Daily News Digest

Stay current on the global cyber threat landscape and industry developments with CCOE’s daily digest and library of cybersecurity news and articles.

  • Cloud Hopper hits several tech firms in Spyware attack

    Source: CISO Magazine
    By: FNU LNU
    Published: June 27, 2019
    * Security researchers stated that a global hacking campaign backed by China's Ministry of State Security broke into various technology service providers to steal commercial secrets from their clients.
    * The Reuters report revealed the compromised companies list that included Hewlett Packard Enterprise, IBM, Fujitsu, Tata Consultancy Services, NTT Data, Dimension Data, Computer Sciences Corporation, and DXC Technology.
  • (cisomag.com)
  • Hacker steals $4.5 million from Bitrue cryptocurrency exchange

    Source: ZDNet
    By: Catalin Cimpanu
    Published: June 27, 2019
    * Hackers stole $4.25 million worth of Ripple coins and $225,000 worth of Cardano coins.
    * Per Bitrue's statement, administrators detected the hack and immediately shut down trading on their platform, putting the site in maintenance mode while they investigated what was happening.
  • (zdnet.com)
  • NIST Updates SP 800-171 To Enhance DoD Contractor Security Against Cyber Attack

    Source: JDSupra
    By: Susan Ebner
    Published: June 26, 2019
    * Cybersecurity continues to be an imperative for the protection ofthe Department of Defense (DoD) and its contractors' supply chain.
    * On June 19, 2019, the National Institute of Standards andTechnology (NIST) issued two draft updates to its Special Publication800-171, "Protecting Controlled Unclassified Information in NonfederalSystems and Organizations" (NIST SP 800-171) to invigorate securitycontrols aimed at protecting entities in this supply chain.
  • (jdsupra.com)
  • Recent Hacks And Scams That Could Threaten Your Cybersecurity

    Source: MondaqBy: Karen Andersen
    Published: June 10, 2019
    - This brief is intended to help you make sense of the ever-changing world of cybersecurity so you can avoid similar scenarios.
  • (mondaq.com)
  • Emuparadise gaming emulator website suffers data breach

    Source: ZDNet
    By: Charlie Osborne
    Published: June 10, 2019
    - Retro gaming website Emuparadise has been involved in a data breach leading to the exposure of 1.1 million user accounts. - The security incident took place on April 1, 2018, but has only recently emerged after information from impacted user accounts was provided to HaveIBeenPwned by dehashed.com.
  • (zdnet.com)
  • Cathay Pacific Faulted For Data Breach, But Hackers' Objective Unclear

    Source: Forbes
    By: Will Horton
    Published: June 6, 2019
    * It is aviation's largest known data breach, with 9.4 millionCathay Pacific passengers impacted, but also puzzling, gathering only 430credit card numbers, mostly expired and none complete.
    * Cathay says it has not received any reports of data being misusedor listed on the 'dark web.'
    * Cathay was unequivocally faulted by Hong Kong's PrivacyCommissioner in a report released Thursday that identified twocontraventions of law, low regard to data privacy and taking seven monthsto disclose the 2018 breach.
  • (forbes.com)
  • A new cyber attack which can mimic a user's personalised keystroke

    Source: SciTech Europa
    By: FNU LNU
    Published: June 6, 2019
    * Ben-Gurion University of the Negev (BGU) cybersecurityresearchers have developed a new cyber attack which can mimic a user'spersonalised keystroke characteristics.
    * The cyber attack, called Malboard, evades several detectionproducts because they are designed to continuously verify the identity ofuser based on personalised keystroke characteristics.
  • (scitecheuropa.eu)
  • Report: No 'Eternal Blue' Exploit Found in Baltimore City Ransomware

    Source: KrebsOnSecurity
    By: Krebs
    Published: June 3, 2019
    * For almost the past month, key computer systems serving thegovernment of Baltimore, Md. have been held hostage by a ransomware strainknown as 'Robbinhood.'
    * new analysis suggests that while Eternal Blue could have beenused to spread the infection, the Robbinhood malware itself contains notraces of it.
  • (krebsonsecurity.com)
  • Security awareness training for executives keeps whaling at bay

    Source: SearchSecurity
    By: Alissa Irei
    Published: June 2019
    * Security awareness training for executives teaches anenterprise's biggest fish to recognize potential whaling attacks -- beforethey take the bait.
    * If Captain Ahab were a modern cybercriminal, his Moby Dick mightwell be an enterprise CEO. In a type of focused phishing attack calledwhaling, hackers target high-level end users through individually tailoredcampaigns designed to trick their marks into surrendering access,information or both.
  • (searchsecurity.techtarget.com)
  • (airforcemag.com)