San Francisco: the latest from RSAC 2020
What’s next for nation-state collaboration in cyberspace? (Fifth Domain) Recent events have demonstrated the progress like-minded nations have made in establishing norms of responsible behavior in cyberspace, but there is more to address.
How private companies help the FBI identify more cybercriminals (Fifth Domain) There are actions that can contribute to indictments.
Email still beats texts – for hackers phishing for your data (USA TODAY) Hackers love email as a way to steal your data. Don't click links without double checking them, and make phone calls to confirm validity, experts say.
Americans Divided on Perceptions About Personal Data Privacy Control (Yahoo) RSA Conference 2020 – A new study from nCipher Security, an Entrust Datacard company, suggests that 28% of American consumers think they have more control over their personal data than they did a year ago, while 26% feel that they have less control over personal data privacy and security – or no control
An FBI unit recovered $300 million of $3.5 billion in reported cybercrime losses last year (CyberScoop) A special unit inside the FBI helped victims of cybercrime recover $300 million of the $3.5 billion in reported losses in 2019, according to an FBI official.
Election Hacking: Cybersecurity Experts on What the Bad Guys are Doing (NBC Bay Area) At the 2020 RSA Conference in San Francisco, protecting the upcoming presidential election was a hot topic, from thwarting cyberattacks at polling places to preventing fake headlines from going viral.
Acronis cyber protection solutions help orgs face any modern threat to their data (Help Net Security) Acronis, a global leader in cyber protection announced at RSA 2020 several advances in the company’s modern cyber protection approach.
Photos: RSA Conference 2020, part 3 (Help Net Security) RSA Conference 2020 is underway at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news. Here
Photos: RSA Conference 2020, part 4 (Help Net Security) RSA Conference 2020 is underway at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news. Here
Cyber Attacks, Threats, and Vulnerabilities
The Cybersecurity 202: South Carolina election officials confident the primary will go smoothly. Here's what they're up against. (Washington Post) South Carolina election officials are confident their first-in-the-South primary will go smoothly on Saturday — despite looming threats of Russian hacking, misinformation, or an Iowa caucus-style tech failure.
Don't Do Russia's Work - Security Studies Group (Security Studies Group) Russian information operations are getting a bigger boost from irresponsible Americans than they could ever achieve on their own. [...]Read More...
Cerberus Android Malware Can Bypass 2FA, Unlock Devices Remotely (BleepingComputer) The Cerberus banking Trojan has been upgraded with RAT functionality and is now capable of stealing victims' Google Authenticator two-factor authentication (2FA) codes used as an extra layer of security when logging into online accounts.
Report identifies the most dangerous mobile app store on the internet (ZDNet) And, no! It's not the Google Play Store.
Red Cross targeted by hundreds of fraudulent applications for bushfire assistance (SBS News) The Australian Red Cross has been subjected to a cyberattack, receiving hundreds of fraudulent computer-generated applications for bushfire assistance.
SPF warns of phishing website posing as police site (CNA) The Singapore Police Force (SPF) has warned the public about a phishing site purporting to be the police website. “Scammers made use ...
49 Million Unique Emails Exposed Due to Mishandled Credentials (BleepingComputer) An Israeli marketing firm exposed 49 million unique email addresses after mishandling authentication credentials for an Elasticsearch database, that were sitting in plain text on an unprotected web server.
Israeli Marketing Company Exposes Contacts Database (BankInfo Security) An Israeli marketing company left the authentication credentials for a database online, exposing more than 140 GB worth of names, email addresses and phone numbers.
Nemty Ransomware Actively Distributed via 'Love Letter' Spam (BleepingComputer) Security researchers have spotted an ongoing malspam campaign using emails disguised as messages from secret lovers to deliver Nemty Ransomware payloads on the computers of potential victims.
Clearview’s Facial Recognition App Has Been Used By The Justice Department, ICE, Macy’s, Walmart, And The NBA (BuzzFeed News) A BuzzFeed News review of Clearview AI documents has revealed the company is working with more than 2,200 law enforcement agencies, companies, and individuals around the world.
