Cyber Attacks, Threats, and Vulnerabilities
Ransomware Linked to Iran, Targets Industrial Controls (Bloomberg) An Israeli cybersecurity firm said it believes a new strain of ransomware was created by Iran and has the ability to lock up or even delete industrial control systems.
Al-Qaeda Says Surprise Al Shabaab Attack That Killed 3 Americans Is ‘Brilliant’ Example for Jihadists (Homeland Security Today) Al Shabaab said in a video released after the Kenya airbase attack that the assault was “carried out under the guidance and direction of the leadership of al-Qaeda.
Someone Tried to Hack My Phone. Technology Researchers Accused Saudi Arabia. (New York Times) From a suspicious text message I received, technology researchers concluded that hackers working for Saudi Arabia had targeted my phone with powerful Israeli software.
A New York Times journalist was targeted by spyware linked to Saudi Arabia, according to report (Washington Post) The analysis by Citizen Lab follows a U.N. investigation implicating the Saudi crown prince in the hack of Jeff Bezos’s phone.
Cyberattacks targeted world leaders’ planes as they flew into Israel last week (Times of Israel) At least 800 attacks, including from Iran and Poland, were beaten back by Israel's newly upgraded air traffic cyber defenses, officials say
Ragnarok Ransomware Targets Citrix ADC, Disables Windows Defender (BleepingComputer) A new ransomware called Ragnarok has been detected being used in targeted attacks against unpatched Citrix ADC servers vulnerable to the CVE-2019-19781 exploit.
LoRaWAN Networks Susceptible to Hacking: Common Cyber Security Problems, How to Detect and Prevent Them (IOActive) LoRaWAN is fast becoming the most popular wireless, low-power WAN protocol. It is used around the world for smart cities, industrial IoT, smart homes, etc., with millions of devices already connected.
LabCorp security lapse exposed thousands of medical files (TechCrunch) Exclusive: The documents largely appeared to affect cancer patients under the laboratory's speciality testing unit.
A ‘moral’ payments processor spilled 6 million payments (TechCrunch) Exclusive: The database was left online without a password.
Fake police site phishing for confidential information claims victim's Web browser 'blocked' (The Straits Times) The Singapore Police Force have warned the public of a fake police website that tries to trick people into giving up confidential information, the latest version of similar scams that have cropped up in recent years.
Wawa Investigates Reports of Attempts to Sell Customer Info During Data Breach (NBC10 Philadelphia) Wawa announced Tuesday that there were reports of criminal attempts to sell customer information during last month’s data breach.
Wawa Breach May Have Compromised More Than 30 Million Payment Cards (KrebsOnSecurity) In late December 2019, fuel and convenience store chain Wawa Inc. said a nine-month-long breach of its payment card processing systems may have led to the theft of card data from customers who visited any of its 850 locations nationwide.
Travelex claims it has brought money transfer and wire services back - but website remains down (Computing) Travelex website remains down almost a month after New Year's Eve ransomware attack
Suplizio: DuBois City Was Victim of Cyber-Attack (Gant Daily) DuBois City’s computer system was attacked by cyber criminals on Friday, Jan. 24, reported City Manager John “Herm” Suplizio at Monday night’s council meeting.
Fans of Kobe Bryant are buying keepsakes in the wake of his death, prompting scammers to swindle them (Washington Post) The sudden death of Kobe Bryant has many fans rushing to buy clothing and memorabilia that commemorate the life of the five-time NBA champion.
The cyber criminals selling network access to the highest bidder (Teiss) Levi Gundert, SVP of Global Intelligence at Recorded Future , discusses the selling of pay-per-install services on the dark web, including the increase of selling unauthorised access services.
Revive of Crimson RAT (Dinesh's Perspective) Crimson RAT was previously used by Pakistani Threat Actors Transparent Tribe Crowdstrike has been tracking the Threat Actor by name MYTHIC LEOPARD since 2016. According to the blog, …
Security Patches, Mitigations, and Software Updates
Cisco patches bugs in security admin center and Webex (Naked Security) Cisco has patched bugs in Webex and in Firepower Management Centre, the device that controls its security products.
