― Kurt Vonnegut
Aussie esports is booming So is corruption
How Legal Professionals Must Lead in the Age of Machines
Law Technology Today – “…Today, legal professionals, of course, spend much of their day interacting with computers. A desktop or laptop computer is the hearth of our workspace, where we do simple tasks like email, as well as complex tasks like using sophisticated systems to analyze data collections. We use our mobile phones, tablets, and ever-present digital assistants like Siri, Alexa, and more powerful tools like IBM’s Watson. Computers now assist us at trial—and they may soon drive us to the courthouse. Of course, some of this technology, like email, has been around for decades. But the newest forms of technology, especially those casually being dubbed “AI,” now encroaches on the home territory of what legal professionals do: think. So what will legal professionals do in 10, 40, or 100 years?…”
- Former White House press secretary Sean Spicer made his “Dancing With the Stars” debut Monday night. How’d it go? Uh, not so good, as The Daily Beast’s Matt Wilstein writes in this brutal review.
- For my money, “The Far Side” is the greatest cartoon strip of all time. Too bad it ended in 1995. But Comicbook.com’s Russ Burlingame writes that the classic Gary Larson strip could be making a comeback.
- The Tampa Bay Times’ Ashley Dye, who has just more than 1,500 Twitter followers, put out a journalistic tweet that got more than 116,000 likes and over 24,000 retweets. They then wrote a really smart column about it.
- Medium – The Discovery Dark Ages: How Filter Bubbles, Dark Patterns, and Algorithms Propagating Bias Impede the Spread of Knowledge – “… Change can be a good thing. Now, that said, there are ways in which search engines are being used to deliver results nowadays, regardless of whether people want them or not, and even if they should be desirable sources in the first place, which are not the best ones, in terms of relevance, quality, and accuracy. Discovery systems are a means to an end, and in this case, when a superior means emerges, there’s simply no reason not to jettison the old way of doing things. This requires some adaptability on our part, and a willingness to unlearn habitual yet inefficient procedures in favor of better ones….There is consequentially a growing disjoint between how non-librarians prefer to find information and the ways that some of us insist are still the best. Yet we cannot retreat to the reference desk and simply shake our heads at students who are off using Wikipedia. It’s proven much more productive, in this case, to educate people about the benefits and vulnerabilities of relying upon Wikipedia for research….”
AP
September
19, 2019
A key
Senate panel on Thursday approved $250 million to help states beef up their
election systems, freeing up the money after Senate Majority Leader Mitch
McConnell came under criticism from Democrats for impeding separate election
security legislation. The Kentucky Republican announced in a floor speech in
advance of the Appropriations Committee vote that he would support the funding,
which had bipartisan support on the funding panel. McConnell still isn’t
yielding in his opposition to more ambitious Democratic steps such as requiring
backup paper ballots as a backstop against potential hacks of election systems.
He said the Trump administration has “made enormous strides” in protecting the
nation’s voting infrastructure. The committee approved the money on a
bipartisan voice vote. The panel’s top Democrat, Patrick Leahy, said “funding
election security grants is a matter of national security.” The House approved
$600 million earlier this year, though there is considerable money left in the
pipeline from earlier appropriations.
Nextgov
September
19, 2019
A pair of
lawmakers demanded the Trump administration’s new national security adviser
reinstate an executive-level cybersecurity position that his predecessor John
Bolton eliminated last year. Soon after President Trump tapped the State
Department chief hostage negotiator Robert O’Brien to take over as national
security adviser on Tuesday, Sen. Mark Warner, D-Va., and Rep. Bennie Thompson,
D-Miss., called on O’Brien to restore the White House cybersecurity
coordinator. Bolton eliminated the position in May 2018 under the rationale of
reducing bureaucracy within the National Security Council. The move was largely
criticized by cyber experts who saw the job, which oversees government cyber
protections, international cyber negotiations and general U.S. cyber policy, as
too complex to be subsumed into broader White House operations. In a statement
on Wednesday, Warner, the top Democrat on the Senate Intelligence Committee,
said Bolton’s decision “showed a lack of seriousness in tackling the immediate
national security threats facing our country.” Thompson, the chairman of the
House Homeland Security Committee, echoed the sentiment. “Despite concerns
raised when the position was eliminated last year, the White House has done
little to address the vacuum left behind,” Thompson said Wednesday in a
statement. “There is no reason that the White House should have allowed this
position to be eliminated.”
