Cyber Attacks, Threats, and Vulnerabilities
A Notorious Cyber Espionage Group Is Targeting Indian Military, Government Data, Warns Kaspersky (IndiaTimes) India is among the most heavily targeted nations by noted cyber espionage Transparent Tribe, a new report by cyber security firm Kaspersky warns. It says that the group will possibly target Indian military and government personnel in the future for information leak.
Cybersecurity researchers warn of espionage campaign; India among the most affected nations (Hindu Businessline) An espionage campaign is targeting military and government-related personnel, according to researchers at cybersecurity firm Kaspersky.The firm in 2019 began an investigation into an ongoing campaign
New Zealand bourse website hit by fresh cyberattack, but keeps trading (Reuters) The New Zealand stock market was hit by a fifth day of cyber attacks on Monday, crashing its website, but maintained trading after switching to a contingency plan for the release of market announcements.
New Zealand Stock Market Keeps Trading Amid Ongoing Cyber Attack (Bloomberg) New Zealand’s stock exchange kept trading Monday even as operator NZX’s website crashed again in what appears to be a resumption of cyber attacks that crippled the market last week.
NZ's cyber security centre warns more attacks likely following stock market outages (MENAFN) The Government Communications Security Bureau ( GCSB ) has issued a warning to all New Zealand businesses to be prepared for cyber attacks, following almost a week of daily attacks on the New Zealand stock exchange ( NZX ).
NZX calls in Akamai for additional cyber attack defence (Reseller News) The New Zealand Stock Exchange website was up and running this morning after a series of denial of service attacks last week, but appeared to have succumbed again mid to late morning.
Security alert | 6 new apps with Joker malware on Google Play (Pradeo) Joker is a malware that silently exfiltrates data and subscribes users to unwanted premium subscription. The malware was found in 24 apps on Google Play.
Android security bug let malicious apps siphon off private user data (TechCrunch) The bug, now fixed, could be abused to steal sensitive and private data from other apps.
Breaking trust: Shades of crisis across an insecure software supply chain (Atlantic Council) Software supply chain security remains an under-appreciated domain of national security policymaking. Working to improve the security of software supporting private sector enterprise as well as sensitive Defense and Intelligence organizations requires more coherent policy response together industry and open source communities.
Security Researchers Discovered Nearly 2 Dozen Fleeceware Android Apps On Google Play Store That Lure Consumers Into Paying Unreasonably High Subscription Fees (Digital Link) Some applications were also found to have a ‘spam subscription’ model. When the user signs up, they find themselves subscribed to many different applications.
Google Play apps promised free shoes, but users got ad fraud malware instead (ZDNet) White Ops discovers a collection of Android apps that installed a hidden browser to load ad-heavy pages and commit ad fraud.
Google removed malicious Terracotta apps from the Play Store (Security Affairs) Researchers from White Ops discovers several Android apps in the official Play store which installed on users’ mobile devices the Terracotta ad fraud malware. Researchers from security firm White Ops discovered several Android apps in the official Play Store that installed a hidden browser to load pages containing ad and commit ad fraud. The company […]
Fake Android notifications – first Google, then Microsoft affected (Naked Security) Were you woken up by a bogus Android notification from Google or Microsoft this week?
CenturyLink outage led to a 3.5% drop in global web traffic (ZDNet) CenturyLink incident takes down Cloudflare, Reddit, Hulu, AWS, Blizzard, Steam, Xbox Live, Discord, and dozens more.
No, A Massive Cyber-Attack Didn’t Take Down The Internet Yesterday: Here’s What Happened (Forbes) What caused one of the most significant internet outages ever over the weekend?
Analysis of Today's CenturyLink/Level(3) Outage (The Cloudflare Blog) Today CenturyLink/Level(3), a major ISP and Internet bandwidth provider, experienced a significant outage that impacted some of Cloudflare’s customers as well as a significant number of other services and providers across the Internet.
Single & penniless: FBI warns of $475M lost to romance scams (BleepingComputer) The Federal Bureau of Investigation is warning of online romance scams, an ongoing online fraud trend that can lead to large financial losses, as well as devastating emotional scars.
