David Eastman, the man jailed for almost 20 years for killing one of Australia's top police officers, has been awarded more than $7 million in compensation after he was found not guilty of the crime.
Key points:
- David Eastman is awarded $7.02 million after spending nearly two decades in jail for a murder he was found not to have committed
- The ACT Government had offered Mr Eastman an "act of grace" payment of more than $3 million, but he refused because it required that he waive his right to further compensation
- The 74-year-old previously told court of the despair and fear he felt in jail, and the assaults he had suffered
Mr Eastman was last year acquitted of the murder of Australian Federal Police assistant commissioner Colin Winchester in a retrial, clearing the way for a compensation bid.
David Eastman awarded more than $7 million for wrongful murder conviction, almost 20 years in jail
David Eastman rejected $3.8 million 'act of grace' payout from ...
SBS
In a redacted statement made to the court, Mr Eastman publicly detailed for the first time the abuse and beatings he faced while in prison.
John Hatton: the case that almost broke me | South Coast ...
Police Mafia link: John Hatton recalls ordeal of Winchester ...
The Hill
October 10,
2019
A
bipartisan group of senators is calling for all branches of government to share
information on threats to technology supply chains, citing potential risks to
national security. In a Wednesday letter to Office of Management and Budget
Director Mick Mulvaney, top members of the Senate Homeland Security Committee
called for the Federal Acquisition Security Council (FASC) to come up with a
plan of action. The intelligence community (IC) shares information on threats
to the information technology supply chain with civilian agencies through the
FASC. Senators want that threat information made available to other branches of
government. “Both Congress and the Executive branch have devoted considerable
time identifying ways to enhance the supply chain security of information and
communications technology (ICT) on U.S. government systems,” the senators
wrote. “The work is vitally important, but executive agency solutions do not
always mean whole of government solutions.” The senators emphasized that “the
government must ensure that information used to secure executive agency
computer systems and networks is shared with ICT professionals in Congress and
the judiciary.”
TechCrunch
October 9,
2019
Homeland
Security’s cybersecurity division is pushing to change the law that would allow
it to demand information from internet providers that would identify the owners
of vulnerable systems, TechCrunch has learned. Sources familiar with the
proposal say the Cybersecurity and Infrastructure Security Agency (CISA),
founded just less than a year ago, wants the new administrative subpoena powers
to lawfully obtain the contact information of the owners of vulnerable devices
or systems from internet providers. CISA, which warns both government and
private-sector businesses of security vulnerabilities, privately complained of
being unable to warn businesses about security threats because it can’t always
identify who owns a vulnerable system. The new proposal would allow CISA to use
its new powers to directly warn businesses of threats to critical devices, such
as industrial control systems — typically used in critical infrastructure.
These systems are highly sensitive and are increasingly the target of hackers
to disrupt real-world infrastructure, like the power grid and water supply. By
law, internet providers are not allowed to share their subscriber data without
first receiving a legal demand, such as a subpoena, that can be issued from a
federal agency without requiring the approval of a court.
The Hill
October 8,
2019
Five
Republican senators sent a letter to Microsoft on Tuesday stressing that
Chinese telecommunications giant Huawei poses a “real and urgent” threat after
an executive at the American tech giant complained the U.S. hasn't been open
about why Huawei was blacklisted. The letter from GOP Sens. Tom Cotton (Ark.),
Marco Rubio (Fla.), Rick Scott (Fla.), Josh Hawley (Mo.) and Mike Braun (Ind.)
to Microsoft President and Chief Legal Officer Brad Smith details several
allegations of “espionage activities” and “technology theft and economic
warfare." President Trump in May directed the Commerce Department to place
Huawei on its "Entity List." U.S. companies are forbidden from doing
business with firms on the list, but the government has granted Huawei multiple
"general temporary licenses" since. The U.S. has long considered
Huawei a national security threat because of its deep connections to the Chinese
government. Smith last month in an interview with Bloomberg Businessweek said
that Microsoft has asked U.S. regulators to explain the decision to blacklist
Huawei multiple times. “Oftentimes, what we get in response is, ‘Well, if you
knew what we knew, you would agree with us,’” Smith said. “And our answer is,
‘Great, show us what you know so we can decide for ourselves. That’s the way
this country works.’” In their letter Monday, the senators said that publicly
available information is enough to prove Huawei should be reprimanded.
