Latest News

7 months ago
David E. Sanger / New York Times

Russia’s Curious Failure to Launch Any Known Major Hacking Initiatives During the Midterm Elections Reassures Some Experts, Sparks Fears of Last-Minute Surprises in Others

Russia’s failure to launch any major hacking initiatives so far during the 2018 midterm election season is both reassuring and unnerving to both intelligence community officials and cybersecurity professionals. While some experts believe the complexities of picking winners among 470 House and Senate races have deterred Russian intelligence from digital misdeeds, other experts fear a last-minute effort by Russia to convince voters that their ballots might not be counted, or counted correctly. At the same time, Iranian operatives have become much more active on the disinformation front while China, with some justification, has been held up as a cybersecurity boogeyman, although few experts believe China is interested in election meddling as Trump and his officials suggest. As it turns out, vulnerable voting machines may be the biggest cybersecurity threat, with many machines outdated and riddled with flaws.

7 months ago
The Times of Israel

Iran Claims It Has Come Under Attack by a ‘More Violent, More Advanced and More Sophisticated’ Version of Stuxnet

Iran is claiming that its infrastructure and strategic networks have come under attack by a computer virus similar to Stuxnet but “more violent, more advanced and more sophisticated,” according to both wire service and Israeli TV reports. Gholamreza Jalali, the head of Iran’s civil defense agency, said Tehran had neutralized a new version of Stuxnet. Stuxnet, developed by the U.S. and Israel, is widely considered to be the first cyber “weapon,” which physically damaged Iran’s nuclear processing capabilities eight years ago.

7 months ago

Shipbuilder Austal’s Australian Business Hit With Data Breach and Extortion Attempt, No National Security Information Affected

Defense shipbuilder Austal’s Australian business has been hit with a data breach and extortion attempt. Some staff email addresses and mobile phone numbers were accessed in the breach and the attacker tried to sell certain materials on the Internet and extort the company, although Austal says no national security information was affected. The Australian Department of Defence says no compromise of classified or sensitive information or technology has been identified so far.

7 months ago
Zack Whittaker / TechCrunch

‘Bleedingbit’ Vulnerabilities in Texas Instruments’ Bluetooth Low Energy Chips Can Allow Enterprise Access Compromise, Armis

Two severe vulnerabilities in Bluetooth Low Energy chips built by Texas Instruments, which are used by networking device makers such as Aruba, Cisco and Meraki in their line-up of enterprise wireless access points, could allow an attacker to compromise enterprise access points, security company Armis reports. Armis calls the vulnerabilities “Bleedingbit,” because the first bug involves flipping the highest bit in a Bluetooth packet that will cause its memory to overflow or “bleed” which an attacker can then use to run malicious code on an affected Cisco or Meraki hardware. The other flaw allows an attacker to install a malicious firmware version on one of Aruba’s devices, because the software doesn’t properly check to see if it’s a trusted update or not. Would-be attackers would have to be in Bluetooth range to pull off their compromises. Texas Instruments confirmed the bugs and issued patches as did the three affected device makers.

7 months ago
BBC News

Eurostar Reset All Customers’ Passwords Following Attempts to Breach Accounts

Rail service Eurostar has reset its customers’ passwords after discovering attempts to break into passengers’ accounts. No credit card or payment details were accessed in the attempts. The attacks took place between 15 and 19 October and involved a “small number” of internet protocol (IP) addresses, according to Eurostar. Eurostar informed the UK’s Information Commissioner’s Office of the attacks as required under the General Data Protection Regulation (GDPR), which went into effect in May.

7 months ago
Ionut Ilascu / Bleeping Computer

Two Sextortion Scam Campaigns That May Rely on the Necurs Botnet Netted $146,000, Researchers

Two recent sextortion scam campaigns seem to rely on the Necurs botnet infrastructure to distribute the messages, with the scammers picking their targets from leaked databases with email addresses and cracked passwords, researchers at Cisco Talos report. One campaign started on August 30 and the other started on October 5 and have been dubbed the ‘Aaron Smith’ sextortion scams after the ‘From: header’ of the messages. The scammers pretend to be in possession of videos showing the potential victim watching explicit videos and demand payment in Bitcoin of random various amounts, worth $1,000 to $7,000, to not release the videos. The scammers sent out at least 233,236 sextortion emails from 137,606 unique IP addresses. The number of distinct email addresses was 15,826, with each recipient receiving on average 15 sextortion messages, with one user receiving 354 messages. Victims that fell for the scam paid a total of 23.3653711 bitcoins, the equivalent of $146,380.30.

7 months ago
Catalin Cimpanu / ZDNet

Cisco Reports Zero-Day Vulnerability in Security Appliances Exploited in the Wild That Can Crash and Reload Devices, No Patch Available yet but Mitigations Are Available

Cisco has discovered the existence of a zero-day vulnerability affecting products that run Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software which is being exploited in the wild. No patch for the flaw is available yet. The vulnerability, tracked as CVE-2018-15454, resides in the Session Initiation Protocol (SIP) inspection engine of ASA and FTD software. Cisco said the bug “could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition.” Until fixes are available, Cisco recommends device owners disable SIP inspection or, if they have managed to identify an attacker’s IP address, they can block traffic from that IP using the ASA and FTD traffic filtering systems at their disposal. Another option is to filter for the IP address for the “Sent-by Address” field because malicious traffic that has been observed in attacks until now has also used the IP address for the “Sent-by Address” field.

