- As Samuel Johnson noted: “You may scold a carpenter who has made you a bad table, though you cannot make a table. It is not your trade to make tables
“One of the poets, whose name I cannot recall, has a passage, which I am unable at the moment to remember, in one of his works, which for the time being has slipped my mind, which hits off admirably this age-old situation.”
―
―
There’s a revolution happening right in front of us and most politicians haven’t even noticed
It’s silly season. I reviewed the news this morning and nothing jumped out as requiring comment, in itself. At the same time the whole news
Read the full article…
'Stop interfering': China hits back at Australia over imprisoned Australian writer
'My endless lunch break starts now': Chatswood dad wins $96 millionNSW Labor boss dragged into ICAC cash scandal
He was the frontman of a "squeaky clean" company earning millions from clients that included government departments with the lure of providing free payroll services.
But in reality, Joshua Meredith Kitson was the "mole" to a band of co-conspirators he plotted with to defraud the Australian Tax Office (ATO) of more than $100 million in a "complex" and "carefully planned" white-collar criminal syndicate.
Kitson, a former general manager to the scandalised Plutus Payroll firm, is set to be sentenced on Wednesday over his integral role in the tax evasion ploy that even saw him throw investigators off by referring them to a dead associate.
FCW
August 22,
2019
Rep. Mike
Gallagher (R-Wis.) wants the U.S. government to take its supply chain security
problems more seriously. On a conference call with reporters, Gallagher, a
co-chair of the Cyberspace Solarium Commission and a member of the House Armed
Services Committee, cited a recent oversight report that showed that Defense
Department personnel used government purchase cards to buy off-the-shelf
technology with known vulnerabilities. The congressman's cybersecurity concerns
are part of an increasingly fierce debate over the defense supply chain
security in the past two years that has everyone from regulators to contractors
yearning for clearer, stricter rules and bans of products and manufacturers.
Gallagher recently introduced a bill that would require congressional approval
for Huawei to be removed from the tech blacklist. But for DOD to better secure
its supply chain, a cultural schism between the Pentagon and the tech industry
must be addressed.
Nextgov
August 22,
2019
Two
lawmakers penned a letter to the National Highway Traffic Safety Administration
Thursday questioning whether they’ve been notified or plan to address cyber
vulnerabilities and dangers to public safety posed by the increasing use of
internet-connected cars on American roads. In their letter, Senators Ed Markey,
D-Mass., and Richard Blumenthal, D-Conn., raise concerns from a recent Consumer
Watchdog report that suggests car manufacturers have made investors and
shareholders aware of the risks associated with connected vehicles, but they
have yet to disclose that critical information to the general public. The
report, which was produced over five months in collaboration with car industry
technologists, alleges all top 2020 cars have connections that are vulnerable
to potentially detrimental “fleet wide attacks.” “We are concerned that
consumers are purchasing internet-connected vehicles without sufficient safety
warnings and write to inquire about NHTSA’s knowledge of any cyber vulnerabilities,
as well as what actions NHTSA is taking to address these issues,” the lawmakers
wrote.
The Hill
August 22,
2019
A
congressionally mandated commission plans to issue its recommendations for
protecting the U.S. against cyberattacks early next year, a former top official
at the Department of Homeland Security said Tuesday. The Cyberspace Solarium
Commission — made up of bipartisan members of Congress, former government
officials and industry representatives — is working toward formulating a
comprehensive, strategic approach, commission member Suzanne Spaulding said at
the Digital Government Institute’s 930gov conference. “I think we’re trying to
cover everything, frankly, short of war,” said Spaulding, a former under
secretary of the Department of Homeland Security's National Protection and
Programs Directorate, now known as the Cybersecurity and Infrastructure
Security Agency. “To have a strategic approach, you’ve got to make sure that
you’re thinking about all of the tools that you have at your disposal, all of
the resources, all of the levers that both you and the private sector can
contribute and bring to bear,” she added.
