Global Cyber News Digest

CISOs think cloud safer, but security fears remain

Source: ComputerWeekly.com
By: Warwick Ashford
Published: September 3, 2019

* More than three in five (61%) chief information security officers (CISOs) believe the security risk of a security breach is the same or lower in cloud environments than on-premise, a study shows.
* However, the survey also reveals that despite the perceived superiority of cloud over on-premise when it comes to security, respondents do not consider cloud systems to be completely safe, with only 10% saying they were not concerned about security in the cloud.'

Popular PDF software developer suffers major data breach - reset your password now

Source: TechRadar.pro
By: Mark Wycislik-Wilson
Published: September 3, 2019

* Foxit Software, the company behind PDF reader Foxit Reader and PDF editor PhantomPDF, is forcing users to reset their password after it suffered a data breach.
* Third parties managed to gain gained access to data 'My Account' data. This includes information such as email addresses, passwords, names, phone numbers, company names and IP addresses.

Major Security Flaw Found in Google Chrome, Patch Must Be Installed ASAP

Source: Softpedia News
By: Bogdan Popa
Published: September 2, 2019

* A security flaw in Google Chrome allows an attacker to eventually take control a vulnerable host, and parent company Google recommends users to deploy a patch as soon as possible.
* The vulnerability requires users to visit a malicious website, at which point an attacker could attempt to run arbitrary code with the final goal of taking control of the device.

Revealed: How a secret Dutch mole aided the U.S.-Israeli Stuxnet cyberattack on Iran

Source: Yahoo!News
By: Kim Zetter and Huib Modderkolk
Published: September 2, 2019

* For years, an enduring mystery has surrounded the Stuxnet virus attack that targeted Iran's nuclear program: How did the U.S. and Israel get their malware onto computer systems at the highly secured uranium-enrichment plant?
* The courier behind that intrusion, whose existence and role has not been previously reported, was an inside mole recruited by Dutch intelligence agents at the behest of the CIA and the Israeli intelligence agency, the Mossad.

BEC overtakes ransomware and data breaches in cyber-insurance claims

Source: ZDNet
By: Catalin Cimpanu
Published: September 2, 2019

* Business email compromise (BEC) has overtaken ransomware and data breaches as the main reason companies filed a cyber-insurance claim in the EMEA (Europe, the Middle East, and Asia) region last year, said insurance giant AIG.
* Ransomware-related incidents came in in second place, accounting for 18% of all cyber-insurance claims in the EMEA region, followed by claims for data breaches caused by hackers and data breaches caused by employee negligence (e.g. sending data to the wrong person), both with 14%.

How one teenager took out a secure Pentagon file sharing site

Source: FifthDomain
By: Andrew Eversden
Published: August 31, 2019

* By last October, the Pentagon's Vulnerability Disclosure Program had processed thousands of loopholes in the Department of Defense's websites.
* Then it received a report from Jack Cable.
* Cable has quite the list of accomplishments. In 2018, TIME Magazine ranked him as one of the Top 25 most influential teens. At age 17, he found 30 vulnerabilities in Air Force websites during the 2017 rendition of the "Hack the Air Force" competition. He ended up winning the contest.

How the Pentagon is tackling deepfakes as a national security problem

Source: C4ISRNET
By: Nathan Strout
Published: August 29, 2019

* Deepfakes are a national security issue, said Lt. Gen. Jack Shanahan, director of the Pentagon's Joint Artificial Intelligence Center, and the Department of Defense needs to invest heavily in technology that can counter it.
* Deepfakes are videos where one person's face is superficially imposed onto another person's face to make it look like they said or did things they did not.

New ransomware grows 118% as cybercriminals adopt fresh tactics and code innovations

Source: HelpNetSecurity
By: FNU LNU
Published: August 29, 2019

* McAfee Labs saw an average of 504 new threats per minute in Q1 2019, and a resurgence of ransomware along with changes in campaign execution and code.
* While spear phishing remained popular, ransomware attacks increasingly targeted exposed remote access points, such as Remote Desktop Protocol (RDP); these credentials can be cracked through a brute-force attack or bought on the cybercriminal underground.

Everything We Know About the Capital One Hacking Case So Far

Source: Wired
By: Lily Hay Newman
Published: August 29, 2019

* At the end of July, the FBI and Capital One disclosed that the bank had suffered a massive data breach just a few months before, exposing personal and financial data from more than 100 million customers.
* The FBI arrested former Amazon employee Paige Thompson, 33, in connection with the crime, and accused her of also breaching 30 other companies and organizations.
* Thompson, who also goes by the online handle "erratic," allegedly created a program in late March to scan cloud customers for a specific web application firewall misconfiguration.

What the education industry must do to protect itself from cyber attacks

Source: HelpNetSecurity
By: Charlie Sander
Published: August 28, 2019

* Most attention around data breaches is on the commercial side, with Capital One being the recent high-profile breach, compromising the personal information of more than 100 million people. However, the education sector is proving to also be an attractive target.
* This summer made it evident that K-12 school districts, higher education, and even commercial companies working with educational institutions are at risk. Notably, the state of Louisiana declared a state of emergency following an attack that disabled computers at three school districts.