Cyber Attacks, Threats, and Vulnerabilities
Iranian Hackers Claim Defacement of Texas Government and Alabama Veterans Websites (Vice) Defacements are typically the work of low-level hackers, but the messages come at a time of intense tension between the U.S. and Iran.
Gov. Greg Abbott warns Texas agencies seeing 10,000 attempted cyber attacks per minute from Iran (The Texas Tribune) State agencies are seeing an increase in cyber security threats as Iranian officials vow revenge against the U.S. for killing a top general.
As they fret about cyberattacks from Iran, Texas officials also say homegrown ‘incels’ pose threat (Dallas News) Cyberattack attempts originating in Iran are increasing, Texas officials said Tuesday. Over the previous two days, as many as 10,000 “probes” of...
DHS cyber agency releases advisory on Iranian threats (Fifth Domain) The Cybersecurity and Infrastructure Security Agency sent out an advisory with tips to secure systems in the face of heightened cyberthreats from Iran.
()
Iran courted US security expert for years, seeking industrial hacking training (Ars Technica) In emails and WhatsApp messages, Iranian telecom official tried to recruit US researcher.
Iran could turn hacked American cyber-weapons back on US in 'holy war in cyber-space' (The Telegraph) Iran will seek to turn America’s own weapons upon it in the next 24 hours, a US cyber commissioner under President Obama has warned, potentially crippling America’s energy, finance and transport networks using hacks stolen from the CIA.
()
()
Mass. Cybersecurity Firms Brace For Possible Hack Attempts By Iran (WBUR) The Department of Homeland Security warns that "Iran maintains a robust cyber program and can execute cyber attacks against the United States."
Analysis | The Cybersecurity 202: Voting machines touted as secure option are actually vulnerable to hacking, study finds (Washington Post) It's a blow to election officials who said a paper trail would solve everything.
Russian trolls are targeting American veterans, and Trump’s government isn’t helping, group says (Washington Post) U.S. veterans and service members enjoy a high degree of respect, which makes them targets for foreign manipulation and influence, Vietnam Veterans of America warned Trump administration officials in 2018.
Deepfakes and the New Disinformation War (Foreign Affairs) Thanks to the rise of “deepfakes”—highly realistic and difficult-to-detect digital manipulations of audio or video—it is becoming easier than ever to portray someone saying or doing something he or she never said or did, with potentially disastrous consequences for politics.
Secretary of State warns of possible cyber threats (Albany Herald) Secretary of State Brad Raffensperger announced Monday that he is instructing elections officials for the state and individual counties to be on heightened diligence against possible cybersecurity attacks
Tik or Tok? Is TikTok secure enough? - Check Point Research (Check Point Research) Available in over 150 markets, used in 75 languages globally, and with over 1 billion users, TikTok has definitely cracked the code to the term “popularity” across the globe. As of October 2019, TikTok is one of the world’s most downloaded apps....
Microsoft Phishing Scam Exploits Iran Cyberattack Scare (BleepingComputer) An attacker is attempting to take advantage of the recent warnings about possible Iranian cyberattacks by using it as a theme for a phishing attack that tries to collect Microsoft login credentials.
Tricky Phish Angles for Persistence, Not Passwords (KrebsOnSecurity) Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password.
Magecart customers pay twice due to hacking of website code (SC Magazine) Hackers access website source code to inject malicious JavaScript, then payment details submitted get sent to two addresses - the retailer and the crooks.
New Tactics Punch Holes in Big Tech’s Ad-Fraud Defenses (Wall Street Journal) Tech giants such as Google and Amazon.com are deploying artificial intelligence to ferret out fraud on their platforms, but some cybercriminals are outfoxing Silicon Valley with software that is getting better at mimicking human behavior.
This password-stealing malware just got updated with new tactics to help it hide better (ZDNet) Predator the Thief updated again; make sure your systems are patched and staff are alert to the risks of phishing.
Microsoft Access Vulnerability Could Leave 85,000 Businesses Exposed (Fortune) Researchers have discovered a flaw in Microsoft’s Access database application that, if left unpatched, could impact thousands of U.S. businesses.
TikTok security flaws enabled attackers to text malware to users and uncover personal information (Computing) Setting the bar low for app security
“Renegade province” and “reunification”: How not to write about Taiwan’s elections (Quartz) Using inaccurate language to talk about Taiwan can amount to adopting a "tacit endorsement of a pro-China view."
