Cyber Attacks, Threats, and Vulnerabilities

‘Rocket Kitten’ and the state-backed hackers that reportedly conduct economic spying on the US (Fifth Domain)

Chinese theft continues in cyberspace as new threats emerge, U.S. intelligence officials warn (Washington Post)

RANCOR Threat Group Leverages New Malware Strains in Targeted Espionage Attacks (Security Intelligence)

How Russian hackers tricked people into giving their passwords (Federal Times)

Russian Hackers’ New Target: a Vulnerable Democratic Senator (The Daily Beast)

Flashpoint - Malware Loaders Continue to Evolve, Proliferate (Flashpoint)

SoftNAS Cloud OS Command Injection (SecureAuth + Core Security)

Recently Patched Oracle WebLogic Flaw Used in Active Attacks (Security Boulevard)

Bugs in Samsung IoT Hub Leave Smart Home Open To Attack (Threatpost)

Vulnerability Spotlight: Multiple Vulnerabilities in Samsung SmartThings Hub (Talos Blog)

Yes, Google's Security Key Is Hackable (KnowBe4)

Stealth Mango Proves Malware Success Doesn't Require Advanced Tech (Dark Reading)

Credential theft – the Monster Cache (LinedIn)

Cyber attack on COSCO Shipping not confined to North America (MarineLog)

Ransomware-hit Cosco turns to Yahoo and Facebook to keep in touch - The Loadstar (The Loadstar) 

SingHealth cyber attack: Delinking PCs from Internet causes some inconvenience to patients (The Straits Times)

Top Ten Ways Atlanta's Ransomware Attack Affected Cybersecurity (Infosecurity Magazine)

The demand for hacking tools and malware is greater than the current supply (Yahoo)

Russian Hackers Appear to Shift Focus to U.S. Power Grid (New York Times)

With hacking of US utilities, Russia could move from cyberespionage toward cyberwar (Fifth Domain)

The age of cyberwar is here. Now, citizens need to have a say (the Guardian)

Iranian Cyber Activity Rising: Leafminer, OilRig Leading the Way (Latest Hacking News)

New Iran-based APT uses NSA exploits in its malware arsenal (iTWire)

With China’s help, Cambodia strongman set to extend 33-year rule (PostBulletin.com)

By-elections are cyber-attack free: AEC (NewsComAu)

Democratic Sen. McCaskill confirms Russian hacking attempt (Fifth Domain)

Russian Hackers Targeted The Most Vulnerable Part Of U.S. Elections. Again (WAMU)

An official now says Russian hackers targeted this state’s 2016 election (Fifth Domain)

Economic cyber espionage will only get worse, ODNI report say (FCW)

How Silicon Valley Became a Den of Spies (POLITICO Magazine)

US warns of supply chain cyber-attacks (BBC News)

British ex-spies warn of risks dealing with Chinese telecom Huawei (ABC News)

State Govts. Warned of Malware-Laden CD Sent Via Snail Mail from China (KrebsOnSecurity)

‘Petty cybercriminals” adopt advanced supply chain attacks (CSO)

Brace for PowerGhost cryptominer, warns Kaspersky Lab (ComputerWeekly.com)

Malware Author Building "Death" Botnet Using Old AVTech Flaw (BleepingComputer)

Where Posting Selfies on Facebook Can Get You Killed (Wall Street Journal)

Naval Dome warns of continuing threat from Cosco cyber attack (Seatrade Maritime)

Nerves jangled by new ransomware attack on shipping giant (Naked Security)

COSCO's cyber attack and the importance of maritime cybersecurity (FreightWaves)

NetSpectre: Read Arbitrary Memory over Network (Graz University of Technology)

LifeLock Breach Highlights Weak Web App Security (Infosecurity Magazine)

UMB collaborates with security forces to foil cyber attack (Ghana Web)

Telstra emails exposed in search error (CRN Australia)

