Exploring Berlin with Lynette Wood, Australia's ambassador to ...
Electrical lock system suspected of trapping Mosque shooting victims
When the gunman began to attack the Al Noor mosque, Ahmed Alayedy scrambled to get to the nearest emergency exit. But the door was locked.
Who's who of Liberals kick up their heels at Sydney Institute dinner
If Saturday at the Sofitel, Sunday at the CBD Hotel and Monday at the Terminus was not enough, the Liberal Party faithful always had the Sydney Institute’s annual dinner to satisfy.
Marina Butina: The Russian in the NRA
RUSSIA, IF YOU'RE LISTENING
Marina Butina is the only Russian secret agent behind bars for meddling in the US election.
Tiny Asian nation to punish gay sex and adultery with death by stoning
Beginning next week, adultery and gay sex will be punishable by death in the tiny Asian nation just north of Australia.
Chinese officials issue stark warning about South China Sea confrontation
Two senior officials speak up to threaten "more countermeasures" against the United States in the contested waterway.
Consumer Data Protection: Consumer reporting agencies are companies that collect, maintain, and sell vast amounts of sensitive data. GAO-19-469T: Published: Mar 26, 2019. Publicly Released: Mar 26, 2019.
“In 2017, a breach at Equifax, one of the largest companies, compromised at least 145.5 million consumers’ data. “Consumers have little control over what information these companies have, so federal oversight is important—and it could be improved. For example, the Consumer Financial Protection Bureau doesn’t routinely consider data security risk when prioritizing its company examinations. This testimony is based on a report in which we recommended improving federal enforcement of data safeguards and oversight of company security practices.”
How the Press That Sold the Iraq War Got Away With It Matt Taibbi, Rolling Stone
Should Grindr users worry about what China will do with their data?
Meet the ex-cop behind China’s largest Grindr-style gay dating app
Gangs using dead rats to smuggle drugs into Dorset prison Guardian
FCW
March 22,
2019
A
Department of Homeland Security official said there are still "a
handful" of federal agencies left who have yet to fully comply with a
January 2019 emergency directive on DNS tampering and provided further insight
on a budget request for technology to provide earlier detection of such threats
in the future. At a Mar. 21 meeting of the Information Security and Privacy
Advisory Board, Michael Duffy, Acting Deputy Director of the Federal Network
Resilience Division, briefed members on the federal government's response to a
two-year global DNS tampering campaign.
Fifth
Domain
March 22,
2019
Maj. Gen. John
Morrison has been selected as the next chief of staff at U.S. Cyber Command,
according to a March 21 announcement from the Department of Defense. Currently,
Morrison is the commanding general of Fort Gordon and the Army’s Cyber Center
of Excellence. In this role, Morrison has overseen the development of new
doctrine and capabilities for the Army in the cyber and electronic warfare
domains. The Army has been making a rapid series of changes to stay ahead of
threats (in the cyber domain) and catch up to others (in electronic warfare).
“When it comes to electronic warfare, we are outgunned … We are plain outgunned
by peer and near-peer competitors,” he said in 2017. Under Morrison’s
leadership, the Army developed a new approach it calls cyberspace and electromagnetic
activities (CEMA), fusing cyber and electronic warfare capabilities at the
tactical and operational level of war.
FCW
Getting
cybersecurity and tech talent into government has been a top management priority
spanning administrations, but there remain fundamental challenges in selling
government as an employer. The U.S. Cyber Challenge, launched by former Federal
CIO Karen Evans in 2010, holds camps and competitions around the country and
helps students burnish their resumes and introduces them to recruiters. USCCC
leaders and participants said at a March 21 event that the government faces
marketing and process challenges when it comes to attracting young cyber
talent. Doug Logan, USCC's chief technologist, said that for all the focus on
government's inability to compete with private-sector pay, the exact dollar
figure, while important, isn't disqualifying. "The first reason why
everyone tells me they don't want to work for the federal government is they think
it's boring," he said.
