Cyber Attacks, Threats, and Vulnerabilities
Kampagne "Snake": Neue Hackerattacke auf Politiker, Bundeswehr und Botschaften (SPIEGEL ONLINE) Die Sicherheitsbehörden haben nach SPIEGEL-Informationen einen neuen Hackerangriff auf Abgeordnete, Botschaften und die Bundeswehr entdeckt. Die Spur führt erneut nach Russland.
Germany detects new cyber attack by Russian hacker group -Spiegel (Reuters) Germany detects new cyber attack by Russian hacker group -Spiegel
Accenture: Russian hackers using Brexit talks to disguise phishing lures (Cyberscoop) A notorious Russian hacking group tried to exploit the latest flurry of Brexit-related news to spread malware to unsuspecting victims, according to a report from Accenture released Thursday. APT28, which Accenture refers to as SNAKEMACKEREL, used a malware-laced Microsoft Word document that appeared to be about the United Kingdom’s planned separation from the European Union to try breaching a wide variety of targets’ systems, researchers said.
New PowerShell-based Backdoor Found in Turkey, Strikingly Similar to MuddyWater Tools (TrendLabs Security Intelligence Blog) We analyze delivery documents and malicious backdoors seen in Turkey, which are similar to known tools from cybercriminal group MuddyWater.
Water and Energy Sectors Through the Lens of the Cybercriminal Underground (TrendLabs Security Intelligence Blog) In our research Exposed and Vulnerable Critical Infrastructure: Water and Energy Industries, we found exposed HMIs and how these systems were at risk.
US, allies face cyber threats from Iran (Gulf News) Hackers could re-emerge again to gain infrastructure access into organisations
Cyber attack group targets UAE and Lebanese government officials (The National) Experts warn of need for tighter security to deal with growing threat as suspects try to access police and telecoms regulator systems
Brazilian Financial Malware Spreads Beyond National Boundaries (SecurityWeek) A detailed analysis from security researchers shows how Brazilian financial malware is spreading beyond national boundaries to attack banks in Spanish-speaking countries through South and Latin America, and Portugal and Spain in Europe.
57m Americans’ details leaked online by another misconfigured server (Naked Security) Misconfigured Elasticsearch servers spilled personal details on 57 million Americans, said reports this week.
Zoom Conferencing App Exposes Enterprises to Attacks (SecurityWeek) Potentially serious vulnerability affecting the Zoom conferencing application can allow an attacker to hijack screen controls, spoof chat messages, and kick attendees off a session
Sennheiser discloses monumental blunder that cripples HTTPS on PCs and Macs (Ars Technica) Poorly secured certificate lets hackers impersonate any website on the Internet.
Marriott says 500 million Starwood guest records stolen in massive data breach (TechCrunch) Starwood Hotels has confirmed its hotel guest database of about 500 million customers has been stolen in a data breach. The hotel and resorts giant said in a statement filed with U.S. regulators that the “unauthorized access” to its guest database was detected on or before September 10 …
Marriott: Data on 500 Million Guests Stolen in 4-Year Breach (KrebsOnSecurity) Hospitality giant Marriott today disclosed a massive data breach exposing the personal and financial information on as many as a half billion customers who made reservations at any of its Starwood properties over the past four years.
Marriott Hit by Massive Data Breach: 500 Million Starwood Customers Impacted (SecurityWeek) Marriott International warned that data on roughly 500 million customers staying at Starwood hotel properties had been compromised in a cyberattack that gave unknown attackers access to the Starwood network since 2014.
Marriott Says Up to 500 Million Affected by Starwood Breach (Wall Street Journal) Marriott, the world’s largest hotel company, said it identified a data breach in its Starwood reservation system that may have exposed personal information of up to 500 million guests.
500 million customers affected in massive Marriott hack (Computing) The records of 500 million customers of Marriott Hotel Group have been leaked in a huge data breach, with payment details included
Industry reactions to the enormous Marriott data breach (Help Net Security) Here are reactions from industry leaders about the 500 million guests who made a reservation at a Starwood property are affected by Marriott data breach.
Starwood Reservation Database Security Incident (Kroll) Marriott has taken measures to investigate and address a data security incident involving the Starwood guest reservation database. This site has information concerning the incident, answers to guests’ questions and steps you can take.
Urban Massage exposed a huge customer database, including sensitive comments on its creepy clients (TechCrunch) Urban Massage, a popular massage startup that bills itself as providing “wellness that comes to you,” has leaked its entire customer database. The London, U.K.-based startup — now known as just Urban — left its Google-hosted ElasticSearch database online without a password, allowing any…
Massage app exposes users (Naked Security) Popular massage-booking app Urban left its database wide open.
