Latest News

23 mins ago
Blake Sobczak / E&E News

DARPA Issued Onslaught of Simulated Cyber and Physical Attacks on Test Power Grid to Assess ‘Black Start’ Scenarios

The Defense Advanced Research Projects Agency (DARPA) orchestrated a weeklong “Liberty Eclipse” exercise alongside the Department of Energy, National Guard and Department of Homeland Security, on Plum Island, New York, to run a cybersecurity exercise on live, 13.2-kilovolt wires to test how the bulk power grid can be brought up again after a crippling cyberattack, a so-called “black start” scenario. The researchers running the test simulated a steady onslaught of cyber and physical attacks, even introducing a data “wiper” modeled off real-world cases of ransomware. The event was a rehearsal for nascent technologies in a three-year-old, $77 million DARPA research effort dubbed RADICS, short for “Rapid Attack Detection, Isolation and Characterization Systems,” aimed at ensuring U.S. utilities can bounce back from a blackout brought on by a cyberattack.

2 hours ago
Catalin Cimpanu / ZDNet

Magecart Card Skimming Malware Removed From Infowars’ Online Store, 1,600 Customers Possibly Affected

Magecart card skimming malware was removed from the conspiracy theory website Infowars’ online store after it was spotted there by Dutch security researcher Willem de Groot and subsequently reported to the site by ZDNet. Infowars owner Alex Jones told ZDNet that “only 1,600 customers may have been affected,” but the number may be even smaller as some of these customers placed re-orders. De Groot discovered the malware using a scanner he built to detect vulnerabilities and malware on in online stores built on top of the Magento e-commerce platform. The Infowars infection lasted less than a day.

2 hours ago
Olivia Beavers / The Hill

DHS’ Main Cybersecurity Unit to Become the Cybersecurity and Infrastructure Security Agency, Krebs to Become New Agency Director

The U.S. House of Representatives unanimously passed a bill to establish a new cybersecurity agency, known as the Cybersecurity and Infrastructure Security Agency (CISA), that is the same stature as other units within DHS, such as Secret Service or FEMA rebranding DHS’ main cybersecurity unit, known as National Protection and Programs Directorate (NPPD). The legislation already passed the Senate and now heads to Donald Trump’s desk for his signature.  NPPD’s top cyber official, Christopher Krebs, becomes the new cyber agency’s director.

2 hours ago
Danny Lee, Alvin Lum / South China Morning Post

Cathay Pacific Facing ‘Most Serious’ Crisis in Its History Over Data Breach, 27 Regulators Investigating Across 15 Jurisdictions, Hong Kong Lawmakers Call Airline ‘Pathetic’

Cathay Pacific Airways said it is facing one of the ‘most serious’ crises in its history, according to Chairman John Slosar as the airline revealed it was being questioned by 27 regulators from 15 jurisdictions over a data breach that has affected 9.4 million passengers. The admission of the depths of the hacking problem came after the airline’s executives underwent a grilling in the Hong Kong legislature. The executives told the lawmakers that 245,000 Hong Kong identity card holders and 55,000 passport holders in the city had been affected. Lawmakers called Cathay “pathetic” and accused the airline of covering up the breach because it waited seven months between March when the breach occurred and October 24 when the breach was announced, during which interval the airline admitted it was battling the breach. Cathay may also be subject to punishing fines by the EU under the GDPR regulations adopted in May, which could require the company to pay up to 4% of its revenues in fines for the delay in reporting the breach.

3 hours ago
Frederic Lardinois / TechCrunch

Google Expands Project Fi’s VPN Service to Cellular Connections Over ‘Enhanced Network’

Google’s Project Fi wireless service now an optional always-on VPN service and a smarter way to switch between Wi-Fi and cellular connections over its “enhanced network.” Fi already offers VPN service to users connected over Wi-Fi but now it is extending that option to cellular connections, with traffic encrypted over every connection. The VPN also shields users’ traffic from Google itself and isn’t tied to Google accounts or phone numbers. The enhanced network also allows for faster connections.

4 hours ago
Catalin Cimpanu / ZDNet

Patch Tuesday: Microsoft Issues 63 Patches, Including Two for Zero-Day Flaws, Adobe Releases Fixes For Top Products

Microsoft and Adobe have issued security updates for November, with Microsoft issuing 62 patches, including two for zero-day flaws. The first Microsoft zero-day fix is for a vulnerability tracked as CVE-2018-8589, a Win32k elevation of privilege bug that is already being targeted in the wild. Microsoft credited Kaspersky Lab for finding that flaw, which is being exploited by multiple APT groups. The other zero-day affects the Windows Data Sharing Service (dssvc.dll), which was discovered by a researcher who uses the pseudonym Sandboxer, who disclosed the flaw on Twitter. Adobe issued patches for its Flash Player, Acrobat and Reader and Photoshop CC.