Nextgov
March 21,
2019
The
priorities and efforts of the Energy Department’s nascent Office of
Cybersecurity, Energy Security, and Emergency Response, or CESER, were laid out
by its first acting Principal Deputy Assistant Secretary Adrienne Lotto
Thursday. “We all see the magnitude and sophistication of the threats facing
our energy infrastructure. Our nation’s electricity, fuel and delivery systems
have become more complex and even more interdependent,” Lotto told attendees of
the Association for Federal Information Resources Management’s Cybersecurity
Summit in Washington. “As a result, the threat against the sector has become
even more frequent and more sophisticated.” In response, she said Energy
Secretary Rick Perry created the new office in February 2018 to elevate the threats
to the public and private sectors and allocate resources and a workforce to
address those threats head-on. The president included $96 million in the fiscal
2019 budget request to stand up the office. Lotto said CESER leads the
department’s efforts to secure the nation’s energy infrastructure against all
hazards, reduce both the risks and impacts of cyber and other disruptive
events, and assist in restoration when disruptions do happen—because they
inevitably will.
Gov Info
Security
March 21,
2019
A North
Carolina county is recovering from the third ransomware attack that has hit its
IT systems in the last six years. However, a spokesman says that no data has
been lost or stolen. The ransomware attack against Orange County, North
Carolina, was first detected by the government's IT staff on Monday. Some of
the areas affected by the incident include the computers at the local library,
the tax department, the planning board and the county register of deeds, which
means real estate closings and marriage licenses could not be processed. The
county's sheriff's department was also disrupted and deputies could not access
criminal records or other information, officials say. It's the third time in
six years that this one county has been hit by ransomware, local CBS affiliate
WNCN reports.
FCW
March 20,
2019
The
National Institute of Standards and Technology is inching closer to developing
two new encryption standards designed to protect the federal government from
new and emerging cybersecurity threats. Many experts believe the advanced
computing capabilities of quantum computers will render most traditional
encryption protocols used today obsolete. While true quantum computing is still
decades away, the federal government is already preparing contingencies for how
to defend its current IT assets and equipment from the threat. In a March 20
briefing to the Information Security and Privacy Advisory Board, Matthew
Scholl, Chief of the Computer Security Division at NIST, said the agency spent
much of the past year evaluating 69 algorithms for its Post Quantum
Cryptography Standardization project, a 2016 project designed to protect the
machines used by federal agencies today from the encryption-breaking tools of
tomorrow.
Gov Info
Security
The Food
and Drug Administration is generally on the right track in updating guidance
for the cybersecurity of premarket medical devices. But various changes are
needed, according to some of the three dozen-plus healthcare sector companies
and groups recently submitting feedback to the agency. Some of the associations
submitting comments on FDA's draft guidance suggested modifications to the
agency's call for a "cybersecurity bill of materials," or CBOM, that
medical device makers would need to submit to the FDA for premarket review.
Some also critiqued FDA's proposal to define two tiers of medical devices based
on their cybersecurity risk. The FDA had requested comment by March 18 on its
"Content of Premarket Submissions for Management of Cybersecurity in
Medical Devices," which was issued last October. That draft premarket
guidance is a significant refresh of FDA's 2014 guidance, the agency noted last
fall.
FCW
March 19,
2019
The latest
budget request for the Cybersecurity and Infrastructure Security Agency would
continue funding core federal cybersecurity programs while exploring new tech
programs around DNS threats, botnet detection and malware analysis. The budget
overview for CISA seeks $1.1 billion for cybersecurity operations. About half
of that covers the National Cybersecurity Protection System (NCPS), which
includes Einstein ($405 million) and the Continuous Diagnostics and Mitigation
program ($232 million). The budget document includes targets for both programs:
CISA hopes to have 63 percent of agencies sharing user activity data via the
DHS-managed federal dashboard under CDM by the end of fiscal year 2020. DHS
spent the past year helping agencies hook up to a federal reporting dashboard
and tinkering with the program and procurement structure, shifting from
tracking individual agency progress by phases to capabilities and rolling out
CDM DEFEND, a new contracting vehicle. The shift from phases to capabilities
came after Congress complained the old approach prevented agencies from
implementing multiple phases of the program at the same time.
