Thursday, August 22, 2019
Internet Storm Center Infocon Status

LATEST

SANS ISC

ISC StormCast for Thursday, August 22nd 2019

KAPE vs. Commando VM: Red vs. Blue https://isc.sans.edu/forums/diary/KAPE+Kroll+Artifact+Parser+and+Extractor/25258/Attacks against Exposed
SecurityWeek

Ready or Not, Here Comes FIDO: How to Prepare for Success

Planning and Preparation Are Key to Successfully Adopting FIDO Standards for “Simpler, Stronger Authentication” read more
SecurityWeek

Amazon, Microsoft, May be Putting World at Risk of Killer AI, Says Report

Amazon, Microsoft and Intel are among leading tech companies that could spearhead a global AI arms race, according to a report that surveyed major players from the sector about their stance on lethal autonomous weapons. read more
The Register

The Joy of Six… critical security patches: Cisco small biz switches open to hijacking via web UI

Turn it on, download these fixes, crank it up – and rip the KNOB off Cisco has emitted a fresh round of software updates to address security holes in its network switches and controllers.…

New FISMA Report Shows Progress, Gaps in Federal Cybersecurity

No major incidents mixed with continuing gaps in implementation paint an improving, but still muddy, picture of cybersecurity in the federal government.
Smashing Security

142: Mercedes secret sensors, smart cities, and ransomware runs riot

Darknet Diaries host Jack Rhysider joins us to discuss how cities in Texas are being hit by a wave of ransomware, how Mercedes Benz has installed a tracker in your car (but not for the reason you think), the...
ZDNet

A botnet has been cannibalizing other hackers’ web shells for more than a year

Neutrino botnet is hijacking servers by taking over other hackers' PHP and Java web shells.
The Register

Finally. Thanks so much, nerds. Google, Apple, Mozilla end government* internet spying for good

* Terms and conditions apply. Offer not valid outside Kazakhstan. Your home may be repossessed if you do not keep up payments On Wednesday, Google, Apple, and Mozilla said their web browsers will block the Kazakhstan root Certificate Authority...

Silence APT Group Broadens Attacks on Banks, Gets More Dangerous

Over the past year, the financial damage linked to the Russian-speaking threat group has spiked fivefold, Group-IP says.

Splunk Buys SignalFx for $1.05 Billion

Deal will yield 'one platform that can monitor the entire enterprise application lifecycle,' Splunk CEO says.
SC Magazine

MoviePass database exposes 161 million records

An exposed database on a MoviePass subdomain housing 161 million records was left unsecured and exposed credit card and customer card information on at least 60,000 of the ticket service’s customers.  The database, which included expiration dates, names and addresses on some users as...

MoviePass Leaves Credit Card Numbers, Personal Data Exposed Online

Thousands of customers' credit card numbers, MoviePass card numbers, and sensitive data were left in an unprotected database.

‘Box Shield’ Brings New Security Controls

New controls and threat detection capabilities built into Box aim to prevent accidental data leakage and misuse.

eSentire Blends Managed Detection Response With Machine Learning

While many infosec pros believe they're getting managed detection response (MDR) from their managed security service providers, that's not necessarily the case, according to Eldon Sprickerhoff, Founder and Chief Innovation Officer of eSentire. Adding machine learning to the mix...
The Register

Here’s a top tip: Don’t trust the new guy – block web domains less than a month old. They are bound to be dodgy

Better to be aggressive and safe than sorry IT admins could go a long way towards protecting their users from malware and other dodgy stuff on the internet if they ban access to any web domain less than a...

Companies Act to Defend Privacy of Kazakhstanis

Companies Act to Defend Privacy of Kazakhstanis Google and Mozilla today took action to protect the online security and privacy of internet users in Kazakhstan following credible reports that the Kazakhstan government was intercepting internet traffic within the country. A report published...
The CyberWire Podcast

China criticizes Twitter and Facebook. Silence expands internationally. A popular Ruby library was backdoored.

China says Twitter and Facebook are restricting its freedom of speech. The Silence criminal gang has expanded internationally. Google, Mozilla, and Apple are blocking the Kazakh government’s root certificate. A popular Ruby library was backdoored after a developer’s account...
SecurityWeek

Russian APT ‘Silence’ Steals $3.5 Million in One Year

A Russian-speaking threat group has managed to steal roughly $3.5 million since September 2018 by increasing the frequency of attacks, Singapore-based cybersecurity firm Group-IB reveals. read more

China is Spying on Cancer Research

China is Spying on Cancer Research The healthcare industry has many ailments: financial pressures, a lack of skilled healthcare providers, uncertainties around reform and, in many cases, an increasingly unhealthy populace. But that’s not all it has...

IDG Contributor Network: How to become a cybersecurity RSO

What is an RSO? A “reliability seeking organization,” as described in Vanderbilt Professor Rangaraj Ramanujam’s book Organizing for Reliability. We tend to think of cybersecurity as black and white; breach or no breach. We often focus on architecture, threats...
isBuzz

Identity And Security: A Perfect Match

It is no secret that there has been a steep rise in the number of cybercriminals looking to target businesses to obtain personal data and intellectual property. Last year, the ICO issued a record breaking total of monetary penalties...
SC Magazine

Capital One hacker to ask for release on bail

The person behind the massive Capital One data breach that exposed more than 100 million records will go before a federal judge on Friday and ask to be released on bail. The transgender Paige Thompson, who identifies as female, is expected to say...
SecurityWeek

Visa Tackles Payment Fraud with New Security Services

Visa this week announced a new set of capabilities aimed at improving fraud prevention and cybersecurity of payment systems. The new payment security services are meant to detect and disrupt fraud threats targeting financial institutions and merchants, and are available...

CISA Insights: Ransomware Outbreak

Original release date: August 21, 2019The Cybersecurity and Infrastructure Security Agency (CISA) has released its first CISA Insights product, which discusses the rapid emergence of ransomware across our Nation’s networks. CISA Insights – Ransomware Outbreak includes steps in the...

Ransomware Hits Fortnite Players

Ransomware masquerading as game "cheats" is hitting Fortnite players. Fortunately, there are ways to recover without paying a ransom.
583FollowersFollow

LEADERS

Brian Krebs

Forced Password Reset? Check Your Assumptions

Almost weekly now I hear from an indignant reader who suspects a data breach at a Web site they frequent that has just asked the reader to reset their password. Further investigation almost invariably reveals that the password reset...
Bruce Schneier

Google Finds 20-Year-Old Microsoft Windows Vulnerability

There's no indication that this vulnerability was ever used in the wild, but the code it was discovered in -- Microsoft's Text Services Framework -- has been around since Windows XP.
Graham Cluley

D’oh! Apple botches iOS update, leaves iPhones open to jailbreaking

For the first time in years, hackers have created a working exploit that can jailbreak the latest, fully-updated version of iOS. And a goof by Apple has allowed them do it. Read more in my article on the Hot for Security...
Bruce Schneier

Surveillance as a Condition for Humanitarian Aid

Excellent op-ed on the growing trend to tie humanitarian aid to surveillance. Despite the best intentions, the decision to deploy technology like biometrics is built on a number of unproven assumptions, such as, technology solutions can fix deeply embedded political...
Graham Cluley

20 month prison sentence for British hacker who made fortune helping SIM-swap fraudsters

A teenage British hacker, who previously played a role in the infamous TalkTalk data breach, has been sentenced to 20 months in prison after pleading guilty to selling hacking services and stolen personal data for cryptocurrency. Read more in my...