Cyber Attacks, Threats, and Vulnerabilities
Hackers steal millions of customers' data from Adidas US website (HackRead) Hackers have targeted Adidas US website and stole personal details of millions of customers including contact details.
Adidas Breach Hits US Retail Site (Infosecurity Magazine) Footwear giant the latest big-name brand hit by malicious outsider
Possible Data Breach at Adidas Could Impact Millions of U.S. Customers (SecurityWeek) Adidas is investigating a possible data breach that may have resulted in the information of millions of US customers getting stolen
Facebook Reveals Apps, Others That Got Special Access to User Data (Wall Street Journal) Facebook gave dozens of companies special access to user data, detailing for the first time a spate of deals that contrasted with previous statements that it restricted personal information to outsiders in 2015.
House Energy and Commerce Questions for the Record [Facebook answers] (US House of Representatives) Thank you for your questions for the record from the April 11, 2018 Hearing titled Facebook: Transparency and Use of Consumer Data. Per your request, attached are the answers for the record for your questions.
Worse than Equifax: Personal records of 340M people leaked online (HackRead) A Florida-based marketing company has leaked personal sensitve data of over 340 million people including American citizens.
How Vulnerable Are U.S. Satellites to Cyberattacks? (MeriTalk) While political and military leaders debate the pros and cons of whether the United States needs a separate “Space Force,” Chinese hackers have offered a reminder of two truths: operations in space are extremely important, and the assets used in space are vulnerable to cyberattack.
Researchers Devise Rowhammer Attacks Against Latest Android Versions (SecurityWeek) RAMpage - Researchers devise new type of Rowhammer attacks against the latest versions of Android
The Next Big Cyber-Attack Vector: APIs (SecurityWeek) Application Programming Interfaces (APIs) provide hackers with multiple venues to access an organization’s data and can even be used to cause massive business disruptions.
MacOS Malware Targets Crypto Community on Slack, Discord (Threatpost) New macOS malware targets crypto community via chat networks Slack and Discord.
Clipboard Hijacker Malware Monitors 2.3 Million Bitcoin Addresses (BleepingComputer) While we have covered cryptocurrency clipboard hijackers in the past, most of the previous samples monitored for 400-600 thousand cryptocurrency addresses. This week BleepingComputer noticed a sample of this type of malware that monitors for a over 2.3 million cryptocurrency addresses!
Why cryptocurrency mining malware is the new ransomware (ZDNet) The number of cryptojacking attacks is still growing - and criminals are likely to be looking at exploiting mobile devices as much as PCs in the near future.
Linux distro hacked on GitHub, “all code considered compromised” (Naked Security) Gentoo Linux has been hacked, with “all code considered compromised” on GitHub – fortunately, the master repository is safe.
How your smart fridge might be mining bitcoin for criminals (TylerPaper) Is the web browser on your phone slower than usual? It could be mining bitcoin for criminals.
Phone scam callers 'invaded my life' (BBC News) Joan Denton-Thompson received up to 30 phone calls an hour after scammers hijacked her number.
Perth-based Cyanweb Solutions hit by "criminal hacking", website data and backups lost (CRN Australia) “Worst-case scenario” at Cyanweb Solutions.
Mysterious Algonquin College cyber attack could affect thousands (Ottawa Citizen) Even weeks after its discovery, Algonquin College is still not sure how many current and former students and employees are affected by a cyber attack that breached data banks.However, a news releas…
Cyber attack on Algonquin server may affect thousands of students, employees, school warns (Ottawa Citizen) It’s possible a cybersecurity attack has affected thousands of current and former students and employees at Algonquin College, the school announced Friday.It’s currently conducting a &l…
The Ticketmaster breach – what happened and what to do (Naked Security) 40,000 Ticketmaster customers in the UK and beyond were definitely affected – for the rest of us, maybe change that password anyway…
Comcast says cut fibers triggered nationwide outage and may impact other providers (CNBC) The cable giant said customers may see some interruption for internet, voice and video services.
Restaurant That Booted Sanders Hit by Cyberattack (NBC Bay Area) The website of the Red Hen restaurant in Lexington, Virginia, has been hit by a cyberattack, CNBC reports. The restaurant recently made headlines when it refused to serve White House Press Secretary Sarah...
Security Patches, Mitigations, and Software Updates
Google Expands Android's Compiler-Based Mitigations (SecurityWeek) Google expands compiler-based mitigations in Android P, in an attempt to make bugs harder to exploit and prevent specific types of issues from becoming vulnerabilities
Tinder gets better protection against hackers spying on your love life (CNET) Practice safe swiping.