Almost all retail apps leak personal data, security firm warns (Retail Dive) Until retailers' apps can be trusted, consumers should delete them from their phones, according to mobile security firm NowSecure.
Hackers 'demand $6m ransom' from Travelex after cyberattack (The Telegraph) Hackers have warned Travelex it has over a week to pay a ransom of $6m (4.
Interpeak IPnet TCP/IP Stack (Update D) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available
Vendors: ENEA, Green Hills Software, ITRON, IP Infusion, Wind River
Equipment: OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, ZebOS by IP Infusion, and VxWorks by Wind River
Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Integer Underflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Race Condition, Argument Injection, Null Pointer Dereference
McAfee Advanced Threat Research demo McLear Smart Ring (YouTube) This video demonstrates how an attacker could clone a smart ring used to interact with NFC enabled door locks, and potentially gain access to a consumer home.
McAfee Advanced Threat Research Demo Chamberlain MyQ (YouTube) This video demonstrates how an attacker could jam radio frequency signals to manipulate the state of a connected garage door.
East Bay schools hit with cyber attack during break (The Mercury News) All schools in the Pittsburg Unified School District were operating Tuesday despite a ransomware attack that disabled their emails and servers, Superintendent Janet Schulze
Security Patches, Mitigations, and Software Updates
Tails 4.2 Fixes Numerous Security Flaws, Improves Direct Upgrades (BleepingComputer) The Tails Project released a new version of the security-focused Tails Linux distribution and advises users to upgrade as soon as possible to fix multiple security vulnerabilities impacting the previous Tails 4.1.1 version.
Google Project Zero shifts to full 90-day disclosures to improve patch uptake (ZDNet) Vendors to have 90 days to get patches right, under changes to Google Project Zero's disclosure policy.
Google amends disclosure policy to encourage 'thorough' security patches from developers (Computing) Google will now wait for at least 90 days before disclosing bug details
Google suspends Xiaomi from Home Hub over camera privacy glitch (Naked Security) A user reported to Google that he was seeing images from other people’s devices.
Cyber Trends
A10 Networks: Cyberattacks will be the norm for 2020 (Intelligent CIO Africa) Mohammed Al-Moneer, Regional Vice President, MENA at A10 Networks, looks at what cyberthreats enterprises need to be aware of in 2020. He says: "Cyberattacks
Trust a challenge for security resellers (MicroscopeUK) ESET has quizzed CIOs and found that many are struggling to trust those that supply them security tools and services
Proofpoint's 2020 predictions for the Middle East (Intelligent CIO Middle East) Proofpoint has gathered its top predictions for CIOs to watch out for in 2020. Emile Abou Saleh, Regional Director, Middle East and Africa at Proofpoint, tells us downloaders and botnets abound while supply chains and account compromises will drive phishing.
Marketplace
These 3 Cybersecurity Stocks Will Explode as Iran Threatens Cyber Warfare (CCN.com) Cybersecurity stocks such as CrowdStrike are expected to benefit from the cyberattack threat posed by Iran.
CES 2020 goes big on cyber (POLITICO) Congress set to take up 5G legislation — High-profile Huawei lobbyist exits
CFC on the changing UK cyber insurance market (Insurance Business) "Cyber isn't a one size fits all solution"
Don’t Tilt Scales Against Trump, Facebook Executive Warns (New York Times) In an internal memo, Andrew Bosworth said he “desperately” wanted the president to lose. But, he said, the company should avoid hurting Mr. Trump’s campaign.
Huawei Punctuates Stormy Year of Cyber Distrust in UK (Infosecurity Magazine) Huawei's new innovation center puts a shiny gloss over a year of controversy in the UK
Accenture Acquires Symantec MSSP Business, SOCs From Broadcom (MSSP Alert) Accenture acquires Symantec's MSSP Cyber Security Services Business from Broadcom; gains 6 security operations centers (SOCs) & global threat monitoring services.
Broadcom Flogs Symantec Unit to Accenture (Light Reading) The semiconductor maker offloads some of the security assets it acquired last year to Accenture, which gains valuable new capabilities.
Mimecast acquires Segasec | SC Media (SC Media) Mimecast has closed on a deal to acquire the digital threat protection firm Segasec.
Insight Partners acquires enterprise security firm Armis in $1.1 billion deal (ZDNet) Insight Partners says the deal addresses a global enterprise endpoint security need.
Cloudflare Has a Plan to Change Everything About Cloud Security (Medium) It wants to replace corporate VPNs and firewalls with its own networks. That could make it even more of an internet gatekeeper.
