UK report on Russian cyber ops is out. Russia says it has no hackers. A look at the criminal-to-criminal economy.

Cyber Attacks, Threats, and Vulnerabilities

Two more cyber-attacks hit Israel's water system (ZDNet) First attack hit in April when hackers tried to modify water chlorine levels, officials said.

New Voicemail-Themed Phishing Attacks Use Evasion Techniques and Steal Credentials (Zscaler) Zscaler team discovered several newly registered domains that use VoIP and voicemail as themes for their credential-stealing phishing campaigns. Read more.

BadPower attack corrupts fast chargers to melt or set your device on fire (ZDNet) Attackers can alter the firmware of fast charger devices to deliver extra voltage and damage connected equipment.

Malicious Cryptocurrency Trading Apps Target MacOS Users (GovInfo Security) A group of spoofed cryptocurrency trading apps is targeting devices running macOS to install malware called Gmera, security firm ESET reports. The malware can steal

Coinbase says it prevented over 1,000 customers from sending $280,000 worth of bitcoin to Twitter hackers (The Block) Crypto exchange Coinbase has said that it prevented little over 1,100 customers from sending bitcoin to Twitter hackers who hijacked high-profile accounts to advertise a bitcoin scam last week.

Twitter Hack Exposes Broader Threat to Democracy and Society (Government Technology) Hackers demonstrated they can take over Twitter's technology infrastructure, a brazen move that hints at how such an attack could destabilize society.

Twitter hack raises alarm among government officials, security experts (CSO Online) The recent account takeover attack underscores how Twitter and other social platforms have become a critical component of political systems worldwide.

How The Twitter Hack Could Change Corporate America (Smokey Barn News) On Wednesday, hackers gained access to several (high profile) Twitter user accounts (about 130 accounts by one estimate) and launched Tweets asking for money via Bitcoin.

What happened to Twitter could happen to you (htxt.africa) Following a breach at Twitter, it is once again time to highlight the need to educate employees about cybersecurity.

Trend Micro Research Uncovers The Business Infrastructure Of Cybercrime (PR Newswire) Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in cybersecurity solutions, today released new insights analyzing the market...

Trend Micro warns home routers targeted for Iot botnet use (FutureIoT) Trend Micro last week released its latest research that warned of a major new wave of attacks attempting to compromise

Caught in the Crossfire: Defending Devices From Battling Botnets (Trend Micro HK) As cybercriminals compete for dominance in their bid to create powerful botnets, users can make their own stand against warring sides by understanding how botnet malware works and securing their devices.

Family History Search Software Leaks Users’ Private Data (WizCase) Recently, WizCase has found a data leak affecting an open & unencrypted ElasticSearch server that belonged to Software MacKiev. The company, which currently maintains the Family Tree Maker software, syncs user data of a widely-known family history search platform, Ancestry. The leak exposed thousands of records with sensitive personal information, such as email addresses ...

Cyberattack on Freddie Mac Vendor Highlights Supply Chain Vulnerabilities (Wall Street Journal) A recent cyberattack on one of Freddie Mac’s vendors showed how large companies are vulnerable to breaches targeted not only at themselves but also at companies they hire.

Lorien Health Services discloses ransomware attack affecting nearly 50,000 (BleepingComputer) Lorien Health Services in Maryland announced that it was the victim of a ransomware incident in early June. Data was stolen and then encrypted during the incident.

Second researcher gains access to thousands of Kiwis' data following property management site privacy breach (1 NEWS) 1 NEWS first reported on the privacy breach last week. Now a second person says they've accessed the data.

Ransomware gang demands $7.5 million from Argentinian ISP (ZDNet) Telecom Argentina had roughly 18,000 computers infected during a ransomware attack over the weekend.

Europe's Largest Telco Targeted in Recent Ransomware Attack (Tech Times) Here's the extent of the massive data breach.

