More evidence is out on North Korea's designs on cryptocurrency. Recorded Future has a report on the Lazarus Group's concerted spearphishing campaign against South Korean cryptocurrency exchanges and their users. South Korea is an attractive target for obvious political and linguistic reasons. It's also attractive because it has a large number of active cryptocurrency early adopters. In addition to theft, the campaign also prospected South Korean students interested in international affairs.
There are interesting connections between this campaign and earlier ones linked to the Lazarus Group. The malware payload shared code with Destover, a strain used to hit Sony Pictures in 2014 and early WannaCry victims last year.
Despite falling Bitcoin prices, ordinary criminals are still attracted to it and other alternative currencies. Coinhive is the tool most favored by cryptojackers.
Bogus patch sites promising to fix Spectre and Meltdown are up in the wild. They target German users by spoofing the Federal Office for Information Security (BSI). Instead of patches, Malwarebytes reports, the sites serve up malware loaded in a zip file.
Kaspersky Lab warns of a new and unusually capable strain of Android spyware, "Skygofree." Among its features are location-based audio recording, interception of WhatsApp messages through Android Accessibility Service, ability to connect victim devices to attacker-controlled Wi-Fi, recording of Skype calls, and a keylogger. Kaspersky thinks Skygofree is the work of Italian lawful intercept shop Negg International.
Yesterday's cloture means Section 702 surveillance reauthorization is expected to advance to a vote in the US Senate this week.
Not all vendor risk is created equal – match your solution to your risk.
Vendor risk exists across a continuum. The vulnerabilities brought to your organization by one vendor will not always equate to those from another vendor. How do you determine, prioritize, and manage that risk? Download our ebook, “One Solution Does Not Fit All: Matching Your Solution to Third Party Risk” to learn how you can successfully reduce third party risk, so you’re not the liable for a vendor’s breach.
ON THE PODCAST
In today's podcast we hear from our new partners at RSA, as RSA's CTO Zulfikar Ramzan introduces himself and his company. Our guest, Mark Orlando from Raytheon Cyber, talks about the phishing they're observing during the run-up to the Winter Olympics.
Beware fake Meltdown and Spectre patches(ComputerWeekly.com) Security experts have warned that cyber attackers will be quick to use the Meltdown and Spectre exploits, but the first attempts to capitalise on them has come in the form of fake updates
Cyber attack disables Latvia's e-health system(Xinhua) Hackers struck Latvia's national health system early Tuesday afternoon, disabling the recently-launched e-health portal and the national health service's website, representatives of the Latvian health ministry informed.
Typosquatting and the risks of one wrong keystroke(Naked Security) It’s easy to do – you quickly type a URL you use every day and, in your haste, you accidentally swap, add, or delete a single letter and hit enter. Next thing you know you’re on a typos…
Blockchain can and will get hacked(Computer Business Review) At a glance you could see blockchain as an immutable harbinger of industrial disruption, offering impregnable security and the promise of streamlining.
Code Execution Flaw Found in Transmission BitTorrent App(Security Week) Google Project Zero researcher Tavis Ormandy has discovered a critical remote code execution vulnerability in the Transmission BitTorrent client. The expert has proposed a fix, but it has yet to be implemented by the application’s developers.
Kaspersky Discovers Powerful Mobile Spyware(Security Week) Kaspersky Lab has shared details of a sophisticated, multi-stage mobile spyware that gives attackers the ability to take over an infected Android device, with advanced features that have never been seen before in other mobile threats.
Android’s hide and seek with malicious apps continues(The Star Online) The open and flexible nature of Android OS makes it more vulnerable to security issues, than perhaps other operating systems such as iOS. The ever-evolving nature of malware also makes detecting malicious apps harder.
Here are three security issues facing self-driving cars(AOL UK Cars) Vehicle security experts have warned that there are a number of security risks associated with autonomous cars. Many car manufacturers and technology firms have been working on self-driving vehicles in recent months and years, with semi-autonomous
Security Patches, Mitigations, and Software Updates
A Year After Trump, Davos Elite Fear Cyberattacks and War(Bloomberg.com) The threat of large-scale cyberattacks and a “deteriorating geopolitical landscape” since the election of U.S. President Donald Trump have jumped to the top of the global elite’s list of concerns, the World Economic Forum said ahead of its annual meeting in Davos, Switzerland.
The 4-1-1 on Cyber Insurance(Times Square Chronicles) Even though the cybersecurity insurance market is barely 20 years old, cybersecurity insurance companies have already collectively grossed more than $2 billion in premiums. This implies both good news and bad news.
KeyW Adds Dave Wallen to Lead Advanced Cyber Business(GlobeNewswire News Room) The KeyW Corporation (“KeyW”), a wholly owned subsidiary of The KeyW Holding Corporation (“Holdings”) (NASDAQ:KEYW) today announced that Dave Wallen will join KeyW as the senior vice president of Advanced Cyber, effective January 29, 2018.
Jackson McDonald protects case work with Darktrace AI(Cambridge Network) Darktrace, the world’s leading AI company for cyber defence, has announced that Jackson McDonald, Western Australia’s largest independent law firm, has selected Darktrace’s AI technology to defend its critical data, including confidential case work, litigation strategies and sensitive client information.
Decrypting malicious PDFs with the key(SANS Internet Storm Center) Sometimes malicious documents are encrypted, like PDFs. If you know the user password, you can use a tool like QPDF to decrypt it. If it's encypted for DRM (with an owner password), QPDF can decrypt it without you knowing the owner password.
UK Conviction Arises out of Trend Micro and NCA Partnership(TrendLabs Security Intelligence Blog) On January 15, Goncalo Esteves from Essex, UK plead guilty on 3 charges of computer offenses under UK law. This marks the result of a collaborative investigation that Trend Micro and the National Crime Agency (NCA) in the United Kingdom initiated back in 2015.
Ignite18(Anaheim, California, USA, May 21 - 24, 2018) Palo Alto Networks' sixth annual conference features highly technical insights based on firsthand experiences with next-generation security technologies, groundbreaking new threat research, or innovative...
2018 Leadership Conference(Arlington, Virginia, USA, January 17 - 19, 2018) We invite you to join us for this unique opportunity to share information, participate in leadership training, collaborate on solutions to common problems, and network with peers from around the globe.
DistribuTECH(San Antonio, Texas, USA, January 23 - 25, 2018) The 15-track conference brings industry thought leaders from all over the world opportunities to network, share knowledge and problem solve with worldwide utilities and product and service providers. Among...
CYBERTACOS(Arlington, Virginia, USA, January 24, 2018) CYBERTACOS is back and becoming one of the DC metro area’s biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the...
ATARC Federal CISO Summit(Washington, DC, USA, January 25, 2018) This educational, one-day symposium will discuss the security challenges faced by Federal Chief Information Security Officers and examine the lessons learned and best practices used to secure the information...
Connected Medical Device & IOT Security Summit(Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program...
CyberUSA(San Antonio, Texas, USA, January 29 - 30, 2018) The CyberUSA Conference will be held in San Antonio, TX at the Henry B. Gonzalez Convention Center on Tuesday, January 30, 2018. A welcome reception will be held on the evening of Monday, January 29, 2018.
Security Titans(Scottsdale, Arizona, USA, February 23, 2018) Security Titans is a ground-breaking event, bringing the biggest names in Information Security together - all in one day, on a single stage to give the nation's cyber security industry access to the very...
European Cybersecurity Forum – CYBERSEC Brussels(Brussels, Belgium, February 27, 2018) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.