CyberScoop
March 19,
2019
Department
of Homeland Security officials plan to visit European allies to share lessons
learned from defending the 2018 U.S. midterm elections, a top DHS official said
Tuesday. “What we’re doing is taking some of the ’16 and ’18 lessons learned,
packaging them together, and then doing a bit of a roadshow,” Chris Krebs, head
of DHS’s Cybersecurity and Infrastructure Security Agency, told reporters.
Details of the trip are still being finalized, but Krebs said it also would
offer CISA officials an update from the field on adversary activity ahead of
the 2020 U.S. presidential election. Many millions of Europeans are expected to
head to the polls in late May to choose new representatives in the European
Union parliament. European officials have issued a series of warnings that
Russia is likely to interfere in the vote, including an assessment last week
from Estonia’s foreign intelligence agency. In another key election, Ukrainians
will choose a president later this month. The Ukrainian president has already
accused the Russian government of conducting distributed denial-of-service
attacks on Ukraine’s election commission website. All of those threats matter
to the CISA teams charged with protecting the 2020 vote in the U.S.
The New
York Times
March 18,
2019
Kirstjen
Nielsen, the homeland security secretary, said on Monday that cyberthreats
against the United States were a national security crisis that she described as
her top priority — not the situation for which President Trump last month
declared a national emergency. “On top of my list of threats, that many of you
can guess, the word ‘cyber’ is circled, highlighted and underlined,” Ms.
Nielsen said in a speech outlining her department’s focus in the coming year.
“The cyberdomain is a target, a weapon and a threat vector all at the same
time.” Mr. Trump has called the increasing flow of immigrants to the southern
border one of the most urgent national security issues threatening the United
States. Last week, issuing his first veto against legislation that would have
blocked him from diverting Defense Department funds to build a border wall, the
president described a recent spike in migrants crossing the border as an
“invasion.” Ms. Nielsen did dedicate a portion of her speech on Monday to what
she called a “humanitarian and security catastrophe” of Central American
families traveling to the border. But mentions of digital threats were
dispersed throughout her approximately 35-minute address to an auditorium of
various Department of Homeland Security officials.
Nextgov
March 18,
2019
The Trump
administration intends to allocate more than $17.4 billion to cybersecurity
efforts across federal agencies in fiscal 2020, with the Pentagon and Homeland
Security Department receiving the lion’s share of the funds. The White House on
Monday published a breakdown of the president’s 2020 budget request, building
on the broad spending outline officials released last week. The administration
said it opted to exclude some funds from the release, citing “the sensitive
nature of some operations.” While the proposal would increase overall federal
spending on cybersecurity by about $790 million from 2019, funding for cyber
programs at civilian agencies dropped about $120 million. Under the president’s
request, the Defense Department would receive some $9.6 billion—roughly 55
percent of the government’s total cyber spend—to bolster its digital defenses
and expand offensive operations in cyberspace. The figure marked a $1 billion
increase from administration’s 2019 request and came as one of the proposal’s most
significant provisions.
ZDNet
March 18,
2019
A hacker
set off the tornado emergency sirens in the middle of the night last week
across two North Texas towns. Following the unauthorized intrusion, city
authorities had to shut down their emergency warning system a day before major
storms and potential tornados were set to hit the area. The incident impacted
DeSoto and Lancaster, two cities in Dallas County, Texas --both suburbs located
south of the main Dallas metropolitan area. On the night of March 12, between
02:30 and 04:00 AM (local time), a hacker set off the two cities' tornado
sirens, waking locals in the middle of the night.
