Latest News

20 hours ago
Valerie Insinna / C4ISRNET

U.S. Air Force Finally Got Rid of Its 1970s Floppy Disk System Used for Nuclear Weapon Communications and Monitoring

In a move that appears significantly overdue, the U.S. Air Force Strategic Automated Command and Control System or SACCS, has dumped the floppy disk-based system used for tracking nuclear weapons, moving to a “highly-secure solid-state digital storage solution” this past June, according to Lt. Col. Jason Rossi, commander of the Air Force’s 595th Strategic Communications Squadron. Created in 1968, SACCS is the communications system the US uses to relay messages and monitor its nuclear capabilities and weapons arsenal. According to a 2016 GAO report, SACCS was slated to replace by year-end 2017 the 1970s IBM Series 1 computer that SACCS used for communications and required the use of floppy disks.

24 hours ago
Kevin Rector / Baltimore Sun

Baltimore Buys Two Cyber Insurance Policies Worth $20 Million in Wake of Devastating Ransomware Attack

The Baltimore City Board of Estimates approved a pair of coverage plans to buy $20 million in cyber liability insurance to cover any additional disruptions to city networks over the next year. The first plan, for $10 million in liability coverage from Chubb Insurance, will cost $500,103 in premiums. The second, for $10 million in excess coverage, will be provided by AXA XL Insurance for $335,000. The new insurance follows May’s devastating ransomware attack on the city that cost the uninsured municipality more than $18 million in expenses and lost productivity.

1 day ago
Sean Lyngaas / Cyberscoop

Microsoft Announces Bug Bounty Program for Its ElectionGuard Software, Payments Up to $15,000 for Eligible Submissions

Microsoft announced it is establishing a bug bounty program for its open-source election software and invites researchers to find “high-impact vulnerabilities in targeted areas” of its ElectionGuard Software Development Kit. The company will pay up to $15,000 for eligible submissions with a clear, concise proof of concept (POC)..   they find and share through Microsoft’s coordinated vulnerability disclosure (CVD) program. ElectionGuard helps third parties validate election results, and ensure voters’ ballots are counted correctly.

1 day ago
Liam Tung / ZDNet

Windows 10 Cumulative Update KB4520062 Released Last Week Might Break Windows Defender Advanced Threat Protection, Organizations Advised Against Installing It

Microsoft began advising organizations running Windows 10 version 1809 PCs and Windows Server 2019 against installing the update KB4520062 released on October 15 because it is a problem for Windows Defender Advanced Threat Protection (ATP) and the security software “might stop running and might fail to send reporting data.” The software giant released the update as the second one following the October Patch Tuesday update. It is a non-security and optional update. Microsoft is investigating the issue and estimates a resolution will be available in mid-November.

2 days ago
Sergiu Gatlan / Bleeping Computer

Cryptocurrency Miner Was Installed on More Than Half of a Major European Airport’s Workstations

An XMRig Monero miner was installed on more than 50% of an airport’s workstations in a major European international airport, researchers at Cyberbit discovered. They associate this malware with the anti-coinminer campaign reported by Zscaler in August 2018. The malware had been in use for months. Aside from affecting the infected systems’ overall performance and leading to increased power consumption, the XMRig Monero miner did not impact the airport’s operations.

2 days ago
Josephine Wolff / Slate

Zappos Reaches Preliminary Settlement Over 2012 Data Breach That Exposed Personal Data on 24 Million Customers, Victims to Receive Paltry 10% Off Coupon

Amazon-owned online shoe retailer Zappos has reached a settlement in a lawsuit related to its 2012 major data breach, which exposed personal information on 24 million of the site’s customers. The agreement, which has received preliminary approval, provides a 10-percent-off code for one Zappos order per affected customer, but the discount has to be used by 11:59 Pacific time on Dec. 31, 2019, or within 60 days of being distributed to affected customers, whichever is later. Critics of the settlement argue that it is less a penalty for damaging Zappos’ customers’ security and privacy and more a means of generating additional revenue for the company. The deal seems particularly inadequate in comparison to the landmark Equifax data breach settlement reached earlier this year. That agreement called for between $575 and $700 million for the credit rating agency’s 2017 breach of personal information belonging to 145 million Americans.