Cloud computing provider Blackbaud paid a ransom after data breach (Security Affairs) Cloud software provider Blackbaud revealed to have paid crooks to decrypt its data following a ransomware attack that took place in May 2020. Blackbaud is a cloud computing provider that serves the social good community — nonprofits, foundations, corporations, education institutions, healthcare organizations, religious organizations, and individual change agents. Its products focus on fundraising, website management, CRM, analytics, financial […]

Despite city law, New Orleans’ hasn’t had public contract database since 2019 cyber attack (The Lens) Database is not expected to be fully functional until September.

Vulnerability Summary for the Week of July 13, 2020 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Security Patches, Mitigations, and Software Updates

Office 365 adds new security configuration analysis feature (BleepingComputer) Microsoft is working on a new Office 365 Advanced Threat Protection (ATP) feature which will make it easy to determine your security policies settings' effectiveness when compared to recommended settings.

Cyber Trends

2020 Strategic Planning Predictions (NSS Labs, Inc.) COVID-19 has impacted every economic market, and cybersecurity is no exception.

Out of the Grace Period: Trust and Communication Rises in a Post-CCPA World (Akamai) Six months ago, the California Consumer Privacy Act (CCPA) was put into effect, granting California residents increased rights over how their personal data is gathered and shared by the companies they interact with. Leading up to its launch, organizations expressed concern over whether they were fully compliant with the incoming regulation, and if they weren't, how they could act quickly to avoid compliance failures.

Internet Scan Shows Decline in Insecure Network Services (Dark Reading) While telnet, rsync, and SMB, exposure surprisingly have dropped, proper patching and encryption adoption remain weak worldwide.

270 million malware attacks registered in the first quarter of 2020 (Atlas VPN) Malware is dangerous as it can disrupt, disable, or take control of the users’ computer systems. Malware has evolved over the years and comes with different functionality depending on the goals of the cybercriminal.

Cyber Attacks increasing at Alarming Rate in the Maritime Industry (Sea News Global Maritime News) Cyber-attacks on the maritime industry’s operational technology (OT) systems have increased by 900% over the last three years with the number of reported incidents set to reach record volumes by year end. In 2017 there were 50 significant OT hacks reported, increasing to 120 in 2018 and more than 310 last year. This year is …

The Risks of Ransomware are Rising – SMEs Should Take Note (Computer Business Review) Having the time and resources to effectively navigate the current threat and security landscape is not necessarily a luxury that SMEs enterprises have.

Nigerian companies record second highest percentage of global cyberattacks - (Ventureburn) A report has revealed that 86% of Nigerian companies fell prey to cyberattacks within the past year with South Africa at 64%.

Marketplace

Enterprise-Tech Startups Focused on Risk, Security, Attract Venture Dollars (Wall Street Journal) Risk-management and security startups are in the spotlight among venture capitalists in the wake of increased remote work and a rise in high-profile cyberattacks. And while current lockdowns and economic conditions may interfere with traditional deal making, a recent report tracking New York City-area startups reveals a surge of new funding through June.

VC partner offers tips to cybersecurity startups on how to thrive amid Covid-19 (CTECH) Streamlining and downsizing sales teams and seeking feedback from users are worthwhile endeavors amid coronavirus days

TalaTek Announces Merger Agreement with Cerberus (TalaTek, LLC) TalaTek, an integrated risk management firm, announced a definitive merger agreement with Cerberus Cyber Sentinel Corporation (OTC: CISO), a cybersecurity consulting and managed services company.

Fortinet picks up cloud security provider OPAQ for SASE play (FierceTelecom) Fortinet announced Monday afternoon that it has acquired cloud security company OPAQ Networks to bolster its SASE platform. Fortinet will blend its Security Fabric with OPAQ's Zero Trust Network Access (ZTNA) solution to protect distributed networks.

Phoenix Systems acquired by Allied Universal (Daily Herald) Phoenix Systems & Service Inc. has been acquired by Califronia-based security and facility services company Allied Universal.

Anthony Woodward's Accelera acquires Sydney-based AWS partner Ayenem (CRN Australia) Bolstering consulting, delivery and operational services capability.

