The threat intelligence event of the year is just around the corner—Detect '18! Join team ANOMALI and your fellow professionals at the Gaylord National Resort & Convention Center September 19-21, 2018 in National Harbor, Maryland for timely education and training on today’s most compelling, relevant threat intelligence topics, breakout sessions designed for all levels of experience, and insights from compelling customer presentations highlighting real-world threat intelligence big data issues. Register today!
August 29, 2018.
By The CyberWire Staff
The Apache Struts vulnerability patched last week is now undergoing active exploitation in the wild. Volexity reports that it's being used to run a cryptojacking campaign against unpatched systems.
A previously unknown Microsoft Windows local privilege escalation zero-day was announced on Twitter late Monday by "SandboxEscaper," whose Twitter account disappeared shortly thereafter. CERT/CC quickly verified that the zero-day was real, and that it worked against "a fully-patched 64-bit Windows 10 system." The vulnerability exists in Windows' Task Scheduler and has been given a CVSS score of 6.4—6.8. There are no known work-arounds, but Microsoft has also confirmed the issue, and is believed to be working on a patch.
The complexity of attribution and the correspondingly complicated connections among threat groups are on display in a Trend Micro account of "Urpage," whose activities are interestingly similar to those of Confucius, Patchwork, and Bahamut.
TheTruthSpy, which Motherboard and others call a "stalkerware" vendor, was hacked, losing logins, audio, images, text messages, and other data.
As operational technology experts at Applied Control Solutions continue to warn of potential security issues with power plant's process sensors, researchers at Cybereason point out that criminals also pose a threat to the grid. Unlike nation-states, cybercriminals may not mean to turn the power off, but they might do so inadvertently.
Reuters reports that an Iranian influence campaign major social media platforms have struggled with is bigger than initially believed. One indication of its size is the effort's linguistic reach: Reuters counts Iranian information operations in eleven languages.
Find out what solutions are emerging, peaking and working for cyber risk managers.
In this recently-released report, Gartner Research analysts apply their “hype cycle” framework to describe the related services, software platforms, applications, methods and tools that organizations can use to develop programs to withstand risk events or take advantage of risk-related opportunities. Read the Gartner report, “Hype Cycle for Risk Management, 2018” courtesy of Coalfire.
Rapid Prototyping Event: The Chameleon and the Snake(Columbia, Maryland, United States, September 17 - 20, 2018) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event that specifically targets malware signature diversity and signature measurement for Microsoft Windows in a simulated operational environment at a realistic pace. Join us September 17-20, 2018 at UMBC Training Center in Columbia, MD.
Wombat Wisdom Conference, September 18 to 20, 2018, Pittsburgh, PA(Pittsburgh, Pennsylvania, United States, September 18 - 20, 2018) Gain expert insights for strengthening your security awareness program at the Wombat Wisdom Conference, Sept. 18-20, 2018. Ideal for CISOs and infosec professionals looking to share ideas and actionable concepts for improving security awareness and training.
The force is stronger when MSPs and MSSPs come together.(Webinar, September 19, 2018) The managed service market has grown tremendously, with the demand for managed security being unprecedented. For managed service providers (MSPs) looking to answer those demands, partnering with a managed security services provider (MSSP) expands access to highly-skilled cyber security analysts and a full suite of security solutions. Join Delta Risk’s webinar, September 19 at 1 PM ET, to learn how the two sides can join forces.
5th Annual Cyber Security Conference for Executives(Baltimore, Maryland, United States, October 2, 2018) The 5th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Tuesday, October 2nd, in Baltimore, Maryland. This year’s theme is cybersecurity compliance and regulatory trends, and the conference will feature discussions with thought leaders across a variety of sectors. Join the discussion and learn about current and emerging cyber security threats to organizations, and how executives can better protect their enterprises. To receive the early-bird rate, register now!
Dragos Industrial Security Conference (DISC) 11/5/18(Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit https://dragos.com/disc/ for more information.