2 days ago
Kate O'Flaherty / Forbes

Amazon Patches Flaws That Could Leave Millions of Older Echo and Kindle Devices Open to KRACK Attacks, Man in the Middle Interceptions

Amazon Echo and some Kindle e-readers are open to several Wi-Fi vulnerabilities that could allow a key reinstallation attack (KRACK), which stems from a WPA2 security vulnerability, researchers at ESET report. The flaw would allow an adversary to perform a man in the middle attack. Amazon has confirmed that it has patched the flaws that would enable these traffic intercepting and modification attacks. The KRACK flaws impact millions of older Amazon devices, and the researchers urge users to patch their devices as soon as possible.

2 days ago
Tom Jowitt / Silicon UK

UK Government Pledges to Spend $47 Million With Chip Designer ARM to Develop Chips That Are More Resistant to Cyber Threats

As part of the apparent next phase of its Digital Security by Design initiative, the UK government has pledged to spend £36 million or around $47 million with chip designer ARM to “develop new chip technologies that are more resistant to cyber threats.” The government also announced another project, backed by £18 million government investment (around $23 million), through the Strategic Priorities Fund (SPF), that will tackle some of the dangers of the online world from privacy abuses and wrongful use of data like disinformation and online fraud.

2 days ago
Jason Abbruzzese / NBC News

Pennsylvania to Conduct Pilot of Risk-Limiting Audit Election Security Technique to Test for Irregularities

The Pennsylvania Department of State, along with election officials in Mercer County and Philadelphia, is preparing a November post-election pilot of a cutting-edge election security measure known as the risk-limiting audit or sometimes known as the “smart audit.” The system uses an advanced statistical analysis along with a dose of randomness to look for irregularities in vote tallies. The pilot will be conducted using the new paper-based voting systems in Mercer County and Philadelphia in partnership with the Pennsylvania Department of State and experts from the U.S. Election Assistance Commission, University of Michigan, VotingWorks, Democracy Fund, Verified Voting, Common Cause Pennsylvania, and the Brennan Center for Justice at NYU School of Law.

2 days ago
Dan Goodin / Ars Technica

Linux Bug Allows Nearby Devices to Use Wi-Fi Signals to Crash Machines

A potentially severe vulnerability in Linux may make it possible for nearby devices to use Wi-Fi signals to crash or fully compromise vulnerable machines, security researcher Nico Waisman said. The flaw is in the RTLWIFI driver, which is used to support Realtek Wi-Fi chips in Linux devices. It triggers a buffer overflow in the Linux kernel when a machine with a Realtek Wi-Fi chip is within radio range of a malicious device. The flaw, tracked as CVE-2019-17666, goes back to version 3.10.1 of the Linux kernel released in 2013 and only affects Linux devices that use a Realtek chip when Wi-Fi is turned on. Android devices with Realtek Wi-Fi chips, however, may also be affected.

2 days ago
Charlie Osborne / ZDNet

Fake, Malicious Version of Tor Browser Steals Cryptocurrency From Dark Web Users

Cyberattackers have been distributing a malicious version of the Tor Browser that features a cryptocurrency stealer, according to researchers at ESET. The fraudulent operators promoted their version of the Tor package on forums and PasteBin as the “official Russian language version of the Tor Browser” during 2017 and 2018. The malicious browser, which functions in the same way as the legit application, is promoted on two typosquatted websites, and, displaying messages that visitors’ Tor browsers are out of date. It then redirects them to another site containing a Windows-based trojanized installer. When users attempt to make purchases in dark web marketplaces using cryptocurrency, the bad Tor browser activates a script that changes the wallet address to send funds to an attacker-controlled wallet instead.

2 days ago
Chris Smith / BGR

Pixel 4’s 3D Face Unlock Allows Users to Unlock Phone Even If Their Eyes Are Closed

The Pixel 4’s 3D face unlock, Google’s response to Apple’s Face ID, forgot to replicate a key Face ID feature called Require Attention that verifies a user’s eyes are open and looking at the phone before performing the unlock. It, therefore, allows a user to unlock a phone even if their eyes are closed. This omission means that anyone can hold a locked phone up to a sleeping person’s face and unlock it. Google acknowledges this flaw but has indicated no plans to fix it in the future.

