Cyber Attacks, Threats, and Vulnerabilities
UK On Brink Of Russian Cyber Attack With Fears Putin Will Hit Britain As Soon As World Cup (Information Security Buzz) Earlier this morning, news broke that British spies are on high alert for President Putin to launch another targeted assault on UK infrastructure — or even order a fresh assassination attempt. Andrew Lloyd, President at Corero Network Security: “I can’t imagine that Russia or indeed England are going to enjoy being eliminated from the competition.There …
Top-ranked Australian university hit by Chinese hackers - media (euronews) Australia’s top-ranked university on Friday said it had spent several months fighting off a threat to its computer systems, which media said
Australian University Combats Hack of Computers Blamed on China (Bloomberg Quint) Australian University Combats Hack of Computers Blamed on China
Cyber terrorists target Nigerian govt agencies, banks (Daily Post Nigeria) Hackers believed to be operating from Asia are said to be gearing for a massive cyber-attack targeting banks and government agencies in Nigeria. This alarm
HNS Botnet Recent Activities (360 Netlab Blog) Author: Rootkiter, yegenshen HNS is an IoT botnet (Hide and Seek) originally discovered by BitDefender in January this year. In that report, the researchers pointed out that HNS used CVE-2016-10401, and other vulnerabilities to propagate malicious code and stole user information.
Vietnam Activists Flock to 'Safe' Social Media After Cyber Crackdown (SecurityWeek) Tens of thousands of Vietnamese social media users are flocking to a self-professed free speech platform to avoid tough internet controls in a new cybersecurity law
Trojan Either Encrypts Files or Mines for Cryptocurrency (SecurityWeek) The Rakhni ransomware can deploy a cryptocurrency miner or a file encryptor, based on the victim machine’s configuration.
Nasty browser exploit returns for everyone except Microsoft Edge users (Trusted Reviews) A notorious 'download bomb' exploit has returned with a vengeance after having been patched out in Chrome earlier this year, but not for Microsoft Edge.
Timehop discloses July 4 data breach affecting 21 million (TechCrunch) Timehop has disclosed a security breach that has compromised the personal data (names and emails) of 21 million users (essentially its entire user base). Around a fifth of the affected users — or 4.7M — have also had a phone number that was attached to their account breached in the atta…
Timehop Security Incident, July 4th, 2018 (Timehop) On July 4, 2018, Timehop experienced a network intrusion that led to a breach of some of your data.
Hacker Steals Customers' Text Messages from Android Spyware Company (Motherboard) A hacker has stolen text messages and call metadata from SpyHuman, a firm selling malware to the everyday consumer. It’s the fifth such consumer spyware company to be targeted recently.
SIM card in bird’s GPS tracker used to rack up $2,700 phone bill (Naked Security) Researchers assumed the bird was dead when its GPS signal stopped moving. A few weeks later the team received a giant phone bill.
USB Fans Handed Out at Trump-Kim Summit Deemed Harmless (BleepingComputer) Two separate sources have confirmed that the USB-powered fans handed out at the North Korea-United States political summit that took place on June 12 were most likely clean and not infected with malware.
Malware Infections Drop 20% During World Cup Soccer Games Worldwide (Enigma Software Group USA LLC) Computer malware infections drop 20% on game day in countries that are playing World Cup games: a sign that people are turning off their computers and watching the games instead.
Android devices with pre-installed malware sold in developing markets (Help Net Security) Manu new low-end Android smartphone devices being sold to consumers in developing markets come with pre-installed malware.
DrupalGangster: An old threat actor trying to cash-in off the latest Drupal vulnerability (Akamai) Written by Moshe Zioni, Yossef Daya, and team Akamai Threat Research has observed an increase in attacks attempting to exploit a recent Drupal vulnerability (CVE-2018-7600). Much like recent vulnerabilities in Apache Struts, attackers have attempted to use this exploit for...
What sensitive data is lurking on your old SD card? (Naked Security) SD cards – those tiny devices that go into your camera or tablet – may be small, but they can hold a lot of revealing information.
Crypto Thefts Triple, Driving Growth in Coin Money-Laundering (Bloomberg.com) Criminals are stealing more cryptocurrency from exchanges, and that’s driving growth in a cottage industry of services that allows for money laundering of coins, according to a new report.