The New
York Times
March 17,
2019
The Trump
administration’s aggressive campaign to prevent countries from using Huawei and
other Chinese telecommunications equipment in their next-generation wireless
networks has faltered, with even some of America’s closest allies rejecting the
United States’ argument that the companies pose a security threat. Over the
past several months, American officials have tried to pressure, scold and,
increasingly, threaten other nations that are considering using Huawei in
building fifth-generation, or 5G, wireless networks. Mike Pompeo, the secretary
of state, has pledged to withhold intelligence from nations that continue to
use Chinese telecom equipment. The American ambassador to Germany cautioned
Berlin this month that the United States would curtail intelligence sharing if
that country used Huawei. But the campaign has run aground. Britain, Germany,
India and the United Arab Emirates are among the countries signaling they are
unlikely to back the American effort to entirely ban Huawei from building their
5G networks. While some countries like Britain share the United States’
concerns, they argue that the security risks can be managed by closely
scrutinizing the company and its software.
INDUSTRY
Ars
Technica
March 22,
2019
Attackers
have been actively exploiting serious vulnerabilities in two widely used
WordPress plugins to compromise websites that run the extensions on top of the
content management system. The two affected plugins are Easy WP SMTP with
300,000 active installations and Social Warfare, which has about 70,000 active
installations. While developers have released patches for both exploited flaws,
download figures indicate many vulnerable websites have yet to install the
fixes. Figures for Easy WP SMTP, which was fixed five days ago, show the plugin
has just short of 135,000 downloads in the past seven days. Figures for Social
Warfare show it has been downloaded fewer than 20,000 times since a patch was
published on WordPress on Friday.
CyberScoop
March 22,
2019
The first
day of this year’s Pwn2Own competition featured successful zero-day exploits on
a popular web browser, and day two was no different, with the “Fluoroacetate”
duo of Amat Cama and Richard Zhu turning their attention to Mozilla’s Firefox
and Microsoft’s Edge. The team took home another $180,000 for their attacks,
bringing their overall winnings to $340,000 for the competition, which
highlights critical bugs in widely distributed software. Thursday’s winners
also included Niklas Baumstark, who won $40,000 for a Firefox attack, and
Arthur Gerkis of Exodus Intelligence, who won $50,000 for successfully
targeting Edge. Competitors spend months preparing for the annual Pwn2Own
hacking contest in Vancouver, which takes place during the CanSecWest security
conference.
Ars
Technica
March 21,
2019
The federal
government on Thursday warned of a serious flaw in Medtronic cardio
defibrillators that allows attackers to use radio communications to
surreptitiously take full control of the lifesaving devices after they are
implanted in a patient. Defibrillators are small, surgically implanted devices
that deliver electrical shocks to treat potentially fatal irregular heart
rhythms. In recent decades, doctors have increasingly used radios to monitor
and adjust the devices once they're implanted rather than using older,
costlier, and more invasive means. An array of implanted cardio defibrillators
made by Medtronic rely on two types of radio-based consoles for initial setup,
periodic maintenance, and regular monitoring. Doctors use the company's
CareLink Programmer in clinics, while patients use the MyCareLink Monitor in
homes to regularly ensure the defibrillators are working properly.
The
Washington Post
March 21,
2019
Facebook on
Thursday said that it had left “hundreds of millions” of users’ passwords
exposed in plain text, potentially visible to the company’s employees, marking
another major privacy and security headache for a tech giant already under fire
for mishandling people’s personal information. Facebook said it believed the
passwords were not visible to anyone outside the company and had no evidence
that its employees “internally abused or improperly accessed them.” But it said
it would notify users of Facebook as well as its photo-sharing site, Instagram,
that they had been affected. The incident was first revealed by the Krebs on
Security blog, which estimated the total number of affected users ranged
between 200 million and 600 million. Facebook declined Thursday to confirm the
estimate.
Ars Technica
March 21,
2019
Microsoft
is bringing its Windows Defender anti-malware application to macOS—and more
platforms in the future—as it expands the reach of its Defender Advanced Threat
Protection (ATP) platform. To reflect the new cross-platform nature, the suite
is also being renamed to Microsoft Defender ATP, with the individual clients
being labelled "for Mac" or "for Windows." macOS malware is
still something of a rarity, but it's not completely unheard of. Ransomware for
the platform was found in 2016, and in-the-wild outbreaks of other malicious
software continue to be found. Apple has integrated some malware protection
into macOS, but we've heard from developers on the platform that Mac users
aren't always very good at keeping their systems on the latest point release. This
situation is particularly acute in corporate environments; while Windows has a
range of tools to ensure that systems are kept up-to-date and alert
administrators if they fall behind, a similar ecosystem hasn't been developed
for macOS.