Exploit Published for Windows Task Scheduler Zero-Day(SecurityWeek) Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface, which can allow a local user to obtain SYSTEM privileges.
The Urpage Connection to Bahamut, Confucius and Patchwork(TrendLabs Security Intelligence Blog) We dig deeper into the possible connection between cyberattacks by focusing on the similarities an unnamed threat actor shares with Confucius, Patchwork, and another threat actor called Bahamut. For the sake of this report, we will call this unnamed threat actor “Urpage.”
Fiserv Flaw Exposed Customer Data at Hundreds of Banks(KrebsOnSecurity) Fiserv, Inc., a major provider of technology services to financial institutions, just fixed a glaring weakness in its Web platform that exposed personal and financial details of countless customers across hundreds of bank Web sites, KrebsOnSecurity has learned.
Remote Code Execution on packagist.org(Max Justicz) tl;dr There was a remote code execution vulnerability on packagist.org, the default package server behind Composer, a PHP package manager. Packagist currentl...
Air Canada confirms mobile app data breach(TechCrunch) Air Canada has confirmed a data breach on its mobile app, which the airline said may affect 20,000 people — or 1 percent — of its 1.7 million app users. The company said it had “detected unusual log-in behavior” occurring between August 22-24. According to an email to customers, attacke…
Cybercriminals Changing Tactics as Seen in First Half Report(Trend Micro) Today, Trend Micro released its first half 2018 security roundup report in which we want to share the threat intelligence we discovered through the Trend Micro™ Smart Protection Network™ that allows us to identify the threats that have targeted our customer base. Below are some thoughts I’d like to share with you about these trends...
UK Watchdog Warns Banks Scams Are Not Users Fault(Information Security Buzz) In response to the news that the financial ombudsman has come out today saying that banks should not assume victims are at fault, James Romer, Chief Security Architect at SecureAuth + Core Security and David Kennerley, Director of Threat Research at Webroot commented below. James Romer, Chief Security Architect at SecureAuth + Core Security: “Cybercriminals dedicate …
Senators Criticize Google CEO for Declining to Testify(BloombergQuint) Google’s Sundar Pichai is facing bipartisan criticism for refusing to testify at a Senate Intelligence Committee hearing next week, but the panel’s chairman signaled he’s unlikely to issue a subpoena to force the chief executive officer to appear.
We should all be worried about Google’s power(New York Post) Tuesday brought endless commentary and reporting on how President Trump was being utterly ridiculous and conspiratorial to accuse Google of bias in its search algorithms. Funny: Just over a year ag…
Bark brings in $9M to help parents track their kids’ online activity(TechCrunch) Not to be confused with a dog-walking startup, Bark is a watchdog for kids’ and teens' internet security. Today it announces a $9 million Series A led by Signal Peak Ventures, with participation from Two Sigma Ventures, Symmetrical Ventures, Fuel Capital, Hallett Capital and Atlanta Seed Company.
Splunk Growth Outpacing Competitors(BusinessWire) Splunk Inc. (NASDAQ: SPLK), first in delivering “aha” moments from machine data, today announced the company's continued growth in IT Operations Analy
Qualys Boosts Its Government Platform(Seeking Alpha) In June, Qualys announced that it entered into a non-binding letter of intent to purchase Second Front Systems. The acquisition is expected to provide increased
MITRE names new cyber and security chief(Fifth Domain) The position is responsible for the cyber strategy and protection from physical and digital attacks of the MITRE corporation, a nonprofit organization that manages federal research.
Experian Rolls Out Child Identity Theft Scan(PYMNTS.com) To help parents protect against child identity theft, Experian is rolling out a Child ID scan. The service comes as 1 million children had their identities stolen last year, and Experian has designated Saturday (Sept. 1) as Child Identity Theft Awareness Day, the company said in an announcement. The scan seeks to find if a […]
Symantec Simplifies Cloud Migration with Management Center 2.0(Markets Insider) Symantec Corp. (NASDAQ: SYMC), the world’s leading cyber security company, has announced significant enhancements to Symantec Management Center.