Your Dunkin’ Donuts account may have been hacked (BostonGlobe.com) The New England coffee chain said hackers obtained usernames and passwords from security breaches at other companies and used them to log into their app, DD Perks.
Dunkin Donuts Perks loyalty data breach: Change your password (HackRead) Dunkin Donuts says it has suffered a data breach in which customer data of its DD Perks loyalty program may have been stolen – The DD Perk is a reward program for the company’s regular customers.
Dunkin’ Donuts Loyalty Points Accounts Are Dirt Cheap on the Dark Web (Motherboard) This week Dunkin’ Donuts announced hackers had broken into customers’ loyalty accounts. So what happens to them once hackers have a wad of loyalty points?
Kaspersky Warns Malware Is Being Reinvented With A Crypto Focus (ETHNews.com) Malware is increasingly crypto-oriented and easy to produce, says a new report from Kaspersky Lab. What’s worse, cryptojacking programs are going undetected on home and company PCs.
Driver loses his car to hackers. TWICE. (Naked Security) He slapped a tracker on the new one and installed CCTV… which did a fine job of recording the thieves’ 90-second-long relay attack.
Security Patches, Mitigations, and Software Updates
Cisco Patches SQL Injection Flaw in Prime License Manager (SecurityWeek) Cisco has fixed a vulnerability in the web framework code of Cisco Prime License Manager that could allow an attacker to execute arbitrary SQL queries.
Hackers can exploit this bug in surveillance cameras to tamper with footage (ZDNet) Researchers have uncovered a vulnerability which can be used to completely compromise surveillance cameras and feeds.
Cyber Trends
Protecting People: A Quarterly Analysis of Highly Targeted Cyber Attacks (Proofpoint) Discover the Q3 2018 cybersecurity threat report. Proofpoint examined which employees receive the most threats, how they are being attacked, then outlined steps to build a defense.
Information Security Forum Forecasts 2019 Global Security Threat Outlook (PR Newswire) The Information Security Forum (ISF), the trusted source that senior security professionals and board members turn to...
McAfee Labs 2019 Threats Predictions Report (McAfee Blogs) Our predictions for 2019 move away from simply providing an assessment on the rise or fall of a particular threat, and instead focus on current rumblings we see in the cybercriminal underground that we expect to grow into trends and subsequently threats in the wild.
Security firm predicts hackers will increasingly use AI to help evade detection in 2019 (TheHill) Hackers will increasingly turn to artificial intelligence to help them evade detection as they carry out their online criminal activities, according to a cybersecurity firm's 2019 forecast.
The Internet Is Going To End Up Like Greece (Foreign Policy) When the big players get away with open fraud, trust disintegrates.
Marketplace
Google Shut Out Privacy and Security Teams From Secret China Project (The Intercept) Google executives ignored internal warnings about their censored China search plan and theatened employees would be fired if they spoke out.
Where Are the Corporate Patriots? (FDD) The U.S. military needed a small vessel that could transport troops and equipment from large oceangoing ships onto the beach. It was the late 1930s and Andrew Jackson Higgins, a small-boat builder in...
Ensuring the UK Cybersecurity Profession Retains a Hotbed of Talent (Infosecurity Magazine) We need to hire efficiently, create champions in the workplace and look at how cybersecurity qualifications are designed
Would you hire a former hacker? (Computing) A panel of experts at Computing's recent Enterprise Security & Risk Management conference argue whether it's a good idea to hire a former black hat for an enterprise security role
Veterans Find New Roles in Enterprise Cybersecurity (Dark Reading) Facebook and Synack create programs to educate vets and grow employment opportunities while shrinking the cybersecurity talent gap.
Venafi Lands $100M Of Funding To Boost Machine Identity Protection (CRN) Some $12.5 million of the proceeds will be made available to third-party developers as part of a new fund focused on build integrations that deliver more visibility, intelligence and automation for Venafi customers
Cyber Favorites: Lockheed and Raytheon (Cyber Favorites: Lockheed and Raytheon) Once the market plunge runs its course I think the most successful cyber security stocks will recover and resume their advances, suggests J
McCain’s staff director to lead strategy for Silicon Valley tech firm, Anduril (Defense News) Former Senate Armed Services Committee staff director Christian Brose will become the head of strategy for Anduril Industries.