CyberScoop
September
18, 2019
The U.S.
Election Assistance Commission has told lawmakers that it will not de-certify certain
voting systems that use outdated Microsoft Windows systems, a disclosure that
highlights the challenge of keeping voting equipment secure after a vendor
ceases offering support for a product. While a voting system would fail
certification if it were running software that wasn’t supported by a vendor,
the act of de-certifying the system is cumbersome and “has wide-reaching
consequences, affecting manufacturers, election administration at the state and
local levels, as well as voters,” EAC commissioners wrote in a letter to the
Committee on House Administration that CyberScoop obtained. To pass
certification, voting vendors must meet a series of specifications outlined in
the Voluntary Voting Systems Guidelines (VVSG), a set of standards that the EAC
has been slow to update. In response to questions from the committee’s staff,
EAC commissioners said the laborious de-certification process can be initiated
if there is credible information that a voting system no longer complies with
the guidelines. However, in the case of Election Systems & Software, the
country’s largest voting vendor, for example, the EAC said it didn’t have
“grounds to decertify any ES&S product that uses software that is no longer
supported by a third-party vendor.” The commissioners also said that there is
no stipulation for how far into the future operating systems must support
security patches for them to be certified.
CyberScoop
September
18, 2019
Cyberwarfare
and information operations now are the primary ways in which countries assert
themselves on the world stage, Sen. Mark Warner said in a speech Tuesday,
pointing to a new geopolitical reality in which traditional military strength
may be less urgent. The Virginia Democrat portrayed hacking, social media
manipulation, and other digital techniques as affordable options for smaller
countries that don’t have the financial resources to invest in modern military
hardware like tanks and fighter jets. U.S. leaders need to more urgently
recognize this transition, he said, and prioritize processes and technology
that stifle future attempts from adversaries to interfere in U.S. elections and
markets. Warner, vice chairman of the Senate Intelligence Committee, for years
has urged Congress to authorize more funding for cybersecurity. “I worry at
times we may be spending too much time [and] resources on 20th century stuff
when increasingly conflict in the 21st century will be cyber, will be
misinformation, disinformation,” Warner told reporters after a speech at the
Federal Election Commission.
Gov Info
Security
September
16, 2019
As
cybercriminals adopt new methods to steal and manipulate victims' identities,
the U.S. financial services industry needs to rethink how to protect customers'
information using emerging technologies, such as artificial intelligence,
security experts testified at a recent U.S. House committee hearing. The U.S.
House Financial Services Committee held the hearing Thursday to learn more
about how adopting new technologies can help fight ID theft - and how threat
actors are already using these same technologies to further expand their
crimes. Security experts told the committee that financial services companies,
as well as government agencies, need to adopt AI to counter new threats to
identity such as "deep fakes," which uses advanced imaging technology
and machine learning to convincingly superimpose video images, and
"synthetic identities," where cybercriminals use stolen information
to attempt to mimic a person to carry out identify-related frauds.
"Artificial intelligence is only enhancing cybercriminal's arsenal. AI can
be used more quickly to find vulnerabilities in a bank's software and used to
impersonate someone's voice or face in a phishing scam," says Rep. Bill
Foster, D-Ill., who chaired the hearing.
The New
York Post
September
15, 2019
GOP Sen.
Ben Sasse warned of a doomsday scenario in which China wipes out US satellites
to cripple the military’s GPS and communications systems in a cyber war that
takes place in outer space. “China has envisioned a lot of game theory that
has them sort of blowing up everything in the near-space early in a conflict,
which would take away lots of things like GPS,” the Nebraska lawmaker told
John Catsimatidis on his AM 970 radio show in an interview that aired
Sunday. “It would be absolutely disastrous.” Sasse, a member of the Senate
Intelligence Committee and the newly created Cyber Commission, said the country
isn’t doing “nearly enough” to protect Americans from “emerging cyber threats
from Russia, from North Korea, from Iran, but especially from China.” ”I’ve been
pushing Washington to get serious about these threats and to draft a badly
needed cyber playbook. Because we don’t have either offensive or defensive
doctrine,” he said.
