Cyber Attacks, Threats, and Vulnerabilities
The intelligence community’s questions on supply chain security (Fifth Domain) Here's what the Office of the Director of National Intelligence general counsel said the IC is wrestling with.
Charming Kitten Uses Fake Interview Requests to Target Public Figures (Threatpost) APT group poses as a former Wall Street Journal journalist to launch phishing campaigns and steal victim email account details.
Fake Interview: The New Activity of Charming Kitten (Certfa) Certfa Lab has identified a new series of phishing attacks from the Charming Kitten, the Iranian hacking group who has a close relationship with Iran’s state and Intelligence services. According to our investigation, these new attacks have targeted journalists, political and human rights activists. These phishing attacks are in line with the previous activities of the group that companies like ClearSky and Microsoft have reported in detail in September and October 2019.
Why the Iranian cyberthreat has become ‘more dynamic’ (Fifth Domain) Following the death of a top Iranian general, one top U.S. official noted the growing forces that could exploit the rift between the United States and Iran.
Russia Unleashes New Weapons In Its ‘Cyber Attack Testing Ground’: Report (Forbes) A new report exposes escalating Russian cyber attacks on Ukraine—but this is really about targets much further west.
Pro-Russian CyberSpy Gamaredon Intensifies Ukrainian Security Targeting (SentinelLabs) Read how the Gamaredon group wages a silent cyber war against the Ukraine even when all other domains are denied by the strategic or political framework.
FBI director warns of ongoing Russian ‘information warfare’ (Fifth Domain) The FBI and Department of Homeland Security Department are on alert for possible election-related instructions like those that occurred in 2016.
The Cybersecurity 202: Here’s why NSA rushed to expose a dangerous computer bug (Washington Post) The National Security Agency is known for keeping secrets. But a bug it recently discovered in Microsoft's operating system was so potentially catastrophic that it fast-tracked a lengthy decision-making process to alert the company and the public as quickly as possible.
Iowa Democratic Party releases 85% of caucus results but an error forces correction (Des Moines Register) "There will be a minor correction to the last batch of results and we will be pushing an update momentarily," the Iowa Democratic Party said in a tweet.
An ‘Off-the-Shelf, Skeleton Project’: Experts Analyze the App That Broke Iowa (Vice) Multiple experts analyzed Shadow Inc.’s Iowa caucus app. They found all kinds of problems.
Theresa Payton Wonders Why the Iowa Democratic Party Declined Testing the App by Homeland Security (News 1110am 99.3fm WBT) The Iowa Caucus chaos may have been prevented, had the app been tested properly.
Report: Iowa Caucus App Vulnerable to Hacking (BankInfo Security) A review of the mobile app that malfunctioned during Iowa’s critical tally of the Democratic Party’s caucus has uncovered a security vulnerability, ProPublica
The Iowa Caucuses App Had Another Problem: It Could Have Been Hacked (ProPublica) While there is no evidence hackers intercepted or tampered with the results, a security firm consulted by ProPublica found that the app lacks key safeguards.
‘We Feel Really Terrible,’ Says CEO Whose App Roiled Iowa Caucus (Bloomberg) The chief executive of the technology company whose app threw the Iowa caucuses into disarray Monday night defended his company but apologized for a technological glitch that angered candidates, left voters baffled and upended the opening act of the 2020 Democratic presidential primary.
Iowa Election Snafu: What Happens When IT And Cybersecurity Best Practices Are Ignored (Forbes) The failure of a mobile app that disrupted the Iowa Democratic caucuses was really management's failure to ensure that the app adhered to IT and cybersecurity best practices and standards.
Emotet attacks— a spike to start the year... (Menlo Security) The Emotet malware has built a formidable infrastructure over time and can be destructive to an organization if not mitigated in a timely manner. isolation- or- block approach ensures that all web content is considered risky and is prevented from accessing users’ devices.
New Real Estate Research: Attackers Target the Full Transaction Chain (Proofpoint US) To uncover the top cyberattack trends—and detail necessary safety tips—we examined more than 600 U.S. real estate transaction attack attempts and here’s what we uncovered.
