Researchers at ThreatFabric are tracking what they've named "MysteryBot," multifunctional Android malware under criminal development that combines a keylogger with a banking Trojan and mobile ransomware. MysteryBot seems capable of targeting both Android 7 and 8 devices. MysteryBot abuses Usage Access permissions. ThreatFabric assesses the new malware as derived from LokiBot, whose source code has leaked. MysteryBot's ransomware module seems defective, but ThreatFabric thinks the developers are working on a tool that will fetch a good price in the black market.
The authors of "Satan" ransomware have rebranded and upgraded their product. MalwareHunter says the criminals behind the code are now calling it "DGBer," and have incorporated Mimikatz to facilitate lateral movement within targeted networks.
Apple may have closed off an access point police had used to get into suspects' iOS devices, but forensic experts think Grayshift may have found a way around the new USB Restricted Mode. In other intercept news, Elcomsoft says it's upgraded its Phonebreaker tool to decrypt iMessages in iCloud.
Kaspersky will suspend cooperation with Europol. The Russian cybersecurity firm has long partnered with European police investigation of cybercrime, but now that the European Parliament has called for a ban on its products (as security risks) Kaspersky has said goodbye to all that.
The US Justice Department's Inspector General released the report on the FBI's investigations of "Various Actions by the Federal Bureau of Investigation and Department of Justice in Advance of the 2016 Election." Its 586 pages find more impropriety and insubordination than political bias.
Under GDPR non-compliant companies face trade-offs on borrowed time, says Control Risks.
Control Risks says non-compliance is a truly enterprise risk for companies operating in the EU. It burdens already taxed programs with particular measures to protect personal data and disclose security issues. Many worry that resources catching up to GDPR before an incident occurs trade-off other critical initiatives, leaving them vulnerable nonetheless. Companies must get executives and experts involved in managing the risk and competing priorities. Let Control Risks help you be both secure and compliant.
ON THE PODCAST
In today's podcast, we hear from our partners at Dragos, as Robert M. Lee talks about the use of comic books in security education. Our guest is Scott Petry from Authentic8, discussing their FAKE booth at the RSA conference.
The Cyber Security Summit: DC Metro on June 28 and Seattle on July 19(Washington, DC, United States, June 28, 2018) Learn from cyber security experts from The U.S. Department of Justice, The NSA, Pulse Secure, CenturyLink and more as they brief you on the latest security threats facing your business. This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers. Receive $95 VIP admission with promo code cyberwire95 at CyberSummitUSA.com ($350 without code). Your registration includes a catered breakfast, lunch, and cocktail reception. Passes are limited. Secure your ticket while space permits.
DYMALLOY(Dragos) DYMALLOY activity stretches back to 2015 and includes associations with activity into 2011. The activity focuses on intelligence gathering from industrial control system networks with an unknown intent.
Cyber-Attacks Expected as World Cup Kicks Off(Infosecurity Magazine) Information security professionals are preparing for the worst as this year's FIFA World Cup kicks off. The World Cup of football (a.k.a., soccer in the US) is set to take center stage in Russia. The tournament kicks off tonight between Russia and Saudi Arabia. While it's highly anticipated by football fans and hackers alike, security professionals believe that some sort of cyber-attack will occur on the 2018 FIFA World Cup football network, according to a recent survey.
SMTP Strangeness - Possible C2(SANS Internet Storm Center) We received an email today that provided some interesting information from a reader (Bjorn) about some observed SMTP traffic that was unusal. From the appearance it could be related to exfil or C2. The domain in question is donotspamtoday.com whose IP is 18.104.22.168 and there is an DNS TXT entry for SPF. The domain was registered March 20, 2018. I have been unable to find any additional examples or information of similar traffic.
Click2Gov or Click2Breach?(Risk Based Security) Here on the Cyber Risk Analytics research team, we have more than our fair share of “glitch in the matrix moments” – you know, that proverbial black cat walking across your screen that makes you think: “Didn’t I just see this breach?” Usually it’s a case of similar circumstances or simply two names that are a lot alike. Other times, it might be something more.
Facebook data privacy scandal: A cheat sheet(TechRepublic) Read about the saga of Facebook's failures in ensuring privacy for user data, including how it relates to Cambridge Analytica, the GDPR, the Brexit campaign, and the 2016 US presidential election.
New trends advance user privacy(Help Net Security) Privacy and security online are one of the top concerns of Americans, especially after numerous massive data breaches (Equifax, Yahoo, Uber) that happened
Facebook’s longtime head of policy and comms steps down(TechCrunch) A prominent figure that helped shape Facebook public perception over the course of the last decade is on the way out. In a Facebook post today, Elliot Schrage, vice president of communications and public policy, announced his departure. Schrage joined the company in 2008 after leaving his position …
15 Best Security Podcasts For You(Heimdal Security Blog) Summer’s here and that means one thing - there’s more time to relax and maybe learn something new. Here are the best cybersecurity podcasts we’ve listened to so far.
Qualys Dives into Container Security(Container Journal) Qualys at the DockerCon 2018 conference this week unfurled Qualys Container Security (CS), a cloud-based application that promises to make it easier to embed container security controls into DevOps processes.