ADMINISTRATION
Nextgov
October 11,
2019
The
Cybersecurity and Infrastructure Security Agency’s cyber threat analysis chief
shared fresh details this week around an ongoing campaign of cyberattacks
linked to the Chinese government, specifically targeting managed service
providers. “The core issue with the compromise of managed service providers is
that it really gives the attacker a force-multiplier effect,” CISA’s Rex Booth
said at a summit hosted by FCW Thursday. Earlier this year, Homeland Security
conducted a series of webinars to educate the American public about the rising
attacks that take advantage of companies’ possible internal vulnerabilities.
Since 2006, the Homeland Security Department has tracked a threat group,
commonly known in the security industry as APT10, which Booth noted is
sponsored by the Ministry of State Security in China. Between 2014 to 2018, the
agency noticed a strategic shift in the threat group's tactics: The hackers
began specifically targeting America’s managed services providers, or MSPs.
Those providers remotely manage customers’ information technology
infrastructure or other tech-based systems.
CyberScoop
October 11,
2019
The
National Security Agency’s new Cybersecurity Directorate, charged with helping
protect the defense industrial base and sensitive government computers by
providing insights on foreign hackers, is now at initial operating capability,
senior NSA officials informed reporters at a rare briefing Thursday at Fort
Meade. Just this week the fledgling directorate took one of its first public
actions, issuing an unclassified alert about nation-state hacking groups
actively exploiting vulnerabilities on virtual private networks. Beyond the
usual job of such alerts — identifying the bugs and recommending mitigations —
the directorate made a point to provide ways for organizations to check whether
they have been victimized, something the directorate intends to continue in
unclassified ways moving forward. “We need to be sure that people who own
networks that are vital to the national security systems and defense systems of
this nation can figure out if adversaries have gained access into their
networks,” NSA spokesperson Natalie Pittore said. “It’s about preventing but
also kicking out the adversary.”
Nextgov
October 10,
2019
The Army
kicked off its second bug bounty competition yesterday, according to a press
release, offering hundreds of thousands of dollars to white-hat hackers able to
find vulnerabilities in the service’s public-facing systems. For the service’s
second “Hack the Army,” a mix of federal civilians, active U.S. military and
certain invited individuals will scour more than 60 publicly accessible web
assets for vulnerabilities until Nov. 8. The top three U.S.-based hackers will
be invited to participate in a team competition and awards ceremony at the end
of the competition. “Opening up the Army’s cyber terrain to the hacker
community is exactly the type of outside-the-box, partnership approach we need
to take to rapidly harden and better defend our most foundational weapons
system: the Army network,” Lt. Gen. Stephen Fogarty, Army Cyber Command’s
commanding general, said in a statement.
Gov Info
Security
October 10,
2019
The
personal data of Mississippi citizens is susceptible to breaches because many
state agencies, universities and other organizations are failing to comply with
all the mandates of the state's cybersecurity law, according to a report issued
by the Office of the State Auditor. The audit found that many agencies were not
in full compliance with the Mississippi Enterprise Security Program. The state
law passed in 2017, which codified the guidelines in the state's security
program, requires the implementation and maintenance of security policies and
standards by any organization or agency that relies on Mississippi's state IT
network. The recently release auditor's report notes that of the 125
organizations asked to participate in a survey, 54 did not respond to requests
for information. Of the 71 state agencies and organizations that did respond,
over half were less than 75 percent compliant with the enterprise security
program. "The results of the survey show that Mississippians' personal
data may be at risk," the report states. "Many state agencies are
operating as if they are not required to comply with cybersecurity laws, and
many refused to respond to auditors' questions about their compliance."