Never trust hyperlinks, says founder of anti-phishing company Segasec (CTECH) Elad Schulman, co-founder and former CEO of cybersecurity company Segasec, recently acquired by Nasdaq-listed Mimecast, says visually inspecting a URL no longer cuts it, as attackers become more sophisticated by the day
()
Morocco’s CIH Bank Falls Victim to International Hacking Attack (Morocco World News) Morocco’s CIH Bank announced on Friday, August 28, the hacking of numerous customer accounts. - Morocco World News
More than 50,000 NSW driver's licences exposed in mystery data leak (CarAdvice.com) The personal information of tens of thousands of New South Wales motorists may have been exposed in a mysterious online data leak and experts believe the source could be a fleet or toll road operator ...
Rocky Mount investigates possible cyber attack on city's computer system (WRAL) Rocky Mount officials are investigating a possible cyber attack on the city's computer system. The problem emerged about two weeks ago, forcing residents to pay all their city bills in person. City officials refuse to provide details at this time.
Haywood County Schools set to reopen for remote instruction following cyber attack (WLOS) School will be back in session for one mountain county, following a cyber attack. On Saturday, Haywood County Schools announced district schools will reopen for remote instruction on Monday, Aug. 31, one week after hackers got into the district's computers and requested money to stop the attack. Superintendent Dr. Bill Nolte made the following statement in Saturday's announcement:
Brooklyn Center Police warns public about COVID-19 phishing scam on Facebook and WhatsApp (KSTP) The Brooklyn Center Police Department is warning the public of COVID-19 money scams popping up on WhatsApp or Facebook...
Security Patches, Mitigations, and Software Updates
Slack fixes 'critical' vulnerability that left desktop app users open to attack (Mashable) Thankfully a security researcher disclosed the vulnerability, instead of selling it to the highest bidder.
Slack fixes 'critical' vulnerability that left desktop app users open to attack (Mashable) Thankfully a security researcher disclosed the vulnerability, instead of selling it to the highest bidder.
File conversion tool Zamzar springs to action to quickly resolve web security flaws in API (The Daily Swig) Open Office to PDF conversion posed pwnage risk to file conversion utility
Cyber Trends
Misconfiguration on the Cloud is as Common as it is Costly (Infosecurity Magazine) Remote work has opened profitable new horizons in cybercrime
Shadow IoT poses growing threat to network security (IoT Agenda) Many people have heard of shadow IT, but not shadow IoT. Hackers can use the lack of embedded security in unauthorized IoT devices to break into corporate networks. Organizations must include device discovery and policies to protect their network.
Four myths about the cloud: The geopolitics of cloud computing (Atlantic Council) In competition and cooperation, cloud computing is the canvas on which states conduct significant political, security, and economic activity.
The Global Risks Report 2020 (World Economic Forum) The world cannot wait for the fog of geopolitical and geo-economic uncertainty to lift.
5 Cyber Security Risks and Issues You'd Be a Fool to Ignore (Newswire) Ignoring these cyber security risks and issues are a sure-fire way to see your business implode. Here's what they are and what to do about them.
Australians have lost nearly $90 million to scams in 2020 (Atlas VPN) According to data analyzed by the Atlas VPN research team, Australians have reported 99,321 scam events since the beginning of the year, resulting in$89.6 million in losses.Notably, $3.3 million were lost to coronavirus-related frauds.
Marketplace
MACH37 Invests in IoT, Endpoint Security Company Cervais (MSSP Alert) Information security accelerator MACH37 invests in Cervais, a cybersecurity company that offers endpoint & Internet of Things (IoT) protection solutions.
Rise Broadband vaults 'rip and replace' program's Catch-22 (Light Reading) Rise Broadband is caught between two FCC mandates, one involving Chinese equipment and another involving CBRS spectrum. The company is opening its checkbook as a result.
TikTok Deal Talks Are Slowed Over New China Rules (Wall Street Journal) Plans to quickly complete a deal between the Chinese parent company of TikTok and suitors for the app’s U.S. operations have been thrown off track as the parties huddled this weekend to weigh new Chinese restrictions that appear designed to affect a potential sale.
Huawei focusing on cloud business which still has access to U.S. chips: FT (Reuters) Chinese telecoms equipment maker Huawei Technologies Co Ltd is focusing on its budding cloud business, which still has access to U.S. chips despite sanctions against the company, to secure its survival, the Financial Times newspaper reported.
China’s chip making dream hits the buffers in Wuhan (South China Morning Post) Construction on a US$20 billion state-of-the-art semiconductor manufacturing plant in Wuhan has stalled, the latest problem to beset China’s chip making ambitions.