Cybereason Uncovers Malware Distributed via Bitbucket Repositories (Security Boulevard) Cybereason discovered a malware campaign that has been leveraging Bitbucket repositories from Atlassian to launch cyberattacks.
Cybercriminals abuse Bitbucket to infect users with potpourri of malware (SC Media) Cybercriminals have been abusing Bitbucket to store a wide range of malware, in a plot to infect users who download cracked versions of commercial software.
The Hole in the Bucket: Attackers Abuse Bitbucket to Deliver an Arsenal of Malware (Cybereason) Cybereason is following an active campaign to deliver multiple different types of malware to victims all over the world. This attack is able to steal data, mine for cryptocurrency, and in specific cases deliver ransomware.
This crafty malware makes you retype your passwords so it can steal them (ZDNet) Metamorfo banking trojan has expanded its campaign to target online users' banking services.
Cisco Flaws Put Millions of Workplace Devices at Risk (Wired) Five vulnerabilities in Cisco Discovery Protocol make it possible for a hacker to take over desk phones, routers, and more.
New Ransomware Strain Halts Toll Group Deliveries (BleepingComputer) Australian transportation and logistics company Toll Group confirmed today that systems across multiple sites and business units were encrypted by a new variant of the Mailto ransomware.
ACSC gets to grips with Mailto threat after Toll Group infection (iTnews) Releases hash of ransomware "from this incident".
New ransomware with '.SaveTheQueen' extension discovered by Varonis (Information Age) Varonis has uncovered a new strand of ransomware that encrypts files and adds the extension '.SaveTheQueen' to it
Sodinokibi Ransomware Active Among Cybercriminals (CISO MAG | Cyber Security Magazine) A new ransomware infection, dubbed Sodinokibi, is popular among cybercriminals and is attacking dozens of high-profile victims.
Data leaks and hacking reports rise, Maastricht Uni comes clean on ransomware (DutchNews.nl) The Dutch data protection authority AP received more than 27,000 reports of data leaks last year, most of which came from the financial sector, the agency said on Thursday. In total, the number of leaks rose 29% on 2018, while attacks on companies and individuals involving hacking, phishing and ransomware rose 25%, the agency said. The AP suspects the true number of data leaks may be higher because not all companies and leaks report leaks, even though they are required...
The time I sabotaged my editor with ransomware from the dark web. (Bloomberg) As you may be aware, there’s money to be made on the internet. The question, of course, is how. Not everyone has the reality-distortion skills to start their own tech unicorn, or the Stanford connections to become an early employee there, or the indifference to sunlight necessary to become a world-class Fortnite gamer.
Greenville Water cyber attack caused by employee clicking phishing email (WSPA 7News) Greenville Water officials say that a cyber attack happened after an employee clicked on a phishing email. We previously reported that the company was the target of …
Houston orthopedic practice reports malware attack: 5 details (Becker's Spine Review) Patient records of K. Mathew Warnock, MD, of Fondren Orthopedic Group, were damaged in a November malware attack.
The Dark Side of Smart Lighting: Check Point Research Shows How Business and Home Networks Can Be Hacked from a Lightbulb | MarketScreener (MarketScreener) Check Point Research, the Threat Intelligence arm of Check Point® Software Technologies Ltd. , a leading provider of cyber security solutions globally, has today revealed... | February 5, 2020
Academics steal data from air-gapped systems using screen brightness variations (ZDNet) Israeli researchers use quick flickers in LCD screen brightness to encode and exfiltrate data.
LCD pwn System: How to modulate screen brightness to covertly transmit data from an air-gapped computer... slowly (Register) To be honest, it was the impracticality and inefficiency that first attracted us to this otherwise cunning exfiltration
Coronavirus “safety measures” email is a phishing scam (Naked Security) Sadly, cybercrooks love a crisis, because it gives them a believable reason to contact you with a phishing scam. Take care out there!