FCW
October 9,
2019
While much
of the discussion around supply chain security has focused on the parts,
components and gear that make up an organization's physical IT assets, a
growing number of experts are making the case that vulnerabilities in the
software supply chain may represent the larger cybersecurity threat over the
long haul. A 2018 survey of 1,300 IT security professionals by cybersecurity
firm CrowdStrike found that nearly 80% of respondents said their organizations
needed to devote more resources to their software supply chain, and 62% said
the issue was being overlooked during IT spending decisions. That lack of
attention may be creating easy pathways for malicious hackers. According to
Cheri Caddy, director of public private partnerships at the National Security
Agency, rudimentary, easily exploitable software vulnerabilities are still the
most common ways bad actors get into systems and networks. "I think part of
the challenge in this space is not only do you have to anticipate dynamic
change in the future … but we're still living in the space where we haven't
lifted the lowest common denominator and we're still talking about cyber
hygiene," Caddy said at an Oct. 9 event hosted by the Atlantic Council.
Gov Info
Security
October 9,
2019
Federal
regulators are proposing a "safe harbor" that would permit hospitals
to donate certain cybersecurity software and services to physicians. The move
would modify the so-called Stark Law and federal anti-kickback regulations.
Reacting to the proposal, privacy and security attorney Stephen Wu of the law
firm Silicon Valley Law Group notes: "In the short run, anything that can
help doctors improve their cybersecurity is good. However, in the long run, you
don't want doctors to be overly dependent on hospitals for their
cybersecurity." In a statement Wednesday, the Department of Health and
Human Services said its two proposed rules - one issued by the Centers for
Medicare and Medicaid Services, and the other by HHS Office of Inspector
General - aim to "modernize and clarify the regulations that interpret the
Physician Self-Referral Law - the 'Stark Law' - and the Federal Anti-Kickback
Statute." Portraying the proposals as a way to help improve patient care
coordination by ensuring secure health information exchange, HHS says the two
rules would "provide greater certainty for healthcare providers
participating in value-based arrangements and providing coordinated care for
patients. The proposals would ease the compliance burden for healthcare
providers across the industry, while maintaining strong safeguards to protect
patients and programs from fraud and abuse."
Nextgov
October 8,
2019
Nation-state
actors are actively exploiting vulnerabilities in three different virtual
private network services to gain access to users’ devices, according to the
National Security Agency. In an advisory issued Monday, NSA said international
hackers were taking advantage of bugs in older versions of virtual private
network applications produced by Pulse Secure, Fortinet and Palo Alto Networks.
Users of the products are “strongly recommended” to update their systems, the
agency said. Virtual private networks, or VPNs, allow users to safely share
data across public Wi-Fi and other potentially insecure networks. According to
the advisory, the vulnerability in the Pulse Secure product allows nefarious
actors to remotely execute code and download files, as well as intercept
encrypted network traffic. The bugs in the other two systems both allow for
remote code execution, the NSA said.
FCW
October 7,
2019
The
National Institute for Standards and Technology is looking to enter into
cooperative research agreements for products and technical expertise that can
secure energy-related internet-of-things devices. In a posting scheduled to be
published Oct. 8 in the Federal Register, NIST is asking all interested
organizations to submit letters of interest to enter a Cooperative Research and
Development Agreement with the agency to "provide an architecture that can
be referenced and develop guidance for securing [industrial IoT devices] in
commercial and/or utility-scale distributed energy resource environments."
The initiative marks the first foray into the energy sector for the National Cybersecurity
Center of Excellence, a clearinghouse for public and private sector cyber
expertise established in 2012. "The expected outcome of the demonstration
is to improve the security of [industrial IoT] across an entire energy sector
enterprise," the notice states. "Participating organizations will
gain from the knowledge that their products are interoperable with other
participants' offerings."