Bad Cybersecurity? No Access To DoD Networks(Breaking Defense) "We’re going to turn that off unless you secured that properly. Whoa! That's a very different mindset," Col. Straub told me. "The availability of the network versus the defense of the network, that's something we’re trying to get commanders to think about."
Dank learning system autogenerates memes(TechCrunch) We all know that in the near future humanity will come to a crossroads. With 99% of the world’s population currently tasked with creating memes and/or dank memes, what will happen when computers get better at it than humans? Researchers may have just found out. Using machine learning, a pair …
The problem with ‘explainable AI’(TechCrunch) The first consideration when discussing transparency in AI should be data, the fuel that powers the algorithms. Because data is the foundation for all AI, it is valid to want to know where the data comes from and how it might explain biases and counterintuitive decisions that AI systems make.
Research and Development
Can a software program predict the future?(Fifth Domain) The multitude of “what would happen if” questions keeps military planners up at night, and proves to be difficult to simulate. Now, BAE Systems may have the answer.
Booz Allen’s Chief Warns U.S. of a ‘Close Race’ With China on AI(Bloomberg.com) The chief executive officer of government contractor Booz Allen Hamilton Inc. warned that the U.S. has only a small advantage over China in the rising field of artificial intelligence and is at risk of falling behind without a “national strategy.”
US: No sanctions relief before North Korea denuclearizes(Military Times) The United States will not ease sanctions against North Korea until it denuclearizes, Secretary of State Mike Pompeo said Thursday, as he reassured key Asian allies that President Donald Trump had not backed down on Pyongyang’s weapons program.
Trump must still hold North Korea accountable for cyberattacks(TheHill) President Trump concluded his first summit with North Korea’s Kim Jong Un in Singapore. In recent weeks, the president stated he is no longer interested in a maximum pressure strategy and Kim Jong Un has temporarily halted ballistic missile and nuclear weapons tests as part of his charm offensive.
Industry worried about potential Huawei 5G ban(Financial Review) The Turnbull government faces a strong push back from mobile phone operators if it bans China's Huawei supplying equipment for the soon-to-be built 5G wireless networks.
DOJ watchdog faults Comey over handling of Clinton probe(TheHill) In a highly critical report released Thursday afternoon, Justice Department Inspector General Michael Horowitz hammered former FBI Director James Comey for poor judgment during the 2016 election, but found no evidence to show his key decisions in the investigation into former Secretary of State Hillary Clinton's emails were improperly influenced by political bias.
Live coverage: IG releases watchdog report on FBI, Clinton probe(TheHill) The Department of Justice's (DOJ) inspector general Michael Horowitz released a report Thursday afternoon on its investigation into the FBI and DOJ handling of a probe into former Secretary of State Hillary Clinton's private email server and its actions during the 2016 presidential race.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Monterey Cyber Security Workshop 2018(Pacific Grove, California, USA, October 1 - 2, 2018) People with special expertise interested in making progress on the subjects at hand meet at the Monterey Incubator for a workshop to build an understanding of vital issues of the day. The workshop follows...
Norwich University Cyber Security Summit(Northfield, Vermont, USA, June 18 - 20, 2018) Norwich University’s College of Graduate and Continuing Studies (CGCS) is pleased to announce the second annual Cyber Security Summit in June 2018. The summit, presented in a continuing education format,...
GovSummit(Washington, DC, USA, June 27 - 28, 2018) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information...
The Cyber Security Summit: DC Metro(Tysons Corner, Virginia, USA, June 28, 2018) Learn from cyber security experts from The U.S. Department of Justice, The NSA, Pulse Secure, CenturyLink and more as they brief you on the latest security threats facing your business. This event is...
Impact Optimize2018(Rosemont, Illinois, USA, June 28, 2018) Impact Optimize2018, the first-ever IT and Business Security Summit hosted by Impact, will provide attendees with actionable steps that enable the betterment of information, network and cybersecurity.
Nuclear Asset Information Monitoring and Maintenance(Warrington, England, UK, July 3 - 4, 2018) On July 3rd and 4th in Warrington United Kingdom, nuclear industry leaders will meet for the IoE Events Nuclear Asset Information, Monitoring and Maintenance conference to further develop the sector’s...
Cyber Security Summit 2018(Newport, Rhode Island, USA, July 18 - 20, 2018) Join us for Opal Group’s Cyber Security Summit – set in Newport, RI, this premier event will gather C-Level & Senior Executives responsible for defending their companies’ critical infrastructures together...
The Cyber Security Summit: Seattle(Seattle, Washington, USA, July 19, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
Health Cybersecurity Summit 2018(Santa Clara, California, USA, July 20, 2018) Worried about being hacked? Not sure how to respond to a cyber incursion? The first line of defense is a cyber threat preparedness strategy that includes coordination with critical infrastructure and emergency...
Global Cyber Security Summit(Kathmandu, Nepal, July 27 - 28, 2018) Information Security Response Team Nepal (NPCERT) is all set to host a Global Cyber Security Summit (GCSS) on July 27 with the theme “Building Global Alliance for Cyber Resilience”. The two-day event aims...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.