New York City: the latest from the Second Annual Cyber Investing Summit
Former hacker Kevin Mitnick shows WannaCry to Wall Street execs (SC Magazine US) A gathering of Wall Street executives were given a first-hand explanation today on how to secure their companies against phishing attacks by a former hacker.
Cyber Attacks, Threats, and Vulnerabilities
North Korea link to NHS hacking attack (Times (London)) North Korea has emerged as a credible suspect for the ransomware attacks that paralysed parts of the NHS. A source in the security services told The Times that a link was possible after Symantec, a...
Mounting evidence points to North Korean group for global ransomware attack (Cyberscoop) Symantec said it has discovered "strong links" between WannaCry ransomware and the so-called Lazarus Group.
More links between WannaCry and Lazarus group revealed (Help Net Security) Symantec researchers have found more WannaCry Lazarus links. Lazarus is the hacking group believed to be behind the Sony Pictures hack.
Symantec attacked over claims that WannaCry ransomware is the work of North Korea (Computing) WannaCry links to North Korea premature, inconclusive and distracting, claims Institute for Critical Infrastructure Technology
There's Proof That North Korea Launched the WannaCry Attack? Not So Fast! (ICIT) Last week, ICIT urged responsible news outlets to focus on meaningful aspects of the May 12, 2017 WannaCry attack on over 230,000 systems in over 150 countries, such as the desperate need for security-by-design in software and technology, the perpetual failure of organizations across the globe to secure their systems against publically disclosed vulnerabilities and threats, and the hazards of the collection and concealment of exploitable vulnerabilities by governments, agencies, and private organizations.
WannaCry 2.0 is latest threat to company's financial data security (Inc.com) WannaCry 2.0 is latest threat to company's financial data security
Warning after WannaCry sets off fake BT phishing attack (Naked Security) It’s a sad fact that we end up seeing warnings about warnings in the aftermath of a major cybersecurity event
Stamford data-security firms repel cyber attack (StamfordAdvocate) Several local data-security firms report their clients emerged without harm from the global WannaCry cyber attack that struck earlier this month, an outcome they said reflected the strength of those firms’ defenses.
SCADA systems plagued by insecure development and slow patching (Help Net Security) SCADA systems' HMIs are the logical point of attack: if an HMI is compromised, attackers can do anything to the critical infrastructure it manages.
SECURITY: Cyber raises threat against America's energy backbone (EnergyWire) Five years ago, an attack on nearly two dozen U.S. natural gas utilities set off alarm bells in the U.S. intelligence community. A hacker using the nickname UglyGorilla stole troves of sensitive data from gas pipeline companies, breaching the nation's 300,000-mile web of steel that's a critical backbone for the nation's economy. Since then, increased reliance on natural gas for power generation has made the gas transmission system one of the most consequential hacking targets in the country.
Jaff Ransomware Switches to the WLU Extension and Gets a New Design (BleepingComputer) A new variant of the Jaff ransomware was discovered that includes an updated design for the ransom note and the new WLU extension for encrypted files. Like the first variant of Jaff, this new version continues to be distributed through MALSPAM campaigns.
Hackers could target voters, not votes, in UK election (Computing) Accusations of cyber attacks have plagued recent elections worldwide. Here's how the UK election could be hacked (but probably won't be.
Hackers can use subtitles to take over millions of devices running VLC, Kodi, Popcorn Time and Stremio (Help Net Security) By crafting malicious subtitle files for films and TV programmes, attackers can take complete control of any device running the vulnerable platforms.
Botnets: Dawn of the connected dead (Esisoft) Botnets control PCs and IoT devices to take down major websites and wreak havoc online. Are you among them?
Bishop Fox Research Finds 98% of the Top Million Internet Domains Are Potentially Vulnerable to Email Spoofing (PRNewswire) Bishop Fox, a leading global cybersecurity consulting firm, recently analyzed...
Report: The darknet contains a vast treasure trove of stolen Fortune 500 data (TechRepublic) OWL Cybersecurity claims to have indexed over 24,000 darknet domains, and every single Fortune 500 company has some degree of exposure. Here's what that means for you.
Security Patches, Mitigations, and Software Updates
enSilo Protects Millions of Unsupported Windows XP and Windows Server 2003 Users from Future Malware Attacks with Independent Patch for "ESTEEMAUDIT" RDP Exploit (PRNewswire) enSilo, the company that has redefined endpoint security, today announced...
enSilo Releases Free Patch for ESTEEMAUDIT Exploit (enSilo) enSilo has issued a patch that protects vulnerable users from ESTEEMAUDIT, a vulnerability that leaves users exposed to ransomware and other malicious code.
