• UN debates cyber treaty, norms
    — A popular security feature appears to be contributing to a rise in a subset of DDoS attacks, a cybersecurity firm believes. UN’S WEEK OF CYBER NORMS TALKS — From our friends at POLITICO Europe’s Cyber Insights: In past days diplomats gathered in New York for discussions on how international law should stop all-out cyber warfare — some (Dutch ones) even wearing helmets to the meeting. “It started with dramatic twists, like the Russian representative warning for a ‘global cyberwar’ and Iran self-portraying itself as the first victim of a serious ICT cyberattack, calling the Stuxnet attack ‘cyber Hiroshima,’” said Lukasz Olejnik, a cybersecurity researcher associated with the Center for Technology and Global Affairs at Oxford University. While Western countries have pushed to better protect and enforce norms in cyberspace — like the norm for states not to target critical internet functions or surveil citizens — Europe, the U.S. and like-minded states are no fan of a new treaty, arguing it would undermine other international rules and how they apply to cyberspace.Read More
  • VMRay Closes $10 Million Series B Round
    VMRay was founded by Dr. Carsten Willems and Dr. Ralf Hund in 2013, two early pioneers in automated malware analysis and detection, as a vehicle to transform their groundbreaking academic research into practical solutions for enterprise security teams. At the core of its flagship Analyzer platform is a sophisticated malware sandbox that is uniquely capable of rapidly identifying evasive malware threats that traditional dynamic analysis approaches, static analysis tools and signature-based security solutions often miss since they are unable to stop what they’ve never seen before or get detected by malware during analysis. As a result, VMRay Analyzer detects Zero-Day malware and advanced threats that can be missed by security solutions that rely primarily on those technologies. Since the introduction of VMRay Analyzer, its automated malware analysis platform in 2016, the company has steadily rolled out a complete suite of inter-connected threat detection solutions, including:Read More
  • Swindon College staff and students warned over cyber attack
    Image copyright Geograph Image caption Swindon College said a criminal investigation was ongoing A college has advised students and staff to check their financial data after it fell victim to a cyber attack. Swindon College said a targeted attack resulted in unauthorised access to the personal data of both present and former staff and students. It said those who may be affected should check their bank accounts to identify any suspicious activity. The further education college said a criminal investigation was ongoing. In a statement, it said it knew there would be cause for concern and said it would contact all individuals affected with more detail "as soon as we are able to do so".Read More
  • New Linux malware mines crypto after installing backdoor with secret master password
    Cybersecurity researchers have identified a new strain of Linux malware that not only mines cryptocurrency illicitly, but provides the attackers with universal access to an infected system via a “secret master password.” TrendMicro’s latest blog also reveals that Skidmap attempts to mask its cryptocurrency mining by faking network traffic and CPU-related statistics. Cryptocurrency mining malware is still a very real threat Initial infection occurs in a Linux process called crontab, a standard process that periodically schedules timed jobs in Unix-like systems. Skidmap then installs multiple malicious binaries, the first minimizing the infected machine’s security settings so that it can begin mining cryptocurrency unhindered. “Besides the backdoor access, Skidmap also creates another way for its operators to gain access to the machine,” wrote TrendMicro. Unfortunately, TrendMicro didn’t indicate which cryptocurrency Skidmap illicitly mines. To protect against Skidmap, TrendMicro urges admins to keep their systems and servers patched and updated, and beware of unverified, third-party repositories.Read More
  • Self-Help in Cyberspace: A Path Forward
    Yet they do not necessarily weigh equally with all forms of active cyber defense—which is often conflated with the most extreme “hack backs.” Moreover, opponents and proponents of active cyber defense alike should recognize that the current ambiguous legal boundaries neither enable effective private-sector defense nor prevent more risk-acceptant actors from engaging in reckless conduct. Rather, a reasonable approach should aim solely to allow corporations a degree of discretion in choosing how to respond to malicious cyber activity, explicitly scaling upward the range of permissible defensive action within normative boundaries similar to those regulating other forms of property protection. In addition to setting clear outer boundaries for the permissible space for corporate engagement in active cyber defense, it is important to stipulate that even within this limited spectrum, corporations should not be incentivized to take a more assertive posture in defense of their equities.Read More