Gov Info
Security
August 19,
2019
To better
prepare for cyberthreats posed by Russia and China, the U.S. Army has been
building cyber and electronic warfare units. But a new report from the
Government Accountability Office finds that these units are understaffed,
underequipped and in need of better training. The GAO report comes at a time
when the Army is changing part of its mission, organizational structure and
training to develop new capabilities that can effectively counter Russia and China,
especially when it comes to cyberwarfare. The Army also plans to develop what
it calls "multidomain operations" by 2028 to confront adversaries on
land, air, sea, cyber and space, according to the GAO report. Over the last two
years, the Army has established two of these new units, and more are planned in
2020. The 915th Cyber Warfare Support Battalion, which is based in Fort Gordon,
Georgia, is focusing on providing offensive cyber capabilities. Another new
unit Army division with a similar mission is the Intelligence, Cyber,
Electronic Warfare and Space unit. The GAO determined, however, that while the
Army has accelerated its plans for cyberdefense and cyberwarfare, top officials
have not adequately staffed these new units. There have also been shortfalls
when it comes to properly training and equipping soldiers assigned to the these
new units, the report finds.
ADMINISTRATION
Federal
News Network
August 23,
2019
Recent
ransomware attacks in Texas and Louisiana are causing the National Guard to
rethink some of its training policies for its cyber units. Last month,
Louisiana was forced to declare a state of emergency after a handful of its
school districts’ networks were hacked. Similarly, a few days ago hackers held
more than 20 Texas local governments’ networks hostage. National Guard Chief
Gen. Joseph Lengyel called the events a “cyber storm” and the multi-state
attack is highlighting the need for more standardized policies and training for
cyber units across the force. “I have questions about us in terms of making
sure we are able to provide the best capacity to not only the military sector,
but also the domestic sector,” Lengyel said in a Friday phone call with reporters.
“Everybody’s cyber response packages look a little bit different. Texas has
this joint cyber response team and it has eight people both Army and Air. The
way Louisiana does it is a little different in the way we train them and the
way they plug into the civilian networks are all a little different.” While the
structures themselves are different and may need retooling, Lengyel said the
way members of the Guard are trained and the apparatuses they use may not be
standardized.
Gov Info
Security
August 23,
2019
Eighty
suspects, most of them Nigerian nationals, have been indicted on charges of
running global business email compromise and romance scams that led to millions
of dollars in fraud and allegedly involved a complex money-laundering
operation, according to the U.S. Department of Justice. The 252-count
indictment, revealed Thursday, also describes others crimes that targeted the
elderly, according to the U.S. Attorney's Office for the Central District of
California, which is overseeing the case along FBI agents in Los Angeles and
elsewhere. So far, the FBI has arrested 14 of the suspects, including 11 who
were either living or working in the Los Angeles area. Others charged in the
indictment remain at large, possibly living overseas, according to federal
prosecutors. The FBI issued some of the first search warrants related to this
case in 2017, authorities say.
The
Boston Globe
August 23,
2019
A computer
security expert is proposing a solution that would let the state Board of
Elections bolster its cybersecurity on Election Day without having to rip out
modems that make the state’s election system vulnerable to cyberattacks. On
Aug. 2, the Board of Elections asked Tony Adams, an information security
professional who lives in Providence, to write a memo suggesting ways to reduce
the risk of hacking on election night, when modems are used to quickly report
unofficial results. In an Aug. 14 memo, Adams suggests having the modems report
unofficial results to computers that are separate from the state’s core
election computer system, which configures ballots and tabulates official
results. That way, if hackers did penetrate the system on election night, they
couldn’t change the official results or hold the whole system hostage with
ransomware, for example, he said. “This idea is so elegant you have to ask: Why
didn’t I think of that?” Board of Elections Vice Chairman Stephen P. Erickson
said this week. “Because you don’t have to spend a lot of money, it’s
relatively simple to implement, and it will substantially increase the level of
security — and the perceived security, which is important.”
The Hill
August 22,
2019
The
Department of Homeland Security’s Cybersecurity and Infrastructure Security
Agency (CISA) plans to prioritize election security, cybersecurity at federal
agencies, and the “persistent threat” posed by China, among its many goals. The
agency laid out its key priorities in a new “strategic intent” document
released on Thursday, which CISA Director Christopher Krebs described in the
introduction as the “keystone” for the agency. Among Krebs’s operational
priorities is addressing Chinese threats to U.S. supply chains and to the
rollout of 5G networks, bolstering election security efforts at the state and
local level, and protecting the cybersecurity of industrial control systems.
Other priorities are protecting federal networks against cyber attacks, such as
ransomware incidents that have increasingly spread across the country, and
defending “soft targets” and crowded venues from physical threats.
