Cyber Attacks, Threats, and Vulnerabilities
Bye bye, Bynet (Meduza) Belarusian officials say foreigners are responsible for the country’s sudden Internet outages, but I.T. experts suspect the government is to blame
Will knocking Belarus offline save president from protests? (the Guardian) Alexander Lukashenko has cut off entire population’s internet to try to stifle election dissent
Pakistan Army identifies major cyber attack by India targeting mobile phones of govt, military officials (The News) Various targets of hostile intelligence agencies are being investigated, says ISPR
Pakistani intelligence agencies identify major cyber attack by India: army
(Xinhua) Pakistan's army said on Wednesday that Pakistani intelligence agencies have "identified a major cyber-attack by Indian intelligence agencies involving a range of cybercrimes including deceitful fabrication by hacking personal mobiles and technical gadgets of government officials and military personnel."
Iran: Cyber-Attacks on MEK’s Website (NCRI) Iranian regime’s desperate attempt to disrupt the voice of resistance failed On the evening of Sunday, August 10, the official website of the People's
Australia: Huawei's Papua New Guinea data center security "openly broken," making potential spying easy (Data Center Dynamics) Funded with a Chinese state loan
More than half of foreign cyberattacks against China originate in US (South China Morning Post) Cybersecurity is currently rising up the international agenda amid escalating tech and trade tensions between the US and China.
Russia claims numerous cyberattacks coming from Germany (The Star Online) Russian top diplomat Sergei Lavrov said on Tuesday that Russia has detected numerous cyberattacks originating in Germany, according to comments carried by state media.
WSJ News Exclusive | TikTok Tracked User Data Using Tactic Banned by Google (Wall Street Journal) TikTok skirted a privacy safeguard in Google’s Android operating system to collect unique identifiers from millions of mobile devices, data that allows the app to track users online without allowing them to opt out, a Wall Street Journal analysis has found.
Hackers exploited Tor exit relays to generate bitcoin: research (CyberScoop) At one point this spring, a single set of money-hungry hackers controlled nearly a quarter of the endpoint infrastructure through which the anonymizing internet browser Tor routed traffic, a researcher who tracks Tor claimed this wee
This is node joke. Tor battles to fend off swarm of Bitcoin-stealing evil exit relays making up about 25% of outgoing capacity at its height (Register) Cash-strapped privacy devs face determined miscreants who keep coming back for more
‘Stalkerware’ phone spying apps have escaped Google’s ad ban (TechCrunch) Several well-known stalkerware apps were still advertising after Google imposed its new rules.
Facebook Removed Nearly 40% More Terrorist Content in Second Quarter (Wall Street Journal) The social-media giant culled about 8.7 million pieces of such content during the period, up from 6.3 million in the first quarter, crediting strides in detection.
SBA Phishing: Malicious Actors "Return to Roots" in the Hunt for Money (KnowBe4) The COVID-19 pandemic continues to dominate news headlines as well as the development of malicious email attacks designed to separate users and organizations from their money.
The Secret SIMs Used By Criminals to Spoof Any Number (Vice) Criminals use so-called Russian, encrypted, or white SIMs to change their phone number, add voice manipulation to their calls, and try to stay ahead of law enforcement.
Fraudulent HIPAA Communications: An Alert from the Office for Civil Rights (The National Law Review) Yesterday, the Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”), sent an alert to its listservs regarding fraudulent communications that are bei
SANS infosec training org suffers data breach after phishing attack (BleepingComputer) The SANS cybersecurity training organization has suffered a data breach after one of their employees fell victim to a phishing attack.
Data Incident 2020: What is known for certain? (SANS Institute) On August 6th, as part of a systematic review of email configuration and rules we identified a suspicious forwarding rule and initiated our incident response process.
Seek apologises for 'internal technical issue' that exposed user details (ZDNet) But it has no intention of reporting the issue as a notifiable data breach to the Office of Australian Information Commissioner.
Ransomware: Why one city chose to the pay the ransom after falling victim (ZDNet) After being hit with ransomware, one city faced a tough decision.
()
Ransomware gangs using social pressure to extort victims: Sophos researcher (iTWire) The actors behind the various Windows ransomware packages changed their tactics to prise money out of their victims' hands in October last year, but it remains to be seen whether their use of social pressure will be more profitable than methods used earlier, a researcher from global security fir...
