The Electronic Frontier Foundation and Lookout describe "Dark Caracal," a long-running espionage campaign affecting Android mobile devices sine 2012. Lebanon's intelligence service, the General Directorate of General Security (GDGS), is the organization being held responsible for the campaign. Their targets included journalists and activists, military personnel, manufacturers, and financial institutions in more than twenty countries.
Several things are noteworthy about the discovery. First, the GDGS seems to have inadvertently left the information they took exposed on an open server. Second, no sophisticated malware was involved. Dark Caracal spread by phishing with baited software that looked like legitimate communication apps. The malware simply used the permissions users granted when they downloaded it. Third, it seems the GDGS may have rented its espionage tools and infrastructure from some third-party—the researchers say they found servers and malware seen last year in an investigation of Kazakhstan hackers.
Cisco Talos reports on a new threat actor, "Group 123." It's responsible for six identifiable campaigns mounted during 2017 and continuing into this year: "Golden Time," "Evil New Year," "Are You Happy?" "Free Milk," "North Korean Human Rights," and "Evil New Year 2018." (The odd names allude to the campaigns' distinctive phishbait.) All except Free Milk targeted South Korean individuals and organizations; Free Milk was international in scope. Talos is coy about attribution, but you don't have to be a spymaster to see that these look like the work of Pyongyang.
Schneider Electric offers a post mortem on Triton/Trisis industrial malware and the zero-day it exploited.
Not all vendor risk is created equal – match your solution to your risk.
Vendor risk exists across a continuum. The vulnerabilities brought to your organization by one vendor will not always equate to those from another vendor. How do you determine, prioritize, and manage that risk? Download our ebook, “One Solution Does Not Fit All: Matching Your Solution to Third Party Risk” to learn how you can successfully reduce third party risk, so you’re not the liable for a vendor’s breach.
ON THE PODCAST
In today's podcast (which, by the way, marks our second anniversary of podcasting, so congratulations to our production staff) we hear from our partners at the University of Maryland, as Jonathan Katz comments on the promise of quantum computing. Our guest is Graham Cluley, security blogger and co-host of the Smashing Security, who offers his thoughts on the state of the industry and where it should be focusing its efforts.
GhostTeam Adware can Steal Facebook Credentials(TrendLabs Security Intelligence Blog) We uncovered a total of 53 apps on Google Play, detected by Trend Micro as GhostTeam, that can steal Facebook accounts and surreptitiously push ads. Many of these apps, which were published as early as April 2017, seemed to have been put out on Google Play in a wave.
New Year, New Look - Dridex via Compromised FTP(Forcepoint Blog) Forcepoint Security Labs have recently observed a peculiar email campaign distributing a variant of the Dridex banking trojan. The campaign used compromised FTP sites instead of the more usual HTTP link as download locations for malicious documents, exposing the credentials of the compromised FTP sites in the process.
Schneider Electric: Trisis leveraged zero-day flaw, used a RAT(Cyberscoop) Multinational energy technology company Schneider Electric revealed new details Thursday about a historic breach where hackers were able to halt operations at an energy plant in the Middle East by deploying highly sophisticated malware.
Anima victim to third cyber attack in two months(Macau Daily Times) Local animals rights group Anima (Macau) said it was this week victim to the third cyber attack in two months, suspecting that the Macau (Yat Yuen) Canidrome or its affiliated parties were behind the foul play. An adoption application form on the group’s website is believed to have been targeted by internet robots with the …
Security Patches, Mitigations, and Software Updates
BroadSoft Obtains Antitrust Clearance for Pending Acquisition by Cisco(GlobeNewswire News Room) BroadSoft, Inc. (NASDAQ:BSFT) today announced that it received notice from the U.S. Department of Justice and the Federal Trade Commission granting early termination of the waiting period under the U.S. Hart-Scott-Rodino Antitrust Improvements Act of 1976, as amended, in connection with its pending merger with a wholly-owned subsidiary of Cisco Systems, Inc. (Cisco).
Q&A: What CyberX is doing to help address the hackable state of industrial control systems(Security Boulevard) Finally, the profoundly hackable state of industrial control systems (ICS) is being elevated as an issue of substantive concern and beginning to get the level of global attention it deserves. Nation-state backed hackers knocking out power grids and discombobulating other critical infrastructure – the cyber Pearl Harbor scenario – has been discussed for years in
Accomplice closes second fund at $205M(Boston Business Journal) Cambridge-based Accomplice, one of the most active venture investors in Massachusetts tech, has closed its second fund at $205 million. That's in line with the firm's first fund, which it raised in 2015 after spinning out of Atlas Venture.
