Latest News

17 hours ago
Charlie Savage / New York Times

FISA Wiretap Court Application Publicly Emerges With Release of Carter Page Materials

In the first ever public release of a wiretap application to the highly secretive Foreign Intelligence Surveillance Court (FISA), the FISA application materials for former Trump campaign adviser Carter Page were released by the Administration to the New York Times and other publications under a Freedom of Information Act request. The materials show that despite the arguments of House Republicans that federal law enforcement misled the FISA court in granting the wiretap of Page, suspected of being a Russian agent, Justice Department attorneys made a thorough a repeated application based on extensive evidence, much of which was redacted in the released materials. Specifically, despite claims by Republicans that the Justice Department hid the Democratic party related funding of a key source in the application, Christopher Steele, the application, which was renewed multiple times, contains an extensive passage related to that funding but noted that Steele had long been considered a credible source among FBI professionals.

18 hours ago
Kevin Kwang / Channel News Asia

Well-Resourced, Highly Sophisticated Nation-State Actor Likely Responsible for Massive Singapore Health Database Breach

A “well resourced, well-funded and highly sophisticated” nation-state actor is likely behind the unprecedented cyberattack on SingHealth’s database in Singapore, according to Eric Hoh, Asia Pacific president of cybersecurity firm FireEye. The attacker stole 1.5 million patient records including that of Singapore President Prime Minister Lee Hsien Loong, who was specifically and repeatedly targeted in the attack. Hoh said that unlike typical large-scale breaches, the attackers don’t appear to be seeking to sell the data but rather could have been looking for incriminating evidence to use against the Prime Minister. Moreover, the attacker continued to try to access SingHealth’s data, a typical signature of nation-state actors.

18 hours ago
Heather Kuldell and Aaron Boyd / NextGov

Grant Schneider Named Federal Chief Information Security Officer

Former Defense Intelligence Agency’s chief information officer and former deputy to the first federal CISO Gregory Touhill Grant Schneider has been named the second person to ever hold the title of federal chief information security officer, the Office of Management and Budget announced last week. Schneider has been filling the CISO role in an acting capacity and is the National Security Council’s senior director for cybersecurity, a title he will retain even as he serves as federal CISO.

2 days ago
Courtney Kube, Carol E. Lee, Dan De Luce and Ken Dilanian / NBC News

Iran Readying Cyberattacks Against Critical Infrastructure in U.S., Europe, Middle East Following U.S. Withdrawal from Nuclear Deal, Officials

Iran is making preparations that would support cyberattacks against thousands of electric grids, water plants, and healthcare and technology companies in the U.S., Germany, the U.K. and other countries in Europe and the Middle East following the U.S. withdrawal from the nuclear deal, known as the Joint Comprehensive Plan of Action (JCPOA), U.S. officials speaking at the Aspen Security Summit and elsewhere said. The Iranians have specifically been probing the U.S. electric grid infrastructure, which would mark a significant escalation of Iran’s cyber aggression against the U.S.

2 days ago
Kirsten Grind / Wall Street Journal

Facebook Suspends Analytics Firm Crimson Hexagon For Ties With Kremlin, Turkish Government, U.S. Government

Facebook has suspended social media analytics firm Crimson Hexagon from accessing user data after discovering the company’s contracts with the U.S. government, a Russian not-for-profit with ties to the Kremlin, and the Turkish government, all of which could appear to be surveillance related, which Facebook’s policy bans. The company claims to have 1 trillion public social media posts from Facebook, Instagram, Twitter, Tumblr, and other sources. The company has U.S. government contracts with the State Department, the Federal Emergency Management Agency, the army, and the US Secret Service. The Russian not-for-profit group used the company’s platform to study the Russian public’s perception of Vladimir Putin, while Turkey used it to study public reaction to its 2014 decision to block access to Twitter. Crimson Hexagon said that “under no circumstances is surveillance a permitted use case,” and that in any event it only uses public social media data.

2 days ago
Cynthia Brumfield / Metacurity

Friday Report: The Impact Crater of Russian Hacking Widens to Suck Everyone Into It

Welcome to Metacurity’s Friday Report where we synthesize the week’s events to make senses of the ever-increasing volume of cybersecurity news to give our readers a bigger picture of the trends shaping the infosec landscape.

If last week’s news was dominated by the Friday bombshell that special counsel Robert Mueller had indicted twelve Russian military intelligence officers for their 2016 U.S. presidential election hacking crimes, this week the impact crater of Russia’s cyber malfeasance in the U.S. electoral process practically widened to the point of sucking everyone into it. The week started dubiously enough when Department of Homeland Secretary Kirstjen Nielsen downplayed the threat that Russian hackers would seriously try to meddle in the 2018 mid-term elections. (Read the rest of the report here.)