Schneider Electric APC Easy UPS On-Line (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Schneider Electric
Equipment: APC Easy UPS On-Line
Vulnerabilities: Path Traversal
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could lead to remote code execution.
Siemens Automation License Manager (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.3
ATTENTION: Low skill level to exploit
Vendor: Siemens
Equipment: Automation License Manager (ALM)
Vulnerability: Improper Authorization
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to locally escalate privileges and modify files that should be protected against writing.
Siemens Desigo CC (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: Desigo CC
Vulnerability: Code Injection
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to gain remote code execution on the server with SYSTEM privileges.
Siemens Industrial Products SNMP Vulnerabilities (Update B) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: Various SCALANCE, SIMATIC, SIPLUS products
Vulnerabilities: Data Processing Errors, NULL Pointer Dereference
2.
Siemens Industrial Products (Update H) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: Industrial Products
Vulnerabilities: Excessive Data Query Operations in a Large Data Table, Integer Overflow or Wraparound, Uncontrolled Resource Consumption
2.
Siemens Industrial Products (Update P) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Remotely exploitable/low skill level to exploit
Vendor: Siemens
Equipment: Industrial Products
Vulnerability: Improper Input Validation
2. UPDATE INFORMATION
This updated advisory is a follow-up to the updated advisory titled ICSA-17-339-01 Siemens Industrial Products (Update O) published July 14, 2020, on the ICS webpage on us-cert.gov.
Siemens Industrial Real-Time (IRT) Devices (Update D) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: Industrial Real-Time (IRT) Devices
Vulnerability: Improper Input Validation
2.
Siemens OPC UA Protocol Stack Discovery Service (Update D) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.2
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: SIMATIC
Vulnerabilities: Improper restriction of XML external entity reference
2.
Siemens Opcenter Execution Core (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: Opcenter Execution Core
Vulnerabilities: Cross-site Scripting, SQL Injection, Improper Access Control
2.
Siemens PROFINET-IO Stack (Update B) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: Siemens PROFINET-IO Stack
Vulnerability: Uncontrolled Resource Consumption
2. UPDATE INFORMATION
This updated advisory is a follow-up to the advisory update titled ICSA-20-042-04 Siemens PROFINET-IO Stack (Update A) that was published March 10, 2020, on the ICS webpage on us-cert.gov.
Siemens PROFINET Devices (Update G) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: PROFINET Devices
Vulnerability: Uncontrolled Resource Consumption
2. UPDATE INFORMATION
This updated advisory is a follow-up to the advisory update titled ICSA-19-283-02 Siemens PROFINET Devices (Update F) that was published July 14, 2020, to the ICS webpage on us-cert.gov.
Siemens PROFINET DCP (Update R) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.5
ATTENTION: Exploitable from an adjacent network/low skill level to exploit.
Vendor: Siemens
Equipment: Devices using the PROFINET Discovery and Configuration Protocol (DCP)
Vulnerabilities: Improper Input Validation
2.
Siemens SCALANCE & SIMATIC (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: SCALANCE, SIMATIC
Vulnerability: Resource Exhaustion
2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-20-105-07 Siemens SCALANCE & SIMATIC that was published April 14, 2020 on the ICS webpage on us-cert.gov.
Siemens SCALANCE, RUGGEDCOM (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: SCALANCE, RUGGEDCOM
Vulnerability: Classic Buffer Overflow
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to gain unauthenticated access to a device and cause a buffer overflow to execute custom code.
Siemens SCALANCE S-600 (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/Low skill level to exploit
Vendor: Siemens
Equipment: SCALANCE S-600 Firewall
Vulnerabilities: Resource Exhaustion, Cross-site Scripting
2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-20-042-10 Siemens SCALANCE S-600 that was published February 11, 2020 on the ICS webpage on us-cert.gov.
Siemens SICAM A8000 RTUs (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.3
ATTENTION: Exploitable remotely
Vendor: Siemens
Equipment: SICAM A8000
Vulnerability: Cross-site Scripting
2. RISK EVALUATION
Successful exploitation of this vulnerability could compromise the confidentiality, integrity, and availability of the web application.
Siemens SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM (Update I) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM
Vulnerability: Out-of-bounds Read
2.
Siemens SIMATIC, SIMOTICS (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 3.1
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: SIMATIC, SIMOTICS
Vulnerability: TOCTOU Race Condition
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to read a discrete set of traffic over the air after a Wi-Fi device state change.
Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update B) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.7
ATTENTION: Low skill level to exploit
Vendor: Siemens
Equipment: SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK
Vulnerability: Unquoted Search Path or Element
2.
Siemens UMC Stack (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.7
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: UMC Stack
Vulnerabilities: Unquoted Search Path or Element, Uncontrolled Resource Consumption, Improper Input Validation
2.
Tridium Niagara (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 4,3
ATTENTION: Exploitable from adjacent network/low skill level to exploit
Vendor: Tridium
Equipment: Niagara
Vulnerability: Synchronous Access of Remote Resource without Timeout
2. RISK EVALUATION
Successful exploitation of this vulnerability could result in a denial-of-service condition.
Yokogawa CENTUM (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.1
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Yokogawa
Equipment: CENTUM
Vulnerabilities: Improper Authentication, Path Traversal
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to send tampered communication packets or create/overwrite any file and run any commands.
Security Patches, Mitigations, and Software Updates
Google to Microsoft: Nice Windows 10 patch – but it's incomplete (ZDNet) No more extensions to our 90-day disclosure deadline, Google tells Microsoft over escalation-of-privilege bug.
()
Two 0-Days Under Active Attack, Among 120 Bugs Patched by Microsoft (Threatpost) One of the two zero-day bugs is rated ‘critical’ and is classified as a remote code-execution bug impacting Microsoft’s Internet Explorer.
Office 365: A guide to the updates (TechCentral.ie) Office 365 and Microsoft 365 subscribers always have the latest version of Microsoft Office — currently Office 2019. They also get more frequent software updates than those who have purchased Office 2019 without a subscription, which means subscribers have access to the latest features, security patches and bug fixes. But it can be hard to [&hellip
Microsoft Patches Actively Exploited Windows, IE Vulnerabilities (SecurityWeek) Microsoft fixes 120 vulnerabilities with August 2020 Patch Tuesday updates, including a Windows spoofing flaw and a remote code execution bug in Internet Explorer that have been exploited in attacks
Intel, SAP, and Citrix release critical security updates (Help Net Security) August 2020 Patch Tuesday was expectedly observed by Microsoft and Adobe, followed by Apple, Google, Intel, SAP and Citrix.
Adobe tackles critical code execution vulnerabilities in Acrobat, Reader (ZDNet) This month’s security update fixes a variety of critical and important bugs in the software.
Slack unveils new security features as remote working skyrockets (Security Brief) Slack has introduced new security features, integrations and certifications to its platform in response to growing security concerns as more people work remotely.
Cyber Trends
Global Threat Landscape Report: a Semiannual Report by FortiGuard Labs (Fortinet) Years down the road when we all reflect back on 2020, it’s unlikely that cybersecurity will displace the COVID-19 pandemic at the top of our collective memories.
Cloud Security Alliance Study Finds While CASB Demand Is High, Additional Education Is Needed to Clarify Cloud Security Goals (BusinessWire) New CSA survey on CASB usage finds gaps between the rate of implementation/operation and the effective use of the capabilities within the enterprise.
SolarWinds Study Unveils Operational Impact of Pandemic on MSPs and Identifies Future Growth Opportunities (BusinessWire) SolarWinds (NYSE:SWI), a leading provider of powerful and affordable IT management software, today revealed the findings of its global study, COVID-19
DEF CON 2020 Wrap-Up: Hacking Phones, Cars and Satellites (SecurityWeek) Researchers showed at DEF CON how they managed to hack phones, cars, satellite communications, traffic lights, printers, smart devices, and popular software services
Marketplace
Jump Capital Leads $8 Million Series B Extension for IRONSCALES (PRWeb) IRONSCALES, the pioneer of self-learning email security, today announced it has closed an $8 million Series B extension led by Chicago-based v
Perimeter 81 Raises $40 Million in Series B Funding Led by Insight Partners (VentureBeat) Press Release Perimeter 81, a leading Secure Access Service Edge (SASE) and Network as a Service provider, announced today that it has completed a $40 million Series B round led by Insight Partners. The financing will help support Perimeter 81's rapid growth and accelerate...
AI cybersecurity startup Elisity raises $7.5 million to protect networks from attack with AI (VentureBeat) Cybersecurity startup Elisity emerged from stealth with $7.5 million to further develop tools that protect networks from AI-driven attacks.
