You Safe Without a Strong SIEM By Its Side (Infosecurity Magazine) Think VPN is keeping you safe while working from home? Think again
Three major banking fraud types… and what to do about them (BAE Systems) It’s important to understand the major fraud types likely to emerge over the coming months and what can be done to minimise risk
The banker in 2050: The role of the human in fighting financial crime for the digital age (BAE Systems) Explore how humans and machines will work together, maximising the potential of both, to shape a sector ready for the challenges and opportunities of tomorrow.
Looking back at the NotPetya cyber attack anniversary (Includes interview) (Digital Journal) Three years on from a major global cyberattack, there remain lessons to be considered from the NotPetya cyber attack, according to David Grout, CTO EMEA at FireEye.
US, allies prep for cyber attacks in time of COVID-19 with virtual war games (WRAL TechWire) Defense Department officials briefed reporters on virtual war games that digital combatants from U.S. and allied militaries have been holding to sharpen their abilities to counter online threats with
How to strengthen convenience store security (Petrol Plaza) High traffic and employee turnover make the more than 150,000 convenience stores (C-stores) in the U.S. attractive targets for cyber-criminals. The nature of the C-store environment makes it difficult to deliver compliance and sta
Design and Innovation
WSJ News Exclusive | Facebook Tightens Controls on Speech as Ad Boycott Grows (Wall Street Journal) Under mounting pressure from advertisers, Facebook said it would start labeling political speech that violated its rules and take other measures to prevent voter suppression and protect minorities from abuse.
Research and Development
Researchers target truckload data security threats (FleetOwner) Hacking and forensics tools are helping researchers determine the schematics of how heavy trucks are constructed so they can pinpoint cybersecurity vulnerabilities in commercial vehicles.
Academia
Security vendor Webroot slams Govt's plan to reduce university fees for STEM subjects (CRN Australia) Questions if move will be effective.
Three students win DOD Cyber Scholarships (University of North Georgia) For the second year in a row, three University of North Georgia (UNG) students have received the Department of Defense (DOD) Cyber Scholarship. Two have received the honor for the second time, while one is a new recipient.
Legislation, Policy, and Regulation
Why Is U.S. Policy Tough On Huawei And TikTok But Not Lenovo? (Forbes) With FIRRMA, Congress now requires CFIUS to evaluate privacy and cybersecurity implications of foreign investment.
WSJ News Exclusive | U.S. Presses Europe to Uproot Chinese Security-Screening Company (Wall Street Journal) Amid a global anti-Huawei effort that has seen mixed results, the U.S. sets another Chinese tech company in its crosshairs: Nuctech, a state-controlled firm that is quietly dominating Europe’s cargo and airport screening market.
New US sanctions could lead to shortage of Huawei chips, experts warn (The Telegraph) New US sanctions include restrictions on American-made chip design software
Indian government looks to ban Chinese vendors like Huawei and ZTE from participating in 5G trails (The Indian Wire) Ministry of Home Affairs has decided to review the matter and take a final call and is likely to ban Chinese vendors.
India Will Have to Take the Lead in Taming a Bully China (Patna Daily) World needs to unite to take on China collectively.
Scholar wonders how national security will be defined (The Standard) A prominent law expert slammed the central government’s approach today in drawing up a national security law for Hong Kong, saying people in the city are being kept in the dark, RTHK reports.Uni...
China: National security law for Hong Kong risks turning city into police state (Amnesty International) China: National security law for Hong Kong risks turning city into police state
NPC Standing Committee reviews HK security law (RTHK) China's lawmakers have reviewed a draft of the national security bill for Hong Kong during a special meeting held by the National People's Congress Standing Committee, state media Xinhua reported on Sunday.
As the Computer Misuse Act Turns 30, Critics Say Reform is Desperately Overdue (Computer Business Review) Critics of the Computer Misuse Act have written to the Prime Minister, saying the 30-year-old legislation blanket-criminalises security research.
EU Privacy Regulators Found to Lack Staff, Funds to Enforce GDPR (Wall Street Journal) Some European Union privacy regulators don’t have enough money or staff to properly enforce the bloc’s privacy rules, according to an EU assessment.
Duterte: Make cyberspace a safe and empowering space for women (Manila Bulletin News) President Duterte has called on Southeast Asian nations to make cyberspace a safe and empowering space for women, saying any gender-based violence in the virtual world is wrong and abhorrent.
DHS Tells Social Media Sites To Police Protest Posts (Law360) The acting head of the Department of Homeland Security has sent letters to Facebook, Twitter, Snap, Google and Apple asking them to stop people from using their platforms to "organize, facilitate or incite dangerous or deadly riots" in the wake of police brutality protests across the country.