Nextgov
October 7,
2019
Local
governments facing an onslaught of ransomware attacks are increasingly turning
to insurance to protect them if hackers successfully take control of a city’s
computer system. But experts warn that local governments may not be getting the
level of protection they need through basic policies. And when insurance
companies opt to pay ransoms, rather than cover the (sometimes exorbitant) cost
to recover data, they make local governments a bigger target for hackers.
Larger cities may purchase their own individual plans, like Houston did in 2018
when it paid close to $500,000 for a $30 million plan that would cover
emergency response to cybersecurity breaches and losses associated with a
cyberattack. In contrast, many smaller municipalities receive coverage through
pooled plans, such as those offered by associations. “A lot of plans that
municipalities are looking at—it’s a patchwork,” said Alan Shark, executive director
of the Public Technology Institute, a technology organization that works with
city and county governments. “There are no universal standards.”
CNN
October 5,
2019
An
attempted hack into a mobile voting app used during the 2018 midterm elections
may have been a student's attempt to research security vulnerabilities rather
than an attempt to alter any votes, three people familiar with the matter told
CNN. Mike Stuart, the US attorney for the Southern District of West Virginia,
revealed at a press conference Tuesday that an FBI investigation "is
currently ongoing" after an unsuccessful attempted intrusion into the
Voatz app, which West Virginia has used since 2018 to allow overseas and
military voters to vote via smartphone. No criminal charges have been filed.
The sources told CNN that the FBI is investigating a person or people who tried
to hack the app as a part of a University of Michigan election security course.
Michigan is one of the main academic hubs of election security research in the
country, housing the trailblazing Michigan Election Security Commission. The
office of West Virginia Secretary of State Mac Warner had previously
communicated to Stuart that suspicious activity against the Voatz app came from
IP addresses associated with the University of Michigan, one of the people
familiar with the matter told CNN.
INDUSTRY
CyberScoop
October 11,
2019
The cyber
insurance industry is taking baby steps away from a long and messy infancy. For
the hundreds of companies that offer policies, toddlerhood is here, and it
means exerting more influence over how clients protect their networks and
information. For years, headlines have fixated on how big firms like AIG and
Zurich have been locked in legal disputes over specific claims, but insurers
are now trying to be more proactive with customers. The smartest approach for
everyone, they say, is to prevent breaches from happening in the first place.
Key to that, and saving money, is trying to identify the products that are most
effective. Marsh, the global insurance broker and risk adviser, last month
published its first list of Cyber Catalyst-designated products, a tag given to
17 services that a group of insurance firms say its clients should consider,
including offerings like FireEye’s Endpoint tool and CrowdStrike penetration
testing service. Insurers for years have assessed security products, and
partnered with vendors, but the breadth of the Cyber Catalyst program proves
the industry thinks it has enough data about prior security incidents to help
clients avoid breaches in the future.
Gov Info Security
October 11,
2019
CafePress
has been hit with a lawsuit alleging that it failed to notify customers about a
massive data breach in a timely manner. The Louisville, Kentucky-based
personalized product retailer sells custom T-shirts and a variety of other
printed materials. The company believes that about 23 million users' details
got swiped. In addition, security experts have warned that instead of using a
fit-for-purpose password-hashing algorithm, CafePress was continuing to use
SHA-1, which is outdated and stores passwords in a manner that is relatively
easy for hackers to crack.
Ars
Technica
October 10,
2019
Attackers
exploited a zeroday vulnerability in Apple's iTunes and iCloud programs to
infect Windows computers with ransomware without triggering antivirus
protections, researchers from Morphisec reported on Thursday. Apple patched the
vulnerability earlier this week. The vulnerability resided in the Bonjour
component that both iTunes and iCloud for Windows relies on, according to a
blog post. The bug is known as an unquoted service path, which as its name
suggests, happens when a developer forgets to surround a file path with
quotation marks. When the bug is in a trusted program—such as one digitally
signed by a well-known developer like Apple—attackers can exploit the flaw to
make the program execute code that AV protection might otherwise flag as
suspicious.