PayPal SMS scams – don’t fall for them! (Naked Security) Text messages may be old hat – but SMS is still a handy tool for crooks out to find more about you.
Microsoft says it detects 77,000 active web shells on a daily basis (ZDNet) Microsoft detects and tracks a daily average of around 77,000 active web shells, spread across 46,000 infected servers.
What is Malware Obfuscation? (Infosec Resources) IT Security Training & Resources by Infosec
Security Patches, Mitigations, and Software Updates
Cisco Patches Critical CDP Flaws Affecting Millions of Devices (BleepingComputer) Five critical vulnerabilities found in various implementations of the Cisco Discovery Protocol (CDP) could allow attackers on the local network to take over tens of millions of enterprise devices as discovered by IoT security company Armis.
Critical Android flaws patched in February bulletin (Naked Security) Google has patched Android bugs that include a couple of critical flaws that could let hackers run their own code on the mobile operating system.
Facebook will let parents see kids’ chat history, peer into inbox (Naked Security) It’s revamping Messenger Kids with new parental controls and updated information on its children’s data policy.
Cyberattackers decreased their activity at the end of 2019, but only to change tactics (Help Net Security) Malicious cyber-activity was down partly as a result of hectic holiday schedules with fewer employees around to interact with malicious activity.
Global Security Report: End of Year 2019 (AppRiver) In 2019, Attackers continued to embrace malware distribution via URL While the distribution of banking trojans remained popular in 2019, we also saw a notable spike in ransomware as a secondary stage of infection. Attackers continued to evolve and improve their distribution methods and have begun widely embracing Living of the Land techniques to lend validity to their malicious campaigns.
Global DDoS Threat Landscape (Imperva Resource Library) While 2019 saw the largest network and application layer attacks ever recorded, attacks were overall smaller, shorter, and more persistent. In this report, security experts from Imperva Research Labs analyze DDoS attack sizes, duration, persistence, and more.
2019 Global DDoS Threat Landscape Report (Imperva) Today Imperva Research Labs, made up of senior researchers and industry experts who have been delivering sound and valid advice for over 15 years, is releasing a brand new Global DDoS Threat Landscape Report. The report is a statistical analysis of 3,643 network layer DDoS attacks throughout 2019 and 42,390 application layer DDoS attacks mitigated …
Palo Alto Networks Report Finds Poor Security Hygiene Leads to Escalating Cloud Vulnerabilities (PR Newswire) Palo Alto Networks (NYSE: PANW), the global cybersecurity leader, today released research showing how vulnerabilities in the development of...
Ransomware Attack on Hospital Shows New Risk for Muni-Bond Issuers (Yahoo) (Bloomberg) -- Hackers have finally done what bond issuers may have feared most from cyber criminals.A ransomware attack on Pleasant Valley Hospital in West Virginia was partly responsible for the hospital’s breach of its covenant agreement, according to a notice to the hospital’s bondholders from the
How ransomware insurance that protects companies and communities can also embolden criminals (CBC) Spurred by reports of criminals hijacking computer networks and demanding payment, many governments and companies are buying insurance against these high-tech crimes. But security experts warn that insuring against attacks — and, in particular, paying ransoms — is likely only to embolden criminals.
More data leaks, ransomware attacks reported to data protection authority (NL Times) Companies and institutions reported nearly 27 thousand data breaches to the Dutch Data Protection Authority last year, an increase of 29 percent compared to 2018. Most of the leaks came from companies in the financial sector. The number of data leaks due to cyber attacks also increased, especially in the case of ransomware, NOS reports. "We are seeing a huge increase in data breaches," Monique Verdier of the Dutch Data Protection Authority said to the broadcaster.
Coronavirus outbreak starts to hit tech industry (Computing) Graphics cards, motherboards, Apple iPhones and Nintendo consoles all affected by measures taken to combat the spread of Coronavirus
Cybersecurity company Forescout to be acquired by Advent in all-cash deal valued at $1.9 billion (MarketWatch) Forescout Technologies Inc. said Thursday it has reached an agreement to be acquired by private-equity firm Advent International in an all-cash deal valued...