The New
York Times
August 22,
2019
Brian A.
Hawkins Googles his name and last employer and winces. The words that appear
are verbs like “fired,” “axed” and “sacked.” The former information technology
director of Lake City, the northern Florida city that was forced to pay out
nearly half a million dollars after a ransomware attack this summer, was blamed
for the breach, and for the long time it took to recover. But in a new lawsuit,
Mr. Hawkins said he had warned the city about its vulnerability long ago —
urging the purchase of an expensive, cloud-based backup system that might have
averted the need to pay a ransom. But there was no money. And to those weighing
the many competing priorities in the northern Florida city of 12,000 people,
purchasing capacity on remote computer servers didn’t seem to rise to the top —
at the time. Once the city’s entire computer network crumbled in the space of a
few hours, there was an intense round of finger-pointing, and it ended with Mr.
Hawkins. “My name has been blasted all over the media and across the country
for weeks,” he said in his first interview with the news media since the attack
earlier this summer.
CyberScoop
August 22,
2019
A
years-long project from researchers at the National Security Agency that could
better protect machines from firmware attacks will soon be available to the
public, the lead NSA researcher on the project tells CyberScoop. The project
will increase security in machines essentially by placing a machine’s firmware
in a container to isolate it from would-be attackers. A layer of protection is
being added to the System Management Interrupt (SMI) handler — code that allows
a machine to make adjustments on the hardware level — as part of the open
source firmware platform Coreboot. Eugene Myers, who works in the National
Security Agency’s Trusted Systems Research Group, told CyberScoop that the end
product — known as an SMI Transfer Monitor with protected execution (STM-PE) —
will work with x86 processors that run Coreboot. Attackers are increasingly
targeting firmware in order to run malicious attacks. Just last year, the
first-ever documented UEFI rootkit was deployed in the wild, according to ESET
researchers. These type of attacks are particularly concerning because if an
attacker compromises an endpoint’s firmware, they could gain control of the
entire system. Many security software products do not detect firmware attacks.
Fifth
Domain
August 22,
2019
Students at
the Army’s cyber school and a Japanese defense force participated in what
service leaders are describing as the first international “capture the flag”
type event. The international exercise, held Aug. 21, sought to improve the
organizations’ relationship but also aimed to share best practices between key
allies as a way to strengthen training and best practices. Teams from the
Army’s cyber school and Japanese ground self defense force cyber students faced
off. Capture the flag events involve a set of challenges and objectives
students have to meet with the tools at their exposure, which tests their
knowledge and ability in areas like networking, for example. “It’s not
sometimes about the curriculum, it’s just training methodologies, what are good
lessons learned. Being a good coalition partner, if we’re learning things that
are bad and things that are good, we want to share them with others and we want
to reap the benefit as well,” Todd Boudreau, deputy commandant at the Army
Cyber School, told Fifth Domain. “As our students see students from another coalition
partner, they’re likely to see them one day on an operations floor. We want to
start that [speed of trust] real early so we can build those bridges right
away.”
CyberScoop
August 22,
2019
U.S. Army
Cyber Command could soon have a new identity. Commander Lt. Gen. Stephen
Fogarty said this week he wants his military outfit, dedicated to electronic
warfare and information operations, to be renamed as the “Army Information
Warfare Command.” The rechristening would better represent a new military
mission, he said, and come at a time when Army cyber personnel increasingly
deal with troll farms on social media, disrupt ISIS operations, and work to
confuse international adversaries’ understanding of U.S. military units’
location. “The intent is to provide a proposal that will change us from Army
Cyber Command to Army Information Warfare Command because we believe that is a
more accurate descriptor of what I am being asked to do on a daily basis,”
Fogarty said at the AFCEA TechNet conference in Augusta, Georgia this week.
Nextgov
August 21,
2019
As the
second cohort of the experimental Federal Reskilling Academy prepares to
graduate in September, two members from the first cohort—which graduated in
July—spoke with reporters about what they learned during the 13-week course and
what these new skills will mean for their careers. While both reskilling
graduates agreed their new skills are invaluable—in both their personal and
professional lives—the training has not translated into new jobs, one of the
main promises of the effort. When Federal Chief Information Officer Suzette
Kent announced the reskilling academy in November 2018, the stated goal of the
first cohort was to train non-IT employees as cyber defense analysts who could
then be transferred to IT-specific roles. The federal government has a critical
shortage of cybersecurity professionals and the academy was meant to be one way
of filling those positions with internal hires. Two graduates from the first
cohort—who OMB made available to reporters during a roundtable Wednesday—lauded
the course as an exceptional learning experience but said, for the time being,
they will continue working in their current positions.