Facebook will now show you exactly how it stalks you — even when you’re not using Facebook (Washington Post) The new ‘Off-Facebook Activity’ tool reminds us we’re living in a reality TV program where the cameras are always on. Here are the privacy settings to change right now.
Cyber Trends
State of Cybersecurity at Top 100 Global Airports (Immuniweb) 97 out of 100 of the world's largest airports have security risks related to vulnerable web and mobile applications, misconfigured public cloud, Dark Web exposure or code repositories leaks.
UK CEOs deleting social media apps to prevent hacking attempts (SC Magazine) CEOs are increasingly concerned about sophisticated cyber attacks on their own companies with four-in-five executives fearing cyber-attacks on their own company modifying their own online behaviour.
Marketplace
What is Cyber Insurance and why it is the need of the hour (Moneycontrol) While global markets are all gearing to face the cyber challenge, Indian base for cyber insurance is around Rs 500-700 crore.
Persona raises $17.5M for an identify verification platform that goes beyond user IDs and passwords (TechCrunch) The proliferation of data breaches based on leaked passwords, and the rising tide of regulation that puts a hard stop on just how much user information can be collected, stored and used by companies have laid bare the holes in simple password and memorable-information-based verification systems. To…
Securiti.ai scores $50M Series B to modernize data governance (TechCrunch) Securiti.ai, a San Jose startup, is working to bring a modern twist to data governance and security. Today the company announced a $50 million Series B led by General Catalyst, with participation from Mayfield. The company, which only launched in 2019, reports it has already raised $81 million. Wha…
AppOmni Raises $10 Million in Series A Funding Led by ClearSky (Yahoo) AppOmni announces $10 million Series A funding round
Google paid $6.5m in bug bounties in 2019 (Computing) Google paid one security researcher $201,337 in the biggest single bug bounty reward in 2019
Tenable founders Ron and Cyndi Gula launching new pitch competition (Baltimore Business Journal) The new competition will offer a grand prize of a $150,000 investment to a promising, growing cyber startup.
STEALTHbits Enters 2020 With an Expanded Sales Team and Aggressive Growth Plans (STEALTHbits) STEALTHbits Technologies, Inc., a cybersecurity software company focused on protecting an organization’s sensitive data and the credentials attackers use to steal that data, has finished 2019 strong and is positioned for continued growth in 2020 due to the build ou...
Netsurion Announces Significant Channel Partner Expansion (Globe Newswire) Netsurion, a leading provider of managed network connectivity, security and compliance solutions in the SMB cybersecurity market announced rapid growth in its base of partners, with plans to continue emphasis of enabling partners to sell cybersecurity solutions in 2020.
Facebook's First Human Rights Chief Confronts Its Past Sins (Yahoo) In July, Facebook Inc. quietly hired Miranda Sissons, a 49-year old human rights activist whose previous work has included stints at the Australian diplomatic service and the International Center for Transitional Justice. The hiring, which was never formally announced, is part of a broader
Jay Parikh (Facebook) I have some bittersweet news to share. It’s time for me to step out of Facebook to explore what’s next. The past 10 years has undoubtedly redefined my expectations on what it means to scale and...
SentinelOne snags Palo Alto VP to lead European growth (CRN) Cybersecurity vendor claims to have tripled its EMEA business over the last six months
ForgeRock appoints David Hope as SVP of Asia-Pacific and Japan (Globe Newswire) Executive with 20+ years of enterprise IT leadership experience joins to accelerate regional growth
Products, Services, and Solutions
Blue Ridge Networks Announces Next Generation of LinkGuard: Highly Scalable, Faster Performance, Automated Provisioning (PR Newswire) Blue Ridge Networks today launched the next generation of LinkGuard, the preventative cybersecurity solution that seamlessly conceals and...
