The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

Please reply to this topic with article suggestions for the CS Digest.

Past issues of the CS Digest can be viewed here: https://www.csiac.org/cs-digest/

To subscribe to the CS Digest visit here: https://www.csiac.org/subscription-manager/

Topic

[plosiewiczModerator]

Quantum Blockchain discussion from MIT Tech Review

https://www.technologyreview.com/s/611022/if-quantum-computers-threaten-blockchains-quantum-blockchains-could-be-the-defense/

[plosiewiczModerator]

A major procedural snafu in Government is lack of clarity in Defense Support for Civilian Authorities (DSCA) in the Cyber domain.

It appears that Congress has decided to join in the discussion….

https://www.nextgov.com/cybersecurity/2018/05/house-panel-approves-more-military-cyber-support-critical-infrastructure/148087/

[corycl4Participant]

Former employee of PenAir recently pleaded guilty to felony offenses and owes $5,616 back to the airline after hacking into their VPN network and tampering with airline ticket prices. A VPN connection does not secure a user’s identity as private but acts as though your computer had direct hook-up to their network. The employee was a director of system support and was responsible for the updating of security procedures around the networks of the company. The employee wiped out the existing Sabre system three times forcing employees to rebuild their systems. She was able to do this as she created fake employee profiles with extenstive rights before her retirement.
https://nakedsecurity.sophos.com/2018/04/19/employee-from-hell-busted-by-vpn-logs/

[corycl4Participant]

Google has recently rolled out 2FA, or 2 Factor Authentication for logging into apps such as gmail. 2FA is another layer of security that users should take advantage of. The Google approach to 2FA sends a security message to your phone via SMS message, use an authenticator app or type your password. Setting up the 2FA feature is simple and takes a matter of minutes for both android and IOS users. One benefit of this set-up is that next time your account is being signed into from a new device, you will receive a message asking to verify your credentials. Immediately, you will know if someone is trying to get into your account.
https://nakedsecurity.sophos.com/2018/04/26/gmail-users-heres-how-and-why-you-should-set-up-prompt-based-2fa/

[corycl4Participant]

Fred Hutch, a cancer institute joined up with Microsoft to help fight the negative side-effects of chronotherapy with computer technology. They look to accomplish this by studying more before, during, and after visits. The technology part comes into play by examining the immune system, reading a blood sample and correcting multiple errors with the body.
Pokwire.com

[corycl4Participant]

Pokwire.com
Microsoft and Amazon’s artificial intelligence systems, Cortana and Alexa, are cross referencing each other. Together, they are both OS assistants that provide google like information and are able to open and close apps as well as able to use any of your apps such as playing pandora or finding a destination. All at the command of your voice. Now two huge platforms bring them together on one device simultaneously to assist you quicker and bring you even further.

[corycl4Participant]

On World Password Day, Twitter released a statement that a bug in their internal databases left passwords unencrypted, or in plain text. Unencrypted passwords and saving them to a temporary file is a big “no-no”. There are several risks to improperly saving passwords that users should be made aware of and use more precaution with. While Twitter has claimed they have fixed the issue, they strongly urge users to update their passwords on every device they use to log into the site.
https://nakedsecurity.sophos.com/2018/05/04/twitter-admits-to-password-storage-blunder-change-your-password-now/

[corycl4Participant]

Abbot’s (formerly St. Jude’s Medical) has released a statement that their pace makers are vulnerable to security attacks and battery life loss. It has been reported that roughly 465,000 patients are at risk due to these security threats. MedSec, and IoT company published the bug issues in the equipment in 2016. At that time St. Jude’s decided to sue MedSec for defamation rather than fix the issues. Today however, involvement from the FDA and Department of Homeland Security has urged St. Jude’s to make the appropriate fixes. Patients are strongly encouraged to contact their doctor if they are concerned their pacemaker may be a vulnerable device.
https://nakedsecurity.sophos.com/2018/05/04/half-a-million-pacemakers-need-a-security-patch/

[tcornish13Participant]

https://blog.avast.com/cambridge-analytica-shuts-down-and-ransomware-victims-pay-up

A school district in MA had been hit with ransomware, shutting down services.

[tcornish13Participant]

https://www.theverge.com/2018/4/30/17302720/wechat-deleted-messages-china-government-surveillance

The use of the messaging app “Wechat” is being used in the prosecution of criminals.

[tcornish13Participant]

https://www.theverge.com/2018/5/3/17316684/twitter-password-bug-security-flaw-exposed-change-now

Twitter discovered a bug in their system, and is advising users to change passwords.

[tcornish13Participant]

https://www.theverge.com/2018/5/4/17303644/volkswagen-car-net-security-location-access

A former owner of a Volkswagen discovered she still had vital access to information about the vehicle after selling it.

[dragonfinParticipant]

https://www.scmagazine.com/the-framework-in-question-has-been-a-point-of-frustration-inside-the-pentagon-long-before-trump-came-into-office/article/763394/

The Trump administration is reportedly looking to rescind Presidential Policy Directive 20 an important policy memorandum that currently guides the approval process for government-backed cyberattacks.

[dragonfinParticipant]

https://www.scmagazine.com/delaware-launches-data-breach-compliance-site-for-companies-and-consumers/article/763065/

The state of Delaware launched a website to assist in the compliance of the state’s updated data breach laws.

[dragonfinParticipant]

https://www.scmagazine.com/spartacus-ransomware-shows-sparse-features-can-still-fight-hard/article/762753/

A new ransomware named after a gladiator is demonstrating how even malware with sparse features can get still get wreak havoc on unsuspecting users.

[dragonfinParticipant]

https://money.usnews.com/investing/cryptocurrency/articles/2018-05-04/is-bitcoin-a-safe-investment

The frequent hacking of cryptocurrency exchanges serves as a warning to investors.

[dalicaic25Participant]

https://www.technewsworld.com/story/85252.html
Intel has come out with a 8th generation of proccesors that are a big improvement from the last gen

[dalicaic25Participant]

https://www.technewsworld.com/story/85246.html
There had been a shooting at the youtube headquarters and the female suspected was reportedly not fond of youtube and how they ran it

[dalicaic25Participant]

https://www.technewsworld.com/story/85198.html
FitBit has created a new watch to try and rival the apple watch and they wanna grow into the more modern type of watches with different styles

[dalicaic25Participant]

https://www.technewsworld.com/story/85173.html
Microsoft has given its devs more open source to its computing software in order to upgrade it from the last version

[dalicaic25Participant]

https://www.technewsworld.com/story/85153.html
Uber has created a way for people to walk a short distance to a location and get picked up for a lower cost than usual

[jgray18bParticipant]

https://arstechnica.com/gadgets/2018/05/a-lightning-strike-shut-off-a-womans-brain-implant/

Elon Musk, has set out on a new project. This time it is a medical research company, called Neuralink, and sets out to develop brain implantation devices. This is meant to help us in the upcoming AI apocalypse, but couldn’t malicious organizations take advantage of these implantations?

[dalicaic25Participant]

https://www.technewsworld.com/story/85168.html
Apple is trying to open up Health clinics to its employees as a token of gratitude for working for them

[dalicaic25Participant]

https://www.technewsworld.com/perl/section/technology/?init=60
Smart TV’s were getting hacked and people at home are starting to worry wether they are safe to have such TV’s at their house if they can so easily be hacked

[dragonfinParticipant]

https://www.csoonline.com/article/2130877/data-breach/the-biggest-data-breaches-of-the-21st-century.html

This article is mainly talking about big data breaches that have happened in the 21st century. Yahoo being the biggest with over 3 billion user accounts.

[dragonfinParticipant]

https://www.nytimes.com/2018/05/01/smarter-living/how-to-sell-your-phone-safely.html

This article is from the New York Times. It is mainly about how to get rid of your old phone safely and how to wipe all your personal information before handing it off to a stranger.

[dragonfinParticipant]

https://www.nytimes.com/2018/05/04/technology/personaltech/staying-safer-on-public-networks.html

This article is from the New York Times. It is mainly talking about how to protect your personal information whenever you may be connected to a public network.

[dcopperwheat1Participant]

https://www.securityweek.com/has-your-companys-infrastructure-been-hijacked-bitcoin-miners

With the rise of bitcoin again in the markets, companies have found that their resources have been hijacked to help mine. This article states the best defense is AI powered cyber defense is the best to detect and stop deviations from normal patterns.

[dcopperwheat1Participant]

http://thehill.com/policy/cybersecurity/385663-new-vulnerability-found-in-systems-used-in-electric-gas-industries

More exploits found within our energy systems of control. In March hackers backed by Russia targeted our systems of energy, nuclear, and water. The system exploit would allow hackers to take control over the same system the U.S. gov’t uses to maintain and control these sites.

[dcopperwheat1Participant]

https://nakedsecurity.sophos.com/2018/05/04/tech-companies-resist-government-hacking-back-and-backdoors/

Georgia is looking to make it legal to hack back. I don’t think these politicians understand how hard it can be to track down origins of attacks. If it passes it would be interesting to see what you can get away with under the I was just attacked so I’m responding defense.

[rr1315Participant]

Brain implants – the extreme form of biometrics! Soon to come with a reduced risk of EMF injury.

https://arstechnica.com/gadgets/2018/05/a-lightning-strike-shut-off-a-womans-brain-implant/

[rr1315Participant]

https://www.rt.com/business/425942-buffett-cyber-risk-insurance/

Cyber insurance, soon to come – something I’d never heard of before.. but it makes sense. Uncharted territory indeed – this is in the works.

[jgray18bParticipant]

https://nakedsecurity.sophos.com/2018/05/04/twitter-admits-to-password-storage-blunder-change-your-password-now/

A new bug in Twitter’s code is discovered that stored some user passwords. They (Twitter) sent out alerts to reset passwords after acknowledging the mistake. They reported no indication of a breach or misuse of the passwords

[aaung01Participant]

https://www.reuters.com/article/us-usa-china-zte/zte-says-asked-u-s-commerce-department-to-suspend-business-ban-idUSKBN1I70FR

It was a very unfortunate month for “ZTE,” the Chinese based telecom company. After acknowledged that the U.S. companies were banned to sell software and technological tools include CPU, smartphone chip to ZTE. The company now submitted a claim by both to scratch out the ban and give purchase power again like before.

[aaung01Participant]

https://www.geekwire.com/2018/fair-competition-facebook-raises-status-ai-research-labs-seattle-pittsburgh/

Facebook now opened “AI (artificial intelligence)” lab in Seattle and Pittsburgh. Surprisingly, its new hired employees made their own space with creativity like drawing on the wall, or sticking artificial flower. However, those two labs will be working together and by under the mother company of the Facebook.

[aaung01Participant]

https://www.bleepingcomputer.com/news/google/google-says-chrome-now-blocks-about-half-of-unwanted-autoplays/

No matter how many issue that the Google Chrome had, at this time, the users would be satisfy when they use the “Chrome 66.” The benefit of it is very humongous because, surprisingly, it will only allow “1,000” most popular websites to play video automatically with sound. “You Tube” is one out of many. Other than famous video sites, the Chrome will automatically block auto video playing with sound, but it will allow again when the users passionately click the video to watch.

[aaung01Participant]

https://www.bleepingcomputer.com/news/microsoft/chrome-users-reporting-freezes-and-timeouts-after-windows-10-april-update/

Google Chrome users around world wide are facing two big problems after upgrading the latest version. After using a while, the site unbelievably stop working and it made very complicated for users to reset and finally ended up and for users, restarting the computer was the only option. Secondly, the sites sometimes did not work by showing “ERR_TIMED_OUT” which meant, it was completely out of control and did not give users able to visit to current website.

[aaung01Participant]

https://blog.avast.com/5-simple-tips-make-the-most-of-world-password-day

Avast’s one published article given advice of using 5 tips to make yourself stronger when there the time for making and remembering a very strong password. The article also concluded that the “38 %” of American people love to have the password of “…the same or very similar to each others…” which is usually weak and unhealthy.

[aaung01Participant]

https://arstechnica.com/information-technology/2018/05/researchers-link-a-decade-of-potent-hacks-to-chinese-intelligence-group/

Researchers believed that the reason why the largest technology companies like “GOOGLE” and other popular games companies which were hacked for about a decade was under the operation of the Chinese Government’s Central Intelligent responsibility. They targeted companies mostly in United States, Europe, and Russia mainly. One Chinese researcher found out that the hackers were from all famous Chinese Companies and working together for Central Intelligent.

• This reply was modified 3 weeks ago by  aaung01.
• This reply was modified 3 weeks ago by  aaung01.
• This reply was modified 3 weeks ago by  aaung01.

[rr1315Participant]

https://www.rt.com/usa/425858-cybercom-combatant-command-nsa/

According to a Pentagon spokesperson, “the cyber domain will define the next century of warfare,” as a handful of the major powers in the world are labelled, by name, as adversaries to the U.S.