Controversial Data-Mining Firm Palantir Vanishes From Biden Adviser’s Biography After She Joins Campaign (The Intercept) Within a few days of joining the Biden campaign, the biography of former top intelligence official Avril Haines no longer listed her work for Palantir.
Calif. Gov. Urged To Scrap July 1 Start For CCPA Enforcement (Law360) A leading advertising trade group is taking its fight to temporarily halt enforcement of California's Consumer Privacy Act to the state's governor, arguing that the attorney general's pending regulations on how companies should implement the law contain unconstitutional requirements that exceed the regulator's authority.
Surveillance Reformers Seize Moment Amid Protests, Virus (Law360) A growing movement for police reform and added scrutiny of privacy in the age of COVID-19 have combined to add momentum to the push for limits on government surveillance.
Frosty the Yes-man (TheArticle) After several days, swirling rumours have finally solidified into events, and Mark Sedwill, since 2018 Britain’s Cabi...
Money Laundering in Financial Markets (BAE Systems) Investment banks face a multitude of risks – not least countering the threat from money launderers. Gary Kalish examines how regulators, policymakers and financial institutions can together deliver a strong digital defence.
Litigation, Investigation, and Law Enforcement
'Flabbergasted': Dastyari calls for judicial inquiry into foreign influence in politics (The Sydney Morning Herald) The former Labor senator Sam Dastyari called for a royal commission or commission of inquiry to "get to the bottom of it".
China slams Canada's 'megaphone diplomacy' over spy case as it looks to extradite Huawei exec (ThePrint) Canada has questioned China's prosecution of two Canadians, who were arrested on charges of spying just days after Huawei's Meng Wanzhou was detained in Vancouver.
Does analyzing employee emails run afoul of the GDPR? (Help Net Security) A desire to remain compliant with the GDPR and other privacy laws has made HR leaders wary of any new technology for analyzing employee emails.
()
Privacy commissioners say LifeLabs failed to protect heath information of millions (Insurance Business) Testing laboratory reported that it suffered a massive cyberattack
It’s unconstitutional for cops to force phone unlocking, court rules (Ars Technica) US courts disagree on whether suspects can be forced to unlock their phones.
EasyJet Lawsuit Over Data Breach Attracts 10,000 Passengers (Bloomberg) EasyJet Plc faces a lawsuit over a data breach disclosed last month that potentially exposed private details of 9 million passengers.
Facebook Inc says it does not have contractual relationship with Australian users (ZDNet) It said only Facebook Ireland carried on business in Australia when local users' data were collected as part of the Cambridge Analytica scandal.
Chinese Prof Guilty Of Economic Espionage Over Phone Tech (Law360) A professor at a Chinese university was found guilty of economic espionage, theft of trade secrets and conspiracy on Friday in California federal court following a bench trial over allegations he stole trade secrets from Avago Technologies and Skyworks Solutions Inc.
Russian leader of Infraud stolen ID, credit card ring pleads guilty (ZDNet) The Infraud Organization was once known as a major player in the carding world.
Russian Cybercrime Boss Burkov Gets 9 Years (KrebsOnSecurity) A well-connected Russian hacker once described as “an asset of supreme importance” to Moscow was sentenced on Friday to nine years in a U.S. prison after pleading guilty to running a site that sold stolen payment card data, and to administering a highly secretive crime forum that counted among its members some of the most…
Satori IoT botnet author sentenced to 13 months in prison (Naked Security) Kenneth Schuchman, the creator of the massive Satori botnet of enslaved devices, will be spending 13 months behind bars.
()
Data Scraper Asks High Court To Leave LinkedIn Ruling Alone (Law360) Data analytics startup hiQ Labs Inc. has urged the U.S. Supreme Court not to review a Ninth Circuit ruling that made way for the startup to scrape LinkedIn's publicly available information in order to resell it, arguing that the appeals court's reading of the Computer Fraud and Abuse Act to exclude viewing and gathering public information is correct.
Pa. Convenience Store Chain Wants Data Breach Suit Tossed (Law360) A chain of Pennsylvania gas stations and convenience stores has said it had no explicit or implicit duty to protect consumers' credit card information from hackers in its privacy statement or when customers make purchases, and it urged a federal court to toss a proposed class action over a 2018 data breach.
Expert witness: delivering evidence from the dark web when data breaches go to court - (Enterprise Times) Expert witnesses, with experience of operating and finding information on the Dark Web are key when it comes to class-action lawsuits over PII