Cyber Attacks, Threats, and Vulnerabilities
Exclusive: Hackers acting in Turkey's interests believed to be behind recent cyberattacks - sources (Reuters) Sweeping cyberattacks targeting governments and other organizations in Europe an...
This site pays Americans to write 'news' articles. Signs indicate it originates in Iran (CNN) American Herald Tribune bills itself as a "genuinely independent online media outlet." Set up in 2015, it publishes in English and pays Americans to write articles. But multiple investigations by American tech companies, details of which have not previously been reported, point to the site originating in Iran.
Saudi Twitter accounts urge Amazon boycott after Jeff Bezos hack – but are they real? (The Telegraph) Calls to boycott Amazon were trending on Saudi social media on Thursday amid suspicions that Mohammed bin Salman’s allies had activated their cyber army to react furiously to allegations he was personally involved in hacking the phone of Jeff Bezos.
8,500 Tweets And Counting—Saudi Trolls Demand Amazon Boycott After Bezos Hack (Forbes) A Saudi troll army goes on the offensive over claims that Amazon founder Jeff Bezos’ iPhone was hacked after receiving a WhatsApp text from Saudi Crown Prince Mohammad bin Salman.
Critical Vulnerability in Citrix Application Delivery Controller, Gateway, and SD-WAN WANOP (CISA) Note: As of January 24, 2020, Citrix has released all expected updates in response to CVE-2019-19781.[1]
Watch out for Shlayer malware targeting Mac devices (HackRead) Generally, macOS is considered one of the safest OS but cybercriminals are skilled enough to find loopholes and security lapses in macOS as well. As per the latest research report from Kaspersky Lab, the most widespread macOS threat in the year 2019 was the Shlayer malware.
Hackers target unpatched Citrix servers to deploy ransomware (ZDNet) REvil ransomware gang has been spotted abusing Citrix bug to infect victims.
StockX's $1b sneaker empire was hacked last year. Why are customers still paying for it? (Input) Some buyers continue to deal with fraudulent purchases, and the company's response (or lack thereof) is cause for concern.
Kaspersky: Fake Flash Updates Are Macs' Biggest Malware Threat (Tom's Hardware) Flash will disappear from browsers this year, but fake Flash update attacks might continue.
More than 1,100 patients affected by Beaumont Health data breach (WDIV) A data security breach at Beaumont Health is impacting more than 1,100 patients.
PayPal, American Express Phishing Kits Added to 16Shop Service (BleepingComputer) The 16Shop phishing kit distribution network has expanded its portfolio with new templates that target PayPal and American Express users.
Travelex hackers strike again, closes German automotive firm (SC Magazine) German car parts maker Gedia Automotive Group has had to shut down its IT operations following a massive cyber-attack. Poland, Hungary, Spain, China, India, USA and Mexico operations also affected
Cyber gangsters publish staff passwords following ‘Sodinokibi’ attack on car parts group Gedia (ComputerWeekly) Cyber criminals have threatened to raid the bank accounts of customers and employees of the German automotive group, Gedia, following a major cyber attack on the company’s headquarters last week. Gedia Automotive Group, based in Attendorn, has been forced to shut down its IT systems and send more than 300 employees from its head office home, following the cyber-attack on 21 January.
City announces work-arounds after cyber attack (Southeast Missourian) In light of Cape Girardeau municipal government's ongoing information systems problems, city officials announced a work-around for some city services Friday evening. A text message sent on behalf of the city said residents may pay utility bills in person at City Hall and those involved with development issues before the city may do so as well...
Greenville Water's recent phone & computer issues were result of 'international cyber-attack,' company says (FOX Carolina) A spokesperson for Greenville Water said the company was the recent target of an international cyber-attack which led to a network outage on Wednesday.