New
England Public Radio
August 21,
2019
Elections
security experts have discovered new ways to manipulate the type of voting
machine used in Vermont, but local elections officials say it's unlikely that
bad actors could exploit those vulnerabilities to change the results of an
election. At a recent technology conference in Las Vegas, ethical hackers from
across the country tried to infiltrate some of the voting machines used in U.S.
elections. Probing for vulnerabilities in ballot tabulators is an annual
tradition at the DEF CON Hacking Conference. This year, however, hackers tried
to gain access to the same type of voting machine used by 135 towns in Vermont.
Montpelier City Clerk John Odum retrieved one of the machines from a vault last
week and placed it on a desk in his office. It's a pretty ancient-looking piece
of technology — like something you might have seen in a middle school computer
room in the early 1990s. The machine is called an AccuVote, and its name is
clearly meant to inspire confidence in the results it spits out. But when
white-hat hackers set to work on this tabulator at DEF CON earlier this month,
they quickly found all kinds of ways to manipulate results. Odum, a certified
ethical hacker himself, was one of the tech gurus in Vegas trying to compromise
the very same machines he uses to administer elections in Montpelier. Despite
all the vulnerabilities, Odum said there's no need to panic. "All of these
things, if we're doing everything right, are manageable," Odum said. In
order to corrupt the vote count on an AccuVote machine, you'd need physical
access to its mechanical innards; Odum said Vermont's elections security
protocols make the machines a pretty tough target to infiltrate.
The New
York Times
August 20,
2019
Computer
systems in 22 small Texas towns have been hacked, seized and held for ransom in
a widespread, coordinated cyberattack that has sent state emergency-management
officials scrambling and prompted a federal investigation, the authorities
said. The Texas Department of Information Resources said Monday that it was
racing to bring systems back online after the “ransomware attack,” in which
hackers remotely block access to important data until a ransom is paid. Such
attacks are a growing problem for city, county and state governments, court
systems and school districts nationwide. By Tuesday afternoon, Texas officials
had lowered the number of towns affected to 22 from 23 and said several
government agencies whose systems were attacked were back to “operations as
usual.” The ransomware virus appeared to affect certain agencies in the 22
towns, not entire government computer systems. Officials said that there were
common threads among the 22 entities and that the attacks appeared not to be
random, but they declined to elaborate, citing a federal investigation.
The
Washington Post
August 20,
2019
Starting in
2020, Los Angeles County’s 5.2 million voters will cast their ballots on new
machines that the county had custom built over a decade to be highly accessible
to citizens with all manner of disabilities and who speak 13 languages. The new
machines mark the biggest challenge in years to the highly consolidated voting
machine industry in the United States, in which just three companies control
more than 90 percent of the market. The dominant players have faced withering
criticism from security advocates and lawmakers since the 2016 election for
being too slow to adapt to election hacking threats from Russia and other
adversaries and not transparent enough about their security. The plan is for
the machines to be tested at some voting locations during local elections in
November and then to be used by all voters for the first time in primaries on
March 3, 2020. The challenge is even bigger because Los Angeles plans to make
the computer code its machines are running on freely available to be used or
modified by other voting jurisdictions. But the new systems are also likely to
add fire to a battle between cybersecurity hawks and advocates for voters with
disabilities that’s already playing out in Congress and among state election boards.