ADMINISTRATION
Nextgov
September
20, 2019
The
Homeland Security Department wants to offer its cybersecurity personnel more
competitive pay, and it needs help setting those rates. The department recently
began seeking vendors to support the Cybersecurity Workforce Strategic
Compensation Program, an enterprisewide effort to bring salaries for the
agency’s cyber positions more in line with those in the private sector. By
offering employees more competitive pay, the initiative looks to address the
shortage of cyber expertise plaguing Homeland Security and other federal
agencies. Salary caps, lengthy onboarding and rigid career ladders have
historically made it hard for the government to recruit and retain cyber
experts, but with digital threats on the rise, agencies are looking for ways to
make cyber jobs more attractive. In a request for information published
Tuesday, the department asked vendors to discuss how they would approach
developing a new compensation structure and ensuring pay levels remain on par
with those in industry. Interested teams must also include information on any
IT systems they would use to support the program and their past experience with
managing salary and workforce management.
FCW
September
20, 2019
When John
Bolton was named National Security Adviser last year, one of his first official
acts was to eliminate the White House Cybersecurity Coordinator position,
arguing it was duplicative and unnecessary. With Bolton out and Robert O'Brien
named as his successor, speculation has drifted to whether the position might
be restored. Whether that indeed happens or not, the Department of Homeland
Security's top cyber official told reporters during a Sept. 19 briefing in
Maryland that his own agency was seeking to take up that mantle, or at least
parts of it. "I think that Congress … in standing up CISA, recognized that
there needs to be a federal lead for cybersecurity. I think that's the role
we're trying to play" at DHS, Cybersecurity and Infrastructure Security
Agency Director Chris Krebs said. "Don't take the lack of a coordinator
for a lack of coordination," Krebs told reporters. He pointed to the
diversity of agencies that sent speakers and representatives as an example of
how the federal government has naturally moved towards greater cooperation on
cybersecurity.
Nextgov
September 20,
2019
When
taxpayers use online systems, the IRS really wants to make sure the people
accessing information are who they say they are. The agency has implemented a
number of authentication tools over the years—with varying degrees of
success—and is now looking at behavioral analytics as an option. The IRS
announced a sole-source contract to BioCatch for a proof-of-concept that would
incorporate behavioral analytics for the agency’s eAuthentication system.
BioCatch’s technology tracks how a user interacts with their device and the
agency’s apps to continually verify their identity. “BioCatch collects
behavioral metrics—i.e., left/right handedness, pressure—while a user is
interacting with eAuth without impacting user experience and establishes a
profile for the user,” IRS contracting officers wrote in the statement of work.
“Once this profile is established, this data is used to detect fraud on
subsequent login attempts and to prevent account takeover during the user’s
session.”
Fifth
Domain
September
19, 2019
After years
of department officials hedging on the proper role of the Pentagon for election
security, Defense Secretary Mark Esper on Thursday pledged that the department
will consider the issue a core part of its mission in the future. “Moving
forward, I consider election security an enduring mission for the Department of
Defense,” Esper said in prepared remarks for the 2nd Annual National
Cybersecurity Summit. “Our adversaries will continue to target our democratic
processes — this is a reality of the world we live in today. Guarding against
these threats requires constant vigilance.” That is a far cry from 2017, when a
top department official went to Congress and argued that the DoD should not be
charged with such a mission. But lessons from 2018 — when the Pentagon played a
role in safeguarding the midterms — appears to have convinced the secretary
that election security falls within the department purview.
FCW
September
19, 2019
The Air
Force has been undergoing a months-long cybersecurity review and is ready to
deliver it to the deputy defense secretary, said a senior Air Force
intelligence director. Lt. Gen. Veralinn Jamieson, the Air Force's deputy chief
of staff for Intelligence, Surveillance, Reconnaissance, and Cyber Effects
Operations, said the branch was preparing results of an internal cybersecurity
audit for the deputy defense secretary. "We've been doing a cyber review
just like the Navy has done, just like the Army is doing, and we're about to
brief that out here shortly to the deputy secretary of defense on our
capabilities and how we're going to get after [vulnerabilities]," she said
speaking at a the Air Force Association's Air Space Cyber conference at
National Harbor on Sept. 18. "Because unless we protect our power
projection platforms, we really don't have them." The news comes as the
Air Force gets a new confirmed secretary. The Senate confirmed Barbara Barrett,
a former Aerospace Corp. chief, Sept. 18. During her confirmation hearing Sept.
12, Barrett said she would support an extensive cybersecurity review of the Air
Force, modeled on the Navy's comprehensive cybersecurity review completed
earlier this year.
