Looking for an introduction to AI for security professionals?
Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.
November 21, 2017.
By The CyberWire Staff
Saudi security officials have confirmed that the Kingdom has been hit by the MuddyWaters espionage campaign described last week by Palo Alto Networks. There is no attribution, yet.
North Korea, exploiting its (rare) diplomatic relationship with India, has used Indian infrastructure for money-making cybercrime on behalf of Pyongyang. The DPRK's Lazarus Group is changing its tactics, concentrating on mobile targets. A purge of DPRK intelligence is also in progress.
Cryptocurrencies continue to draw hackers and frauds. Tether, a company offering US-dollar-backed cryptocoin, said that it had been looted of more than $30 million. It's working on recovery. And Confido, a start-up Ethereum platform offering blockchain-based payment and shipment tracking services, disappeared after collecting $375 thousand in an Initial Coin Offering.
Lonely business leaders, Kaspersky says, are increasingly susceptible to catphishing, whispering corporate secrets to fictitious personae pitching online woo. (CISOs: add dating sites to your risk calculi.)
Rewards points accounts are increasingly attractive to Russian hackers, who cash them in for "five-star holidays." (Britons appear to be the most-looted rewards-points accumulators.)
Malicious flashlight apps for Android devices served banking malware from Google Play.
Only three non-shopping days until Black Friday. RiskIQ Says about one in twenty-five Black Friday shopping apps for sale in various "official app stores" are malicious. But consumers are undeterred, with few signs of caution or restraint on the horizon this week. They also appear largely indifferent to the creepy potential for exploitation connected toys offer.
Amazon is offering a new, secure cloud service for intelligence agencies.
Whether you're focused on IT or national security, exploits and data loss incidents put your mission at risk. Your current tools assess and analyze content after it's breached your network - they all work right of boom. It's only a matter of time until boom happens to you. Don't let it. getleftofboom.com
Another podcast you'll be sure to enjoy is Episode 32 of Recorded Future's threat intelligence podcast: "The Practical in Practice — Use Cases for Threat Intelligence," produced in cooperation with the CyberWire. This one takes a closer look at the practical application of threat intelligence, including use cases from Facebook and Akamai, with a particular emphasis on the importance of context.
Cyber Security Summit: Los Angeles(Los Angeles, California, USA, November 29, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security on November 29 in Los Angeles. Register with promo code cyberwire50 for half off your admission (Regular price $350).
Cyber Attacks, Threats, and Vulnerabilities
Saudi agency says country targeted in cyber spying campaign(Reuters) Saudi Arabian security officials said on Monday that the country had been targeted as part of a wide-ranging cyber espionage campaign observed since February against five Middle East nations as well as several countries outside the region.
Terdot Banking Trojan Grows Into a Sophisticated Threat(BleepingComputer) Everything else is new, and there's a lot of it. According to Bitdefender, Terdot can also operate a local MitM proxy server to sniff and reroute web traffic, can target more than just banking sites, and can also download and execute files from a remote server.
Wp-Vcd WordPress Malware Campaign Is Back(BleepingComputer) WordPress site owners should be on the lookout for a malware strain tracked as wp-vcd that hides in legitimate WordPress files and that is used to add a secret admin user and grant attackers control over infected sites.
Windows 8 and Later Fail to Properly Apply ASLR(Security Week) Address Space Layout Randomization (ASLR) isn’t properly applied on versions of Microsoft Windows 8 and newer, an alert from Carnegie Mellon University-run CERT Coordination Center (CERT/CC) warns.
Flaw in F5 Products Allows Recovery of Encrypted Data(Security Week) A crypto vulnerability affecting some F5 Networks products can be exploited by a remote attacker for recovering encrypted data and launching man-in-the-middle (MitM) attacks, the company told customers on Friday.