Senate Democrats Nix Contract Talks With Company Behind Disastrous Iowa App (The Daily Beast) The Democratic Senatorial Campaign Committee had been looking to do business with Shadow. After the caucus blow-up, that won’t be happening.
RSA Conference Reveals RSAC Launch Pad 2020 Participants (Yahoo) RSA® Conference, the world’s leading information security conferences and expositions, today revealed the three cybersecurity startups selected to participate in the second annual RSAC Launch Pad. The event gives early stage startups a platform to introduce their potentially groundbreaking solutions
Lockheed launches $100K small biz innovation program here (Orlando Business Journal) The initiative invites small firms in Lake, Orange, Osceola and Seminole counties to submit proposals and compete for the money.
VMware and Box Chase Future in Cybersecurity ‘Wild West’ (Data Center Knowledge) Gelsinger: Security is "the fastest growing line item for IT and the number and scope of breaches has increased.”
Cygilant Opens New Burlington, Mass. Headquarters to Accommodate Growth (Yahoo) Cygilant today announced its expansion to new headquarters in Burlington, Mass. and formally named Steve Harrington as vice president of marketing.
Cybersecurity Firm Affirms Commitment to Growth with Renaming, U.S. Expansion, and New Senior Leadership (PR Newswire) Network Test Labs (NTL) today announced their rebranding and renaming to CyberClan, expansion into the American market as a new U.S. company,...
PerimeterX Expands Executive Leadership Team to Fuel Growth and Drive Scale (Benzinga) PerimeterX, the leading provider of application security solutions that keep web businesses safe in the digital world, has...
Tenable Appoints Mark Thurmond as Chief Operating Officer (Tenable®) Global cybersecurity leader deepens executive bench with technology industry veteran Tenable®, Inc., the Cyber Exposure company, today announced it has appointed Mark Thurmond as Chief Operating Officer (COO). In this role, Thurmond will lead Tenable’s global field operations, including sales, professional services and technical support. Thurmond’s appointment adds another layer of depth to Tenable’s executive bench as the company continues to deliver on its Cyber Exposure vision to help business executives and security teams understand and reduce cybersecurity risk.
Veteran FireEye President Travis Reese To Exit In Executive Reshuffling (CRN) Longtime FireEye second-in-command Travis Reese will retire March 1 as the platform security giant tightens its org chart to accelerate execution and drive operational discipline.
Products, Services, and Solutions
Clango Partners with SailPoint to Offer Industry-Leading Identity Governance Solution (PR Newswire) Clango, an independent cybersecurity advisory firm and provider of identity and access management solutions, today announced a new partnership...
Hunters Takes Generational Leap in AI-based Threat Hunting (Globe Newswire) Collaboration with new ally Snowflake to boost velocity and effectiveness of data-driven autonomous threat detection
IoTopia - GlobalPlatform (GlobalPlatform) The standard for secure digital services and devices
Cygna Labs Assumes Management of Auditor Suite from BeyondTrust (Benzinga) Deal ensures ongoing maintenance, support and future product development of the BeyondTrust Auditor Product Line
MIAMI (PRWEB) February 05, 2020
Cygna Labs announced today that...
True Scope of Crypto-Ransomware Attacks Remains Unknown (CryptoNewsZ) Companies’ reluctance to report attacks and the rise of RaaS tech means that the real extent of ransomware attacks remains unknown.
The 2020 State of Crypto Crime (Chainalysis) Everything you need to know about darknet markets, exchange hacks, money laundering and more
NZ Utility Responds to National Cybersecurity Concerns (Industry Update) New Zealand energy and telecoms giant Trustpower has responded to that nation’s new Voluntary Cyber Security Standards for Industrial Control Systems (VCSS-OCS) by deploying Nozomi Networks Guardian a
BitRaser SSD & Mobile Erasure Software Receives ADISA Certification (Benzinga) BitRaser SSD and Mobile erasure software has received certification from ADISA (Asset Disposal and Information Security Alliance), an...
