Cyber Attacks, Threats, and Vulnerabilities
High-profile Twitter accounts simultaneously hacked to spread crypto scam (TechCrunch) The scammers have raised $20,000 — and rising — in less than an hour.
Twitter silences some top accounts after internal systems hacked (Reuters) Twitter said hackers accessed its internal systems to hijack some of the platform's top voices including U.S. presidential candidate Joe Biden, reality TV star Kim Kardashian, former U.S. President Barack Obama and billionaire Elon Musk and used them to solicit digital currency.
Major US Twitter accounts hacked in Bitcoin scam (BBC News) Twitter says a hacking attack on employees was to blame for one of its biggest ever security lapses.
Widespread Twitter Hack Reaches Bill Gates, Kanye West, Elon Musk, Joe Biden and Barack Obama (Wall Street Journal) Apple was also apparently hacked. It was latest in a series of security failures on the social-media platform.
Hackers appear to target Twitter accounts of Elon Musk, Bill Gates, others in digital currency scam (CNBC) Tesla CEO Elon Musk was the first high-profile account to be hacked, with a tweet early Wednesday afternoon that promised to double any payments sent to a bitcoin address.
Twitter hack: Bitcoin scam targets Elon Musk, Joe Biden and Barack Obama
(The Telegraph) The hackers posted spam links and asked people to send money to Bitcoin accounts
Hackers Convinced Twitter Employee to Help Them Hijack Accounts (Motherboard) After a wave of account takeovers, screenshots of an internal Twitter user administration tool are being shared in the hacking underground.
Twitter shut off the ability for many people to tweet after massive hack (The Verge) Twitter temporarily shuts down for some users.
()
The Cybersecurity 202: Twitter breach is another warning shot for election security (Washington Post) This time, the massive Twitter hack yesterday was seemingly just a petty scam to raise bitcoin — at least based on what's known so far. But next time, it could be far more serious.
'Russian actors' tried to interfere with 2019 General Election (Herald Scotland) Russian hackers "almost certainly" tried to interfere with the UK General election in December, the Foreign Secretary has confirmed.
Russian hackers are targeting coronavirus scientists with phishing and malware attacks (ZDNet) Advisory from the UK's National Cyber Security Centre warns of an active spear-phishing campaign going from APT 29 - a hacking group associated with Russian intelligence services - in an effort to steal research data.
Advisory: APT29 targets COVID-19 vaccine development (National Cyber Security Centre) Detection and mitigation advice for organisations involved in coronavirus vaccine development targeted with custom malware by APT29.
U.S., UK, Canada Warn Against Russian-Led COVID R&D/Vaccine Attacks (Meritalk) Cybersecurity agencies in the United States, United Kingdom, and Canada issued a joint warning July 16 accusing Russian intelligence services of targeting COVID-19 research and vaccine development facilities with cyberattacks.
Chinese state hackers target Hong Kong Catholic Church (ZDNet) EXCLUSIVE: Spear-phishing operation targets members of the Hong Kong Catholic Church.
New Research Exposes Iranian Threat Group Operations (Security Intelligence) IBM X-Force IRIS has uncovered details on the operations of the suspected Iranian threat group ITG18, which overlaps with Charming Kitten and Phosphorous
Deepfake used to attack activist couple shows new disinformation frontier (Reuters) Oliver Taylor, a student at England's University of Birmingham, is a twenty-something with brown eyes, light stubble, and a slightly stiff smile.
Hunting for backdoors in counterfeit Cisco devices (News Anyway) F-Secure’s investigation highlights challenges facing organizations that discover counterfeit components in their IT infrastructure.
Fraudsters Target Investors In New Sophisticated Scams (Law360) Investment firms and clients have been hit by a fresh wave of schemes in which criminals set up complex bogus networks that have fleeced victims of millions in total, asset managers have warned.
TikTok “Unnecessarily Endangers Data” on Phones Used By Employees Working From Home During COVID-19 (IAITAM) Popular App Revives Earlier Concerns About Fitbit, Pokémon Go Licenses and App Permissions That Could Jeopardize Company/Client Data CANTON, OH – July 15,
Abracadabra! - CryptBB demystifying the illusion of the private forum (Digital Shadows) You wouldn't usually associate cybercriminal forums with the mysterious "Magic Circle," (for non-Brits less familiar with the subject, the Magic Circle is a...