3 days ago
Mathew J. Schwartz / BankInfoSecurity

Hacker Group ‘Moneytaker’ Steals Nearly $1 Million from Russia’s PIR Bank by Exploiting Outdated Cisco Router

A hacking group called Moneytaker stole nearly a million dollars ($920,000) from Russia’s PIR Bank after they successfully compromised an outdated Cisco 800 Series Router, with iOS 12.4, for which support ended in 2016, at a bank branch office and used it to tunnel into the bank’s local network, according to Moscow-based cybersecurity firm Group-IB. The heist came to light after Russian newspaper Kommersant reported on it. MoneyTaker is one of the country’s three most active cybercrime gangs and this is at least the fourth time this year that MoneyTaker has successfully gained access to a bank’s network by exploiting one of its regional branch’s routers. PIR Bank was reportedly able to recover some funds but the majority of the money stolen is gone.

3 days ago
Catalin Cimpanu / Bleeping Computer

Malware Author ‘Anarchy’ Built a Botnet Composed of 18,000 Routers in Span of Only One Day

By exploiting a vulnerability in Huawei HG532 routers, a malware author has built a huge botnet composed of over 18,000 routers in the span of only one day, security researchers from NewSky Security report, with their findings confirmed by Qihoo 360 Netlab, Rapid7, and Greynoise. Scans for this vulnerability, tracked as CVE-2017-17215, which can be exploited via port 37215, started Wednesday morning, according to data collected by Netlab’s NetScan system. By late Wednesday evening, the botnet had already gathered 18,000 routers. The botnet herder identified himself with the pseudonym “Anarchy,” although NewSky security researcher Ankit Anubhav believes him to be a hacker who previously identified as Wicked, a well-known malware author who has created variations of the Mirai IoT malware.

3 days ago
Dustin Volz and Shelby Holliday / Wall Street Journal

Three Top FBI Cybersecurity Officials Plan to Retire in Coming Weeks Amid Stepped-Up Demands and Personnel Shortages

Three of the top cybersecurity officials at the FBI are planning to retire in the coming weeks. The three officials are Assistant Director Scott Smith, who runs the FBI’s cyber division, David Resch, the executive assistant director of the Criminal, Cyber, Response and Services Branch, and Carl Ghattas, the executive assistant director of the National Security Branch. The unusual simultaneous departure of three top cybersecurity officials at the law enforcement comes at a time when demands on the agency to protect election and other sensitive systems are on a steep rise and when cybersecurity professional shortages are worsening across the federal government.

3 days ago
Jack Kim / Reuters

Major Cyberattack Hits Singapore Resulting in Personal Data Theft for 1.5 Million People, Prime Minister’s Medical Data Specifically Targeted

In what the government is calling the most serious breach of personal data the country has ever experienced, a major cyberattack on Singapore’s government health database resulted in the theft of the personal information of about 1.5 million people, including Prime Minister Lee Hsien Loong. About 1.5 million patients who visited clinics between May 2015 and July 4 this year have had their non-medical personal data illegally accessed and copied in what the Cyber Security Agency of Singapore (CSA) and the Integrated Health Information System (IHiS) confirmed was “a deliberate, targeted and well-planned cyberattack.” The attackers specifically and repeatedly targeted Prime Minister Lee Hsien Loong’s personal data and information on his outpatient dispensed medicines, according to the government.

3 days ago
Catalin Cimpanu / Bleeping Computer

Dongguan Digee 360 Smart Vacuum Cleaners Come With Two Serious Flaws That Allow Attackers to Run Malicious Code

Two vulnerabilities in Dongguan Diqee 360 smart vacuum cleaners allow an attacker to run malicious code on a device with superuser privileges and effectively take over the vacuum, researchers at Positive Technologies report. The flaws, CVE-2018-10987 and CVE-2018-10988, could allow the vacuum cleaners to be ensnared in a botnet or, worse, turn them into spying machines because they come equipped with Wi-Fi, a webcam with night vision, and smartphone-controlled navigation. The first bug can only be exploited by an authenticated attack but all Diqee 360 devices come with a default password of 888888 for the admin account, which few users change. The second bug requires physical access to replace the device’s firmware with a malicious version and requires only inserting a microSD card into the vacuum.

