Topic   Web Sites   
Ransomware Strikes Kiosks at South Korean LG Service Centers
Overview: "Ransomware has infected self-service kiosks at some service centers operated by the multinational conglomerate LG Electronics," Tripwire reports. 
Author: David Bisson   Web Site:   Date: 8/17/2017
Topics: Malicious Software Controls, Patch Management, Vulnerability Management

Don't panic, Chicago, but an AWS S3 config blunder exposed 1.8 million voter records
Overview: "A voting machine supplier for dozens of US states left records on 1.8 million Americans in public view for anyone to download – after misconfiguring its AWS-hosted storage," The Register reports. 
Author: Shaun Nichols   Web Site:   Date: 8/17/2017
Topics: Cloud Computing Security, Configuration Management

Maersk Shipping Reports $300M Loss Stemming from NotPetya Attack
Overview: "A.P. Moller-Maersk, the world’s largest container ship and supply vessel company, said Tuesday that it would incur hundreds of millions in U.S. dollar losses due to the NotPetya wiper malware attacks of late June," Threatpost reports. 
Author: Michael Mimoso   Web Site:   Date: 8/16/2017
Topics: Malicious Software Controls

Scottish Parliament Targeted by Brute Force Attackers
Overview: "Bad actors have targeted the Scottish Parliament with a brute force attack designed to crack weak passwords used by MSPs and staff," Tripwire reports. 
Author: David Bisson   Web Site:   Date: 8/16/2017
Topics: General Security Awareness, Password Management System, Password Usage

US, China and the UK are top regions affected by IoT security threats
Overview: "The United States, China and the United Kingdom were the three top countries affected by smart home attacks by cyber criminals," Help Net Security reports. 
Author: Help Net Security   Web Site:   Date: 8/16/2017
Topics: General Security Awareness

Smart Locks Bricked by Bad Update
Overview: "A botched wireless update for a remotely accessible smart lock system has bricked hundreds of them. The locks suffered a 'fatal error,' according to device’s manufacturer LockState, rendering them unable to locked. Customers are asked to either return impacted locks for repair, or request a replacement," Threatpost reports. 
Author: Tom Spring   Web Site:   Date: 8/15/2017
Topics: Physical (and Environmental) Security

Acute Care Center Notifies Patients of Medical Records Security Incident
Overview: "An acute care center has begun notifying patients of a security incident that might have compromised their medical records," Tripwire reports. 
Author: David Bisson   Web Site:   Date: 8/15/2017
Topics: General Security Awareness

Drone-maker DJI's Go app contains naughty Javascript hot-patching framework
Overview: "Chinese drone firm DJI appears to have baked a hot-patching framework into its Go app that breaks Apple's App Store terms and conditions, according to drone hacker sources," The Register reports.
Author: Gareth Corfield   Web Site:   Date: 8/15/2017
Topics: Vulnerability Management

Facebook Password Stealer Pilfers Data from Wannabe Attackers
Overview: "A “Facebook password stealer” is capable of covertly pilfering sensitive information from any wannabe attacker who uses it...On 3 August, a security researcher by the name of MalwareHunterTeam tweeted about the credential-collecting tool’s hidden nature," Tripwire reports. 
Author: David Bisson   Web Site:   Date: 8/14/2017
Topics: General Security Awareness

Google wants iOS Gmail users to think twice about following suspicious links
Overview: "Google has announced the rollout of new anti-phishing checks for the iOS Gmail app: in less than two weeks, all users will be confronted with two warnings if they attempt to follow a suspicious link from within the app," Help Net Security reports. 
Author: Zeljka Zorz   Web Site:   Date: 8/14/2017
Topics: Electronic Messaging Security, Malicious Software Controls, Social Engineering (e.g., phishing)

Blizzard Entertainment Hit With Weekend DDoS Attack
Overview: "Blizzard Entertainment reported a crippling DDoS attack over the weekend creating chronic latency and connection issues for players of games Overwatch, World of Warcraft and others," Threatpost reports. 
Author: Tom Spring   Web Site:   Date: 8/14/2017
Topics: Network Security, Security Monitoring

Ukrainian Man Arrested, Charged in NotPetya Distribution
Overview: "The Cyber Police of Ukraine arrested a suspect they allege distributed the destructive NotPetya/ExPetr malware resulting in the infection of 400 computers," Threatpost reports. 
Author: Tom Spring   Web Site:   Date: 8/11/2017
Topics: General Security Awareness

