- Cyber Attacks, Threats, and Vulnerabilities
- LendingClub and OnDeck shares
- Security Patches, Mitigations, and Software Updates
- Market Overview
- Cyber Trends
- IPO Fever: The Best New Public Offerings
- Symbol Lookup
- Products, Services, and Solutions
- Technologies, Techniques, and Standards
- Design and Innovation
- Financial Services
- Legislation, Policy, and Regulation
- Litigation, Investigation, and Law Enforcement
Cyber Attacks, Threats, and Vulnerabilities
Cyberwar: Greek & Turkish hackers target each other's media outlets(HackRead) The cyberwar between Turkish and Greek hackers is at peak with both targeting news and media outlets of each other.
Variant of SynAck Malware Adopts Doppelgänging Technique(Threatpost) Ransomware adopts Process Doppelgänging technique to avoid antivirus researchers and avoid detection in a newly identified malware double threat targeting users in the U.S., Kuwait and Germany.
SynAck Ransomware Uses Process Doppelgänging for Evasion(SecurityWeek) SynAck has become the first ransomware family to leverage the Process Doppelgänging technique in an attempt to bypass security products, Kaspersky Lab reports.
Unpatched Flaws Expose Lantech Industrial Device Servers to Attacks(SecurityWeek) Researcher discovers critical vulnerabilities in Lantech industrial device servers.
No patches from the vendor
Even North Korea has an antivirus program—but it’s used for spying(The Parallax) When researchers inspected the ingredients of SiliVaccine, North Korea-developed Windows antivirus software, they found a mix of spyware and old stolen Trend Micro code.
Top 50 websites in Australia serving 'risky code' to visitors(Security Brief) Seven of Australia’s most popular websites served active code from risky ‘background sites’, says Menlo Security.
Why DDoS Just Won't Die(Dark Reading) Distributed denial-of-service attacks are getting bigger, badder, and 'blended.' What you can (and can't) do about that.
Study: Attack on KrebsOnSecurity Cost IoT Device Owners $323K(KrebsOnSecurity) A monster distributed denial-of-service attack (DDoS) against KrebsOnSecurity.com in 2016 knocked this site offline for nearly four days.
Ransomware Is Coming; It'll Make You Wannacry(The Weekly Standard) Imagine that in a few days, or maybe a few years, the United States suffers an unprecedented ransomware attack.
ZeroFox's Phil Tully on AI-powered phishing attacks(Cyberscoop) ZeroFox's Phil Tully talks with Greg Otto on ways that AI can read various social media channels in order to craft highly personalized phishing attacks.
Cryptojacking Campaign Exploits Drupal Bug, Over 400 Websites Attacked(Threatpost) Hundreds of sites vulnerable to 'Drupalgeddon 2.0' have been impacted by a massive cryptomining campaign.
Crooks exploit Facebook to spread crypto miner malware(Security Boulevard) Social networks are a privileged attack vector that could be used by cybercriminals to spread malware to a wide audience.
In the last month’s security experts discovered many strains of malware... Go on to the site to read the full article
Is your business the victim of cryptojacking?(Dynamic Business) Cryptojacking – where cybercriminals hijack CPU power and electricity from unsuspecting computer users to mine cryptocurrencies – can cripple a company’s network, increasing their costs and reducing productivity, warns Fernando Serto, Head of Security Technology and Strategy at Akamai Technologies...
Bitcoin network 3 to 10 times more 'evil' than rest of the internet(CSO Online) New research published by Rapid7 reveals that the bitcoin network is at least three times "more evil" than the entire internet.
Bad guys have something new to play with!
LendingClub and OnDeck shares
What Is SQL Injection and How Can It Hurt You?(eSecurity Planet) Using SQL injection, hackers can wreak havoc on databases and data-driven applications.
Fortunately, there are ways to reduce SQL injection risk.
Cyber attack affects thousands of members of Sheffield's Credit Union(Star) Thousands of members of Sheffield's Credit Union have had their personal details accessed in a cyber attack.
Hackers Deface Canon Security Cameras in Japan(BleepingComputer) Hackers have defaced tens of Canon security cameras across Japan, local media reported, printing the phrase "I'm Hacked.
bye2" on the video feeds of affected devices.