CyberScoop
October 10,
2019
Cybersecurity
researchers have discovered two new tools used by a prolific hacking group
known as FIN7, highlighting how, despite a law enforcement crackdown, the group
appears to be thriving and making a lot of money in the process. The Eastern
European hacking crew, which researchers say has stolen over $1 billion from
victims in recent years, is using a new “dropper” to deliver its malicious
code, as well as a payload that tampers with a remote IT administration tool,
cybersecurity company FireEye said Thursday. Mandiant, FireEye’s incident
response arm, discovered the new tools while responding to recent FIN7 hacks in
the hospitality industry. It appears the attackers are going after their usual
targets — payment card processors — to try to steal money. “We have multiple
ongoing victims and felt that, especially within the security industry, [this
was information] we needed to get out there” to raise awareness, said Regina
Elwell, principal threat analyst at FireEye.
Wired
October 9,
2019
At this
point, it's painfully unsurprising to hear new examples of tech companies
misusing customer data. But a particularly shameful version of the story has
become increasingly common: services pulling phone numbers and other data used
for two-factor authentication into their marketing databases. On Tuesday,
Twitter became the latest tech giant to join those ranks. The company said in a
statement that it accidentally ingested phone numbers and email addresses
collected for security measures like two-factor into two of its advertising
systems, called Tailored Audiences and Partner Audiences. The company didn't
give the information directly to marketers, but used it to help them target ads
to Twitter users. Twitter stopped the data bleed on September 17, three weeks
before coming forward about it. It's not clear for how long the improper
sharing had taken place prior, and Twitter says it doesn't know how many users
were affected. "When an advertiser uploaded their marketing list, we may
have matched people on Twitter to their list based on the email or phone number
the Twitter account holder provided for safety and security purposes. This was
an error and we apologize," the company wrote in its statement.
"We’re very sorry this happened and are taking steps to make sure we don’t
make a mistake like this again."
CSO
October 9,
2019
A security
audit sponsored by Mozilla uncovered a critical remote code execution (RCE)
vulnerability in iTerm2, a popular open-source terminal app for macOS. The flaw
can be exploited if an attacker can force maliciously crafted data to be
outputted by the terminal application, typically in response to a command
issued by the user. ITerm2 is an open-source alternative to the built-in macOS
Terminal app, which allows users to interact with the command-line shell.
Terminal apps are commonly used by system administrators, developers and IT
staff in general, including security teams, for a variety of tasks and
day-to-day operations. The iTerm2 app is a popular choice on macOS because it
has features and allows customizations that the built-in Terminal doesn’t,
which is why the Mozilla Open Source Support Program (MOSS) decided to sponsor
a code audit for it. The MOSS was created in the wake of the critical and
wide-impact Heartbleed vulnerability in OpenSSL with the goal of sponsoring
security audits for widely used open-source technologies.
ZDNet
October 8,
2019
Hackers
have breached the infrastructure of Volusion, a provider of cloud-hosted online
stores, and are delivering malicious code that records and steals payment card
details entered by users in online forms. More than 6,500 stores are impacted,
but the number could be even higher. In a press release published last month,
Volusion claimed it had more than 20,000 customers. The most notable compromise
is the Sesame Street Live online store, which has been taken down earlier today
after another journalist reached out. At the time of writing, the malicious
code is still on Volusion's servers and is still being delivered to all of the
company's client stores. Volusion has not returned emails or phone calls from
this reporter, nor from security researchers from Check Point and Trend Micro.
Cyber-security firm RiskIQ is also tracking the incident and confirmed the hack
to ZDNet.