Ascend Technologies And Infogressive Join Forces In PE Backed Merger (Norfolk Daily News) Ascend Technologies LLC, a leading Midwest IT solution provider, today announced a merger with Infogressive, Inc., a leader in cybersecurity solutions.

Rumours swirl for a post-Huawei UK (Telecoms.com) There are plenty of rumours emerging as the UK attempts to deal with a Huawei-less future, including guidance from the Japanese, TikTok kicking off and diverting attention to the US.

With the chips down, Huawei risks losing its technical edge | Light Reading (Light Reading) US sanctions leave the company with few options for high-quality components. A loss of competitiveness will be hard to avoid.

Trump campaign runs Facebook ads on whether TikTok should be banned (Reuters) U.S. President Donald Trump’s re-election campaign ran Facebook ads this weekend claiming that the Chinese-owned short video app TikTok is spying on users.

Fact-check of viral climate misinformation quietly removed from Facebook (Popular Information) A fact-check of a viral climate misinformation article was quietly removed from Facebook earlier this month, a joint investigation by Popular Information and HEATED reveals.

Palo Alto Networks Beats Cisco, Claims Security Revenue Crown (SdxCentral) Palo Alto Networks tops the network security vendor market by revenue beating rival Cisco, according to Analysys Mason’s cybersecurity vendors’ revenue tracker.

Cyber security centre of excellence will help power Manchester's digital future (Invest in Manchester) Related sectors Digital and Technology and Cyber Security An operator is being sought to run a new cyber security hub which will put Manchester in the forefront of the response to…

Kovrr adds Visesh Gosrani to Advisory Board (ReinsuranceNe.ws) Cyber risk modelling company Kovrr has expanded its Advisory Board with the addition of Visesh Gosrani, Chair of the Institute and Faculty of the

Products, Services, and Solutions

Unisys Launches New Versions of Stealth(identity)™ Software, Providing Secure Biometric Identity Management both in the Cloud and On Premise (Unisys) Unisys Corporation (NYSE: UIS) today announced the availability of Unisys Stealth(identity)™ Software-as-a-Service (SaaS) 2.0 and Stealth(identity) 2.7, the latest versions of the company's biometric identity management software. Stealth(identity) is highly scalable and brings flexible biometric authentication and strong security to enterprises of any size, while the SaaS offering means protection capabilities are available either on premises or in the cloud.

OpenText Partners with NINJIO to Enhance Webroot Security Awareness Training for New COVID-19 Reality (PR Newswire) OpenText™ (NASDAQ: OTEX), (TSX: OTEX) partnered with NINJIO, a leading cybersecurity education content provider, to expand its security...

Aqua Security Unveils New Platform to Secure the Build, Infrastructure, and Workloads of Cloud Native Applications (Aqua) Aqua, the pure play cloud native security leader, adds Aqua Wave & Aqua EnterpriseTM to the Aqua Platform, and updates to the company’s core products.

Vectra launches new advisory and operational cybersecurity services (PR Newswire) Vectra®, the leader in network threat detection and response (NDR), today announced a range of new advisory and operational cybersecurity...

Nok Nok Simplifies Integration, Enhances Customer Experience and Extends Reach of Passwordless Authentication (Nok Nok Labs) Also included in this release is Nok Nok™ Quick Authentication, a feature that accelerates the authentication process by reducing the number of network connections required, thereby improving the customer experience. Finally, Nok Nok has expanded smart watch support from Apple Watch to WearOS. Leveraging feedback from customers in banking, telco and eCommerce, these new features …

Beazley launches cyber and financial lines insurance offering in Colombia (GlobeNewswire) Specialist insurer Beazley has launched a suite of innovative cyber and financial lines insurance products to protect against the risks facing businesses and senior executives in Colombia

Chronicled and Deloitte ally to accelerate blockchain in the life sciences and health care industry, including fighting medication counterfeits in COVID-19 treatment (PR Newswire) Chronicled and Deloitte today announced an alliance to bring blockchain-powered solutions to the life sciences and health care industry. The...

