Cyber Attacks, Threats, and Vulnerabilities
Scottish Parliament targeted in 'brute force' cyber attack (BBC News) The Scottish Parliament is targeted in a "brute force" cyber attack, Holyrood's chief executive confirms.
Scottish parliament hit by cyber-attack similar to Westminster assault (the Guardian) MSPs and Holyrood staff warned hackers trying to access numerous email accounts in ongoing ‘brute force cyber-attack’
Fancy Bear bites hotel networks as EternalBlue mystery deepens (Naked Security) The attack, presumably to spy on high-value hotel guests, is textbook Fancy Bear, say researchers
NSA tools used to hack hotels; WikiLeaks in CIA Couch Potato dump (SC Media UK) An on-going malware campaign is targeting hotel and hospitality Wi-Fi networks and being used to glean guest and corporate information.
Leaked SMB exploits make malware powerful, warns Cylance (ComputerWeekly) Four key exploits at the heart of hacking tools leaked by the Shadow Brokers have given malware authors a lot of power, say security researchers.
Threat Spotlight: The Shadow Brokers and EternalPulsar Malware (Cylance) In this blog post, Threat Guidance outline all the SMB exploits leaked by The Shadow Brokers (EternalBlue/ EternalRomance/ EternalSynergy/ EternalChampion), focusing on the shellcode they use and the DoublePulsar backdoor installed by each of the exploits for remotely executing an arbitrary payload DLL.
Hospital cyber attack a matter of life and death (The Bakersfield Californian) A computer virus that infected systems throughout the world earlier this year caused millions of dollars in damages to companies in nearly every industry. It also demonstrated that hospitals may
Petya ransomware: Cyber attack costs could hit $300m for shipping giant Maersk (ZDNet) June's cyber attack will cost international shipping firm hundreds of millions in lost revenue.
Maersk shrugs off $300m cost of cyber attack as freight rates soar (Loadstar) Maersk Line posted a profit of $339m in the second quarter of the year, which compares with a loss of $151m in the same period last year.
FireEye data leaks continue - or are the hackers just trolling? (Security Brief) Hackers have released another batch of information supposedly belonging to cybersecurity firm FireEye, two weeks after the initial data dump.
How much HBO hackers have is hazy; what they want is clear – cash (Naked Security) ‘Mr Smith’, apparently the HBO hackers’ spokesman, is making extravagant claims and increasingly hostile demands
After Shutdown, Daily Stormer Users Are Moving to a Dark Web Version of Site (Motherboard) The past few days have triggered a debate around the responsibility of tech companies to host or provide services for extremist content.
Someone Appears to Be DDoSing the Dark Web Version of The Daily Stormer (Motherboard) "I don't really care about either side," the alleged attacker told Motherboard in an online chat.
Beheading of IRGC fighter unites Iranians (Al-Monitor) Iranians across the country and political spectrum have reacted to the death of Mohsen Hojjaji, an IRGC fighter who was beheaded by the Islamic State, with calls for revenge.
Microsoft PowerPoint exploit used to bypass antivirus and spread malware (ZDNet) It's the first time this exploit has been used to target PowerPoint users -- and it's being used to distribute powerful Trojan malware, say researchers.
Attackers experimenting with CVE-2017-0199 in recent phishing attacks (CSO Online) Researchers at Trend Micro and Cisco's Talos have identified a new wave of Phishing attacks leveraging CVE-2017-0199, a previously-patched remote code execution vulnerability in the OLE (Windows Object Linking and Embedding) interface of Microsoft Office. These latest attacks have paired the vulnerability with others in an attempt to bypass warning messages, but the results were less than stellar.
New Trojan malware campaign sends users to fake banking site that looks just like the real thing (ZDNet) Trickbot is now redirecting to a counterfeit site that displays the correct URL and the digital certificate of its genuine equivalent.
Spam Domains Imitating Popular Banks Spreading Trickbot Banking Trojan (Threatpost) Researchers have analyzed spam campaigns utilizing plausible imitations of legitimate banking domains to spread the Trickbot banking malware.
New Disdain Exploit Kit Sold on Underground Hacking Forums (BleepingComputer) A malware developer using the pseudonym of Cehceny is currently advertising a new exploit kit on underground hacking forums.
Analysis of a Paypal phishing kit (SANS Internet Storm Center) They are plenty of phishing kits in the wild that try to lure victims to provide their credentials. Services like Paypal are nice targets and we can find new fake pages almost daily. Sometimes, the web server isn’t properly configured and the source code is publicly available.
Attackers Backdoor NetSarang Software Update Mechanism (Threatpost) Researchers said that the update mechanism for Korean server management software provider NetSarang was compromised and serving a backdoor called ShadowPad.