Data Privacy Day: Protect Your People (Tessian) Businesses need to consider whether their company's most sensative data is properly protected from incidents of human error and Data Privacy Day (28 January) acts as a timely reminder to do this.
Cequence Security Launches CQ botDefense SaaS (BusinessWire) Cequence CQ botDefense now available on AWS Marketplace; PCI-compliant SaaS option protects public-facing applications from automated bot attacks
Meraki’s Air Marshal Gets Help from a New WIPS Sheriff (Secplicity - Security Simplified) Wi-Fi hacking is a hot topic, but one that’s plagued by ambiguous and often contradictory technical terminology. Luckily, the lack of common definitions for Wi-Fi threat vectors has actually produced a solution to the problem: the Trusted Wireless Environment. The Trusted Wireless Environment framework succinctly defines the six Layer 2 Wi-Fi hacks that affect nearly …
Tripwire and Eaton Technology Partnerships Strengthens Cybersecurity Compliance for US Utilities (Tripwire) Integrating Tripwire Enterprise for Industrial Devices and Eaton’s IED Manager Suite strengthens security for energy utilities
Use These Antivirus and Anti-Malware Apps Instead of Avast (Lifehacker) If something is free—especially if it’s a complicated something, or something you’d probably have to pay for otherwise—the familiar saying is often true: You’re the product. It’s one of the reasons you’re always being advertised to across the web. Search engines, email services, messaging platforms, or other apps and services you fancy cost money, and companies have to recoup that somehow (and profit).
Technologies, Techniques, and Standards
Analysis | The Cybersecurity 202: DNC heads to Iowa to help protect caucuses from digital attacks and disinformation (Washington Post) It will be the biggest security challenge since 2016.
5 ways to be a bit safer this Data Privacy Day (Naked Security) Here are 5 things you can start doing today for your own and for everyone else’s online good!
Data Privacy Day: Gaining and maintaining trust is key for data defenders (SC Magazine) Building & ensuring trust are recurrent themes from our commentators, which also include education, awareness, going beyond compliance, implementing best practice, & a host of other concerns.
How Do I Love Thee, Data Privacy? Let Me Count The Ways (Forbes) A roundup of Data Privacy Day insight and recommendations from cybersecurity professionals and executives who work to protect data every day of the year.
Journey to the centre of IT - What Jules Verne can teach security teams today (Computing) Getting a central view of everything you have, even when it is distributed, will help navigate threats and risks
What 'Have I been Pwned?' taught DHS’s internal cyber chief about passwords - CyberScoop (CyberScoop) A website that informs users if their email address has been swept up in a data breach isn’t just popular with vigilant business owners or private security sleuths. The man charged with protecting the Department of Homeland Security’s systems from hackers also maintains an account on the “Have I been Pwned?” website, and it regularly reminds him of the risks passwords pose.
Design and Innovation
RiskSense working on AI to predict if vulnerabilities will turn into ransomware (ZDNet) RiskSense, a firm long at the forefront of warning about new threats, unveiled a dashboard on Tuesday to tell CSOs their level of risk of exploit from vulnerabilities. Next stop, says CEO Srinivas Mukkamala, are machine learning analyses that may be able to accurately predict when an exploit will be developed for any given vulnerability.
Research and Development
Ben-Gurion University Researchers Introduce the First All-Optical, Stealth Data Encryption Technology (PR Newswire) BGN Technologies, the technology transfer company of Ben-Gurion University (BGU) of the Negev, Israel, introduced the first all-optical...
Academia
Regis University Hosts Cyber Summit After Ransomware Attack (CBS Denver) Denver's Regis University acknowledges it paid a ransom to get its computer system back up and running.
Legislation, Policy, and Regulation
EU follows UK approach to limiting but allowing Huawei involvement in 5G development (SC Magazine) EU announces guidelines that its 2 member countries can restrict or ban high-risk 5G vendors from core parts of their telecoms networks, and are advised to use multiple suppliers, following UK lead.