SuperCasino owns-up to 'security incident' in email to customers (Computing) Hacker was unable to access users' credit card numbers, passwords, or copies of other sensitive documents, the online gambling operator claims
Maastricht University thought to have paid up to €300,000 to cyber-hackers (DutchNews.nl) Maastricht University is thought to have paid between €200,000 and €300,000 as a ransom to cyber hackers, reports the Volkskrant. It is thought the university felt forced to make a payment because its back-up system was hijacked with Clop ransomware alongside the main system, the paper claims. Before the Christmas break, hackers broke into the computer system and only gave staff the key to get back in after being paid, according to university news website Observant. The Volkskrant now claims...
Democrats’ Iowa Caucus Voting App Stirs Security Concerns (Wall Street Journal) Democrats will record the votes from the Iowa presidential caucuses next month using a smartphone app, a procedure that has stirred security questions.
Millions of Peruvian Moviegoers at Risk for Identity Theft, Cybercrime (SafetyDetectives) The research team at SafetyDetectives, led by Anurag Sen, recently uncovered a data leak from Peruvian movie theater chain, Cineplanet. Hosted on a Microsoft Az
Willebroek commune hit by cyber-attack (The Brussels Times) The commune of Willebroek to the north of Brussels has become the latest victim of hackers, who are demanding a ransom paid in bitcoin to liberate the municipal computer system, the commune announced
Cyber attack is estimated to cost Dunwoody at least $80K (Reporter Newspapers) The Christmas Eve cyber attack that forced the shutdown of the city of Dunwoody’s computers for several days cost at least $80,000. The City Council at its Jan. 26 meeting is expected to vote…
Security Patches, Mitigations, and Software Updates
Citrix releases final patches for critical CVE-2019-19781 security flaw (Computing) Patch ASAP, urges Citrix - then scan your network for any indicator of compromise
IE and FIREFOX-Patching nightmare begins in 2020... (Menlo Security) Critical Browser Zero-Day Vulnerabilities Neutered by Menlo Security Secure Internet with an Isolation Core
Cyber Trends
Open Source Licenses in 2020: Trends and Predictions (White Source) The GPL was a trailblazer at the start of the open source revolution and is a prime example of the copyleft or viral license. This means that when users incorporate a component licensed under one of t
Expert warns of growing cybersecurity threat on farms ahead of FarmTech Conference (Edmonton Journal) One cybersecurity expert is warning producers in the agriculture industry of the growing threat of cyber crime ahead of this week’s FarmTech Conference.David Masson, director of enterprise se…
Cybersecurity Preparedness: Perception vs. Reality (Tier 1 Cyber) Working with government information, federal contractors should be setting the gold standard of cyber preparedness in our country.
Harvard Professor Clayton M. Christensen Turned His Life Into a Case Study (Wall Street Journal) Clayton M. Christensen, a Harvard professor and management guru, pioneered the study of disruptive technologies and offered his own life as a case study in finding a purpose. He died Thursday at age 67.
Clayton Christensen dies at 67 after lifetime of business, spiritual influence (Deseret News) Apple’s Steve Jobs, Amazon’s Jeff Bezos, Netflix’s Reed Hastings and Intel’s Andy Grove looked to influential management thinker
Silicon Valley mourns passing of Clayton Christensen, father of 'disruptive innovation' (Silicon Valley Business Journal) Clayton Christensen, a professor at Harvard Business School and influential author of books on innovation and disruption, died Thursday at age 67 of complications from cancer treatment.
Marketplace
Four Keys to Growing a Cybersecurity Company Through Acquisition and Beyond (CEOWORLD magazine) There’s no doubt that the cybersecurity M&A marketplace is a healthy one. In 2019, the cybersecurity market saw more than 150 deals worth more than $23 billion, according to Momentum Cyber. On top of that, private equity firms are beginning 2020 with more cash on record than ever, according to data from Preqin. If you’re …
Spyware Trade Grows Amid Claims Activists and Bezos Targeted (Bloomberg) Calls for tougher controls on industry with often fuzzy rules. Companies maintain technology used to fight crime, terrorism.