[smiles13Participant]

Investigators use genealogy sites to track down man connected to at-least 51 rapes and 12 murders. Done after finding someone with a similar DNA match and branching out from there.

[smiles13Participant]

Bug in twitter code is discovered by twitter that stored some user passwords. Twitter sends out alerts to reset passwords after acknowledging the mistake.

[mgallimo30Participant]

NIGERIAN EMAIL SCAMMERS ARE MORE EFFECTIVE THAN EVER
https://www.wired.com/story/nigerian-email-scammers-more-effective-than-ever/

Nigerian email scammers are still bringing in millions, although they are no longer posing as a prince in need. Now they are running a social engineering email scheme and stealing money from business using phishing emails.

[wpolnakParticipant]

This article about the newest apple update really shows the importance of updating your devices constantly. Updates fix anywhere from minor bugs to mayor security problems and you need to keep yourself updated to keep your devices safe.

https://nakedsecurity.sophos.com/2018/04/27/apples-latest-updates-are-out-apfs-password-leakage-bug-squashed/

• This reply was modified 3 weeks, 4 days ago by  CSIACAdmin. Reason: Fixed link and tags

[wpolnakParticipant]

I always found the amazon echo to be kinda creepy just because all you have to do is say its name and it starts. That means to me that is must always be listening even when you aren’t using it. This article shows that to be true.

https://nakedsecurity.sophos.com/2018/04/27/apples-latest-updates-are-out-apfs-password-leakage-bug-squashed/

• This reply was modified 3 weeks, 4 days ago by  CSIACAdmin. Reason: Fixed Link and Tags

[wpolnakParticipant]

https://nakedsecurity.sophos.com/2018/04/27/apples-latest-updates-are-out-apfs-password-leakage-bug-squashed/

I found this article to be very important because it reminds people that ransomware is a prominent threat even today. ransomware has changed in many ways but it also isn’t just a large “brand name” virus anymore. There are so many different hackers can do this that it has so many name.

• This reply was modified 3 weeks, 4 days ago by  CSIACAdmin. Reason: Fixed link and tag

[henryParticipant]

https://www.reuters.com/article/us-tesla-crash/tesla-says-crashed-vehicle-had-been-on-autopilot-prior-to-accident-idUSKBN1H7023

Tesla model X crashed into the concrete divider while it was on autopilot mode. Even though the car can operate on its own, Tesla said, the driver must agree to keep the hand on the steering wheel at all time. That was the first fatal accident by Tesla. Tesla recalled 123,000 of its model S and said there were no accidents or injuries shown.

[smiles13Participant]

Amazons DNS had traffic rerouted for a cryptocurrency website. Attacks could be connected to Russia as the server that traffic was rerouted to seems to originate from the country.

[cspencer25aParticipant]

https://mashable.com/2018/04/16/taskrabbit-cybersecurity-incident/

According to this article, there has been a breach in Ikea’s app TaskRabbit. There has been little disclosed at this time, but they are calling it a ‘cybersecurity incident’, and they had to shut down the application due to a compromise of security.

[rileysperatiParticipant]

https://nakedsecurity.sophos.com/2018/04/24/google-project-zero-pulls-the-rug-out-from-under-microsoft-again/

Microsoft again missed the deadline for the 90-day patching deadlines and made it vulnerable to hackers. The leak is a bypass flaw that affects Windows 10 machines with device guard.

[dcopperwheat1Participant]

https://www.geekwire.com/2018/data-leak-exposes-48m-user-profiles-scraped-facebook-zillow-sites-researcher-says/

Another data leak from our friends at Facebook from a company called Localbox. Organizations are still able to scrape public websites like Facebook and Twitter. This time an estimated 48 million accounts hit again.

[dcopperwheat1Participant]

https://nakedsecurity.sophos.com/2018/04/23/linkedin-patches-serious-leak-in-its-autofill-plugin/

For all those of us that use LinkedIn to keep in touch with leads and networking across our respected fields. Nice to know that some programmers created a patch for their auto fill in options to possible allow malicious sites to farm data from the users.

[djones06aParticipant]

https://thehackernews.com/2018/04/adblocker-chrome-extention.html

A few widely used ad-blocking browser extensions available on the Google Chrome Store contain malicious code that can send user information and receive commands from a remote C&C server.

[nrea13Participant]

https://www.securityweek.com/linkedin-vulnerability-allowed-user-data-harvesting

A vulnerability detected within LinkedIn in regards to an AutoFill feature had been patched. This vulnerability had a possibility of gathering user data for malicious purposes. The problem was identified before somebody could exploit it

[rydilly17Participant]

https://www.scmagazine.com/web-trackers-exploit-login-with-facebook-feature-to-gather-share-user-data/article/759978/

Web trackers are exploiting the “Login with Facebook” feature to gain access to data from the social media firm’s users, according to a report by security researchers at the Freedom to Tinker blog. Third-party JavaScript trackers are embedded on websites where users login through Facebook can gather their data, including email addresses, and as is reportedly the case with Bandsintown, pass that data to other websites.

[rydilly17Participant]

https://www.scmagazine.com/the-malwares-suspected-author-is-a-well-known-russian-cybercriminal-who-has-been-active-on-global-underground-marketplaces-for-years/article/760188/

Researchers have identified a new botnet malware described as the “Swiss Army Knife Malware”. Designed by a veteran threat actor it takes screenshot and drains cryptocurrency wallets.

[rydilly17Participant]

https://www.scmagazine.com/ex-employee-sun-trust-helps-compromise-15-million-bank-clients/article/760195/

Sun Trust Bank today confirmed it was hit with an insider attack when a former employee, working with a third party, stole company contact lists possibly exposing the personal information of up to 1.5 million customers.

[rydilly17Participant]

https://www.technewsworld.com/story/85291.html

Facebook on Tuesday unveiled a comprehensive series of privacy enhancements designed to extend protections required by the European Union’s General Data Protection Regulation to all of the social media company’s users around the world.

[rydilly17Participant]

https://www.technewsworld.com/story/85286.html

Around 20% of the top app available through the google play store contain open source components with known vulnerabilities that can be exploited by hackers

[rydilly17Participant]

https://www.technewsworld.com/story/85291.html

Facebook on Tuesday unveiled a comprehensive series of privacy enhancements designed to extend protections required by the European Union’s General Data Protection Regulation to all of the social media company’s users around the world.

[rydilly17Participant]

https://www.technewsworld.com/story/85268.html

A web standards milestone announced Tuesday could point to the end of the road for pesky passwords.The new standard, WebAuthn, has won near-final approval from the World Wide Web Consortium, which establishes Web standards.

[rydilly17Participant]

https://www.democratandchronicle.com/story/news/politics/albany/2018/04/19/did-cyberattack-strike-new-yorks-student-tests/533251002/

On Tuesday, New York was one of many states who’s computerized English tests were interrupted by a cyberattack. New York education officials confirmed Thursday that its computerized exams suffered the same problems Tuesday as other states, but Questar — the Minneapolis-based company that administers the tests — has yet to detail the cause of the problems.

[awebb19Participant]

https://www.theverge.com/2018/4/19/17258694/grasshopper-javascript-mini-games

Google has released an app that teaches you how to code javascript through a series of mini games. This is helpful as coding is becoming an increasingly important skill to have.

[rtmoranParticipant]

https://thehackernews.com/2018/04/iot-hacking-thermometer.html

Nicole Eagan, the CEO of cyber-security company Darktrace, disclosed, during a London based info-sec event, that an undisclosed casino was hacked through the exploitation of a vulnerability within the casino’s internet connected fish tank wifi thermometer. With internet connected technologies becoming even more commonplace, their presence brings to light new security implications and concerns moving forward.

[zijad94Participant]

https://www.technewsworld.com/story/85283.html

Microsoft, Oracle and Facebook, along with 31 other companies, on Tuesday signed the Cyber security Tech Accord, an agreement aimed at defending against cyber-attacks, whether coming from rogue hackers or nation-states.

[glesher16Participant]

https://www.securityweek.com/nigerian-hackers-attempt-steal-millions-shipping-firms

A Nigerian Hacking group, named GOLD GALLEON, have attempted to steal a few million dollars from shipping companies and customers of the companies over the last year. The group uses spear-phishing scams to try and gain credentials to ultimately modify financial documents redirect funds to their bank accounts.

[swoodworth31Participant]

https://www.bleepingcomputer.com/news/government/fda-wants-medical-devices-to-have-mandatory-built-in-update-mechanisms/

The FDA wants to force medical device makers to include mandatory update systems inside their products in hopes of making the devices more secure.

[ttripp07Participant]

https://www.securityweek.com/iphones-ipads-can-be-hacked-trustjacking-attack

Those with malicious intentions have devised a way to steal information from iOS users. Known as trustjacking, this attack involves the victim plugging his or her Apple device to a charging station and takes advantage of the “sync over Wi-Fi” feature on iOS devices. Even if the user disconnects their iOS device from the charging station, if he or she is on the same network as the attacker, data can still be stolen.

[dzemlevichParticipant]

https://nakedsecurity.sophos.com/2018/04/17/traditional-firewalls-fall-short-in-protecting-organizations-says-survey/

A new survey suggests firewalls in organizations fall short in giving the needed protection they need. One main security concern for many of the organizations who took the survey is lack of application visibility, which means they are not getting the visibility and control into what’s really happening on their networks.

[markParticipant]

https://www.theverge.com/2018/4/9/17216656/apple-renewable-energy-worldwide-climate-change

This article explains that the energy Apple uses is now green energy. Green energy for future tech companies should be used more often so we can make the world cleaner and advance technology at the same time.

[markParticipant]

https://www.theverge.com/2018/4/11/17223504/ai-startup-sensetime-china-most-valuable-facial-recognition-surveillance.

This article discusses the new type of security that can easily identify people committing a crime. It shows how it can be used as a security issue, violating privacy and many other rights.

[cspencer25aParticipant]

https://mashable.com/2018/04/16/taskrabbit-cybersecurity-incident/

According to this article, there has been a breach in Ikea’s app TaskRabbit. There has been little disclosed at this time, but they are calling it a ‘cybersecurity incident’, and they had to shut down the application due to a compromise of security.

[austinmarinoParticipant]

https://www.bleepingcomputer.com/news/security/teenager-charged-for-nova-scotia-freedom-of-information-web-portal-breach/

This 19 year old got a hold of 7,000 confidential records through a portal. He says his intent was not malicious, but still could face up to ten years in prison. Maybe people should realize that internet security is not taken lightly.

[cspencer25aParticipant]

https://www.lifehacker.com.au/2018/04/microsoft-release-admin-tools-to-simulate-cyberattacks/

This article speaks about Microsoft releasing tools that can be used to simulate cyberattacks. This can be very advantageous especially for corporations that have employees that don’t know what to do in a practical situation.

[nd14Participant]

https://thehackernews.com/2018/04/iot-hacking-thermometer.html

Hackers were able to gain access to a casino’s network through a fish tank thermometer.

[craigbeachParticipant]

https://thehackernews.com/2018/04/intel-threat-detection.html

Intel announced two new technologies to their processors that allows them to use built-in GPU’s for malware scanning. The two new technologies are: Threat Detection Technology (TDT) and Security Essentials. These technologies not only offer hardware-based built-in security features across Intel processors, but also improve threat detection without compromising system performance (Wang Wei). Current Scanning technologies can do this, but at the cost of GPU performance. Intel tested the new GPU-scanning technique, and CPU utilization for malware lowered from 20% to as little as 2%. Intel’s threat detection technology will be available in computers with 6th, 7th, and 8th generation processors.

[mmuya09Participant]

This article is interesting because a a man was an arrested man was used to discover a notorious drug dealer on widely used app that makes video/phone calls around the world or Whatsapp. This is really interesting because “Drug dealers” are using he internet to advertise products.

http://www.bbc.com/news/uk-wales-43711477

[glesher16Participant]

https://www.securityweek.com/us-energy-department-offers-25-million-cybersecurity-tech

The United States Department of Energy announced a funding opportunity that it will award up to $25 million to research, develop, and secure its energy infrastructure. The Office of Electricity Delivery and Energy Reliability’s Cybersecurity for Energy Delivery Systems (CEDS) made the is looking to improve the nation’s enerygy delivery systems.

[aaung01Participant]

Apple will going to give authority to the third party watch faces in the future. And, it will at least giving power to 3 most popular technology invention like “Garmin’s OS, Fitbit OS, and War OS.” Hopefully, consumers will see more fresh, exciting and beautiful watch faces in the future.

https://arstechnica.com/gadgets/2018/04/the-apple-watch-may-support-third-party-watch-faces-in-the-future/

[djones06aParticipant]

https://thehackernews.com/2018/04/android-dns-hijack-malware.html

Trojanized facebook and chrome android applications are being spread through the use of the ‘Roaming Mantis’ malware via infected routers.
Using DNS hijacking, the user is redirected to fake versions of trusted sites and asked to input sensitive information.