‘Zim fertile ground for hackers'(NewsDay Zimbabwe) Zimbabwe is recognised by the global hacking community as a “low hanging fruit” meaning that the country’s information technology systems are an easy target, leaving financial and business systems very vulnerable to attack, a new report has shown.
Why Cybersecurity Unemployment Will Remain at Zero(Security Boulevard) Now that we have a confirmed zero-unemployment problem in Cybersecurity, even with the recent addition of some Equifax, Target and Home Depot professionals, it is time to revisit the mis-configured target for information security professionals.
StartCom CA to Shut Down After Ban by Browser Vendors(Security Week) The board of directors of China-based certificate authority StartCom announced on Friday that it has decided to shut down the company following the decision of major browser vendors to ban its certificates.
Lockheed Martin Arm Wins Satellite Communication Security Deal(NASDAQ.com) Defense major Lockheed Martin Corp. 's LMT Space Systems business unit secured a modification contract for providing engineering and interim logistics services as well as delivering spares and associated material, related to Mobile User Objective System (MUOS). Work related to the deal is expected to be over by November 2020.
Warburg Pincus Commences Cash Tender Offer for Ordinary Shares of Cyren Ltd.(Business Insider) Warburg Pincus, a global private equity firm focused on growth investing, announced today that WP XII Investments B.V., an entity controlled by funds affiliated with Warburg Pincus (the "Purchaser"), has commenced a cash tender offer to purchase up to 31,265,358 million ordinary shares ("Cyren shares") of Cyren Ltd., a global Internet Security-as-a-Service provider ("Cyren") (NASDAQ: CYRN), for $2.50 per share.
Secureworks Releases Open Source IDS Tools(Security Week) Secureworks has released two open source tools, Flowsynth and Dalton, designed to help analysts test rules for intrusion detection systems (IDS) and intrusion prevention systems (IPS) such as Snort and Suricata.
Keep Cyber Marines in the Fight(US Naval Institute Proceedings) The loss of talented, experienced enlisted Marines in the cyber operations field is a threat to the Corps’ effectiveness in the 21st century.
Stanford's Applied Cryptography Group Aims to Bulletproof Bitcoin - Bitcoin News(Bitcoin News) Stanford University’s Applied Cryptography Group (ACG) is proposing Bulletproofs, a way to drastically reduce blockchain data, roughly ten-fold. The ACG team argues how using aggregation for transaction proofs and reducing block size will result in two goals long sought in Bitcoin, confidentiality and speed.
An Illustration: Understanding the Impact of Section 702 on the Typical American(NSA) The U.S. Intelligence Community relies on Section 702 of the Foreign Intelligence Surveillance Act in the constant hunt for information about foreign adversaries determined to harm the nation or our allies. The National Security Agency (NSA), for example, uses this law to target terrorists and thwart their plans. In a time of increasing cyber threats, Section 702 also aids the Intelligence Community's cybersecurity efforts.
Seoul: 2 top North Korean military officers punished(Military Times) South Korea’s spy agency told lawmakers Monday that North Korea has punished two of its top military officers, including one widely seen as its second-most powerful official, during a highly unusual inspection of the military’s powerful political bureau.
US sanctions 'network' accused of forging money for Iran(Al-Monitor) The United States on Monday imposed sanctions on a network individuals and companies accused of forging money to help Iran's Revolutionary Guards, officials announced. The sanctions targeted four companies and two individuals involved in printing cou nterfeit Yemeni currency to benefit Iran, including Iranian national Reza Heidari and Mahmoud Seif, whose nationality was not given,...
Mueller's Team Raises Questions About Possible Defense Conflicts(New York Law Journal) Special Counsel Robert Mueller III’s team raised concerns Monday that a defense lawyer for Rick Gates a former business partner of Paul Manafort could have a conflict of interest that prevents him from participating in the money laundering case against the two men in Washington federal court.
