Cyber Attacks, Threats, and Vulnerabilities
YouTube bans thousands of Chinese accounts to combat ‘coordinated influence operations’ (TechCrunch) YouTube has banned a large number of Chinese accounts it said were engaging in “coordinated influence operations” on political issues, the company announced today; 2,596 accounts from China alone were taken down from April to June, compared with 277 in the first three months of 2020. &#…
‘It’s easy for anyone’ to spread disinformation, expert warns (WTOP) How the U.S. can combat disinformation campaigns Russia is not the only country trying to spread disinformation to influence Americans ahead of the 2020 presidential election…
Cambridge cybersecurity experts on how Liam Fox might fall prey to spear-phishing hack (Cambridge Independent) Darktrace, Featurespace and PureID on the mechanics of hacks - and how they defend against them
Twitter for Android vulnerability gave access to direct messages (BleepingComputer) Twitter today announced that it fixed a security vulnerability in the Twitter for Android app that could have allowed attackers to gain access to users' private Twitter data including direct messages.
A Flaw Used by Stuxnet Wasn't Fully Fixed (BankInfo Security) Vulnerabilities in the Microsoft Windows print spooler, an aging but important component, will be presented at the Black Hat security conference on Thursday. The
Users Beware: Spotting a Microsoft Renewal Scam (Security Intelligence) A new scam campaign targets users' payment card details and other information using fake Microsoft renewal emails. Learn how to educate enterprise users.
Tripwire Research: IoT Smart Lock Vulnerability Spotlights Bigger Issues (The State of Security) Craig Young brings awareness to the issues surrounding an IoT smart lock offering along with the centralized cloud computing that drives IoT.
Hackers can abuse Microsoft Teams updater to install malware (BleepingComputer) Microsoft Teams can still double as a Living off the Land binary (LoLBin) and help attackers retrieve and execute malware from a remote location.
Microsoft Teams Updater Living off the Land (Trustwave) During this global pandemic COVID-19 situation, there has been an increasing trend of video conferencing solutions, Trustwave SpiderLabs are exercising extra vigilance in monitoring the video conferencing traffics.
Researcher Details Sophisticated macOS Attack via Office Document Macros (SecurityWeek) Hackers could deliver malware to a macOS system using an Office document containing macro code, simply by getting the victim to open the document
Researchers identify vulnerabilities in critical industrial equipment (Computing) Protocol gateways are critical to enabling Industry 4.0, and Trend Micro has found critical weaknesses in how they operate
Insecure satellite-based internet poses threat to transport safety (Computing) Satellite internet service providers are still vulnerable to attack methods discovered nearly 15 years ago
Dutch Hackers Found a Simple Way to Mess With Traffic Lights (Wired) By reverse engineering apps intended for cyclists, security researchers found they could cause delays in at least 10 cities from anywhere in the world.
High-Wattage IoT Botnets Can Manipulate Energy Market: Researchers (SecurityWeek) Researchers have described how a botnet powered by high-wattage IoT devices can manipulate the energy market.
Robot Character Analysis Reveals Trust Issues (McAfee Blogs) Retired Marine fighter pilot and Top Gun instructor Dave Berke said "Every single thing you do in your life, every decision you make, is an OODA Loop."
Canon hit by Maze Ransomware attack, 10TB data allegedly stolen (BleepingComputer) Canon has suffered a ransomware attack that impacts numerous services, including Canon's email, Microsoft Teams, USA website, and other internal applications.
UK Retail Giant Monsoon Has Vulnerability Exposing Sensitive Data (VPNpro) Report: Monsoon Accessorize uses an insecure version of Pulse Connect Secure VPN, exposing records of company and customer data. Read to learn more.
Report: Cybersecurity Firm’s Data Exposed, Among Others (vpnMentor) The vpnMentor cybersecurity research team, led by Noam Rotem and Ran Locar, have uncovered an unsecured AWS S3 bucket with over 5.5 million files and more than
Lafayette pays $45,000 ransom after cyber-attack (Sentinel Colorado) "In a cost/benefit scenario of rebuilding the city's data versus paying the ransom, the ransom option far outweighed attempting to build," the city said in a statement. "The inconvenience of a lengthy service outage for residents was also taken into consideration."