()
Reddit CEO: TikTok is ‘fundamentally parasitic' (TechCrunch) TikTok is one of the hottest social media platforms but the CEO of Reddit had some harsh words for the popular app, calling it “fundamentally parasitic” at an event Wednesday. The comments from Reddit CEO and co-founder Steve Huffman were some of the more controversial offered up during…
Gmail Flaw Prevents Blanket Deletion Of Spam In Android: Report (Media Post) Gmail is working on a purported design bug that has eliminated the Empty trash now and Empty spam options, according to Android Police.
()
Desjardins Group Breach Cost $38m Higher Than Expected (Infosecurity Magazine) Last year’s data breach cost the Desjardins Group $38m more than anticipated
10 Android apps that could have major safety issues (Lancashire Telegraph) IF you use an Android phone, you might want to look at 10 apps that could have big safety issues.
UPDATED: P.E.I. government addresses malware discovery (Journal Pioneer) P.E.I. provincial government networks were hit with a ransomware attack over the weekend. In a press release, provincial officials said an investigation is ongoing after a ransomware attack affected government networks for a 90-minute period on
Slickwraps data breach earns scorn for all (Naked Security) The breach earned derision from both the hacker and observers after another hacker exploited the company’s vulnerable setup.
How one man could have flooded your phone with Microsoft spam (Naked Security) What a difference one tiny little character can make to a phone number.
()
Shark Tank host loses $400,000 in a scam (CNN) "Shark Tank" judge Barbara Corcoran lost nearly $400,000 in an elaborate email scam that tricked her staff.
How Cameo’s Private Celebrity Videos Were Open to the World (Vice) Just when you thought paying for celeb shoutout was secure, it really wasn’t.
Redcar and Cleveland Borough Council finally admits that it has suffered ransomware attack (Computing) IT systems at Redcar and Cleveland Borough Council have been down for three weeks
Security Patches, Mitigations, and Software Updates
Tripwire Patch Priority Index for February 2020 (The State of Security) Tripwire's February 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft and Adobe.
Chrome 80 encryption change blocks AZORult password stealer (Naked Security) Evidence is emerging that a change made to Chrome 80 might have disrupted the popular data and user profile stealing malware AZORult.
Patch now, Microsoft Exchange servers open to remote hacking due to major flaw (SC Magazine) Attackers actively scanning networks for CVE-2020-0688 remote code execution flaw, a major vulnerability affecting nearly every supported version of Microsoft Exchange Server. Apply patch now.
Microsoft Edge introduces feature to block 'potentially unwanted applications' like adware and cryptominers (Computing) The unwanted apps slow down a device and make lead to a degraded Windows experience
Cyber Trends
RiskIQ’s 2019 Mobile Threat Landscape Report (RiskIQ) The Mobile Ecosystem Swells, but Google Leads a Decline in Malicious Apps
Mind the Gap: The Underinsurance of Cyber Risk (QOMPLX, INC) Data telematics is the missing link insurance carriers desperately need to understand and accurately price cyber risk. A new in-depth view of cyber risk management and the growth of the next peak peril of the insurance industry is included in the first edition of the QOMPLX Cyber Risk Series. LEARN
Only 38% of US govt workers received ransomware prevention training (Help Net Security) Despite the growth of ransomware attacks, half of the employees have not seen any change in preparedness from their employers.
What is plaguing public sector cyber readiness? (Help Net Security) IT complexity, insider threats, and an abundance of privileged users plague public sector cyber readiness, a SolarWinds survey reveals.
AP-NORC poll: Election security, integrity worry Americans (AP NEWS) WASHINGTON (AP) — Americans have widespread concerns about the security and integrity of elections, with few saying they have high confidence that votes in the 2020 presidential election will be...
Malicious attacks continue to account for 64% of data breaches: OAIC (ZDNet) It's the first report since OAIC announced it would shift the NDB reporting scheme from a quarterly report scheme to a six-month one.
Number of Student Data Breaches, Ransomware Attacks Nearly Triple in Last Year (Yahoo) According to a report released today by the K-12 Cybersecurity Resource Center, The State of K-12 Cybersecurity: 2019 Year in Review, public K-12 education agencies across the country experienced a total of 348 cybersecurity incidents during calendar year 2019. This is nearly three times as many incidents
Marketplace
WSJ News Exclusive | Cisco Plans New Round of Layoffs (Wall Street Journal) The networking-equipment maker faces the prospect of slowing sales growth because of global economic uncertainty.