AP
August 20,
2019
Lawyers for
a transgender woman charged in a massive data breach at Capital One asked a
judge Tuesday to release her from federal custody, saying that for her to
remain jailed with men is a serious threat to her mental health. Paige
Thompson, a talented computer programmer from Seattle who goes by the online
handle "erratic," was arrested last month after the FBI said she
obtained personal information from more than 100 million Capital One credit
applications. There is no indication she sold or distributed the data. A
hearing is scheduled for Friday before Magistrate Judge Michelle Peterson on
whether Thompson will remain at the Federal Detention Center in SeaTac pending
trial. Prosecutors say she should because she presents a flight risk and is a
danger to herself and others. They said she has "a long history of
threatening behavior that includes repeated threats to kill others, to kill
herself, and to commit suicide by cop," and that in May police
investigated after she made threats to shoot up a California social media
company. In a response filed in U.S. District Court on Tuesday, her attorneys,
federal public defenders Mohammad Hamoudi and Christopher Sanders, asked for
her to be released to a halfway house where she would have better access to
mental health care.
Nextgov
August 19,
2019
Federal
agencies didn’t experience a single “major” cybersecurity incident in 2018,
marking the first time in three years the government avoided such a severe
digital incursion, according to a recent White House report. Not one of the
more than 31,000 cybersecurity incidents that agencies faced last year reached
the “major incident” threshold, which is defined as an event that affects more
than 100,000 individuals or otherwise causes “demonstrable harm” to the U.S,
according to the Office of Management and Budget. The government fell victim to
five major incidents in 2017 and 16 in 2016. Overall, the total number of cyber
events the government experienced dropped 12% from 2017, OMB officials told
Congress in their annual report on the Federal Information Security Management
Act. While OMB called this downward trend “encouraging,” they warned that
agencies shouldn’t let down their guard. Phishing and other email-based attacks
remain a popular strategy for online bad actors, and the government is still
struggling to attribute and label the thousands of attacks every year,
officials said.
AP
August 17,
2019
Georgia
election officials have for years ignored, downplayed and failed to address
serious problems with the state’s election management system and voting
machines, a federal judge said in a scathing order this week. U.S. District
Judge Amy Totenberg said those problems place a burden on citizens’ rights to
cast a vote and have it reliably counted. She called Georgia’s voting system
“antiquated, seriously flawed, and vulnerable to failure, breach,
contamination, and attack.” Despite those findings, Totenberg ruled Thursday
that Georgia voters will use that same election system this fall because of
concerns about the state’s capacity to make an interim switch while also
implementing a new system. Plaintiffs in a lawsuit challenging Georgia’s system
had asked Totenberg to order an immediate switch to hand-marked paper ballots
for special and municipal elections this fall. But she declined, citing worries
about the state’s capacity to manage an interim switch while also implementing
a new system that is supposed to be in place for the March 24 presidential
primaries.
INDUSTRY
CNBC
August 22,
2019
Software
company VMware on Thursday said it’s acquiring Carbon Black at an enterprise
value of $2.1 billion and Pivotal at an enterprise value of $2.7 billion. The deals
are expected to close by the end of January 2020. Shares of Pivotal were up as
much as 8% after the announcement, while VMware shares fell as much as 7%.
Carbon Black shares rose as much as 6% after shares were initially halted
following the close of the trading session. These are VMware’s largest
acquisitions yet. The deals build on VMware’s strength helping companies run
their software in their own data centers. They could help VMware compete better
in the security market and hybrid-cloud infrastructure operations. VMware isn’t
talking about cost synergies that could come out of buying two other
enterprise-focused companies. However, CEO Pat Gelsinger told CNBC the
companies will be operating profitably under VMware next year.
Ars Technica
August 22,
2019
In an
attempt to quell a controversy that has raised the ire of white-hat hackers,
the maker of the Steam online game platform said on Thursday it made a mistake
when it turned away a researcher who recently reported two separate
vulnerabilities. Valve’s new HackerOne program rules specifically provide that
“any case that allows malware or compromised software to perform a privilege
escalation through Steam, without providing administrative credentials or
confirming a UAC dialog, is in scope. Any unauthorized modification of the
privileged Steam Client Service is also in scope.” The statement and the policy
change from Valve came two days after security researcher Vasily Kravets, an
independent researcher from Moscow, received an email telling him that Valve’s
security team would no longer receive his vulnerability reports through the
HackerOne bug-reporting service. Valve turned Kravets away after he reported a
Steam vulnerability that allowed hackers who already had a toe-hold on a
vulnerable computer to burrow into privileged parts of an operating system.
Valve initially told Kravets such vulnerabilities were out of scope and gave no
indication that the one Kravets reported would be fixed.
