Cyber Attacks, Threats, and Vulnerabilities
How North Korea’s army of hackers stole $2bn through cyber bank heists (The Telegraph) North Korean hackers are attempting to raise money for the regime by stealing from financial institutions and cryptocurrency exchanges
TrickBot malware mistakenly warns victims that they are infected (BleepingComputer) The notorious TrickBot malware mistakenly left a test module that is warning victims that they are infected and should contact their administrator.
Malware adds Any.Run sandbox detection to evade analysis (BleepingComputer) Malware developers are now checking if their malware is running in the Any.Run malware analysis service to prevent their malware from being easily analyzed by researchers.
Cerberus Malware Emerged On Play Store As Cryptocurrency Converter (Latest Hacking News) Cerberus malware, the bankign trojan, recently appeared on Play Store targeting Spanish users by mimicking a Spanish cryptocurrency converter app.
Android users beware: you can't just delete an app to stop this latest threat (Express.co.uk) ANDROID users have been placed on high alert about an ever-evolving malware threat that's sent directly to your smartphone.
Records of 45 million+ travelers to Thailand and Malaysia surfaced in the darkweb (Security Affairs) Experts from Cyble discovered the availability on the darkweb of records of over 45 million travelers to Thailand and Malaysia from multiple countries. Experts from threat intelligence firm have discovered the availability on the darkweb of records of over 45 million travelers to Thailand and Malaysia from multiple countries. The huge trove of data was […]
Records of 45 Million+ travelers to Thailand and Malaysia Leaked on Darkweb!! (Cyble, Inc) Update as on July 12, 2020: Recently, when
Football Fans’ Data Exposed Through Bucket Misconfiguration (WizCase) WizCase uncovered a significant amount of personal data exposed by a popular Mexican fantasy football site, Fut Fantastico. The breach revealed various parts of identifiable information, including the full names, email addresses, dates of birth, IP addresses, and more, of over 150,000 both active and inactive users. The misconfigured bucket has been secured after ...
IRS warns about tax scams ahead of July 15 deadline (Fox News) The tax deadline of July 15 is almost here and the IRS has issued a fresh warning about scams.
Instagram: '3 Of Your Pictures' DM Scam (ScreenRant) Don't fall for this Instagram phishing scam.
Hacker breaches security firm in act of revenge (ZDNet) Hacker claims to have stolen more than 8,200 databases from a security firm's data leak monitoring service.
Lack of security measures led to cyber attack on PDD Data Centre (Daily Excelsior) Most of servers don’t have firewalls; AMC expired in 2018 No timeframe for restoration of online services Mohinder Verma JAMMU, July 12: Shocking it may
Xerox, US reseller hit with demands from maze hackers (CRN Australia) Claiming economic hardships related to COVID-19.
Argenta shuts down 143 cash machines after new cyber-attack (The Brussels Times) The Antwerp-based savings bank Argenta has shut down 143 cash machines after suffering two new cyber-attacks at the weekend. The bank suffered its first cyber-attack at the end of June, when thieves a
Hackers using 'big game hunting' tactics to target businesses (Insurance News) Digital criminals are stepping up their attacks on businesses using a new tactic described as “big game cyber hunting” to extort ransom from victims, law firm Clyde and Co says.
X-FAB on Track to Resume Production After Cyber Attack (BusinessWire) Regulatory News: X-FAB Silicon Foundries SE (BOURSE:XFAB) X-FAB Group, whose IT systems and production lines were stopped to prevent damage following
Vancouver Coastal Health warning of scammers impersonating hospital staff (NEWS 1130) Vancouver Coastal Health is out with a warning about a new scam, where someone appears to be representing themselves as a hospital employee.
Dunzo, Elyments apps suffer cyber attack (Deccan Herald) Last weekend, two popular Indian apps Dunzo and Elyments revealed that they suffered a major cyber attack.