2 days ago
Kate Cox / Ars Technica

Senator Wyden Introduces ‘Mind Your Own Business Act’ Which Would Penalize Tech Executives for Lying About Privacy Violations

Senator Ron Wyden (D-OR) has introduced a bill, the “Mind Your Own Business Act of 2019,” updating an earlier version of a privacy bill he introduced last November, that would penalize tech and data company executives and hold them responsible when they lie about protecting users’ personal information. The bill would impose minimum privacy and security standards for user data, increase transparency for consumers to access their data and learn what has happened to it, create steep penalties for companies that blow it, and expand the FTC’s authority and resources so that it would be able to enforce those penalties. The bill would also allow companies to charge for higher-privacy versions of services but grant a lifeline subsidy for users who couldn’t afford the stronger protections.

2 days ago
BBC News

Samsung Acknowledges Fingerprint Reader Flaw on Galaxy S10 and Says It Will Issue a Software Patch to Fix It

A flaw that could allow any fingerprint to unlock a Galaxy S10 phone has been acknowledged by Samsung, which said it would issue a software patch to fix it. The flaw became public after press reports revealed that a cheap gel screen protector that, when applied to the phone, allowed anyone to unlock it.

2 days ago
Lawrence Abrams / Bleeping Computer

Google Enables Site Isolation for Android Users and Adds Additional Protections for Desktop Users When Feature Is Enabled

Google announced that with the release of Google Chrome 77, Site Isolation is enabled for Android users, and desktop users now receive additional protections when the feature is enabled. Site Isolation ensures that pages from different sites end up in different sandboxed processes in the browser, which makes it harder for attackers to steal cross-site data. Following the disclosure of the Meltdown and Spectre speculative execution vulnerabilities, Google fast-tracked the feature to enable it for most users in Chrome 67.

3 days ago
Lindsey O'Donnell / Threatpost

Cisco Issues Security Update to Address Critical and High-Severity Flaws In Its Aironet, Catalyst Wireless Enterprise Access Points

Cisco has issued a security update to address critical and high-severity flaws impacting its Aironet access points, which are entry-level wireless access points (APs) used by mid-size enterprises in their offices or small warehouses and issued several other patches that fix flaws in other products. The worst bug is a glitch in the software that powers the Aironet networking APs that could allow unauthenticated, remote attackers to gain unauthorized access to targeted devices, giving them elevated privileges such as the ability to view sensitive data and tamper with the device configuration. That vulnerability (CVE-2019-15260) has a CVSS score of 9.8 out of 10.0. Another high-severity vulnerability (CVE-2019-15264) fixed in the update is in the “Control and Provisioning of Wireless Access Points” protocol implementation of Cisco Aironet and Catalyst 9100 APs, which could allow an unauthenticated, adjacent attacker to cause an affected device to restart unexpectedly, resulting in DoS.

3 days ago
Ionut Ilascu / Bleeping Computer

New Cryptojacking Campaign Uses Docker Images to Deliver ‘Graboid’ Worm That Spreads Via Unsecured Docker Engines

A new cryptojacking campaign uses Docker images to deliver a worm called Graboid that follows a seemingly erratic plan where the miner is active for about four minutes at a time on an infected host, researchers from Palo Alto Networks’ Unit 42 report. The malware spreads to systems with an unsecured Docker engine, with about 2,000 instances of these on the Internet. Based on a script from Graboid’s command and control (C2) server, it seems the attacker has already scanned for these vulnerable hosts.

3 days ago
Kevin Poulsen / Daily Beast

Russia’s Cozy Bear Didn’t Actually Vanish After 2016 Presidential Election But Retooled With New Malware, Communicated Secretly in Plain Sight on Twitter, Dropbox, Reddit

A Russian state cyber-espionage ring known as the Dukes, but better known as “Cozy Bear” and “APT29,” or the “other” hackers who broke into the DNC’s network, is still active despite seemingly vanishing without a trace nearly three years ago, researchers at ESET report. Following the 2016 U. S. presidential election, which raised fears over Russia’s state-sponsored hacking, the group seemed to cease operations, but ESET now says the hackers just retooled, developing new harder-to-spot versions of their custom malware. The ring used coded messages broadcast on Twitter or dropped on Dropbox to communicate with their hacked machines secretly in plain sight, even posting steganographically-coded photos on public image boards. ESET said they also created Reddit accounts for the sole purpose of posting coded messages on subreddits, including the r/funny humor board.