DJI Statement On Further Misleading Claims About App Security (sUAS News - The Business of Drones) Today’s report from the Synacktiv digital security firm about DJI software includes further inaccuracies and misleading statements about how our products work, following similar reports from them last week. We want to make clear that DJI’s products protect user data; that DJI, like most software companies, continually updates products as real and perceived vulnerabilities come […]
Cyber Trends
Evil AI: These are the 20 most dangerous crimes that artificial intelligence will create (ZDNet) A new report tells us which criminal applications of AI we should really worry about.
Pandemic Elevates Security Chiefs to Corporate Leadership Roles (Wall Street Journal) Companies have faced an onslaught of attempted cyberattacks since the start of the pandemic. To make it through the turbulence, companies are relying on security experts who were sometimes sidelined by management in the past, but are now rising in the executive ranks.
Why a data security sting lurks in COVID-19’s long tail (Healthcare IT News) Hospital executive minds have understandably been distracted since the start of 2020, but the impact of the emergence of SarsCoV2 has not been limited to its physical toll. It has also torn into data security defences and exposed patient privacy, as explored in the latest issue of HIMSS Insights.
Marketplace
Ann Arbor cybersecurity firm Censys lands $15.5 million investment (Crain's Detroit Business) Ann Arbor-based cybersecurity startup Censys Inc. has closed on a $15.5 million Series A fundraising round. The funding, led by existing out-of-state investors, will allow the University of Michigan spin-out with deep connections to the Ann Arbor startup community to go on a hiring spree, likely…
Paving the Road to Mass Adoption: Draper Goren Holm Doubles Down on DeFi (Draper Goren Holm | Blockchain Venture Studio) Draper Goren Holm announces blockchain infrastructure investment and incubation of consumer DeFi product.
White Ops’ recent funding fast-tracks UK expansion (London Business News) White Ops, the global leader in collective protection against sophisticated bot attacks and fraud, have announced their expansion into the UK.
TikTok to spend $500 million on first EU data center in Ireland (ETCIO.com) The move to expand its operations within EU borders is part of TikTok’s global effort to prove itself a responsible internet citizen and a trustwort..
The real reason Microsoft wants to buy TikTok (Washington Post) More than merely appealing to the young users of TikTok, Microsoft could use the data culled from its videos to better compete against its AI rivals.
KnowBe4 Named a Winner in Black Unicorn Awards for 2020 (PRWeb) KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced that it has been named a winner i
Rackspace disappoints in IPO redux; shares off 18% from pricing level (NASDAQ:RXT) (Seeking Alpha) Rackspace Technology (NASDAQ:RXT) opens trading at $16.85 after the IPO was priced at $21 last night.
Products, Services, and Solutions
Technology Businesses Turn to CompTIA ISAO for Critical Threat Intelligence (CompTIA) Technology solution providers, managed services providers (MSPs) and other organizations searching for critical cybersecurity threat intelligence have a new resource available from CompTIA.
Calyptix Security Releases AccessEnforcer 5.0 Beta to Add Network Authentication for Microsoft RDP and SSH Access (PR Newswire) Calyptix Security Corporation, maker of the AccessEnforcer® UTM Firewall, today announced the release of AccessEnforcer 5.0 Beta at CompTIA...
CynergisTek Partners with Awake Security to Identify Adversaries in Healthcare Networks (BusinessWire) CynergisTek partners with Awake Security to offer compromise assessments to identify threat adversaries in healthcare networks.
Acuant Integrates iProov Patented Biometric Authentication Into Its Trusted Identity Platform (BusinessWire) iProov, the leading provider of biometric authentication technology for Genuine Presence Assurance, today announced that Acuant, a global leader in id
Rain Networks Chose Partnership with Comodo for Ransomware and Cyber Attack Protection (Yahoo) Rain Networks, chose to partner with Comodo for ransomware and cyber-attack protection. Hear more from Nathan Carter, Vice President Sales, Rain Networks about how this VAR expanded its security services for customers.
LastPass adding dark web monitoring to its Premium subscription (MobileSyrup) Available for Premium, Family and Business subscribers, LastPass' dark web monitoring will alert you when you've been caught in a breach.