Adaptive Shield Emerges from Stealth with $4 Million Seed Round to Protect $115 Billion Enterprise SaaS Market with Complete App Security Control (BusinessWire) Israeli startup Adaptive Shield today emerged from stealth with $4 million in seed funding from Vertex Ventures Israel to automate complete control of
Blumira Raises New Round of Funding For Threat Detection & Response (PR Newswire) Blumira, an emerging cybersecurity startup based in Ann Arbor, recently raised $2.6 million in funding. This investment will allow the company...
Zebraworks, nQueue Merge to Develop More Remote Cloud-Based Legal Tech (Legaltech News) The newly merged company announced it will release two cloud-based products in the first half of 2021 with the aim of enabling remote data collection, mobile scanning and document routing.
Sierra Nevada Secures $319M Army Contract for Comms Security Device Production (GovCon Wire) The U.S. Army has awarded Sierra Nevada Corp. a potential 10-year, $318.9M contract to produce, engi
TrapX Security named as a Sample Vendor in Gartner Hype Cycle for Security Operations, 2020 (BusinessWire) TrapX Security, the global leader in deception-based cyber defense solutions, was identified as a Sample Vendor in the Gartner Hype Cycle for Security
QuintessenceLabs Selected by World Economic Forum as a Global Innovator (BusinessWire) QuintessenceLabs has been selected by the World Economic Forum to join their Global Innovators Community, as an innovative voice on cybersecurity
Siemens' Tony Hemmelgarn Joins Board of Directors | WashingtonExec (WashingtonExec) Tony Hemmelgarn, president and CEO of Siemens Digital Industries Software, has joined Siemens Government Technologies board of directors, the company
Juniper Networks to Appoint Sharon Mandell as Chief Information Officer (CIOReview) Juniper Networks to Appoint Sharon Mandell as Chief Information Officer By CIOReview - Juniper Networks appoints Sharon Mandell as Senior Vice President and Chief Information Officer.
Spreedly Adds Chief Information Security Officer (PYMNTS.com) Spreedly, which works in accelerating global commerce via a secure, flexible platform, has announced Christopher Hudel as chief information security officer.
PepsiCo Chief Information Security Officer Sara Andrews Joins FireEye Board of Directors (BusinessWire) FireEye, Inc. (NASDAQ: FEYE), the intelligence-led security company, today announced that Sara Andrews has been appointed to the FireEye board of dire
Products, Services, and Solutions
Virtru and Area 1 Security Partner to Deliver Comprehensive Cloud Email Protection (Virtru) Available now, the joint offering combines Virtru’s seamless email encryption with Area 1’s advanced anti-phishing capabilities to help enterprises strengthen their security posture and ensure privacy and compliance while maximizing cloud collaboration and ROI.
Rohde & Schwarz significantly enhances 5G device certification capabilities with the R&S TS8980 test system (Rohde & Schwarz) Rohde & Schwarz fulfills the certification entry criteria (CEC) for a greatly increased number of the Global Certification Forum's (GCF) work items (WI) and PCS Type Certification Review Board (PTCRB) requests for 5G FR1 RF conformance testing. Thanks to 572 new GCF validations and 215 new PTCRB validations for the R&S TS8980FTA 3A, the updated version of the leading RF test system R&S TS8980 can now perform a broad range of 5G device certification tests.
Veristor and Remediant Partner to Deliver "Zero Standing" Privileged Access Management Control and Insight (Veristor) Companies Work to Eliminate Security Risk and Complexity by Assuring Privileged Credentials Are Only Granted "Just Enough, Just-in-Time"
Invixium and SIASA Announce Distribution Partnership for Mexico (Invixium) Premiere Security Distributor in Mexico Signs Distribution Agreement with Canadian Biometric Manufacturer Toronto, Ontario (August 11, 2020) –Invixium, a leading global provider of advanced touchless biometric solutions and SIASA, a leading supplier of biometric hardware and software in Latin America, jointly announce an exclusive partnership to distribute Invixium’s range of biometric products to SIASA’s customers …
Vodafone and Accenture join hands to offer cyber security services (Newshour Press) In its attempt to help European businesses make their cyber security up-to-date, Vodafone Business announced that it would be joining forces with the Irish-dom
KoolSpan Delivers Secure Mobile Communications Solution to NGA’s GEOINT App Store for Department of Defense and Intelligence Community Users (BusinessWire) KoolSpan Delivers Secure Mobile Communications Solution to NGA’s GEOINT App Store for US Government users
DigiCert Announces New Multi-year Plan in DigiCert CertCentral® to Help Customers Simplify TLS Certificate Management Ahead of 1-Year Lifetime Requirements (Security Boulevard) Multi-year Plan reduces administrative burdens, locks in costs and takes advantage of automation for simpler certificate management (LEHI, Utah) — (Aug.