3 days ago
Catalin Cimpanu / ZDNet

Malware Operators Are Using Steganography to Embed DLLs Inside WAV Files to Install XMRig Cryptocurrency Miners

Two reports published in the last few months show that malware operators are experimenting with using WAV audio files to hide malicious code using a technique known as steganography or the art of hiding information in plain sight, in another data medium. Most instances of malware operators using steganography revolved around using image file formats, such as PNG or JEPG. But back in June, a Symantec discovered a Russian cyber-espionage group known as Waterbug (or Turla) using WAV to hide malware. Now BlackBerry Cylance reports it saw something similar to what Symantec saw a few months before. But what Cylance discovered was an ordinary crypto-mining malware operation using the operation hiding DLLs inside WAV files. Malware already present on the victim’s machine would read the WAV file, extract the DLL bit by bit, and then run it, installing a cryptocurrency miner application named XMRrig.

4 days ago
Jason Koebler / Motherboard

Authorities Nabbed Alleged Operator of World’s Largest Child Porn Market, Along With 337 Alleged Pedophiles, Because of Terrible Opsec

In a massive operation, the Justice Department indicted Jong Woo Son, 23, a South Korean national for his operation of Welcome To Video, the largest child sexual exploitation market by volume of content and arrested 337 alleged pedophiles in 38 countries around the world. Authorities also rescued 23 children from abusive situations. The feds were able to find administrators and users of Welcome to Video by tracing Bitcoin payments on the blockchain back to Jong Woo Son who was running the payments through an American exchange and listed his cell phone number and email account with that exchange. Members of the site paid roughly $350 in Bitcoin for a six-month membership to the website that allowed for unlimited downloads.


22 hours ago

Insider Attacks May Soon Cost Less Than Malware-based Equivalent

At what point will infiltrating companies via the “insider threat model” become less costly and difficult than using malware? Threatpost discusses with a SolarWind expert.

23 hours ago
Cyber Warrior Princess #9

A Quantum of Nonsense

Bec attempts to explain quantum computing to Vic.

2 days ago
Cracking Cyber Security

Has Monzo perfected the art of responding to a data breach?

Brian Brackenborough, CISO of a major broadcaster and Nick Nagle, CISO of the Publishing House, Conde Nast International, talk about digital bank Monzo and how they responded to the Ticketmaster and BA breaches and a fake French minister in a silicone mask who stole millions.

2 days ago
ISC StormCast

Bypassing SPF Records; Old Domain Paypal Accounts; Typosquatting 2020 Election; @sans_edu interview

Johannes Ullrich talks about Phishing E-Mail Spoofing SPF Protected Domain, Purchased Domain Arrives with Paypal Accounts Linked to it, Typosquatting Attacks Affect 2020 Presidential Election, STI Student: Christopher Hurless Exploring Osquery, Fleet, and Elastic Stack as an Open-source solution to Endpoint Detection and Response.

2 days ago
Unsolicited Response

Sean McBride and ICS Cybersecurity Education

Sean McBride talks about the state of ICS threat intel today and creating and running an ICS Cybersecurity Associates Degree program at Idaho State University.


Cybersecurity Events

Oct. 12-17SANS Doha October 2019DohaQuatar
Oct. 14-19SANS London October 2019LondonUK
Oct. 14-19Welcome to SANS SEC504 Madrid October 2019 (in Spanish)MadridSpain
Oct. 15-17HITB Cyber WeekAbu DhabiUAE
Oct. 18BSides RDURaleigh-Durham, NCUSA
Oct. 19-24SANS Cairo October 2019CairoEgypt
Oct. 21-24CS3STHLM StockholmSweden
Oct. 22-23BlackHoodieSeattle, WAUSA
Oct. 22-23Wild West Hackin' FestDeadwood, SCUSA
Oct. 22-25BlueHat SeattleSeattle, WAUSA
Oct. 25BSides DCWashington, DCUSA
Oct. 29-30Securing New GroundNew York, NYUSA
Oct. 28-Nov. 2SANS Amsterdam October 2019AmsterdamThe Netherlands
Nov. 1-2HackFestQuebecCanada
Nov. 4-9SANS Paris November 2019ParisFrance

Listen to Metacurity on Alexa

Metacurity now has over 500 monthly listeners, and thousands of plays for our ongoing summaries on Amazon Alexa.

Sign up on Alexa today and just ask “Alexa, what’s the latest in cybersecurity news!

Support Us!

If you enjoy Metacurity, let us know by becoming a patron. For less than the price of a cup of coffee per day, you can ensure that we continue to deliver you the best of information security news from across the web. We need help in support our growing hosting charges and have great plans for delivering even more dynamic and useful information.Become a Patron!