A roundup of the top news stories in information security this week, including a LinkedIn flaw that could impact millions, President Trump spinning off the U.S. Cyber Command from the NSA, and more.


Cyber Command

GOVERNMENT

Trump Takes First Step in Spinning Off US Cyber Command from NSA

The U.S. Cyber Command has been officially elevated to a Unified Combatant Command for cyberspace operations. The move is seen as the first step in removing the department from under the umbrella of the National Security Agency. In a statement announcing the move, President Trump said it should “help streamline command and control of time-sensitive cyberspace operations by consolidating them under a single commander.”

Click here for full article.

 


LinkedIn

VULNERABILITY

LinkedIn Messenger Flaw Could Expose Millions to Malware

Cyber attackers could have uploaded malicious attachments in LinkedIn’s popular messaging feature, thanks to drawbacks in the social network’s own security restrictions. Research conducted by security firm Checkpoint points to a flaw in LinkedIn’s security protections when scanning attachments for malicious activity, which could result in attackers skirting the system. Checkpoint researchers identified four flaws in LinkedIn’s security systems and reported them to the company.

Click here for full article.




Spearphishing

BUG BOUNTY

Researchers Receive $100K Award for Identifying Spearphishing Detection Method

A group of researchers from the University of California, Berkeley and the Lawrence Berkeley National Laboratory have been awarded $100 for identifying a credential spearphishing detection method. The experts received the award as part of Facebook’s annual Internet Defense Prize partnership with USENIX Association. The group calls the detection method an anomaly scoring technique for ranking alerts.

 

Click here for full article.




Tuesday Spam
CYBERCRIME

Spammers Prefer Tuesdays to Strike Their Targets

Recent research suggests that spammers focus their efforts on Tuesdays when their targets are most active online. Experts at IBM X-Force gather six months of data to come to their conclusion. According to the research, 83% of spam is sent on weekends, with Tuesday coming in as the highest day. The data collected by the experts is from December 2016 to June 2017.

Click here for full blog post.

 




Kaspersky Lab

ESPIONAGE

FBI Recommends U.S. Firms Drop Kaspersky Lab Apps

The FBI has been meeting with companies to warn them of the dangers of working with cybersecurity firm Kaspersky Lab. The law enforcement agency believes that the cybersecurity firm cannot be trusted with protecting the country’s critical infrastructure. The company has denied the agency’s claims, even going as far as offering up its source code in an effort to clear its name.

Click here for full article.

 

 

NotPetya Part 2

CYBER ATTACK

Ukrainian Security Firm Warns of New Wave of Attacks

ISSP, a Ukranian cybersecurity firm, believes it has detected a new malware campaign that could result in a similar global assault that impacted organizations across the globe in June. Similar to NotPetya, the malware that crippled Ukranian government agencies and businesses this summer, the malware seems to originate in accounting software and may be aimed at taking down Ukranian networks on August 24, the country’s Independence Day.

Click here for full article.



 

Cybersecurity Talent ShortageINFOSEC INDUSTRY

Cybersecurity Firms Expect a “Chronic Shortage” of Qualified Staff

The number one problem the cybersecurity world faces is a shortage of qualified staff, according to one analyst. Cybersecurity Ventures’ Steve Morgan says it’s an “absolute epidemic” that’s having a profound impact on the industry. After gathering feedback from executives at cybersecurity company’s, a majority pointed to the same problem.

 

Click here for full article.


 

Bankbot Malware

MALWARE

BankBot Malware Found in Google Play Marketplace

Malware has once again managed to get past Google Play’s defenses. Security researchers have discovered that an Android banking malware was hiding on the popular app marketplace that managed to thwart detection view new tactics. Dubbed BankBot, the malware has the ability to download additional programs without the user’s knowledge.

Click here for full blog post.

 

 

Mobile Zero DaysMOBILE SECURITY

Secure Messaging App Zero Days Can Earn Researchers $500K

Security researchers looking for a big pay day can earn $500,000 for any remote code execution and local privilege elevation zero days reported to Zerodium, a vendor in the exploit acquisition market. These zero days must be found in messaging apps like WhatsApp, Signal, Facebook Messenger, iMessage, and Telegram.

Click here for full article.


 


Yahoo Breach
U.S. COURTS

Yahoo Breach Suspect Pleads Not Guilty

The 22-year-old man that allegedly played a central role in Yahoo’s massive data breach pleaded not guilty before a federal district court judge in San Francisco on Wednesday. Karim Baratov, a Canadian citizen, born in Kazakhstan, was arrested in Canada last March in connection with the data breach that resulted in the compromised account information of 500 million users.

Click here for full article. 

 

Olu Eletu