Cyber Attacks, Threats, and Vulnerabilities
Iowa Caucus Results Riddled With Errors and Inconsistencies (New York Times) The mistakes do not appear intentional, but they raise questions about whether there will ever be a completely precise accounting.
Democratic chair calls for recanvass in Iowa as national leaders raise new questions about handling of app (Washington Post) A top Democratic official said Thursday he had warned Iowa Democrats last month against using an untested app to transmit returns in the Iowa caucuses, whose results were thrown into further disarray as the party’s national leader called for a recanvass.
DNC-ordered security patch fouled Iowa caucus app, ex-Democratic official says; official denies (Des Moines Register) Some state party staffers believe an update pushed by the DNC caused the malfunction between the app’s coding and the state party verification system.
Malaysia warns of Chinese hacking campaign targeting government projects (ZDNet) MyCERT security alert points the finger at APT40, a Chinese state-sponsored hacking crew.
China-linked hackers have targeted Malaysian government, officials warn (CyberScoop) A hacking group that private researchers have linked with Chinese interests has successfully targeted Malaysian government officials in an apparent data-stealing espionage campaign, cybersecurity officials in the Southeast Asian nation said this week.
Who Are the Gamaredon Group and What Do They Want? (SentinelOne) SentinelLabs latest research shows how a Pro-Russian APT wages cyber warfare to gather intel and test its capabilities. What does this mean for enterprise?
Saudi Aramco sees increase in attempted cyber attacks (Reuters) Saudi Aramco has seen an increase in attempted cyber attacks since the final qua...
Japanese Defense Contractors Kobe Steel, Pasco Disclose Breaches (BleepingComputer) Japanese defense contractors Pasco Corporation (Pasco) and Kobe Steel (Kobelco) today disclosed security breaches that happened in May 2018 and in June 2015/August 2016, respectively.
New malware impacting online banking tricks users (Insurance Business) Users are forced into retyping their passwords
Another Metamorfo Variant Targeting Customers of Financial Institutions in More Countries (Fortinet Blog) Read about the malware family of the Metamorfo targeting financial organizations, in this analysis from FortiGuard Labs.…
Critical Android Bluetooth Flaw Exploitable without User Interaction (BleepingComputer) Android users are urged to apply the latest security patches released for the operating system on Monday that address a critical vulnerability in the Bluetooth subsystem.
Warning over malware campaigns that compromised half-a-million Android users (Computing) Apps purporting to be utilities for optimising device performance downloaded malware
Malicious Optimizer and Utility Android Apps on Google Play Communicate with Trojans that Install Malware, Perform Mobile Ad Fraud (TrendLabs Security Intelligence Blog) We discovered malicious apps on Google Play that can access remote ad configuration servers, perform mobile ad fraud, and download 3,000 malware variants.
Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications (Cofense) The Cofense Phishing Defense Center uncovered a phishing campaign that specifically targets users of Android devices that could result in compromise if unsigned Android applications are permitted on the device.
Shenzhen HAWK Behind 24 Apps Seeking Dangerous Permissions (VPNpro) Shenzhen HAWK is secretly behind these 24 popular apps requesting dangerous, with some apps guilty of spreading malware. Read our research to learn more.
Android pulls 24 ‘dangerous’ malware-filled apps from Play Store (Naked Security) The malware-infected apps used to harvest data and sign users up to premium services have been downloaded more than 382 million times.
Malicious apps now post their own positive reviews on Google Play (SC Magazine) The assault on Google’s Play Store continues with 30 malicious apps being revealed that have been downloaded hundreds of millions of times and having capabilities that have caused security firms suggesting end users take extraordinary steps to vet software prior to downloading.
Safari Uses Flawed Tracking Protections, Google Finds (CPO Magazine) Flaws in Safari’s Intelligent Tracking Prevention feature allow hackers to track users as they navigate the Internet and gain access to their cross-site browsing history.
Ransomware Exploits GIGABYTE Driver to Kill AV Processes (BleepingComputer) The attackers behind the RobbinHood Ransomware are exploiting a vulnerable GIGABYTE driver to install a malicious and unsigned driver into Windows that is used to terminate antivirus and security software.
Living off another land: Ransomware borrows vulnerable driver to remove security software (Sophos) Sophos has been investigating two different ransomware attacks where the adversaries deployed a legitimate, digitally signed hardware driver in order to delete security products from the targeted computers just prior to performing the destructive file encryption portion of the attack.
