Japan joined Hawaii with a false missile launch alert as North Korean nuclear saber-rattling continues to put local civil-defense teeth on edge. Broadcaster NHK mistakenly issued, then quickly retracted, a warning on Tuesday. Both the Hawaiian and Japanese cases are being put down, credibly, to operator error and not a cyberattack, but as is normally the case with accidents and glitches, people are now thinking about the possibility and implications of emergency warning system hacks.
Divestments and spin-outs happen in criminal as well as legitimate markets. The author of the Exobot Android banking Trojan (initially called "Marcher" by some researchers) has decided to cash out and exit the market. He (she? they?) is selling off Exobot's code. The Trojan, regarded as a particularly successful one, has hitherto been leased on a monthly basis. Exobot campaigns are expected to spike.
A Satori botnet is actively and successfully stealing from cryptocurrency wallets.
Bitconnect, the cryptocurrency exchange widely derided as a Ponzi scheme, has closed. People are now wondering whether YouTube star "CryptoNick," who'd long flacked the exchange, was engaging in a pump-and-dump scheme.
Norway's Southern and Eastern Regional Health Authority is reported to have been breached, apparently by hackers after personal information. Data on about three-million Norwegians are believed to have been exposed.
Oracle's January patches are out, numbering two-hundred-thirty-seven.
Davos convenes next week, and discussion of global conflict and cyber risk are expected to figure prominently in the meetings. The World Economic Forum has issued a resiliency "playbook" for general consideration.
Not all vendor risk is created equal – match your solution to your risk.
Vendor risk exists across a continuum. The vulnerabilities brought to your organization by one vendor will not always equate to those from another vendor. How do you determine, prioritize, and manage that risk? Download our ebook, “One Solution Does Not Fit All: Matching Your Solution to Third Party Risk” to learn how you can successfully reduce third party risk, so you’re not the liable for a vendor’s breach.
Security Patches, Mitigations, and Software Updates
Oracle Critical Patch Update Advisory - January 2018(Oracle) A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes.
JOLTandBLEED Details and PoC(ERPScan) On November 15, 2017, Oracle published urgent critical updates related to JOLTandBLEED vulnerability (CVE 2017-10269). Today we released its proof of concept. As you remember, this vulnerability allows an attacker to gain full access to all data stored in the following ERP systems:
Vulnerability in ISC BIND leads to DoS, patch today!(Help Net Security) ISC has released security updates for BIND, the most widely used DNS software on the Internet, and a patch for ISC DHCP, its open source software that implements the DHCP for connection to an IP network.
RigNet (RNET) Announces Acquisition of Intelie(Street Insider) RigNet, Inc. (NASDAQ: RNET) today announced that it has agreed to acquire Intelie Soluções em Informática SA, a real-time, predictive analytics company that is an award-winning, early pioneer in deep machine learning and planning optimization
Workday Expands Security Toolset with Duo Partnership(Duo Security) Workday, Inc., a leader in enterprise cloud applications for finance and human resources, today announced a partnership with Duo Security, a cybersecurity leader specializing in trusted access and multi-factor authentication (MFA) technologies that are easy to use, yet powerful in ensuring the right people are accessing the right applications.
Deloitte Upsizes Its Emerging Europe Cyber Intelligence Team(Emerging-Europe.com) Professional services provider Deloitte has established a Cyber Intelligence Centre (CIC) in Budapest for managing cybersecurity in Central Europe, to counter threats targeting financial institutions and other sectors...
Bitdefender signs accord with American router producer Netgear(ACT Media) The software producer Bitdefender signed a technology licence partnership with the American equipment producer for Netgear networks, which will include in its products security solutions for smart devices, developed in Romania under the name of Netgear Armor.
Why GDPR will drive a best practice approach(Help Net Security) If you're looking for a GDPR best practice approach, you'll need to take many things into consideration. Instead of seeing GDPR as a threat, many businesses see it as a welcome chance to get their house in order.
Govt to setup Cyber Police Force to monitor cyberspace(Indian Awaaz) Taking serious note of rising incidents of sharing pornography over the internet, the Central Government has decided to set up Indian Cyber Crime Coordination Centre and the Cyber Police Force to monitor cyberspace.
The Antitrust Case Against Facebook, Google and Amazon(Wall Street Journal) Facebook, Google and Amazon dominate their worlds just as Standard Oil and AT&T once did. Critics say they should get the same treatment. The answer to the antitrust question depends on a narrow test: Are consumers worse off?
Facebook Agrees to Widen Probe of Brexit Vote Fake News(The Bull) British lawmakers probing possible Russian interference in the Brexit referendum revealed Wednesday that Facebook had agreed to broaden its own investigation into fake news around the vote, after the social media platform's initial efforts drew criticism.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Connected Medical Device and IoT Security Summit(Baltimore, Maryland, USA, January 25 - 26, 2018) We are at a critical juncture in Healthcare. As an industry, we must combat these threats in multiple dimensions and on many fronts. The Summit will bring together healthcare, medical device, and security...
PCI Security Standards Council Middle East and Africa Forum(Cape Town, South Africa, March 14 - 15, 2018) Don’t miss the data security event of the year for the payment card industry. Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes...
DistribuTECH(San Antonio, Texas, USA, January 23 - 25, 2018) The 15-track conference brings industry thought leaders from all over the world opportunities to network, share knowledge and problem solve with worldwide utilities and product and service providers. Among...
CYBERTACOS(Arlington, Virginia, USA, January 24, 2018) CYBERTACOS is back and becoming one of the DC metro area’s biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the...
ATARC Federal CISO Summit(Washington, DC, USA, January 25, 2018) This educational, one-day symposium will discuss the security challenges faced by Federal Chief Information Security Officers and examine the lessons learned and best practices used to secure the information...
Connected Medical Device & IOT Security Summit(Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program...
CyberUSA(San Antonio, Texas, USA, January 29 - 30, 2018) The CyberUSA Conference will be held in San Antonio, TX at the Henry B. Gonzalez Convention Center on Tuesday, January 30, 2018. A welcome reception will be held on the evening of Monday, January 29, 2018.
Security Titans(Scottsdale, Arizona, USA, February 23, 2018) Security Titans is a ground-breaking event, bringing the biggest names in Information Security together - all in one day, on a single stage to give the nation's cyber security industry access to the very...
European Cybersecurity Forum – CYBERSEC Brussels(Brussels, Belgium, February 27, 2018) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.