ZDNet
August 21,
2019
Splunk on
Wednesday delivered better-than-expected second quarter financial results and
announced its plans to acquire cloud monitoring company SingalFx for $1.05
billion -- its largest acquisition to date. Splunk CEO Doug Merritt said the
purchase will enable to Splunk offer customers a single data platform that can
monitor cloud-native infrastructure and enterprise applications in real time.
"The combination of Splunk and SignalFx will give IT and developers a data
platform that allows them to monitor and observe data in real time, no matter
the infrastructure or data volume, helping them cut costs, boost revenue and
improve the customer experience," Splunk said in a press release. Splunk
said the SignalFx acquisition will close in the second half of its current
fiscal year.
Venture
Beat
August 21,
2019
Major tech
companies including Alibaba, Arm, Baidu, IBM, Intel, Google Cloud, Microsoft,
and Red Hat today announced intent to form the Confidential Computing
Consortium to improve security for data in use. Established by the Linux
Foundation, the organization plans to bring together hardware vendors,
developers, open source experts, and others to promote the use of confidential
computing, advance common open source standards, and better protect data.
“Confidential computing focuses on securing data in use. Current approaches to
securing data often address data at rest (storage) and in transit (network),
but encrypting data in use is possibly the most challenging step to providing a
fully encrypted lifecycle for sensitive data,” the Linux Foundation said today
in a joint statement. “Confidential computing will enable encrypted data to be
processed in memory without exposing it to the rest of the system and reduce
exposure for sensitive data and provide greater control and transparency for
users.”
Vice
Motherboard
August 19,
2019
Apple has
mistakenly made it a bit easier to hack iPhone users who are on the latest
version of its mobile operating system iOS by unpatching a vulnerability it had
already fixed. Hackers quickly jumped on this over the weekend, and publicly
released a jailbreak for current, up-to-date iPhones—the first free public
jailbreak for a fully updated iPhone that's been released in years. Security
researchers found this weekend that iOS 12.4, the latest version released in
June, reintroduced a bug found by a Google hacker that was fixed in iOS 12.3.
That means it’s currently relatively easy to not only jailbreak up to date
iPhones, but also hack iPhone users, according to people who have studied the
issue. “Due to 12.4 being the latest version of iOS currently available and the
only one which Apple allows upgrading to, for the next couple of days (till
12.4.1 comes out), all devices of this version (or any 11.x and 12.x below
12.3) are jail breakable—which means they are also vulnerable to what is
effectively a 100+ day exploit,” said Jonathan Levin, a security researcher and
trainer who specializes in iOS, referring to the fact that this vulnerability
can be exploited with code that was found more than 100 days ago.
INTERNATIONAL
Reuters
August 22,
2019
Israel is
easing export rules on offensive cyber weapons, despite accusations by human
rights and privacy groups that its technologies are used by some governments to
spy on political foes and crush dissent. A rule change by the defense ministry
means companies can now obtain exemptions on marketing license for the sale of
some products to specific countries, a source close to the cyber sector told
Reuters. Israel, like other big defense exporters, closely guards details of
its weapons sales and its export rules are not widely known, but the defense
ministry confirmed the change had gone into force about a year ago in response
to Reuters’ questions. Industry specialists say the change makes a speedier
approval process possible for the sale of cyber weapons, or spyware, which are
used to break into electronic devices and monitor online communications.
Israel’s defense ministry said the rule change “was made to facilitate
effective service to Israeli industries while maintaining and protecting
international standards of export control and supervision”.
CyberScoop
August 21,
2019
ackers
using web infrastructure associated with a known North Korean threat group are
behind a dormant phishing campaign that’s targeted the ministry of foreign
affairs in at least three countries, as well as a number of research organizations,
according to findings shared exclusively with CyberScoop before their
publication Wednesday. Researchers from Anomali, a threat intelligence company
based in California, found a network of malicious websites that appear to be
login portals for the French Ministry for Europe and Foreign Affairs, the
Ministry of Foreign and European Affairs of the Slovak Republic, Stanford
University, and a U.K. think tank, among other targets. Each of the targets has
focused in some way on North Korea’s nuclear efforts, or the international
sanctions issued as punishment for it. By tricking diplomats or other victims
into entering their credentials into a malicious website, the hackers behind
this apparent espionage effort could then use that information to spy on the
affected inbox. Exactly who is behind the operation was not immediately clear,
though Anomali determined the attackers in this case used the same
command-and-control server and the same IP address as the Kimsuky campaign,
which Palo Alto Networks and others previously have associated with North
Korea.