Security Exploit in July 18, 2017 Build (NetSarang) On Friday August 4th, 2017, our engineers in cooperation with Kaspersky Labs discovered a security exploit in our software specific to the following Builds which were released on July 18, 2017... As of Aug 15, 2017, Kaspersky Labs has discovered a single instance of this exploit being utilized in Hong Kong.
Seven More Chrome Extensions Compromised (Threatpost) The list of compromised Chrome extensions that hijack traffic and substitute advertisements on victims’ browsers grows.
IRS Phishing Scam Targets Tax Professionals (Email Marketing Daily) The Internal Revenue Service (IRS) is warning about a new email impersonation scam targeting tax professionals.
Blizzard Entertainment hit by massive DDoS attack (HackRead) The web servers of Blizzard Entertainment have suffered a series of massive distributed denial-of-service (DDoS) attacks over the weekend causing disconnec
The Crisis of Connected Cars: When Vulnerabilities Affect the CAN Standard (TrendLabs Security Intelligence Blog) In many instances, researchers and engineers have found ways to hack into modern, internet-capable cars, as has been documented and reported several times.
Hacker unlocks vehicle for family who'd lost keys months ago (HackRead) Our world is full of good and bad people and same applies for hackers. Where there are hackers eager to use their skills for wrong purposes and we have thi
BEC Attacks Don't Always Require Sophistication (Dark Reading) Simple business email compromise scams can con companies out of huge sums of money and don't require much hacking or even social engineering know-how.
The Silent Risk: The Risk of File-Less Cyber Attacks (Infosecurity Magazine) Silent attacks which make it past the gateway and pose the greatest risk to an organization?
Security Patches, Mitigations, and Software Updates
Once Android O arrives, the OnePlus 3 and 3T are getting left behind (TalkAndroid.com) The two 2016 phones from OnePlus will no longer receive major software updates after Android O begins rolling out this year.
Cyber Trends
Caution advised with information security surveys (CSO Online) Cybersecurity reports based on answers from respondents often produce misleading or inaccurate statistics, and they can lead to industry confusion.
IoT Medical Devices a Major Security Worry in Healthcare, Survey Shows (Dark Reading) Healthcare providers, manufacturers, and regulators say cybersecurity risks of IoT medical devices and connected legacy systems a top concern.
US, China and the UK are top regions affected by IoT security threats (Help Net Security) In the IoT ecosystem, cyberattacks are becoming more diverse with cybercriminals taking over home network routers to launch attacks on smart home devices.
Marketplace
Global cybersecurity spending to grow 7% to $86.4BN in 2017, says Gartner (TechCrunch) Analyst Gartner is projecting that worldwide spending on IT security products and services will grow seven per cent, year over year, to reach a total of $86.4..
A Cyber Security Investment Strategy For The Future (Seeking Alpha) Cyber Security ETF's have performed well on average, gaining 10%-17% since February. Having investments across all areas of cyber security is key to a diverse c
Andrew Ng is raising a $150M AI Fund (TechCrunch) We knew that Andrew Ng had more than just a series of deep learning courses up his sleeve when he announced the first phase of his deeplearning.ai last week...
Database provider MongoDB has filed confidentially for IPO (TechCrunch) MongoDB has filed confidentially for IPO, sources tell TechCrunch. The company has submitted an S-1 filing in the past few weeks and is aiming to go public..
ClearSky raises $168M for security vehicle (PitchBook News) ClearSky Capital has raised $168.3 million of a $300 million target for its latest fund, per an SEC filing, which the firm will use to back companies in the cybersecurity, industrial security and...
LPC: DigiCert to back Symantec unit buy with US$1.59bn loan (Reuters) US internet security companyDigiCert's banks have begun sounding out prospective investorsabout the debt financing that will support the company'sacquisition of Symantec’s web certification business, accordingto four sources familiar with the matter.
It looks like Amazon used a small acquisition to catch up with Microsoft Azure on security (CNBC) Amazon Web Services has introduced a data security tool based on a recent acquisition.
3 Key Takeaways From FireEye's Q2 Earnings (The Motley Fool) FireEye is pulling the right strings to get profitable.
Cybersecurity Leader from Slovakia to Build the Next Hub of the Industry (Military Technologies) ESET, a leader in cybersecurity, has today announced its plans to build state of the art new company headquarters on the nine hectare site of the former military hospital at Patronka, close to Forest Park, Bratislava.