Vietnam carrier develops native 5G tech to lock out Huawei (Nikkei Asian Review) Viettel to launch China-free network in June
Jesusalem-based Vicarius gets $5 million to help companies detect cyber threats and prevent attacks (Tech.eu) Israeli startup Vicarius has raised $5 million in seed funding to grow its predictive cyberthreat technology, which helps companies proactively manage software vulnerabilities in real time. The round was led by Jerusalem Venture Partners (JVP), with innogy Innovation Hub and Goldbell. Founded in 2016, cybersecurity experts Michael Assraf, Roi Cohen, and yossi Ze’evi built Vicarius, …
Seattle-based F5 Networks closes $1 billion acquisition of California security firm (The Seattle Times) The deal beefs up the security offerings at Seattle-based F5, which helps companies manage their cloud-based applications.
CyberArk to Open a Development Center in Be’er Sheva (CTECH) The new development center, set to open in April, will first employ a team of 20 people, but the company intends to expand to 100 employees in the future
Products, Services, and Solutions
Shape Security Blog : Shape Officially Joins F5 to Defend Every App from Fraud and Abuse (Shape Security Blog) Online applications run the world today. Apps power how we interact, how we learn and grow, where our data lives, and how value gets exchanged between brands, customers and partners. In many respec…
Clinton Operative Who Backed Democrats’ Use Of Steele Dossier Is Offering Cybersecurity For POTUS Candidates (Daily Caller) Clinton's 2016 campaign manager is providing free and discounted cybersecurity services for candidates ahead of 2020 elections.
ID R&D Releases IDVoice v2.11 for High Accuracy on a Small Footprint (Globe Newswire) IDVoice v2.11 offers higher accuracy and speed, smaller footprint, and optimization capabilities to facilitate biometric authentication on a broad range of devices and channels
Rackspace and Alert Logic Enhance Cybersecurity for Small and Mid-Sized Amazon Web Services Customers (Yahoo) Rackspace has joined forces with Alert Logic to help SMB and mid-market Amazon Web Services (AWS) customers improve their security posture with an.
Security Compass Facilitates Continuous Compliance for FedRAMP (Yahoo) Security Compass has introduced feature enhancements to SD Elements that enable CSPs to set up and develop their FedRAMP initiatives.
Technologies, Techniques, and Standards
()
8 cities that have been crippled by cyberattacks — and what they did to fight them (Business Insider) Ransomware attacks have become a worryingly common threat against public systems including schools and local governments as hackers hold critical data and services hostage for massive ransoms.
U.S. Strategic Command Conducts Exercise Global Lightning (DVIDS) U.S. Strategic Command (USSTRATCOM) commenced Exercise Global Lightning 2020 today, an annual command post and battle staff exercise designed to train Department of Defense forces and assess joint operational readiness across all of USSTRATCOM's mission areas.
‘Compliant’ Doesn’t Mean Secure, Navy CIO Says (Seapower) The Department of the Navy has a security problem, and it’s embedded in the institutional culture, according to the Navy’s top informational technology executive. “We are losing the Department of Navy’s information every day. And we’re...
Design and Innovation
YouTube moderators are being forced to sign a statement acknowledging the job can give them PTSD (The Verge) Documents discovered by The Verge reveal that the company puts the onus of mental health on its employees.
Research and Development
Army Researchers Working to Protect Facial Recognition Software from Hacks (Military.com) This safeguard would let future soldiers have confidence their AI systems are properly identifying a person of interest.
Academia
Ryerson University organizations launch cybersecurity accelerator (Canadian Manufacturing) The initiative is billed as Canada's first commercial accelerator specifically designed for scale-up companies in cybersecurity and related fields.
Legislation, Policy, and Regulation
"Five Eyes" intel alliance ties up with Japan over N. Korea (Kyodo News+) The "Five Eyes" intelligence-sharing alliance of English-speaking nations has joined hands with France, Japan and South Korea in an effort to restrain North Korea's provocations, government sources say.