CyberScoop
October 8,
2019
Insurance
giant AIG argued to a New York federal court on Monday that it is not
responsible to cover nearly $6 million in losses incurred by a client that was
victimized by suspected Chinese hackers. The company asked a court in the
Southern District of New York to dismiss a lawsuit filed in August by SS&C
Technologies, a $6 billion financial technology company, which alleged that AIG
violated its contract by failing to cover losses from fraud. Hackers fleeced
SS&C out of $5.9 million in 2016 by emailing company employees from spoofed
email addresses, and requesting monetary transfers. AIG says its policy
stipulates that the insurer will not cover losses stemming from criminal
activity. “SS&C admits that it has filed suit seeking indemnity coverage
for its settlement of a breach of contract claim concerning criminals using
‘spoof emails’ to trick SS&C into improperly using its authority over its
client’s bank account to send $5.9 million of its client’s funds to bank
accounts controlled by criminals in Hong Kong,” AIG said in court documents
filed Monday.
AP
October 7,
2019
While small
and mid-sized businesses are increasingly targets for cybercriminals, companies
are struggling to devote enough resources to protect their technology from
attack. That’s one of the findings of an annual survey of companies released by
the Poneman Institute, which researches data protection, and Keeper Security, a
manufacturer of password protection software. The survey found that 76% of the
592 U.S. companies surveyed had experienced a cyberattack in the previous 12
months. That was up from 70% in a survey in 2018, and 63% in a 2017 survey. The
most common attacks were phishing and social engineering scams, cited by 57% of
companies. These are invasions that target unsuspecting computer, smartphone
and tablet users with realistic-looking emails; if a user clicks on a link or
attachment in the email, malicious software is downloaded onto the device.
Forty-four percent of companies reported an attack that came via a website.
The Wall
Street Journal
October 6,
2019
Andy
Fitzgerald, chief executive of a community health system in Wyoming, was
visiting his son in Georgia last month when he received a distressing text
message from his chief operating officer: Their company had been hit by a
cyberattack. Hackers had locked up sensitive patient information and medical
devices at Campbell County Health and demanded a ransom. “My initial thought was,
‘Oh crap,’” said Mr. Fitzgerald, who declined to say whether he paid the
demand. In the days after the attack, the health system, which operates a
90-bed community hospital and other facilities, was forced to cancel services
including radiology, endocrinology and respiratory therapy. The organization
transferred patients to hospitals as far away as South Dakota and Denver. Cash
registers, email and fax were unavailable. Doctors had to resort to pen and
paper to document medical conditions, and with prescription records
inaccessible, patients were asked to bring medication bottles to visits.
Employees have worked around the clock in the past few weeks to restore
services, which are mostly back to normal, he said.
Tuscaloosa
News
October 5,
2019
The DCH
Health System has made a payment to the hackers responsible for the crippling
attack on its computer system that’s impacted operations at its three hospitals
since early Tuesday morning. Hospital officials haven’t revealed how much was
paid, but said in a statement Saturday that teams are working around the clock
to restore normal hospital operations. “We worked with law enforcement and IT
security experts to assess all options in executing the solution we felt was in
the best interests of our patients and in alignment with our health system’s
mission,” system spokesman Brad Fisher said Saturday morning. “This included
purchasing a decryption key from the attackers to expedite system recovery and
help ensure patient safety. For ongoing security reasons, we will be keeping
confidential specific details about the investigation and our coordination with
the attacker.” There has been no evidence that patient or employee data was
affected, he said.
INTERNATIONAL
CyberScoop
October 10,
2019
Hackers
potentially working on behalf of a foreign government have targeted Moroccan
human rights advocates with malicious software built by NSO Group, a
controversial spyware vendor, according to Amnesty International. Since 2017,
journalist Maati Monib and Abdessadak El Bouchattaoui, an attorney who has
protested the Moroccan government’s security forces, repeatedly have received
malicious links and browser redirections that, if trusted, would install the
Pegasus malware, Amnesty found. It’s the latest allegation that NSO Group
provided Pegasus to a customer that used it for more than combating terrorism
and crime. The software allows attackers to take almost total control of an
affected phone. Human Rights Watch has documented a list of government efforts
to obstruct reform in Morocco, including prison sentences for people who have
“harmed” the monarchy there or insulted Islam. El Bouchattaoui, one of the
activists whose experience was detailed by Amnesty, was sentenced to two years
in prison for internet posts criticizing authorities’ use of excessive force
during demonstrations in 2017.