Russia has compromised the US grid this year (Control Global)

Fake Monitors Endorse Cambodia's Sham Election (Foreign Policy)

Russians Are Targeting Private Election Companies, Too — And States Aren’t Doing Much About It(FiveThirtyEight)

Hackers Target Senators, Political Parties Frequently, Shaheen Says (Roll Call)

Analysis | The Cybersecurity 202: Doctored videos could send fake news crisis into overdrive, lawmakers warn (Washington Post)

What are deepfakes? How and why they work (CSO Online)

Russian Jamming Poses a Growing Threat to U.S. Troops in Syria (Foreign Policy)

Busting The Green Door: Army SIGINT Refocuses On Russia & China (Breaking Defense)

Shadowy Mastermind Plays Online Advertising System to Spread Malware (Computer Business Review)

A Malvertising Campaign of Secrets and Lies (Check Point Research)

New version of AZORult stealer improves loading features, spreads alongside ransomware in new campaign (Proofpoint)

This new cryptomining malware targets business PCs and servers (ZDNet)

Intel’s chip vulnerabilities don’t bode well for the spread of ransomware (Medium)

Microsoft Discovers Supply Chain Attack at Unnamed Maker of PDF Software (BleepingComputer)

Inside SamSam: A Step Forward for Ransomware? (Infosecurity Magazine)

Hackers find creative way to steal $7.7 million without being detected (Ars Technica)

Steam Pulled an Indie Game Accused of Being an Elaborate Cryptocurrency Mining Scam (Motherboard)

Crypto Mining: Google’s Play Store Joins Apple in Banning Mining Apps (CoinCentral)

Activist Publishes 11,000 Private DMs Between Wikileaks and Its Supporters (Motherboard)

Dixons Carphone breach: 10 times as many victims as first thought (Computing)

Cyber attack: UnityPoint says 1.4 million affected in phishing scam (Waterloo Cedar Falls Courier)

1.3 million online fashion shoppers exposed after data breach at UK ecommerce provider (Graham Cluley)

F Secure Oyj : Spam Is Still the Choice of Online Criminals, 40 Years Later (4-Traders)

Analysis: Reported data breaches in Australia (Help Net Security)

Kremlin Hackers Take Aim at the Swiss Lab That’s Working the Skripal Poisoning Case (Defense One)

Russische Hacker greifen Labor Spiez an (Blick News-App)

Facebook Pulls Fake Accounts That Mimic Russian Tactics Ahead of Election (Wall Street Journal)

Facebook says it has uncovered a coordinated disinformation operation ahead of the 2018 midterm elections (Washington Post)

These Are the Pages Facebook Says Are Part of a ‘Coordinated’ Effort to Influence the Midterm Elections (Motherboard)

So Our Voting Machines Are Extremely Easy to Hack? (Esquire)

Finland and the Bear (Foreign Policy)

Phone scam exploits Russian hacking fears (Graham Cluley)

Powerful Smartphone Malware Used to Target Amnesty International Researcher (Motherboard)

NSO Group Infrastructure Linked to Targeting of Amnesty International and Saudi Dissident (The Citizen Lab)

SamSam: The (almost) $6 million ransomware (Naked Security)

Leaky radio devices broadcast chipset data, discover researchers (Naked Security)

When Cameras and Routers attack Phones. Spike in CVE-2014-8361 Exploits Against Port 52869 (SANS Internet Storm Center)

NSA hasn’t closed security windows Snowden climbed through (Naked Security)

How the SamSam attacker stole millions from US companies (Help Net Security)

Android apps infected with umm... *Windows* malware (Graham Cluley)

Google Researcher Unpacks Rare Android Malware Obfuscation Library (Dark Reading)

Cryptojacking for beginners – what you need to know (Naked Security)

Social Security Numbers Accessed in Yale Data Breach (NBC Connecticut)