The Kremlin has its hands in the Internet around the world. It’s also trying to control cyberspace at home. (Washington Post) On a stretch of Norway’s Arctic border known for its views of the Northern Lights is the small town of Kirkenes. Its population is under 4,000 and the local online newspaper has a staff of just two.
Lessons Learned From 2016, but US Faces New Election Threats (New York Times) It’s been more than three years since Russia's sweeping and systematic effort to interfere in U.S. elections through disinformation on social media, stolen campaign emails and attacks on voting systems. U.S. officials have made advances in trying to prevent similar attacks from undermining the 2020 vote, but the potential threats have increased and some old problems have not been addressed. A look at what has changed since 2016 and what has not.
The Cybersecurity 202: Security hawks urge U.K. to ban Huawei ahead of final 5G decision (Washington Post) Cybersecurity hawks on both sides of the Atlantic are making last-ditch pitches for the United Kingdom to ban the controversial Chinese telecom Huawei from its next-generation 5G networks as it plans to decide as soon as this week week.
Huawei and 5G threaten America's "special relationship" with the U.K. (Axios) The decision comes after repeated private and public warnings.
UK sovereignty in jeopardy if Huawei used for 5G, US warns (the Guardian) Mike Pompeo makes last-minute plea to ministers ahead of ‘momentous’ decision
Ransomware attack on construction company raises questions about federal contracts (CBC) A construction company that’s won millions of dollars worth of contracts with the military and other federal departments has been hit by a ransomware attack, raising questions about how the federal government does business with outside firms open to cyberattacks.
India, Brazil ink pacts on animal husbandry, bio energy & cyber security (UNI) India and Brazil on Saturday inked a number of agreements and MoUs ranging from oil and natural gas to higher investment and also on animal husbandry and dairying.
New law on security of internet connected devices ‘bad news for hackers’ (SC Magazine) New IOT law to require internet-connected device passwords to be unique, IoT device manufacturers must provide a public point of contact, minimum period of security updates to be specified when sold.
Privacy watchdog throws wider net to protect children online (Naked Security) A new, comprehensive code will compel online services to put children’s health and safety before data-collecting profits.
Tech CEOs in Davos dodge issues by warning audiences about AI (South China Morning Post) The chief executives of Alphabet, Microsoft and IBM called for standardised global rules on artificial intelligence development at the annual meeting, ahead of the EU’s announcement of a plan to legislate the technology.
Powerful lawmakers join effort to kill surveillance program protected by Trump administration (POLITICO) NSA phone snooping system leaked by Snowden is on the rocks with Republicans and Democrats.
Government plans new laws to mandate minimum security standards for consumer IoT devices (Computing) Government expected to push for legal recognition of emerging TS 103 645 global IoT security standard
NSA chief information officer role remains ‘ambiguous’ (FedScoop) The National Security Agency still hasn’t clearly defined its chief information officer’s authorities and responsibilities, according to an Office of the Inspector General report released Thursday. While the OIG decided the issue didn’t warrant immediate reporting to the NSA director and Congress, the office did include an audit of CIO authorities in a list of significant …
New York wants to ban taxpayer-funded ransomware payments (Naked Security) One of the proposed bills would set up a $5m fund to help small towns upgrade their systems and bolster their security.
Nassau Republican legislators call for a probe in cyber security controls (Newsday) Nassau County Legis. Steve Rhoads spoke Friday at a news conference about the county calling for a probe into cybersecurity controls after the county temporarily lost $710,000 to online ...
Litigation, Investigation, and Law Enforcement
Israel court verdict could shed light on those who used Pegasus spyware (The Sunday Guardian Live) The proceedings at a district court in Tel Aviv, Israel, headed by Judge Rachel Barkai are being keenly watched by individuals part of the policy apparatus in India, as the court will decide whether the export licence given to the NSO Group, which developed the Pegasus spyware, should be revoked or not.
Bezos Hack Report Puzzles Cyberexperts (Wall Street Journal) A report concluding Saudi Arabia likely hacked into Jeff Bezos’ phone has spurred questions among cybersecurity experts, who say the audit left several major technical questions unexplained and in need of more examination.