Venafi and Unbound Tech Partner for Seamless Protection of Machine Identities (PR Newswire) Venafi and Unbound Tech today announced a partnership to enable enterprises managing machine identities and machine-to-machine communication a...

WeVPN: Top-tier VPN veterans develop a new VPN (PR Newswire) Introducing WeVPN™: a fast and secure virtual private network (VPN) built from scratch using the experience and knowledge of leading senior...

Sequitur Labs Launches EmSPARK 2.0 Security Suite for Critical IoT Device Protection (BusinessWire) Sequitur Labs Launches EmSPARK 2.0 Security Suite for Critical IoT Device Protection

Vodafone Business to Offer Managed Security Services to SME and National Corporate Businesses in Europe (Yahoo) Vodafone Business is teaming with Accenture (NYSE: ACN) to deliver managed security services to small to medium enterprises (SME) and national.

New Kaspersky Threat Attribution Engine connects new attacks to APT groups in seconds (Africanews) Kaspersky (www.Kaspersky.co.za) has released its new threat intelligence solution aimed at helping SOC analysts and incident responders attribute malware samples to previously revealed APT groups.

TransUnion Enhances Document Verification Solution as New Research Finds Identity Fraud at Center of Many Digital COVID-19 Scams (GlobeNewswire) Product can verify an identity with a selfie

Technologies, Techniques, and Standards

The Past, Present and Future of Attribute-Based Encryption (TechNewsWorld) Encryption is an obscure but critical part of everyday life. That padlock in the address bar of the website you're visiting represents the 's' after 'http' -- which stands for the latest version of Transport Layer Security. Together with Secure Sockets Layer, which TLS replaced, these digital security technologies allow encrypted communication between two parties, such as web sites or servers, and web browsers.

How Cyber Range Training Can Be Effective For All Members In Your Organization (Security Intelligence) Learn how cyber range use of real-time and simulated threat techniques have been successful in preparing professional IT teams for cyber attacks.

How to Check Your Devices for Stalkerware (Wired) You deserve privacy. Here's how to check your phone, laptop, and online accounts to make sure no one's looking over your shoulder.

The new ways the military is fighting against information warfare tactics (C4ISRNET) The military wants to publicly expose adversary activity as a way to thwart actions in the information sphere.

The IIA’S Three Lines Model: An update of the Three Lines of Defense (Institute of Internal Auditors) Organizations are human undertakings, operating in an increasingly uncertain, complex, interconnected, and volatile world.

Common Cybersecurity Mistakes Businesses Continue To Make (Global Banking & Finance Review) Successful cyber attacks can cost a business more than just millions of dollars. A breach in security may result in stolen data, diminished customer

Ensuring Business Continuity for the Remote Workforce (GovInfo Security) From DDoS attacks to concerns over the reliability of VPNs, the remote workforce is facing an unprecedented array of security challenges, says Tony Lauro of Akamai,

Working from home poses cybersecurity challenges for businesses (Salem News) Offices across the state are reopening as coronavirus cases decline, but people, out of concern for their safety, are still opting to work from home.

How the pandemic has made cybersecurity imperative for organisations (Express Computer) Zulfikar Ramzan, CTO, RSA Security in an interaction sheds light on various aspects of cybersecurity and how organisations can take informed decisions to have the best experience

National Cyber Security Centre launches tool to keep data safe during pandemic (Legal Futures) As millions of people continue working from home during the Covid-19 pandemic, the NCSC has launched a new tool to support individuals and businesses to comply with their data protection obligations.

GCC malware analysis platform launched (DT News) A cybersecurity platform for analysing malware was launched during the sixth GCC...

Design and Innovation

Could this software help users trust machine learning decisions? (C4ISRNET) BAE Systems says their new MindfuL software will essentially audit machine learning systems, providing human users with more context about the systems' output.