UK Press on with 5G & Huawei, But Place a Cap on Traffic, Equipment (E&E Times) The long-awaited UK government decision paves way for Huawei equipment in the country’s 5G networks. It limits it to non-critical parts of the network, while limiting how much equipment can be used.
Britain, resisting U.S. pressure, to allow some Huawei equipment in 5G networks (Washington Post) The British government announced Tuesday that it plans to allow the Chinese telecom giant Huawei to build "non-core" infrastructure for the country's coming super-fast 5G network, although the company may be designated a "high-risk vendor" with a capped market share.
Huawei granted 'limited' role in UK 5G and fibre network roll-outs (Computing) Government decides to allow Huawei to supply non-core 5G equipment
Analysis | Boris Johnson Chooses Huawei Expediency (Washington Post) Prime Minister Boris Johnson seems to have weighed speed and cost in his decision to let ‘high-risk vendors’ maintain a foot in the 5G market.
()
U.S. to keep pressing U.K. to drive Huawei from networks, official says (POLITICO) British Prime Minister Boris Johnson chose the middle ground between entirely embracing or banning Huawei.
Why Britain’s Huawei decision frustrated lawmakers (Fifth Domain) The decision by United Kingdom officials to allow Chinese telecom company Huawei to build parts of the country’s 5G network was met with ire from members of Congress Jan. 28.
Lawmakers warn US, UK intel sharing at risk after Huawei decision (TheHill) Lawmakers on Tuesday blasted the British government's decision to allow controversial Chinese telecom firm Huawei to help build its 5G networks, warning that the decision could threaten the long-standing intelligence sharing agreement between the
How will US react as UK allows Huawei to help build UK 5G - with restrictions? (SC Magazine) The government today confirmed that it will allow Chinese manufacturer Huawei to help build the country’s 5G network - with restrictions - in defiance of US objections,
Why the U.S. objects to Huawei's involvement in building 5G networks (PBS NewsHour) The United Kingdom says it will allow Chinese telecommunications firm Huawei to build part of its new 5G cellular network. The U.S. government had warned against the move, arguing Huawei poses a national security threat, but British officials said the company’s role will be limited to lower-risk parts of the process. William Brangham talks to Wired Magazine’s Garrett Graff about the details.
()
()
Is it time for a national Digital Bill of Rights? (FCW) A Commission on Privacy and Data should be created to develop legislation, taking the EU's General Data Protection Regulation and the California Consumer Privacy Act as a starting point to extend protections to individuals regarding data and privacy.
Bernie Sanders Thinks Companies That Sell Your Browser History Are ‘Trampling Over the Rights of Consumers’ (Vice) "No reasonable person would expect antivirus software to be selling off their private browsing data to the highest bidder."
New cybersecurity standards for contractors could be finalized this week (Fifth Domain) CMMC is set to be finalized Friday, Jan. 31.
Litigation, Investigation, and Law Enforcement
There's no evidence the Saudis hacked Jeff Bezos's iPhone (Errata Security) There's no evidence the Saudis hacked Jeff Bezos's iPhone. This is the conclusion of the all the independent experts who have reviewed the...
Bitcoin Has Lost Steam. But Criminals Still Love It. (New York Times) The police hoped that taking down online black markets would chase away criminals. But the amount of Bitcoin spent on illegal purposes has reached a new high.
Facial recognition firm sued for scraping 3 billion faceprints (Naked Security) A potential class action says Clearview AI is breaking biometrics privacy law by ransacking social media so police can match photos with IDs.
Russian Cybercrime Boss Burkov Pleads Guilty (KrebsOnSecurity) Aleksei Burkov, an ultra-connected Russian hacker once described as “an asset of supreme importance” to Moscow, has pleaded guilty in a U.S. court to running a site that sold stolen payment card data and to administering a highly secretive crime forum that counted among its members some of the most elite Russian cybercrooks.
Qualcomm Antitrust Case Raises Far-Reaching National Security Concerns (Forbes) If the antitrust standard set by the district court is upheld, U.S. security could be undermined.
()