Spam Campaign Abusing SettingContent-ms Found Dropping Same FlawedAmmyy RAT Distributed by Necurs (TrendLabs Security Intelligence Blog)

Porn-warning security scam hooks you up to “Apple Care” (Naked Security)

Espionage and Athletics is More Apparent than You Think (CyberDB)

FTC Warns Citizens About Government Imposter Scams (Nextgov.com)

Advanced Persistent Threat: Mat-Su Borough, Valdez fighting highly sophisticated cyber attack (KTUU)

Staff dust off their typewriters after malware attack (Naked Security)

Over 600K Shoppers Affected by E-commerce Security Incident (Infosecurity Magazine)

Clarksons reveals details of cyber attack and blackmail (TradeWinds)

Update on 2017 Data Breach – Regulatory Notice (Clarksons)

Cyber Trends

Same web-based vulnerabilities still prevalent after nine years (Help Net Security)

Security Vulnerability Concerns Skyrocket as Neustar’s International Cyber Benchmark Index™ Hits Record High (BusinessWire)

New Survey by Perception Point Finds that 80% of IT Decision Makers Believe the Most Popular "At-Work" Apps are Among the Most Vulnerable to Cyberattacks (PRNewswire)

Business leaders concerned about security, data backup is a key opportunity (Help Net Security)

The primary email security challenge enterprises face is trust (Help Net Security)

Most organizations investing in AI, very few succeeding (Help Net Security)

Trend Micro Survey Confirms A Disregard for the Risk of an IoT Breach and Finds Loss of Trust As Biggest Potential Consequence (Financial Post)

“Naïve” Australian companies know supply chains create security problems, but aren’t fixing them(CSO)

'Identity Has Become the Perimeter': Oracle Security SVP (Dark Reading)

268 Simulated Cyberattacks By Rapid7 Shows 84% Of Engagements Exploited (Information Security Buzz)

Risks grow, yet security is still an afterthought in many IoT strategies (Help Net Security)

Symantec: Financial cyberattacks are on the rise (Fifth Domain)

Where Did the Concept of 'Shadow Banning' Come From? (Motherboard)

Managed security: a big gamble for Aussie IT providers (CRN Australia)

The Western Illusion of Chinese Innovation (Project Syndicate)

US retailers lead world in data breaches (Retail Dive)

If we fight cyberattacks alone, we’re doomed to fail | Eugene Kaspersky (the Guardian)

Most Organizations Risk Breaches Due to Gap Between Identity and Cybersecurity Silos(GlobeNewswire News Room)

Marketplace

Tenable up 32% at closing on first day of IPO (Washington Business Journal)

Facebook Suffers Worst-Ever Drop in Market Value (Wall Street Journal)

Facebook Just Learned the True Cost of Fixing Its Problems (WIRED)

How years of privacy controversies finally caught up with Facebook (Washington Post)

Twitter’s stock plunges more than 19 percent after reporting drop in user numbers (Washington Post)

Imperva to Acquire DevOps Security Leader Prevoty (BusinessWire) Imperva to Acquire DevOps Security Leader Prevoty

Cyberfort Software (CYBF) Prepares to Expand Through Acquisition (GlobeNewswire News Room)

MACH37 Cyber Accelerator Opens Applications for Fall 2018 Session (GlobeNewswire News Room)

Barracuda Accelerates Growth in Email Protection and Expands Customer Base to More Than 50,000(Barracuda)

SonicWall bullish as rival Sophos flounders in NSS Labs test (CRN)

Acronis Announces Technology Partnership with Arsenal Football Club (AsiaOne)

Awake Security Names Former Cylance CTO Rahul Kashyap as CEO (BusinessWire)

JASK Appoints Dave DeWalt as Vice Chairman of Board of Directors (JASK)

Cylance Tech Chief Leaves to Helm Cyber Startup (Fortune)

Lockpath Announces Four Executive Promotions (Markets Insider)

Pentagon Creates ‘Do Not Buy’ List of Russian, Chinese Software (Defense One)