Tech watchdogs call on Facebook and Google for transparency around censored content(TechCrunch) If a company like Facebook can’t even understand why its moderation tools work the way they do, then its users certainly don’t have a fighting shot.
Anyway, that’s the idea behind what a coalition of digital rights groups are calling The Santa Clara Principles (PDF), “a set …
Google slams “for-profit bail-bond providers,” won’t let them advertise(Ars Technica) Activists want limits on companies that profit from arrest of minorities.
Security Patches, Mitigations, and Software Updates
Lenovo Patches Arbitrary Code Execution Flaw(Threatpost) Lenovo warns of a high-severity bug impacting its System x line of servers, along with a medium-severity buffer-overflow vulnerability affecting its popular ThinkPad line.
Logitech Patches Several Flaws in Harmony Hub(SecurityWeek) FireEye researchers discover several vulnerabilities in Logitech’s Harmony Hub home control system.
Flaws patched with firmware update
Twitter has an unlaunched ‘Secret’ encrypted messages feature(TechCrunch) Buried inside Twitter’s Android app is a “Secret conversation” option that if launched would allow users to send encrypted direct messages.
The feature could make Twitter a better home for sensitive communications that often end up on encrypted messaging apps like Signal, Telegram…
Toward transitive data privacy and securing the data you don’t share(TechCrunch) We are spending a lot of time discussing what happens to data when you explicitly or implicitly share it.
But what about data that you have never ever shared?
IPO Fever: The Best New Public Offerings
Import: European Regulations(Wall Street Journal) Apple, Facebook, Twitter and wireless-speaker company Sonos are among the U.S. companies implementing the EU’s General Data Protection Regulation, or GDPR, which takes effect later this month.
How much GDPR risk is hiding in your data?(Security Boulevard) How much risk is hiding in your in the data in your enterprise?
Probably quite a bit.
Intelligent Machines Will Teach Us—Not Replace Us(Wall Street Journal) Former world chess champion Garry Kasparov on the overblown fears about AI.
Automation is changing our world, embrace a new normal(Computing) Digital is more than just a buzzword, it's the foundation for many organisations strategies today.
Human Bus Drivers Will Always Be Better Than Robot Bus Drivers(Motherboard) Some jobs can't be automated.
The Impending Facial Recognition Singularity(SecurityWeek) Facial recognition systems are becoming cheaper, better, easier to use, and more widely deployed, while social media platforms are creating an ocean of easily identifiable faces that are widely accessible.
Amid escalating cyber attack risks, British companies are still not ready(City A.M.) Last week, in an unprecedented move, the British National Cyber Security Centre (NCSC) issued a joint statement with the FBI and the US Department of Justice...
Doc Used to ID Satan Worship May Also Describe Computer & InfoSec Enthusiasts(BleepingComputer) A document distributed by Police to identify Satanic Worshippers during the "Satanic Panic" of the 1980s has criteria that many teens, computer enthusiasts, and security researchers may identify with.
Mumbo-Jumbo Conquered the World and Created Confusion around Security Analytics(Infosecurity Magazine) how poor explanations and bad scientific method have twisted belief and understanding in both science and security analytics.
Facebook's Growing Privacy Concern(SecurityWeek) A December 2017 study by Cliqz and Ghostery found that Facebook monitors nearly one-third of global internet traffic regardless of whether the user is a member of Facebook or not.
Carbon Black: Decent Upside Possible After 26% IPO Jump(Seeking Alpha) Carbon Black shares jumped 26% on their first day of trading to close near $24, from an original IPO price of $19.
Shares priced at the high end of the $17-19 r
CFO's Tech Companies to Watch 2018: Exabeam(CFO) Five-year-old Exabeam brings a big-data approach to security information and event management.
Hinson Joins MMM to Lead Cybersecurity & Privacy Practice(Morris Manning & Martin, LLP) Elizabeth “Bess” Hinson has joined Morris, Manning & Martin, LLP, an AmLaw 200 firm, to chair the firm’s Cybersecurity & Privacy Practice.