[jgray18bParticipant]

https://www.theverge.com/2018/4/10/17215406/webauthn-support-chrome-firefox-edge-fido-password-free

Web browsers such as Chrome and Firefox, will soon introduce a new way to logn, using biological data, and USB tokens. This will reduce the number of people succumbing to phishing and the like. Services, such as Google and Facebook have already added this feature.

[mgallimo30Participant]

Cybercriminals now targeting tax pros to cash in on fraudulent returns
https://www.cnbc.com/2018/04/14/cybercriminals-now-targeting-tax-pros-to-cash-in-on-fraudulent-returns.html

Hackers have been attacking tax professionals through phishing emails in an attempt to masquerade as them. Allowing the hackers to steal personal tax information and file fraudulent returns.

[smiles13Participant]

Updated Article: Facebook Denies obtaining call logs through android phones despite reports. Android phones using older OS were ones that could exposed.

[smiles13Participant]

Uber facing tighter restrictions following breach in 2016. Where in this breach many users emails, mobile phones, drivers and drivers licenses were breached and Uber failed to report it for over a year.

[swoodworth31Participant]

https://www.bleepingcomputer.com/news/security/malware-distribution-campaign-has-been-raging-for-more-than-four-months/

A malware campaign has been going on for four months, according to a Malwarebytes researcher. Users are redirected to web pages with fake software updates that infect the computer with malware.

[austinmarinoParticipant]

This could be an interesting turn of events. Some new malware that can steal information through power lines. Sounds like fun!

[ttripp07Participant]

https://www.securityweek.com/mobile-phishing-attacks-85-percent-annually

As how the average consumer uses technology has shifted to primarily involve mobile devices rather than laptops and desktops, attackers have done the same with their targets. It seems the smaller screen makes users less likely to notice when they visit a fake website. It also appears that solving this issue won’t be as simple as it would be on a desktop platform.

[nd14Participant]

https://www.scmagazine.com/report-secret-service-warns-of-crooks-swapping-out-chips-on-stolen-debit-cards/article/757918/

Not too surprising but the Secret Service has issued a warning about criminals swapping out the chips on stolen debit cards. When i was in retail and the use of the chip started i figured it would only be a matter of time before something like this happened.

[rtmoranParticipant]

https://thehackernews.com/2018/04/outlook-smb-vulnerability.html

A vulnerability residing within Microsoft Outlook allows attackers to steal Windows passwords by sending an RTF email, containing a remotely-hosted image file (OLE object) that Outlook automatically renders, initiating authentication with an attacker controlled SMB server.

[nrea13Participant]

https://www.securityweek.com/adobe-patches-vulnerabilities-six-products

Adobe recently released a patch, fixing 19 vulnerabilities across their products. Six that had been declared critical had been patched that included bugs that led to remote execution of the code and information disclosure. Four vulnerabilities remained critical, but pose no threat for malicious use.

[rileysperatiParticipant]

https://nakedsecurity.sophos.com/2018/04/10/how-to-check-if-your-facebook-data-was-shared-with-cambridge-analytica/

As many people know now facebooks data of their users was shared with Cambridge Analytica and the information they received was used a way many people would not want it used.THere is a link to see if your data was shared, but if it is shared there is not much you can do about it. After this problem the people who use facebook should not share their whole personal live on social media.

[dzemlevichParticipant]

Vulnerability found in emergency alert systems allows the possibility of a hacker to trigger false alerts by setting off the emergency system due to the radio protocol used to control the sirens in ATI systems not being encrypted.

[awebb19Participant]

https://www.theverge.com/2018/4/10/17215406/webauthn-support-chrome-firefox-edge-fido-password-free

Web browsers are creating a new way to log in that does not include passwords using things such as biometrics and USB tokens.

[craigbeachParticipant]

https://thehackernews.com/2018/04/helsingin-uusyrityskeskus-hack.html

According to thehackernews.com, Finland experienced their third largest data breach, with 130,000 passwords exposed. The website “http://liiketoimintasuunnitelma.com” was the affected target. The website stored the compromised passwords in plaintext, meaning they were displayed exactly as they are used with no types of encryption. The attackers still remain unknown. The incident has been reported the Helsinki Police of Finland. The affected uses are strongly recommended to change their passwords once the website relaunches.

[mmuya09Participant]

Baltimore 911 Dispatch/CAD system was hacked by unknown hackers over the weekends. The hackers temporarily shut down the system using Ransomware malware, an investigation is currently underway.
http://www.baltimoresun.com/news/maryland/crime/bs-md-ci-911-hacked-20180327-story.html

[henryParticipant]

Chinese hackers affiliated with South China sea attacked many U.S. companies trying to get the information that would help their government, said one U.S. cybersecurity company, even though no specific source could be pointed out. However, Chinese hackers have been involved in other attacks as well other than this incident. Fred Plan, who is working for a U.S. cybersecurity company believed that these Chinese hackers are working for their government.

[henryParticipant]

A woman was hit and killed by a self-driving Uber’s car. However, Uber claimed that it was more likely the fault of the woman who crossed the road when she could just avoid it. Police are still working on the investigation.

[henryParticipant]

In this article, the development of Chinese to English machine dictionary was a success, said Microsoft. This has been tested and approved that it worked as a person translated the article. Microsoft put this on its website so people can go and test it.

[zijad94Participant]

https://www.technewsworld.com/story/85258.html

The attacks have exposed millions of consumer payment cards to fraud. Cyberthieves have used a variety of methods to infiltrate corporate computer systems and resell financial data on the Dark Web.

[djones06aParticipant]

https://thehackernews.com/2018/04/helsingin-uusyrityskeskus-hack.html

Over 130,000 Finnish citizens have had personal information compromised after a cyber attack on a website maintained by the New Business Center in Helsinki. The compromised data included Usernames and Passwords which were reportedly stored in plain text.

[glesher16Participant]

https://www.securityweek.com/researchers-link-new-android-backdoor-north-korean-hackers

A North Korean hacking group that has been named many things such as Reaper, Group 123, Red Eyes, and ScarCruft, has been linked to an Android backdoor. This backdoor, called the KevDroid, can steal contacts, messages, and phone history and is also able to record phone calls.

[ttripp07Participant]

http://thehill.com/opinion/cybersecurity/381281-bitcoin-tech-could-become-the-future-of-voting

With all the controversy about illegitimate votes and hacked elections, this article describes what could be the solution to all of this: A voting system that utilizes the same technology as bitcoin, rather than outdated and highly vulnerable methods.

[ttripp07Participant]

http://thehill.com/opinion/cybersecurity/381281-bitcoin-tech-could-become-the-future-of-voting

As there has been issues of potential hacking involved with various elections, this article explains a possible solution. This solution involves using the same technology used in bitcoin, which is a much more secure method.

[awebb19Participant]

https://www.bleepingcomputer.com/news/cryptocurrency/hacker-uses-exploit-to-generate-verge-cryptocurrency-out-of-thin-air/

A unknown attacker used a bug in the Verge cryptocurreny network to accumulated 15.6 million verge coins in three hours. This is equal to $780,000 in cash. The Verge is working to fix the bug.The news of the attack has led to a drop in the verges exchange rate.

[awebb19Participant]

https://www.bleepingcomputer.com/news/security/the-whiterose-ransomware-is-decryptable-and-tells-a-strange-story/

There is a new ransomware called WhiteRose that encrypts all the files on your computer, shows you a story, and gives instructions on how to pay the ransom. The good news is that it is decrypt-able so there is a forum that may be able to help if you are infected. It is not known for sure how the ransomware is being distributed.

[dalicaic25Participant]

https://www.technewsworld.com/story/85238.html
The city of Atlanta has made great strives to recover from their most recent ransomware attack that occured a couple weeks ago. Hackers have accessed the governments important files during that week

[cspencer25aParticipant]

https://siliconangle.com/blog/2018/04/05/data-breach-exposes-delta-sears-customers-credit-card-details/

In this article they speak about a recent breach in security and a data breach that hit two large corporations, Delta Air Lines and Sears. With these attacks the main thing that was targeted was credit card details and other user credentials.

[craigbeachParticipant]

https://www.scmagazine.com/staff-at-northern-ireland-assembly-warned-over-email-breach/article/754924/

According to Rene Millman of scmagazine.com, staff at the Northern Ireland assembly showed multiple unauthorized login attempts of its IT system. Specifically, hackers attempted to log on staff email accounts using multiple passwords. This is the second time within a year such an occurrence has happened, the other one being on the House of Parliament, according to Tony Pepper. Bill Evans, the senior Director at One Identity stated that the IT team was doing the right thing on addressing the issue by alerting the staff and inspecting the systems. He also suggested that the staff follow a few guidelines to ensure security: multi-factor authentication, management of privileged accounts, and “ensure only the right people have access to the right things at the right time and educate those users”

[nd14Participant]

https://thehackernews.com/2018/04/android-spying-trojan.html

New malware on android devices records phone calls and steals private information. The malware is a trojan disguised as an anti-virus called Naver Defender.

[rtmoranParticipant]

http://thehill.com/blogs/blog-briefing-room/381494-panera-bread-exposed-millions-of-peoples-private-information
Despite months of advanced warning, Panera Bread exposed millions of customer personal information, including names, emails, physical addresses, birthdays and last four digits of their credit card information.

[markParticipant]

https://www.theverge.com/2018/3/30/17179328/microsoft-windows-reorganization-future-2018

This article shows a life beyond windows. It shows the different ways in which Microsoft is expanding and creating more technology to further themselves in the community of technology.

[dzemlevichParticipant]

Microsoft’s updates for a known vulnerability in user’s hardware which allowed attackers access to contents of the user’s kernel memory which contains passwords, encryption keys, etc… may have opened up an even bigger problem.

[rileysperatiParticipant]

https://nakedsecurity.sophos.com/2018/04/03/5-million-credit-cards-exposed-in-saks-and-lord-taylor-data-breach/

This past week there was another breach were many Americans credit card information was stolen and this time Lord and Taylor and 5th avenue were the stores that got hacked. The information was stolen from cards that got swiped instead of using the chip reader. When you use a chip or a pi it is much safer but many stores do not allow this yet.

[swoodworth31Participant]

https://www.bleepingcomputer.com/news/security/new-michigan-law-makes-possession-of-ransomware-illegal/

Michigan signed two bills into law that criminalize the possession of ransomware. The punishment is three years in prison.

[austinmarinoParticipant]

Another massive leak of confidential information. On a positive note, most of the data stolen is from older cards, which used on the magnetic strip to purchase items. Luckily the new chips and pin transactions avoid this risk and for the most part all card companies use chip now.

[mgallimo30Participant]

THE UNDER ARMOUR HACK WAS EVEN WORSE THAN IT HAD TO BE
https://www.wired.com/story/under-armour-myfitnesspal-hack-password-hashing/

When Under Armour was attacked millions of users information was leaked but thanks to good data protection, only parts were leaked, like usernames and email addresses. Passwords were leaked too some with good encryption, bcrypt, and others with bad encryption, SHA-1.

[mgallimo30Participant]

GOOGLE BANS ALL CRYPTOMINING EXTENSIONS FROM THE CHROME STORE
https://www.wired.com/story/google-bans-all-cryptomining-extensions-from-the-chrome-store/

Google is putting one final stop to all cryptomining extensions both malicious and legitimate. Under there current rules, you can have a mining extension such as long as it’s clear that was it’s functionality.

[zijad94Participant]

https://www.technewsworld.com/story/85238.html

Hackers encrypted many of the city government’s vital data and computer systems in Atalanta.
The hackers demanded that officials pay a ransom of US$51,000 to be sent to a bitcoin wallet.

[dzemlevichParticipant]

https://nakedsecurity.sophos.com/2018/03/29/jaywalkers-to-be-named-shamed-and-fined-thanks-to-facial-recognition/

Gone are the days of jaywalkers not being held accountable for their actions, China has decided to use facial recognition technology to publicly humiliate anyone who has jaywalked by publicly displaying their faces on large LED screens placed at interactions.

• This reply was modified 1 month, 3 weeks ago by  jreade. Reason: Fixed Link

[rileysperatiParticipant]

https://nakedsecurity.sophos.com/2018/03/29/facebook-revamps-security-privacy-settings-following-huge-data-scandal/

After facebooks data scandal they are changing things so it does not happen again. They are creating a new settings menu, new privacy shortcuts, and revised data downloads. With the revised data downloads you will be able to delete old posts that facebook has saved.

[djones06aParticipant]

https://thehackernews.com/2018/04/fastest-dns-service.html

Mohit Kumar of The Hacker News reported today on Cloudflare’s release of their privacy-first, free to use, DNS resolving services located on the easy to remember ‘1.1.1.1’. It also boasts to be one of the fastest DNS services available to the public.

[glesher16Participant]

https://www.securityweek.com/20-arrested-italy-and-romania-spear-phishing-scam

Twenty individuals have been arrested in Italy and Romania for their connection with a 2-year phishing scam investigation. Through this scam, it is estimated that about $1.23 million was handed over to the scammers who sent spear phishing emails (emails that look like the email is coming from a reliable source such as a bank or firm) posing as tax authorities to gain banking credentials.