India's Delivery App Dunzo Hit By Data Breach (PYMNTS.com) Indian delivery startup Dunzo, which is backed Google, has suffered a data breach, although it said users' credit card numbers were not accessed.
Baton Rouge Clinic, AMC hit by cyber-attack (BRProud.com) If you have used the e-mail or phone system with the Baton Rouge Clinic, you might want to read the rest of this story. In the interest of transparency, the BR Cl…
Cyber Criminals Target Teachers by Filing Fraudulent Unemployment Claims (Spectrum) Fairport is the first to go public with the incident.
Security Patches, Mitigations, and Software Updates
Zoom fixes zero-day RCE bug affecting Windows 7, more updates soon (BleepingComputer) The Zoom web conference Client contained a zero-day vulnerability that could have allowed attackers to execute commands on vulnerable systems remotely.
Microsoft may have made a huge jump in improving Windows 10 security (TechRadar) Windows 10 should be secured from wider number of threats thanks to Microsoft upgrade
Poppy Gustafsson: Lockdown has fuelled a cyber crimewave (Times) Poppy Gustafsson pops up on a video link from Cambridge with a dire warning. The chief executive and co-founder of cyber-security firm Darktrace provides governments and companies with tools to repel
The Number of Stolen Logins Circulating On Dark Web Increased By 300 Percent since the Year 2018 (Digital Information World) The researchers discovered that the vast majority of victims are consumers, and it is important that we start making efforts to protect our credentials.
Municipalities Remain Ripe Targets for Cyber Attacks: Research (MSSP Alert) Cities and towns remain enticing target for malware and cyberattacks, a KnowBe4 paper titled "The Economic Impact of Cyber Attacks on Municipalities" explains.
Spyware and stalkerware usage surges during lockdown - (Enterprise Times) Avast has seen a significant surge in spyware and stalkerware during lockdown and says that users should ensure security on their devices is up to date
New report reveals countries most targeted by 'significant' cyber-attacks (Security Brief) Specops Software has unveiled its report listing the countries most-often falling victim to assaults on government agencies, defence departments and other high-value infrastructure.
Not enough being done to combat email fraud in A/NZ - report (Security Brief) New research from SMX has revealed neither private companies nor government agencies have done enough to stamp out phishing and spoofing campaigns throughout Australia and New Zealand.
Embraer invests in cyber security company Tempest (Business Jet Interiors) Brazilian aviation giant Embraer has announced a capital investment in Tempest Security Intelligence, resulting in a majority interest in the company. The largest cybersecurity company in Brazil, Tempest, positions itself as a provider of complete solutions for business protection in the digital world. With offices in Recife, São Paulo, and London, it serves more thanRead More
Rackspace Technology files for IPO four years after going private (CRN Australia) Four years after privatization.
AustCyber says digital trust required to boost Aussie economy (ZDNet) A globally competitive Australian cybersecurity sector will ultimately underpin the future success of every industry in the national economy, the non-profit's CEO has said.
Cybersecurity firms gain currency (Livemint) Investors are being drawn to the sector as global spending on security is likely to rise following the covid pandemic.Large-scale transition to remote work is behind a surge in investor interest in cybersecurity firms
USAF Air Combat Command selects TEC for future cyber-training mission (DVIDS) About 20 students will undergo the pilot Mission Defense Team class this mid-August.
Huawei’s window of opportunity closes (The Bull) When the United Kingdom completed its telecom supply chain review last year it gave a green light to Huawei by concluding that nationality-based bans did nothing to improve network security and could actually harm it by weakening competition. Executives at Huawei celebrated what they saw as a victory for evidence-based decision-making. The decision also seemed...
Huawei: Experts say expanding 5G will boost regional economies during COVID-19 recovery (ITP.net) Public and private sector leaders discussed accelerating 5G connectivity at recent SAMENA Telecommunication Council Leaders’ Summit
Amazon Backtracks From Demand That Employees Delete TikTok (New York Times) TikTok, owned by the Chinese company ByteDance, has been under scrutiny as a potential national security threat.