SECURITY BULLETIN: Trend Micro ServerProtect for Linux 3.0 Multiple Vulnerabilities (Trend Micro Business Support) Trend Micro has released a Critical Patch (CP) for Trend Micro ServerProtect for Linux 3.0. This CP resolves vulnerabilities in the product that could potentially allow a remote attacker to execute arbitrary code via multiple vectors.
Trend Micro ServerProtect Multiple Vulnerabilities (Core Security) Vulnerabilities were found in the ServerProtect for Linux update mechanism, allowing remote code execution as root. We present two vectors to achieve this: one via a man-in-the-middle attack and another one via exploiting vulnerabilities in the Web-based Management Console that is bundled with the product.
Cyber Trends
29% Increase In Vulnerabilities Already Disclosed In 2017 (Risk Based Security) Risk Based Security today announced the release of our VulnDB QuickView for the first quarter of 2017. The report shows an unrelenting rise in the number of vulnerabilities being reported. Unless the pace of vulnerability disclosure slows down in the coming quarters, we are looking at yet another record-breaking year.
Data breach activity reaches all-time high (Help Net Security) With over 1,200 breaches and over 3.4 billion records exposed, 2017 is already on pace to be yet another “worst year on record” for data breach activity, a
How quantum computing increases cybersecurity risks (Network World) Quantum computers are expected to arrive within nine years, and organizations better have quantum-safe security if they want to keep their data safe.
As ECommerce Accelerates, So Too Does The Risk Of Cyber Crime (Payment Week) A new survey released by Centre for International Governance Innovation, in collaboration with the UN, reports that consumers around the world are becoming more cautious of online transactions due to the rise in cybercrime and privacy breaches.
Kaspersky: Cyber battleground to shift to critical infrastructure (ARN) Eugene Kaspersky warns that SCADA systems are woefully unprepared for attacks to come.
Building a robust and resilient cyber system (LiveMint) If in previous years cyberattacks could lead to monetary losses, today they can cost lives. Just cybersecurity isn’t enough any more
It’s More Than A Ransomware Attack (Huffington Post India) I often wonder if all of us are under a continuous tactical attack…
IBM Study: Blockchain Adoption on the Rise (Security Intelligence) A new IBM study found that one-third of C-level executives are currently using or planning to implement blockchain technology.
Hackers break deep into vital networks (NewsComAu) International hackers are targeting Australia’s “critical infrastructure and systems of national significance” several times a day, one of country’s most senior cyber crime fighters has warned.
Australian businesses lose $1.7 million to hacking scams (CRN) A report published by the Australian Competition & Consumer Commission (ACCC) showed that 21 businesses lost a total of $1.7 million related to computer hacking scams in 2016.
Marketplace
WannaCry Ransomware Raises Stakes for Cyber-Security Insurance (eWEEK) Insurance companies are already starting to see claims as a result of the WannaCry ransomware worm, though it's still too early to measure the full financial impact.
Baltimore startup raises $3 million to bring cybersecurity to shipping industry (Baltimore Business Journal) A local cybersecurity firm has raised $3 million to develop its software platform aimed at improving real-time tracking in the shipping and logistics industry.
Microsoft to acquire cyber security company Hexadite for $100m - report (Computing) Boston-based AI security company Hexadite counts Hewlett Packard Ventures as a backer
Security Advice From The CEO Of The World's Newest Unicorn - CrowdStrike (Forbes) Last week, CrowdStrike, a cloud-based security company headquartered in Irvine, California raised $100MM in a series D, led by Accel Partners. With this injection of funds, the company has reached “unicorn” status as a venture funded company with a valuation over $1 billion.
Executive Insights: An Interview with Phil Quade (Fortinet Blog) We regularly do deep dive Q&A pieces with our executives to share the leadership perspectives at Fortinet. Read...
root9B Holdings Reschedules Annual Meeting of Stockholders; Updates Status of 10-Q Filing (Benzinga) root9B Holdings, Inc. (Nasdaq: RTNB) ("RTNB" or "the Company") today announced that its Board of Directors has...
The 3 Best Network Security Stocks to Buy in 2017 (The Motley Fool) These three network security experts look like great investments right now. Which one is the best fit for your investing style?