The Heartbleed Bug: How a Forgotten Bounds Check Broke the Internet (Netsparker) The Heartbleed bug is a critical buffer over-read flaw in several versions of the OpenSSL library that can reveal unencrypted information from the system memory of a server or client running a vulnerable version of OpenSSL. Attacks can reveal highly sensitive data, such as login credentials, TLS private keys, and personal information. This article looks at one of the most serious and widespread security vulnerabilities in web history and shows how just one buggy line of code could wreak havoc across the world.
Joker's laughing: Fresh database of half a million Indian payment card records on sale in the Dark Web (The Economic Times) The source of this new breach is unknown. The card records were uploaded on the 5th of Feb and that the total estimated value of the database, according to Group-IB, is $4.2 mn, at around $9 apiece. Till yesterday morning 16 cards details were found to have been sold. Those who buy these cards do so with the intention of committing payment card fraud.
VSDC Download Link on CNET Compromised to Distribute Malware (TechNadu) VSDC’s download link on CNET was pointing to a spoofed website that pushed trojans and malware. This is the second time in a year that VSDC is targeted.
Bug hunter finds cryptocurrency-mining botnet on DOD network (OODA Loop) Last month, a security researcher who was searching for bugs as a part of a bounty program discovered a cryptocurrency mining botnet inside a web server operated by the US Department of Defense. The researcher,
Threat Spotlight: Email Account Takeover (Journey Notes) Researchers from Barracuda and UC Berkeley conducted a large-scale analysis of email account takeover and the timeline of attacks.
'Free' downloads of Oscar-nominated movies are actually nasty bundles of malware (TechRadar) Beware phishing sites, too
Ransomware suspected after DC-lobby firm CUNA knocked offline (TechCrunch) The incident comes just months after CUNA hosted a ransomware attack simulation.
Allegheny Intermediate Unit targeted in ransomware attack (WTAE) The Allegheny Intermediate Unit, a countywide taxpayer-funded education agency based in Homestead, confirms it was recently hit by a ransomware attack.
Phishers impersonate WHO, exploit coronavirus-related anxiety (Help Net Security) Fake, phishing emails purportedly coming from the World Health Organisation (WHO) are ostensibly offering info on coronavirus safety measures.
Coronavirus is NOT at Columbia Basin College in Pasco. Here’s how the rumor spread (Tri-City Herald) Columbia Basin College was one of the targets of a new round of scammers taking advantage of people’s fear of the Chinese norvel coronavirus.
Security Patches, Mitigations, and Software Updates
Android owners – you'll want to get these latest security patches, especially for this nasty Bluetooth hijack flaw (Register) 'Pwned with a broadcast' bug among 25 to be patched by Google
Google’s Chrome 80 clamps down on cookies and notification spam (Naked Security) Version 80 of the Chrome browser is out with some new features designed to save your security and your sanity.
Update now – WhatsApp flaw gave attackers access to local files (Naked Security) The flaw affecting WhatsApp’s desktop client when it’s paired with the iPhone app allowed attackers access to local file systems.
The Digital Dictators (Foreign Affairs) New technologies were supposed to open societies and empower individuals. Instead, they've given despots the upper hand.
Netskope Attracts $340 Million in Additional Investment Led by Sequoia Capital Global Equities (Netskope) Fastest-growing SASE and cloud security company valued at nearly $3 billion, with unmatched global demand for its cloud-native network and data security platform SANTA CLARA, Calif. – February 6, 2020 – Netskope, the leading security cloud, today announced that the company has closed a new $340 million investment led by new investor Sequoia Capital Global …
DFW tech firm raises $12M more as it finds big-name customers (Dallas Business Journal) The Addison company has raised just under $12 million, bringing its total funding to more than $40 million.
NSS Labs quietly acquired by private equity firm (SearchSecurity) After several tumultuous years, product testing firm NSS Labs was acquired by Consecutive, Inc., a private equity firm based in San Francisco. The acquisition was made last October but neither company publicly announced the deal.
Israeli-American cyber firm Forescout acquired in $1.9 billion deal (The Jerusalem Post) Israeli-American cybersecurity company Forescout Technologies will be acquired for $1.9 billion by private equity investment firm Advent International, the companies announced on Thursday.
IntelliWare Acquired by Trowbridge & Trowbridge (Homeland Security Today) Trowbridge & Trowbridge, a provider of technical solutions to complex federal information technology challenges in the defense and civilian markets, has acquired IntelliWare Systems.