Amazon Says Email Ordering Employees to Delete TikTok Was Sent in Error (Wall Street Journal) The company reversed a demand that employees remove the app from company mobile devices, a shocking turnabout from a dictate that just hours before had stoked concern about the app’s security and ties to China.
Facebook Mulls Political-Ad Blackout Ahead of U.S. Election (Bloomberg) Limiting political ads may help curb spread of misinformation. Decision on ban has not yet been made, people familiar say.
Cyber security firm set to expand post-lockdown (The Northern Echo) A CYBERSECURITY firm based in Seaham, is bucking the trend by expanding its workforce following lockdown, at a time when other businesses are…
Sabrina Soussan to take over as CEO of dormakaba next April (Security Info Watch) Company also announces changes to its board of directors
Open Raven expands leadership team by appointing three cloud and security industry veterans (Help Net Security) Open Raven announced a significant expansion of its leadership team with the appointment of three cloud and security industry veterans.
Products, Services, and Solutions
SANS Institute Game Now Available in Middle East (Infosecurity Magazine) SANS Institute makes CyberStart available to students in the Middle East and Africa
Microsoft wants to kill off Linux malware for good (TechRadar) Project Freta detects Linux malware for free
New cyber insurance provider for SMBs moves into Canada (IT World Canada) Coalition offers passive network monitoring for vulnerabilities in addition to coverage for cyber incidents and technology failures
Kaspersky unveils endpoint security solution for smaller firms with limited expertise (ITWire) Russian security vendor Kaspersky has unveiled a reworked Integrated Endpoint Security solution which provided endpoint detection and response, including better visibility into endpoints, simplified root cause analysis and automated response options, to organisations that have limited resources and...
Quick Heal launches new cybersecurity solutions (Hindu BusinessLine) Quick Heal Technologies, one of the leading providers of cybersecurity and data protection solutions, has launched its next-generation suite of cybersecurity solutions for digital consumers.The compan
Technologies, Techniques, and Standards
How to work out if you’ve been hacked and what to do about it (WIRED UK) Facebook. Google. Netflix. Sometimes your accounts get compromised, here’s what to do when it happens
A Guide to Data Security for Law Firms in 2020 (Embroker) Law firms are targeted by hackers because of their priveledged information and lack of cybersecurity best practices. Learn strategies to prevent attacks.
7 Actionable Tips to Secure Your Smart Home and IoT Devices (Digital Market News) As you welcome the Internet of Things (IoT) into your house, turning it into a "smart" home, you're also likely which makes it an "insecure" home. Here are
Why Future-Proof Employee Training Always Includes Feedback Loops (Digital Market News) If you consider your self as having a “super hardcore work ethic, talent for building things, common sense and trustworthiness,” then very good news. You just met most of Elon Musk’s criteria for stellar career-building spaceships, proving it doesn’t take a rocket scientist to obtain a job at SpaceX.
Cyber Insurance An Overview (BW CIOWORLD) Miscellaneous-With the threat landscape increasing rapidly, cyber insurance is becoming a necessity. It is critical to ensure that you have the right level of cover, the right cyber security events covered and follow basic cyber hygiene as well as access control practices to avoid any issues when it comes to claiming for any cyber security related losses.
Design and Innovation
Read Before Pontificating on Quantum Technology (War on the Rocks) Quantum technology — and quantum computing more specifically — has become quite the popular topic in national security circles. The extraordinary level of
Microsoft says it will not support PHP 8.0 for Windows in 'any capacity' (Computing) The company currently supports the development of PHP 7.3 and PHP 7.4 and is providing assistance with security fixes for PHP 7.2
Research and Development
NIST kick-starts ‘threshold cryptography’ development effort (Security Magazine) A new publication by cryptography experts at the National Institute of Standards and Technology (NIST) proposes the direction the technical agency will take to develop a more secure approach to encryption. This approach, called threshold cryptography, could overcome some of the limitations of conventional methods for protecting sensitive transactions and data.