Gov Info Security
March 21,
2019
Script-based
payment card malware continues its successful run, impacting a range of e-commerce
sites, researchers at two security firms warn. RiskIQ and Group-IB have
described a series of attacks whose victims include shoe manufacturer Fila, two
bedding-related sites – Mypillow [DOT] com and Amerisleep [DOT] com - and
others. Countering card-sniffing malware has proved to be tricky, as the sign
of an infection may be just a single line of code. Nor have large enterprises
been immune: Big players such as British Airways, Ticketmaster and Newegg have
all been struck over the past year.
Reuters
March 20,
2019
Norsk
Hydro, one of the world's largest aluminum producers, has made some progress
restoring operations but is not yet back to normal after it was hit by a
ransomware cyber attack, the company said on Wednesday. After the attack late
on Monday, the company had to shut several plants that transform aluminum
ingots into components for car makers, builders and other industries, while its
smelters in Norway were largely operating on a manual basis. "Hydro still
does not have the full overview of the timeline toward normal operations, and
it is still (too) early to estimate the exact operational and financial
impact," the company said in a statement. But Hydro said its technical
team, with external support, had detected the root cause of the problems and
was working to restart the company's IT systems. "Progress has been made,
with the expectation to restart certain systems during Wednesday, which would
allow for continued deliveries to customers," Hydro said of its Extruded
Solutions unit as well as of Rolled Products.
Wired
March 20,
2019
With more
than 2 billion users, Android has a staggering number of devices to protect.
But a "high-severity" bug that went undetected for more than five
years—that attackers could exploit to spy on a user and gain access to their
accounts—serves as a reminder that Android's impressive open source reach also
creates challenges for defending a decentralized ecosystem. Discovered by
Sergey Toshin, a mobile security researcher at the threat detection firm
Positive Technologies, the bug originated in Chromium, the open-source project
that underlies Chrome and many other browsers. As a result, an attacker could
target not only mobile Chrome, but other popular mobile browsers built on
Chromium. Even more specifically, Chromium powers an Android has a feature
called WebView, which works behind the scenes when you click a link in a game
or a social network; it's what lets those webpages load in a sort of mini-browser
without having to leave the app. Using the Chromium vulnerability, hackers can
use WebView to grab user data and gain broad device access. "An attacker
could launch an assault on any Chromium-based mobile browser on an Android
device, including Google Chrome, Samsung Internet Browser, and Yandex Browser,
and retrieve data from its WebView," Toshin says.
CyberScoop
March 19,
2019
A good
chunk of the cybersecurity industry is “smoke and mirrors,” with companies
hawking shiny products that aren’t needed to block most hacks, Tenable CEO Amit
Yoran said in an interview with CyberScoop earlier this month. “It’s an
industry that has fed and continues to feed, to a large extent, off of
fearmongering,” Yoran said on the sidelines of the vendor-happy RSA Conference
in San Francisco. The RSA Conference is a feeding frenzy for companies pushing
products on the trade-show floor. Vendors spend big on things like booths,
parties, and hotel suites to woo potential clients. (Tenable had a booth
demonstrating some of its technology.) In a blunt interview, Yoran reflected on
where the “hype-driven” side of the business, as he called it, had gotten the
cybersecurity industry. “The millions of dollars that people are spending, all
the hype and the sexy marketing and the AI and the anomaly-behavioral…whatever
buzzword you want to use, it’s a bunch of smoke and mirrors,” Yoran said. “And
I won’t call it useless, but it’s on the periphery of the issue when people
still aren’t doing the basics.”