Suzanne Spaulding, Former DHS Under Secretary, Joins Nozomi Networks (GlobeNewswire News Room) Former DHS cyber security leader becomes advisor to help drive education, innovation, and adoption of solutions that can protect critical infrastructure and industrial organizations from cyber threats.
Products, Services, and Solutions
Exabeam Announces Smart Timelines and a Single User Interface to End ‘Swivel Chair’ Incident Response (Exabeam) Allows security teams to detect, investigate and respond to critical threats faster and more effectively SAN MATEO,[...]
STANLEY Security Achieves SOC 2 Certification for Sixth Consecutive Year (STANLEY Convergent Security Solutions, Inc) STANLEY Security was named a winner of the Innovative Product Awards at the 2018 Global Security Exchange (GSX) in Las Vegas for STANLEY IntelAssure™.
IBM QRadar Advisor with Watson expands knowledge of cybercriminal techniques (Help Net Security) IBM QRadar Advisor with Watson can help arm analysts of all levels with the knowledge needed to better respond to the threats they're facing.
Gemalto unveils cloud access management enhanced for smart card users (Help Net Security) SafeNet Trusted Access supports smart card credentials access for cloud apps and brings PKI technology to cloud and digital transformation initiatives.
HID Global releases Crescendo Mobile smart card (Help Net Security) HID Global's Crescendo Mobile smart card utilizes digital certificates on users’ mobile devices for client authentication.
MITRE Changes the Game in Security Product Testing (Dark Reading) Nonprofit has published its first-ever evaluation of popular endpoint security tools - measured against its ATT&CK model.
Cisco Offers Cyber Training to UK Police Officers (Infosecurity Magazine) Cisco Offers Cyber Training to UK Police Officers. Over 100,000 officers will gain access to Cisco Network Academy
Technologies, Techniques, and Standards
CrowdStrike CEO on political infosec lessons learned (Q&A) (The Parallax) CrowdStrike CEO George Kurtz shares his perspectives on political-hacking topics ranging from chatbot-seeking AI to security-inept campaign volunteers.
Here's how the private sector wants to fight botnets (Cyberscoop) In an effort protect internet denizens from coordinated, automated cyberattacks, an industry group released an "International Anti-Botnet Guide."
How to beat back botnets (POLITICO) 2019 cyber predictions galore — House approves bill to study IoT
Threat Hunting: Improving Bot Detection in Enterprise SD-WANs (Dark Reading) How security researchers tracked down Kuai and Bujoi malware through multiple vectors including client type, traffic frequency, and destination.
What will forces need in complex EW environment? (C4ISRNET) Top U.S. military officials outlined what is needed to defeat sophisticated adversaries on future battlefields.
Enemy air defenses make electronic warfare a higher priority (C4ISRNET) The United States will need systems to counter advanced enemy air defense systems.
The fundamentals of network security and cybersecurity hygiene (Help Net Security) Getting document permissions and user authentication right goes a long way to ensuring proper organizational security and safeguard data.
How We Detected a Real Empire Exploit Attack During a POC (Security Boulevard) The post describes an attack that was carried out during a POC at a customer site and handled by the SentinelOne Agent and Vigilance service
Blind spots and how to see them: Observability in a serverless environment (Help Net Security) Relinquishing infrastructure control to a provider creates a new set of risks for both development and security teams, including several major blind spots.
A Little Chaos Now and Then is the Best Test for Resilience (Infosecurity Magazine) How Chaos engineering and testing can work for you.
Legislation, Policy, and Regulation
Information security crucial for safeguarding interests of individual and state (Belarus News) Information security is becoming crucial for the realization of balanced interests of individuals, society and the state, Vladimir Archakov, Deputy State Secretary of the Security Council of Belarus, said at the conference.
Trump cancels Putin talks over Ukraine (BBC News) The US president scraps a meeting with his Russian counterpart following a rise in tensions off Crimea.
A decade after Russia hacked the Pentagon, Trump unshackles Cyber Command (POLITICO) Architects of the newest U.S. military command offer rare insights into its origins and mission.
Exclusive: Fearing espionage, U.S. weighs tighter rules on Chinese... (U.S.) The Trump administration is considering new background checks and other restrict...
GCHQ’s not-so-smart idea to spy on encrypted messaging apps is branded ‘absolute madness’ (TechCrunch) Nobody wants to be a third wheel. Unless you’re a British spy. Two of the most senior officials at British eavesdropping agency GCHQ say one way that law enforcement could access encrypted messages is to simply add themselves to your conversations. “It’s relatively easy for a serv…
Analysis | The Cybersecurity 202: Rosenstein to tech companies: Police yourselves or face regulation (Washington Post) The deputy attorney general also called for "responsible encryption."