KnowBe4 wraps up 2019 in a big way (St Pete Catalyst) KnowBe4 doesn’t want to keep its 27 consecutive quarters of sales growth under wraps. On Monday, the cybersecurity training company displayed its sales gains on a massive banner that wrapped around the outside of its downtown Clearwater headquarters. CEO Stu Sjouwerman was depicted perched on top of a chart, with bars that each represented double-digit [...]
WatchGuard Appoints Andy Reinland as New Chief Financial Officer (West) Former F5 Networks executive joins fast-growing cyber security company
AttackIQ Appoints Pedro Vidal VP of North America to Drive Company Growth and Sales (Yahoo) AttackIQⓇ, the leading independent vendor of breach and attack simulation solutions, today announced Pedro Vidal has joined the company’s executive team as vice president of North America sales.
VMware’s Dan McLean takes over A/NZ leadership of Radware (ARN) VMware senior manager Dan McLean has left the vendor after 15 years to take over local leadership of cyber security firm Radware.
Products, Services, and Solutions
IBM’s Quantum-Computing Service Tops 100 Customers (Wall Street Journal) The company said more than 100 organizations are using its quantum-computing services, including businesses, universities and government research facilities. That’s up from 40 a year ago.
SonicWall, Los Angeles County Metropolitan Transportation Authority secure business-critical communications with real-time SAAS security initiative (SonicWall) SonicWall and the Los Angeles County Metropolitan Transportation Authority (Metro) announced their coordinated efforts to secure the company’s digital communications and Microsoft Office suite with the SonicWall Cloud App Security (CAS) solution that offers advanced threat and data protection for software-as-a-service (SaaS) email and other popular SaaS apps.
SkyOne to Represent Asigra Throughout the Gulf Cooperation Council of Countries
(Asigra) Asigra Inc., a leading cloud backup, recovery and restore software provider since 1986, today announced the company’s Middle East and Gulf Cooperation Council (GCC) representative — SkyOne.
WidePoint Partners with KoolSpan to Offer End-to-End Encryption for Phone Calls and Text Messages (West) WidePoint Corporation (NYSE American: WYY), the leading provider of Trusted Mobility Management (TM2) specializing in Telecommunications Lifecycle Management, Identity Management and Digital Billing & Analytics solutions and KoolSpan, the provider of TrustCall, have entered into a partnership through which WidePoint delivers KoolSpan’s cross-platform, end-to-end communication solution to WidePoint customers so that they can make phone calls and send text messages securely.
HORNE Cyber’s Simulation of Dangerous Ryuk Ransomware Can Now Be Tested by Municipalities and Businesses of Any Size, Safely & Affordably (BusinessWire) HORNE Cyber’s Threat Runner ransomware simulation tool incorporates Ryuk testing.
Webcast: Let’s Talk About ELK Baby, Let’s Talk About You and AD - Black Hills Information Security (Black Hills Information Security) BHIS’ Defensery Driven Duo Delivers Another Delectable Transmission! We know you are worried about your networks. After hours of discussion, we’ve come to the realization that some of our dedicated followers seem to be much more interested in catching malware than learning how to be (please forgive this next statement) “l33t hax0rs.” Download slides: https://www.activecountermeasures.com/presentations/ …
Thales to Deliver Digital Licence Solution to Queensland, Australia (Valdosta Daily Times) Thales has signed a contract to partner with Queensland’s Department of Transport and Main Roads (TMR) in Australia and local Queensland SMEs, Code Heroes and Aliva, to design, develop and deliver the State’s first Digital Licence App.
New CrowdStrike Store Apps Extend the Power of the Falcon Platform (AiThority) CrowdStrike Inc. , a leader in cloud-delivered endpoint protection, announced new third-party applications for the CrowdStrike Store
Cloudflare Adds New Endpoint, Web Security Service (Dark Reading) Teams and a new browser security acquisition expand the cloud firm's security offerings.
Crypsis Launches Illuminator, a Data Analytics-Powered Data Breach Notification Service (PR Newswire) The Crypsis Group, a leading incident response, risk management and digital forensics firm, today announced the availability of their...
Technologies, Techniques, and Standards
CES Gadget Show: Surveillance is in - and in a big way (AP NEWS) From the face scanner that will check in some attendees to the cameras-everywhere array of digital products, the CES gadget show is all-in on surveillance technology — whether it calls it that or...