NHS Digital signs cyber security agreement with Microsoft (ComputerWeekly) In the wake of the global WannaCry ransomware attacks, NHS Digital has signed a new cyber security support agreement with Microsoft
Akamai Could Get Boost From ESPN Stream (Barron's) A direct-to-consumer offering of ESPN could move the market. Akamai shines as a content delivery network.
Blockchain And IBM's Comeback (Seeking Alpha) IBMs quarter 2 findings are indicative of the corporate future that we can expect. To what extent should the negative press be validated, according to strategic
It's 'curtains' for start-ups as Microsoft 'plugs the gaps' in Office 365 (Computing) Tony Pepper, CEO and co-founder of Egress says that if Microsoft keeps plugging gaps in its Office 365 support offering, it could be 'curtains for a bunch of start-ups'
Give Aussie cyber firms a fair go, says government growth network CEO (CIO) The CEO of the government's Australian Cyber Security Growth Network today implored hundreds of IT professionals to give Aussie security firms a fair go.
World’s Largest Nonprofit Association of Certified Cybersecurity Professionals Surpasses 125,000 Members ((ISC)2) (ISC)2 empowers the cyber, IT, infrastructure and software security experts strengthening the cyber defenses of businesses and government agencies worldwide
vArmour Continues to Showcase Innovation and Momentum with its Unique Security Solutions (Marketwired) Company recognized by the International Business Awards for Product Innovations and Marketing Success
Booz Allen's U.S. Commercial Team Adds Strong Cyber Leadership to Help Clients Protect Against Advanced Cyber Threats (BusinessWire) Booz Allen announced four new senior hires, part of its strategy to build the most skilled and experienced cyber team for commercial clients.
Unisys Names Shalabh Gupta as Vice President and Treasurer (IT Business Net) Unisys Corporation (NYSE: UIS) today announced that Shalabh Gupta has joined the company as vice president and treasurer.
M&T Bank Corp. (MTB) Elects Richard Ledgett to Board of Directors (Street Insider) M&T Bank Corporation (NYSE: MTB) announced the election of Richard H. Ledgett, Jr. of Crownsville, Maryland to its Board of Directors, effective August 15, 2017. Mr. Ledgett was also elected to the Board of Directors of M&T Bank, M&T's principal banking subsidiary.
Products, Services, and Solutions
Q2 2017 Results: Netwrix Auditor 9.0 Released to Combat Ransomware, Contributes to Sales Growth (PRNewswire) Netwrix Corporation, provider of a visibility platform for user...
Infoblox Bolsters Threat Intelligence by Collaborating with Department of Homeland Security (Infoblox) Infoblox Inc., the network control company that provides Actionable Network Intelligence, today announced it is collaborating with The Department of Homeland Security’s (DHS) Automated Indicator Sharing (AIS) program to share feeds on indicators of compromise (IP Addresses and hostnames). Infoblox ActiveTrust® suite provides real-time automated sharing of threat intelligence to deliver stronger and more effective …
Orca Tech signs Forcepoint as its third security vendor since launch (CRN Australia) New security distie gains vendor's full security range.
Wi-Fi hackers halted: Kaspersky Lab introduces secure connection Freemium App for android devices | Latest News & Updates at Daily News & Analysis (dna) Kaspersky Lab introduces its new freemium application, Kaspersky Secure Connection for Android, designed to protect user data transmitted via the Internet.
The Power of Pervasive Encryption (Security Intelligence) The new z14 mainframe from IBM includes a revamped coprocessor that enables pervasive encryption of both at-rest and in-transit data.
AWS launches data security service called Macie with machine learning (ZDNet) Macie is AWS' managed service designed to protect sensitive data across S3 with more data repositories to follow.
Integrating Wapack Labs CTAC with ThreatQ (ThreatQuotient) Most threat intelligence providers just offer curated intelligence, CTAC gives you direct access to the raw data which allows analysts a lot of flexibility.
Maximizing Efficiency with Siemens Cloud-Hosted Security Solutions (Campus Safety Magazine) Siemens cloud solutions allow campus personnel to simplify the security technology installation process and get more done with fewer resources.