ZTE Racks Up $790M Q1 Loss on US Ban (Light Reading)

‘Very tight controls over Huawei security’ (Times)

Cybersecurity stocks roughed up in high-expectations earnings season (MarketWatch)

Twitter vows to continue spam fight despite negative impact on user numbers (TechCrunch)

Facebook trips on its own moderation failures (TechCrunch)

Opinion | The ghost of MySpace haunting Facebook and Twitter (Washington Post)

Is Fortinet Built for Long-Term Growth? (The Motley Fool)

Tenable: Exciting Cybersecurity IPO (Seeking Alpha)

Proofpoint reports Q2 beats; cyber stocks slide on Imperva miss (Seeking Alpha)

CrowdStrike Raises $200M To Gain Share From McAfee, Symantec In $35B Market (Forbes)

2 Cybersecurity Names For Contrarian Stock Traders (Forbes)

Comodo CA Achieves Significant First Half 2018 Revenue Growth and Rapid Expansion into IoT and Web Security Solutions (GlobeNewswire News Room)

Exclusive: Fast-growing cybersecurity company moves into new Emeryville headquarters (San Francisco Business Journal)

EZShield Executive Team Grows, John Evans Named New Executive Vice President of Sales (Markets Insider)

Security Industry Association Seeks Nominations for 2018 George R. Lippert Award | Security Industry Association (Security Industry Association)

How to Get the Most Out of DEF CON and Black Hat 2018 (Security Intelligence)

CEO guidance: Handling dynamic change in the cybersecurity industry (Help Net Security)

How Canada can close the cybersecurity talent gap (The Globe and Mail)

Tenable: Tempting And Able But Not Quite Yet (Seeking Alpha)

Leading SOAR Provider D3 Security Closes FY2018 with Record Growth; Doubles Revenue and Employee Count (BusinessWire)

GE Puts Digital Assets on the Block (Wall Street Journal)

Alibaba Shares Remain Out of Reach in China, For Now (Wall Street Journal)

Banking Industry Veteran and Tech Investor Jay Mandelbaum Joins BioCatch Board of Directors(BioCatch)

Caveonix Appoints Seasoned Cybersecurity Veterans Tom Noonan and Tom McDonough to its Board of Directors (PRNewswire)

Products, Services, and Solutions

New infosec products of the week​: July 27, 2018 (Help Net Security)

MonsterCloud Debuts Free Ransomware Removal Program for Law Enforcement Agencies(BusinessWire)

1BTC Locked Files Can Now be Recovered using BitDefender's Decryptor (Appuals.com)

Cynash Introduces Cybersecurity Solution For Industrial Control Networ (PRWeb)

Bricata Delivers New Network Security Options for the Cloud (Bricata)

SentinelOne announces general availability of Central Park console (Help Net Security)

DataStax launches commercial Kubernetes application to Google Cloud Platform Marketplace users(Help Net Security)

Entrust Datacard TruCredential ID creator software goes mobile (Help Net Security)

Dashlane 6: A solution for online risk prevention, identity monitoring, and identity restoration (Help Net Security)

MobileIron Delivers First UEM Integration With McAfee ePolicy Orchestrator (BusinessWire)

Symantec Debuts the Cyber Security Brief Podcast (Markets Insider)

AlgoSec Delivers Complete End-to-End Security Management for Cloud Security Controls(GlobeNewswire News Room)

Financial Institutions Fight Cybercrime with Intelligent Platform from Fiserv and BlueVoyant(BusinessWire)

Facebook also removes 4 Infowars videos, including one it previously cleared (TechCrunch)

Twitter says it does not shadow ban, despite complaints by Republicans (TechCrunch)

How Endgame Protects Against Phishing from Macro-Enabled Documents (Endgame)

Cofense SOARs Above Existing Security Orchestration and Automation Offerings Leveraging Human-Intelligence to Stop Active Cyber Attacks - Cofense (Cofense)