Fifth
Domain
September
19, 2019
With less
than two weeks until the National Security Agency new cybersecurity directorate
officially starts its work, the organization’s leader said she plans to take a
“come together” approach in its first 60 days in order to make the group as
effective as possible. The directorate’s leader, Anne Neuberger, said Sept. 18
at the Cybersecurity and Infrastructure Security Agency’s summit that her team
will be made up of people with a variety of backgrounds, drawing from threat
intelligence professionals, emerging technologies experts and nuclear command
and control staff, totaling “several thousand” people. Because of the size and
diversity of backgrounds, the first step, she said, is to create “one
community, one culture internally.” Diversity, she said, will be her group’s
strength. “We’re integrating that to operationalize intelligence to defend
against threats,” Neuberger said, who noted that she’ll be working closely with
the Department of Homeland Security and FBI. Neuberger, who previously led the
Russia small group at the NSA, said her latest group will be “transforming to
work in the unclassified space.” “We recognize that using threat intelligence,
making it useful and effective, needs to be done in the way network defenders
need,” Neuberger said. “And that’s where we’ll be transforming.”
Nextgov
September 18,
2019
Cybersecurity
pros in government and industry need to get a broader community of people
engaged in fighting digital threats, but “selling fear” shouldn’t be their
primary strategy, according to the Homeland Security Department’s cyber chief.
As director of the Cybersecurity and Infrastructure Security Agency, Chris
Krebs has made it a priority to get more outside groups involved in his
agency’s cyber efforts. He attributes the successful defense of the 2018
midterm elections to those partnerships, and in the run-up to the 2020 race and
beyond, Krebs wants the broader cybersecurity community to follow CISA’s lead.
During a speech at the agency’s second annual Cybersecurity Summit, Krebs
called on industry and government experts to do more to help society grapple
with the growing array of digital threats targeting governments, private
companies and everyday citizens. Those efforts can take in a wide variety of
shapes, he said, from helping more small- and medium-size businesses bolster
their networks to supporting cybersecurity education for high school and
college students. “We’ve got to do more to extend our capabilities to float all
boats,” Krebs said. He also noted outreach efforts would also go a long way in
addressing the shortage of cybersecurity personnel that today is plaguing both
government and the private sector.
Wired
September 17,
2019
When the Air
Force showed up at the Defcon hacker conference in Las Vegas last month, it
didn’t come empty-handed. It brought along an F-15 fighter-jet data system—one
that security researchers thoroughly dismantled, finding serious
vulnerabilities along the way. The USAF was so pleased with the result that it
has decided to up the ante. Next year, it’s bringing a satellite. That’s a
promise from Will Roper, assistant secretary of the Air Force for acquisition,
technology, and logistics. While sending elite hackers after an orbiting
satellite—and its ground station—might sound ambitious, it’s in keeping with
Roper’s commitment to fundamentally changing how his branch of the military
attacks its cybersecurity challenges. “We have to get over our fear of
embracing external experts to help us be secure. We are still carrying
cybersecurity procedures from the 1990s,” says Roper. “We have a very closed
model. We presume that if we build things behind closed doors and no one
touches them, they’ll be secure. That might be true to some degree in an analog
world. But in the increasingly digital world, everything has software in it.”
The Hill
September 16,
2019
Colorado on
Monday became the first state in the U.S. to ban the use of QR codes on
ballots, citing cybersecurity concerns associated with the use of these codes
in tabulating votes. Colorado Secretary of State Jena Griswold (D) noted in
announcing the change that cybersecurity experts have raised concerns around
the security of using the QR codes on ballots. Griswold also cited findings by
U.S. intelligence that Russian operatives attempted to interfere in the 2016
presidential election as a reason to enhance cybersecurity of elections.
Currently, residents in Colorado make their choices on a ballot-marking device,
which then prints a physical ballot that includes both a QR code embedded with
the voter’s choices and a read-out for the voter to verify their choices. The
votes are then tabulated by a machine that scans the QR codes, which officials
say have the potential to be changed by hackers and be different than the votes
cast. Colorado will now require that votes only be counted based on
human-verifiable information, specifically the marked ovals on the printed
ballot, and not based on the counting of votes embedded in QR codes.
INDUSTRY
CyberScoop
September
20, 2019
Microsoft
said Friday it will offer state and local election officials free security
support for Windows 7 operating systems used in voting systems through 2020.