New ZoneAlarm Anti-Ransomware Protects Home PCs Against Extortion Attacks (NASDAQ.com) ZoneAlarm adds a critical layer of protection to safeguard consumers against fast-evolving ransomware such as WannaCry and Petya; works alongside installed anti-virus software
WatchGuard’s New Fireboxes Chew Through Encrypted Traffic 94 Percent Faster Than Competitors (CSO) New Firebox M Series appliances help SMBs keep up with the rising tide of encrypted traffic with best-in-class performance and security
Portnox Ensures Secure and Trusted User Access with Continuous Risk Assessment with WatchGuard Integration (BusinessWire) Portnox, a market leader for network visibility, access control and device risk management solutions, today announced its partnership with WatchGuard&
Rackspace rolls out new service for coming European data protection rules (SiliconANGLE) Rackspace rolls out new service for coming European data protection rules - SiliconANGLE
Splunk Beefs Up Cloud Monitoring Tool (EnterpriseTech) As enterprises accelerate the shift to a hybrid private/public cloud model, a growing list of data analytics vendors are stepping up to offer cloud monitor
How an AI-driven industrial immune system could protect oil & gas from cyber attacks (Offshore Technology) Siemens has partnered with Darktrace to bring the AI-driven Industrial Immune System technology to more customers in the oil and gas industry. As critical energy infrastructure is a target for hackers, the importance of securing it should not be...
MozyEnterprise finds a new key for backup security (Search Storage) Dell EMC’s Mozy has unlocked a new encryption key security feature for its enterprise backup product.
Technologies, Techniques, and Standards
NIST Crafts Next-Generation Safeguards for Information Systems and the Internet of Things (NIST) Information systems—from communications platforms to internet-connected devices—require both security and privacy safeguards to work successfully and protect users in our increasingly complex and interconnected world. Toward these ends, the National Institute of Standards and Technology (NIST) has issued a new draft revision of its widely used Special Publication (SP) 800-53,
Here's why the scanners on VirusTotal flagged Hello World as harmful (CSO Online) Last week, on August 10, a security researcher who goes by the handle "zerosum0x0" posted an interesting image to Twitter, it was the code behind a debug build of an executable. The code was 'Hello World' – the training example used to teach new coders. When the executable was submitted to VirusTotal, several firms flagged it as a problem.
Achieve GDPR Compliance with a Data-centric Approach to Security (TechSpective) As companies engage with customers and collect data, it’s important to respect and protect individual privacy. The members of the European Union (EU) are e
What is OAuth? What security pros need to know (CSO Online) The OAuth open authorization framework allows websites and services to share assets among users. It is widely accepted, but be aware of its vulnerabilities.
7 things startups need to know about cybersecurity (CIO) Cybersecurity is now simply one the many realities of doing business today. You should know the risks, and put programs in place that will help you avoid getting hit by cyberattacks down the line.
When it all kicks off: What happens at a security firm when a global malware outbreak occurs? (Computing) McAfee chief scientist Raj Samani explains how security firms respond to a global security crisis
How CFOs Can Partner With CISOs to Strengthen Cybersecurity (Equities) Earlier this year, New York became the first state in the nation to establish cybersecurity regulations to protect consumers and financial institutions. The regulations stipulate that companies must not only implement protocols for mitigating cybersecurity breaches, but also designate a chief information security officer.
Why CEOs need to talk to their CTOs about cybersecurity now (IT Pro Portal) Cybersecurity is one of the biggest threats to businesses right now and CEOs must make it a top priority.
20 Tactical Questions SMB Security Teams Should Ask Themselves (Dark Reading) Or why it pays for small- and medium-sized businesses to plan strategically but act tactically.
It's the doctors who need help as breach notification looms (CRN Australia) [Comment] Mandatory data breach legislation will put huge pressure on healthcare companies of any size.
LA Cyber Lab: New Program to Tackle Cyber Threats (NBC Southern California) Mayor Eric Garcetti announced on Tuesday an unprecedented initiative to freely share information about cybersecurity threats with businesses in the city.
The Cyber Security Of Our Electricity Grid (KnowBe4) Guest Blogger Craig Reeds commented on the safety of our Electricity Grid.
Is your security strategy keeping up? (CSO Online) Has your organization revisited its security strategy to ensure it is founded on the latest in experience, knowledge and security capabilities? Much like your best employees, successful cybercriminals are always evolving their skill sets, uncovering new inroads into your network. Learn about the most effective security controls for your organization.
The best enterprise anti-virus protection may not be enough (CSO Online) Ransomware and other threats often get through signature-based anti-virus protection, giving it a bad rap. However, anti-virus tools still play an important role in the enterprise security strategy.
Design and Innovation
WANs, tunnels and tags are things of the past (Network World) A look at WAN deployments through the ages. The future of WANs is no-WAN.
Toronto Just Got Its First Ethereum ATMs (Motherboard) But... why?
Research and Development
Quantum Internet Is 13 Years Away. Wait, What's Quantum Internet? (WIRED) A Chinese physicist hopes that quantum communications will span multiple countries by 2030. So ... what's it for?