15 hours ago
Mix / The Next Web

Target, Google’s G-Suite Twitter Accounts Hacked to Promote Bitcoin Giveaway Scams, Twitter Says It’s Implementing Measures to Stop These Hacks

Retailer Target’s Twitter account was hacked to promote Bitcoin giveaway scams, the latest in a series of such hacks that have ensnared high-profile figures and accounts. Twitter confirmed that the account was hacked for about a half hour before the phony scam was removed. Shortly after the Target account was hacked, Google’s official G Suite Twitter account was also hacked to promote Bitcoin giveaway scams. The G-Suite account hack lasted at least eleven minutes. Twitter says it has implemented measures to counteract the spread of Bitcoin scams on its platform. However, Twitter made a similar statement after banning accounts that used the name “Elon Musk” in Bitcoin give-away and months later the Elon Musk scams continue.

16 hours ago
Eytan Halon / Jerusalem Post

XM Cyber, Israeli APT Remediation Start-Up Founded by Former Mossad Head, Raises $22 Million in Series A Venture Funding Round

Israeli APT threat simulation and remediation start-up XM Cyber has raised $22 million in a Series A funding round with Macquarie Capital, Our Innovation Fund, LP, UST Global, Nasdaq Ventures and others participated in the funding. XM Cyber was founded by former Mossad director Tamir Pardo and other leading figures from the Israeli intelligence community. XM Cyber’s HaXM Advanced Persistent Threat (APT) simulation and remediation platform aims to continuously expose attack vectors, which are unprotected by existing measures.

16 hours ago
Robert Hackett / Fortune

Cloud Security Provider Netskope Raises $169 Million in New Venture Funding Round, Valuation Tops $1 Billion

Security Firm Netskope has raised $169 million in a Series F round of venture capital funding, pushing it into the “unicorn” class of start-ups that have private valuations of $1 billion or more. Lightspeed Venture Partners, an existing investor that controls two Netskope board seats with existing, investors re-upped their investments in the latest round of funding, including Accel, Geodesic Capital, Iconiq Capital, Sapphire Ventures, and Social Capital. Base Partners, a new investor, joined the round as well.

20 hours ago
Catalin Cimpanu / ZDNet

Hackers Are Exploiting Critical Flaw in Popular WordPress GDPR Compliance Plug-In

Hackers are exploiting a now-patched zero-day vulnerability in a popular WordPress plugin, WP GDPR Compliance, to install backdoors and take over sites. The plug-in helps site owners become GDRP-compliant and has over 100,000 active installs. Despite the patches, the attacks continue because the attackers are targeting a WP GDPR Compliance bug that allows them to make a call to one of the plugin’s internal functions and change settings for both the plugin, but also for the entire WordPress CMS. The attackers don’t appear to be doing anything malicious with the hacked sites and appear to be simply stockpiling them.

22 hours ago
Zack Whittaker / TechCrunch

Now-Patched Facebook Cross-Site Request Forgery Flaw Could Have Exposed Private Information of Users and Their Friends

A Facebook vulnerability, now patched, could have exposed private information about users and their friends, Ron Masas, a security researcher at Imperva, found.  The flaw stemmed from the fact that Facebook search results weren’t properly protected from cross-site request forgery (CSRF) attacks, allowing websites to siphon off certain data from any user’s logged-in Facebook profile in another tab. Imperva privately disclosed the bug in May. Facebook fixed the bug days later by adding CSRF protections and paid out $8,000 in two separate bug bounties.

23 hours ago
Nicholas Confessore, Michael LaForgia and Gabriel J.X. Dance / New York Times

Wyden Releases Letter Showing That Facebook Wasn’t Monitoring How Its Partners Handled User Data Despite 2011 Consent Decree

Senator Ron Wyden (D-OR) released a letter showing that Facebook failed to closely monitor device makers after granting them access to the personal data of hundreds of millions of people. Facebook’s loose oversight of the partnerships was detected by the company’s government-approved privacy monitor in 2013, details of which were in the letter. In 2013, Facebook entered into data sharing agreements with seven device makers to provide what it called the “Facebook experience,” custom-built software that gave the device makers access to Facebook on their phones.  Those partnerships fell under a 2011 consent decree with the Federal Trade Commission designed to monitor the company’s privacy practices. When a team from PricewaterhouseCoopers conducted the initial F.T.C.-mandated assessment in 2013, it tested Facebook’s partnerships with Microsoft and Research in Motion, maker of the BlackBerry handset, they found only “limited evidence” that Facebook had monitored or checked its partners’ compliance with its data use policies.