The question isn’t whether NSO hacked Jeff Bezos’ phone – but whether it was even hacked at all (Haaretz) ‘There is zero information and 100 percent speculation. We don’t know if it was infected at all, it’s simply suspicions ... or Bezos’ paranoia and fear,’ says Israeli security expert.
Questions Linger Over Investigation Into Jeff Bezos' Hacking (SecurityWeek) Cybersecurity experts said there are many questions still unanswered from an investigation commissioned by Bezos that said the billionaire's phone was hacked.
The Bezos Hack and the Dangers of Spyware in the Hands of Autocrats (World Politics Review) The stunning allegation that Saudi Crown Prince Mohammed bin Salman hacked the phone of Amazon’s Jeff Bezos may come as a shock to some. But for most people tracking the rise of Saudi Arabia's de facto ruler, it's business as usual—and another sign of how autocrats are using spyware against their critics.
Wyden calls on NSA to examine White House cybersecurity following Bezos hack (TheHill) Sen. Ron Wyden (D-Ore.) on Friday pressured the National Security Agency (NSA) on efforts to secure personal devices of government employees from foreign hackers and surveillance following news that Amazon CEO Jeff Bezos's phone was allegedly hacked by Saudi officials.
INTERPOL supports arrest of cybercriminals targeting online shopping websites (Interpol) Malware stealing payment card details identified with support of private partner
Operation Night Fury: Group-IB helps take down a cybergang behind the infection of hundreds of websites all over the world (Group-IB) Operators of the JavaScript-sniffer family, dubbed «GetBilling» by Group-IB, were arrested in Indonesia. The arrest came as a result of a joint operation «Night Fury» initiated by INTERPOL’s ASEAN Cyber Capability Desk (ASEAN Desk) that involved Indonesian Cyber Police (BARESKRIM POLRI (Dittipidsiber)) and Group-IB’s APAC Cyber Investigations Team. The operation is still ongoing in other five ASEAN countries with which the intelligence was also shared.
Failure To Apply Recent Microsoft Patch May Create Legal Liabilities (Mondaq) On Tuesday, January 14, Microsoft released a patch to close an important vulnerability related to security certificate functions in Windows 10, Windows Server 2016,
WSJ News Exclusive | State Attorneys General to Meet With Justice Officials to Coordinate on Google Probe (Wall Street Journal) State attorneys general will meet with U.S. Justice Department attorneys next week to share information on their respective probes of Alphabet’s Google unit, a step that could eventually lead to both groups joining forces
Don't Break Up Big Tech (Wired) It won't protect small businesses, it won't preserve our data privacy, and it won't help promote democracy.
()
IP330 - ICA starts non-compliance proceedings against FB (Autorita' Garante della Concorrenza e del Mercato) On 21st January 2020, ICA started non-compliance proceedings against FB, for failure to comply with ICA’s decision of 29th November 2018.
Justice Department Believes It Should Have Ended Surveillance of Trump Adviser Earlier (Wall Street Journal) The Justice Department now believes it should have discontinued its secret surveillance of one-time Trump campaign adviser Carter Page far earlier than it did, according to a new court filing unsealed.
GOP senator says idea that Ukraine interfered in US election is 'not a conspiracy theory' (TheHill) Sen. Tom Cotton (R-Ark.) on Sunday insisted claims of Ukrainian interference in the 2016 election were “not a conspiracy theory” and accused those using the characterization of pushing a “Democratic talking point.”
Cyber attack blamed for sentencing delay (BBC News) South Yorkshire Police was criticised after a teenager had to wait 22-months to be sentenced.
Is Your Competitor Objectionable? The Scope Of Immunity Under The Communications Decency Act (JD Supra) In February 1996, faced with increasing public concern about the availability of pornography on the internet, as well as recent court decisions that...
Evidence mounts of irregularities in UK court procedures in Assange extradition case (The Canary) UK hearings turn extradition into farce