Qubitekk Licenses Oak Ridge Photon Production Method (Photonics) Quantum computing and cryptography technology developer Qubitekk Inc. has non-exclusively licensed a method developed by Oak Ridge National Laboratory (ORNL) to produce photons in a controlled, deterministic manner that promises improved speed and security when sharing encrypted data.
Stanford researchers identify 'ultrathin' semiconductor materials that could enable transistors ten times smaller than anything possible today (Computing) Materials could help shrink electrical circuits from five nanometers to three atoms thick
Intel teases market with 10nm microprocessors codenamed Ice Lake to debut by 2019 (Computing) Coffee Lake, coming within weeks, was supposed to be built on 10nm process architectures
DHS S&T Awards Metronome Software $750K To Strengthen Security Of First Responder Sensor Systems (Electronic Component News) Metronome Software is developing a technology solution that will significantly enhance the security of mobile device-based sensor systems used by first responders with funding provided by the Department...
Academia
UGA named National Center of Academic Excellence in Cyber Defense Research (UGA Today) One of 71 institutions nationwide to hold joint NSA/DHS designation
'Welcome to the future': Dakota State teases big announcement Sunday (Argus Leader) Dakota State University will soon solidify its national standing as a forerunner in cyber security.
Military hack simulated in latest UK cyber challenge (The Engineer) Cyber Security Challenge UK has staged the latest semi-final in its competition to seek out the best young cyber talent in the country.
Legislation, Policy, and Regulation
Cyberspace aggression adds to North Korea's threat to global security (The Conversation) Reports of North Korea's capability of firing nuclear weapons are not the only serious threat to global security. North Korea has also become an aggressive cyber power.
Opinion | China’s Intellectual Property Theft Must Stop (New York Times) Trump is right to crack down on a $600 billion drain on the American economy.
Artificial Intelligence More Dangerous Than North Korea, Elon Musk Tweets (CleanTechnica) We would expect Elon Musk to be a champion of artificial intelligence. After all, it is the cornerstone of the autonomous driving system known as Autopilot that is featured in Tesla automobiles. But he has been warning about the potential dangers of AI since 2014, when he called it the “biggest existential threat” to humanity
China’s new cybersecurity law lacks detail, says Tencent VP (South China Morning Post) Separate report also claims new law only adds to a web of complex data protection laws and regulations, aimed at defending against threats to Chinese sovereignty
Auto Security: Do Feds Have Our Back? (EETimes) Government agencies in the U.S. and the U.K. are working to get ahead of the curve and let the public know that they are concerned about vehicle cybersecurity.
Home Office on the lookout for £80k data protection officer ahead of May 2018 GDPR deadline (Computing) Is an £80k salary really enough for the combination of skills and responsibilities required for the role?
Litigation, Investigation, and Law Enforcement
Hutchins pleads not guilty in Milwaukee court on six charges of writing and distributing malware (Computing) Marcus Hutchins appears in court a week after his release on bail following his airport arrest
Marcus Hutchins Pleads Not Guilty in Milwaukee to Malware Creation Charges, Following FBI Las Vegas Arrest (Casino.org) Marcus Hutchins has found out the hard way that what happens in Vegas definitely does not stay in Vegas.
Obama team was warned in 2014 about Russian interference (POLITICO) In 2014, the administration got a report of Russia’s intention to disrupt Western democracies, including the United States.
New report claims DNC hack was an inside job — not Russia (New York Post) A group of former US intelligence officials contend that the hack of the Democratic National Committee’s computers in 2016 was an inside job.
Former Top NSA Lawyer Talks Spying, Leaks and Cybersecurity in the Age of Trump (Law.com) When Rajesh De was first approached about joining the National Security Agency as its general counsel advisers warned him he might be the last person…
Privacy advocates advise Supreme Court to protect phone location data under the 4th Amendment (TechCrunch) Among the Supreme Court's many upcoming cases is Carpenter v. United States, which will settle the question of whether your location and movements, as..
‘Get rich or die trying’ – Check Point Researchers Uncover International Cyber Attack Campaign (GlobeNewswire News Room) A Nigerian national based near the country’s capital masterminded a wave of attacks on over 4,000 companies in oil & gas, mining, construction and transportation sectors
Uber agrees to 20 years of privacy audits to settle FTC data mishandling probe (TechCrunch) The legacy of Travis Kalanick's fast and loose management style at Uber continues to serve up fresh embarrassments for the embattled, still CEO-less company.
American accused of faking eBay sales to fund US terror pleads guilty (Ars Technica) It’s “first known time ISIS had given money to someone in the US for an attack.”
Secret Service agent, corrupted by Silk Road case, cops to second heist (Ars Technica) Shaun Bridges, who already was given 71 months in prison, awaits a new sentence.