Watch Out for This Chrome Tech Support Scam (PCMAG) Scammers are never one to miss an opportunity on the internet, and a Google Chrome browser bug has presented a potentially very lucrative one. Read the details here and don't fall for this underhanded scare tactic.
Tech Support Scammers Revive “Download Bomb” Attack for Web Browsers (Total Security Daily Advisor) Back in February 2018 researchers from antivirus software company Malwarebytes reported on a rash of fake browser alerts that directed people to reach out to Microsoft tech support. These alerts contained generic information about various maladies users picked up while browsing (such as ‘a virus’ or ‘spyware’) and provided an error code and a phone …
The dirty secret about Bitcoin: It's amplifying ransomware, cybercrime, and more (TechRepublic) As Bitcoin grows in popularity, potential buyers need to be aware of risks that go along with it.
German web hosting firm DomainFactory suffers data breach (Help Net Security) DomainFactory, one of the largest web hosting companies in Germany, has suffered a data breach. The attacker had access to a variety of customer info.
Macy's Ecommerce Data Breached Via Third Party, Company Says (Media Post) A third party was able to gain access to customer email addresses and other data, Macy's says, according to a report.
Smart TVs are spying on you through your phone (Naked Security) Smart TVs in millions of homes are using other devices on the same network in order to snitch on everything you watch and everywhere you go.
EDITORIAL: When your TV starts watching you, it's time to demand greater privacy (Chicago Sun-Times) As the federal government loses interest in our privacy, Illinois legislators should step up to protect us from incessant data mining and reselling.
Wisconsin County Reveals Phishing Attack Most Likely to Blame for Data Breach (Security Boulevard) A county in Wisconsin revealed that a phishing attack was most likely to blame for a data breach of some service recipients’ personal information. On 22 June, Manitowoc County posted a statement about the incident to its website. County officials wrote that they first learned of the attack on 24 April. Upon discovery of the … Read More The post Wisconsin County Reveals Phishing Attack Most Likely to Blame for Data Breach appeared first on The State of Security.
Government warns Australians about convincing fake myGov, Medicare phishing scam (CRN Australia) Email asks recipients to input bank details for Medicare payments.
NBN Co says scammers are impersonating its staff (CRN Australia) Warns that some individuals are asking for personal info and bank details.
ExxonMobil Bungles Rewards Card Debut (KrebsOnSecurity) Energy giant ExxonMobil recently sent snail mail letters to its Plenti rewards card members stating that the points program was being replaced with a new one called Exxon Mobil Rewards+. Unfortunately, the letter includes a confusing toll free number and directs customers to a parked page that tries to foist Web browser extensions on visitors.
Despite Chrome’s pending “mark of shame,” 3 major news sites aren’t HTTPS (Ars Technica) Newsweek, Time, and Fox remain vulnerable to injection, man-in-middle attacks.
Security Patches, Mitigations, and Software Updates
What Do Chrome's New Security Warnings Mean for You? (Infosecurity Magazine) What will Google Chrome's security updates mean for Chrome users and website operators?
Chrome and Firefox pull history-stealing browser extension (Naked Security) An extension used by about two million people has been pulled by Chrome and Firefox after it was found exfiltrating browsing data.
All the Ways iOS 12 Will Make Your iPhone More Secure (WIRED) From hacking protections to smarter two-factor, iOS 12 will lock down your iPhone better than ever.
July 2018 Patch Tuesday forecast: The fireworks and the finally (Help Net Security) In this July 2018 Patch Tuesday forecast, Chris Goettl from Ivanti guesses what we might see on the patch side this month.
Cyber Trends
The importance of online security in maintaining the integrity of Tech Giants (Insider) Earlier this year, a host of the world’s biggest tech firms agreed to a joint security charter, designed to guard their customers and products from cyber-attacks.