Research and Development

'Quantum rainbow' — photons of switching colors allow room-temperature quantum computing (Purdue University) A new quantum random walk technique developed by engineers at Purdue University could eventually allow computers to search through data at speeds beyond that of conventional computers.

Four states join cybersecurity automation pilot (StateScoop) Arizona, Louisiana, Massachusetts and Texas are working with a Johns Hopkins University lab to speed up how they react to threat intelligence.

Academia

Homeland Security, NSA name Binghamton a cyber research center (News - Binghamton University) The designation opens up opportunities for cybersecurity grants and scholarship for students and faculty.

University students showcase cyber skills in ‘Red vs. Blue’ simulation (EdScoop) Instead of a capstone project this year, master’s students in the University of Houston’s cybersecurity program alternately protected and attacked virtual industrial control systems.

Queensland's Baidam Solutions establishes scholarship with UQ to foster First Nation cyber talent (CRN Australia) Establishes permanent scholarship for Aboriginal and Torres Strait students.

Legislation, Policy and Regulation

Putin's finance minister says there are no hackers working for the Russian government (CNBC) Russia's relationship with the West remains strained, and increasingly so, amid the coronavirus pandemic.

Inflated ‘cyber attack’ hysteria won’t hurt Russian economy, finance minister vows (TASS) "There are no hackers working for the Russian government, so our government does not consider any actions by hackers, nor does it coordinate them", Anton Siluanov said

Russia : Presented to Parliament pursuant to section 3 of the Justice and Security Act 2013 (Intelligence and Security Committee of Parliament) The dissolution of the USSR was a time of hope in the West. In the 1990s and early 2000s, Western thinking was, if not to integrate Russia fully, at least to ensure that it became a partner.

ISC Attributes Cyber-Attacks and Election Interference to Russia (Infosecurity Magazine) ISC says Russia poses all-encompassing security threat, calls for collaborative intelligence and consensus against aggressive action

Russian disinformation fuelling 'political extremism' and division in UK, report finds (The Independent) Russian accounts push views on Brexit, terror attacks and race as part of 'culture wars', expert says

Russia tried to influence Scottish independence vote, report expected to say (Yahoo) Russia tried to influence the 2014 Scottish independence vote, a long-awaited parliamentary report is expected to say later. It is just one of the conclusions likely from the intelligence and security committee, which has looked at the alleged Russian threat to the UK and what measures are being taken

UK to mandate consumer IoT security - Tracking The Internet of Things (Tracking The Internet of Things) The UK Government has published proposals for legislation that would mandate three consumer IoT security features, and foreshadowing more.

WSJ News Exclusive | China May Retaliate Against Nokia and Ericsson If EU Countries Move to Ban Huawei (Wall Street Journal) Beijing is considering retaliating against the Chinese operations of two major European telecommunication-equipment manufacturers, Nokia and Ericsson, should European Union members follow the lead of the U.S. and U.K. in barring China’s Huawei from 5G networks.

DoT asks govt websites to conduct 'security audit' amid rising cyberattacks by Chinese hackers (Business Today) The DoT has requested to all other ministries and departments to migrate their websites and web-portals to the gov.in domain by August 31

Spy chief sees 2020 election security as 'number one goal' (FCW) Gen. Nakasone's remarks come as a group of former senior officials seek funds to counter the 'extraordinary challenges' posed by coronavirus pandemic and foreign interference to state and local election administrators.

NSA head vows to strike back at nations meddling with U.S. vote (The Hour) One of America's top spy chiefs vowed that the U.S. will hit back at foreign nations attempting to interfere in the 2020 presidential election, a warning delivered days after fresh charges of Russian hacking against the West.

My Statement on Foreign Interference in U.S. Elections (Valley Voice) Foreign interference in the U.S. electoral process represents an assault on the American people and their constitutional right to vote. When foreign states direct hackers, trolls, money launderers, and misinformation to subvert or cast doubt on our elections, they threaten America’s sovereignty, democratic institutions, and national security. They undermine the vote and the voice of […]

How your local election clerk is fighting global disinformation (Bangor Daily News) This year, state and local election officials across the country expect they’ll need to defend voters against potentially devastating and widespread disinformation attacks that could suppress turnout and sow doubt in November’s results.