7 months ago
Paresh Dave / Reuters

China Is Exporting Its ‘Digital Authoritarianism’ to Countries Around the Globe Government-Backed Watchdog Group Says

China’s export of “digital authoritarianism” has become a major threat to sustaining democratic governance in some countries. according to U.S. government-backed watchdog group Freedom House. In a report, Freedom House said governments had begun following China’s lead in justifying increased censorship and diminished digital privacy protections, with China hosting seminars on cyberspace management since early 2017 with representatives from 36 out of 65 countries tracked by the organization. New cybersecurity measures in Vietnam, Uganda, and Tanzania followed discussions with Chinese officials, according to the report. Chinese technology companies have provided or are set to provide internet equipment to at least 38 of the tracked countries and artificial intelligence systems for law enforcement in 18 countries.

7 months ago
Paul Kunert / The Register

Radisson Hotel Group Tells Loyalty Group Members Their Personal Details Were Exposed in a Data Breach

The Radisson Hotel Group told members of its loyalty group that their personal details were exposed in a data breach which it discovered on October 1, although the breach occurred on September 11. The email to its members, which Radisson sent on October 30, said that only a small percentage of members were affected and that the incident did not compromise any credit card or password information but that member name, address (including country of residence), email address, and in some cases, company name, phone number, Radisson Rewards member number and any frequent flier numbers on file were exposed in the breach. It’s unclear if Radisson’s breach rose to the level of informing government authorities, as organizations facing breaches must do within 72 hours under the European General Data Protection Regulation adopted on May 25.

7 months ago
Ellen Nakashima and Paul Sonne / Washington Post

National Security Adviser John Bolton Said U.S. Has Launched Offensive Cyber Operations to Protect Midterm Elections

Speaking at an event sponsored by the Alexander Hamilton Society, White House national security adviser John Bolton said the U.S. is undertaking offensive cyber operations to protect next week’s midterm elections but that it is too soon to tell whether they are effective. Last week, U.S. Cyber Command said they were sending messages to Russian operatives, or signaling, that U.S. intelligence is aware of their efforts to undercut the elections in what some experts say is a relatively ineffective effort to stave off any midterm-related cyber incidents. Bolton’s operation is an early use of the new National Security Presidential Memorandum 13 that Bolton said minimizes the “procedural restrictions on undertaking offensive cyber operations.”


7 months ago
ISC StormCast

Encrypted Word Maldocs; iOS/macOS ICMP Error RCE; iOS lock bypass

Johannes Ullrich talks about Encrypted Word Maldocs, iOS / MacOS ICMP Error Remote Code Execution, iOS Lock Screen Bypass.

7 months ago
Application Security Weekly #37

Airline Hacks, MicroTik Bug, & WordPress

Millions of passengers affected by Cathay Pacific Airline Hack, China has been hijacking the internet backbone of Western countries, how proficient are developers at fixing Application Security flaws, WordPress team working to wipe-out older versions from existence on the Internet, MicroTik Router Bug is as bad as it gets, and more.

7 months ago
Intelligencer / 2038

In 20 Years, the Internet Will Have Swallowed You, So Nothing You Do Will Be Private

In the latest episode of 2038, Intelligencer’s podcast about the future, Paul Ford, the author of What Is Code?, talks with Max Read and David Wallace-Wells about the true meaning of the “internet of things” — when everything is a computer, and everything is connected, everything is also being surveilled, constantly. Including you.

7 months ago
The Shared Security Podcast

Fortnite Scams, Google Search Privacy, Bloomberg SuperMicro Controversy – #81

In this episode, Tom and Scott cover the recent rise in Fortnite scams, new privacy controls in Google search and the controversy over the Bloomberg article and SuperMicro.


Cybersecurity Events

May 24-29SecurityFestGothenburgSweden
May 25-26BSides StuttgartStuttgartGermany
May 26-28Global AppSec Tel AvivTel AvivIsrael
May 27You Shot the SherriffSão PauloBrazil
May 31-June 2CackalackyConChapel Hill, NCUSA
May 31-June 2Circle City ConIndianapolis, INUSA
June 3-4ConfidenceKrakowPoland
June 8-9EkopartyLos Angeles, CAUSA
June 10-14TyphoonConSeoulSouth Korea
June 14SthackBordeauxFrance
June 15-15SummerconBrooklyn, NYUSA
June 17-18OffzoneMoscowRussia
June 17-19Hi Tech & Digital Investigations ConferenceAustin, TXUSA
June 19-20Research Innovation to Implementation in Forensic Science Symposium (RI2I)Gaithersburg, MDUSA

Listen to Metacurity on Alexa

Metacurity now has over 500 monthly listeners, and thousands of plays for our ongoing summaries on Amazon Alexa.

Sign up on Alexa today and just ask “Alexa, what’s the latest in cybersecurity news!

Support Us!

Subscribe to Our Newsletter

Subscribe to our newsletter and get our daily and highly enjoyable summary of cybersecurity developments you must know if you want to stay ahead.

We don't spam and we value your privacy. We don't sell or share our subscriber lists ever. For more information, please read our privacy policy at Metacurity's Privacy Policy page.