Check Point: Best Play In Cyber Security? (Seeking Alpha) Strategic shift towards focusing on subscription revenue will produce stable cash flows and increase stickiness of customers. Amidst growing cyber-security conc
Proofpoint: If It’s Good Enough For Gartner, It’s Good Enough For You, Says FBN (Barron's) FBN Securities said security vendor Proofpoint is poised to benefit from recent attacks such as the WannaCry malware, which spread mostly through email, an area where it has particular expertise.
3 Reasons the FireEye Inc Rally Will Continue (The Motley Fool) Strong first quarter results reveal some exciting trends that should ensure long-term growth.
Why Security Vendor Symantec May Need Its Own Protection (Market Realist) Competition taking its toll on Symantec
InquisIT awarded Army security contract (C4ISRNET) The company plans to hire more than 20 new employees to support the contract on-site at Fort Belvoir, Virginia.
CACI awarded $21 million task order for naval cyber support (Military Embedded Systems) CACI International Inc announced that it has been awarded a $21 million task order by the Space and Naval Warfare Systems Center (SSC) Atlantic to provide cybersecurity systems support to the Naval Facilities Engineering Command (NAVFAC) to enhance the security of industrial-control systems critical to the U.S. infrastructure. The two-year task order, awarded under the SPAWAR Integrated Cyber Operations contract vehicle, represents continuing business for CACI.
Leidos Secures SPAWAR Contract for Navy ISR Platform Support; Tim Reardon Comments (GovCon Wire) Leidos (NYSE: LDOS) will provide technical assessment, program...
Highest European CISO salaries set to reach €1 million (Help Net Security) With the looming advent of the GDPR, the salary for CISOs at some top European firms is slowly reaching the €1 million mark.
Is the day of the CDO over? Two-thirds of businesses don't have a CDO - and most don't want one (Computing) Numbers have increased in recent years, but demand is tailing off, suggests KPMG survey
Application Security Leader Checkmarx Expands U.S. Footprint with New Atlanta Office (BusinessWire) Checkmarx, a global leader in Application Security Testing (AST), today announced the official opening of a new office location in Atlanta, GA.
Forcepoint Vet John McCormack Named Fidelis Interim President, CEO (GovCon Wire) John McCormack, former CEO of security firm Forcepoint, has been appointed to serve as Fidelis Cyber
Multibillion-dollar security start-up Tanium snares a CTO from Facebook (CNBC) Tanium hired Facebook executive Chris Bream as CTO; co-founder Orion Hindawi will relinquish the title but stay as CEO.
Rapidly Gaining Momentum: Securonix Adds Security Industry Veterans to Executive Team (Marktwired) Securonix appoints Aarij M. Khan as vice president of marketing and Mel Shakir as vice president of product development
Unisys Appoints Government Technology Leader Ann-Marie Johnson to Support and Expand Work with Department of Homeland Security (PRNewswire) Unisys Corporation (NYSE: UIS) today announced that it has appointed...
ARM's Helen Adams making move to Intercede (BOLSAMANIA) Digital identity, credential management and secure mobility company Intercede announced on Tuesday that Helen Adams had joined the executive management team as the group's chief sales officer.
Products, Services, and Solutions
Columbus Collaboratory Extends Its Information Sharing, Analysis Capabilities Through Strategic Partnership With TruSTAR Intelligence Exchange Platform (Marketwired) Columbus Collaboratory ISAO is Ohio's first ISAO capable of producing analytics-enhanced intelligence products and supporting real-time exchange of cybersecurity intelligence among collaborating companies via TruSTAR platform
Cylance Delivers First AI-driven Endpoint Detection and Response Solution with Introduction of CylanceOPTICS (BusinessWire) Cylance® Inc., the company that revolutionized traditional antivirus with AI-powered threat prevention, announced the general availability of Cyla
Flashpoint Intelligence Platform 3.0 Provides Finished Intelligence Experience and Advanced Customizations (Marketwired) New innovation further extends organizations' ability to apply business risk intelligence across the enterprise and address diverse use cases
The Media Trust's Digital Risk Management service prepares organizations for the EU General Data Protection Regulation's effect on consumer-facing digital properties (PRNewswire) The European Union's General Data Protection Regulation (GDPR) governing...