The coronavirus just took down Facebook's biggest event (CNET) Facebook canceled its F8 developer conference over health concerns.
Blue Cedar joins Microsoft Intelligent Security Association and Provides Secure In-App Connectivity for the Mobile Workforce (BusinessWire) Blue Cedar, the company automating the complex workflows between mobile app development and deployment to end users, today announced that it is joinin
Digital Ally Announces Proposed Underwritten Public Offering of Common Stock (Yahoo) Digital Ally, Inc. (DGLY), which develops, manufactures and markets advanced video recording products for law enforcement, emergency management, fleet safety and security, today announced that it intends to offer shares of its common stock for sale in an underwritten public offering. In addition, the
Sauce Labs Deepens Investment in OSS Community; Establishes New Open Source Program Office (Globe Newswire) New department to drive significant increase in support for open source initiatives
Products, Services, and Solutions
Acuant Expands Trusted Identity Platform Bringing More Ways to Transact on the Web/HTML (Acuant) Acuant expands trusted identity platform with groundbreaking new passive liveness facial recognition and full html functionality with introduction of WebID
Brave beats other browsers in privacy study (Naked Security) Users looking for a privacy-focused browser might want to consider Brave first, according to a study published this week.
Technologies, Techniques, and Standards
Bringing outsiders into your compliance team: four considerations (BAE Systems) Hiring third party investigators to bolster your AML and Compliance team? Here’s four things to consider before you pick up the phone.
America’s future battle network is key to multidomain defense (Defense News) Two U.S. Air Force generals argue that American military superiority can be ensured through a comprehensive network connecting all of its weapons and troops in real time.
Program aims to raise awareness about cybersecurity, misinformation risks to elections (Nevada Independent) The Annenberg School for Communication and Journalism at USC’s Center on Communication Leadership and Policy designed the program, which they are bringing to all 50 states prior to the November 2020 general election. On Tuesday, the initiative made its stop in Nevada, where its panel of experts was joined on the UNLV campus by a state elections official who warned that a new Nevada law might delay election results.
Elections in state monitored, security officials say (Arkansas Online) Federal law enforcement officials tasked with monitoring the security of elections in Arkansas say they are on guard for potential threats -- both online and on the ground -- ahead of next week's Super Tuesday primaries, though they have not received any reports so far of illicit activity.
Design and Innovation
My car was in a hit-and-run. Then I learned it recorded the whole thing. (Washington Post) The car is becoming a sentry, a chaperone, and a snitch
Research and Development
Computer Scientists’ New Tool Fools Hackers into Sharing Keys for Better Cybersecurity (University of Texas Dallas) Researchers developed a ‘crook-sourcing’ defense approach called DEEP-Dig that takes intruders to a decoy site so a computer can learn from hackers’ tactics and help repel future attacks.
Academia
Singapore university to establish facility that studies social impact of internet (ZDNet) Operational from April, the National University of Singapore's Centre for Trusted Internet and Community aims to tap artificial intelligence and data science to assess implications of internet use as well as regulations such as those involving privacy and freedom of expression.
Legislation, Policy, and Regulation
European spies dare to share (POLITICO) 23 countries launch forum for sharing experiences about intel gathering.
America Must Shape the World’s AI Norms — or Dictators Will (Defense One) Four former U.S. defense secretaries issue a warning about China and a wake-up call to Americans on artificial intelligence.
Trump Backs Limits on Secret Surveillance Court (Wall Street Journal) President Trump has signaled his support for a measure that would prohibit the U.S. government from turning to a secretive surveillance court to obtain wiretaps on Americans, setting up a potential clash between the president and the intelligence community.
Senate OKs $1 Billion for Rural Telecom Carriers to Replace Huawei Gear (Wall Street Journal) The U.S. Senate approved legislation that would provide $1 billion for rural telecom carriers to replace equipment made by China’s Huawei Technologies Co. in their networks.