Your Tinder Swiping Sessions Are More Secure Than Ever (Motherboard) Tinder is now encrypting images and has made it harder to figure out who you’re matching with, and who you’re swiping left and right on.
Cyber Trends
WatchGuard’s Internet Security Report Says Crypto Mining Malware Threats Are Rising (BitcoinExchangeGuide) A new threat intelligence report by WatchGuard Technologies indicates that 98.8 percent of seemingly common Linux/Downloader malware variants were actually designed to deliver a popular Linux-based…
WatchGuard’s Threat Lab Analyzes the Latest Malware and Internet Attacks (WatchGuard) The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Their smart, practical security advice contained in the Internet Security Report will enable you to better protect your organization in the ever-changing threat landscape.
Kaspersky Lab Releases Malicious Crypto Mining “CryptoJacking” Report (BitcoinExchangeGuide) Kaspersky Lab, one of the leading cyber security companies in the world has warned of malevolent personalities who have shifted from ransomware to crypto-jacking. The company, which is based in Rus…
Are privacy and personal identity impossible to protect? (Help Net Security) While consumers and businesses expand their use of social media and electronic services to record levels, many of America’s most knowledgeable security
AIG cyber specialists handle 'one cyber attack per day' (Insurance Post) AIG has reported that its cyber specialist team is handling at least one cyber attack every day, and has seen as many claims notifications in 2017 as in the
Outgoing national cyber chief: 150 monthly attacks on Israeli companies (The Jerusalem Post) Carmeli indicated that there were around five instances each month where the cyber penetration was major enough and important enough to the country to have been reported to the prime minister.
Cybersecurity remains non-core competency for most C-suite executives (Help Net Security) Cybersecurity has therefore become a critical business function, yet it remains a non-core competence for a significant number of boards.
Marketplace
Cyber Command moves closer to a major new weapon (C4ISRNET) A proposal for the next generation cyber operations platform went out to industry recently, however, details are scarce.
ZTE Replaces Board, but Power Structure Remains (Wall Street Journal) Fourteen directors resigned from ZTE’s board as the Chinese telecom aims to get out from under U.S. penalties, but the changes may be less sweeping than they appear.
China's No.2 telecommunications maker, ZTE, still in limbo over US ban (CNBC) The U.S. Department of Commerce still has not worked out the details necessary for lifting the ban on one of China's major telecommunications company, ZTE, even though an official last week said the final steps would be taken in a "couple of days."
Bug Bounty Programs Turn Attention to Data Abuse (Threatpost) More companies – particularly social media firms – may follow Facebook’s footsteps in turning to bug bounty programs to scout out any data privacy abuse on their platforms, experts say.
Over 1,000 Cryptocurrencies and Bitcoin Forks are “Dead Projects,” Concludes Research (BTCMANAGER) While not all digital tokens and cryptographic forms of money end up as a successful project, recently released statistics indicate hard forked coins,
Tenable Files Registration Statement for Proposed Initial Public Offering (PR Newswire) Tenable Holdings, Inc. ("Tenable") today announced that it has filed a...
After 5 years in private, Dell plans to return to public stock markets (Washington Business Journal) Michael S. Dell said on Sunday that he and his financial partner, the investment firm Silver Lake, planned to bring the technology company Dell back to the public markets.
Tysons cybersecurity company Verodin locks in $20M raise (Washington Business Journal) If your company is heavily invested in cybersecurity software, how do you know you’re getting the right bang for your buck?
Preempt raises $17.5 million in Series B for enterprise threat management (Cyberscoop) Preempt says it stops malicious insiders and unwittingly compromised users from exposing data by monitoring their privileges and behavior on the network.
MedCrypt raises $1.9 million to accelerate commercial deployment of cryptographically embedded cybersecurity software for medical device makers (Technology Startups News) MedCrypt, a medical device cybersecurity technology provider, has secured $1.9 million in new funding to accelerate the commercial deployment of cryptographically embedded cybersecurity software for medical device makers. The seed round was led by Eniac Ventures, with participation from Sway Ventures, Nex …
MedCrypt Documents Noncompliance with FDA Cybersecurity Guidelines and Raises Next Round (Medgadget) Earlier this month at the HIMSS Healthcare Security Forum, Dr. Christian Dameff, UCSD Emergency Physician and Clinical Informatics Researcher, presented
Exclusive: Upstart Data Wrangler Raises $25 Million to Take on IBM, HPE and Splunk (Fortune) JASK uses AI and machine learning tech to combat cyber threats.