HBO hackers leak $250K 'bounty' offer, alter leaked documents
Overview: "The HBO hackers released what they claim to be a letter from HBO offering a $250,000 “bounty payment” while some are accusing the hacker of altering leaked documents." SC Magazine reports. 
Author: Robert Abel   Web Site:   Date: 8/11/2017
Topics: General Security Awareness

Salesforce sacks two top security engineers for their DEF CON talk
Overview: "Salesforce fired two of its senior security engineers after they revealed details of an internal tool for testing IT defenses at DEF CON last month," The Register reports. 
Author: Katyanna Quach   Web Site:   Date: 8/10/2017
Topics: General Security Awareness, Penetration Testing

Microsoft debuts Coco Framework to improve blockchain performance, privacy
Overview: ZDNet reports: "Microsoft is working to address some of the current limitations of enterprise blockchain with a new cross-platform framework designed to make it more scalable, governable and confidential."
Author: Mary Jo Foley   Web Site:   Date: 8/10/2017
Topics: General Security Awareness

Ransomware turns even nastier: Destruction, not profit, becomes the real aim
Overview: "Leaks and dumps are handing more tools for creating ransomware and other malicious software to cybercriminals," ZDNet reports. 
Author: Danny Palmer   Web Site:   Date: 8/9/2017
Topics: Malicious Software Controls, Social Engineering (e.g., phishing)

Disney slammed with class-action complaint for unlawfully exfiltrating kids' personal data
Overview: "Two plaintiffs have filed a class-action lawsuit against The Walt Disney Company for wrongfully exfiltrating children's personally identifying information," Graham Cluley reports.
Author: David Bisson   Web Site:   Date: 8/8/2017
Topics: Data Privacy, Mobile Device Security

US Homeland Security CIO hits ctrl-alt-delete after just three months
Overview: "The chief information officer of America's Department of Homeland Security has become the latest Trump administration appointee to resign," The Register reports. 
Author: Shaun Nichols   Web Site:   Date: 8/8/2017
Topics: General Security Awareness

The British government plans to extend data protection laws to increase consumer rights and create new crimes
Overview: "The British government will publish a "statement of intent" to strengthen data protection laws, giving people the right to have their personal data deleted. Organizations that can't or won't delete data, or fail to report security breaches, can be fined up to £17 million or up to 4 percent of their global turnover," ZDNet reports. 
Author: Jack Schofield   Web Site:   Date: 8/6/2017
Topics: Legal, Regulatory and Compliance

'Cyber vulnerabilities' prompt US Army to ban 'all use' of DJI drones
Overview: "The US Army appears to have issued a global order banning its units from using drones made by Chinese firm DJI, citing 'cyber vulnerabilities'," The Register reports. 
Author: Gareth Corfield   Web Site:   Date: 8/4/2017
Topics: Vulnerability Management

Two Popular IP Cameras Riddled With Vulnerabilities
Overview: "Two consumer-grade IP-enabled security cameras manufactured by Loftek and VStartcam are riddled with nearly two dozen vulnerabilities that expose them to remote attacks. According to researchers, more than 1.3 million of the cameras are in use today, with 200,000 models located in the United States," Threatpost reports. 
Author: Tom Spring   Web Site:   Date: 8/3/2017
Topics: Vulnerability Management

WannaCry Hero Arrested, One of Two Charged with Distribution of Kronos Malware:
Overview: "Marcus Hutchins, the researcher hailed for his work in blunting the WannaCry ransomware outbreak in May, was arrested Wednesday in Las Vegas and charged with creating and distributing the Kronos banking malware," Threatpost reports. 
Author: Michael Mimoso   Web Site:   Date: 8/3/2017
Topics: Malicious Software Controls

Firefox's new tool lets you send self-destructing 1GB files from any browser
Overview: "Mozilla has released a free application for securely sending large files that self-destruct after one download," ZDNet reports.
Author: Liam Tung   Web Site:   Date: 8/2/2017
Topics: General Security Awareness

Malware Attack Disrupts Merck's Worldwide Operations
Overview: "American pharmaceutical giant Merck revealed in its financial results announcement for the second quarter of 2017 that a recent cyberattack has disrupted its worldwide operations, including manufacturing, research and sales," SecurityWeek reports. 
Author: Eduard Kovacs   Web Site:   Date: 8/1/2017
Topics: Malicious Software Controls

New Bill Seeks Basic IoT Security Standards
Overview: "Lawmakers in the U.S. Senate today introduced a bill that would set baseline security standards for the government’s purchase and use of a broad range of Internet-connected devices, including computers, routers and security cameras," Brian Krebs reports. 
Author: Brian Krebs   Web Site:   Date: 8/1/2017
Topics: Legal, Regulatory and Compliance