“We want to make sure that Windows 7 end-of-life doesn’t…become a barrier to
having a secure and safe election,” Jan Neutze, head of Microsoft’s
cybersecurity and democracy team, said in announcing the news. “It’s the right
thing to do,” he said at a conference hosted by the Department of Homeland
Security’s Cybersecurity and Infrastructure Security Agency. Microsoft has long
planned to stop providing security updates for Windows 7 users in general in
January 2020, but was allowing users to pay for those updates through January
2023. But the offer of free services through next year’s U.S. presidential
election is an additional effort to make it easier to update operating software
used in voting systems, such as the election management systems that format
ballots. Some systems that support voting in the U.S. still rely on Windows 7,
which is not nearly as straightforward to update on those machines as it is on
a personal computer. Patches require installation and testing to verify that
they will not disrupt a voting system.
Ars Technica
September
20, 2019
In 2017 and
2018, hackers compromised systems running the Click2Gov self-service
bill-payment portal in dozens of cities across the United States, a feat that
compromised 300,000 payment cards and generated nearly $2 million of revenue.
Now, Click2Gov systems have been hit by a second wave of attacks that’s dumping
tens of thousands of records onto the Dark Web, researchers said on Thursday.
The new round of attacks began in August and have so far hit systems in eight
cities, six of which were compromised in the previous episode, researchers with
security firm Gemini Advisory said in a post. Many of the hacked portals were
running fully up-to-date systems, which raises questions about precisely how
the attackers were able to breach them. Click2Gov is used by utilities,
municipalities, and community-development organizations to pay bills and
parking tickets as well as make other kinds of transactions. “The second wave
of Click2Gov breaches indicates that despite patched systems, the portal
remains vulnerable,” Gemini Advisory researchers Stas Alforov and Christopher
Thomas wrote. “It is thus incumbent upon organizations to regularly monitor
their systems for potential compromises in addition to keeping up to date on
patches.
Gov Info
Security
September
20, 2019
Decommissioned
domains that were part of the pervasive Magecart web-skimming campaigns are
being put to use by other cybercriminals who are re-activating them for other
scams, including malvertising, according to researchers at RiskIQ, a San
Francisco-based cybersecurity firm. The success of the Magecart credit card
attacks, which victimized hundreds of thousands of sites, millions of users and
such major corporations as British Airways, Forbes, Ticketmaster and Newegg
over the last 18 months, has led more cybercriminals to leverage Magecart's
tools, the researchers note in a report released Thursday. Magecart appears to
be a loose association of about a dozen different groups. Its campaigns have
been well-documented by RiskIQ and other cybersecurity firms. In its report,
RiskIQ has outlined the indications of compromise associated with the attacks, including
the malicious domains that the threat actors used to "inject web-skimming
JavaScript into browsers or as a destination for the skimmed payment
information," the report states. Many of those malicious domains have been
permanently sinkholed. But others have been decommissioned by the registrar,
held for a while and then put back into the pool of available domains.
Ars
Technica
September
20, 2019
On
September 19, in a conference room at the Pelican Hill Resort in Newport Beach,
California, Crown Sterling CEO Robert Grant, COO Joseph Hopkins, and a pair of
programmers staged a demonstration of Grant's claimed cryptography-cracking
algorithm. Before an audience that a Crown Sterling spokesperson described as
"approximately 100 academics and business professionals," Grant and
Hopkins had their minions generate two pairs of 256-bit RSA encryption keys and
then derive the prime numbers used to generate them from the public key in
about 50 seconds. The code was on an Apple MacBook Pro. Grant claimed that the
work could be used to "decrypt" a 512-bit RSA key in "as little
as five hours" using what Grant described as "standard
computing." The demonstration only raises more skepticism about Grant's
work and about Crown Sterling's main thrust—an encryption product called Time
AI that Grant claims will use the time signature of AI-generated music to
generate "quantum-entangled" keys. Grant's efforts to show how weak
long-cracked versions of RSA are was met with what can only be described as
derision by a number of cryptography and security experts.
CyberScoop
September
19, 2019
Voting-equipment
vendors are preparing to formally ask security researchers for ideas on
building a coordinated vulnerability disclosure (CVD) program, the next step in
the industry’s gradual move to work more closely with ethical hackers. The
Elections Industry-Special Interest Group, which includes the country’s three
largest voting-systems vendors, will this week release the request for
information (RFI), Chris Wlaschin, vice president of systems security at one of
those vendors, Election Systems & Software, told CyberScoop. “We all feel
that sense of urgency to adopt this sooner than later,” Wlaschin said. Since
January, the voting vendor group, which is part of the IT-Information Sharing
and Analysis Center (IT-ISAC), a broader industry association, has held
biweekly meetings to begin hashing out what a CVD program to find and fix
software bugs might look like. Other industries have adopted such programs,
which can raise the bar for security in an industry and establish trust with
independent security experts. Some security researchers have criticized the
elections-infrastructure sector for being slow to embrace ethical hacking.