RevBits announces issuance of two U.S. patents covering next generation email security for MS Outlook users (PR Newswire) Cybersecurity software provider RevBits today has announced that the United States Patent and Trademark Office (USPTO) has issued U.S. Patents...
Chicago Hopes Broadband Plan Could Help Other Cities Address Digital Divide (Wall Street Journal) Officials and donors involved in an ambitious plan to provide free broadband to students in Chicago’s poorest neighborhoods hope that the public-private partnership can be a model for efforts to address digital equity issues elsewhere in the U.S.
Legislation, Policy, and Regulation
Google: Mitigating disinformation and foreign influence through social media a joint effort (ZDNet) The local arm of the search giant wants to see cooperation between the likes of industry, the technical community, and government, in addition to education efforts spanning schools and senior citizens.
Cyberwarfare: The changing role of force (Help Net Security) The undefined parameters of cyber conflict leaves nation-states in the dark when it comes to how best show cyber strength and superiority.
Trump Claims Credit for 2018 Cyberattack on Russia (New York Times) The move was intended to deter Russians from interfering in the midterm elections, and serve as a test of America’s capability to protect the 2020 elections.
Trump confirms, in an interview, a U.S. cyberattack on Russia (Washington Post) During an Oval Office interview with me this week, President Trump acknowledged for the first time that, in 2018, he authorized a covert cyberattack against Russia’s Internet Research Agency, the St. Petersburg-based troll farm that spearheaded Russian interference in the 2016 presidential election and was doing the same in the 2018 midterm elections.
Trump confirms cyberattack on Russian trolls to deter them during 2018 midterms (Washington Post) President Trump has acknowledged in an interview with a Washington Post columnist that he ordered a clandestine military cyberstrike against Russian trolls in 2018 to disrupt their Internet access during the midterm elections.
Trump confirms US launched cyber attack on Russia in 2018, accuses Obama of inaction (Republic World) In an interview, Trump acknowledged that his administration had led efforts to stop the spread of disinformation around the 2018 midterm elections.
Cyber Command’s measure of success? Outcomes (C4ISRNET) U.S. Cyber Command officials said that when they examine whether any given operation or even when a strategy has been successful, they’re not looking at metrics, but rather outcomes.
UK 'on alert for China cyber attack' in retaliation for Hong Kong (Metro) A cyber assault could damage computer networks, cause power and phone blackouts and bring hospitals, government and businesses to a standstill.
UK-China ties freeze with debate over Huawei, Hong Kong (Star Tribune) Only five years ago, then-British Prime Minister David Cameron was celebrating a "golden era" in U.K.-China relations, bonding with President Xi Jinping over a pint of beer at the pub and signing off on trade deals worth billions.
How can European countries choose between American pressure and China's 5G technology? (CGTN) The European Union could appear as a game changer in the framework of the competition between the United States and China, especially when the tech domain is analyzed.
UK government expected to order removal of Huawei 5G equipment by 2025, report (Computing) Meanwhile, Huawei has requested a meeting with the Prime Minister as last-ditch effort to delay its removal
Why the UK might hang up on 'high risk' Huawei (BBC News) The Chinese telecoms equipment provider's fate in the UK is set to be revealed on Tuesday.
Huawei too valuable for UK to lose, according to network execs (Micky News) Network executives from BT and Vodafone told MPs that there would be massive signal blackouts if the U.K. decides to ban Huawei.
Inside TikTok’s dystopian Chinese censorship machine (The Telegraph) Exclusive: Documents reveal how TikTok's Chinese version, Douyin, uses facial recognition to police foreigners. And that's just the start
Rise of Kim Jong-un’s sister marks increase North Korean cyberattacks (The Washington Times) A cyber “spear phishing” campaign believed to be run by North Korean intelligence operatives who impersonate American journalists and South Korean diplomats on email with the goal of hacking U.S.-based North Korea analysts and human rights advocates has grown increasingly brazen in recent months, according to sources familiar with the campaign.