Fortinet Announces the Most Affordable Secure SD-WAN Appliance with Flexible Deployment Options for SMB (Globe Newswire) FortiGate 40F Delivers High Security Compute Ratings and Accelerated Performance, Expands Family of SoC4 SD-WAN ASIC-powered FortiGate Appliances
Technologies, Techniques, and Standards
Cybersecurity 2020: What Estonia knows about thwarting Russians (The Christian Science Monitor) Estonia has become a model in foiling Russian hacking and disinformation. What could the Baltic state teach the U.S. about securing the 2020 election?
My First Joyride With SILENTTRINITY (Black Hills Information Security) Jordan Drysdale // TL;DR SILENTTRINITY (ST) made the news a few times in July 2019, and I wanted to see what all the fuss was about. This article has enough information to get ST installed, the teamserver operational, and a client connected to the teamserver. Once all that is out of the way, we’ll go …
CISA Partners with Cactus League for Tabletop Security Exercise to Protect Spring Training Fans (Homeland Security Today) Wednesday’s exercise was not in a response to any specific threat, but was part of an ongoing collaborative effort to ensure the safety and security of fans attending spring training.
How can we harness human bias to have a more positive impact on cybersecurity awareness? (Help Net Security) Dr. Jessica Barker, Co-CEO of Cygenta, talks about how organizations can have a positive impact on cybersecurity awareness.
In Wake of Azure Error, NSA Updates Cloud Security Guidance (Redmondmag) The biggest cloud security issue plaguing organizations is misconfigurations, according to the National Security Agency (NSA), which recently published a security report titled 'Mitigating Cloud Vulnerabilities.'
Security experts: Here’s how to prevent your company from getting hacked (HousingWire) As the Iowa caucus delays fully showed, relying on technology can be just as much of a negative as a positive. It was in that spirit that a panel of security experts told the crowd at the MBA's Independent Mortgage Bankers Conference in New Orleans that cybersecurity only works if the people using it are prepared and ready to face whatever challenges are throw their way.
Why Cybersecurity is Important for Small Businesses (JumpCloud) Prioritizing cybersecurity and implementing best practices can keep your business, customers, and data safe. Learn how JumpCloud can help.
Design and Innovation
Honware: IoT honeypot for detecting zero-day exploits (Help Net Security) Honware could help security researchers, IoT manufacturers with detecting zero-day exploits targeting internet-connected devices.
Legislation, Policy, and Regulation
Will Belarus Be the Next Ukraine? (Foreign Affairs) Why the brewing conflict between Moscow and Minsk is bad news.
Opinion | There Is a Better Alternative to Huawei (Wall Street Journal) ‘Network virtualization’ can help the U.S. and its allies resist Chinese telecom domination.
FBI Director Argues Private Companies Shouldn’t Decide Encryption Debate (Nextgov.com) A key lawmaker questioned whether the Justice Department’s position is at odds with the Defense Department’s.
Child-Welfare Activists Attack Facebook Over Encryption Plans (New York Times) The social network is facing criticism for how encryption can allow child exploitation to flourish undetected on its services.
Come on, NSA, it’s time to join the fight against Windows hacking (Channel Asia) The agency needs to demonstrate that it has truly abandoned the practices that unleashed WannaCry on the world.
NIST Hires Symantec VP Jeff Greene to Lead NCCoE (MeriTalk) Jeff Greene, former vice president of global government affairs and policy at Symantec, began a new role as director of the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) on Feb. 3.
Litigation, Investigation, and Law Enforcement
Top U.S. officials to spotlight Chinese spy operations, pursuit of American secrets (Reuters) An aggressive campaign by American authorities to root out Chinese espionage ope...
WSJ News Exclusive | EU Deepens Antitrust Inquiry Into Facebook’s Data Practices (Wall Street Journal) Authorities have sought documents related to the social media company’s alleged efforts to identify and squash potential rivals, deepening an E.U. preliminary probe into Facebook, according to people familiar with the matter.