  • New Threat Actor Fraudulently Buys Digital Certificates to Spread Malware
    ReversingLabs identified cybercriminals duping certificate authorities by impersonating legitimate entities and then selling the certificates on the black market. Researchers have identified a new threat actor that is using impersonation fraud to purchase digital certificates that are then used for the spread of malware. Security firm ReversingLabs identified a bad actor that deceives certificate authorities into selling them legitimate digital certificates by impersonating company executives, according to a blog post by chief architect and co-founder Tomislav Pericin. Once purchased, the bad actor sells the certificates on the black market for digitally signing malicious files, mainly adware, he said. ReversingLabs used public threat intelligence data to reconstruct the timeline of a fraudulent purchase of digital certifications, including the impersonation of a legitimate entity.Read More
  • Serious Flaws in CODESYS Products Expose Industrial Systems to Remote Attacks
    The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) last week published several advisories describing vulnerabilities in CODESYS products, many of which can be exploited remotely for arbitrary code execution, denial-of-service (DoS) attacks, and other purposes. The most recent advisory from CODESYS, published on September 12, describes a critical stack-based buffer overflow in the CODESYS ENI server, which helps manage objects in a CODESYS project. This flaw, not covered by CISA’s advisories, can be exploited remotely by an attacker with low skills for arbitrary code execution or DoS attacks by sending specially crafted requests to the targeted server. The web server component in CODESYS V3 is affected by a critical vulnerability that can be used to access files, cause the server to crash, or execute arbitrary code using specially crafted requests. There is also a serious vulnerability in CODESYS V3 products that use a communication server for communication with clients such as the Development System.Read More
  • The Gap Between Strong Cybersecurity And Demands For Connectivity Is Getting Massive
    127 New Devices Connected Every Second Traditional firewalls and VLANs were designed to patch singular security issues, not to provide a holistic model for secure networking. Devices, users and traffic must be identifiable for data acquisition to provide the needed visibility into your entire network. Bad actors will find ways to compromise IIoT devices and networks, so rapid identification and remediation are key. Successful OT/IT convergence requires secure connectivity at immense scale for all devices -- from the core to the edges of your hybrid network. Explore forward-looking solutions that can truly scale and address the entire network, including IIoT devices that often can’t protect themselves.Read More
  • The Gap Between Strong Cybersecurity And Demands For Connectivity Is Getting Massive
    127 New Devices Connected Every Second Traditional firewalls and VLANs were designed to patch singular security issues, not to provide a holistic model for secure networking. Devices, users and traffic must be identifiable for data acquisition to provide the needed visibility into your entire network. Bad actors will find ways to compromise IIoT devices and networks, so rapid identification and remediation are key. Successful OT/IT convergence requires secure connectivity at immense scale for all devices -- from the core to the edges of your hybrid network. Explore forward-looking solutions that can truly scale and address the entire network, including IIoT devices that often can’t protect themselves.Read More
  • Major Security Bug: WhatsApp 'Delete for Everyone' Doesn't Delete Media Files Sent to iPhone Users
    Well, we've all been there, but what's more unfortunate is that the 'Delete for Everyone' feature WhatsApp introduced two years ago contains an unpatched privacy bug, leaving its users with false sense of privacy. As the name indicates, the 'Delete for Everyone' feature has been intended to unsend mistakenly sent inappropriate messages—including photos and videos—from the recipient's phone, or all members of a group. However, it turns out that WhatsApp 'Delete for Everyone' feature doesn't delete media files sent to iPhone users (with default settings) as it does from the Android devices, leaving them saved on the recipient's iOS device even if the messenger chat screen displays you, "This message has been deleted." On the other hand, if you use 'Delete for Everyone' against an Android user, WhatsApp will delete the sent media files from the recipient device's gallery as well.Read More