Virtru and Area 1 Security Partner to Deliver Comprehensive Cloud Email Protection (GlobeNewswire) Joint Solution Combines Seamless, End-to-End Encryption with Advanced Cloud Email Security
()
Analyst1 Wages War on Cybercrime with Next Generation Threat Intelligence Platform (WFMZ) Analyst1, a threat intelligence platform engineered by analysts for the enterprise, is revolutionizing the way cybersecurity analysts defend the nation's most sensitive and
New Recorded Future and Microsoft Azure Partnership Brings Security Intelligence to Cloud Environments (PR Newswire) Recorded Future, the largest global security intelligence provider, today announced that it has partnered with Microsoft Azure to support...
How This Cybersecurity Startup Is Using Machine Learning (Analytics India Magazine) In an attempt to revolutionise the cyber threat visibility, CYFIRMA, a cyber analytics startup help in understanding the threat landscape.
Forescout Sets a New Standard for Securing the Enterprise of Things (GlobeNewswire) Forescout Technologies, Inc. (NASDAQ: FSCT), the leader in Enterprise of Things security, today announced new capabilities and platform updates to deliver an active defense for the Enterprise of Things (EoT) by identifying, segmenting and enforcing compliance of every connected thing.
Juniper Networks rolls out WAN assurance service (Capacity Media) Juniper Networks (NYSE:JNPR), has unveiled its Mist WAN Assurance service, enhancing automation and insight in branch locations with AI-driven service and client-to-cloud event correlation for rapid fault resolution, anomaly detection and proactive support.
Technologies, Techniques, and Standards
MITRE ATT&CK Framework Ontology (Nozomi Networks) The elements of the MITRE ATT&CK Framework for ICS reflect the distinctiveness of a physical operational environment.
NIST Shares Final Zero Trust Architecture Strategies, Guidance (HealthITSecurity) NIST released the final version of its Zero Trust Architecture publication, which provides private sector administrators and security leaders with a roadmap to shift into the enterprise security model
CISA working on cyber-risk framework to prioritize emerging threats (Federal News Network) CISA’s rollout of its cyber framework comes at a time when the agency has shifted to emerging areas in need of protection and better to quantify the “cyber loss” from incidents in the private sector.
AI Security Alliance urges clarity for buying AI security tools (SearchSecurity) When discussing the sale or purchase of AI security tools, both vendors and customers need to clearly communicate their expectations and the realities of buying, installing and using AI products, AI Security Alliance founder and chair Kapil Raina advised.
Drawing lessons from chaotic primaries, election officials scrambled to head off voting problems in Tuesday’s contests (Washington Post) If election officials in Georgia and Wisconsin wanted to prove one thing during primary and runoff elections Tuesday, it was that they could do a better job managing lines, operating equipment and counting mail ballots than they did in earlier contests this year.
Maximizing data privacy: Making sensitive data secure by default (Help Net Security) Public health organizations can have automated contact tracing while simultaneously maximizing data privacy for all users.
Former FBI computer scientist shared 5 cybersecurity measures hospitals should take (Becker's Hospital Review) Many ransomware groups have promised not to target healthcare providers during the pandemic, but a resurgence of these attacks is likely. Hospitals need to be prepared and ensure their data is protected to avoid delays in patient care and costly repercussions.
Help Reinforce Privacy Through the Lens of GDPR (Security Intelligence) GDPR is two years old, which means enterprises are well into demonstrating compliance as COVID-19 hits. What do delivery teams need to remember?
Boeing 747s still get critical updates via floppy disks (The Verge) Security researchers get a rare look at the 747s avionics systems
Design and Innovation
Experts say CIA security triad needs a DIE model upgrade (SearchSecurity) The CIA security triad, a security policy model built on confidentiality, integrity and availability, worked for decades. Two security experts see the DIE triad, which stands for distributed, immutable and ephemeral, as the next major security paradigm.
Is This IoT App Safe to Drink? (Bishop Fox) Sound policies to legislate the of Internet of Things (IoT) can help government and industry regulate and improve IoT product security and transparency.