1 day ago
Shaun Nichols / The Register

Valve Pays Researcher $20,000 for Finding Bug in Steam That Allowed Unlimited Games for Free

Researcher Artem Moskowsky found a bug in Valve’s Steam marketplace that could have been exploited by thieves to steal game license keys and play pirated titles. Moskowsky discovered that he could change the parameters in an API request and get activation keys, also known as CD keys, for any game. Valve gave Moskowsky a $15,000 bug bounty as well as a $5,000 bonus for the find in August, though Valve only allowed the report to go public on October 31.

1 day ago
Catalin Cimpanu / ZDNet

Magecart Online Payment Card Data Theft Malware Now Used By Seven Groups Who Have Hacked More Than 110,000 Different Shops, Report

The name of online payment card data theft malware, “Magecart,” has evolved  to become an umbrella term used to describe the activities of at least seven hacking groups, all who appear to have taken inspiration from an initial Magecart campaign that was first detected in 2016, according to a deep dive technical analysis of Magecart conducted by RisqIQ and Flashpoint. These groups have deployed similar malware in similarly-orchestrated attacks to the initial campaign, in an effort to replicate the success of the first Magecart group. The attacks all follow a similar pattern, from the hackers gaining access to an online store’s back-end to putting the data up for sale on carding forums.  RisqIQ says it’s tracking at least seven Magecart groups, responsible for hacks on more than 110,000 different shops. RiskIQ says it is also working with AbuseCH and the Shadowserver Foundation to take down the server infrastructure of most of these groups.

1 day ago
Drew FitzGerald and Robert McMillan / Wall Street Journal

Google Traffic Was Misdirected to China and Russia in Suspicious Incident That Google Called a ‘Glitch’

A border gateway protocol (BGP) hijacking incident rerouted Google’s primarily business-grade data through Russia and China and disrupted the Internet giant’s services on Monday, including search, cloud-hosting services and its bundle of collaboration tools for businesses. The incident lasted for about an hour and a half and ended at 5:30 pm EST yesterday.  Google said the incident was a technical glitch relating to BGP peering agreements and said it had no reason to believe it was a malicious hacking attempt. Security firm Thousand Eyes said some of Google’s search and cloud hosting services were rerouted data through Russia and China, effectively landing at state-run China Telecom. Thousand Eyes said the incident could have possibly been a glitch given that the origin of this leak was the BGP peering relationship between MainOne, a Nigerian provider, and China Telecom. MainOne has a peering relationship with Google via IXPN in Lagos and has direct routes to Google, which leaked into China Telecom. However, a recent study by U.S. Naval War College and Tel Aviv University scholars found that China systematically hijacks and diverts U.S. internet traffic using China Telecom.

2 days ago
Hagar Ravet / CTech

Spyware Vendor NSO Group in Talks to Buy Predictive Policing Cybersecurity Firm Fifth Dimension Holdings, Sources

Israeli spyware company NSO Group is in early-stage talks to acquire predictive policing and threat assessment cybersecurity company Fifth Dimension Holdings Ltd, according to people familiar with the matter.  Fifth Dimension is chaired by Benny Gantz, former chief of staff for the Israeli military and former deputy head of the Mossad Ram Ben-Barak is on the company’s advisory board. Private equity firm Francisco Partners Management holds a majority stake in NSO Group, which has earned a controversial reputation for selling its best-known spyware called Pegasus to repressive regimes, including the Saudi government. A recent analysis found that the Pegasus malware had inadvertently spread to 45 countries. Fifth Dimension develops artificial intelligence systems to spot unusual or suspicious criminal behavior for military, government and civil data analytics and like NSO Group sells primarily to governments and government agencies.

2 days ago
Zheping Huang / South China Morning Post

Chinese High School Headmaster Fired for Running Eight Ethereum Mining Rigs in the School for a Year

Lea Hua, the headmaster of a Chinese high school, was fired after stealing electricity to mine for cryptocurrency. Lea reportedly deployed eight Ethereum mining machines in the school for about a year, racking up an electricity bill of 14,700 yuan (US$2,120).  Lei’s deputy headmaster also began mining Ethereum using the school’s power supply after buying one machine with Lei’s help.

2 days ago
Lorenzo Franceschi-Bicchierai / Motherboard

Hacking Team Hacker Phineas Fisher Skates Away with No Legal Reckonings After Italian Prosecutors Give Up

A vigilante hacker who goes by the name Phineas Fisher, who hacked infamous spyware company Hacking Team in 2015 and released a 400-gigabyte torrent file that contained mounds of sensitive internal files and before that breached Hacking Team’s main competitor FinFisher in 2014, appears to be free of any legal repercussions owing to the misdeeds given that Italian prosecutors working on the case appear to have given up after a judge said the investigation should be shut down due to an absence of leads. Sealed court documents obtained by Motherboard show that Phineas Fisher gained entry to Hacking Team’s system via an out of date firewall and virtual private network system. His real success though was gaining access to the internal dev network thanks to a “bridge” system installed between the dev network and the sales or commercial network. Phisher hid behind proxies and used Bitcoin to rent out the infrastructure used to launch the attacks.