7 Insider Attacks UEBA Detects(Bay Dynamics) Insider threats are the unwelcomed gift that keeps on giving. Whether it’s malicious or non-malicious insiders, repeat offenders, or compromised credentials, insider threats pervade organizations and without the right people, processes and technologies, can be tough to uncover.
Why Prediction Should Be Added To The NIST Cybersecurity Framework(Forbes) Since I began my series on cybersecurity, I’ve used the structure provided by the National Institute of Standards and Technology (NIST) to serve as a framework for what companies must consider when constructing their security portfolio. The NIST framework separates cybersecurity concerns into five areas that companies need to formulate a plan for...
How do you secure the cloud? New data points a way(CSO Online) Two new reports show big differences in risk among public, private, and hybrid cloud deployments. Here’s advice on the tools, information, and organizational structure needed to execute a successful cloud security strategy.
Some Basic Rules for Securing Your IoT Stuff(KrebsOnSecurity) Most readers here have likely heard or read various prognostications about the impending doom from the proliferation of poorly-secured “Internet of Things” or IoT devices.
Attribution – One size doesn’t fit all(ThreatQuotient) When it comes to security operations, you need to consider what level of attribution the different teams involved in protecting your organization need to be successful. Often knowing the group responsible or the campaign used is sufficient.
Saudi university to establish biometric security research laboratory(Arab News) King Saud University (KSU) in Riyadh has received a grant from King Abdulaziz City for Science and Technology (KACST) for research into secure biometric cryptosystems to aid digital security. Biometric-based personal recognition technologies such as fingerprint, face, iris, palm print, voice and signature are used to identify a person by his or her unique behavioral or biological characteristics. An increasing number of countries, including the Kingdom, have decided to adopt biometric systems for national security and identity-theft prevention.
Senate passes bill to renew foreign surveillance program(Federal Times) The Senate voted 65-34 to reauthorize the program for six years. The bill, which already has been passed by the House, now heads to the White House where President Donald Trump has said he will sign it into law.
Cyber Resilience Playbook for PublicPrivate Collaboration(World Economic Forum) The World Economic Forum System Initiative on Shaping the Future of Digital Economy and Society represents a global platform for multistakeholder coalitions from across the world to collaborate and accelerate progress against shared digital economy goals and to shape a digital future that is sustainable, inclusive and trustworthy.
Chemring faces inquiry into bribery claims(Times) Chemring has become the latest British defence company to fall under criminal investigation by the Serious Fraud Office over allegations of bribery and corruption. The £500 million specialist in...
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
TU-Automotive Cybersecurity(Novi, MIchigan, USA, June 6 - 7, 2018) Co-located with the world's largest automotive technology conference & exhibition. The conference unites players from research labs, automakers, tier 1’s, security researchers, and the complete supply...
DistribuTECH(San Antonio, Texas, USA, January 23 - 25, 2018) The 15-track conference brings industry thought leaders from all over the world opportunities to network, share knowledge and problem solve with worldwide utilities and product and service providers. Among...
CYBERTACOS(Arlington, Virginia, USA, January 24, 2018) CYBERTACOS is back and becoming one of the DC metro area’s biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the...
ATARC Federal CISO Summit(Washington, DC, USA, January 25, 2018) This educational, one-day symposium will discuss the security challenges faced by Federal Chief Information Security Officers and examine the lessons learned and best practices used to secure the information...
Connected Medical Device and IoT Security Summit(Baltimore, Maryland, USA, January 25 - 26, 2018) We are at a critical juncture in Healthcare. As an industry, we must combat these threats in multiple dimensions and on many fronts. The Summit will bring together healthcare, medical device, and security...
CyberUSA(San Antonio, Texas, USA, January 29 - 30, 2018) The CyberUSA Conference will be held in San Antonio, TX at the Henry B. Gonzalez Convention Center on Tuesday, January 30, 2018. A welcome reception will be held on the evening of Monday, January 29, 2018.
Security Titans(Scottsdale, Arizona, USA, February 23, 2018) Security Titans is a ground-breaking event, bringing the biggest names in Information Security together - all in one day, on a single stage to give the nation's cyber security industry access to the very...
European Cybersecurity Forum – CYBERSEC Brussels(Brussels, Belgium, February 27, 2018) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.