[wpolnakParticipant]

This article was about a windows update had a huge flaw that lead to an easy way for hackers to access valuable information. I think this plays into how important updates are because no matter how hard they try to protect people, hackers still find a way. And updates are constantly fixing old updates.

[wpolnakParticipant]

I found this article to be very important. It talk about a recent event were a hacker attack the Baltimore 911 dispatch. this is important because this can hurt a lot of people that need to reach the police while someone in trying to pull a stunt.

[cspencer25aParticipant]

https://www.databreachtoday.com/memcached-ddos-attacks-95000-servers-vulnerable-to-abuse-a-10705?es_p=6403954

With the Memcached servers vulnerable, this makes way for a mass amount of abuse. The concentration of this abuse is in the United States and China, leaving companies and corporations vulnerable to mass DDoS attacks.

[rr1315Participant]

https://arstechnica.com/gadgets/2018/03/its-not-just-spectre-researchers-reveal-more-branch-prediction-attacks/

Data is vulnerable to being stolen from internal states of processors. It’s going to be a while before something like this isn’t possible to do.

[austinmarinoParticipant]

https://nakedsecurity.sophos.com/2018/03/29/boeing-hit-by-wannacry-reminding-everyone-the-threat-is-still-there/

Just when we thought the WannaCry ransomware was taken care of…

• This reply was modified 1 month, 3 weeks ago by  jreade. Reason: Fixed Link

[dalicaic25Participant]

https://nypost.com/2018/03/29/cybersecurity-experts-find-massive-flaws-in-grindr/
Experts of the app world have found out that a app called Grindr which is a gay dating app helped people find another person’s exact location with little to no expert knowledge of a app or a phone which is serious

[dalicaic25Participant]

https://www.technewsworld.com/story/85187.html

The united states was on fire from Russia because Russia was acting like they were pretending to be promoting African american businesses and they got caught.

• This reply was modified 1 month, 3 weeks ago by  jreade. Reason: Fixed Link

[dcopperwheat1Participant]

https://www.securityweek.com/3-biggest-malware-trends-watch-2018

Malware trends of 2018, living off the land aspect shows some problems with IT administrators becoming complacent about unused tools and attackers are utilizing those to hide the infection process.

[dzemlevichParticipant]

https://nakedsecurity.sophos.com/2018/03/06/big-bitcoin-heist-sees-600-icelandic-servers-stolen/

Around 600 servers being used for bitcoin mining have been stolen, being valued at about 2 million dollars, police are looking for the culprits by keeping an eye out for unusually spiked energy usage across Iceland.

• This reply was modified 1 month, 4 weeks ago by  CSIACAdmin.
• This reply was modified 1 month, 4 weeks ago by  CSIACAdmin.

[ttripp07Participant]

https://www.securityweek.com/big-business-bad-bots

It is no surprise that people are using bots for evil, but the number of them is what shocks me. The most surprising part is the ratio of bot to human traffic on the internet. We clearly need to do something, but if we were to, how can we filter out good bots from bad bots? There may not even be an answer.

[nrea13Participant]

https://www.securityweek.com/crypto-mining-rampant-higher-education

This article reveals how rampant crypto-mining has become in higher forms of education, compared to other sectors like health-care or government. Higher education has more low risk threats within their overall threats, which are related to crypto-mining. Targeting education are a popular target because student’s are not considered employees compared to the business world and generally are more bound to bring security threats and outside information from third parties which why so many threat are happening within this sector.

[craigbeachParticipant]

https://www.usnews.com/news/politics/articles/2018-03-08/report-little-progress-on-voting-security-ahead-of-2018-us-congressional-elections

Recall from one of my previous posts, the voting system of the United States is vulnerable in terms of Cyber-attacks. According to usnews.com, the United States has taken miniscule action in order to increase the security of our voting systems. According to a report from the Brennan Center for Justice – a “division of the New York University School of Law focused on democracy and justice issues” 41 out of 50 states have voting systems that are at least 10 years old, only three states since 2016 have revoked their voting systems. It is estimated that in 2018 and for at least the near future, 43 states will use voting systems that are discontinued/no longer manufactured, which imposes major security risks to these states.

[mmuya09Participant]

I chose this article because it really interest me & because I have an iPhone:Law Enforcement Claim they can bypass & unlock any iPhone model on the market.

https://www.forbes.com/sites/thomasbrewster/2018/02/26/government-can-access-any-apple-iphone-cellebrite/#1e122bd3667a

[rtmoranParticipant]

https://arstechnica.com/information-technology/2018/03/facebook-scraped-call-text-message-data-for-years-from-android-phones/?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axiosam&stream=top-stories

It has been revealed that, if not explicitly forbidden, Facebook has been collecting call and SMS metadata on Android users for years. While scanning through an archive facebook had collected of him, a New Zealand man, Dylan McKay had discovered nearly two years’ worth of phone call and SMS metadata from his Android phone residing within.

[nd14Participant]

https://www.securityweek.com/mozilla-isolates-facebook-new-firefox-extension

A new extension for Firefox isolates Facebook reducing its ability to track activity on other websites

[markParticipant]

https://www.theverge.com/circuitbreaker/2018/3/23/17155586/apple-foldable-iphone-oled-lg-screen-2020

Apple may have a new phone soon that revolutionizes how we use our mobile devices. Bendable phones that may never break, get scratched, and full waterproof.

• This reply was modified 1 month, 3 weeks ago by  jreade. Reason: Fixed Link

[markParticipant]

https://www.theverge.com/2018/3/22/17153050/walmart-patents-drone-shopping-assistants-smart-shopping-carts
This article shows the future of shopping for all Americans when it comes to shopping at Walmart. Walmart is bringing smart carts that work with your phones to communicate. Also they have come up with ways to manage inventory using robotics.

• This reply was modified 1 month, 3 weeks ago by  jreade. Reason: Fixed Link

[swoodworth31Participant]

https://www.bleepingcomputer.com/news/security/goscanssh-malware-avoids-government-and-military-servers/

Experts have found a new strain of malware that does its best to avoid military and government websites.

[craigbeachParticipant]

https://www.securityweek.com/ransomware-hits-city-atlanta

A possible variant of the “SamSam” ransomware has hit several “customer-facing applications” and some “internal services” in the city of Atlanta, according to securityweek.com. SamSam his hit two healthcare organizations this year. Atlanta’s Police department, water services, and airport(s) were left unaffected. Although, the affected services were demanded to pay in bitcoin, $6,800 for each system, or $51,000 to recover every system. Since Jan 27, the same hacker(s) account has collected $590,000. Mayor Keisha Bottoms suggests that customers and staff should monitor their bank accounts, and more importantly, secure them.

[zijad94Participant]

https://thehackernews.com/2018/03/carbanak-russian-hacker.html

Spanish Police has arrested the alleged leader of an organised Russian cyber-crime gang behind the Carbanak and Cobalt malware attacks, which stole over a billion euros from banks worldwide since 2013.

[djones06aParticipant]

https://thehackernews.com/2018/03/amd-processor-hacking.html

Previously announced CPU vulnerabilities for AMD’s RYZEN and EPYC series processors by CTS-Labs researchers have now been confirmed by AMD and steps are being taken to supply patches and updates to those effected by the aforementioned vulnerabilities.

However there has been controversy surrounding the way in which CTS-Labs disclosed information about the vulnerabilities to the public only shortly after informing AMD of such issues.

[zijad94Participant]

https://www.scmagazine.com/trickbot-banking-malware-has-new-trick-up-its-sleeve/article/753255/

Security reserachers have discovered that the Trickbot malware has been updated with you capabilities to evade detection and lock victim’s computers.

[smiles13Participant]

More developing news on the supposed hacker who began releasing the democratic committees documents. Following a mistake in forgetting to use a VPN sources were able to track the IP back into Moscow, Russia.

[smiles13Participant]

Atlanta city government is hit with ransomware attack. Currently demanding a payment of $6,800 to unlock each computer or $51,000 for provision of all keys.

[tcornish13Participant]

https://www.theverge.com/2018/3/21/17146764/venezuela-petro-cryptocurrency-russia

Venezuela’s crytocurrency has been supported by Russia since 2017, and has been used as a way to overcome US sanctions.

[awebb19Participant]

https://www.theverge.com/2018/3/21/17147652/netflix-bug-bounty-program-15000

Netflix has opened a bug bounty program to the public. The maximum payout is 15,000 if you are able to find any security bugs and point them out to the company. Samsung and Microsoft currently offer a similar program but with much higher payouts because the security risk to them is much higher than netflix.

[mgallimo30Participant]

Chinese Crooks Assembling Massive Botnet of Nearly 5 Million Android Devices
https://www.bleepingcomputer.com/news/security/chinese-crooks-assembling-massive-botnet-of-nearly-5-million-android-devices/

RottenSys has now infected almost 5 million android devices. The adware has taken on a deadly mutation allowing it to now be used as a botnet.

[rr1315Participant]

https://arstechnica.com/gadgets/2018/03/windows-server-2019-coming-later-this-year-out-now-in-preview/
A new Windows Server release is coming, called “Windows Server 2019.” The future is now.

[cspencer25aParticipant]

https://www.cso.com.au/article/635086/google-boosts-gmail-anti-phishing-defenses-tackle-bec-fraud/

Google has implemented a new defense against phishing attacks. This new model is aimed at businesses and to help prevent business email compromise (BEC) fraud.

[dzemlevichParticipant]

https://www.bleepingcomputer.com/news/security/city-of-atlanta-it-systems-hit-by-samsam-ransomware/

Ransomware is normally known to perpetually block access to a user’s data until the demanded money is transferred, well instead of individual users, there is a case in the city of Atlanta involving several local government systems being currently down due to a reported ransomware infection.

• This reply was modified 1 month, 3 weeks ago by  jreade. Reason: Fixed Link

[ttripp07Participant]

https://www.scmagazine.com/hackers-exploit-old-flaw-to-turn-linux-servers-into-cryptocurrency-miners/article/753144/

We’ve heard many stories about cryptojackers attacking phones and Windows machines, but it now appears that even Linux servers are being targeted. The exploit used is only possible on dated versions of Linux operating systems, but this shows how important it is to keep even Linux machines up to date.

[swoodworth31Participant]

https://www.bleepingcomputer.com/news/security/ddos-attacks-are-10-per-hour-on-the-dark-web/

A U.S. security firm has found the prices of many items on the Dark Web have increased slightly since 2015. A DDoS attack for an hour is $10, and North American documents cost more than other regions.

[glesher16Participant]

https://www.securityweek.com/netflix-launches-public-bug-bounty-program

Netflix is now using the Bugcrowd platform to give people money rewards of $100 – $15,000 for finding bugs and vulnerabilities in their services. To date, more than $200,000 has been reward to numerous white hat hackers and researchers and over 220 vulnerabilities have been patched.

[rileysperatiParticipant]

https://nakedsecurity.sophos.com/2018/03/22/how-siri-leaks-your-private-iphone-messages-and-how-to-stop-her/

Millions of people have iPhones and on all iPhones, Siri is connected. Siri is leaking the private information of their users, but this can be stopped if the iPhone users change their settings.

[mmuya09Participant]

this article is interesting to me because, the USA in accusing Russia for cyber attacks that can shut down power plants in the US and in Europe at anytime. they believe that Russia was doing this to prove that they can shut down the other nations power in a time of war or conflict

https://www.nytimes.com/2018/03/15/us/politics/russia-cyberattacks.html

[loperParticipant]

https://www.kali.org/news/kali-linux-in-the-windows-app-store/

he windows app store now has Kali Linux available for download. While it does have drawback to run it natively on a windows machine, it is now installable through 1 click.

[rtmoranParticipant]

http://securityaffairs.co/wordpress/70468/data-breach/frost-bank-security-breach.html
Suffering a major data breach, Frost Bank announced Friday, March 16 that a third-party lockbox software program the company uses was compromised, exposing check images which could be used to forge customer checks in the future.

[nd14Participant]

https://thehackernews.com/2018/03/expedia-data-breach.html

The credit card information of over 800,000 users may have been stolen from the orbitz website

[austinmarinoParticipant]

https://nakedsecurity.sophos.com/2018/03/21/bomb-hoax-sent-to-400-schools-blamed-on-warring-minecraft-gamers/

This article discusses the on going trend of bomb/shooting threats at schools. Regardless if it is a joke between friends on the internet, it is not taken lightly and be labeled as a cyber crime. Maybe people should start thinking before acting. Over 400 different schools were threatened because of childish behavior.

• This reply was modified 1 month, 3 weeks ago by  jreade. Reason: Fixed Link

[markParticipant]

https://www.theverge.com/2018/3/20/17144482/orbitz-data-breach-credit-cards

This article warns those who use the traveling website Orbitz not to use it at this time. They were basically hacked and data of everyone’s credit card information can possibly be stolen due to the data breach.