On path to automate cybersecurity protection, Jask stocks up on tech talent in Austin (Austin Business Journal) With much of its executive team based in Austin and 50 employees, Jask is making the Texas capital its second headquarters. The cybersecurity company just raised an additional $25 million.
Could Kratos Defense & Security Solutions, Inc. Be a Millionaire-Maker Stock? (The Motley Fool) Kratos is building a division at the vanguard of a hot new market, but is that enough to make shareholders millionaires?
ThreatQuotient and The Missing Link Partner to Strengthen Threat Operations in Australia (PRWire) ThreatQuotient™, a trusted threat intelligence platform innovator, today announced a strategic partnership and reseller agreement with The Missing Link, a premium provider of information technology solutions...
SAIC appoints two senior executives (Virginia Business) SAIC has named two new senior vice presidents.
Products, Services, and Solutions
CenturyLink banks on machine learning, artificial intelligence for better security (Fierce Telecom) CenturyLink has boosted its Security Log Monitoring platform by blending in machine learning and artificial intelligence.
Polyverse and PlayNetwork Announce Strategic Cybersecurity Partnership (BusinessWire) PlayNetwork selects Polyverse's Moving Target Defense solution to secure PlayNetwork's CURIOPlayer Z8 & API platform.
How Axel Springer Leverages Continuous Pen Testing (Cobalt) Axel Springer chose to leverage Cobalt's Pen Testing as a Service platform to ensure that its IT infrastructure is properly pen tested and protected. Hear what Henning Christiansen has to say about it.
SonicWall Leans into Mid-Tier Enterprise Market for Next Phase of Company Growth, Leadership with Expansion of Disruptive Cloud-based Platform (SonicWall) View a list of SonicWall press releases here and stay up to date on the latest SonicWall news.
Faraday Future signs up Gemalto for data security, encryption technology (Automotive IT) Digital security provider Gemalto is to supply data security and encryption technology to Faraday Future, which aims to deliver its first FF 91 production vehicle by the end of 2018.
Rohde & Schwarz Cybersecurity Introduces New R&S Unified Firewalls Firewall Line | Rohde & Schwarz Cybersecurity (Rhode & Schwarz) IT security expert Rohde & Schwarz Cybersecurity is expanding its product portfolio with a new firewall line. The R&S Unified Firewalls will be presented at CEBIT 2018: Hall 12 / Booth B06.
GlobalSign, Comodo launch competing IoT security platforms (SearchSecurity) Certificate authorities GlobalSign and Comodo CA have each launched new IoT security platforms designed to protect connected devices and private networks with PKI.
3 Reasons your Bank Needs a Cyber Range (Cyber Startup Observatory) 3 Reasons your Bank Needs a Cyber Range What is a Cyber Range? Much like a flight simulator, a cyber range allows cybersecurity professionals to practice and perfect their skills in an environment that replicates a real-life “battle scenario”.
Forcepoint puts humans at centre of cyber security fight (ITP.net) Tracking human behaviour is key in fight against cyber crime, vendor believes. .
CIT Announces New Cyber Security Offering (Digital Journal) Digital Journal is a digital media news network with thousands of Digital Journalists in 200 countries around the world. Join us!
Brave adds Tor to reinvent anonymous browsing (Naked Security) The Brave privacy browser has added another feature to bolster its blossoming anti-surveillance credentials – the ability to use the Tor anonymity system by launching a tab.
Technologies, Techniques, and Standards
Netskope and ESG Report Highlights Benefits Associated with Mature Cloud Security Strategies (Virginian-Pilot) Netskope, the leader in cloud security, today announced the release of "The Maturity of Cloud Application Security Strategies," a report commissioned by
Cybersecurity and the Intelligence Cycle (Recorded Future) While today's intelligence cycle resembles that of the pre-internet era, the process has been deeply affected by two factors unique to the present day.
Following Russian Attacks, Cyber Exercise Focuses on Infrastructure (MeriTalk) The latest edition of the Army’s annual Cyber X-Games exercise is designed to let Reserve and other cyber warriors team up to train in dealing with real-world situations. It is focused on protecting U.S. infrastructure, an area somewhat outside the norm for the exercises, but one that reflects an emerging potential battleground on the cyber landscape.
