The threat intelligence event of the year is just around the corner—Detect '18! Join team ANOMALI and your fellow professionals at the Gaylord National Resort & Convention Center September 19-21, 2018 in National Harbor, Maryland for timely education and training on today’s most compelling, relevant threat intelligence topics, breakout sessions designed for all levels of experience, and insights from compelling customer presentations highlighting real-world threat intelligence big data issues. Register today!
August 31, 2018.
By The CyberWire Staff
Senior US counterintelligence official William Evanina warned that Chinese intelligence services are actively using LinkedIn to recruit American agents. Much of the activity involves catphishing. British and German security authorities had earlier issued similar warnings.
A cyberspy crew called "WindShift" is exploiting MacOS vulnerabilities in an espionage campaign directed against the Gulf Cooperation Council (Saudi Arabia, Kuwait, the UAE, Qatar, Bahrain and Oman). The malware payload is distributed in spearphishing attacks. There's no further attribution from Dark Matter, the company announcing the discovery. They promise more details later.
Qihoo 360 warns that GlobeImposter ransomware is now out in more than twenty variants, and they expect it to continue to evolve and spread. The researchers consider it the most troubling family of ransomware currently in circulation.
Russia would like to block the Telegram encrypted messaging service, but their attempts have been unsuccessful. The organs haven't yet come up with a way of stopping Telegram without also stopping a lot of other traffic, and that's unacceptable collateral damage.
The Five Eyes met this week and reaffirmed their commitment to cooperating in cyberspace, especially with respect to counterterrorism, human trafficking, and law enforcement, but also to stop "foreign" (read here, mostly, "Russian," with a touch of the other Familiar Four) influence operations. They also indicate that there will be no near-term surrender in the Crypto Wars.
Google's Titan security key, introduced recently with pride and aplomb, is manufactured in China, which has prompted spoilsports to ask for some transparency about supply chain security.
Today's issue includes events affecting Australia, Bahrain, Brazil, Canada, China, Kenya, Kuwait, Lithuania, New Zealand, Oman, Qatar, Romania, Russia, Saudi Arabia, United Arab Emirates, United Kingdom, United States.
Monday is Labor Day here in the US, and we'll be observing the Federal holiday by taking the day off, probably to hit the Maryland State Fair up in Timonium. We'll resume normal publication and podcasting on Tuesday. Take a breather if you can, and see you next week.
Find out what solutions are emerging, peaking and working for cyber risk managers.
In this recently-released report, Gartner Research analysts apply their “hype cycle” framework to describe the related services, software platforms, applications, methods and tools that organizations can use to develop programs to withstand risk events or take advantage of risk-related opportunities. Read the Gartner report, “Hype Cycle for Risk Management, 2018” courtesy of Coalfire.
Rapid Prototyping Event: The Chameleon and the Snake(Columbia, Maryland, United States, September 17 - 20, 2018) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event that specifically targets malware signature diversity and signature measurement for Microsoft Windows in a simulated operational environment at a realistic pace. Join us September 17-20, 2018 at UMBC Training Center in Columbia, MD.
Wombat Wisdom Conference, September 18 to 20, 2018, Pittsburgh, PA(Pittsburgh, Pennsylvania, United States, September 18 - 20, 2018) Gain expert insights for strengthening your security awareness program at the Wombat Wisdom Conference, Sept. 18-20, 2018. Ideal for CISOs and infosec professionals looking to share ideas and actionable concepts for improving security awareness and training.
The force is stronger when MSPs and MSSPs come together.(Webinar, September 19, 2018) The managed service market has grown tremendously, with the demand for managed security being unprecedented. For managed service providers (MSPs) looking to answer those demands, partnering with a managed security services provider (MSSP) expands access to highly-skilled cyber security analysts and a full suite of security solutions. Join Delta Risk’s webinar, September 19 at 1 PM ET, to learn how the two sides can join forces.
5th Annual Cyber Security Conference for Executives(Baltimore, Maryland, United States, October 2, 2018) The 5th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Tuesday, October 2nd, in Baltimore, Maryland. This year’s theme is cybersecurity compliance and regulatory trends, and the conference will feature discussions with thought leaders across a variety of sectors. Join the discussion and learn about current and emerging cyber security threats to organizations, and how executives can better protect their enterprises. To receive the early-bird rate, register now!
Dragos Industrial Security Conference (DISC) 11/5/18(Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit https://dragos.com/disc/ for more information.
The anatomy of fake news: Rise of the bots(Help Net Security) Social SafeGuard analysed the impact and techniques leveraged by bots, and looked at bots attributed to Russian disinformation campaigns on Twitter.
Russia Tries More Precise Technology to Block Telegram Messenger(NDTV Gadgets360.com) Russia is experimenting with more precise technology to block individual online services after an attempt to shut down banned messaging service Telegram failed, but Moscow has yet to find a way to shut it down without hitting other traffic.
Double the Infection, Double the Fun(Arbor Networks Threat Intelligence) Executive Summary Cobalt Group (aka TEMP.Metastrike), active since at least late 2016, have been suspected in attacks across dozens of countries. The group primarily targets financial organizations, often with the use of ATM malware. Researchers also believe they are responsible for a series of attacks on the SWIFT
Malware brings county computers down for over a week(Benitolink: San Benito County News) San Benito County government computers have been down more than a week after the system was taken offline Aug. 18, when a malware virus was found in the system. Kevin O’Neill, manager of the San Benito County Office of Emergency Services, confirmed Aug. 27 that the county’s computer servers had been offline for nine days.