Master digital platform to ensure cyber security, says minister (Malay Mail) Following an increase in hacking cases during the movement control order (MCO) period, the government will set up a master digital platform to ensure cyber security. Minister in the Prime Minister’s Department (Special Functions), Datuk Seri Mohd Redzuan...
Cyber-regulatory 'mishmash' exposes nation to attack (Australian Financial Review) Australia lacks a cohesive unified approach to cyber regulation, with multiple standards and numerous regulators but none with overall responsibility, experts say
New Zealand Advances New Privacy Bill (Lexology) On June 26, 2020, New Zealand Justice Minister Andrew Little announced that the bill to repeal and replace New Zealand’s existing Privacy Act 1993…
Sanctions won’t protect elections (Pueblo Chieftain) Russia plans to meddle in the 2020 election, according to a statement jointly issued by the FBI, Department of Justice, and National Security Agency.
US Secret Service creates new Cyber Fraud Task Force (BleepingComputer) The U.S. Secret Service announced the creation of the Cyber Fraud Task Force (CFTF) after the merger of its Financial Crimes Task Forces (FCTFs) and Electronic Crimes Task Forces (ECTFs) into a single unified network.
Coinbase is selling blockchain analytics software to the US Secret Service (The Block) Crypto exchange Coinbase is providing its blockchain analytics software to the U.S. Secret Service, a federal law enforcement agency under the Department of Homeland Security.
CBP says it’s “unrealistic” for Americans to avoid its license plate surveillance (TechCrunch) The agency also warned that it can search license plate data from "anywhere in the United States."
California Consumer Privacy Act (Law Gazette) Data protection.
Litigation, Investigation, and Law Enforcement
Submarine Cables in the Law of Naval Warfare (Lawfare) The interdependence of global submarine communication systems means that a break in the vast network of seabed cables during armed conflict could have cascading effects on internet access. Yet the law of naval warfare is underdeveloped in this area.
Russian hacker found guilty for Dropbox, LinkedIn, and Formspring breaches (ZDNet) Sentencing scheduled for September 2020.
Trump Commutes Sentence Of Longtime Ally Roger Stone (Law360) President Donald Trump on Friday commuted the sentence of his friend and adviser Roger Stone, who had been ordered to serve 40 months in prison following his convictions for witness tampering, lying to Congress and obstructing probes into Russian interference in the U.S. presidential election.
How FBI Used Instagram and Snapchat to Capture Flamboyant Nigerian $441 Million Online Scammer (Mwakilishi) Police in the US are holding a 37-year-old Nigerian national accused of masterminding a $441 million cyber scam.
Rich Instagrammer arrested after posts reveal where money came from (9News) Ramon Abbas flaunted a lavish lifestyle of private jets, designer clothes and luxury cars. His flamboyant p...
Can individuals claim damages for loss of control over their personal data (Lexology) A break from the usual corporate and commercial case review for the Full English team as we tuck into a data protection case which has the potential…
LinkedIn Sued For Spying on Clipboard Data After iOS 14 Exposes Its App (Wccftech) LinkedIn, owned by Microsoft, has been sued for secretly snooping on user’s clipboard data, including the clipboard information that is synced between Apple devices.
Former employee cost company six-figures in revenge cyber attack (East Anglian Daily Times) A ‘remorseless’ man from Dovercourt has been convicted for a cyber attack which he carried out on his former employers after being dismissed from the company.
Officer challenges Army’s Facebook ban (The Hindu) An Army officer has challenged in the Delhi High Court the recent directive banning the usage of social networking platforms, including Facebook and Instagram, in all ranks.Lt. Col. PK Choudhary said