ZDNet
August 21,
2019
Chinese
advanced persistent threat (APT) groups are honing in on cancer research
institutes in recent cyberattacks in order to steal their work, researchers
say. Cancer is the second leading cause of death worldwide and claimed the
lives of 9.6 million individuals in 2018. The World Health Organization (WHO)
estimates that one in six deaths annually are caused by cancer, and with these
high mortality rates, researchers across the globe are working towards ways to
improve detection and treatment. China, too, is contributing -- but
cybersecurity firm FireEye says that facing cancer's impact on society, death
rates, and the cost of care, the country is not above using nefarious methods
to speed up research goals. On Wednesday, FireEye published a new report on the
state of cybercrime in the healthcare industry. Titled, "Beyond
Compliance: Cyber Threats and Healthcare," the research claims that
Chinese APTs -- many of which are state-sponsored -- continue to target medical
entities, and cancer-related organizations are a common target.
Gov Info Security
August 20,
2019
The June
ransomware attack against one of the largest forensic labs in the U.K.
continues to delay police investigations in Britain while authorities await
test results. At one point, authorities were confronted with a backlog of
20,000 forensic samples - including DNA and blood-samples - that were awaiting
analysis for criminal cases, according to a report by the BBC. Earlier this
year, the systems of Eurofins Scientific were crippled in a ransomware attack,
resulting in the lab paying a hefty ransom to retrieve its files.
Luxembourg-based Eurofins provides DNA testing, toxicology analysis, testing of
firearms and other services to British police agencies as well as their
counterparts in Europe, according to the company's website. The computer files
and systems targeted in the ransomware attack included sensitive information on
DNA and blood samples, which were required for urgent court hearings and police
investigations. This delayed these crucial processes for several weeks,
according to a Friday statement from the U.K.'s National Policing Chief's
Council.
ZDNet
August 20,
2019
A French
security researcher has found a critical vulnerability in the blockchain-based
voting system Russian officials plan to use next month for the 2019 Moscow City
Duma election. Pierrick Gaudry, an academic at Lorraine University and a
researcher for INRIA, the French research institute for digital sciences, found
that he could compute the voting system's private keys based on its public
keys. This private keys are used together with the public keys to encrypt user
votes cast in the election. Gaudry blamed the issue on Russian officials using
a variant of the ElGamal encryption scheme that used encryption key sizes that
were too small to be secure. This meant that modern computers could break the
encryption scheme within minutes.
TECHNOLOGY
Ars Technica
August 21,
2019
A rash of
supply chain attacks hitting open source software over the past year shows few
signs of abating, following the discovery this week of two separate backdoors
slipped into a dozen libraries downloaded by hundreds of thousands of server
administrators. The first backdoor to come to light was in Webmin, a Web-based
administration tool with more than 1 million installations. Sometime around
April of last year, according to Webmin developer Jamie Cameron, someone
compromised the server used to develop new versions of the program. The
attacker then used the access to distribute a backdoor that was downloaded more
than 900,000 times and may have been actively used by tens of thousands of
Internet-facing servers. A second backdoor came to light on Monday in 11 libraries
available in the RubyGems repository. According to an analysis by developer Jan
Dintel, the backdoor allowed attackers to use pre-chosen credentials to
remotely execute commands of their choice on infected servers.
CyberScoop
August 20,
2019
Encryption
has always been a battle line in cyberspace. Attackers try to break it;
defenders reinforce it. The next front in that struggle is something known as
homomorphic encryption, which scrambles data not just when it is at rest or in
transit, but when it is being used. The idea is to not have to decrypt
sensitive financial or healthcare data, for example, in order to run
computations with it. Defenders are trying to get ahead of attackers by locking
down data wherever it lies. The latest step in homomorphic encryption’s
decade-long journey from dream to adoption was a standards meeting over the
weekend of representatives from Google, Intel, and Microsoft, along with
academics from around the world. While previous meetings focused on the
specifics of algorithms, this fourth meeting included more talk of pursuing
homomorphic encryption standards at a handful of global bodies, according to
Intel’s Casimir Wierzynski, who helped organize the gathering.