MITRE Releases Framework for Cyber Attacks on Industrial Control Systems (The MITRE Corporation) McLean, VA, and Bedford, MA, January 7, 2020—MITRE released an ATT&CK™ knowledge base of the tactics and techniques that cyber adversaries use when attacking the industrial control systems (ICS) that operate some of the nation’s most critical infrastructures including energy transmission and distribution plants, oil refineries, wastewater treatment facilities, transportation systems, and more. The impacts from these attacks range from disruption to operational productivity to serious harm to human life and the surrounding environment.
How to Use Zeek to Catch Data Exfiltration With a Single Command - Video Blog - Active Countermeasures (Active Countermeasures) Video – Using Zeek to Catch Data Exfiltration…
Design and Innovation
Tech Giants Defend Privacy Efforts, Promise Improvements (Wall Street Journal) Privacy experts from Facebook and Apple defended the security and use of consumer data on their platforms, though they said greater protections and public education are needed as technology and regulations evolve.
Enforcing Against Manipulated Media (About Facebook) We're strengthening our policy toward misleading manipulated videos that have been identified as deepfakes.
Facebook bans deepfakes but not all altered content (WeLiveSecurity) Facebook has unveiled a new policy to curb the spread of manipulated media as the threat of slick deepfakes looms large over the US presidential elections.
Facebook's deepfake ban evokes mixed reactions (SC Magazine) Facebook's announcement to add deepfakes to the categories of banned content is hardly a patch on the growing misinformation campaigns on the platform say privacy and security experts
Facebook Deepfake Video Ban May Set Off 'Cat and Mouse' Game (Fortune) The policy change does not include parody, satire, or lightly edited clips, such as the infamous Nancy Pelosi deepfake.
Facebook is like sugar and too much of it will hurt you, says top executive (The Telegraph) A senior Facebook executive has compared his own product to sugar, suggesting that indulging in too much of it could be dangerous.
The age of the virtual human is here – are we prepared? (The Telegraph) Virtual humans - lifelike replicas of people that are indistinguishable from the real thing - have been a science fiction staple for decades.
Research and Development
US Special Operations Command wants to sniff out misinformation campaigns (Defense News) U.S. Special Operations Command is seeking a prototype that would allow it to detect misinformation campaigns in near- to real-time.
Legislation, Policy, and Regulation
Iran’s Next Move May Be No Move (Foreign Policy) There are sound reasons and precedents for why Tehran will not rush to retaliate.
Soleimani Was More Valuable in Politics Than in War (Foreign Affairs) The Islamic Republic takes stock of its loss.
Chertoff: Iran May Be ‘Signaling That They Are Ready to Stop’ Escalation with Non-‘Cataclysmic’ Strikes (Homeland Security Today) Former DHS secretary said Iran may have chosen to not strike harder in order to
Trump retreats from threat to attack Iranian cultural sites (Washington Post) President Donald Trump is backing away from his threats to target Iranian cultural sites if Tehran retaliates for the killing of a top Iranian general by the U.S. It is a war crime to target cultural sites
Iran Launches Attack on U.S. Bases in Iraq (Foreign Policy) Hours after the strike, both Washington and Tehran showed signs they wanted to de-escalate.
Britain puts Middle East forces on high alert as US, Iran trade threats (Defense News) “Urgent measures” are being taken to protect British nationals and interests in the wake of the killing of Iranian Revolutionary Guards General Qassim Soleimani in a U.S. drone strike, according to Defence Secretary Ben Wallace.
Netanyahu says anyone attacking Israel will be dealt 'strongest blow' (Reuters) Prime Minister Benjamin Netanyahu said on Wednesday, after an Iranian missile st...
Pakistan will not take sides in US-Iran row (Pakistan observer) Mirza Aslam Beg QASEM Soleimani was the top military leader of Iran, playing active role in the Middle East region, as well as Afghanistan. In fact, he was described as the “single most powerful operative in the Middle East today.” According to American intelligence, Soleimani was planning large scale assaults on American troops and interests …
Controversial Iraqi cleric goes full Monty Python, tries to insult his way into Trump-Iran fight (Military Times) Muqtada al-Sadr, whose militias killed numerous Americans in the Iraq War, ridiculed President Trump as the
Indonesian army wields internet 'news' as a weapon in Papua (Reuters) As Indonesia celebrated its National Heroes' Day last year, official milita...