Android Phones Might Be More Secure Than iPhones Now (OneZero) What the market for zero-day exploits tells us about our phones
Ransomware criminals are targeting US universities (The Middletown Press) As COVID-19 cases in the U.S. continue to climb, government and higher education leaders have been focused on doing what it takes to protect campus communities from the global pandemic. But college and university leaders would be wise if they were just as vigilant about protecting their sensitive data from the cybercriminals who are becoming increasingly sophisticated about encrypting the colleges' data and making the colleges pay a ransom to get it back.
Cyber Trends
Cybersecurity threatscape Q1 2020 (PT Security) The number of cyberincidents is growing rapidly. In Q1 2020, we detected 22.5 percent more attacks than in Q4 2019.
Global State of the Internet Security & DDoS Attack Reports (Akamai) Akamai State of the Internet Security Reports cover the origins, tactics, types and targets of cyber-attacks, and emerging threats and trends based on analysis of recent DDoS and web application attacks by cybersecurity and DDoS mitigation experts.
Media Industry Full of Credential Stuffing Attacks: Akamai (PR Newswire) The media industry suffered 17 billion credential stuffing attacks between January 2018 and December 2019 according to a new report from Akamai...
Credential Stuffing Attacks against Media companies very common, says: Akamai (Which-50) The media industry suffered 17 billion credential stuffing attacks between January 2018 and December 2019 according to a new report from Akamai, the
Coalfire Releases 2020 Cloud Security Report (PR Newswire) Coalfire, a provider of cybersecurity advisory and assessment services, today released its latest research report, The Smartest Path to Your...
Marketplace
Acronis Acquires DeviceLock to Add Data Leak Prevention and Device Control to Growing Cyber Protection Portfolio (BusinessWire) Acronis, a global leader in cyber protection, today announced the acquisition of DeviceLock, Inc., a leading provider of endpoint device/port control
Dell confirms VMware spin-off plans (CRN Australia) Dell has 81 percent equity share in virtualisation leader.
Auth0 Raises $120M (Crunchbase News) Identity platform Auth0 has raised $120 million in its Series F round, bumping its valuation up to $1.92 billion.
CyberSmart Raises £5.5M in Series A Funding (FinSMEs) CyberSmart, a London, UK-based cybersecurity company, raised £5.5m in Series A funding. The round was led by IQ Capital
GoSecure Raises $20M in Series E Funding (FinSMEs) GoSecure (fka CounterTack), a Montreal, Canada and La Jolla, CA-based provider of Managed Detection and Response (MDR) solutions, closed a $20M USD Series E funding
Forescout Takes Haircut in New Buyout Agreement with Advent (Wall Street Journal) The cybersecurity Forescout Technologies Inc. has agreed to a revised buyout deal to complete a sale to the private-equity firm that stalled in May because of economic impacts of the coronavirus.
TikTok Enlists Army of Lobbyists as Suspicions Over China Ties Grow (New York Times) The viral social media app has beefed up its lobbying operation to counter several potential actions in Washington that could threaten the company’s future.
Twitter's rigid fact-check rules allow Trump to continue spreading false information about the election (CNN) The world took notice on May 26, when Twitter fact-checked President Donald Trump for the very first time. Trump posted a series of blatant lies about mail-in voting, and declared that "this will be a rigged election." Twitter responded swiftly, saying that the viral posts contained "potentially misleading" information, and slapped a fact-check label on them.
Bug Bounties: What It Takes to Succeed (and Get Paid) (Dice Insights) In the uncertain times that COVID-19 and the rush to work-from-home has created, there is one constant: Software is still full of bugs and someone needs
Krista Todd Leaves Logitech To Head NortonLifeLock Comms (Provoke Media) Logitech's global communications head has joined the cyber safety company formerly known as Symantec after ten years.
Products, Services, and Solutions
IGEL Ready Program Opens Edge OS for Unlimited Partner Integration (IGEL) IGEL, the edge OS leader for cloud workspaces, today announced the launch of IGEL Ready, a new program that opens up the company’
StealthPath Zero Trust Solution Wins IBM "Think Build Grow' Competition (Yahoo) IBM has selected StealthPath to become a member of its Think Build Grow innovation ecosystem. This program identifies "big idea" solutions leveraging cloud and AI technologies, and co-invest to bring them to market. The competition was steep, with thirty global innovators vying for inclusion
New Training Course Teaches Kubernetes Application Management with Helm (Linux Foundation - Training) Helm is an emerging technology that enables packaging and running applications on Kubernetes in a simple, efficient way SAN FRANCISCO, July 15, 2020 – The Linux Foundation, the nonprofit organization...
