Global Cyber News Digest

Terrorism, espionage, and cyber: ASIO's omne trium perfectum

Source: ZDNet
By: Asha Barbaschow
Published: September 6, 2019

* ASIO's outgoing Director-General of Security reflects on the 'security triptych' that is of upmost concern to Australia's national security.
* "I had to remind myself the other day that when 9-11 took place, of course, there were no tweets, it's interesting. It only seems like yesterday. There was no social media as we know it today," Australia's Director-General of Security Duncan Lewis said during an address to the Lowy Institute.

NSA: Just say no to hacking back

Source: FCW
By: Lauren C. Williams
Published: September 5, 2019

* The NSA is taking a strong stance against hacking back.
* If an organization should see evidence of an ongoing cyberattack, it should alert the FBI or Homeland Security, Glenn Gerstell, the National Security Agency's chief counsel, told reporters at the 2019 Intelligence and National Security Summit.

China hacked Asian telcos to spy on Uighur travelers: sources

Source: Yahoo! News
By: Jack Stubbs
Published: September 5, 2019

* Hackers working for the Chinese government have broken into telecoms networks to track Uighur travelers in Central and Southeast Asia, two intelligence officials and two security consultants who investigated the attacks told Reuters.
* China is facing growing international criticism over its treatment of Uighurs in Xinjiang. Members of the group have been subject to mass detentions in what China calls "vocational training" centers and widespread state surveillance.

NSA Cyber Chief Wants to Share Digital Threats Early and Often

Source: NextGov
By: Jack Corrigan
Published: September 5, 2019

* The agency has historically been slow to share threat intelligence but accelerating that process would help the government get ahead of cyber adversaries.
* By pushing out intelligence earlier and faster, NSA could help its partners get ahead of digital threats instead of playing clean-up after they fall victim, said Anne Neuberger, who was recently tapped to lead the agency's new Cybersecurity Directorate. The office is set to officially open its doors on Oct. 1.

7 Sophisticated Cyber-Attacks that are Growing in 2019

Source: Security Boulevard
By: Lisa O'Reilly
Published: September 5, 2019

* Shadow IT and the growth in applications at use in the work environment, together with the Internet of Things (IoT), have led to an increase in entry points that cybercriminals can exploit for phishing and other attacks.
* As bad actors become more sophisticated in their attacks, so too have their success in gaining access to corporate data, financial assets, and networks.

Security hole opens a billion Android users to advanced SMS phishing attacks

Source: HelpNetSecurity
By: FNU LNU
Published: September 4, 2019

* The affected Android phones use over-the-air (OTA) provisioning, which allows mobile network operators to deploy network-specific settings to a new phone joining their network.
* Researchers found that the industry standard for OTA provisioning, the Open Mobile Alliance Client Provisioning (OMA CP), includes limited authentication methods. This can be exploited, enabling hackers to pose as network operators and send deceptive OMA CP messages to users.

The Dangers in Smart Cities

Source: NextGov
By: John Breeden II
Published: September 4, 2019

* Smart cities make for a larger attack footprint, and more potentially devastating results from a breach or hack.
* Because the concept of smart cities is new, with actual implementations still pretty rare, there has not been a lot of smart city hacking incidents.
* A couple of years ago someone hacked into the tornado siren network in Dallas, which was in the process of automating those warnings. The hacker sounded the alarm, panicking some residents, but there was no permanent damage.

Google is working on a fix for malicious Calendar spam

Source: Engadget
By: Igor Bonifacic
Published: September 3, 2019

* Since at least May of this year, malicious individuals have been sending Gmail users unsolicited Calendar invites. The scam takes advantage of the fact most people have their Google accounts set to automatically add and notify them of Calendar invites.
* You can easily protect yourself against this type of spam by changing how GCal handles event invitations.

Authorities in France tackling cyber-attacks on all fronts - ANSSI

Source: The Daily Swig
By: Emma Woollacott
Published: September 3, 2019

* From espionage to cryptojacking, the French cybersecurity agency acted on nearly 2,000 threat reports last year
* Since 2013, France's Critical Infrastructures Information Protection (CIIP) framework has laid down a common minimum level of cybersecurity for all critical operators, while giving ANSSI powers to support them in the event of a cyber-attack.

Cyber Insurance: You Get What You Pay For

Source: CPO Magazine
By: Scott Ikeda
Published: September 3, 2019

* The cyber insurance market has experienced an unsurprising boom in recent years, as there seems to be a weekly story about some high-profile breach or another.
* Some insurers are offering these incredibly low prices by cutting vital coverage, and a number of players in the market are money-chasing opportunists that don't really understand cybersecurity.
* These risks were highlighted recently by a study from mutual insurance giant FM Global, and summit helmed by cyber insurance experts at the annual Black Hat USA security conference in Las Vegas.