CyberScoop
March 19,
2019
For a
moment, look past Russian cybercriminals, North Korean cryptocurrency scams and
the idea that election infrastructure used by democracies around the world
lacks meaningful digital safeguards. While those issues are significant, people
in charge of information security at large U.S. companies spend the majority of
their time assessing whether their firm is likely to experience a data breach
that begins outside of their own proprietary network. That assessment goes
beyond the deluge of obfuscated code, technical jargon or marketing pitches.
It’s rooted in crunching numbers in Excel spreadsheets and other measuring
strategies that can quantify whether their partners and vendors are prepared to
keep hackers out.
Ars Technica
March 18,
2019
One of the
more notable features of Google Project Zero's (GPZ) security research has been
its 90-day disclosure policy. In general, vendors are given 90 days to address
issues found by GPZ, after which the flaws will be publicly disclosed. But
sometimes understanding a flaw and developing fixes for it takes longer than 90
days—sometimes, much longer, such as when a new class of vulnerability is
found. That's what happened last year with the Spectre and Meltdown processor
issues, and it has happened again with a new Windows issue. Google researcher
James Forshaw first grasped that there might be a problem a couple of years ago
when he was investigating the exploitability of another Windows issue published
three years ago. In so doing, he discovered the complicated way in which
Windows performs permissions checks when opening files or other secured
objects. A closer look at the involved parts showed that there were all the
basic elements to create a significant elevation of privilege attack, enabling
any user program to open any file on the system, regardless of whether the user
should have permission to do so. The big question was, could these elements be
assembled in just the right way to cause a problem, or would good fortune render
the issue merely theoretical?
CNBC
March 18,
2019
The
cybersecurity vendor marketplace is growing so crowded that some companies have
been resorting to extreme tactics to get security executives on the phone to
pitch their products, including lying about security emergencies and
threatening to expose insignificant breaches to the media. The aggressive
tactics come as the cybersecurity market expands dramatically, with a
"long tail" of thousands of vendors with niche specialties. These
sales tactics can make it harder for overworked cybersecurity execs to find and
stop real threats. It can also result in overhyped publicity about breaches and
hacks that are actually minor, which confuses customers and consumers. CNBC
spoke with four top cybersecurity executives at Fortune 500 finance, health care
and payments firms about unsavory practices from vendors. These executives all
said they have been pressured by vendors and researchers who claimed — rightly
or not — to have found a cybersecurity problem at their company. Some hinted at
the possibility of negative news coverage if the executive did not listen to
the vendor's full pitch.
Tech Crunch
March 17,
2019
Slack
announced today that it is launching Enterprise Key Management (EKM) for Slack,
a new tool that enables customers to control their encryption keys in the
enterprise version of the communications app. The keys are managed in the AWS
KMS key management tool. Geoff Belknap, chief security officer (CSO) at Slack,
says the new tool should appeal to customers in regulated industries who might
need tighter control over security. “Markets like financial services,
healthcare and government are typically underserved in terms of which
collaboration tools they can use, so we wanted to design an experience that
catered to their particular security needs,” Belknap told TechCrunch. Slack
currently encrypts data in transit and at rest, but the new tool augments this
by giving customers greater control over the encryption keys that Slack uses to
encrypt messages and files being shared inside the app.
INTERNATIONAL
Reuters
March 22,
2019
The
European Commission will next week urge EU countries to share more data to
tackle cybersecurity risks related to 5G networks but will ignore U.S. calls to
ban Huawei Technologies, four people familiar with the matter said on Friday.
European digital chief Andrus Ansip will present the recommendation on Tuesday.
While the guidance does not have legal force, it will carry political weight
which can eventually lead to national legislation in European Union countries.
The United States has lobbied Europe to shut out Huawei, saying its equipment
could be used by the Chinese government for espionage. Huawei has strongly
rejected the allegations and earlier this month sued the U.S. government over
the issue. Ansip will tell EU countries to use tools set out under the EU
directive on security of network and information systems, or NIS directive,
adopted in 2016 and the recently approved Cybersecurity Act, the people said.