Netwrix Auditor Saves Danish Local Authority up to 40 Hours per Month on Compliance Monitoring (Netwrix) The Municipality of Roskilde gains centralized control over critical systems to assure data security and automate compliance efforts
How Nerdio Provides a One-of-a-Kind Security Analytics Solution (Nerdio) Cloud security has become increasingly important as malware continues to evolve. See how Nerdio and Observable Networks tackle this issue.
eGlobalTech Announces Availability of “DevOps Factory (TM)” Across U.S. Federal Government, Accelerating Delivery of Secure IT Solutions (Military Technologies) With advanced security and cloud deployment automation tools, this proven DevOps framework provides secure, scalable and cost-effective IT solutions for federal customers
Thycotic Introduces Privilege Ready Program to Further Protect Against Cyberattacks (PRNewswire) Thycotic, a provider of privileged account management (PAM) solutions for...
Optiv Security Enhances Third-Party Risk Intelligence Capabilities to Address Continuous Cyber Security Risk Monitoring Challenges (BusinessWire) Optiv security announced it has enhanced the intelligence capabilities within its third-party risk management platform, Evantix, to address organizati
Did You Know We Have A Knowledge Base? (ThreatConnect) From guides to training videos and best practices, ThreatConnect’s Knowledge Base has everything you need to use the Platform to its fullest potential.
AT&T delivers new security features for business networks - Computer Business Review (Computer Business Review) AT&T enhances security for business networks with new applications deployed across its network functions platform, which adds services for business custom
NetCentrics Implements Tanium™ for Government Agency to Enable Rapid Response to Cyber Threats (PRNewswire) NetCentrics Corporation, a leading provider of enterprise IT services and...
Light Point Security Eliminates Web Threats and Increases User Productivity for One of the Nation's Largest Administrators of Employee Benefits (PRNewswire) Light Point Security, creators of the Light Point Web Full Isolation...
Microsoft Just Built A Special Version of Windows For China (Fortune) New software will satisfy the needs of the Chinese government.
EY to help businesses comply with EU General Data Protection Regulation in collaboration with Microsoft (PRNewswire) EY announced today that it is collaborating with Microsoft on a broad approach...
New software adds secure authentication to any enterprise application (BetaNews) Increased numbers of phishing and other cyber attacks are putting companies under greater pressure to secure their applications.
Vera Unveils First Data-Centric Security Solution with Multi-factor Authentication (Marketwired) Vera (vera.com), the leader in data-centric security enabling businesses to secure, track and share any type of digital information, today announced support for multi-factor authentication (MFA) solutions by Duo Security, RSA SecureID and Twilio.
Technologies, Techniques, and Standards
EU security think tank ENISA looks for IoT security, can't find any (Register) Proposes baseline security spec, plus stickers to prove thing-makers have complied
WannaCry 2.0: Detect and Patch EternalRocks Vulnerabilities Now (Tenable) A new network worm dubbed EternalRocks is making the news this week as the successor to the WannaCry ransomware.
Buy vs. Build: Tales from the Trenches (ThreatQuotient) In mid-2010 I was running a large Defense contractor SOC and was forced to build what’s currently known as a threat intelligence platform (TIP).
Design and Innovation
'Game changer': Army wants an unmanned electronic warfare vehicle (C4ISRNET) What the Army envisions is a small robot weighing 15 to 20 pounds, with enough battery power to provide intelligence to ground units for up to four hours.
Warbot Ethics: A Framework for Autonomy and Accountability Warbot Ethics: A Framework for Autonomy and Accountability (Strategy Bridge) Rapid improvements in robotic technologies are presenting both civilian policy makers and military leaders with uncomfortable ethical choices.
Academia
Waikato Uni and Tonga team for cyber security (Computerworld New Zealand) The University of Waikato’s Cyber Security Lab and the Government of Tonga have signed a MoU to collaborate on cyber security issues.
Legislation, Policy, and Regulation
Rogers: U.S. is ‘using cyber offensively against ISIS’ in a legal way (Washington Post) Adm. Michael S. Rogers, the head of U.S. Cyber Command and the National Security Agency, told a House Armed Services subcommittee on May 23 that the U.S. is “using cyber offensively against ISIS” in a legal way.
Manchester bombing: France reinforces security, intel relationship with Britain (Defense News) The French armed forces minister has spoken with her British counterpart regarding the deadly bomb attack on the evening of May 22 at Manchester, England.
Trump promises solidarity with U.K. against ‘evil loser’ terrorists (POLITICO) The president refused to call the Manchester attacker a monster because ‘they would like that term.’