SAIC to buy Unisys Federal (InsideDefense.com) Science Applications International Corp. said today it has agreed to acquire Unisys Federal in a $1.2 billion deal.
Germany's HDI Group Acquires Cyber Specialist Perseus (Insurance Journal) The HDI Group has acquired Berlin-based Perseus Technologies GmbH, a start-up that has specialized in the prevention of cyber risks and emergency cyber
Gula Tech Adventures Announces First Ever CyberQuest 2020 (Yahoo) Gula Tech Adventures announced its first ever cyber pitch competition today—CyberQuest 2020. The competition supports the next generation of cyber technology, strategy and policy entrepreneurs by investing in startups of all sizes, with a focus on pre-series A. The winner will receive a $150,000 investment
Skeletons In The Closet: $2 Billion Cybersecurity Firm Darktrace Haunted By Characters From HP’s Failed Autonomy Deal (Forbes) The well-regarded co-CEOs of cybersecurity firm Darktrace have deep ties to Sushovan Hussain, the convicted former CFO of British data analytics company Autonomy.
Axonius Expands to the Federal Marketplace, Appoints Bobby McLernon to Lead the Charge (PRWeb) Axonius, the cybersecurity asset management company, today announced the expansion of its Cybersecurity Asset Management Platform for use by Federal agencies.
More McAfee leadership changes follow Chris Young's departure (SearchSecurity) Several other McAfee executives have left the company in recent months amid changes in the CEO position. Former chief executive Chris Young departed the company in January and was replaced by Peter Leav.
Products, Services, and Solutions
ERP Data Security Leader Appsian Announces Strategic Partnership With Trusted Government IT Solutions Provider Carahsoft (BusinessWire) Appsian, the leading provider of ERP security solutions, today announced a partnership with Carahsoft Technology Corp., The Trusted Government IT Solu
Agio Forges Partnership with Respond Software (PR Newswire) Agio, a leading provider of cybersecurity and managed IT services for the financial services industry, has announced a formal partnership with...
Fortinet Announces the Most Affordable Secure SD-WAN Appliance with Flexible Deployment Options for SMB (Yahoo) John Maddison, EVP of products and CMO at Fortinet“Fortinet delivers the most comprehensive SD-WAN solution on the market with over 21,000.
Clango Partners with SailPoint to Offer Industry-Leading Identity Governance Solution (MarTechSeries) Clango, an independent cybersecurity advisory firm and provider of identity and access management solutions, announced a new partnership with SailPoint, the leader in enterprise identity management. The partnership will augment Clango's line of identity governance solutions.
Technologies, Techniques, and Standards
After the Iowa Caucus Meltdown, New Hampshire Says It’s Ready (Wired) The nation’s first primary is proudly low-tech, but it'll take more than paper ballots to defuse the disinformation threat.
Public disclosure: the pros and cons of naming and shaming cyber threat groups (Computing) Publishing information about cyber threat groups can have unexpected consequences, says BAE Systems’ Saher Naumaan
Cybersecurity AI is ready for prime time: why the skeptics are wrong (Fifth Domain) Government leaders need a stronger understanding of commercial offerings to better determine what artificial intelligence for cybersecurity is ... and is not.
5G could bring new speed to military operations (C4ISRNET) If the U.S. military introduced a fifth generation network in to its C4ISR systems, decision-making in high profile military operations would improve because critical information would arrive faster, according to a Jan. 31 Congressional Research Service report.
Email test finds Kingston school district employees vulnerable to phishing (Daily Freeman) More than half of the people who have Kingston school district email accounts opened a potentially damaging email sent to them by a firm that's helping the
Design and Innovation
Twitter bans deepfakes, but only those ‘likely to cause harm’ (Naked Security) Twitter isn’t interested in how the “synthetic or manipulated” media is created, but if it has the potential to cause harm it’ll be removed.
Microsoft Outlines Early Progress on PowerShell Secrets Management (Redmondmag) Microsoft described progress on its coming PowerShell Secrets Management Module in a Thursday announcement.
We Tried to Get Nonconsensual Porn Off Pornhub (Vice) Pornhub hosts hundreds of Girls Do Porn videos; a Motherboard investigation shows the high-tech solution meant to stop those videos from spreading doesn’t work.