Reuters
October 9,
2019
The
European Union warned on Wednesday of the risk of increased cyber attacks by
state-backed entities but refrained from singling out China and its telecoms
equipment market leader Huawei Technologies as threats. The comments came in a
report prepared by EU member states on cybersecurity risks to next-generation
5G mobile networks seen as crucial to the bloc's competitiveness in an
increasingly networked world. The authors chose to ignore calls by the United
States to ban Huawei's equipment, drawing a welcome from the Shenzen-based
company after it faced U.S. accusations that its gear could be used by China
for spying. "Among the various potential actors, non-EU states or
state-backed are considered as the most serious ones and the most likely to
target 5G networks," the European Commission and Finland, which currently
holds the rotating EU presidency, said in a joint statement.
AP
October 9,
2019
Cybercriminals
are using new technology and exploiting existing online vulnerabilities as they
shift their focus to larger and more profitable targets, the European Union’s
police agency said in a report published Wednesday. Europol said in its annual
Internet Organized Crime Threat Assessment report that since digital data is a
key target "data security and consumer awareness are paramount for
organizations." "While we must look ahead to anticipate what
challenges new technologies, legislation, and criminal innovation may bring, we
must not forget to look behind us," Europol Executive Director Catherine
De Bolle said. "'New' threats continue to emerge from vulnerabilities in
established processes and technologies." The report, which is intended to
give police and policy makers an overview of cybercrime trends, also referred
to what the authors called "data overload" in efforts to counter
online images of child sexual abuse.
CyberScoop
October 8,
2019
An
Iran-linked hacking group that targeted a U.S. presidential campaign in recent
months also has a history of trying to compromise cybersecurity analysts who
have exposed the hackers’ operations, the analysts told CyberScoop. The hackers
have previously sent researchers at Israeli company ClearSky Cyber Security
malware-laced emails purporting to be from an antivirus company, according to
Ohad Zaidenberg, the company’s senior cyber intelligence researcher. The
hacking group, which analysts say works in support of Iranian interests, also
set up a phishing website mimicking that of ClearSky and a web-mail page “built
to attack our clients,” Zaidenberg told CyberScoop. ClearSky flagged some of
the activity last year, saying the hackers had failed to breach the company or
its clients. But the attackers appear to be very persistent. “They tried to
attack me personally and ClearSky as well many times,” Zaidenberg said. “They
don’t like us.” The episode highlights the lengths to which the group might go
to try to infiltrate the cybersecurity specialists who track them. And it is
just the latest activity in what has been a busy few months for the Iranian
computer operatives, known to researchers as Charming Kitten, APT35, or
Phosphorus.
ZDNet
October 8,
2019
France's
cyber-security agency has published an alert about cyber-espionage campaigns
targeting the infrastructure of service providers and engineering firms.
"Attackers are compromising these enterprise networks in order to access
data and eventually the networks of their clients," the National Cybersecurity
Agency of France, known locally as ANSSI (Agence Nationale de la Sécurité des
Systèmes d'Information), said in a technical report published on Monday. Samuel
Hassine, the head of ANSSI's Cyber Threat Intelligence division, said the
agency compiled the report with information from recent ANSSI investigations
following incident response activities.