Linux experts are crap at passwords! (Naked Security) Last week’s megastory was the Gentoo breach that saw an entire online Linux code repository hacked – now we know how it happened…
Hacker vs. Cybercriminals: What's the Difference and Why It Matters (Nerd's Magazine) "Hacker" is often used as a term for one who does anything nefarious online. But calling all hackers criminals is like saying anyone with a gun is a killer
RIP “crypto” (Fayette Advocate) Apple’s Shortcuts will flip the switch on Siri’s potentialThe electric aircraft is taking offAn immodest proposal: it’s time for scooter superhighways
What’s really driving Africa’s cyber-security skills shortage? (IT-Online) A lack of skilled resources is not the only factor behind the cyber-security workforce shortage, writes Rick Rogers, area manager for Africa at Check Point Technologies.
Marketplace
Cybersecurity Startup Safe-T Files for $10M IPO, Looks At Channel For Growth (CRN) Israeli firm Safe-T plans to use the proceeds from the IPO to scale up product marketing and sales, as well as for research and development into new technologies to expand the company's business.
Huawei says ‘unfounded’ lockout by US costing its own consumers US$20 billion (South China Morning Post) While Huawei and ZTE have seen their network equipment sales flourish across the world, US security concerns have kept the two companies from selling infrastructure products to American telecoms operators
ZTE allowed to resume some U.S. business activities just months after 7-year ban issued (Mashable) ZTE was banned by the Commerce Department for repeatedly misleading the U.S. government. President Trump is helping the Chinese company come back.
Is IBM's billion-dollar deal really that big? (CRN Australia) [Comment] Depends how you look at it.
Fortinet: A Better Palo Alto? (Seeking Alpha) Fortinet has been exceeding IT security market growth.
Crypto and venture’s biggest names are backing a new distributed ledger project called Oasis Labs (TechCrunch) A team of top security researchers from the University of California, Berkeley and MIT have come together to launch a new cryptographic project that combines secure software and hardware to enable privacy-preserving smart contracts under the banner of Oasis Labs. That vision, which is being markete…
Startup Think Cyber Security Joins LORCA (Infosecurity Magazine) London Office for Rapid Cybersecurity Advancement welcomes first cohort of businesses
First phase of Augusta's Georgia Cyber Center to open Tuesday (The Augusta Chronicle) The Georgia Technology Authority anticipated about 500 people would RSVP for the Georgia Cyber Center grand opening Tuesday.
Products, Services, and Solutions
DNotes Global Inc Announces Proof of Concept for DNotes Pay Automated Online Payment System (DNotes Global) DNotes Global, Inc. announced on Friday that an experimental Proof of Concept for its DNotes Pay automated online payment tool is now available for download and testing. The new payment system is a streamlined, simplified, and user-friendly tool that provides automatic payment, confirmation, and delivery of digital products.
ALTEN Calsoft Labs Joins ShadowDragon and Cloudly to Build Cybersecurity Practices (Markets Insider) ALTEN Calsoft Labs, a next-generation digital transformation company, rolls out a plan to Prevent Cyber Attack...
Technologies, Techniques, and Standards
What is KMIP and Why Should Anyone Care? (Infosecurity Magazine) KMIP allows the interoperable exchange of data between different key management servers and clients, but why does it matter?
Analysis | The Cybersecurity 202: Twitter's fake account purge can help turn the tide against influence campaigns (Washington Post) That's critical ahead of the midterms.
Cyber in movies is cool, but can the Army do it? (Fifth Domain) Leaders on an Army team that experiments with bringing cyber weapons to the battlefield say their top priority is managing commanders’ expectations.
What it takes to build a zero trust network (CSO Online) Zero trust networks offer better protection against data breaches, but the road to them can be arduous.
In Security, What We Don't See Can Hurt Us (SecurityWeek) When an organization works to expand its field of view and reduce its organizational blind spot, it goes a long way towards improving the organization’s overall information security posture.
Does Your Security Awareness Program Bridge the Generation Gap? (Security Intelligence) As more millennials enter the workforce, organizations should consider different approaches to security awareness training to account for generational knowledge gaps.
Rules automation puts the "Sec" in DevSecOps (Help Net Security) In the DevSecOps model, security teams are integrated into the DevOps process, and they can embed security functions and controls.
Hiring Alone Will Not Solve Government’s Security Problems (Nextgov.com) It's going to take more than increased employees to keep up with vulnerabilities.
