Three quick updates on investigations into apparent state-sponsored cyber operations. The US Department of Homeland Security's cybersecurity lead Jeanette Manfra said that Russia's GRU (Fancy Bear) targeted voter registration data in twenty-one states, and succeeded in "a few" cases. She said data were not manipulated during the incidents, which have been discussed on-and-off since late 2016.
An AP report describes another Fancy Bear campaign, this one a phishing expedition against mostly US Defense contractors for technical intelligence.
And the third is an update on North Korea's exploitation of a Flash Player zero-day against South Korean targets. Investigators believe Pyongyang purchased the zero-day from some third-party.
Netskope has a report on a newly discovered strain of malware, "ShortJSRAT," that uses cloud apps to deliver malicious Windows scriptlets.
Cylance offers a report on the URSNIF family of information stealers.
Researchers at Radiflow report finding a cryptominer infestation in a European water utility, marking cryptojacking's long-expected approach to the industrial Internet-of-things.
A malicious Reddit spoof site has been found-it's engaged in credential harvesting.
If you thought the Nigerian prince scam was exposed and over, think again: a variant is using Twitter to inveigle marks out of cryptocurrency.
A US-led international effort has taken down the long-running "Infraud" carding gang, thought responsible for more than $530 million in losses to consumers over the last seven years. Thirty-six alleged hoods have been indicted; thirteen of them are in custody, the rest on the lam.
Intel has issued another Spectre patch, this for its Skylake chips.
Today's edition of the CyberWire reports events affecting Australia, France, Israel, Italy, Japan, Democratic Peoples Republic of Korea, Republic of Korea, Kosovo, Poland, Russia, Serbia, Ukraine, United Kingdom, United States.
The board and cyber-risk oversight: Crown Jewels Risk Assessments.
Corporate directors want to review cybersecurity risk and assist security leaders in protecting critical assets. Learn how to identify what matters the most and how to collaboratively assess and treat cyber risk using Crown Jewels Risk Assessments.
Cyber Security Summits: February 13 in Silicon Valley & Atlanta on February 28(Silicon Valley, California, USA, February 13, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Darktrace, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350) https://CyberSummitUSA.com
Compete to win prize money plus the chance to be DataTribe’s next big investment(Online, March 23 - April 25, 2018) The DataTribe Inaugural Cyber Funding Competition: We put real firepower behind every idea. If you're part of a entrepreneurial technology team with a vision to disrupt cybersecurity and data sciences — we want to enhance your growth prospect with the opportunity for a DataTribe-financed seed capital of $2,000,000. Plus possible millions more in a Series A Venture Capital Round. The top three finalists will share $20,000 in prize money.
'Fancy Bear' hackers took aim at US defense contractors(Fifth Domain) The hackers known as Fancy Bear, who also intruded in the U.S. election, went after at least 87 people working on militarized drones, missiles, rockets, stealth fighter jets, cloud-computing platforms or other sensitive activities.
North Korea Might Be Behind The World's Largest Crypto Heist(ValueWalk) January’s Coincheck hack was the biggest crypto heist since the 2014 disappearance of about $470 million worth of Bitcoins from the Mt. Gox exchange. Coincheck, which halted withdrawals after detecting the infiltration on Jan. 26, said it was bolstering its security systems and that it would be resuming
ShortJSRAT leverages cloud with scriptlets(Netskope) Netskope Threat Research Labs has identified a new malware named “ShortJSRAT” which uses a Windows script component scriptlet file with a .sct extension. The scripts we observed used cloud apps for delivering the next stage payloads. These payloads are executed using the “Squiblydoo” technique which use native windows applications to bypass application whitelisting solutions like...
Threat Spotlight: URSNIF Infostealer Malware(Cylance) URSNIF (Gozi) is a multifaceted malware family with an emphasis on information stealing that has been leveraged to exfiltrate sensitive data from targets, and has been particularly pervasive throughout 2016 and 2017.
BusinessWire Cyber-Attack(Information Security Buzz) In response to today’s Reuters report that global news distribution service BusinessWire, owned by Warren Buffett’s Berkshire Hathaway Inc., has been hit with a sustained distributed denial of service (DDoS) cyberattack that continued as of February 6, 2018, experts with Corero and Juniper Networks commented below. Stephanie Weagle, VP of Marketing at Corero Network Security: “Cyber attackers can quickly and easily launch a …
Hotspot Shield VPN flaw can betray users' location(Help Net Security) A Hotspot Shield VPN flaw can be exploited by attackers to obtain sensitive information that could be used to discover users' location and, possibly and ultimately, their real-world identity.
Malicious Reddit Clone Tricking Users Into Handing Over Logins - Information Security Buzz(Information Security Buzz) A malicious Reddit spoof site (Reddit.co) is convincing users to hand over their usernames and passwords. What’s particularly dangerous about this site is that it actually shows up as secure in your browser (image attached), as it has a valid SSL Certificate. Security experts at Venafi and RSA Security commented below. Azeem Aleem, Director, Advanced Cyber Defence Practice …
When crypto-mining malware hits a SCADA network(Help Net Security) Radiflow has recently discovered Monero-mining malware on five servers of a water utility company. These servers included the HMI (Human Machine Interface), which was also the control server of the physical processes of the company.