MKACyber Appoints Stephen Cox as Vice President of Software Development(Benzinga) Technology Veteran Will Draw on Security Experience to Further MKACyber's SOC Solutions
Products, Services, and Solutions
Comodo Cybersecurity and MSi Unveil Integrated IT/OT/SOC Security Architecture at Hack New York City(PR Newswire) Comodo Cybersecurity, a global innovator and developer of cybersecurity...
Aporeto Collaborates with Red Hat to Deliver Certified Security Capabilities for Red Hat’s OpenShift Container Platform(Aporeto) Aporeto, a Zero Trust security solution for microservices, containers and the cloud, today announced its collaboration with Red Hat, the world’s leading provider of open source solutions.
LookingGlass Acquires Threat Intelligence Platform From Goldman Sachs(SecurityWeek) Threat intelligence solutions firm LookingGlass Cyber Solutions has acquired the Sentinel threat intelligence platform developed by Goldman Sachs.
GDPR Rails: Community GDPR compliance tool(Help Net Security) GDPR Rails is an open source tool set designed to help small to mid-sized businesses (SMBs) comply with the General Data Protection Regulation.
Threat Sketch Announces the Formation of the Triad Cyber Round Table(PR Newswire) Threat Sketch, a leading cybersecurity firm, announces the formation...
Technologies, Techniques, and Standards
When the network is the internet, how do you secure it?(CRN Australia) Wide area networks pose a challenge to resellers.
Why collaboration can be a killer app for defense(Help Net Security) In this podcast recorded at RSA Conference 2018, Travis Farral, Director of Security Strategy at Anomali, talks about the impact of blue team collaboration.
Discover why collaboration is important, and how it can impact your organization.
Preventing the Cloud from Becoming a Digital Dumping Ground(Infosecurity Magazine) Cloud has perhaps had the biggest impact on security owing purely to its scale.
Why the Legacy of IPS May Guide the Future of Threat Hunting(Bricata) The history of intrusion prevention systems (IPS) in the context of evolving cyber threats is instructive for understanding why the emphasis today should center on rapid detection and threat hunting.
#ids #ips #snort
What is cyber resilience? Building cybersecurity shock absorbers for the enterprise(CSO Online) Sure, you’ve prepared for attacks and breaches, but how well can core business processes function when a crisis hits?
Singapore organizations caught in 'patching paradox'(Security Brief) Singapore organizations say they don’t have the resources to keep up with the volume of patches required to remediate software flaws.
Rapid7's Tod Beardsley on the rise in DDoS attacks(Cyberscoop) Tod Beardsley, research director for Rapid7, talks with Greg Otto about the recent rise in DDoS attacks and what enterprises can do to guard against them.
Cyber Command, NSA open new $500 million operations center(Fifth Domain) Cyber Command and NSA mark the opening of a new integrated cyber facility and joint operations center.
Design and Innovation
Build security into software up front: Believe it or not, it's cheaper and faster(Help Net Security) The financial benefits of finding and fixing defects throughout the software development life cycle (SDLC), starting at the very beginning, ought to make doing it a no-brainer.
It is both easier and cheaper. One should build secure software from the ground up.
Legislation, Policy, and Regulation
Xi Jinping and the 'Chinese Dream'(Deutsche Welle) This DW series explores China's rise as a global superpower. In this article we examine the "Chinese Dream," which shapes the present and reaches far into the future, encapsulating President Xi's vision for the country.
Cyber Defenders Eyeing Path to Attack Mode(MeriTalk) Military cybersecurity officials said at MeriTalk’s Tenable GovEdge 2018 event on May 3 that they can focus more on taking the fight to adversaries if the private sector can continue to provide the military with strong network defense technologies.
United States Cyber Command: The new functional combatant command(SOFREP) As technology rapidly changes, the battlefield changes with it.
The DOD is seeking to step up its game when it comes to threats from the internet.
Russia blocks 50 VPNs & Anonymizers amid Telegram crack down(HackRead) Russia's Roskomnadzor has blocked over 50 VPNs and other anonymity services amid its crackdown against the Telegram messaging service.
Are VPNs Legal In Your Country (196 Countries Reviewed)(TheBestVPN.com) VPNs are legal, generally.
It depends largely on the country you’re physically sitting in while using a VPN. But even then, their laws and restrictions are often opaque. What’s legal vs. illegal is not always clear.