Mediatek goes all in with request to supply chips to Huawei (Telecoms.com) Taiwanese chip-maker Mediatek reportedly thinks it can supply Huawei without getting put on the US naughty step, but is double-checking just to make sure.
Victorian tech company MailGuard a big phish in cloud email security (Mirage News) Since Craig McDonald launched MailGuard in 2001 after an email-borne virus caused havoc for his then business, he's now regarded as a world-leader in...
How to avoid a cyber pandemic during the Covid pandemic (ISRAEL21c) Israeli cybersecurity technology, already a robust industry, is in more demand than ever as remote working and schooling present new levels of risk.
He was a criminal hacker. Now he protects companies from people like him. (Insight) These hackers penetrated companies like Nokia and Fujitsu. One was on the run from the FBI, the other was being watched by Aus. Federal Police. They reveal how they turned their illegal hacking into a career.
Slack pays stingy $1,750 reward for a desktop hijack vulnerability (BleepingComputer) A researcher responsibly disclosed multiple vulnerabilities to Slack that allowed an attacker to hijack a user's computer, and they were only rewarded a measly $1,750.
Startup Names Are Still Getting Less Silly (Crunchbase News) Call it the year of the noun. Funded startups are choosing brands made up of recognized words or names that describe what they do, according to our 2020 analysis of name trends.
Data Leader Anita Lynch joins Satori's Board of Advisors (GlobeNewswire) Anita Lynch joins Satori’s advisory board to help companies make responsible, compliant and secure use of data
Products, Services, and Solutions
Why iProov Genuine Presence Assurance doesn’t use selfies (iproov) Do you suffer from selfie anxiety? If so, you’re not alone. According to our survey, 34% of people in the UK and US class themselves as having selfie anxie...
Netcraft Extension adds credential leak detection (Netcraft News) The Netcraft Browser Extension now offers credential leak detection for extra protection against shopping site skimmers.
With brick-and-mortar shops around...
Spyse Launches a New External Threat Intelligence Solution (AiThority) Cybersecurity company Spyse announced the new external threat intelligence solution intended to identify potential vulnerabilities, entry points, and misconfigurations in digital infrastructures.
ReSec, Menlo Security join hands to fully address web-based cyber threats
(Israel Defense) The joint solution is said to offer unparalleled security while browsing the web and downloading documents
Security Compass Defines New Market Category: Balanced Development Automation (BusinessWire) Balanced Development Automation (BDA) is a category of DevOps tools that enables organizations to build secure digital products fast and safe.
Technologies, Techniques, and Standards
The Coming Revolution in Intelligence Affairs (Foreign Affairs) How Artificial Intelligence and Autonomous Systems Will Transform Espionage
Ransomware Negotiators Gain Prominence as Attacks Increase (Wall Street Journal) When ransomware hackers take data hostage, companies hire specialist negotiators to help.
Industrial Internet Consortium Updates IoT Security Maturity Model (Industrial Internet Consortium) PR: Enhanced guidance for setting and meeting IoT security objectives.
New IoT Security Maturity Model Profile from Object Management Group/Industrial Internet Consortium Targets Retail Industry (Industrial Internet Consortium) PR: Guidance to help retail establishments determine security requirements.
Tips to Protect Your Organization From Ransomware - and How to React Properly If You Fall Victim (Infrascale) Ransomware is on the rise and shows no signs of slowing down. Security experts predict that the global cost of damages due to ransomware attacks will be $20 billion by the end of 2021. It’s not an exaggeration to say that ransomware presents an existential threat to the livelihood of U.S. and global businesses in […]
Mail-In Ballot Scams - Avoid U.S. Election Phishing Scams (Tessian) New Tessian research shows hackers are creating fake websites related to mail-in ballots. Learn how to spot these spoofed domains and keep your PII safe.
Policy Evasion: Evasive Techniques You Need to Understand to Prevent Breaches and Attacks (Verodin) Think like a threat actor. Only then can countermeasures be implemented that are the most effective and relevant to each environment.
How Belarusians turned to VPNs and a private Telegram channel to bypass censorship when its internet was shut down using deep packet inspection (Aliide Naylor/Gizmodo) - Up News Info (Up News Info) In early August, Belarus,mdash;sometimes called Europe’s last dictatorship …
Design and Innovation
Aerospace Corp Developing Space Simulator to Game Satellite Wars - Air Force Magazine (Air Force Magazine) New simulation software will let U.S. space agencies virtually game everything from software upgrades to military confrontations with satellites.
