Wednesday, February 20, 2019
Internet Storm Center Infocon Status


Can you really sniff out gas station card skimmers with your phone?

A viral post suggests (wrongly) that card skimmers always use Bluetooth. Anyway, just looking at nearby Bluetooth names doesn't help much...

Canada Helping Australia Determine ‘Full Extent’ of Hack

Canada's electronic eavesdropping agency said Wednesday it is working with Canberra to try to determine the scale of computer hacking on Australia's parliament and political parties just months from an election. read more

Cisco Releases Security Updates

Original release date: February 20, 2019Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages...
The CyberWire Podcast

Fancy Bear phishes in think tanks. Lazarus Group takes a swipe at Russian organizations. New decryptor for GandCrab. Citizen Lab and Novalpina discuss NSO Group. Ryuk’s lousy help desk.

In today’s podcast, we hear that Microsoft has disclosed a Fancy Bear sighting, snuffling around Atlanticist think tanks in Europe. Ukraine says, in effect, see, we told you so. Speaking of bears, it seems that North Korea’s Hidden Cobra may be...
Have I Been Pwned

MyHeritage – 91,991,358 breached accounts

In October 2017, the genealogy website MyHeritage suffered a data breach. The incident was reported 7 months later after a security researcher discovered the data and contacted MyHeritage. In total, more than 92M customer records were exposed and included...
SC Magazine

30 years in: My, how SC and security have changed

1989. Acid wash jeans, Bon Jovi and the compassionate conservatism of the Reagan Era were actually, unironically popular. The Berlin Wall fell, free elections were held in the then Soviet Congress of Deputies, Vaclev Havel became president of Czechoslavakia,...

WinPot ATM Malware Resembles a Slot Machine

A piece of malware targeting automated teller machines (ATMs) has an interface that looks like a slot machine, Kaspersky Lab reports.  Dubbed WinPot, the malware was initially detected in March last year, targeting the ATMs of a popular vendor to...

Firms Moving Sensitive Data to Cloud, But Security Still a Problem: Oracle

Companies are increasingly moving sensitive data to the cloud, but cybersecurity, including the human factor and technology, is still a problem for many, according to a new report published on Wednesday by Oracle and KPMG. read more

Mastercard, GCA Create Small Business Cybersecurity Toolkit

A new toolkit developed by the Global Cybersecurity Alliance aims to give small businesses a cookbook for better cybersecurity.

POS Vendor Announces January Data Breach

More than 120 restaurants were affected by an incident that exposed customer credit card information.

9 Years After: From Operation Aurora to Zero Trust

How the first documented nation-state cyberattack is changing security today.

DDoS explained: How distributed denial of service attacks are evolving

What is a DDoS attack? A distributed denial of service (DDoS) attack is when an attacker, or attackers, attempt to make it impossible for a service to be delivered. This can be achieved by thwarting access to virtually anything: servers,...

New GandCrab Ransomware Decryptor Released

The cat-and-mouse game between BitDefender and the GandCrab ransomware developers continues. On Tuesday (Feb. 19) BitDefender released a new version of its GandCrab decryptor able to decrypt versions of GandCrab 1, 4 and 5 up to the latest version...

Drupal core – Highly critical – Remote Code Execution – SA-CORE-2019-003

Project: Drupal coreDate: 2019-February-20Security risk: Highly critical 20∕25 AC:None/A:None/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Remote Code ExecutionCVE IDs: CVE-2019-6340Description: Some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of...

Blockchain Security Startup CipherTrace Emerges With $15M in Funding

Blockchain security company CipherTrace has fully emerged on Tuesday with $15 million in venture capital financing from Silicon Valley and New York venture capital firms.  read more

Apple is learning why shortcut security is a bad idea

When Apple launched its enterprise developer certificate program — which helps enterprises make their homegrown apps for employee use-only available through iTunes — it had to make a difficult convenience-vs.-security decision: how much hassle to put IT managers through...

IoT botnets target enterprise video conferencing systems

Companies have been adding internet of things (IoT) devices to their networks over the past few years, often increasing their exposure on the internet. This has led to a rise in botnets that specialize in exploiting insecure configurations and...

Online ATM-style Scam Puts Shoppers at Risk: Symantec

Online shoppers are at a growing risk from a scam which allows hackers to skim their payment details, cyber security firm Symantec warned on Wednesday. read more
SC Magazine

Third decryption tool for GandCrab ransomware released to public

A new free decryption tool for counteracting the effects of GandCrab ransomware is now available to the public.  This latest decryptor is effective against versions 1, 4 and 5.x up through 5.1, which means GandCrab variants released as recently as...

As US Pushes to Ban Huawei, UK Considers Softer Approach

Britain can handle the security risks involved with using mobile networks made by China's Huawei, the cybersecurity chief said Wednesday, adding to a growing debate among countries on whether the company should be banned, as the U.S. wants. read more

Microsoft Expands AccountGuard to Help Europe Prep for Cyberattacks

A recent wave of cybercrime has targeted organizations with employees in Belgium, France, Germany, Poland, Romania, and Serbia.

Upcoming Security Updates for Adobe Acrobat and Reader (APSB19-13)

A prenotification security advisory (APSB19-13) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Thursday, February 21, 2019. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well...

Microsoft Edge lets Facebook run Flash code behind users’ backs

Google security researcher finds secret whitelist that lets Facebook run Flash content despite Edge's normal security policies.

The CSO guide to top security conferences, 2019

There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your...
SC Magazine

42,000 patients data compromised AdventHealth Medical Group data breach

AdventHealth Medical Group Pulmonary and Sleep Medicine officials are warning up to 42,000 of their patients of a 16-month-long data breach at the facility that exposed their personal and health information. The breach was discovered on December 27, 2018, but...


Join me to learn more about Magecart attacks – and how to defend against them

Attacks that can silently skim payment data as it is entered on websites have become a huge problem. Learn more about the likes of Magecart, and how to effectively combat such threats, in an upcoming free webinar.

Google in hot water after not revealing it had hidden a secret microphone in home alarm product

As if some folks weren’t concerned enough about the infiltration of potentially privacy-busting devices into the home, Google has admitted it did not disclose that it hid a secret microphone inside its Nest Secure product. Read more in my article...
Bruce Schneier

Details on Recent DNS Hijacking

At the end of January the US Department of Homeland Security issued a warning regarding serious DNS hijacking attempts against US government domains. Brian Krebs wrote an excellent article detailing the attacks and their implications. Strongly recommended.

The man suing Apple over two-factor authentication has ‘previous’

Many have been baffled by Jay Brodsky’s legal action against Apple, including his claim that it takes between two and five minutes for him to pass the 2FA security check. But things began to fall a little more into place...
Bruce Schneier

Estonia’s Volunteer Cyber Militia

Interesting -- although short and not very detailed -- article about Estonia's volunteer cyber-defense militia. Padar's militia of amateur IT workers, economists, lawyers, and other white-hat types are grouped in the city of Tartu, about 65 miles from the Russian...