Australian industry panel calls for ‘clear consequences’ of cyber attacks (ComputerWeekly) A government appointed panel recommends strong deterrence and other measures to be implemented in Australia’s next cyber security strategy

More government action needed on cyberattacks against Australia, including penalties (the Guardian) Prime minister’s comments about previous attack ‘incredibly useful’, but messaging needs to be consistent, advisory panel says

Hackers that hit Australian targets need "clear consequences" (iTnews) Telco-laden advisory panel to 2020 cybersecurity strategy pushes for reform.

ABS to keep Census identity data on file for far less time (iTnews) Names, addresses will now be kept for two and three years.

Commerce Department Adds Eleven Chinese Entities Implicated in Human Rights Abuses in Xinjiang to the Entity List (U.S. Department of Commerce) The Department of Commerce's Bureau of Industry and Security (BIS) added to the Entity List 11 Chinese companies implicated in human rights violations and abuses in the implementation of the People’s Republic of China’s (PRC) campaign of repression, mass arbitrary detention, forced labor, involuntary collection of biometric data, and genetic analyses targeted at Muslim minority groups from the

The Big Interview: Former GCHQ Director Robert Hannigan (Computer Business Review) "'Kitemarks' and 'hoping for the best' clearly aren't working..."

Griswold creates special cyber team (The Grand Junction Daily Sentinel) In an effort to help ensure the state’s election system is free of outside tampering, Colorado Secretary of State Jena Griswold is creating a special team to guard against breaches

Litigation, Investigation, and Enforcement

Iran executes man convicted of spying on Soleimani for US and Israel (Military Times) Iran executed a man convicted of providing information to the United States and Israel about a prominent Revolutionary Guard general later killed by a U.S. drone strike, state TV reported on Monday.

Visiting Stanford University Researcher Charged with VISA Fraud (US Department of Justice) Song Chen has been charged in a criminal complaint with visa fraud in connection with a scheme to lie about her status as an active member of the People’s Republic of China’s military forces while in the United States conducting research at Stanford University, announced United States Attorney David L. Anderson and Federal Bureau of Investigation Special Agent in Charge John L. Bennett. Song made her initial federal court appearance before U.S. Magistrate Judge Sallie Kim this morning to face the charge.

Defense contractor to pay $1M to resolve overbilling claims (Seattle Times) A Maryland defense contractor has agreed to pay nearly $1 million in a settlement over claims that it overbilled the National Security Agency for contract work, federal authorities said Monday.

Russian Tech Exec Says Steele Behind Leak Of Trump Dossier (Law360) Christopher Steele used an intermediary to leak his infamous Trump dossier to BuzzFeed and others, a Russian technology executive claimed Monday at the start of a libel trial over allegations in the report linking the Russian national to cybercrime and the 2016 U.S. presidential election.

Russian businessman in damages fight after dossier linked him to ‘cyber-crime’ (Evening Express) A Russian venture capitalist wants “very substantial” damages after “sensational” allegations in a former British spy’s 2016 dossier about alleged links between Donald Trump and Russia suggested he was involved in “cyber-crime”, a judge has been told.

Child ‘behind WA health data breach’ (PerthNow) UPDATE: Mark McGowan has apologised after sensitive medical records and other government communications were posted online, allegedly by a 15-year-old boy.

Statement regarding reported health data breach in Western Australia (Mirage News) The Office of the Australian Information Commissioner (OAIC) is making urgent preliminary inquiries about the facts and circumstances of the reported...

Cypriot Hacker Extradited To The U.S. To Face Charges (Greek City Times) The United States Department of Justice has extradited two criminals from the Republic of Cyprus — one a computer hacker suspected of cyber intrusions and

Five hundred charities breach GDPR (Third Force News) More than 500 data breaches were filed by Charities last year according to England’s Information Commissioner.