Gov Info
Security
March 22,
2019
The EU is
looking to head off the next major cyberattack against Europe by creating rules
for how member states should react and respond. The new EU protocol is meant to
better coordinate the response to large-scale disruptions such as WannaCry and
NotPetya. Europol, the EU's law enforcement intelligence agency, announced
Monday that the EU Council - one of the EU's major decision-making bodies - has
adopted the EU Law Enforcement Emergency Response Protocol. The framework is
designed to help the EU more rapidly respond to cross-border cyberattacks, and
ensure that agencies are cooperating and that information about attacks is
shared in a timely manner. Rapid interagency coordination will be crucial for
securing critical infrastructure and minimizing the impact of hack attacks,
says Joseph Carson, the Estonia-based chief security scientist at security
vendor Thycotic.
The New
York Times
March 21,
2019
The man in
charge of Saudi Arabia’s ruthless campaign to stifle dissent went searching for
ways to spy on people he saw as threats to the kingdom. He knew where to go: a
secretive Israeli company offering technology developed by former intelligence
operatives. It was late 2017 and Saud al-Qahtani — then a top adviser to Saudi
Arabia’s powerful crown prince — was tracking Saudi dissidents around the
world, part of his extensive surveillance efforts that ultimately led to the
killing of the journalist Jamal Khashoggi. In messages exchanged with employees
from the company, NSO Group, Mr. al-Qahtani spoke of grand plans to use its
surveillance tools throughout the Middle East and Europe, like Turkey and Qatar
or France and Britain. The Saudi government’s reliance on a firm from Israel,
an adversary for decades, offers a glimpse of a new age of digital warfare
governed by few rules and of a growing economy, now valued at $12 billion, of
spies for hire.
Bloomberg
March 20,
2019
Vietnamese
“state-aligned” hackers are targeting foreign automotive companies in attacks
that appear to support the country’s vehicle manufacturing goals, according to
cyber-security provider FireEye Inc. FireEye, which designated the group as
APT32 and dates its activities to 2014, said the attacks accelerated in early
February. The hacking targeted companies in Southeast Asia and “the broader
areas surrounding Vietnam,” said Nick Carr, a FireEye senior manager.
“Beginning in February, we see this large uptick based on our product and
services visibility showing us a lot of activity targeting the automotive
industry,” Carr said. “It is likely to support the Vietnamese government’s
publicly stated domestic manufacturing goals for automobiles.”
Reuters
March 20,
2019
Israeli Prime Minister Benjamin Netanyahu alleged on Wednesday that Iran
could blackmail his main election rival, Benny Gantz, after hacking the former
armed forces chief's phone, even as Tehran denied doing so. Without providing
any evidence or details, Netanyahu said Iran had gleaned "sensitive
information". His comments, in a brief speech broadcast online from his
official residence, brought a new level of vitriol to the election race. Polls
put Netanyahu's right-wing Likud and Gantz's centrist Blue and White party
neck-and-neck, with election day three weeks away. Gantz has confirmed an
Israeli TV report last week that the Shin Bet domestic intelligence service had
detected that his cellphone had been hacked, though the agency itself has not
commented. But he has not confirmed that the hackers are believed to be
Iranian, as reported, and has said the phone contained no data that might
compromise national security or his ability to carry out his duties if he were
elected prime minister.
EURACTIV
March 20,
2019
The EU’s
cybersecurity strategy is under the scrutiny of global actors, the EU’s Digital
Commissioner Mariya Gabriel said on Tuesday (19 March). Her comments came as
the European Court of Auditors criticised the ‘fragmented’ nature of
cybersecurity policy across the continent. “We are doing no less than creating
a new cybersecurity marketplace and the world is watching us,” Gabriel said on
Tuesday, speaking at an anniversary event celebrating 15 years of the EU’s
cybersecurity agency (ENISA). The EU’s digital chief also applauded the recent
parliamentary adoption of the Cybersecurity Act, which extends ENISA’s mandate
as well as establishes a cybersecurity certification scheme.
Haaretz
March 19,
2019
A proposed
law that would give broad power to the National Cyber Directorate is expected
to advance in the Knesset, and experts in the field are raising the alarm over
its vague wording and lack of oversight mechanism, saying it would give Prime
Minister Benjamin Netanyahu unprecedented power over Israel's cyber operations.