Source code for iOS 9's 'iBoot' component reportedly leaks online(AppleInsider) Source code for what is claimed to be the iBoot component of Apple's iOS, software that handles secure booting of the operating system, was published on GitHub by an unknown party on Wednesday, a development that could lead to the discovery and exploitation of currently unknown vulnerabilities.
Third party cyber breach risk set to rise(ComputerWeekly) Third party cyber security risk should always have been a priority, but this has never been more important than it is now in light of new technology risks and data protection regulations.
Akamai Targets Rising: CEO Leighton Discusses Diversification(Barron's) Shares of Akamai, which facilitates the movement of bandwidth-heavy content, are on the march as analysts raise their price targets following the company's better-than-expected quarterly report. CEO Tom Leighton makes the case for Akamai's increasing diversification in its lines of business, especially security, though bearish observers insist the business is still "structurally challenged."
Keysight chooses new head of Ixia Group(RCR Wireless News) Keysight Technologies has made its choice for the new president of its Ixia Group, and interim group President Mark Pierpoint will officially take the role of president for the long term.
Cylance Releases New Prevention-Focused Security Solutions(Cylance) Cylance is pleased to announce new releases of their prevention-focused security products, CylancePROTECT® and CylanceOPTICS™, delivering capabilities designed to further decrease the noise and clutter of the security stack.
Too Busy To Train? The Navy’s Cyber Dilemma(Breaking Defense) The Navy’s overworked IT teams need new “virtual training tools” and more time to train, especially for all-out cyber/electronic warfare against a high-end adversary, the commander of Naval Information Forces said here Tuesday.
5G Network – Will The USG Throw It’s Hat into the Ring?(CyberDB) According to recent reports, the United States government is considering building a 5G network, a step designed to bolster the country’s cyber security posture and guard against attacks, particularly from nation states believed to be conducting hostile acts of espionage.
Senators propose bill to block U.S. from using Huawei, ZTE equipment(Reuters) Two Republican Senators introduced legislation on Wednesday that would block the U.S. government from buying or leasing telecommunications equipment from Huawei Technologies Co Ltd or ZTE Corp, citing concern the Chinese companies would use their access to spy on U.S. officials.
U.S. shuts down cyber crime ring launched by Ukrainian(Reuters) The U.S. Justice Department announced one of its largest-ever takedowns of a global cyber crime ring on Wednesday, saying it had indicted 36 people accused of trafficking in stolen identities and causing more than $530 million in losses to consumers.
World Police Take Down "Infraud" Carding Operation(BleepingComputer) The US Department of Justice (DOJ) has charged 36 suspects for their role in Infraud, a cyber-criminal organization that has been involved in the acquisition, sale, and dissemination of stolen identities, stolen debit and credit card data, personally identifiable information (PII), financial and banking information, computer malware,
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
PrivacyCon 2018(Washington, DC, USA, February 28, 2018) The 2018 PrivacyCon will expand collaboration among leading privacy and security researchers, academics, industry representatives, consumer advocates, and the government. As part of this initiative, the...
SecureWorld Charlotte(Charlotte, North Carolina, USA, February 8, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...
Cyber Security Summit: Silicon Valley(San Jose, California, USA, February 13, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts.
Security Titans(Scottsdale, Arizona, USA, February 23, 2018) Security Titans is a ground-breaking event, bringing the biggest names in Information Security together - all in one day, on a single stage to give the nation's cyber security industry access to the very...
CyberThreat 18(Westminster, England, UK, February 27 - 28, 2018) Hosted by the UK’s National Cyber Security Centre, a part of GCHQ, and the SANS Institute, CyberThreat18 brings together a packed schedule of talks on a broad range of familiar and less familiar topics...
Midlands Cyber: US Cyber Market Workshop(Lutterworth, England, UK, February 27, 2018) We are delighted to announce that we will be running two workshops, led by Andy Williams, the International Director of the iCyber Centre @bwtech, Maryland. The workshops have been tailored by the team...
European Cybersecurity Forum – CYBERSEC Brussels(Brussels, Belgium, February 27, 2018) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of...
The Cyber Security Summit: Atlanta(Atlanta, Georgia, USA, February 28, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
SINET ITSEF 2018(Silicon Valley, California, USA, March 7 - 8, 2018) Bridging the gap between Silicon Valley and the Beltway. SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment...
PCI Security Standards Council Middle East and Africa Forum(Cape Town, South Africa, March 14 - 15, 2018) Don’t miss the data security event of the year for the payment card industry. Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes...
SecureWorld Boston(Boston, Massachussetts, USA, March 14 - 15, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...
Cyber 9-12(Washington, DC, USA, March 16 - 17, 2018) Now entering its fifth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges...
3rd Annual Billington International Cybersecurity Summit(Washington, DC, USA, March 21, 2018) With confirmed speakers from Estonia, Romania, Singapore, Sweden, the United States, and Kuwait, and with attendees from many more countries, this summit brings together world-class cybersecurity thought...
Infosecurity Magazine North America Virtual Conference(Online, March 21 - 22, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and...
The Cyber Security Summit: Denver(Denver, Colorado, USA, March 22, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
Women in CyberSecurity 2018(Chicago, Illinois, USA, March 23 - 24, 2018) Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.