Senators set for briefing on cyber threats from Iran (TheHill) Senators on the Homeland Security and Governmental Affairs Committee were set to receive a classified briefing Tuesday on threats from Iran, including the possibility of a retaliatory cyberattack in response to the killing of I
Lawmakers: Possible Iranian Cyberattack Highlights Need for Proactive Security - Air Force Magazine (Air Force Magazine) A leading congressional voice on cybersecurity said Jan. 7 the federal government is taking the right steps to prepare for a possible Iranian cyberattack.
Congressional commission mulls new private sector reporting requirements (CyberScoop) The Cyberspace Solarium Commission, a bipartisan group tasked last year with devising a strategy for defending the U.S. against cyberattacks, is almost ready to reveal its proposals to the world. The commission’s final report, expected to be issued in March or April, may include new reporting requirements for the private sector that would incentivize better security practices, the commission’s co-chairs, Sen. Angus King, I-Maine, and Rep. Mike Gallagher, R-Wis., said during a Council on Foreign Relations summit in Washington, D.C. Tuesday. While the final language is unclear, the report is expected to include a sweeping set of proposal ranging from an overhaul of Congressional oversight on cybersecurity issues to an assessment of the Pentagon’s offensive and defensive readiness. Whether there’s broader appetite outside of the 14-member commission to implement the recommendations, however, remains to be seen. One idea the commission has entertained is convincing insurance companies to offer better rates to clients who follow specific guidelines meant …
Cyber Solarium to back CISA as the lead response agency (FCW) Leveling up CISA and CyberCom and streamlining Congressional jurisdiction will be among the recommendations issued in an upcoming report from the Cyberspace Solarium Commission.
Congressional commission wants more cyberwarriors for the military (Fifth Domain) With rising threats, DoD might need to add more cyber teams to keep pace.
United States not prepared for cyberwar with Iran (Yahoo) If Iran decides to commit a retaliatory attack for the assassination of General Soleimani, the US is not prepared for a cyber war.
State Department Must Report Foreign Use of Hacking Tools, Services in New Law (MSSP Alert) A newly passed law will compel the U.S. State Department to report its criteria for sales of U.S. cybersecurity tools and services to foreign countries.
'Shot across the bow': U.S. increases pressure on UK ahead of key Huawei decision (Reuters) The United States is making a final pitch to Britain ahead of a U.K. decision on...
()
MP Says Austria Unprepared After Cyberattack on Foreign Ministry (BleepingComputer) The Austrian State Department' IT systems were under a 'serious attack' suspected to be carried out by a state-backed threat group according to a joint statement from the Foreign Ministry (BMEIA) and the Ministry of the Interior (BMI).
China's Password Law and What it Means for the Blockchain Industry (AiThority) In this article, we are providing a quick overview of China's Password Law and what it entails for the blockchain ecosystem globally.
Spanberger bill to build 5G strategy gets House vote Wednesday (Augusta Free Press) Legislation introduced by Rep. Abigail Spanberger to protect next-generation U.S. telecom and mobile infrastructure will come up for vote tomorrow.
Litigation, Investigation, and Law Enforcement
While Law and Enforcement gets some assistance from Apple, they usually turn to Cellebrite to break into iPhones (Patently Apple) Earlier today Patently Apple posted a report titled "Apple has been Working with the FBI to unlock two Phones that the Pensacola Naval Base Terrorist used." The timing of the news from CNBC was timely being that Apple's Senior Director of Global Privacy Jane Horvath was on a panel at CES discussing privacy today. Horvath stated later in the day while on a panel at CES for "Privacy" that iPhones ...
Apple privacy officer says that 'building back doors' to access iPhone data won't help solve crimes (CNBC) For Apple, making sure that customer data is protected if their phone is lost or stolen is paramount to keeping consumer trust.
Privacy International demands Amazon, Google and other cloud companies reveal use of 'cloud extraction' technology (Computing) Privacy pressure group calls for 17 cloud giants to 'protect customer data from legal backdoors'
Google+ Reaches $7.5 Million Data Breach Settlement (Bloomberg Law) Google LLC has agreed to pay $7.5 million to settle a consumer class action over data leaks caused by two software bugs in its now-defunct Google+ social network platform.
Travelex: Met Police called-in last week as Travelex FINALLY admits Sodinokibi ransomware attack (Computing) Travelex statement admits Sodinokibi ransomware outbreak but claims that no structured personal customer data has been compromised,
Man accused of cyber-stalking Central Texas real estate agents (KWTX) At least six cases have been reported in the Waco area.