New Kubernetes Security Specialist Certification to Help Professionals Demonstrate Expertise in Securing Container-Based Applications (Linux Foundation - Training) Advanced certification from CNCF and The Linux Foundation will build on industry-leading Certified Kubernetes Administrator SAN FRANCISCO, July 15, 2020 – The Linux Foundation, the nonprofit organization enabling mass innovation...
Parrot Partners with WISeKey to Define the Future of Drone Security (GlobeNewswire) Leveraging WISeKey’s digital security solutions, Parrot’s ultra-secure ANAFI drones will further drive industry-leading drone security standards
Kaspersky announces 'three-in-one' endpoint protection for businesses (Business IT) Solution designed to help organisations with small IT departments.
Fortinet Unveils Secure SD-WAN for Multi-Cloud (Fast Mode) Fortinet on Wednesday announced Fortinet Secure SD-WAN for Multi-Cloud, a networking and security solution that solves common
Thycotic rolls out SCIM Connector for expanded user access integration (Security Brief) SCIM Connector 2.0 allows organisations to set up workflows to synchronise, provision or modify entitlements in Secret Server directly within their IGA platform.
Quick Heal launches 'next-gen' suite of cybersecurity solutions (News Today) Quick Heal Technologies has launched its 'next-generation suite' of cybersecurity solutions for digital consumers. Continue Reading →
Pax8 Announced a New Partnership With Cymulate (AiThority) Pax8, announced a new partnership with Cymulate, the only end-to-end SaaS-based BAS platform for Continuous Security Validation.
Alithya Launches AI-FI Trade Surveillance Solution Powered By Microsoft Azure (AIthority) Alithya Group inc., a leader in digital strategy and technologies employing more than 2,000 highly qualified professionals offering enterprise solutions across Canada, the United States, and Europe, is proud to announce the launch of its AI-FI Trade Surveillance solution, hosted on Microsoft Azure.
Attivo Networks Announces Two Integrations with FireEye to offer Real-Time, In-Network Threat Detection and Automated Response (BusinessWire) Attivo Networks®, an award-winning leader in deception for cybersecurity threat detection, today announced it has integrated its ThreatDefend® solutio
Technologies, Techniques, and Standards
How to Make the Most of Cyber Intelligence (GovInfo Security) Creating a cyber intelligence strategy involves operational and tactical measures as well as technical approaches, says Jeff Bardin, chief intelligence officer at
Cyber Threat Intelligence: A Product Without a Process? (International Intelligence and Counterintelligence) Cyber threats have become a permanent threat to society. Over the last few years, accounts of hacking campaigns into public- and private-sector enterprises have drawn significant attention.
Research and Development
BAE Delivers 'MindfuL' Machine Learning Performance Assessment Tool to DARPA (ExecutiveBiz) BAE Systems has delivered an artificial intelligence-based technology evaluation software to the Defense Advanced Research Projects Agency as part of the latter’s Competency-Aware Machine Learning program.
Legislation, Policy, and Regulation
Is China’s National Security Law for Hong Kong the Beginning of a Surveillance Era? (Jurist) On the 30th of June 2020, China passed the controversial National Security Law that had stirred nationwide pro-democracy protests in Hong Kong. The legislation, which criminalizes separatism, subversi...
The CIA, Covert Action and Operations in Cyberspace (Lawfare) A major story from Yahoo News discloses the existence of a broad covert action finding directing the CIA to engage Iran, Russia and others in cyberspace. Here’s what you need to know.
Huawei security chief: UK ban is not related to US claims of security risks (CNN) The United Kingdom this week dealt a major blow to Huawei by banning equipment made by the Chinese tech giant from its telecom networks, shutting Huawei out of a role in building the country's superfast 5G wireless infrastructure.
Huawei ban driven by security, trade considerations (SC Media) The recent U.K. ban on the use of Huawei technology in its 5G wireless network is likely as much about salvaging the deteriorating U.S.-U.K. Sino
US to hit Huawei employees with visa bans for rights abuses (Martinsville Bulletin) The Trump administration said Wednesday it will impose travel bans on employees of the Chinese technology giant Huawei and other Chinese companies the U.S. determines are assisting
TikTok, Bracing for Scrutiny in Australia, Seeks to Reassure Lawmakers (Wall Street Journal) TikTok, the embattled short-video app run by Chinese technology giant Bytedance, has written to Australian politicians to reassure them about the safety of user data and its independence, as concerns about its Chinese ties grow.