Financial Sector’s Cybersecurity Readiness Exercised By Quantum Dawn IV (Mondo Visione) SIFMA today released the summary of key findings from its biennial Quantum Dawn cybersecurity exercise conducted over two days in November 2017 that brought together more than 50 financial and public-sector organizations and over 1,000 industry experts.
Quantum Dawn IV After-Action Report - Quantum Dawn IV After-Action Report (SIFMA) SIFMA released the summary of key findings from its biennial Quantum Dawn cybersecurity exercise conducted over two days in November 2017 that brought together more than 50 financial and public-sector organizations and over 1,000 industry experts.
Security professional: Cyber hygiene more important than ZTE ban for protecting small businesses (Inside Cybersecurity) Providing resources for the implementation of basic security practices may be the most effective way to make small businesses more resilient to cyber attacks, according to cybersecurity professionals testifying before a congressional panel on Wednesday.
How to prevent cyber attacks on your work printers (Stuff) Advice from a security expert on how to prevent your work printers from being attacked by hackers.
Design and Innovation
Can Bots Outwit Humans in One of the Biggest Esports Games? (WIRED) A five-bot team from Elon Musk's OpenAI will compete against professional players of Dota 2, in a test of the powers of machine learning.
Pentagon’s AI Surge On Track, Despite Google Protest (Foreign Policy) In the long term, large government contracts and cutting-edge projects will be hard for tech companies to resist.
Facial recognition is here to stay. And we should all probably accept it (Quartz) There's no putting the cat back in the bag.
Did Satoshi Nakamoto Write This Book Excerpt? A Wired Investigation (WIRED) A mysteriously dropped manuscript and the never-ending hunt for bitcoin's inventor.
Research and Development
DoD stands up its artificial intelligence hub (C4ISRNET) The Pentagon is getting serious about artificial intelligence.
General: Project Maven Is Just the Beginning of the Military’s Use of AI (Defense One) Air Combat Command chief invites tech firms to help build next-gen tools for the Pentagon. Also says dissent "is part of being an American."
Natural Language Processing Fights Social Engineers (Dark Reading) Researchers used natural language processing to detect malicious content in more than 187,000 phishing and non-phishing emails.
Microsoft wants artificial intelligence to catch cheaters on Xbox Live (Digital Trends) The U.S. Patent and Trademark Office published a patent application filed by Microsoft that describes a method of cheat detection for games on a platform level using machine learning. The idea is to bring cheat detection outside the game itself given platforms like Xbox Live and PlayStation Network can’t detect any wrongdoings within the game. To do this, Microsoft proposes using artificial intelligence.
Academia
Degree success for pioneering cyber academy students (Wales 247) The first cohort of students to have attended the pilot of the National Cyber Security Academy (NCSA) have completed their degrees – with a 94% pass rate.
CyberPatriot trains kids to protect America from hackers (NBC News) “I didn't really know what I wanted to do until I joined this club,” said Kaylee, a Colorado high schooler.
Meet the teens being groomed as the future of cyber security (TODAY.com) The new head of U.S. Cyber Command at the National Security Agency says he is prioritizing recruiting cyber security professionals, a profession experts say the world could soon see a shortage of. Now, a group of high school and middle school students are being taught the cutting edge techniques of how to defend America from cyber attacks in a competition called CyberPatriot. NBC’s senior investigative correspondent Cynthia McFadden reports for TODAY.
Legislation, Policy, and Regulation
Can NATO’s new cyber strategy survive risky summits? (Fifth Domain) NATO plans for its 29 members to add cyberwarfare to their joint operations toolkit, a recognition the alliance needs to defend itself online.
Trump will press Putin on election meddling denials: security aide (Reuters) U.S. President Donald Trump will press Russian leader Vladimir Putin on Moscow's denial of meddling in the 2016 presidential election when the two leaders meet next month, national security adviser John Bolton said on Sunday.
Trump eyes executive order expanding power to block deals between U.S., foreign telecom firms (Washington Post) A draft of the document says American telecommunications companies are “attractive targets for espionage, sabotage and foreign interference activity.”
US House backs defence budget of US$675 billion and ZTE and Huawei ban (South China Morning Post) The 359-49 vote sends the bill to the US Senate, where the Appropriations Committee approved a similar measure this week
Banning Software Isn’t the Route to Cybersecurity, Nuclear Security Agency Official Says (Nextgov.com) The government should be focused on mitigating the danger any software can pose, rather than banning software from China and elsewhere, the NNSA CIO says.