Research and Development
Acceptto Issued Five U.S. Patents for Authentication, Orchestration and Adaptive Authorization (PR Newswire) Acceptto, a leading provider of Continuous Behavioral Authentication, today announced that the company has been issued five U.S. patents,...
Defense researchers developing software agents that can read people's thoughts (ZDNet) Is the DARPA project a bridge to a horrifying dystopia or a step toward human-machine harmony?
Legislation, Policy, and Regulation
Data Protection Post-Brexit: Business as Usual (at Least Until 2020) (Cooley) The United Kingdom left the European Union at 11:00 pm on January 31, 2020. However, the UK has entered into transitional arrangements with the EU under which the existing data protection framework…
Israel is first nation to cyber regulate hazardous materials industry (The Jerusalem Post) Hazardous materials can apply to everything from facilities for water treatment, to airports, to seaports, to pharmaceutical companies, to hospitals, to swimming pools to even wineries.
Is India Betting Big on Huawei? (Foreign Policy) A divided domestic telecoms industry, disagreement within the central government, and a desire for India to develop its own systems have made the country’s calculations…
U.S., allies should consider Nokia, Ericsson investments to counter Huawei: Barr (Reuters) U.S. Attorney General William Barr on Thursday stressed the threat posed by Huaw...
It’s not just Iowa: Election tech is messy (Vox) The Iowa caucuses app won’t be the only new tech this election cycle, but Congress hasn’t been funding voting security the way it should.
The Cybersecurity 202: Senate panel wants politicians to put party aside for election security. Fat chance in 2020. (Washington Post) A bipartisan report released Thursday by the Senate Intelligence Committee says that the Obama administration mounted an insufficient response to Russia’s election interference in 2016, but that its failures were “understandable” because the government lacked information and had limited policy options at the time.
SEC Commissioner Hester Peirce Proposes 3-Year Safe Harbor Period for Crypto Token Sales (CoinDesk) SEC Commissioner Hester Peirce has unveiled her proposal to create a safe harbor for crypto startups, allowing them three years to build out their networks before having to address federal securities laws.
ODNI previews updated counterintelligence strategy, Trusted Workforce 2.0 rollout (Federal News Network) Bill Evanina, the director of ODNI’s National Counterintelligence and Security Center, said the strategy will focus on a “whole of society” response to threats that extend beyond the federal government.
Speaker: U.S. Space Command gearing up cyber operations (Colorado Springs Gazette) U.S. Space Command is gearing up its cyber operations and plans to create its cyber arm this summer, Brig. Gen. Joseph Matos III told participants in a major cybersecurity conference
Litigation, Investigation, and Law Enforcement
Senate report faults Obama administration’s paralysis on Russian election interference (POLITICO) The 54-page, partially redacted report marks the third installment of the panel's five-volume series outlining the scope of Russian election interference in 2016.
Russia Hacked the Election, Trump Hacked Team Obama’s Brains (The Daily Beast) A Senate report found the Obama administration botched its response to Russia, playing into the hands of Mitch McConnell who warned they “might be getting used.”
Feds are lining up more indictments related to Chinese cyber-activity, officials say - CyberScoop (CyberScoop) U.S. prosecutors are preparing to issue new charges against Chinese nationals related to alleged hacking and insider threats at U.S. organizations, senior Department of Justice officials said Thursday. “Chinese theft by hacking has been prominent,” Attorney General William Barr said in a speech at the Center for Strategic and International Studies in Washington, D.C.
O’Melveny and Electronic Frontier Foundation Score Landmark Win for Open Source Pioneer Bruce Peren (O’Melveny) Working together, O’Melveny and the Electronic Frontier Foundation secured a landmark ruling in a high-profile lawsuit that has deep implications for freedom of speech and open source licensing law.
Brazilian judge delays "for now" decision on indictment of U.S. journalist Greenwald (Reuters) A Brazilian judge indicted six people accused of hacking the phones of prosecuto...
WSJ News Exclusive | EU Deepens Antitrust Inquiry Into Facebook’s Data Practices (Wall Street Journal) Authorities have sought documents related to the social media company’s alleged efforts to identify and squash potential rivals, deepening an EU preliminary probe into Facebook, according to people familiar with the matter.
WSJ News Exclusive | Federal Agencies Use Cellphone Location Data for Immigration Enforcement (Wall Street Journal) The Trump administration has been using a database that maps the movements of millions of cellphones to monitor the Mexican border and make immigration arrests, according to people familiar with the matter.