3 days ago
Jack Stubbs / Reuters

GCHQ Report Finds Huawei Exposed Britain’s Telecom Networks to New Security Risks, Huawei Counters Saying British Supervision is Working Well

Supply chain issues embedded in equipment made by Chinese firm Huawei have exposed Britain’s telecom networks to new security risks, according to a new assessment by Britain’s GCHQ spy agency. Despite this conclusion, Huawei claimed the report shows supervision by British authorities is working well.  All Huawei products are reviewed by staff at a special company laboratory, known as HCSEC, overseen by the British government and intelligence officials. However, Officials said HCSEC had recently identified technical issues which limited security researchers’ ability to check internal product code. A program to resolve the code issue is underway and should be completed by 2020.

3 days ago
Ellen Nakashima / Washington Post

New Justice Department Policy Calls for Alerting American Public to Foreign Cyber Operations Targeting U.S. Democracy

Under a new policy designed to counter hacking and disinformation campaigns such as the one Russia undertook in 2016 to disrupt and alter the presidential election, the Justice Department will alert the public of foreign cyber operations targeting U.S. democracy, Deputy Attorney General Rod J. Rosenstein announced at the Aspen Security Forum in Colorado. Stemming from a new report by the Department of Justice’s (DoJ) Cyber Digital Task Force, the policy is a way of “[e]xposing schemes to the public is an important way to neutralize them…Russia’s effort to influence the 2016 “is just one tree in a growing forest. Focusing merely on a single election misses the point,” Rosenstein said. The policy also specifies that in considering whether to disclose information, the department must protect intelligence sources and methods, investigations and other government operations.

3 days ago
Eric Geller / Politico

Microsoft Stopped Russian Hacking Attempts Against Three Midterm Congressional Candidates, Executive

Microsoft has helped to detect and block hacking attempts by the same Russian intelligence agency charged with hacking Democrats during the 2016 election against three congressional candidates this year, Tom Burt, Microsoft’s vice president for security and trust, said at the Aspen Security Forum. Burt didn’t identify the candidates but said they are “people who, because of their positions, might have been interesting targets from an espionage standpoint as well as an election disruption standpoint.” He did say that his company discovered a fake Microsoft domain had been established as the landing page for phishing attacks and that metadata suggested that the phishing attacks were directed at the three candidates. He also added that the level of election-related cyber activity is not as high as it was during the 2016 presidential election.

3 days ago
Kirsten Korosec / TechCrunch

Uber Hires Former Intel Executive to Fill New Position of Chief Privacy Officer

Uber has hired the former head of Intel’s privacy and security team, Ruby Zefo, to serve as its first Chief Privacy Officer to lend some privacy gravitas to the ride-hailing company as it heads into an IPO. Reeling from a string of privacy and security scandals, as well as turmoil in its C-Suite, Uber has also hired former vice president of privacy and security Simon Hania as its data protection officer, as mandated under the EU’s General Data Protection Regulation.

4 days ago
Charlie Osborne / ZDNet

Cisco Issues Set of Patches for Major Flaws in Policy Suite That Could Lead to Compromise, Tampering and Leaks

Cisco has issued a set of patches for vulnerabilities in Policy Suite which could place enterprise users at risk of information leaks, account compromise, database tampering, and more. The first vulnerability, CVE-2018-0374, is an unauthenticated bypass bug that could allow a remote hacker to connect directly to the Policy Builder database. The second vulnerability, CVE-2018-0375, is a default password error that could allow an unauthenticated, remote attacker to log in to a vulnerable system using a root account. The third flaw, CVE-2018-0376, is caused by a lack of authentication measures. The final flaw, CVE-2018-0377, is a lack of authentication in the Open Systems Gateway initiative (OSGi) interface of the Cisco Policy Suite.

4 days ago
Chris Morris / Fortune

San Diego International Airport’s Wi-Fi is The Most Insecure Airport Wi-Fi in U.S., Was Running ARP Poisoning Attack

San Diego International Airport’s Wi-Fi is the most insecure in the nation, according to a study by cloud security company Coronet. Coronet looked at data from the 45 busiest airports over a five-month period, starting in January, and gave each airport a threat index score, based on the device vulnerability and Wi-Fi network risks. The study found that San Diego scored 10 out of 10, far higher than any other airport. The Wi-Fi access point in the San Diego airport, which uses the name “#SANfreewifi,” was running an Address Resolution Protocol (ARP) “poisoning” attack in which an attacker changes the Media Access Control (MAC) address and attacks an Ethernet LAN by changing the target computer’s ARPcache with a forged ARP request and reply packets. The John Wayne Airport-Orange County Airport was the second most insecure network with a score of 8.7, followed by the William P Hobby Airport in Houston, with a score of 7.5.