Memers are making deepfakes, and things are getting weird (MIT Technology Review) Grace Windheim had heard of deepfakes before. But she had never considered how to make one. It was a viral meme using the technology that led her to research the possibility—and discover that it was super easy and completely free. Within a day, she had created a step-by-step YouTube tutorial to walk others through the…
Google Offers to Help Others With the Tricky Ethics of AI (Wired) After learning its own ethics lessons the hard way, the tech giant will offer services like spotting racial bias or developing guidelines around AI projects.
Chainlink Buys Cornell University Tech to Make Oracles More Private (Decrypt) Chainlink announced it has acquired DECO, a verification protocol for oracles to prove the authenticity of sensitive data.
Facebook Quietly Ends Racial Ad Profiling (Revue) Earlier this month, Facebook quietly removed the ability of advertisers to target users by race.
Academia
Future Cyberspace Operators: 20 Interns Take Up Cyberwarfare Summer Internship (United States Marine Corps Flagship) The Marines are looking for the best and brightest minds to lead cyberspace operators in defense of the Nation. Nineteen U.S. Naval Academy Midshipmen and one Marine sergeant with the Marine Corps
Legislation, Policy, and Regulation
North Korea claims the U.S. is the cyber bank robber (Korea JoongAng Daily) North Korea’s Foreign Ministry on Saturday called the United States a "mastermind of cybercrime" as it responded to a report detailing Pyongyang's efforts to hack banks.
Cyberspace new frontier for US regime change agenda (The Chronicle) Just a few days ago, while receiving a donation of personal protective equipment (PPE) from the Chinese government, President Mnangagwa pointed out that Zimbabwe was reeling under a sustained cyber-attack.
European Union to Sanction Belarus Officials for Opposition Crackdown (Wall Street Journal) European Union foreign ministers agreed to impose sanctions on senior Belarusian officials in response to what the EU called violent repression against peaceful protesters and opposition figures by the country’s autocratic regime.
Pakistan Faces Emerging Threat Of Indian Cyber Warfare (Technology Times) Technology, though essentially an element of national power has also become a pivotal national security risk for the nation states in recent decades.
India's Quest To Dominate South Asian Cyberspace: Challenges For Pakistan - OpEd (Eurasia Review) Since the advent of technological innovations in warfare, ‘Cyberspace’ has considerably emerged as the new battlefield for states. The South Asian
Iran’s Regime Plan to Organize the Internet in Its Own Interest and Security (Iran News Update) On August 23, the Iranian regime’s Supreme Leader Ali Khamenei complained about the organization of the internet in a video conference with the government cabinet,
Danish spy agency shared information with U.S. intelligence: DR broadcaster (Reuters) Denmark's foreign intelligence unit has shared raw data from information cables with the U.S. National Security Agency, which could have given the NSA access to Danish citizens' personal data and private communications, according to state broadcaster DR.
TikTok Talks Could Face Hurdle as China Tightens Tech Export Rules (Wall Street Journal) China announced new restrictions on artificial-intelligence technology exports that could further complicate the sale of TikTok’s U.S. operations, while intensifying the tech battle between the world’s two largest economies.
France won’t ban Huawei but favors European 5G systems (KHON2) French President Emmanuel Macron says France is not excluding Chinese telecom giant Huawei from its upcoming 5G telecommunication networks but favors European providers for security re…
China's new AI export curbs threaten TikTok's US sale (Nikkei Asian Review) Popular video app's powerful algorithm likely to face 'dual-use' restrictions
China threatens to thwart TikTok sale as it tightens export restrictions (The Telegraph) Rules updated for the first time since 2008 cover artificial intelligence technologies as ByteDance prepares to sell app
U.S. Further Tightens Huawei Blacklist, Putting a “Blanket Ban” on the Company (Lawfare) Tik Tok sues the U.S. government, the U.S. tightens the Huawei semi-conductor blacklist and other news.
Taming a Hydra: TikTok, China, and Trump (The Bull & Bear) Recently, President Trump, on advice from the Committee on Foreign Investment in the United States (CFIUS), has forced ByteDance—the Chinese...