House approves 10 bills to secure homeland security, identify cyber threats (Homeland Preparedness News) The U.S. House of Representatives has approved seven bills this week that aim to help the U.S. Department of Homeland Security (DHS) to better identify cyber threats, secure the nation’s borders, shore up transportation security and improve reporting systems for … Read More »
New rule covers purchasing authority for cyber emergencies (FCW) The federal government is moving to expand emergency procurement authority for purchases used to respond to or recover from a cyber attack, according to a new proposed rule in the Federal Register.
FTC Seeks Enforcement Of IoT Device Security (Information Security Buzz) In response to news that the US Federal Trade Commission (FTC) is pressing for IoT device security (link to FTC public notice), including the ability to enforce Internet safety and consumer security standards, and has opened public comments on the proposed mandate, an expert with Corero Network Security commented below. Andrew Lloyd, President at Corero Network Security: “The …
You Should Be ‘Significantly Concerned’ There’s No White House Cyber Coordinator, Policy Experts Say (Nextgov.com) Cyber policy experts also worry we’re going the wrong way on integrating government cyber operations.
The new cyber leader focused on national defense (C4ISRNET) The Cyber National Mission Force has a new commander.
Reps. Khanna and Ratcliffe: It’s Time to Modernize Government Websites (WIRED) Opinion: Two Members of Congress argue that government websites must modernize.
Litigation, Investigation, and Law Enforcement
Time for the Sheriff to ride into the Wild West of Bitcoin? (Asia Times) Crypto-currencies continue to fall as more data suggests the market has been propped by 'wash trade' manipulation strategies
Former Equifax Manager Charged With Insider Trading (SecurityWeek) US securities regulators announce insider trading charges against a former Equifax manager who sold shares in the company before it disclosed a giant data breach
National Crime Agency examines Russian link to Arron Banks (Times) The National Crime Agency (NCA) is examining evidence of new Russian links to Arron Banks, the Brexit campaign’s largest donor. The crime-fighting agency has been handed a cache of the millionaire...
HMRC: 29% Increase in Malicious Site Deactivations (Infosecurity Magazine) Tax office details efforts to combat phishing
Ex-Tesla employee accused of sabotage is crowdfunding $500k to support legal battle (TESLARATI.com) Former Tesla employee and alleged saboteur Martin Tripp is taking the next step in his fight against the Elon Musk-led company. Just recently, Tripp started a crowdfunding campaign to raise half a million dollars for his legal fees and possible travel expenses as he prepares to face the electric car maker in court. The GoFundMe […]
Analysis | The Cybersecurity 202: Maryland scored a win using facial recognition software in Annapolis shooting (Washington Post) But privacy advocates remain worried
Facial recognition found Capital Gazette suspect among 10M photos (Ars Technica) Public Safety official says it's a "valuable tool for fighting crime in our state."
What we know about Maryland’s controversial facial recognition database (TechCrunch) When police had difficulty identifying the man whom they believed opened fire on a newsroom in Maryland, killing five people, they turned to one of the most controversial yet potent tools in the state’s law enforcement arsenal. As The New York Times reports, Anne Arundel County Police Chief T…
Judge slams Tacoma for not releasing stingray records (Ars Technica) "The City upon receiving a request for documents must first do an adequate search…"
Reality Winner's case highlights the need to protect whisteblowers (The Blade) When the government cannot be held accountable, democracy is threatened.
“Inventor of email” appeals ruling that tossed his libel suit against Techdirt (Ars Technica) Tech news site says Shiva Ayyadurai is a "fake," he says it "disregarded" the truth.
EFF Sues to Invalidate FOSTA, an Unconstitutional Internet Censorship Law (Electronic Frontier Foundation) We are asking a court to declare the Allow States and Victims to Fight Online Sex Trafficking Act of 2017 (“FOSTA”) unconstitutional and prevent it from being enforced. The law was written so poorly that it actually criminalizes a substantial amount of protected speech and, according to...
Kaloyeros used disappearing messaging app, former SUNY Poly spokesman testifies (Albany Business Journal) Prosecutors believe Alain Kaloyeros was using private messaging apps and deleting emails because he had something to hide.
California man arrested for sending death threats to FCC’s Ajit Pai over net neutrality (TechCrunch) While many people in this country are angry with current chairman of the FCC Ajit Pai, arguably with good reason, it’s unfortunate that at least one has descended to the level of sending credible death threats and, unsurprisingly, has subsequently been arrested. Shortly after the FCC voted in…
Mississippi man accused of cyberstalking (WTVA News) Orlando Webber could possibly face 25 years in jail five years for each count if convicted.