• This reply was modified 1 month, 3 weeks ago by  jreade. Reason: Fixed Link

[wpolnakParticipant]

I found this article to be interesting because so often people will click on anything when they search for something. This article talks about a fake amazon website that win appear at the top of your searches and if clicked on can infect your computer.

[wpolnakParticipant]

I thought this article was very interesting because it really shows how careful you need to be when it comes to saving passwords. It talks about how even a well known website like Firefox has its own security flaws.

[dcopperwheat1Participant]

https://www.securityweek.com/rise-ics-malware-how-industrial-security-threats-are-becoming-more-surgical

Nice history and perspective on Industrial control system attacks.

[corycl4Participant]

Scientist from Japan use AI to read minds, Computers able to see what your thinking. So basically how MRI’s work and when they look at your brain scans but now going a bit more in depth. So these machines are able to pick up and see like colors to a letter. Now by scanning your brain activity , recognizing different shapes they can see more in depth objects like animas and some parts of scenery can be lined. This can all be seen by computers of what your brain is visualizing, simultaneously .

http://www.alphr.com/technology/1008140/japanese-scientists-just-created-an-ai-that-can-read-human-minds

[corycl4Participant]

Chrome recent has a new feature for security that acknowledges if you’re the right user. It recognizes this by the way you put in your credentials. So almost like a key logger but for a positive use. So it keeps track of the time it takes for you to type in one key after the next.
https://nakedsecurity.sophos.com/2018/03/16/the-chrome-extension-that-knows-its-you-by-the-way-you-type/

[corycl4Participant]

The smart phone company blackberry teams up with Microsoft and utilizing their app office 365. This mere has been brought about to combine both companies users as well for other companies that use their services, in providing extra level security as well as everything both of the companies already offer. So in all growing their user base even farther.
https://www.geekwire.com/2018/microsoft-partners-blackberry-integrate-office-365-secure-mobile-app-technology/

[dcopperwheat1Participant]

https://www.securityweek.com/why-do-vast-majority-applications-still-not-undergo-security-testing

Great article about an ongoing problem with the app market. Poor coding practices and lack of good foundation is leading to a flood of attacks over the last year.

[djones06aParticipant]

https://thehackernews.com/2018/03/air-gap-computer-hacking.html

Using malware nicknamed MOSQUITO researchers were able to use ultrasonic waves emitted by speakers and/or headphones to transmit data from one air-gapped computer to another air-gapped computer.

[mgallimo30Participant]

The Leaked NSA Spy Tool That Hacked the World
https://www.wired.com/story/eternalblue-leaked-nsa-spy-tool-hacked-world/

Almost a year ago now the NSA tool Eternalblue is still running rampid around the world. Despite Microsoft releasing a patch for systems as far back as windows XP and Server 2003.

[tcornish13Participant]

https://www.securityweek.com/cortana-can-expose-enterprises-attacks-researchers-warn

Microsoft have discovered a way to use voice commands as a way to use a computers browser without having to have access/bypass any locked machine.

[austinmarinoParticipant]

https://nakedsecurity.sophos.com/2018/03/08/spyware-maker-shuts-down-surveillance-services-after-hacks/

This article talks about a company that has been hacked repeatedly since 2017 and finally calls it quits. Its quite funny and frustrating but if you visit their website and read the notice they have in bold red across their headline you’ll get a feel for how much this company has gotten attacked.

http://www.retinax.com/

• This reply was modified 1 month, 3 weeks ago by  jreade. Reason: Fixed Links

[glesher16Participant]

https://www.securityweek.com/microsoft-detects-massive-dofoil-attack

On Tuesday, March 6th, Microsoft’s anti-malware utility Windows Defender denied 80,000 separate cases of Dofoil (crypto-mining malware) malware. Versions of Windows that were protected include Windows 10, 8.1, and 7.

[cspencer25aParticipant]

https://thehackernews.com/2018/03/prevent-memcached-ddos.html

This article reads about what security researchers have been developing on the threat that is the Memcached server attacks. A kill switch has been discovered that could potentially help prevent DDoS attacks on large organizations. With the reoccurring threat, this makes some of the more damaging DDoS attacks less threatening to the civilian and business population alike.

[rtmoranParticipant]

https://www.kali.org/news/kali-linux-in-the-windows-app-store/

Kali Linux is now available in the Windows App Store.
Using the Windows Subsystem for Linux (WSL), users are now able to download and install Kali Linux through the Windows App Store. Kali is accessible to desktop users by Power Shell command line or by GUI desktop manager, such as, XFCE, via remote desktop.

[henryParticipant]

https://www.bleepingcomputer.com/news/security/microsoft-updates-guideline-on-windows-driver-security/
Microsoft has launched the instructions about how to safely secure Windows drivers. Drivers are very significant because most attackers aim to attack these parts to gain access.

[henryParticipant]

http://money.cnn.com/2018/02/14/technology/huawei-intelligence-chiefs/
In this article, FBI made an alert to the people in the U.S. to not buy smartphones made in China called Huawei. These smartphones are known to be stealing information and creating online threats even though Hwawei itself claimed that they have no intention to do such things like that.

[nrea13Participant]

https://www.securityweek.com/chrome-65-patches-45-vulnerabilities

Google’s newest patch included many patches from it’s previous versions but also adds a bit more bugs, including 27 vulnerabilities with 9 being security rated as a High risk, 15 being considered Medium risk, and 3 rated Low.

[zijad94Participant]

https://www.technewsworld.com/story/85184.html

The agreement aims to create smart camera standards and to develop a shared cloud infrastructure. Cameras with NICE specifications would store images and video in the cloud, with NICE handling standardized encryption and AI processing for object recognition.

[ttripp07Participant]

https://www.securityweek.com/triada-trojan-pre-installed-low-cost-android-smartphones

This article is about a trojan that is pre-installed on some low-budget android smartphones. This is incredibly dangerous as many people buy phones just for the sake of having a number to be contacted from, which makes these phones appealing to those who don’t care about getting much else out of their phones. These people are unlikely to have any idea of such malware existing.

[nd14Participant]

https://www.technewsworld.com/story/85094.html

SentinelOne has released a free, but not opensource, tool for linux systems to monitor meltdown attacks

[awebb19Participant]

https://www.scmagazine.com/millennial-habits-may-bring-an-end-to-the-password-era/article/746144/

Millennials are changing the way future authentication may be done. Millennials prefer convenience over security. More millennials are comfortable with other forms of authentication such as biometrics. Because of millennials relax attitude toward passwords and creating passwords this could be how we authenticate in the future.

[rileysperatiParticipant]

https://nakedsecurity.sophos.com/2018/03/05/worlds-largest-ddos-attack-thwarted-in-minutes/

Last week the largest DDoS attack hit GitHub but the defense against this attack was successful. The attack only lasted nine minutes and appeared to be a ransom attack.

[swoodworth31Participant]

https://www.bleepingcomputer.com/news/security/new-ddos-record-is-now-17-tbps/

Days after GitHub was hit with a 1.3 Tbps DDoS attack, a new record for the largest DDoS attack was set at 1.7 Tbps on a US service provider. DDoS attacks are estimated to reach 2 Tbps in the near future.

[plosiewiczModerator]

You beat me to it. New Memcache record DDS.

[mgallimo30Participant]

GITHUB SURVIVED THE BIGGEST DDOS ATTACK EVER RECORDED
https://www.wired.com/story/github-ddos-memcached/

Github was the recent victim of a DDoS of historic proportions. It it’s peak the attack was generating 1.35 TB of data with out using a botnet.

[djones06aParticipant]

https://thehackernews.com/2018/03/biggest-ddos-attack-github.html

Github was hit with one of the largest DDoS attacks on public record on February 28th. At its peak Github’s servers were receiving 1.35Tbps. The effect of this attack was reported to have been amplified by misconfigured Memcached servers.

On a lighter note:
https://www.nbcnews.com/tech/tech-news/girl-scouts-fight-cybercrime-new-cybersecurity-badge-n852971

Girl Scouts of the USA will be adding a Cybersecurity Badge. This will likely result in more young people taking an interest in Cybersecurity and other STEM sectors. As such we may see an influx of women working in varying tech fields in the years to come.

[jgray18bParticipant]

https://www.scmagazine.com/if-ransom-paid-in-bitcoin-cash-dont-expect-to-get-files-back/article/747460/

A ransomware named Thanatos is new to the scene and demands payments for unrecoverable files in the form of Bitcoin Cash. It encrypts a user’s files with a key, not saving said key, making it increasingly difficult to crack, and then claim that only they have the decode tool to decrypt it.

[austinmarinoParticipant]

https://nakedsecurity.sophos.com/2018/03/01/equifax-finds-another-2-4-million-americans-hit-by-breach/

This article discusses some details about a massive security breach that happened. A lot of confidential information had been stolen from Americans.

• This reply was modified 1 month, 3 weeks ago by  jreade. Reason: Fixed Link

[smiles13Participant]

After the cyber-attack of the 2018 Winter Olympic games it is believed that Russia was ultimately behind the attacks. Using a variety of methods to mask who actually initiated and carried out the attacks.

[smiles13Participant]

Using a vulnerability in rTorrent an attack has those infected (with Unix systems) installing cryptocurrency applications and mining Monero. So far the Profit is estimated at $43 a day with more expected growth, where the total estimated profit so far has been $3,900

[tcornish13Participant]

https://blog.avast.com/mobile-security-and-new-data-on-risk-of-banking-trojans

Avast and a collaboration of other teams found that it is becoming increasingly difficult to tell if an app is real or fake.

[rr1315Participant]

https://arstechnica.com/gadgets/2018/03/microsoft-will-soon-start-shipping-the-intel-spectre-microcode-fixes/

Microsoft is partnering with Intel and AMD to roll out CPU firmware updates. It’s called for, but rare is it not, that firmware gets updated? This to address the “Spectre variant 2” attack.

[craigbeachParticipant]

https://threatpost.com/fbi-warns-of-spike-in-w-2-phishing-campaigns/130057/

– According to the Federal Bureau of Investigation (FBI), there has been a large spike in W-2 phishing campaigns. Hackers tampering with W-2 forms puts victims’ privacy and personal information in jeopardy. In 2016, there were just over 100 cases of W-2 phishing. In 2017 there were over 900 according to the IRS. To extend the case further, over 200 employers were “victimized”, which potentially put hundreds of thousands of employees’ personal information and identities up for grabs for hackers.

• This reply was modified 1 month, 3 weeks ago by  jreade. Reason: Fixed Link

[craigbeachParticipant]

https://www.securitymagazine.com/articles/88786-ransomware-as-a-service-hackers-big-business

– A new trend for Cyber Security Criminals, Ransomware is a malicious software intended to lock a victim out of their computer files who is them prompted to pay a ransom to have their files unlocked by the hacker. If the ransom is not paid by the victim, the hacker can keep the files locked indefinitely. According to Security Magazine, a total of $25 million in ransoms were paid to Cyber hackers in the last two years. The standards for learning how to use Ransomware is seldom. Any person who has a basic knowledge of computer technology, can buy instructions on the Dark Web on how to inflict ransomware tactics on victims for only $39 according to Security Magazine.

• This reply was modified 1 month, 3 weeks ago by  jreade. Reason: Fixed Link

[cspencer25aParticipant]

https://hackaday.com/2018/03/01/memcached-servers-abused-for-ddos-attacks/

This article explains how Memcached servers are being used for Distributive Denial of Service attacks across the nation. There has been an increase in DDoS attacks within the past month, and there is a potential threat in these attacks worsening since Memcached servers are gaining popularity. This can lead to a massive DDoS, and wide-ranging attacks across the country.

[plosiewiczModerator]

The original Cloudflare article should be consifdered as well:

https://blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/

[craigbeachParticipant]

https://www.usnews.com/news/best-states/articles/2018-02-12/state-voting-systems-remain-vulnerable-to-hackers-ahead-of-midterm-elections-report-reveals

– According to United States News (US News), there are several vulnerabilities that could allow hackers to alter votes and vote count. In the 2016 election, several different hackers actually attempted to hack into 21 states’ voting systems and was successful with tampering with the voting system of Illinois. In fact, states are rated on how well they protect their elections from cyber attacks and machine malfunction. 23 states received a ‘C’, while 17 more received a ‘D’ or an ‘F’. States are working to re-stabilize this massive issue.

[rtmoranParticipant]

https://www.darkreading.com/mobile/new-android-malware-family-highlights-evolving-mobile-threat-capabilities/d/d-id/1331159

New mobile threat, RedDrop is making rounds among infected Android devices. Found within seemingly benign applications, RedDrop, once installed begins downloading at least seven more APKs embedded into the memory; each with their own malicious intent. Infected devices will begin uploading personal data to remote servers as well as SMS messaging a premium service while immediately deleting evidence – at high cost to the victim.