When does ‘responsible encryption’ equal surveillance? (Fifth Domain) Speaking at Georgetown University Nov. 29, Deputy Assistant Attorney General Rod Rosenstein urged private firms to undertake “responsible encryption” in devices.
House passes SMART IoT Act (FCW) The bill would require the Commerce Department to study the state of internet of things and any existing regulations in the area.
House Democrats Just Sent A Third Letter To Amazon Asking About The Company’s Facial Recognition Software (BuzzFeed News) After a BuzzFeed News report about Amazon’s facial recognition pilot in Florida, seven House Democrats are asking questions about the technology’s accuracy.
Lawmakers say Amazon’s facial recognition software may be racially biased and harm free expression (TechCrunch) Amazon has “failed to provide sufficient answers” about its controversial facial recognition software, Rekognition — and lawmakers won’t take the company’s usual silent treatment for an answer. The letter, signed by eight lawmakers — including Sen. Edward Markey and Reps. Jo…
Litigation, Investigation, and Law Enforcement
U.S. Files Suit to Seize Assets Tied to Alleged North Korean Money Laundering (Wall Street Journal) Companies based in Singapore, Hong Kong and China helped launder more than $3 million on behalf of blacklisted North Korean banks, U.S. authorities have said in a civil lawsuit they filed, seeking to seize the funds.
French official on N Korea spying charges (BBC News) Senate administrator Benoît Quennedey is suspected of "supplying information to a foreign power".
Google’s “deceitful” location tracking is against the law, say 7 EU groups (Naked Security) Seven European consumer organizations are planning to submit a complaint about Google’s location tracking activities to their data protection authorities.
‘Individual 1’: Trump emerges as a central subject of Mueller probe (Washington Post) Investigators have evidence that Trump was in close contact with his lieutenants as they reached out to Moscow and WikiLeaks — and that they attempted to conceal their activities.
Police spend second day searching Deutsche Bank headquarters (Reuters) Police searched Deutsche Bank's headquarters in Frankfurt for a second day ...
Sheryl Sandberg Is Said to Have Asked Facebook Staff to Research George Soros (New York Times) Facebook’s second in command wanted an examination of the billionaire’s financial ties after he delivered a blistering speech about tech companies, said people with knowledge of her request.
Facebook's Bikini App Lawsuit Is Getting Really Ugly (WIRED) It’s an international he said, he said showdown where somehow every party looks bad.
Federal team finds no intrusion on Maryland election systems (AP NEWS) A U.S. Department of Homeland Security team has found no evidence of intrusion on Maryland's election system. A report on the analysis by Hunt and Incident Response Team from the National Cybersecurity and Communications Integration Center was made public Thursday at a Maryland State Board of Elections meeting. Maryland officials had asked for an evaluation after learning in July about a transaction between a venture fund with Russian ties and a company involved in the state's election infrastructure.
DoJ charges Autonomy founder with fraud over $11BN sale to HP (TechCrunch) U.K. entrepreneur turned billionaire investor Mike Lynch has been charged with fraud in the U.S. over the 2011 sale of his enterprise software company. Lynch sold Autonomy, the big data company he founded back in 1996, to computer giant HP for around $11 billion some seven years ago. But within a y…
Judge Refutes SEC’s Claim on Blockvest ICO Token Being a Security, Will Go to Trial (BitcoinExchangeGuide) The crypto world received a surprising win from the U.S. justice system today. Earlier this week, a California judge slapped down an SEC attempt to classify an ICO token as a security. U.S. Distric…
Gang sentenced for installing card skimmers on gas pumps & stealing data (HackRead) On Wednesday, a group of ten individuals including the head of the group received a total of 30 years sentence. The group was involved in installation of card skimmers on gas pumps across five states in the US including main cities of Northeast Ohio.
39 Arrested in Tech Support Scam Crackdown: Microsoft (Dark Reading) Law enforcement officials in India raided 16 call center locations that conned primarily American and Canadian victims.
Victims enrolled in OPM's identity protection service are covered through June, agency says (Federal News Network) Individuals enrolled in the Office of Personnel Management's free identity protection service don't need to take action while recompetes its existing contract over the next six months. OPM's existing contract was supposed to expire on Dec. 31, 2018.
Floyd Mayweather fined $600,000 for undisclosed cryptocurrency plugs (Ars Technica) The boxing champ endorsed Centra, whose founders now face federal fraud charges.