Five new revelations in the Russian uranium case(TheHill) Evidence gathered by an FBI undercover informant conflicts with several media reports as well as statements by Justice officials concerning the connections between a Russian nuclear bribery case and the Obama administration's approval of the sale
Correcting the Record on vDOS Prosecutions(KrebsOnSecurity) KrebsOnSecurity recently featured a story about a New Mexico man who stands accused of using the now-defunct vDOS attack-for-hire service to hobble the Web sites of several former employers.
Hung Jury, Partial Verdict In Finjan-Blue Coat IP Rematch(Law360) A California federal jury Monday found that Blue Coat infringed two of Finjan’s online security patents, but cleared the Symantec unit on two other patents and hung on two more, awarding $490,000, far less than the $39.5 million Finjan received in prior litigation.
Cisco and INTERPOL Collaborate to Combat Cybercrime(Marketwired) Cisco (NASDAQ: CSCO), the worldwide technology leader, and INTERPOL, the world's largest international police organization, have today announced an agreement to share threat intelligence as the first step in jointly fighting cybercrime.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Global Cyber Security in Healthcare & Pharma Summit(London, England, UK, May 3 - 4, 2018) The number of cyber-attacks in healthcare is on the rise, and the industry must do more to prevent and respond to these incidents. The Global Cyber Security in Healthcare & Pharma Summit 2018 will bring...
The 3rd Annual Billington INTERNATIONAL Cybersecurity Summit(Washington, DC, USA, November 21, 2017) The 3rd Annual Billington International Cybersecurity Summit on March 21 in Washington, D.C. at the National Press Club, will attract over 400 attendees at the leading forum on global cybersecurity in...
Aviation Cyber Security(London, England, UK, November 21 - 22, 2017) Join us on November 21/22 in London, England for the Cyber Senate Aviation Cyber Security Summit. We will address key issues such as the importance of information sharing and collaboration, supply chain...
Global Conference on Cyberspace (GCCS)(New Dehli, India, November 23 - 24, 2017) The Global Conference on Cyberspace (GCCS) aims to deliberate on the issues related to promotion of cooperation in cyberspace, norms for responsible behaviors in cyberspace and to enhance cyber capacity...
AutoMobility LA(Los Angeles, California, USA, November 27 - 30, 2017) The Los Angeles Auto Show Press & Trade Days and Connected Car Expo have MERGED to form AutoMobility LA, the new auto industry’s first true trade show. Register to join us in Los Angeles this November.
CyberCon 2017: Beyond Cybersecurity(Pentagon City, Virginia, USA, November 28, 2017) The cyber front is about more than just security. Defending in cyberspace takes a holistic approach, encompassing technology, policy and people. That’s why we’re bringing together military, intelligence...
INsecurity(National Harbor, Maryland, USA, November 29 - 30, 2017) Organized by Dark Reading, the web’s most trusted online community for the exchange of information about cybersecurity issues. INsecurity focuses on the everyday practices of the IT security department,...
INsecurity(National Harbor, Maryland, USA, November 29 - 30, 2017) INsecurity is for the defenders of enterprise security—those defending corporate networks—and offers real-world case studies, peer sharing and practical, actionable content for IT professionals grappling...
Cyber Security, Oil, Gas & Power 2017(London, England, UK, November 29 - 30, 2017) ACI’s Cyber Security - Oil, Gas, Power Conference will bring together key stakeholders from energy majors and technology industries, to discuss the challenges and opportunities found in the current systems.
Cyber Security Summit Los Angeles(Los Angeles, California, USA, November 30, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Los Angeles. Receive...
cyberSecure(New York, New York, USA, December 4 - 5, 2017) cyberSecure is a unique cross-industry conference that moves beyond the technology of cyber risk management, data security and privacy. It brings together corporate leaders from multiple function areas...
cyberSecure(New York, New York, USA, December 4 - 5, 2017) cyberSecure is a unique cross-industry conference that moves beyond the technology of cyber risk management, data security and privacy. Unlike other cybersecurity events, cyberSecure brings together corporate...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.