China imports from North Korea fall as sanctions start to bite (South China Morning Post) Beijing has curbed purchases of coal from North Korea as part of efforts to pressure Pyongyang into ending its nuclear weapons programme
Government plan to try, once again, to force tech companies put back doors into encryption (Computing) War against encryption to be re-ignited after election
Take the first step toward good global data sharing rules (TheHill) OPINION | Privacy advocates and law enforcement advocates have many issues about which they disagree – any one of which might sidetrack these useful first steps toward reform. We should not let those issues derail reforms on which most agree.
Trump budget seeks $1.5B for Homeland Security cyber unit (TheHill) NPPD would receive $1.5 billion for cybersecurity, infrastructure protection.
CyberCom seeks 16 percent budget surge for 2018 -- FCW (FCW) U.S. Cyber Command is seeking $647 million in funding for fiscal year 2018, a 16 percent boost over 2017 funding, to support cyber mission forces and elevation to a full combatant command.
Litigation, Investigation, and Law Enforcement
The Manchester bombing was no lone wolf attack — Salman Abedi had help (Times (London)) Counter terrorism agencies have been at full stretch for months, all the time expecting Islamic State and its followers to lash out in the West as its strongholds in Iraq and Syria are encircled.
Libya terror link to Manchester attack (Times (London)) The suicide bomber who murdered 22 people at a concert in Manchester had recently returned from Libya, it emerged last night as Britain was put on alert for another imminent attack. Thousands of...
Appeals court decision keeps lawsuit against NSA surveillance alive (TheHill) A federal appeals court on Tuesday reversed a lower court’s decision to dismiss Wikimedia’s lawsuit challenging the National Security Agency’s (NSA) mass interception of Americans’ international digital communications.
Brennan: Russia may have successfully recruited Trump campaign aides (POLITICO) The former CIA director also says the FBI probe into whether Russia meddled in the election is "well founded."
Former CIA Director Outlines Russian Playbook for Influencing Unsuspecting Targets (Foreign Policy) John Brennan told lawmakers that intelligence revealing communications between American and Russian officials "raised questions" about cooperation for him.
Senate Intel panel issues subpoenas to Flynn businesses (TheHill) The leaders of the Senate Intelligence Committee on Tuesday announced that they were issuing two additional subpoenas for businesses associated with former national security adviser Michael Flynn.
Military Officials Testify on Cybersecurity at SASC Hearing (DVIDS) Coast Guard Vice Adm. Marshall Lytle III, Joint Staff director of command, control, communications and computers/cyber and chief information officer; Navy Vice Adm. Michael Gilday, commander of U.S. Fleet Cyber Command and U.S. 10th Fleet; Lt. Gen. Paul Nakasone, commanding general of U.S. Army Cyber Command; Maj. Gen. Christopher Weggeman, commander of 24th Air Force and Air Forces Cyber; and Maj. Gen. Loretta Reynolds, commander Marine Corps Forces Cyberspace Command, testify on cybersecurity before the Senate Armed Services Committee, May 23, 2017.
House panel doesn't bring up Trump to Rogers (CNN) National Security Agency Director Adm. Mike Rogers was at the heart of a bombshell report Monday that President Donald Trump asked him and Director of National Intelligence Dan Coats to dispute to publicly deny evidence of collusion between his campaign and Russian officials.
Homeland Security Dems respond to rumored Trump retaliation plan (TheHill) "We are deeply concerned by reports of plots within the White House to make false statements about a critical cybersecurity information sharing program in an effort to draw attention away from the President’s reckless decision to share classified information with Russian officials," said Ranking Member of the House Committee on Homeland Security Bennie Thompson (D-M.S.) and committee member Rep. Cedric Richmond (D-L.A.) in a letter to the White House.
Man acknowledges trying to sell satellite secrets to Russia (Federal Times) Gregory Allen Justice entered pleas Monday to two felonies: economic espionage and violating the Arms Export Control Act.
Russian Police Apprehend Criminal Gang Behind Cron and PonyForx Malware (BleepingComputer) Russian authorities have arrested the Cron malware gang, responsible for selling the Tiny.z Android banking trojan and the PonyForx Windows infostealer.
Digital watermark leads police straight to Bollywood pirates (Naked Security) Digital signing led police to the would-be extortionists – a welcome turnaround for the movie industry after a run of thefts
Man jailed for stealing images and details from more than 50 women (Naked Security) When someone like this is caught and jailed it’s a sobering reminder to check our own digital footprint – here are some tips to help you secure your information