[nrea13Participant]

https://nakedsecurity.sophos.com/2018/02/27/unsecured-aws-led-to-cryptojacking-attack-on-la-times/

An interactive map within the LA Time’s website left in an unsecured state let cryptojackers to install foreign software to crypt currency with their hardware. They eventually fixed the problem and not much damage had been left but it goes to show if something like that could happen again and eventually be exploited into malicious use widespread.

[ttripp07Participant]

https://www.bleepingcomputer.com/news/security/the-rig-exploit-kit-has-forsaken-ransomware-for-coinminers/

This article explains the change in the trend of how those with malicious intentions plan to exploit users. In the case of this Exploit Kit, the focus has shifted from delivering ransomware to delivering cryptocurrency miners and information-stealing trojans in order to obtain their “easy money.” I find it surprising how much effort criminals put into discovering new methods of earning money in such nefarious ways rather than legitimate means. Is the effort really worth the risk?

[dzemlevichParticipant]

https://nakedsecurity.sophos.com/2018/02/26/insecure-cctv-feeds-of-kids-at-school-are-being-streamed-live-online

Cameras installed in UK schools by third parties and most likely not changing the default password leads to insecure CCTV feeds of students all over the school district.

[rileysperatiParticipant]

https://nakedsecurity.sophos.com/2018/02/28/making-private-browsing-more-private/

Browsing on the internet is not private and can be easily traced back to the user. A new server called Veil does not allow your privacy to be broken. Currently, this is only a prototype.

[glesher16Participant]

https://www.securityweek.com/samsung-smartphones-get-encrypted-communications

KoolSpan, a software company based out of Maryland, now has a partnership with tech giant Samsung to provide encryption for communication across their cellphones. This partnership is to help stop the problem of rising attacks on mobile devices.

[awebb19Participant]

https://www.bleepingcomputer.com/news/security/microsoft-updates-guideline-on-windows-driver-security/

Microsoft has released a new guide on driver security. It includes things like a security checklist, driver threat modeling, and many other things. This is important because drivers are a crucial attack surface to all operating systems.

• This reply was modified 2 months, 4 weeks ago by  awebb19.

[swoodworth31Participant]

https://www.bleepingcomputer.com/news/security/new-reddrop-android-spyware-records-nearby-audio/

New Android malware steals phone data like files, photos, and contacts, and can even record nearby audio. The goal of the malware is to subscribe the user to premium SMS services.

[mmuya09Participant]

This is interesting because an Apple Mac Malware(Coldroot) goes undetected/unnoticed for 2 years ( Malware can remotely take command of defensless computer and steal information like passwords) http://www.zdnet.com/article/coldroot-nasty-mac-trojan-went-undetected-for-years/

[plosiewiczModerator]

Great resource on Quantum Crypto from NIST:

https://csrc.nist.gov/publications/detail/itl-bulletin/2018/02/securing-information-through-post-quantum-cryptography/final

[markParticipant]

https://www.theverge.com/2018/2/26/17052802/apple-icloud-encryption-keys-storage-china

This article shows why people are worried about security because Apple is letting China store some Apple iCloud encryption’s.

[nd14Participant]

https://threatpost.com/fbi-warns-of-spike-in-w-2-phishing-campaigns/130057/

The FBI warns of phishing during the tax season

[zijad94Participant]

https://threatpost.com/revamp-of-pwned-passwords-boosts-privacy-and-size-of-database/130082/

The idea behind Pwned Passwords is to help organizations avoid using passwords that have previously appeared in a data breach or have been otherwise compromised in the past.

[zijad94Participant]

https://www.technewsworld.com/story/85155.html

AI challenges global security because it lowers the cost of conducting many existing attacks, creates new threats and vulnerabilities, and further complicates the attribution of specific attacks. Given the changes to the threat landscape that AI seems to bring, the report makes some high-level recommendations that companies, research organizations, individual practitioners, and governments can take to ensure a safer world.

[plosiewiczModerator]

Serious quantum computers are finally here. What are we going to do with them?
https://www.technologyreview.com/s/610250/hello-quantum-world/

[plosiewiczModerator]

https://spectrum.ieee.org/nanoclast/semiconductors/devices/memtransistor-forms-foundational-circuit-element-to-neuromorphic-computing

‘Memtransistor’ Forms Foundational Circuit Element to Neuromorphic Computing
Combining characteristics of a memristor with a transistor mimics the multiple synapses of neurons

[plosiewiczModerator]

http://newscenter.lbl.gov/2018/02/21/new-berkeley-lab-algorithms-create-minimalist-machine-learning-that-analyzes-images-from-very-little-information/

Berkeley Lab ‘Minimalist Machine Learning’ Algorithms Analyze Images From Very Little Data
CAMERA researchers develop highly efficient convolution neural networks tailored for analyzing experimental scientific images from limited training data

[plosiewiczModerator]

https://www.disa.mil/NewsandEvents/2018/SPIRNet-migration

DISA modernizes SIPRNet delivery, increases mission partner savings

The Defense Information Systems Agency (DISA) recently completed the Secret Internet Protocol Router Network (SIPRNet) Access Migration Project to improve and modernize the way mission partners connect to the SIPRNet and deliver cost reductions.

The project evolved the network from a point-to-point network to a virtual network, and increased the bandwidth capacity from 1G to 10G. It also reduced the size of the network, resulting in increased network efficiency, increased capacity, and improved survivability.

[mynameistrevorParticipant]

https://www.scmagazine.com/private-chats-and-user-accounts-could-be-exposed-by-tinder-security-bug/article/746145/

A program that let users link their facebook account to their tinder account has left attackers able to get into random tinder accounts with just a phone number or username. They did this by compromising “access tokens” from the users’ cookies.

[djones06aParticipant]

https://threatpost.com/fbi-warns-of-spike-in-w-2-phishing-campaigns/130057/

With tax season currently underway the FBI and IRS once again warn of a potential rise in Tax/W-2 related phishing schemes.

[pjsnell25Participant]

https://www.technewsworld.com/story/85126.html

iOS boot loader code was leaked earlier this week which deals a major blow to the security of iOS devices despite being an older version. This released code could aid hackers in jail breaking newer versions of iOS.

[corycl4Participant]

https://nakedsecurity.sophos.com/2018/02/22/another-baby-monitor-is-allowing-strangers-to-spy-on-children/

Recently an Austrian based Cybersecurity company reported that the MiSafes Mi-Cam for baby monitors can be easily hacked. All that is required for the hacker to do is change the request of the HTTP. One thing that can happen as a result of this, is to allow the hacker hear what is going on in the baby’s room. How they are able to do that is once the HTTP is changed they are able to get access to different accounts that are paired with the cameras. Additionally, the cameras are known to have outdated software susceptible to vulnerabilities.

• This reply was modified 1 month, 3 weeks ago by  jreade. Reason: Fixed Link

[austinmarinoParticipant]

https://nakedsecurity.sophos.com/2018/02/22/another-baby-monitor-is-allowing-strangers-to-spy-on-children/

Pretty disturbing to think that people are hacking into these webcams to lurk around and watch kids… These are being hacked through cloud server usernames, allowing the hacker to utilize this information to track attached devices.

[tcornish13Participant]

https://www.theverge.com/2018/2/22/17042544/tor-director-shari-steele-steps-down

The current director of the Tor Project has announced her resignation.

[tcornish13Participant]

https://www.theverge.com/2018/2/21/17036514/tinder-vulnerability-account-takeover-accountkit-login

Researchers recently published their findings that allowed tinder accounts to be taken over with just the phone number of the account owner needed.

[jgray18bParticipant]

https://www.scmagazine.com/tempted-cedar-spyware-spread-in-fake-kik-messenger-app/article/746148/

A type of spyware dubbed “Tempted Cedar Spyware” is being downloaded by users attempting to download the Kik messenger app. This spyware has been designed to steal a user’s information, once they have access; such as, device information and photos. They used fake Facebook profiles to attract people into downloading this Kik app from a 3rd part source.

[nd14Participant]

Downloadable content for Microsoft flight simulator came with embedded malware
https://web.archive.org/web/20180220010608/https://www.pcgamer.com/flight-simulator-expansion-installed-password-stealing-malware-as-drm/

[majdacivic27Participant]

https://nakedsecurity.sophos.com/2018/02/22/how-one-guy-could-have-taken-over-any-tinder-account-but-didnt/

If you had a working phone connected to Account Kits along with an active Tinder account Prakash could easily hack into your account with access to all information. Tinder is not the only thing he would be able to access it could be things such as Facebook also. Both of these sites are frequently used by many people.

[aaung01Participant]

In our society no one can deny that Google is the leader when there the time to provide information to people. Almost all of technology tools being inventing somehow using google service. Even, today’s hot webcam like, “Nest Cam IQ” can support a lot like a smart camera for smart people. However, its price is not cheap.

https://arstechnica.com/gadgets/2018/02/nest-cam-iq-gets-ok-google-support-lower-monthly-fee/

[aaung01Participant]

Keeping Companies’ important data is important and very complex. However, most companies somehow spend much more money for online cloud storage. But, at the same time, what we suppose to ask a clear question to ourselves is, is the online cloud, what we had paid for to protect ours’ information really secure enough? What about if not and or leaking or stolen by hackers?

https://www.scmagazine.com/enterprise-needs-right-architecture-to-secure-public-cloud/article/742251/

• This reply was modified 3 months ago by  jreade. Reason: Edited Link
• This reply was modified 3 months ago by  jreade.
• This reply was modified 1 month, 3 weeks ago by  jreade.

[markParticipant]

https://www.theverge.com/2018/2/19/17027570/volkswagen-id-vizzion-concept-car-geneva-motor-show

This article shows off Volkswagon and its new driverless car that doesn’t even have a steering wheel in it. It then goes to show off the new things coming along with the car and shows how it is one of the most technological cars coming out to date.

[rtmoranParticipant]

https://www.sec-consult.com/en/blog/2018/02/internet-of-babies-when-baby-monitors-fail-to-be-smart/index.html

With the adaptation of “smart” baby monitors, the conversation of convenience and privacy is being brought to the forefront. Vulnerabilities have been exposed with baby monitor brand, Mi-Cam, affecting more than 52,000 user accounts and monitor feeds; allowing unfettered access to monitors and user accounts.

[wpolnakParticipant]

https://www.scmagazine.com/teslas-unprotected-kubernetes-console-used-to-hijack-aws-servers/article/745474/

Tesla’s Amazon Web Server cloud system was hijacked by rogue cryptominers. RedLock researchers discovered an unprotected Kubernetes console, belonging to Tesla, that exposed access credentials to Tesla’s Amazon Web Services environment.

[wpolnakParticipant]

https://www.securityweek.com/google-researcher-finds-critical-flaws-utorrent-apps

Google researcher Tavis Ormandy discovered several critical vulnerabilities in the classic and web-based versions of BitTorrent’s uTorrent application. The flaws have been released and made public but, not all of the problems have been fixed yet.

[forkpahwuParticipant]

Intel has released a stable microcode to help address Spectre variant 2 attack on user computers.
https://arstechnica.com/gadgets/2018/02/intel-ships-hopefully-stable-microcode-for-skylake-kaby-lake-coffee-lake/

[nrea13Participant]

https://www.securityweek.com/intel-releases-spectre-patches-more-cpus

Intel releases a firmware update that patches the vulnerabilities Spectre exploited within their processors. These include, but not limited to Kaby Lake, Coffee Lake, and so on. However, this only levitates a certain variant of Spectre and Meltdown, as the second variant requires more updates to completely fix.

[glesher16Participant]

https://www.securityweek.com/global-cybercrime-costs-600-billion-annually-study

According to a new study, cyber crime costs have hit the $600 billion mark annual, with Russia being the worldwide leader in cyber crime. Ranked second and third are North Korea and Iran, respectively.

[henryParticipant]

http://www.zdnet.com/article/windows-security-well-delete-tools-that-bully-you-to-buy-upgrades-says-microsoft/

In this article, Microsoft promised to get rid of programs that force windows users to buy such upgrades or better versions. Microsoft stated, this kind of action is not acceptable and they are going to protect their customers in the future.

• This reply was modified 3 months ago by  henry.
• This reply was modified 1 month, 3 weeks ago by  jreade. Reason: Fixed Link

[mgallimo30Participant]

HACK BRIEF: HACKERS ENLISTED TESLA’S PUBLIC CLOUD TO MINE CRYPTOCURRENCY
https://www.wired.com/story/cryptojacking-tesla-amazon-cloud/

It was found that Tesla’s Amazon based cloud server was a recent target in the ever growing cryptojacking campaign. It was found by Red Lock when they were scanning the public internet for misconfigured and unsecured cloud servers.

[plosiewiczModerator]

https://www.reuters.com/article/us-un-guterres-cyber/u-n-chief-urges-global-rules-for-cyber-warfare-idUSKCN1G31Q4

A new discussion topic: Cyber Laws of War.