The law, initiated by the prime minister, aims to provide the directorate with
a legal foundation for its operations. The bill, experts say, would allow
National Cyber Security Authority, and the prime minister in particular, to act
without any oversight. A group of researchers from the Cyber Security Center at
the Hebrew University of Jerusalem heavily criticized the bill, saying certain
clauses and the powers it would grant could violate human rights – without any
judicial review.
Security Week
March 18,
2019
The
Australian Signals Directorate (ASD), Australia's intelligence agency
responsible for foreign signals intelligence, has joined America's NSA and the UK's
GCHQ in publishing an account of its vulnerabilities disclosure process. All
three agencies are part of the Five Eyes western intelligence alliance -- the
remaining being Canada and New Zealand. Australia's process starts with the
assertion that its default position is to disclose all vulnerabilities it
discovers, so that vendors can develop and issue patches. "Occasionally,
however," it adds, "a security weakness will present a novel
opportunity to obtain foreign intelligence that will help protect Australians.
In these circumstances, the national interest might be better served by not
disclosing the vulnerability." This is the same position as that taken by
the NSA and the UK's GCHQ -- if the agency believes it can make use of
the vulnerability in the service of national security, it will retain it
undisclosed for its own use.
TECHNOLOGY
The New York times
March 21,
2019
Last year,
the Food and Drug Administration approved a device that can capture an image of
your retina and automatically detect signs of diabetic blindness. This new
breed of artificial intelligence technology is rapidly spreading across the
medical field, as scientists develop systems that can identify signs of illness
and disease in a wide variety of images, from X-rays of the lungs to C.A.T.
scans of the brain. These systems promise to help doctors evaluate patients more
efficiently, and less expensively, than in the past. Similar forms of
artificial intelligence are likely to move beyond hospitals into the computer
systems used by health care regulators, billing companies and insurance
providers. Just as A.I. will help doctors check your eyes, lungs and other
organs, it will help insurance providers determine reimbursement payments and
policy fees. Ideally, such systems would improve the efficiency of the health
care system. But they may carry unintended consequences, a group of researchers
at Harvard and M.I.T. warns. In a paper published on Thursday in the journal
Science, the researchers raise the prospect of “adversarial attacks” —
manipulations that can change the behavior of A.I. systems using tiny pieces of
digital data.
CyberScoop
March 20,
2019
More than
six months after U.S. prosecutors announced the arrests of three accused
hackers affiliated with a sophisticated criminal hacking group, researchers say
they have new evidence the billion-dollar crime ring is still active. The
Department of Justice last year said police apprehended three Ukrainian men
involved in the FIN7 hacking group. The financially-motivated group may have
stolen as much as one billion dollars, according to one estimate, as well as 15
million credit card numbers from U.S. businesses. Now, there is some evidence
to suggest the group’s infrastructure is starting to reappear after months,
according to research published Wednesday by Flashpoint. Researchers uncovered
a new strain of malicious software called SQLRat, which is spread via phishing
emails. The strain is especially difficult for investigators to detect because
it doesn’t leave behind much evidence.
CyberScoop
March 18,
2019
A new
variant of the infamous Mirai botnet is targeting embedded devices like routers
and internet-connected cameras with new exploits, security researchers have
concluded. By taking aim at enterprises with large network bandwidths, the
Mirai offshoot could give the botnet “greater firepower” to orchestrate
distributed denial-of-service attacks, said researchers at Unit 42, Palo Alto
Networks’ threat intelligence unit. Operators of the new variant have gone
after devices that are popular with businesses, such as wireless presentation
systems, according to Unit 42. “IoT/Linux botnets continue to expand their
attack surface, either by the incorporation of multiple exploits targeting a
plethora of devices, or by adding to the list of default credentials they brute
force, or both,” Ruchna Nigam, senior threat researcher at Unit 42, wrote in a
blog post.
via Nick
Leiserson