Securing Industrial Control System OT Networks (Tripwire) Industrial control system (ICS)

LogMeIn Unveils Secure Federated Login to LastPass with Active Directory (LogMeIn)

CompTIA PenTest+ Certification Available Worldwide (PRNewswire)

Threat Intelligence Transforms Security Automation Landscape with Launch of Its New Cloud Platform Evolve (BusinessWire)

Varonis Announces Upcoming Integration with Box to Secure Enterprise Content in the Cloud(GlobeNewswire News Room)

Financial institutions fight cybercrime with intelligent platform from Fiserv and BlueVoyant (Help Net Security)

Pulse Secure Updates Network Access Control Platform for IoT (eWEEK)

Windows Defender (Finally) Earns Top Antivirus Marks (Tom's Guide)

Technologies, Techniques, and Standards

NZ Information Security Manual updated (Technology Decisions)

Houston participates in mock cyberattack as part of research project (KPRC)

Hostage crisis? Ransomware is a threat that demands disaster planning (KnowBe4)

Federal DMARC Adoption Report, Secure your Email (Agari)

How to Improve Your Cyber Threat Intelligence Automation (LookingGlass Cyber Solutions Inc.)

Why a VPN could be the security extra your business needs (TechRadar)

Overcoming the Siloed Network Security Challenge (Infosecurity Magazine)

5 Ways Small Security Teams Can Defend Like Fortune 500 Companies (Dark Reading)

Is it OK to Reward Those Who Flag the Phish and Highlight Those Who Failed? (Infosecurity Magazine)

The Hypocrisy of Cyber's Hippocratic Oath (CyberVista)

The AI that protects DoD networks from zero-day exploits (Fifth Domain)

Targeting the future of the DoD’s controversial Project Maven initiative (C4ISRNET)

Booz Allen's Brad Stone on the effectiveness of threat intelligence (Cyberscoop)

Mitigate threats, not workers’ ability to do their jobs (Fifth Domain)

Building a sound security strategy for an energy sector company (Help Net Security)

Recovery is key in cyber attack (The Business Times)

Cyber X-Games takes on critical infrastructure defense (Defense Systems)

MUD: The Solution to Our Messy Enterprise IoT Security Problems? (Dark Reading)

Counties focus on vote security (The Villages Daily Sun)

Cosco’s pre-cyber attack efforts protected network (Journal of Commerce)

What the DoD can learn from the DHS CDM program (Fifth Domain)

Six best practices to follow in access control (Help Net Security)

The Need for Managed Detection and Response: Persistent and Prevalent Threats in North America’s Security Landscape (TrendLabs Security Intelligence Blog)

Understanding digital clues key in cyber breaches: LogRhythm exec (KrASIA)

Four-Time CEO Says Corporate Culture is the Most Important Defense... (Bricata)

Advanced Persistent Agony: Fixing the Broken Data Breach Response Template (Infosecurity Magazine)

Remain several steps ahead to prevent a data breach before it hits (SecurityInfoWatch.com)

Design and Innovation

Poor Password Handling and the Rise of Multi-Factor Authentication (WatchGuard)

Rebuilding it ... Better, stronger, faster. (C4ISRNET)

How a Bunch of Lava Lamps Protect Us From Hackers (WIRED)

Decentralising the web: Blockstack on decoupling data from applications (Computing)

Automating Kernel Exploitation for Better Flaw Remediation (Dark Reading)

Everything bad about Facebook is bad for the same reason (Quartz)

BurnBox Makes Hidden Files Look Like You've Deleted Them (WIRED)

Academia

New Cybersecurity Degree To Launch Fall 2018 At LETU (Markets Insider)

Certiport Partners with EC-Council to Validate Cybersecurity Skills in (PRWeb)

Security Industry Association Announces RISE Scholarship Opportunity for Young Security Professionals (Security Industry Association)