Wlaschin said the Special Interest Group has been searching for a program that
will account for the idiosyncrasies of the elections-infrastructure industry,
including the far-flung nature of voting equipment across thousands of
jurisdictions.
ZDNet
September
19, 2019
Cyberattacks
are now considered by most execs to be the top business concern, far outranking
economic uncertainty, brand damage, and regulation, according to a survey by
insurance consultancy Marsh and tech giant Microsoft. The global survey of over
1,500 business leaders illustrates the rapid change in business leaders'
perceived risks to their organizations and shows that having a cyber insurance
policy is now more common than two years ago. In 2017, Marsh and Microsoft
found that 62% of respondents saw cyberattacks as a top-five risk, whereas this
year 79% do. The share of respondents who see cyber attacks as the number one
risk has also risen from 6% to 22% over two years. This year, the second most
widely considered top-five risk is economic uncertainty, followed by brand
damage, regulation, and loss of key personnel.
Ars
Technica
September
19, 2019
If you've
noticed an uptick of spam that addresses you by name or quotes real emails
you've sent or received in the past, you can probably blame Emotet. It's one of
the world's most costly and destructive botnets—and it just returned from a
four-month hiatus. Emotet started out as a means for spreading a bank-fraud
trojan, but over the years it morphed into a platform-for-hire that also
spreads the increasingly powerful TrickBot trojan and Ryuk ransomware, both of
which burrow deep into infected networks to maximize the damage they do. A post
published on Tuesday by researchers from Cisco's Talos security team helps
explain how Emotet continues to threaten so many of its targets.
The Wall
Street Journal
September
18, 2019
Huawei
Technologies Co. has been suspended from membership in a global trade group of
companies, governments and experts set up to tackle computer security breaches
and share information about vulnerabilities. The Forum of Incident Response and
Security Teams, called “First,” was set up in the 1990s to encourage
international cooperation in addressing and preventing hacking incidents. It
has grown into a sort of informal first responder to big global hacks and
cybersecurity incidents.
Ars
Technica
September 18,
2019
A
previously undocumented attack group with advanced hacking skills has
compromised 11 IT service providers, most likely with the end goal of gaining
access to their customers' networks, researchers from security firm Symantec
said on Wednesday. The group, dubbed Tortoiseshell, has been active since at
least July 2018 and has struck as recently as July of this year, researchers
with the Symantec Attack Investigation Team said in a post. In a testament to
Tortoiseshell’s skill, the new group used both custom and off-the-shelf hacking
tools. At least two of the 11 compromises successfully gained domain admin
level access to the IT providers’ networks, a feat that gave the group control
over all connected machines. Tortoiseshell's planning and implementation of the
attacks was also notable. By definition, a supply chain attack is hacking that
compromises trusted software, hardware, or services used by targets of
interest. These types of attacks require more coordination and work. Taken
together, the elements suggest that Tortoiseshell is likely a skilled group.
“The most advanced part of this campaign is the planning and the implementation
of the attacks themselves,” a member of Symantec’s research team wrote in an
email. “The attacker had to have multiple objectives achieved in an operational
fashion in order to compromise the true targets which would have relationships
with the IT provider.”
Reuters
September
18, 2019
Malaysia's
Malindo Air, a subsidiary of Indonesia's Lion Group, said on Wednesday it was
investigating a data breach involving the personal details of its passengers.
Malindo Air's statement followed a report by Moscow-based cybersecurity firm
Kaspersky Lab that the details of around 30 million passengers of Malindo and
fellow Lion Group subsidiary Thai Lion Air were posted in online forums. The
report said the leaked information included passengers' passport details,
addresses and phone numbers. Lion Group and Thai Lion Air could not immediately
be reached for comment. Malindo Air said it was notifying authorities
internationally about the incident and advised customers with online frequent
flyer accounts to change their passwords. It declined to provide more detail on
its investigation, including how many customers were affected, but said it did
not store any customer payment details on its servers.