WP Security Audit Log: Keeping a watchful eye on your WordPress sites (Help Net Security) The WP Security Audit Log plugin offers reports, email alerts, search, archiving, users sessions management, mirroring, automated reports, etc.
Corps denies using dating apps to recruit new Marines (Marine Corps Times) The Marine Corps has firmly denied encouraging recruiters to use dating apps as a recruiting tool.
The hunter becomes the hunted: How cyber counterintelligence works (Panda Security Mediacenter) Counterintelligence takes as a jumping off point one basic premise: if someone is going to attack your company, the best defense is a good offense.
Design and Innovation
Google AdSense Banned a Random Web Page About a 32-Year-Old Bill Because It Was About Sexual Abuse (Motherboard) A page about a 1986 porn bill got demonetized shows how algorithms can’t be expected to make judgement calls.
Research and Development
Scientists Invented AI Made From DNA (Motherboard) Researchers made a neural network out of DNA that can recognize handwritten numbers.
Don't Just Lecture Robots—Make Them Learn (WIRED) By drawing on prior experience, a humanoid-ish robot can watch a human pick up an apple and drop it in a bowl, then do the same itself, even if it’s never seen an apple before.
Legislation, Policy, and Regulation
Guess which world leader is urging cybersecurity cooperation (Fifth Domain) President Vladimir Putin on Friday called for closer international cooperation in fending off cyberattacks.
Cryptocurrency Exchanges Banned in India (Infosecurity Magazine) Will India's ban on cryptocurrencies drive traders to black markets?
Australia, NZ to sign security pact with South Pacific nations (The Straits Times) Australia and New Zealand are set to sign a wide-ranging security pact with South Pacific nations in September, amid growing concern about nations such as China expanding ties in the region..
Cyber warfare is grave threat, but India is not yet prepared for it: General Hooda (IANS Interview)
(Business Standard) Cyber warfare is emerging as a grave threat with a potential to wreak havoc in a war situation, but India is not yet prepared to handle it effectively, a former Indian Army general has said.
Trump taps DOE veteran to head Homeland Security research arm (Cyberscoop) President Donald Trump plans to nominate William Bryan to be undersecretary for science and technology at the Department of Homeland Security – the top tech adviser to Secretary Kirstjen Nielsen.
Litigation, Investigation, and Law Enforcement
Germany alleged to have spied on Swiss firms in Austria (SWI swissinfo.ch) A dozen branches of Swiss firms in Austria were targeted by German spies between 1999 and 2006, according to the SonntagsBlick newspaper.
Woman dies after being exposed to Soviet-era nerve agent, UK authorities say (CNN) A woman who was exposed to Soviet-era nerve agent Novichok died Sunday, the Metropolitan Police said in a written statement.
Murder inquiry launched after Amesbury novichok victim dies (Times) A woman has died in hospital more than a week after she was exposed to novichok in the first death from the nerve agent attack on Britain that the government has attributed to Russia. The killing...
UK to open a London court specializing in cybercrime (CSO) UK to build a new "cutting edge" court house that will deal with fraud and cybercrime cases.
London cyber court welcomed (Professional Security) A planned court in London for cases of cybercrime, fraud, and economic crime has been welcomed.
How Fracking Companies Use Facebook Surveillance to Ban Protest (Motherboard) Oil and gas companies are discrediting activists using social media to justify banning their protests.
Facebook, Google, Amazon and other tech giants could be non-compliant with GDPR, claims EU consumer group (Computing) AI GDPR compliance tool could be used to web crawl for non-compliant privacy policies
NSO Group bloke charged with $50m theft of government malware (Register) Alleged unethical behavior from a grey hat? Who'd a thunk it?
Employee allegedly stole government spyware and hid it under his bed (Naked Security) Spyware that’s supposed to be sold to governments was stolen and hidden under a mattress while it was offered for sale on the dark web.
When an insider rides Pegasus into the dark web (CSO Online) An NSO Group employee, who'd worked there for only about 90 days, copied the company's Pegasus software and offered it for sale on the dark web for $50 million.
Crooks hack gas station fuel pump to steal 600 gallons of gas (HackRead) Apparently, both crooks were able to hack into a fuel pump with an electronic device to steal 600 gallons of gas.