High-schoolers’ data put up for sale after being scraped from surveys (Naked Security)

Legislation, Policy, and Regulation

Australia's Fight Against Chinese Political Interference (Foreign Affairs)

Germany Vetoes Chinese Purchase of Business Citing Security Grounds (WSJ)

US targets Chinese companies in US$716 billion bill after ZTE debacle (South China Morning Post)

Marco Rubio: Google, other US companies are aiding Chinese surveillance (Washington Examiner)

Why Congress may have just boosted China’s cybersecurity (Fifth Domain)

America's Adversaries Are Weaponizing Information, NSA Director Warns (Washington Free Beacon)

Where do information operations fit in the DoD cyber enterprise? (Fifth Domain)

Here’s How to Really Make Cabinet Secretaries Responsible for Cybersecurity (Nextgov.com)

Lawmakers Can't Ignore Facial Recognition's Bias Anymore (WIRED)

Is Singapore ready for cyber warfare? (The Straits Times)

Security or Progress? (Global Risk Insights)

US bids to revive 'Arab NATO' alliance as part of measures against Iran (Deutsche Welle)

Analysis | The Cybersecurity 202: The fight over election security comes to the Senate floor(Washington Post)

Trump administration working on consumer data privacy policy (Reuters)

FBI Boss Chris Wray: We Put A Man On The Moon So Why Not Encryption Backdoors? (Techdirt.)

Speed Drives Navy Cyber Actions (SIGNAL)

Canadian Prime Minister Justin Trudeau Reportedly Alarmed by Huawei’s Threat to National Security(Epoch Times)

Russia’s Tiny Neighbor Prepares Its Cyber Revenge (Bloomberg.com)

Will the Senate Get Tough on Russia? (The New Yorker)

As cyber-attacks on the US rise, is the answer to hack back? (BostonGlobe.com)

DHS Forms New Cyber Hub to Protect Critical U.S. Infrastructure (Wall Street Journal)

Lawmakers Unveil Plans for Agency Telework and Cloud Security (Nextgov.com)

Litigation, Investigation, and Law Enforcement

How they did it (and will likely try again): GRU hackers vs. US elections (Ars Technica)

Cybersecurity & Retirement Plans (Password Protected)

Fortnite Scammers Approaching $1m in Annual Takings (Imperva)

Hire-a-hitman website is a scam and its owner has made a killing (Times)

Burglar wakes up couple to ask to use their Wi-Fi network (Ars Technica)

First Suit Over Facebook's Stock Plunge Is Filed in Manhattan Federal Court | New York Law Journal(New York Law Journal)

Wikileaks founder Julian Assange faces embassy expulsion (Times)

When a Stranger Decides to Destroy Your Life (Gizmodo)

UK CNP Fraud Drops as Banks Fight Back (Infosecurity Magazine)

Amazon: cops should set confidence level on facial recognition to 99% (Ars Technica)

Bull-Riding Lawyer Indicted For Allegedly Launching Cyberattacks Against His Critics (Above the Law)

How Sellers Trick Amazon to Boost Sales (Wall Street Journal)

Idaho Prisoners Hack Tablets and Steal Nearly a Quarter of a Million Dollars in Credits (Motherboard)

Drugs, (Non)Violence, and Video Games: A Brief History of Silk Road (CoinCentral)

NSA Statement on Semi-Annual Office of the Inspector General Report to Congress (IC on the Record)

UK Group Threatens to Sue Facebook Over Cambridge Analytica (WIRED)

House GOP intends to seek Comey interview after August recess (TheHill)Russian National Sentenced to 70 Months For $4 Million Debit Card Fraud (Dark Reading)

‘TELL YOUR DAD TO GIVE US BITCOIN:’ How a Hacker Allegedly Stole Millions by Hijacking Phone Numbers (Motherboard)

Florida High School Football Team Improperly Accessed Rivals' Training Videos (BleepingComputer)