AFP
October 6,
2019
The United
States and Baltic states on Sunday agreed to beef up cooperation to protect the
Baltic energy grid from cyber attacks as they disconnect from the Russian
electricity grid. US Energy Secretary Rick Perry and his Lithuanian, Latvian
and Estonian counterparts termed the agreement "a critical moment for the
Baltic States in strengthening cybersecurity" in strategic energy
infrastructure. "We see a crucial role that US could play in assisting the
Baltic States with strategic and technical support," the four officials
said in a joint declaration signed in the Lithuanian capital Vilnius. Lithuania
said it was looking for US technology firms able to modernise software used to
control energy systems to prevent attacks by Russian hackers that could disrupt
energy supplies. "Lithuanian energy sector remains a Russian cyber target,
the network system is constantly being scanned for gaps, therefore we seek US
security technologies in our energy production and distribution systems," Edvinas
Kerza, Lithuania's top cyber security official who attended the talks with
Perry, told AFP.
Reuters
October 5,
2019
Nearly a
million New Zealanders face the risk that their medical data has been accessed
illegally after a cyber attack on the website of Tū Ora Compass Health, the
company said on Saturday. The website was hacked in August, but investigations
also uncovered previous attacks dating from 2016 to March 2019, the health
firm, which collects and analyses patient information from medical centers,
said in a statement. "While this was illegal and the work of cyber
criminals, it was our responsibility to keep people's data safe and we've
failed to do that," Martin Hefford, Chief Executive Officer of Tū Ora,
said in the statement. Both Tū Ora and New Zealand's Ministry of Health said
they have not been able to determine whether the cyber attacks resulted in any
information being accessed. Tū Ora said it holds health data on people from the
greater Wellington, Wairarapa and Manawatu regions dating back to 2002.
TECHNOLOGY
Wired
October 10,
2019
More than a
year has passed since Bloomberg Businessweek grabbed the lapels of the
cybersecurity world with a bombshell claim: that Supermicro motherboards in servers
used by major tech firms, including Apple and Amazon, had been stealthily
implanted with a chip the size of a rice grain that allowed Chinese hackers to
spy deep into those networks. Apple, Amazon, and Supermicro all vehemently
denied the report. The NSA dismissed it as a false alarm. The Defcon hacker
conference awarded it two Pwnie Awards, for "most overhyped bug" and
"most epic fail." And no follow-up reporting has yet affirmed its
central premise. But even as the facts of that story remain unconfirmed, the
security community has warned that the possibility of the supply chain attacks
it describes is all too real. The NSA, after all, has been doing something like
it for years, according to the leaks of whistle-blower Edward Snowden. Now
researchers have gone further, showing just how easily and cheaply a tiny,
tough-to-detect spy chip could be planted in a company's hardware supply chain.
And one of them has demonstrated that it doesn't even require a state-sponsored
spy agency to pull it off—just a motivated hardware hacker with the right
access and as little as $200 worth of equipment.
ZDNet
October 9,
2019
The Tor
Project has removed from its network this week more than 800 servers that were
running outdated and end-of-life (EOL) versions of the Tor software. The
removed servers represent roughly 13.5% of the 6,000+ servers that currently
comprise the Tor network and help anonymize traffic for users across the world.
Roughly 750 of the removed servers represent Tor middle relays, and 62 are exit
relays -- where users exit the Tor network onto the world wide web after having
their true location hidden through the Tor network. The organization said it
plans to release a Tor software update in November that will natively reject
connections with EOL Tor server versions by default, without any intervention
from the Tor Project staff. "Until then, we will reject around 800
obsolete relays using their fingerprints," the Tor Project said in a
statement this week.
Wired
October 9,
2019
The
security community generally agrees on the importance of encrypting private
data: Add a passcode to your smartphone. Use a secure messaging app like
Signal. Adopt HTTPS web encryption. But a new movement to encrypt a fundamental
internet mechanism, promoted by browser heavyweights like Google Chrome and
Mozilla's Firefox, has sparked a heated controversy. The changes center around
the Domain Name System, a decentralized directory that acts essentially as the
internet's address book. When you send data to or request it from a server, a
DNS lookup ensures that it goes to and comes from the right place. Google and
Mozilla plan to encrypt those interactions sometime this year. Which sounds
straightforward enough—but not everyone is convinced that the shift solves more
problems than it potentially creates.
via Nick
Leiserson