4 days ago
Zack Whittaker / ZDNet

Virginia Robocall Firm Left AWS3 Bucket Containing Hundreds of Thousands of Voter Records Open Online

A Virginia-based political campaign and robocalling company, Robocent, left a huge cache of files containing hundreds of thousands of voter records on a public and exposed Amazon S3 bucket that anyone could access without a password, Kromtech Security’s Bob Diachenko discovered. The bucket contained close to 2,600 files, including spreadsheets and audio recordings, for several US political campaigns. The data exposed in the breach include voters’ full names, home addresses, political affiliations, gender, phone numbers, age, and birth year, as well as a jurisdiction breakdown based on district or zip code and other demographics, such as ethnicity, language, and education. The data also indicate how a voter might vote, such “weak Democrat” or “hard Republican,” or “swing” voter. The company said the data has now been secured but that it was from “an old bucket from 2013-2016 that hasn’t been used in the past two years.” The data was exposed long enough for companies such as Grayhat Warfare, which scrape the contents of open buckets, to cache it.

4 days ago
Nick Statt / The Verge

Apple’s iCloud Data in China Will Be Stored in State-Run China Telecom Servers

Apple’s Chinese iCloud partner, Guizhou-Cloud Big Data (GCBD) will move user data to the country’s state-run China Telecom, which will hold the encryption keys to the iCloud data, raising the prospect that the Chinese government will have access to it. Apple users in China can delete their accounts if they choose or opt out by selecting a different country as the host location for their cloud data, which might force some users in China to delete their accounts and create new ones if they want to keep their data protected from the Chinese government’s access.

4 days ago
John Detrixhe / Quartz

Hackers Account for 90% of Login Attempts at U.S. Retailers’ Sites Through Credential Stuffing

Using stolen data in a flood of login attempts known as credential stuffing, hackers generate more than 90% of online retailer sites’ global login traffic, according to researchers at Shape Security. These attacks are successful 3% of the time and also plague the airline and banking industries, with 60% of airline website logins and 58% of consumer banking site logins traced back to hackers’ credential stuffing. The stolen credentials come from major data breaches such as those experienced by Equifax, Yahoo and others.

Podcasts

3 days ago
Cracking Cyber Security

What’s the best way to respond to a data breach?

TEISS talks with Paul Murricane, Media Mentor, to answer questions about the best way to respond to a data breach including what is the best way to plan a response to a data breach? What is the key to retaining customer loyalty? How do you strike the right tone and language? How can you use the media to your advantage?


3 days ago
ISC StormCast

Cisco Patches; Smart Vacuum Bugs; Instagram 2FA Update

Johannes Ullrich talks about Cisco Patches, Diqee Smart Vacuum Vulnerabilities, Instagram About To Release 2FA Update, Reporting Malicious Websites.


3 days ago
InThirty.Net

Security 184 – WPA3

This episode covers some recent news including Google reading your email, terrible commercial VPNs, and the new WPA3 Wi-Fi protocol.


3 days ago
Smashing Security

087: How Russia hacked the US election

Graham Cluley and Carole Theriault explain how Russia hacked the 2016 election. And Carole explores some of the creepier things being done in the name of surveillance.


Spotlight



Heather Kuldell and Aaron Boyd / NextGov

Grant Schneider Named Federal Chief Information Security Officer

 

Find

 

18 hours ago

 








Cybersecurity Events

July 20Health Cybersecurity SummitSanta Clara, CAUSA
July 20-22HopeConNew York, NYUSA
July 23-24International Conference of Reliable Information and Communication Technology 2018Kuala LumpurMalaysia
July 25-27RSA Asia Pacific and JapanMarina Bay SandsSingapore
July 26-28SECRYPTPortoPortugal
July 27-28Global Cyber Security Summit (GCSS) 2018 iKathmanduNepal
July 30-Aug. 4SANS PittsburghPittsburgh, PAUSA
July 30-Aug. 6SANS Security Operations SummitNew Orleans, LAUSA
July 31-Aug. 1SINET61 2018MelbourneAustralia
Aug. 4-9BlackHatLas Vegas, NAUSA
Aug. 9Secure CISO DetroitDetroit, MIUSA
Aug. 9-12DEFCON 26Las Vegas, NVUSA
Aug. 21SecureWorld Bay AreaSanta Clara, CAUSA
Aug. 23Secure CISO HoustonHouston, TXUSA
Sept. 6Secure CISO New YorkNew York, NYUSA


Subscribe to Our Newsletter

Subscribe to our newsletter and get our daily and highly enjoyable summary of cybersecurity developments you must know if you want to stay ahead.

We don't spam and we value your privacy. We don't sell or share our subscriber lists ever. For more information, please read our privacy policy at Metacurity's Privacy Policy page.

DON'T FORGET TO CONFIRM YOUR SUBSCRIPTION AFTER SIGNING UP. PLEASE CHECK YOUR SPAM FILTER FOR OUR CONFIRMATION EMAIL.