Ars
Technica
September
16, 2019
Developers
of the LastPass password manager have patched a vulnerability that made it
possible for websites to steal credentials for the last account the user logged
into using the Chrome or Opera extension. The vulnerability was discovered late
last month by Google Project Zero researcher Tavis Ormandy, who privately
reported it to LastPass. In a write-up that became public on Sunday, Ormandy
said the flaw stemmed from the way the extension generated popup windows. In
certain situations, websites could produce a popup by creating an HTML iframe
that linked to the Lastpass popupfilltab.html window rather than through the
expected procedure of calling a function called do_popupregister(). In some
cases, this unexpected method caused the popups to open with a password of the
most recently visited site.
INTERNATIONAL
The New
York Times
September 20,
2019
A computer
hacker whose efforts revealed often troubling practices that shape the
multi-billion-dollar global soccer industry was charged with 147 crimes this
week by Portugal’s national prosecutor. For four years between 2015 and his
arrest in Hungary in January, the hacker, Rui Pinto, a 30-year-old from Portugal,
sowed anxiety in the soccer world by publishing hundreds of internal documents
onto an internet platform he set up called Football Leaks. Pinto later
collaborated with a European media consortium led by the German newsmagazine
Der Spiegel to disseminate even more documents. The information Football Leaks
made public — including player contracts, internal team financial documents and
confidential emails — pulled back the curtain on the murky world of soccer
finance, led to criminal tax prosecutions of several top players and even
helped prompt officials in the United States to reopen a sexual assault
investigation involving the Portuguese star Cristiano Ronaldo.
SC
Magazine
September 20,
2019
The UK’s
National Cyber Security Centre has published a report warning UK universities
that "state espionage will continue to pose the most significant threat to
the long-term health of both universities and the UK itself". It said that
phishing attacks and malware pose the most immediate, disruptive threat, but
the longer-term threat comes from nation states intent on stealing research for
strategic gain. The report said that academic institutions should "adopt
security-conscious policies and access controls" to mitigate risks,
"as well as to ensure potentially sensitive or high-value research is separated
rather than stored in one area". The assessment found that the open and
outward-looking nature of the universities sector, while allowing collaboration
across international borders, also eases the task of a cyber-attacker. The
report highlighted an example of this in an attack from last year attributed to
Iranian actors in which they were able to steal the credentials of their
victims after directing them to fake university websites.
NBC
September 17,
2019
The Trump
administration is weighing a range of options for a retaliatory action against
Iran, including a cyberattack or physical strike on Iranian oil facilities or
Revolutionary Guard assets, U.S. officials and others briefed on the
deliberations told NBC News. In a national security meeting on Monday, U.S.
military leaders provided President Donald Trump with a menu of possible
actions against Iran. But the president, seeking a narrowly focused response
that wouldn't draw the U.S. into broader military conflict with Iran, asked for
more options, people briefed on the meeting said. That could entail a strike by
Saudi Arabia, whose oil facilities were hit Sunday in an unprecedented attack,
that the U.S. would support with intelligence, targeting information and
surveillance capabilities — but without the U.S. actually firing any weapons at
Iran, one person familiar with the planning said.
CyberScoop
September
17, 2019
As
loyalties among Afghanistan’s Islamic extremists continue to shift, the U.S.
military may be poised to rely more heavily on offensive cyber capabilities to
target one group in particular — the dispersed but still active membership of
ISIS, according to one military cyber commander. Joint Task Force ARES, the
outfit charged with running joint and coalition cyber-operations against ISIS,
is working to uncover information about how the terrorist group continues to
operate in Afghanistan, the deputy commander said Monday. “JTF-ARES is in or
around where ISIS is operating,” Brig. Gen. Len Anderson said during a question
and answer at an Atlantic Council event Monday. “We are trying to illuminate
the network, trying to figure out how they’re communicating, what they’re
using, where the money might be flowing, is there money.” Although the Islamic
State’s physical caliphate has been crushed in Iraq and Syria, reporting from
the Defense Intelligence Agency this year says the group still has a network of
thousands of insurgents in Iraq and Syria, as well as militia in Iraq, Pakistan
and Afghanistan. Security experts are concerned that ISIS is gaining momentum
in Afghanistan in part because of the Trump administration’s efforts to
establish a peace deal with the Taliban, according to the Financial Times.