U.N. Secretary General Antonio Guterres called on Monday for global rules to minimize the impact of electronic warfare on civilians as massive cyber attacks look likely to become the first salvoes in future wars.

15 Years ago we discussed this in St Petersburg, RU. Not much progress has been made. Anyone looking for a great Estonian SME on this topic should search “Eneken Tikk-Ringas”.

[awebb19Participant]

https://www.theverge.com/circuitbreaker/2018/2/19/17029916/nintendo-switch-hack-linux-fail0verflow

Hackers from the collective group fail0verflow, have figured out how to run Linux operating system on Nintendo Switch complete with touchscreen support. fail0verflow says the bug theyre using to exploit the switch security system can not be patched on the current hardware.

[swoodworth31Participant]

https://www.bleepingcomputer.com/news/security/tesla-internal-servers-infected-with-cryptocurrency-miner/

Cryptocurrency mining malware has been installed on Tesla’s cloud servers after a breach in their system. It is mostly due to the fact that engineers forgot to set a password for the console.

[cspencer25aParticipant]

https://www.grahamcluley.com/apple-fixes-killer-text-bomb-vulnerability-new-update-ios-macos-watchos-tvos/

The vulnerability that was acknowledged Monday by Apple is now fixed across all their devices. From what Apple has released about the problem that occurred was, that there was a bug in the Unicode symbol, which was a part of the south Indian language, that would cause the devices to crash.

[rileysperatiParticipant]

https://nakedsecurity.sophos.com/2018/02/19/us-and-uk-condemn-russia-for-notpetya/

The NOtPetya cyber-attack accused that Russia were the people that were involved and many countries accused them. The problem is accusations only get you so far: no technical evidence against Russia has been found.

[ttripp07Participant]

https://www.scmagazine.com/exclusive-researchers-say-kaspersky-web-portal-exposed-users-to-session-hijacking-account-takeovers/article/745105/

A few recent vulnerabilities have been discovered on Kaspersky’s web portal. This left people vulnerable to brute force attacks and credit stuffing attacks among a few other vulnerabilities.

Ironically these vulnerabilities have occurred on a service created by a company dedicated to cyber security.

• This reply was modified 3 months, 1 week ago by  ttripp07.
• This reply was modified 3 months, 1 week ago by  ttripp07.

[rydilly17Participant]

https://www.scmagazine.com/staybridge-suites-lexington-hotel-hit-with-data-breach/article/744956/

The Staybridge Suites Lexington was notified of malware in a few of their POS devices resulting in a data breach. The types of devices infected are unknown, but we do know that customer names and credit card information was stolen.

[dzemlevichParticipant]

https://nakedsecurity.sophos.com/2018/02/12/cryptomining-script-poisons-government-websites-what-to-do/

Cryptomining scripts have made it to a whole heap of government websites. Web pages across the world that have been affected include the US, UK, and Australia.

[smiles13Participant]

https://arstechnica.com/information-technology/2018/02/a-potent-botnet-is-exploiting-a-critical-router-bug-that-may-never-be-fixed/

Satori, a Botnet that surfaced late last year in December has resurfaced again. Originally it had gained control of Routers made by Huawei and Realtek. And in Recent days has managed to infect routers made by Dasan Networks with the most recent count being at 13,700 infected.

[markParticipant]

https://www.bleepingcomputer.com/news/government/white-house-cyberattacks-cost-us-economy-between-57b-and-109b-in-2016/

This articles shows how much the economy spends on cyber attacks in the U.S. Then they also mention that data sharing is a big factor and they also explain what they do for there security after you throw there budget at them.

[jreadeModerator]

http://www.defenseone.com/technology/2018/02/international-hackers-find-106-bugs-us-air-force-websites/146057/

Air Force security hackathon leads to record payout and there were fewer vulnerabilities than last time. The Hack the Air Force 2.0 challenge from the end of 2017 resulted in volunteers discovering 106 vulnerabilities across roughly 300 of the USAF’s public websites.

[mynameistrevorParticipant]

https://www.scmagazine.com/researcher-claims-to-have-hacked-amazon-key-using-a-raspberry-pi/article/742797/

Amazon will issue a fix to the security problems they were having with “Amazon Key”. A man named MG posted a video a couple weeks ago showing how easy it is to bypass this lock by disrupting wifi connections. MG will not be posting how he did it until Amazon fully releases this fix.

[awebb19Participant]

Major new iOS bug can crash iPhones and disable access to apps and iMessages

Italian blog Mobile World has detected a bug in ios 11.2.5 that can crash your iphone as well as disable access to apps and messages. The issue is being addressed by apple in future updates before the release of ios 11.3 in the spring. The bug effects apps such as Whatsapp, facebook messenger, and Outlook for ios. It has not been found to effect skype and telegram however.

• This reply was modified 3 months, 1 week ago by  awebb19.

[dcopperwheat1Participant]

https://www.reuters.com/article/us-britain-russia-cyber-usa/white-house-blames-russia-for-reckless-notpetya-cyber-attack-idUSKCN1FZ2UJ

Not sure how much information can be released about the Notpetya attacks from Russia in 2017, maybe we can discuss methods of distribution or initial entry points to make sure we are on top of securing our networks. I am sure most of the information gathered on the attacks to Ukraine’s infrastructure isn’t cleared to express in depth, but maybe we can talk about some of the outer layers of the problems Notpetya exploited.

• This reply was modified 3 months, 1 week ago by  CSIACAdmin. Reason: Fixed Link

[austinmarinoParticipant]

https://nakedsecurity.sophos.com/2018/02/14/cryptocurrency-startup-loopx-exit-scams-with-4-5m-in-ico/

Just an article about how much bitcoin miners are actually stealing from people. Still kind of mind blowing that investors are sticking around with all of the controversy.

• This reply was modified 3 months, 1 week ago by  CSIACAdmin. Reason: Fixed Link

[majdacivic27Participant]

An average kid who was 15/16 at the time in England obtained information from the chief of the CIA about Iran and Afghanistan. He obtained this information from the comfort of his own home by easily pretending he was Brennan while calling companies like Verizon.

[rydilly17Participant]

https://www.technewsworld.com/story/85115.html

A startup company has discovered that wifi most wifi routers have known vulnerabilities that are being neglected by the manufacturers. Insignary conducted the scans during the last two weeks of November 2017. Its research and development team scanned 32 pieces of WiFi router firmware offered in the U.S., Europe and Asia by more than 10 of the most popular home, SMB and enterprise-class WiFi router manufacturers: Asus, Belkin, Buffalo, Cisco, D-Link, EFM, Huawei, Linksys, Netis and TP-Link.

[rileysperatiParticipant]

https://nakedsecurity.sophos.com/2018/02/12/you-have-five-months-to-switch-your-website-to-https/

This article explains why HTTP web connections are nearing the and and why HTTPS is the new priority for security.

[cspencer25aParticipant]

https://www.techrepublic.com/article/this-one-business-file-is-most-used-in-cyberattacks/

This article speaks about how businesses are coming under fire from malware attacks across the globe. The way that they are getting this malware is through scanning, downloading, and viewing PDF files that are infected and acting as Trojan Horses on the victim’s devices/machines.

[rtmoranParticipant]

A recently disclosed document suggests Equifax hack was worse than the company admitted. In addition to the theft of names, Social Security numbers, birth dates, and addresses; it is now revealed, hackers also made off with, tax identification numbers, email addresses, and phone numbers.

[zijad94Participant]

https://www.technewsworld.com/story/85126.html

Apple lawyers have sent a copyright violation notice to Github, following the publication of leaked iOS 9 source code on the site. Though iOS 9 is a dated version of the company’s mobile operating system, it’s possible that the leaked code could be used to jailbreak older devices or worse.

[ttripp07Participant]

“Now Cryptojacking Threatens Critical Infrastructure, Too”
https://www.wired.com/story/cryptojacking-critical-infrastructure/

This article explains the growing threat cryptojacking poses to industries as critical systems could be run at dangerous capacities. The potential problems such crimes pose include the slowing of services at best and system failure at worst where up-time can be crucial.

[glesher16Participant]

https://nakedsecurity.sophos.com/2018/02/14/watch-our-ads-or-well-use-your-cpu-for-cryptomining/

The news website “Salon” has been giving their web-visitors using an ad-blocker an ultimatum. They can either disable the ad-blocker to allow the site to run their ads or they keep the ad-blocker on and allow their internet browser to mine the cryptocurrency Monero as they explore the Salon website.

[zmasca29Participant]

https://www.technewsworld.com/story/85126.html

Just recently it was announced that apple released that their IOS 9 source code was leaked. They are worried that this will allow people to jail break older devices or worse. Lawyers for apple are involved and they are trying to control the leak. Currently IOS 11 is out which most people have or have IOS 10 so this helps its not the most recent source code leaked.

[sam25Participant]

https://www.scmagazine.com/confucius-cybergang-targets-south-asian-businessmen-military-personnel-and-others/article/744147/

Be careful hackers are using chatroom’s on valentines day to get users to install malware on their devices.

• This reply was modified 3 months, 1 week ago by  CSIACAdmin. Reason: Fixed formatting

[forkpahwuParticipant]

https://www.securityweek.com/zero-day-attack-prompts-emergency-patch-bitmessage-client

A major threatening due to Zero-Day attach as prompted the developer of PyBitmessage 0.6.2 to issue an emergency warning against the use of PyBitmessage 0.6.2 leading to Zero-Day on users with this version.

[forkpahwuParticipant]

https://www.securityweek.com/argument-against-mobile-device-backdoor-government.

The argument against government gaining backdoor access to individual mobile devices.

[swoodworth31Participant]

https://www.bleepingcomputer.com/news/security/rapid-ransomware-being-spread-using-fake-irs-malspam/

An attack called Rapid Ransomware is being distributed through a fake email address from the IRS. Once opened, the file locks the users files and must be bought back from the attackers.

[mgallimo30Participant]

“‘OLYMPIC DESTROYER’ MALWARE HIT PYEONGCHANG AHEAD OF OPENING CEREMONY”
https://www.wired.com/story/olympic-destroyer-malware-pyeongchang-opening-ceremony/

The Olympics have been under fire from a targeted worm named “Olympic Destroyer.” It’s believed that it was intended to take the entire opening ceremony offline, although it only temporally paralyzed systems the day of the ceremony.

[ncdova97Participant]

Fake Flashlight apps are installing adware in phones

https://www.scmagazine.com/new-adware-found-in-fake-flashlight-apps-with-dark-intentions/article/735089/

• This reply was modified 3 months, 1 week ago by  CSIACAdmin. Reason: Fixed issue with URL link

[dzemlevichParticipant]

https://www.bleepingcomputer.com/news/security/android-web-users-victims-of-cryptojacking-campaign/

Android mobile users are at risk at getting cryptojacked. Android users are being diverted to domains where a CAPTCHA appears for the user to answer, but here’s the trick, while the user is taking his/her time solving the CAPTCHA, the website loads and runs a cryptojacking script.

• This reply was modified 3 months, 1 week ago by  jreade. Reason: Fixed Link Formating

[mgallimo30Participant]

“A CLASSIC SCAM FINDS NEW LIFE STEALING BITCOIN ON TWITTER”
https://www.wired.com/story/classic-scam-steals-bitcoin-on-twitter/

Scammers are breathing new life into the give a little and get a lot scheme. Where they are impersonating verified twitter accounts and offering to give bitcoins in return for giving smaller amounts of bitcoins.

[djones06aParticipant]

https://thehackernews.com/2018/02/supercomputer-mining-bitcoin.html
Russian scientists working at a Russian nuclear research facility have been arrested for trying to use the facilities hardware to mine bitcoin. The scientists were found out after trying to connect the facilities supercomputer to the open internet.

[plosiewiczModerator]

We work with a few DOE labs….They would be interested in this! Not DOING it of course 🙂

• This reply was modified 3 months ago by  plosiewicz.

[pjsnell25Participant]

https://www.technewsworld.com/story/85115.html

The South Korean company Insignary has scanned 32 routers by more than 10 manufactures and discovered firmware exploits that have been know about for years have not been patched. They also say that Linux operating systems may be easier to exploit than Windows or iOS because of the many different versions of Linux that exist today. Security patches can not be pushed uniformly to all these versions at once.

[wpolnakParticipant]

https://nakedsecurity.sophos.com/2018/02/07/reddit-users-beware-its-evil-twin/

I found this article to be very interesting. It talks about a site called Reddit.com and a twin cite that has a very similar name called Reddit.co. it’s name is only different by one letter. It is set up as a twin to trick people into putting person information into the wrong cite. It is something that people need to be more aware of especially if it was a more serious web site.

[mynameistrevorParticipant]

https://www.scmagazine.com/researcher-claims-to-have-hacked-amazon-key-using-a-raspberry-pi/article/742797/

Amazon “Key” is a service that allows “In-home delivery” by allowing certain people to have permission to unlock your door via cellphone. A man on twitter, named “MG”, shared a video of how an attacker/intruder can use a “Break and Enter dropbox” to keep the door unlocked after an amazon delivery. Amazon stated that this is an issue with wifi protocol, not the amazon software.