2 days ago
Michel Rose / Reuters

Macron Unveils ‘Call for Trust and Security in Cyberspace’ in Declaration, U.S., China, Russia Missing as Signatories but Cybersecurity Firms Are Onboard

French President Emmanuel Macron aims to revive efforts to regulate cyberspace after the last round of United Nations negotiations failed in 2017 with the launch of a declaration unveiled at the UNESCO Internet Governance Forum (IGF) entitled the ‘Paris Call for Trust and Security in Cyberspace.’ The signatories to the document include many European countries but not China or Russia, and the Trump Administration is hinting that it might not sign it either. The declaration asks supporters to work together to prevent malicious online activity, protect the accessibility and integrity of the Internet, cooperate to prevent interference in electoral processes and other efforts to secure the Internet. Among the private sector companies signing the declaration are most cybersecurity companies including Bitdefender, CA Technologies, Carbon Black, Cloudflare, ESET, FireEye and many others.

2 days ago
Lawrence Abrams / Bleeping Computer

New Cryptomining Malware Variant for Linux Causes Performance Issues but Leaves Admins Unable to Detect It

A new cryptocurrency miner variant has been discovered for Linux that attempts to hide its presence by utilizing a rootkit, causing performance issues due to the high CPU utilization but leaving administrators unable to detect what process is causing it, researchers at Trend Micro report. TrendMicro believes an unofficial or compromised plugin such as a media-streaming software is responsible for installing the miner.

Podcasts

1 hour ago
ISC StormCast

Microsoft Patch Tuesday; Adobe Patches

Johannes Ullrich talks about Microsoft Patch Tuesday, Adobe Security Bulletins.


1 hour ago
SECURITY NOW 689

SELF-DECRYPTING DRIVES

Steve Gibson and Leo Laporte talk about the week’s top news including last month’s Patch Tuesday, this month, a GDPR-inspired lawsuit filed by Privacy International, another irresponsibly disclosed zero-day, this time in Virtual Box, a deep dive into last week’s worrisome revelation about the lack of true security being offered by today’s self-encrypting SSD drives and more.


1 hour ago
BBC World Service / Click

Using AI to Monitor Crowd Emotions

Could AI be used to predict if a crowd was to turn violent? Also a Vision of Women in VR – improving diversity and the Google Street View traveler.


1 hour ago
Hack Naked News #196

Botnet, Phineas Fisher, and SSD

Vulnerabilities in SSD Encryption, Bypassing Windows UAC, Botnet Pwns over 100,00 routers w/ ancient security flaw, Google hit with IP Hijack, and 1 thing you can do to make your internet safer and faster! Jason Wood from Paladin Security joins us for expert commentary to discuss how Phineas Fisher got away with hacking Hacking Team.


Spotlight











Cybersecurity Events

Nov. 3-15SANS Gulf RegionDubaiUAE
Nov. 5-10SANS DallasDallas, TXUSA
Nov. 7-8SecureWorld SeattleSeattle, WAUSA
Nov. 12-14Submerge 2018Orlando, FLUSA
Nov. 15Secure CISO BostonBoston, MAUSA
Nov. 16-17KiwiconWellingtonNew Zealand
Nov. 16-18BlackHoodie 2018BerlinGermany
Nov. 20OWASP Norway DayOsloNorway
Nov. 28CyberwarconArlington, VAUSA
Nov. 28-29UKSec SummitLondonUK
Nov. 28-29SANS European Security Awareness SummitLondonUK
Nov. 29-30BSides LisbonLisbonPortugal
Dec. 1BSides Cape TownCape TownSouth Africa
Dec. 2-6Asiacrypt2018BrisbaneAustralia
Dec. 3-6BlackHat EuropeLondonUK


Support Us!

Subscribe to Our Newsletter

Subscribe to our newsletter and get our daily and highly enjoyable summary of cybersecurity developments you must know if you want to stay ahead.

We don't spam and we value your privacy. We don't sell or share our subscriber lists ever. For more information, please read our privacy policy at Metacurity's Privacy Policy page.

DON'T FORGET TO CONFIRM YOUR SUBSCRIPTION AFTER SIGNING UP. PLEASE CHECK YOUR SPAM FILTER FOR OUR CONFIRMATION EMAIL.


Listen to Us on Alexa!

Join hundreds of your peers who listen to our concise summaries on Amazon Alexa every day. Search for cybersecurity news or go here.