f1tym1

President Donald Trump has signed the NIST Small Business Cybersecurity Act into law requiring the National Institute of Standards and Technology to provide cyber-security resources to small and medium businesses. 

Victims of cyberattacks are in the news nearly every day. These organizations are big and small and represent healthcare, finance and utilities to local government and entertainment.

[unable to retrieve full-text content]

Preventing lateral movement and unauthorized domain access due to the misuse of network credentials – especially due to reconnaissance tools looking for weak spots – is a challenge plaguing many enterprises. In fact, it’s a decades-old security problem. A major issue for enterprises has been how to detect and contain the use of reconnaissance tools like BloodHound, authentication protocols such as NTLM, DCE/RPC, Kerberos and Lightweight Directory Access Protocol (LDAP), as well as other IT tools like PsExec and Powershell that are being misused or exploited by attackers.

According to the document, contained in the cache of materials provided by NSA whistleblower Edward Snowden, the NSA also compromised VPNs used by airline reservation systems Iran Air, “Paraguayan SABRE,” Russian airline Aeroflot, and “Russian Galileo.” Sabre and Galileo are both privately operated, centralized computer systems that facilitate travel transactions like booking airline tickets. Collectively, they are used by hundreds of airlines around the world. In Iraq, the NSA compromised VPNs at the Ministries of Defense and the Interior; the Ministry of Defense had been established by the U.S. in 2004 after the prior iteration was dissolved. Exploitation against the ministries’ VPNs appears to have occurred at roughly the same time as a broader “all-out campaign to penetrate Iraqi networks,” described by an NSA staffer in 2005.

Blockchain is one of the hottest and potentially among the most disruptive technologies today. So naturally, it’s a magnet for the criminal element, which is skilled at keeping up with new digital trends and finding ways to cash in.

On Sunday, Aug. 12, KrebsOnSecurity carried an exclusive: The FBI was warning banks about an imminent “ATM cashout” scheme about to unfold across the globe, thanks to a data breach at an unknown financial institution. On Aug. 14, a bank in India disclosed hackers had broken into its servers, stealing nearly $2 million in fraudulent bank transfers and $11.5 million unauthorized ATM withdrawals from more than two dozen cash machines across multiple countries.

The recent boom in cyber crime means it is no longer a problem reserved for IT departments. It’s now a responsibility for the entire organisation – from C-level executives to those in marketing and sales, everyone must work together to tackle the threat.

Cryptocurrency projects can crash and burn if developers don’t predict how humans will abuse their blockchains. Once a decentralized digital economy is released into the wild and the coins start to fly, it’s tough to implement fixes to the smart contracts that govern them. That’s why Incentivai is coming out of stealth today with its artificial intelligence simulations that test not just for security holes, but for how greedy or illogical humans can crater a blockchain community. Crypto developers can use Incentivai’s service to fix their systems before they go live.

Nation state attackers are on the hunt for the next vulnerable target. No longer satisfied with infiltrating government institutions or mining for sensitive military data, they are broadening their efforts to target industrial facilities and businesses with the intent to destabilize and disrupt organizations and their countries.

The broken screen lit up. 3:24 AM. The air stood still, thick and heavy. Sammi tossed and turned, trying to soothe her aching body, but it was futile. She’s never been so uncomfortable in her own skin. The cracked screen lit up again as she typed: ‘Risks to baby—Purilexa.’ She had entered those keywords over a hundred times with varying combinations and always got the same results.

Rigorous regulations like GDPR and California’s Consumer Privacy Act will only become more prevalent, as long as our current cybersecurity landscape continues to suffer the near-crippling data breach affliction. Attackers seem to be one step ahead of defenders, constantly changing their attack vectors as new technologies become available, such as artificial intelligence and automated bots. But is coming up with new laws protecting or hindering our progress?

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

Bobby Franklin Contributor

• The startup community must defend merit-based immigration
• Ensuring foreign-born founders can grow their startups in the U.S.

President Trump’s time in office has been punctuated by rising tension with China on a host of economic issues. He’s received bipartisan criticism for the impact of tariffs on Chinese goods and the resulting retaliation against American exports.

We feel compelled to relay the dire warning from this Barclays snail-mail letter, which we acquired through social media, therefore it must be true.

This article by Andre Bourque originally appeared in Benzinga. Portions are republished below.

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, the FBI warned U.S. banks of a wide-scale cybercrime campaign called “ATM cash-out,” in which hackers use cloned ATM cards for fraudulent withdrawals. Also, a botnet called Necurs has begun a campaign of phishing emails targeting bank employees.