Proposed rules to protect bulk power grid from foreign targeting raise concerns (TheHill) Energy industry owners and operators are growing increasingly nervous about new rules proposed by the Trump administration in an
Why the CyberLEAP act must pass (VentureBeat) Government employees need training on cybersecurity to ensure our elections, our financial institutions, and even our search for a vaccine are secure.
Rep. Green introduces bill to strengthen CISA (Homeland Preparedness News) U.S. Rep. Mark Green (R-TN) introduced legislation to strengthen the ability of the Cybersecurity and Infrastructure Security Agency (CISA) to address cyberthreats on Federal government systems. The bill, called the Protecting Federal Networks Act, gives CISA the authority to address …
Top intelligence office informs congressional committees it'll no longer brief on election security (CNN) The Office of the Director of National Intelligence has informed the House and Senate Select Committees on Intelligence that it'll no longer be briefing on election security issues, according to letters obtained by CNN. Instead, ODNI will primarily provide written updates to the congressional panels, a senior administration official said.
Citing concern over leaks, intel community will cease in-person election security briefings to Congress (ABC News) The intelligence community informed lawmakers that it would cease in-person election security briefings, citing concern over information leaks.
Shift on Election Briefings Could Create an Information Gap for Voters (New York Times) The elimination of in-person election security briefings to Congress could leave the public with a diminished understanding of the threats facing the election as it enters a critical phase.
Democrat asks intel agencies if they're surveilling members of Congress (TheHill) Rep. Anna Eshoo (D-Calif.), a senior member of the House Energy and Commerce Committee, asked two intelligence agencies on Friday if surveillance has been conducted on members of Congress in the last decade.
Litigation, Investigation, and Law Enforcement
U.S. Cyber Command helps prosecutors seize stolen cryptocurrency traced to illicit N. Korea nuclear weapons program (Washington Post) U.S. prosecutors on Thursday moved to seize cryptocurrency accounts allegedly used to launder an estimated $29 million stolen in cyberattacks aiding North Korea’s nuclear missile and weapons development programs.
FBI Thwarts Cyber Attack on Tesla Factory (Insurance Journal) Elon Musk said on Thursday that Tesla Inc.'s factory in Nevada was a target of a "serious" cybersecurity attack, confirming a media report that claimed an
How One Employee Saved Tesla From Russian Spy Hack (CarBuzz) With more cars using technology connecting to the internet, there have been concerns about the risk of pote...
Tesla Shareholder Demands More Cybersecurity Info After Insider Attack Thwarted (EIN News) Cybersecurity Expert and Tesla Shareholder Says Musk Owes Shareholders More Info about Tesla's Cybersecurity Program after Recent Attack
Spooks called in as cyberattacks again halt NZ stock exchange (Techxplore) New Zealand's spy agency has been brought in to help fight back against cyberattacks that crippled the country's stock exchange for a fourth straight day on Friday.
Govt spy agency has 'no clues' on source of cyberattacks on NZX (Stuff) DDOS attacks happen but don't pay ransoms, GCSB Minister Andrew Little advises.
Snowden Point-Counterpoint: Yes, Trump should pardon Edward Snowden (Oklahoman.com) Former President Obama should have pardoned Edward Snowden. Now, it is up to President Trump to do what’s just.
Opinion: Pardon Edward Snowden? – Point/Counterpoint (Prescott News) Is Edward Snowden a hero for his whistle blowing on the NSA or a criminal for the way he went about it?
After 7 Years on the Run, a Muslim Brotherhood Leader Is Caught (New York Times) Egypt said that a raid in Cairo had netted the outlawed movement’s acting leader, Mahmoud Ezzat, who was thought to have fled abroad.
Zuckerberg says Facebook erred in not removing militia post (Seeking Alpha) “It was largely an operational mistake,” Zuckerberg said on not removing a militia group's page earlier this week that called for armed civilians to enter Kenosha, Wisconsin, amid violent protests after police shot Jacob Blake.
FBI investigates breach of server used by SD dispatchers to identify COVID-19 patients (EMS1) Officials say the breach may have leaked the names and addresses of those who tested positive for the virus
Alleged hacker put in detention over illegal access to private information, extortion (RAPSI) Russian Legal Information Agency (RAPSI).
New York Department of Financial Services Launches Enforcement of Cybersecurity Rules (cyber/data/privacy insights) The New York Department of Financial Services recently initiated its first action to enforce the department’s cybersecurity regulation. The regulation has been in effect since March 1, 2017 and app…