How Hackers Hit Printers (Dark Reading) New Booz Allen Hamilton report advises companies to include printers in their overall security strategy.
Security Patches, Mitigations, and Software Updates
Philips Mitigation Plan for e-Alert Unit(ISS Source) Philips released one update that handles some vulnerabilities and will release another to take of other ones in its e-Alert Unit (non-medical device), according
Brazilian Moviemakers Tackle Harms of Cyber Bullying(Folha de S.Paulo) When it comes to cyberbullying, Brazil is ranks at the very top. The country rates second in frequency of internet-based attacks, according to a recent Ipsos survey in 28 countries. Three in every ten Brazilian parents said that their children have been victims of this kind of bullying. Two new
Twitter will begin labeling political ads about issues such as immigration(Washington Post) Twitter announced Thursday that it would begin requiring organizations that purchase ads on topics like abortion healthcare reform and immigration to disclose more information about themselves to users as the tech giant looks to ensure that Russian agents don't spread propaganda ahead of the 2018 election.
What Is AIOps? Introducing SysTrack 8.4(Lakeside) Few times in a company’s lifetime does a new release introduce truly revolutionary functionality. Today, I am happy to share with you a bit more about our latest release promising just that: SysTrack 8.4.
Beyond the Firewall - Different Rules for East-West Traffic(CSO Online) Network firewalls were created to block unauthorized content and code from the network while ensuring the unimpeded flow of data packets vital to the operations of the enterprise. But they were designed to intercept external incursion, not prevent security issues inside the network.
Will cyber insurance help with data breach?(AZ Big Media) An amended Arizona law that went into effect in August requires companies to notify consumers affected by a data breach within 45 days of the breach or face up to $500,000 in penalties. Your standard commercial insurance policy is written to ensure against injury or physical loss and will do little, if anything, to protect you from a data breach. So how can cyber insurance protect businesses? Az Business talked with Jennifer Chenault, sales executive for Lovitt!
Amazon is quietly doubling down on cryptographic security(TechCrunch) The growth of cloud services — with on-demand access to IT services over the Internet — has become one of the biggest evolutions in enterprise technology, but with it, so has the threat of security breaches and other cybercriminal activity. Now it appears that one of the leading compani…
Five Country Ministerial 2018: Official Communiqué(Australian Government Department of Home Affairs) We, the Homeland Security, Public Safety, and Immigration Ministers of Australia, Canada, New Zealand, the United Kingdom, and the United States met on the Gold Coast, Australia, on August 28-29 2018, to discuss how we can better collaborate to meet our common security challenges.
Statement of Principles on Access to Evidence and Encryption(Australian Government Department of Home Affairs) The Governments of the United States, the United Kingdom, Canada, Australia and New Zealand are committed to personal rights and privacy, and support the role of encryption in protecting those rights. Encryption is vital to the digital economy and a secure cyberspace, and to the protection of personal, commercial and government information. However...
Lithuanian Media Sign Pact With Govt to Counter Hackers(SecurityWeek) Lithuania's major online media outlets signed an agreement to share information and strategies with government, while press representatives will be able to attend meetings of the National Cyber Security Council.
Luetkemeyer drafts narrow breach-notice bill focused on financial sector(Inside Cybersecurity) Rep. Blaine Luetkemeyer (R-MO), chairman of a Financial Services subcommittee, is drafting data security and breach notice legislation that would apply only to the financial sector, with an eye toward marking up the measure in September, according to a source close to the panel.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Cyber Defense Summit 2018(Washington, DC, USA, October 1 - 4, 2018) FireEye's annual Cyber Defense Summit will feature both training and an opportunity to hear from the experts. Introductory, intermediate and advanced training courses will be provided during the first...
Geneva Information Security Day(Geneva, Switzerland, October 12, 2018) Geneva Information Security Day (GISD) is a leading European cybersecurity conference created as a vendor-independent platform for open and actionable discussion of emerging digital threats and remedies,...
Wild West Hackin’ Fest(Deadwood, South Dakota, USA, October 25 - 26, 2018) We’re back for another year of amazing talks, great company and exciting hands-on hacking labs. It will be hard to top our amazing inaugural year, but we’ve taken your feedback and plan to make this event...
National Cyber League Fall Season(Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
Intelligence & National Security Summit(National Harbor, Maryland, USA, September 4 - 5, 2018) The Intelligence & National Security Summit is the premier forum for unclassified, public dialogue between the U.S. Government and its partners in the private and academic sectors. The 2018 Summit will...
Cyber Resilience & Infosec Conference(Abu Dhabi, UAE, September 5 - 6, 2018) Interact with the top-notch cyber security specialists, learn new strategies and protect your company's future efficiently
Incident Response 18(Arlington, Virginia, USA, September 5 - 6, 2018) If you work for a vendor or product company, please understand this is not a sales event. IR18 is a community-driven event that aims to disrupt the traditional approach and is more focused on community,...
9th Annual Billington CyberSecurity Summit(Washington, DC, USA, September 6, 2018) The mission of Billington CyberSecurity is to bring together thought leaders from all sectors to examine the state of cybersecurity and highlight ways to enhance best practices and strengthen cyber defenses...
SecureWorld Twin Cities(Minneapolis, Minnesota, USA, September 6, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.