Some activities, while frowned upon, are still shrouded in the grey area. In this research, we fact-checked 196 countries …
Senate Wants More Cyber Intelligence(Nextgov.com) The Senate Sergeant at Arms is looking for an automated cyber intelligence platform that does it all.
Pentagon development of AI, quantum tech urged in defense bill(Fedscoop) The committee is calling on the DoD to take a deeper look at how it can leverage emerging technologies in next year’s funding bill.
NDAA draft would slash number of CIOs in DOD, boost cyber workforce(FCW) The House Armed Service Committee's 2019 defense spending bill also calls for more detail on the Pentagon's controversial JEDI cloud acquisition program.
Senate panel advances Trump’s DHS cyber pick(TheHill) President Trump’s choice to lead the Department of Homeland Security’s (DHS) cybersecurity and critical infrastructure protection efforts advanced from a key Senate panel on Monday.
The State Department might designate a cyber ambassador(Federal Times) A Department of State reauthorization bill includes a proposal to elevate a proposed Bureau for Cyberspace and the Digital Economy.
Gina Haspel Will Likely Be The First Woman To Run The CIA.
Who Is She?(WAMU) She's already made history within the intelligence agency as a skilled spy. But there are deep concerns about torture that happened during her tenure.
National security officials preparing contingency plans if Haspel's nomination fails(CNN) National security officials and some Republicans are preparing contingency plans in case President Donald Trump's nominee to lead the CIA, Gina Haspel, falters amid questions about her past role in the George W.
Bush-era extreme interrogation program and destruction of videotapes of waterboarding, five sources familiar with the matter tell CNN.
States await election security reviews as primaries heat up(Virginian-Pilot) With the midterm congressional primaries about to go into full swing, the Department of Homeland Security has completed security reviews of election systems in only about half the states that
Nebraska and Iowa — but not many others — had security checkups of election systems(Omaha World Herald) With the midterm congressional primaries about to hit full swing, the Department of Homeland Security is playing catch-up in helping to ensure that state election systems are secure against cybertampering
Verizon Drops Out Of Coalition Opposing California Privacy Proposal(Media Post) "Verizon has decided not to continue with the coalition so that we can focus our efforts on creating a national framework for privacy and related issues -- and not a state-by-state approach," a spokesman says.
Connecticut tasks law enforcement with cyber duties(GCN) The Connecticut Cybersecurity Action Plan calls for a dedicated entity to investigate cybercrimes and threats to individuals, businesses and critical infrastructure.
Litigation, Investigation, and Law Enforcement
Equifax Updates SEC on Breached Data Types and Volumes(Infosecurity Magazine) Equifax Updates SEC on Breached Data Types and Volumes.
Trove included 145.5m Social Security numbers and nearly 18m driver’s license numbers
China's ZTE to US: Let us buy American technology again(KITV) ZTE, one of China's biggest tech companies, is asking the United States to suspend a ban that threatens to cripple its business.
Romanians Charged With Vishing, Smishing Extradited to U.S.(SecurityWeek) Two Romanian nationals indicted for their role in a vishing and smishing scheme were extradited from Romania, the United States Department of Justice announced.
Two Romanian citizens will face cyber and fraud charges in Atlanta(CyberByte Blog) Two international computer hackers, Teodor Laurentiu Costea and Robert Codrut Dumitrescu, were extradited from Romania to face federal charges of wire fraud con
Budget Android manufacturer Blu settles with FTC over privacy fiasco(Naked Security) These are the phones that were calling home to Shanghai every 72 hours, with no opt-in or notice, to hand over a whole lot of PII.
The Man on the Train: Caught with his phishing loot(Naked Security) How does it end for phishing attackers who get caught?
In a case that’s been working its way through the British courts since last September, the unusual answer is in the first-class carriage of a …
How a suspected gang member’s traffic stop led to a crucial privacy case(Ars Technica) Book excerpt: Cyrus Farivar's Habeas Data, about 50 years of surveillance law, is out now.
AT&T will ask Supreme Court to cripple the FTC’s authority over broadband(Ars Technica) AT&T victory would undermine FCC's justification for net neutrality repeal.