[swoodworth31Participant]

https://www.bleepingcomputer.com/news/security/scammers-use-download-bombs-to-freeze-chrome-browsers-on-shady-sites/

This article says that scam websites have found a trick that freezes the visitors’ browser by initiating thousands of download operations. Visitors then panic and call a number on the screen to a scam tech support line.

[rr1315Participant]

https://www.databreachtoday.com/us-data-breaches-hit-all-time-high-a-10622

This article has graphs showing how people’s personal information was stolen, plus what types of institutions it was taken from. There is a citation for the claim in the article title; apparently this was a bad year.

[cspencer25aParticipant]

http://www.zdnet.com/article/this-phishing-trick-steals-your-email-and-then-fools-your-friends-into-downloading-malware/

This article talks about the increase in intensity of phishing attacks and the theft of many email accounts. These attacks are directed to people whom conversate via email, and the desired outcome is to spread malware with the email accounts that are compromised.

[craigbeachParticipant]

http://www.securityweek.com/stealthy-data-exfiltration-possible-magnetic-fields

Researchers from a university in Israel have developed two types of malware concepts capable of obtaining information by the use of magnetic fields. These types of malware are capable of obtaining information, even if the device with the information is in a Faraday cage, or is on airplane mode.

• This reply was modified 3 months, 2 weeks ago by  jreade. Reason: Edited link
• This reply was modified 3 months, 1 week ago by  CSIACAdmin.
• This reply was modified 1 month, 3 weeks ago by  jreade.

[jreadeModerator]

https://www.infosecurity-magazine.com/opinions/ai-workplace-digital-assistants/

Digital assistants like the Amazon Echo and Google Home have exploded in popularity over the last couple of years, making their way into more and more people’s homes, and are starting to make the transition to the business world. Journalist Sage Singleton examines the potential implications of business use of artificial intelligence (AI) for privacy and security. Since AI tools use voice recognition to function, they are always listening even when not in use, which could easily allow corporate espionage and identity theft. Additionally, since devices may not use end-to-end encryption, data could be vulnerable to third-party mining. Singleton outlines these concerns and potential solutions and steps for protecting your business from attack.

[nrea13Participant]

http://www.securityweek.com/windows-10-ransomware-protection-easily-bypassed-researcher-says

This article goes over what a researcher has uncovered about exploits with ransomware through Windows Defender Exploit Guard that was added in the Windows 10 Falls Creators Update. They found that people can bypass the new system by using authorized apps like Office to access the data in whatever manner they can.

[tcornish13Participant]

http://www.securityweek.com/automation-software-flaws-expose-gas-stations-hacker-attacks

A flaw in a fuel automation software called SiteOmat was discovered by Kaspersky. Allows even the most basic hacker to gain access to financial information from the pump.

[awebb19Participant]

HP’s new EliteBooks have a built-in webcam cover for privacy

This article talks about the new HP laptops that are coming out. They are geared towards IT departments to buy an abundance of, and include security features such as a webcam cover to protect you from unwanted viewers when you are not using the webcam.

[plosiewiczModerator]

https://thehackernews.com/2018/02/cyber-espionage-asia.html

This article describes a business model evidently used by both NK and China. Anyone know of any sources that have actually calculated an ROI for a bit-mining botnet?

[dcopperwheat1Participant]

https://threatpost.com/covert-data-channel-in-tls-dodges-network-perimeter-protection/129779/

Some nice research done by Fidelis about cyptography and a way to sneak data through cert exchanges. Transport Layer abuse from within the cert could be undetected because the certs don’t show data exchange on session establishment.

• This reply was modified 3 months, 2 weeks ago by  CSIACAdmin. Reason: Edited link

[plosiewiczModerator]

Following up on the last Digest articles on covert crytptocurrency mining, a piece on how to protect an enterprise network from enslavement.

https://thehackernews.com/2018/02/cryptocurrency-mining-threat.html

[mark777mParticipant]

https://www.bleepingcomputer.com/news/security/more-uk-teens-involved-in-hacking-than-gangs/

This article shows the statistics of teenagers that hack in the U.K and everyday the number is rising. It warns us about the dangers of hacking and shows that it is one of the top crimes committed in the U.K today.

[ttripp07Participant]

http://www.securityweek.com/crypto-mining-botnet-targets-android-devices

This article describes a recent attack on Android devices with an open ADB port. This particular attack was a crypto-mining botnet. I find this particularly interesting since I just recently had my ADB port open. Thankfully my phone was not infected but 5,500 other devices were not as lucky.

[nd14Participant]

https://nakedsecurity.sophos.com/2018/01/12/police-give-out-infected-usbs-as-prizes-in-cybersecurity-quiz/

The national police in Taiwan accidentally handed out malware infected flash drives as prizes at a data security expo.

[henryParticipant]

Today in our our society, most people love to use technologies but have no idea how to protect their information. There’s a group called “NCSA”, which can lead people how to use and better protect their information.

[jreadeModerator]

I think you are referring to the National Cyber Security Alliance’s website, Stay Safe Online https://staysafeonline.org/, which aims to make the internet safer and more secure for everyone.

[rtmoranParticipant]

https://thehackernews.com/2018/01/cryptocurrency-mining-malware.html

Botnet Smominru, also know as Ismo, using the EternalBlue exploit – the same NSA exploit leaked by the hacking group, Shadow Brokers- is being used to secretly mine crypto-currency, Monero, on more than 526,000 affected Windows devices.

[nmaidaParticipant]

Great topic. We will be adding a similar article that talks about this in the latest digest. Thank you! Do you see this type of attack continue to grow and become more sophisticated and how do you know if someone is mining cryptocurrency on your machine?

[aaung01Participant]

https://www.scmagazine.com/malicious-chrome-and-firefox-extensions-prevent-removal-to-hijacks-browsers-to-drive-youtube-clicks/article/738310/

Virus extension of “Google Chrome & Fire Fox” are horrible. They are difficult to delete & users are easily get control by and have much more risk to deal with other unfamiliar adds.

[dzemlevichParticipant]

https://nakedsecurity.sophos.com/2018/01/23/how-a-teen-used-social-engineering-to-take-on-the-fbi-and-cia/

Teen uses social engineering to bypass personal security questions to go up against the CIA. Great example for other organizations to not make the same embarrassing mistake.

• This reply was modified 3 months, 3 weeks ago by  jreade.

[nmaidaParticipant]

Shows that it doesn’t take much technical expertise to gain access to some of the elites. It is important for organizations to have policies and training in place so every employee understands the consequences.

[ncdova97Participant]

https://www.technewsworld.com/story/85095.html

Organizations are paying off attackers using ransomware and not doing anything to bolster security to prevent future attacks

[djones06aParticipant]

Source: https://thehackernews.com/2018/01/coincheck-cryptocurrency-heist.html

The recent hack of a Tokyo based cryptocurrency exchange by the name of Coincheck leaves the exchange at an over half a billion dollar loss. Coincheck has yet to release a statement as to how this hack occurred.

[nmaidaParticipant]

Thank you for your suggestion! This event will be covered in our latest digest issue (06-Feb-2018). A lot of cryptocurrency topics have been in the news lately. Hot topic.

[austinmarinoParticipant]

https://blog.avast.com/arenavision-mines-cryptocurrency-monero-using-visitors-browsers-without-their-knowledge

This article discusses some recent issues about bitcoin mining through popular websites. As a stock market investor, crypto-currencies are not something I trust my money going into and situations like this is why. Maybe you will think the same after reading this.

[zmasca29Participant]

https://thehackernews.com/2018/02/flash-zero-day-exploit.html

This article basically states how unprotected adobe flash player is, and the fact that North Korea is using there hackers to try and target windows users in South Korea. Hauri of North Korea first stated on twitter how they have been trying to use this behavior since November.

[glesher16Participant]

http://www.securityweek.com/wannamine-malware-spreads-nsa-linked-exploit

A piece of malware nicknamed “WannaMine” (used for crypto-mining Monero, which is used on the Black Market) has been spreading due to a reportedly leaked tool (EternalBlue) that has been linked to the NSA. EternalBlue was leaked to the public in 2017.

[mmuya09Participant]

http://www.wired.co.uk/article/ai-cyberattack-mike-lynch

After reading this interesting article it makes me wonder if humans should continue improving AI to the point that they become smarter than humans or somehow replace us or should is the advancement in technology such as AI that we have now good enough ?

[nmaidaParticipant]

Thank you for your suggestion! This article was included in the 09-Jan-2018 issue. I believe the most important sentence from this article is this: “Today cyber-attackers are using AI technologies that help them not only infiltrate an IT infrastructure, but to stay on that network for months, perhaps years, without getting noticed.” The AI is learning the environment and behavior of the networks to better hide itself from detection while exploiting a vulnerability.

[rileysperatiParticipant]

https://nakedsecurity.sophos.com/2018/02/01/hospital-mri-and-ct-scanners-at-risk-of-cyberattack/

There is a weakness in MRI and CT scans that relies on Windows XP and when they are hacked the scans can be manipulated and be changed.

[zijad94Participant]

http://www.independent.co.uk/life-style/gadgets-and-tech/news/youtube-ads-monero-bitcoin-alternative-hackers-earn-slow-computers-operating-systems-a8183576.html

It’s been reported that malicious YouTube ads slow down computers by using computer processing power for mining cryptocurrency. I think I have noticed this on my computer because for a day it was running unusually slow and getting warm quicker than usual, so I really think this article is really interesting.

[cshelly24Participant]

https://www.bleepingcomputer.com/news/security/teen-sentenced-8-years-in-prison-for-buying-bomb-on-the-dark-web-to-kill-parents/

A teenager from the United Kingdom, Gurtej Randhawa, attempted to buy a car bomb off of the dark web to kill his parents, fearing they would make him end his relationship. He was unaware of the fact it was actually an undercover agent. He denied his intentions of using the bomb to cause harm, but after the jury was informed he was actually observed trying to test the bomb, he was sentenced to 8 years in prison.

[CSIACAdminKeymaster]

Thank you for your suggestion, the article will be looked at for inclusion in the next CS Digest Issue.

[vijaygaParticipant]

Please include an update on the NIST CSF 1.1.
Here is good article on this topic
https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/5-key-updates-to-version-1-1-draft-2-of-nists-cybersecurity-framework/

• This reply was modified 4 months, 3 weeks ago by  vijayga.

[CSIACAdminKeymaster]

Thank you for your suggestion. Your suggested article was included in this CS Digest Issue: https://www.csiac.org/cs-digest/09-jan-2018/ It was also the most popular article and was included as such in this CS Digest Issue: https://www.csiac.org/cs-digest/23-jan-2018/

[kevinc810Participant]

I found a recent article in the Utica’s local paper, The Utica Oneida Dispatch, on ways to improve cyber security within a company. This article is targeted at companies but many of this information could be used in the personal setting. This articles simplicity may be useful for new companies, businesses, and students. Thank you for your time.http://www.uticaod.com/business/20170912/7-steps-to-improve-cybersecurity

[jreadeModerator]

@kevinc810, I read through the article. While it does offer some good tips and practices, it seems to be an advertisement for Citrix ShareFile. Also it doesn’t list who the author of the article is. Thanks for sharing with the group though.

[alusby16Participant]

https://www.usatoday.com/story/tech/2017/09/12/how-did-equifax-breach-happen-here-some-answers-and-some-questions/658343001/

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2

Hopefully I actually submit the links I want to this time! I was reading up on the Equifax breach. Turns out it’s from vulnerabilities in Apache struts. Sounds like also that it was probably from poor security practices, at least according to the article at the first link from USA Today. The second link is a Cisco security advisory about some of the vulnerabilities. I found the details section particularly interesting, as well as affected equipment

[CSIACAdminKeymaster]

Thank you for your suggestions. We will review the articles for potential inclusion in the CS Digest. Thank you for contacting the CSIAC.

[nirmalkantParticipant]

As a part of cyber security updates, tips and trick, I follow news.ycombinator.com and gotowebsecurity.com. I am also looking for CS Digest subscription.

[CSIACAdminKeymaster]

Thank you for your suggestions. You can subscribe to get the CS Digest in your email by setting your subscription preferences here: https://www.csiac.org/subscription-manager/ (Requires Registration/Login) The archived CS Digest issues are also available here: https://www.csiac.org/cs-digest/

[alusby16Participant]

Vigilante Hacker Uses Hajime Malware to Fight with Mirai Botnets
Thought this was interesting, kind of short though.

[CSIACAdminKeymaster]

Thank you for your suggestion. We may include this article: https://arstechnica.com/security/2017/04/vigilante-botnet-infects-iot-devices-before-blackhats-can-hijack-them/ in the next issue of the CS Digest.

[Author]

Replies