Cyber National Guard Task force will focus on network defense (Fifth Domain) A slew of new National Guard personnel are cycling into a major cyber task force for U.S. Cyber Command. Details are scarce, but Task Force Echo, which falls beneath Army Cyber Command and supports Cyber Command’s mission more broadly, will likely work in network defense.
More Legislation May Be Coming to Bolster the Federal Cyber Workforce (Nextgov.com) Industry sees focus on education as a path to ending competition over personnel.
ASD names new chiefs for ACSC, signals operations (iTnews) PM&C incident response and Home Affairs counter terrorism experts promoted.
Ex-naval commander dives into cyber role (Yahoo) The Australian Signals Directorate says former naval commander Abigail Bradshaw will lead the fight to make Australia the safest place to connect online.
'Weird, geeky-sounding' advert led ASIO boss to intelligence world (The Sydney Morning Herald) When he took to the stage on Monday to deliver his first national threat assessment, ASIO boss Mike Burgess marked a new era for the spy agency.
State Cybersecurity Funding: Memo From Governors to Congress (MSSP Alert) Governors to push Congress for more legislation to shore up state technology systems and protect their constituents from cyber attackers & ransomware.
Chinese hackers might not shrug off US indictments after all (Protocol) Conventional wisdom holds that nation-state hackers are unaffected by indictments, but a prominent expert thinks it's working against China.
Litigation, Investigation, and Law Enforcement
Judge refuses to let Assange leave secure dock in courtroom (Washington Post) A judge has refused to let Julian Assange move from a glass-enclosed dock and sit with his lawyers at a London court hearing
WSJ News Exclusive | FCC Probe Finds Mobile Carriers Didn’t Safeguard Customer Location Data (Wall Street Journal) The FCC is seeking hundreds of millions of dollars in fines from top carriers that it found failed to safeguard information about customers’ real-time locations, according to people familiar with the matter.
FCC to propose $200 million fines for U.S. cellphone carriers over consumer data disclosures (Reuters) The U.S. Federal Communications Commission is set to propose fining four major U...
Facebook has paused election reminders in Europe after data watchdog raises transparency concerns (TechCrunch) Big tech’s lead privacy regulator in Europe has intervened to flag transparency concerns about a Facebook election reminder feature — asking the tech giant to provide it with information about what data it collects from users who interact with the notification and how their personal dat…
It’s Facebook vs. the Bloomberg Campaign vs. the Internet (New York Times) The Bloomberg campaign is putting out more memes on private Instagram accounts — and running faster than Facebook can keep up.
Facebook, Google and Twitter Rebel Against Pakistan’s Censorship Rules (New York Times) The battle is the latest skirmish between internet companies and governments over who decides what content should be online.
Google has right to censor conservative nonprofit on YouTube (Naked Security) It’s not a “state actor”, so isn’t subject to 1st Amendment scrutiny and can censor PragerU’s videos on abortion, gun rights and terrorism.
Facebook sues SDK maker for secretly harvesting user data (ZDNet) Data analytics firm OneAudience allegedly paid app developers to include its SDK in their code so it could harvest data from Facebook users.
Wells Fargo to Pay $35 Million to Settle ETF Probe (Wall Street Journal) Wells Fargo agreed to pay $35 million to settle regulatory claims that its financial advisers recommended exchange-traded funds that were too risky for some clients.
The Philippines Wants to Arrest 8chan Founder Fredrick Brennan: ‘It's Basically a Death Sentence’ (Vice) Brennan has been fighting to keep 8chan, home of the QAnon conspiracy theory, offline.
Justice Dept. charges professor with hiding ties to China (AP NEWS) WASHINGTON (AP) — A professor at the University of Tennessee has been arrested on charges that he hid his relationship with a Chinese university while receiving research grants from the federal...
Chinese National Sentenced to Prison in $1 Billion Trade Secret Theft Case (Wall Street Journal) A Chinese national was sentenced to two years in prison for allegedly stealing proprietary information worth about $1 billion from his Oklahoma employer, the U.S. Justice Department said.
Actor Steven Seagal Settles SEC Cryptocurrency Charges (Wall Street Journal) Steven Seagal has settled charges brought by U.S. securities regulators that allege he didn’t disclose payments he received for promoting an investment in an initial coin offering for the cryptocurrency Bitcoiin2Gen.