Pompeo says he is 'confident' other countries will meddle in 2020 elections (TheHill) Secretary of State Mike Pompeo on Wednesday expressed confidence that other countries, including potentially Russia and China, would attempt to interfere in the 2020 U.S. elections.
Bipartisan Concerns Arise Over Cyber Director Legislation (Nextgov) Proponents say the new position would help balance and deconflict offensive and defensive operations.
Congress backs push for national cyber czar (TheHill) Bipartisan calls to put in place a national cybersecurity director in the White House are gaining steam on Capitol Hill two years after a similar position was eliminated.
Former Intel Chair, Chamber of Commerce Back National Cyber Director Legislation (Meritalk) A former chairman of the House Permanent Select Committee on Intelligence and the United States Chamber of Commerce are the latest additions to a growing list of supporters for a key recommendation of the Cyberspace Solarium Commission–a National Cyber Director.
‘Zero Trust’ Cybersecurity Plan This Year From DISA & NSA (Breaking Defense) Due out this fall, the Zero Trust Reference Architecture is about upgrading cybersecurity in existing systems, without buying all-new tech. The Army is enthusiastic – mostly.
Air Force information warfare command reaches critical milestone (C4ISRNET) Less than a year after being created, 16th Air Force reached its full operational capability this week.
The key to securing the defense industrial base is collaboration (C4ISRNET) It is no longer acceptable to rely on incident response protocols, performance assessments of existing systems and one-off reactions to threats without coordination. Increased information sharing is key to staying one step ahead of our adversaries.
FBI Cites Commitment to Nat’l Security in Letter to Rep. Stephen Lynch (Executive Gov) The FBI has sent a letter to Rep. Stephen Lynch, D-Mass., stating that the intelligence community (I
Litigation, Investigation, and Law Enforcement
Amnesty International Targets Israel and Morocco with Spyware Accusations (Newsweek) When non-profits, backed by millions of dollars from U.S. and U.K. donors, go to war with small countries, those governments often lose their reputations and revenue from foreign investors. Usually, this asymmetric warfare favors the non-profit.
Former Ohio State professor arrested trying to flee to China with stolen laptops, USB drives (The College Fix) Song Guo Zheng, 57, was arrested Friday, May 22, 2020 as he landed in Anchorage, Alaska.
EU’s Top Court Restricts Personal-Data Transfers to U.S., Citing Surveillance Concerns (Wall Street Journal) Thousands of companies will face restrictions on storing information about European Union residents on U.S. servers, after the bloc’s top court ruled that such transfers exposed Europeans to American government surveillance without “actionable rights” to challenge it.
Credit union's lawsuit against Fiserv is a test for cybersecurity liability (CyberScoop) A Pennsylvania credit union is taking on Fiserv in a case that is a test of the legal obligations big financial firms have to protect client data.
()
Data Privacy Plaintiffs Aim To Add UK Facebook Users To Suit (Law360) A California judge appeared skeptical Wednesday of American Facebook users' arguments that their counterparts in the United Kingdom should be allowed to join U.S. multidistrict litigation over the Cambridge Analytica data privacy scandal.
Tech Giants Face Privacy Suits Over Face ID 'Arms Race' (Law360) Technology industry behemoths including Amazon, Google and Microsoft are engaged in an "arms race" to develop facial recognition products that has involved stepping on the privacy rights of Illinois residents, according to a handful of lawsuits in California and Washington federal court.
Hogan: State catches $501M unemployment fraud scheme (Maryland Daily Record) Gov. Larry Hogan announced Wednesday that the state has uncovered a scheme to defraud the state of more than a half a billion dollars in unemployment benefits. About 47,500 fraudulent claims using identity theft were filed in Maryland, Hogan said.
Navigating Coverage for Losses, Liabilities Triggered by Cyber Attacks (The Legal Intelligencer) Data security issues remain top of mind for c-suite executives, and for good reason. More and more data is being collected, tracked, retained and managed,…
Juniper Networks Gets Expert DQ'd Over Prior Work With Co. (Law360) A California federal judge has disqualified an expert witness for Packet Intelligence LLC who was set to testify against Juniper Networks in a patent suit between the two, saying Wednesday that the person did extensive previous work for Juniper on related matters.
Hacker linked to BOV's €13 million cyber heist denied bail (Times of Malta) A man linked to BOV’s €13 million cyber heist has been denied bail in the US and his trial over money laundering allegations will continue later this year.