Twitter now lets everyone limit replies to their tweets (TechCrunch) Twitter may describe itself as the town square, but that doesn’t mean you have to talk to everyone walking past your seat at the cafe. Today, to increase the amount of “meaningful conversations” that take place on Twitter, and to help people weed out abuse and spam in their replie…
Research and Development
Navy Bolstering Cybersecurity for Unmanned Vessels (National Defense) The Navy is exploring how to better protect its unmanned vessels with anti-tamper measures to prevent hacking from adversaries.
Academia
Miller-Motte adds degree programs in cyberscurity, health IT at Chattanooga campus (Times Free Press) Miller-Motte College is adding two new Associate Degree programs at its Chattanooga campus this fall in a some of the fastest-growing demand fields.
Great Falls College MSU's cyber security program nationally recognized for academic excellence (KHQ Right Now) Great Falls College MSU has received national recognition for it's cyber security program.
Cyber forensics student wants women to pursue careers in cybersecurity (Purdue Polytechnic Institute) Yansi Keim, a graduate research assistant in cyber forensics, was featured as one of the ”12 women of crypto“ in Women of Silicon Valley, an online magazine.
Legislation, Policy, and Regulation
Alliance power for cybersecurity (Atlantic Council) This report illustrates how collective action on cyber defense can be put into practice to achieve increased cybersecurity.
Germany launches cybersecurity agency to strengthen 'digital sovereignty' (Deutsche Welle) The German government has signed up to create an agency to protect the country's cybersecurity. The defense minister described the project, initially funded with €350 million ($412 million), as a "milestone."
Home Affairs proposes cyber regulations and legal immunities to respond to threats (ZDNet) Private companies running systems of national significance need to hand over information on networks and systems if requested by Home Affairs.
Explainer: How the U.S. could block WeChat and TikTok from Americans (WKZO) (Reuters) - President Donald Trump has threatened to ban the short-video app TikTok and messaging service WeChat by late September on grounds that the Chinese-owned apps pose a national security threat. It would mark the first time the United States has attempted to shut down widely used mobile internet apps.
How would the U.S. go about blocking …
Democrats concerned by Facebook oversight board's limited authority (Reuters) Three Democratic members of the U.S. House of Representatives on Tuesday urged Facebook Inc to enact the policy recommendations of the company's oversight board, empowering the independent group of advisers, which the lawmakers said have limited responsibilities.
Federal Cyber Workforce: A Search for Solutions (Meritalk) There are over half a million cybersecurity job openings across the United States, including more than 30,000 cybersecurity positions left unfilled in the public sector. The problem is far from new, and while much concern about the gap has been expressed by members of Congress, the shortfall remains. What will it take to not only fill the need, but to meet the challenge in a way that is fair and inclusive?
Litigation, Investigation, and Law Enforcement
French privacy watchdog opens investigation into TikTok (Reuters) France's data privacy watchdog CNIL said on Tuesday that it was making preliminary investigations into TikTok after it received a complaint in May against the Chinese-owned video-sharing app.
TikTok Faces French Data Probe, Adding to EU-Wide Scrutiny (Bloomberg) France’s privacy watchdog opened a probe into TikTok, marking another examination of ByteDance Ltd.’s social media app, which is facing broader scrutiny of its privacy policies.
Kerala Police begin probe into cyber attacks on journalists (Telangana Today) State Police Chief Loknath Behra said in a statement that the Hi-tech Enquiry Cell and the Police Cyberdome have started the probe.
NJ Supreme Court: No 5th Amendment right not to unlock your phone (Ars Technica) Courts are split on whether phone unlocking orders violate the Fifth Amendment.
U.S. Appeals Court Throws Out Antitrust Ruling Against Qualcomm (Wall Street Journal) A federal appeals court threw out a trial judge’s antitrust judgment against Qualcomm, ruling the federal government hadn’t shown the chip maker engaged in illegal monopolization.
BEC Scam Costs Trading Firm Virtu Financial $6.9 Million (BankInfo Security) High-speed trading firm Virtu Financial says it lost $6.9 million in a business email compromise scam in May. The company is now suing its insurer for failure to
British Airways and Marriott Expect Drastically Reduced Fines From U.K. Privacy Regulator (Wall Street Journal) British Airways and Marriott International were expected to be hit with the highest-ever penalties for violating European privacy rules but will likely be assessed much smaller fines.