Radiflow launches CIARA as first risk analysis platform based on ISA/IEC 62443 framework (Radiflow) Cyber Industrial Automated Risk Analysis (CIARA) helps industrial automation and control system users to dramatically streamline risk reduction planning and compliance for improved cyber risk posture
Efficacy of Micro-Segmentation (Computer Business Review) Illumio Inc. engaged Bishop Fox to measure the effectiveness of micro-segmentation using the Illumio Adaptive Security Platform (ASP) as a control in limiting lateral network movement. The following report details the findings identified during the course of the engagement, which started on March 16, 2020. Goals: – Create a repeatable testing methodology that can be …
Ensighten Launches Client-Side Threat Intelligence Initiative and Invests in Machine Learning (PR Newswire) Ensighten, the leader in client-side website security and privacy compliance enforcement, today announced increased investment into threat...
Area 1 Security Launches New North American Partner Program (PR Newswire) Area 1 Security today announced its new partner program to allow partners to easily sell and deliver the industry's only preemptive,...
Kaspersky expands product array for security researchers with sandboxing technology (Intelligent CIO Africa) Cybersecurity vendor Kaspersky has revealed that its sandboxing technology is now available for use in customer networks. The on-premises Kaspersky Research Sandbox is designed for organisations with strict restrictions on data sharing, to enable them to build their internal security operations centres (SOCs) or computer emergency response teams (CERTs). The company said the solution helps […]
Fortinet Introduces the World’s First Hyperscale Firewall (GlobeNewswire) FortiGate 4400F is the Only Firewall Capable of Securing Hyperscale Data Centers and 5G Networks, Delivering the Industry’s Highest Performance with Security Compute Ratings of up to 13x
Technologies, Techniques, and Standards
Hackers Get Green Light to Test Election Voting Systems (Wall Street Journal) Election Systems & Software, the top U.S. seller of voting-machine technology, is calling a truce in its feud with computer-security researchers over the ways they probe for vulnerabilities of the company’s systems.
Voting Machine Makers Are Finally Playing Nice With Hackers (Wired) After years of secrecy, one major election tech company is giving more hackers a look under the hood.
CISA director: Paper record key to keeping 2020 election secure – Video (Digital Market News) What I wanna talk about is where we were in 2016 where we are today in the run up to 2020. And then talking about what we actually have to do to get ready, left
The Vigilante Hunting Down Cheaters in Video Games (Vice) This 24-year-old Iraqi who lives in London has spent two years hunting cheaters in Overwatch and Valorant, getting thousands of cheaters banned and helping gaming companies improve their games.
CISA Releases Cyber Workforce Tool (Meritalk) The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency released a new online tool designed to help individuals navigate career options in the field of cybersecurity.
States Are Deploying National Guard Cybersecurity Teams To Prevent Election Interference (KPBS Public Media) More than 30 states have asked the National Guard to help safeguard the 2020 election from cyber threats.
Design and Innovation
TikTok says it's going to fight election misinformation (NBC News) TikTok remains under intense U.S. government scrutiny and is the subject of a potential imminent sale to Microsoft.
TikTok tightens misinformation rules before 2020 election (Axios) The popular short-video app, under attack from President Trump, is seeking to tighten it rules.
Dopple-ganging up on Facial Recognition Systems (McAfee Blogs) Co-authored with Jesse Chick, OSU Senior and Former McAfee Intern, Primary Researcher. Special thanks to Dr. Catherine Huang, McAfee Advanced Analytics
Research and Development
()
Research Into Advanced Cryptography Wins Pandey $1 Million DARPA Award (SBU News) Professor Omkant Pandey of the Department of Computer Science, along with Sanjam Garg of the University of California, Berkeley, have been awarded a $1 million grant from the Defense Advanced Research Projects Agency (DARPA) to develop safe and secure verification methods for sensitive processes.
Academia
Check Point Software Partners with New York University to Close the Cybersecurity Workforce Gap (GlobeNewswire) Online eLearning program on cloud, network, endpoint, and mobile security now available to NYU’s Tandon School of Engineering to develop student’s cybersecurity knowledge
Legislation, Policy, and Regulation
New Australian cybersecurity strategy will see Canberra get offensive (ZDNet) Powers to be created will allow the Commonwealth to actively defend networks.