Bloomberg
September 16,
2019
A Russian
hacker at the center of an alleged scheme to steal financial data on more than
80 million JP Morgan Chase & Co. clients will plead guilty later this
month, according to a U.S. court filing. Andrei Tyurin, who was extradited last
year from the Republic of Georgia, is accused of performing key tasks that
netted hundreds of millions of dollars in illicit proceeds from the hack of
JPMorgan and other companies. Tyurin has struck a plea agreement with federal
prosecutors in New York to resolve the charges and is set to appear for a plea
hearing next week. Since he was first brought before a New York judge, hearings
in Tyurin’s case have been repeatedly canceled, and previous court filings have
said prosecutors and defense lawyers were engaged in plea negotiations. In a
filing late Friday, prosecutors from the Manhattan U.S. attorney’s office
sought to consolidate Tyurin’s case in New York with one filed in Atlanta, in
which he and others were accused of hacking online brokerage E*Trade. At the
time of the hacks, the breach was so vast that U.S. authorities suspected it
was the work of a state-sponsored cyberattack, with potential ties to Russia’s
intelligence agencies. But they ultimately concluded it was the work of a broad
criminal enterprise, with the purloined funds fueling other schemes including
stock manipulation, online gambling and money laundering.
Reuters
September 15,
2019
Australian
intelligence determined China was responsible for a cyber-attack on its national
parliament and three largest political parties before the general election in
May, five people with direct knowledge of the matter told Reuters. Australia’s
cyber intelligence agency - the Australian Signals Directorate (ASD) -
concluded in March that China’s Ministry of State Security was responsible for
the attack, the five people with direct knowledge of the findings of the
investigation told Reuters. The five sources declined to be identified due to
the sensitivity of the issue. Reuters has not reviewed the classified report.
The report, which also included input from the Department of Foreign Affairs,
recommended keeping the findings secret in order to avoid disrupting trade
relations with Beijing, two of the people said. The Australian government has
not disclosed who it believes was behind the attack or any details of the
report.
TECHNOLOGY
AP
September
20, 2019
The call
came on a Saturday in July delivering grim news: Many of the computer systems
serving the government of LaPorte County, Indiana, had been taken hostage with
ransomware. The hackers demanded $250,000. No way, thought County Commission
President Vidya Kora. But less than a week later, officials in the county
southeast of Chicago agreed to pay a $132,000 ransom, partially covered by
$100,000 from their insurance provider. "It was basically an economic
decision," Kora said. "How long do you keep all these employees
sitting, doing nothing? Whereas if you pay this, we can be back up and
running." That's precisely the calculation hackers count on. Now some
cybersecurity professionals are concerned that insurance policies designed to
limit the damage of ransomware attacks might be encouraging hackers, who see
insurers covering increasingly large ransoms and choose to target the type of
institutions likely to have coverage. "Once a cybercriminal finds a
formula that works for them, they're going to stick to it," said Tyler
Moore, a cyber security professor at the University of Tulsa. "If you're a
company or a city that has this coverage, the decision of whether to pay is
quite clear. It gets more difficult when you take a step back and look at the societal
view." This year alone, the average ransom payment climbed from $12,762 at
the end of March to $36,295 by the end of June — a 184% jump — according to
Coveware, a firm that negotiates on behalf of ransomware victims.
Ars Technica
September
18, 2019
Hackers
have found a new way to amplify the crippling effects of denial-of-service
techniques by abusing an improperly implemented tool found in almost 1 million
network-connected cameras, DVRs, and other Internet-of-things devices. The
technique abuses WS-Discovery, a protocol that a wide array of network devices
use to automatically connect to one another. Often abbreviated as WSD, the
protocol lets devices send user datagram protocol packets that describe the
device capabilities and requirements over port 3702. Devices that receive the
probes can respond with replies that can be tens to hundreds of times bigger.
WSD has shipped with Windows since Vista and is one of the ways the operating
system automatically finds network-based printers.
ZDNet
September
18, 2019
Malware
that mines cryptocurrency has made a comeback over the summer, with an increased
number of campaigns being discovered and documented by cyber-security firms.
The primary reason for this sudden resurgence is the general revival of the
cryptocurrency market, which saw trading prices recover after a spectacular
crash in late 2018. Monero, the cryptocurrency of choice of most crypto-mining
malware operations, was one of the many cryptocurrencies that were impacted by
this market slump. The currency also referred to as XMR, has gone down from an
exchange rate that orbited around $300 - $400 in late 2017 to a meager $40 -
$50 at the end of 2018. But as the Monero trading price recovered throughout
2018, tripling its value from $38 at the start of the year, to nearly $115 over
the summer, so have malware campaigns.