Symantec Corp. (NASDAQ: SYMC), the world’s leading cyber security
company, has announced significant enhancements to Symantec
Understanding the threat key to good cyber defence(The Business Times) ONE indirect result of the SingHealth cyberbreach - in which digital records of 1.5 million patients were stolen - has been that there is now growing realisation within South-east Asia that data breaches and cyber attacks do not happen only in the West.
Norwich gets $3.5 million NSF grant for cybersecurity scholarships(Vermont Business Magazine) Vermont Business Magazine Norwich University has received a $3.58 million grant from the National Science Foundation (NSF) as part of a “Scholarship for Service” program, in which student-recipients majoring in computer security and information assurance commit to work for the federal government following graduation.
Surveillance legislation: Government’s ‘lip service’ on backdoors(Computerworld) Draft government legislation intended to increase law enforcement organisations’ ability to monitor the use of online communications services pays “some lip service to not creating backdoors”, according to Robin Doherty, a privacy advocate and a security champion at software consultancy ThoughtWorks.
“Your voter data is secure,” Oklahoma agencies prepare for runoff elections(KFOR.com) As Oklahomans prepare to vote in the runoff primary election Tuesday, the state's election board said there are "no specific threats" to security. "We’re working with our partner agencies to make sure we’re doing everything we can to protect the integrity and security of elections in Oklahoma," said Paul Ziriax, secretary of the Oklahoma State Election Board.
A Proposed Agenda for a New PCLOB(Lawfare) The inquorate privacy watchdog may be back in action soon. If so, it should review the NSA’s call detail records program, Section 702, and the disparate impact of surveillance on minorities.
Focusing on the long tail of cybersecurity(FCW) DHS wants to use its new risk management center to buy down cybersecurity risks over the long term while leaving operational cyber incident response duties to the NCCIC.
Devin Nunes’s Curious Trip to London(The Atlantic) The chairman of the House Intelligence Committee flew to London to gather intel on Christopher Steele, the former British intelligence officer who compiled the dossier alleging Trump-campaign ties with Russia. But MI5, MI6, and GCHQ didn’t seem interested.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
The Air Force Information Technology & Cyberpower Conference(Montgomery, Alabama, USA, August 27 - 29, 2018) As the premiere Air Force cyber security annual event, the Air Force Information Technology & Cyberpower Conference (AFITC) returns to Montgomery, Alabama in August of 2018. As a critical intersection...
National Cyber League Fall Season(Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
The Cyber Security Summit: Chicago(Chicago, Illinois, USA, August 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
Intelligence & National Security Summit(National Harbor, Maryland, USA, September 4 - 5, 2018) The Intelligence & National Security Summit is the premier forum for unclassified, public dialogue between the U.S. Government and its partners in the private and academic sectors. The 2018 Summit will...
Cyber Resilience & Infosec Conference(Abu Dhabi, UAE, September 5 - 6, 2018) Interact with the top-notch cyber security specialists, learn new strategies and protect your company's future efficiently
Incident Response 18(Arlington, Virginia, USA, September 5 - 6, 2018) If you work for a vendor or product company, please understand this is not a sales event. IR18 is a community-driven event that aims to disrupt the traditional approach and is more focused on community,...
9th Annual Billington CyberSecurity Summit(Washington, DC, USA, September 6, 2018) The mission of Billington CyberSecurity is to bring together thought leaders from all sectors to examine the state of cybersecurity and highlight ways to enhance best practices and strengthen cyber defenses...
SecureWorld Twin Cities(Minneapolis, Minnesota, USA, September 6, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...
2018 International Information Sharing Conference(Tysons Corner, Virginia, USA, September 11 - 12, 2018) Join representatives from fellow information sharing groups with all levels of expertise, security practitioners, major technology innovators, and well-established cybersecurity organizations, as they...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.