Peter Dutton confirms Australia could spy on its own citizens under cybersecurity plan (the Guardian) Australian Signals Directorate will for the first time be able to identify suspects on home soil
Romanian Conditions for 5G Race Would Rule out Huawei (Balkan Insight) Without explicitly mentioning the Chinese giant, Romania has set out the terms it will apply to choose a partner to implement 5G technology – which clearly exclude China’s Huawei from the competition.
()
State Dept. Traces Russian Disinformation Links (New York Times) A new government report avoids direct discussion of American election interference by Moscow, despite lawmakers’ call for more information.
GEC Special Report: August 2020 Pillars of Russia’s Disinformation and Propaganda Ecosystem (United States Department of State) As the U.S. Government’s dedicated center for countering foreign disinformation and propaganda, the Global Engagement Center (GEC) at the U.S. Department of State has a mandate to expose and counter threats from malign actors that utilize these tactics.
The US is building a new Great Firewall (Quartz) The "Clean Network" initiative aims to root out Chinese apps and other tech products from the US internet, which some say is reminiscent of China's own digital wall.
Pompeo urges US companies to block downloads of Chinese apps (TheHill) The Trump administration is urging U.S.
Announcing the Expansion of the Clean Network to Safeguard America’s Assets (United States Department of State) The Clean Network program is the Trump Administration’s comprehensive approach to guarding our citizens’ privacy and our companies’ most sensitive information from aggressive intrusions by malign actors, such as the Chinese Communist Party.
US offers $10 million reward for hackers meddling in US elections (ZDNet) This includes attacks against US election officials, election infrastructure, voting machines, but also candidates and their staff.
The Domestic Legal Framework for U.S. Military Cyber Operations (Lawfare) With little fanfare and less public notice, Congress and the executive branch have cooperated effectively over the past decade to build a legal architecture for military cyber operations.
Why create more cyber units when talent might be lacking, wonders senator (C4ISRNET) One senator is concerned that unless the Pentagon retains its top cyber talent, adding more needed cyber teams might not make a difference.
CISA Reframing Cyber Hiring Approach; Christopher Krebs Quoted (Executive Gov) The Cybersecurity and Infrastructure Security Agency (CISA) is reassessing its cyber recruitment app
States Call on Facebook to Launch Hate-Speech Hotline (Wall Street Journal) Attorneys general for 19 states and the District of Columbia are calling on the social-media giant to take additional steps to combat harassment and hate speech on its platforms.
Litigation, Investigation, and Law Enforcement
Twitter hack court hearing 'zoom bombed' with pornography (The Telegraph) A judge was forced to suspend the virtual hearing after repeated interruptions
Risk Of Breaching Sanctions Adds To Ransomware Headache (Law360) Companies facing extortion demands from cybercriminals have encountered a new form of risk in recent months over whether paying such a ransom could violate sanctions issued by the U.S. Department of the Treasury, industry attorneys say.
Class-Action Lawsuit Claims TikTok Steals Kids' Data And Sends It To China (NPR) A lawsuit alleging that TikTok collects and sends American users' data to China could cost the company hundreds of millions of dollars. TikTok denies the allegations.
Ex-Justice Dept. official says Michael Flynn secretly ‘neutered’ Obama’s moves on Russia (Washington Post) Former deputy attorney general Sally Q. Yates told Congress on Wednesday that President Trump’s incoming national security adviser Michael Flynn in late 2016 had secretly “neutered” Obama administration actions toward Russia, prompting an investigation that consumed the early days of Trump’s presidency.
Yates Contradicts Strzok, Says Comey Brought Up Use of Archaic Law on Flynn (Epoch Times) Former Deputy Attorney General Sally Yates on Aug. 5 contradicted the content of notes written by an FBI ...
()
Coalfire security pros arrested for breaking into Iowa courthouse are still bitter (CyberScoop) The two security pros who were arrested for doing their job are still angry. Gary DeMurcurio and Justin Wynn, who work as penetration testers for Colorado-based security firm Coalfire Labs, were charged with burglary in September 2019 after they broke into an Iowa courthouse.
Black Hat: When penetration testing earns you a felony arrest record (ZDNet) Coalfire takes us through the story of security professionals arrested at a courthouse while conducting tests on behalf of the state.