WSJ News Exclusive | Justice Department Ramps Up Google Probe, With Heavy Focus on Ad Tools (Wall Street Journal) In recent months, the department has been posing increasingly detailed questions—to Google’s rivals and executives inside the company itself—about how Google’s third-party advertising business interacts with publishers and advertisers.
Chinese telecoms giant Huawei sues Verizon for patent infringement (CNBC) Huawei claims it has been trying to negotiate royalty payments with Verizon "for a significant period of time" but were "unable to reach an agreement on license terms."
Bloody Trail? Chechen Blogger Is The Latest Kadyrov Critic To Die Abroad (RadioFreeEurope/RadioLiberty) A Chechen blogger was found dead with multiple stab wounds in a hotel in northern France last week. French police in Lille suspect a "political motive" in the killing of Imran Aliyev, the latest in a growing list of critics of Kremlin-backed Chechen leader Ramzan Kadyrov to have been killed or to have died abroad under suspicious circumstances. Here are some of the most prominent cases.
CIA hacker on trial for leaking data (Times) A former hacker for the CIA who is accused of betraying it by leaking a “catastrophic” amount of classified data has gone on trial in Manhattan. Joshua Schulte, 31, allegedly stole documents...
Joshua Schulte's attorney suggests Vault 7 leaks were due to the CIA's poor cybersecurity (CyberScoop) So many people had access to the computer network used by CIA software engineers that U.S. officials still don’t know who is actually behind the leak of the agency’s hacking tools, according to the defense attorney for an accused leaker.
Alleged CIA Leaker Joshua Schulte Was Made Scapegoat for Being 'a Pain in the Ass,' Defense Argues (Gizmodo) Defense lawyers for former CIA software engineer Joshua Adam Schulte say that the CIA and federal prosecutors don’t actually know for certain who was behind a 2017 leak of cyber espionage documents, let alone whether it was their client, the Wall Street Journal reported on Tuesday. Instead, they said he really pissed off the entire CIA, making him a natural scapegoat for their incompetence.
CIA worker: Massive 2017 leak ‘was crippling’ to the agency (Washington Post) A CIA computer engineer testified at the espionage trial of a former CIA employee on Wednesday that the 2017 leak of thousands of pages of documents “was crippling” to the agency and turned his office into an FBI crime scene.
The FBI Downloaded CIA's Hacking Tools Using Starbuck's WiFi (emptywheel) There are many interesting details about the FBI investigation into Joshua Schulte revealed by the details of how FBI obtained the Vault 7 files they submitted into evidence yesterday.
Convicted Norwegian spy: intel agencies are ‘amateurish’ (Washington Post) A retired Norwegian border inspector, who was convicted in Russia for spying and who was returned home last year in a spy swap, lashed out Wednesday at the Scandinavian country’s intelligence services for using local people, saying they are “amateurish.”
Maryland Court Finds Coverage for Lost Data and Slow Computers After Ransomware Attack (Lexology) As previously posted on our Hunton Insurance Recovery blog, a Maryland federal court awarded summary judgment to policyholder National Ink in…
Second lawsuit filed over DCH ransomware attack (Washington County News/Holmes County Times-Advertiser) Three more DCH patients have filed a federal class-action lawsuit against the healthcare system, saying the ransomware attack that crippled operations in
Autonomy founder Mike Lynch submits himself for arrest over US extradition warrant (Computing) Lynch’s lawyers said the British tech entrepreneur will continue to fight the fraud allegations against him
Clearview AI hit with cease-and-desist from Google, Facebook over facial recognition collection (CNET) In an interview with CBS This Morning, Clearview AI's founder says it's his right to collect photos for the facial recognition app.
Soldier’s court-martial reversed after judge had an ‘intimate’ relationship with a JAG’s wife (Army Times) Staff Sgt. Tony S. Springer was convicted in 2017, but during his trial, a precarious relationship was forming between the legal staff involved.