skip navigation

More signal. Less noise.

2017 cyberattacks proved more numerous, sophisticated, and ruthless than in years past.

WannaCry, NotPetya, ransomware-as-a-service, and fileless attacks abounded. And, that’s not everything. The victims of cybercrime ranged from private businesses to the fundamental practices of democracy. Read The Cylance Threat Report: 2017 Year in Review Report and learn about the threat trends and malware families their customers faced in 2017.

Daily briefing.

The breach at Ticketmaster UK, disclosed Wednesday, is likely to prove an interesting test case for GDPR enforcement. The company says the incident was due to JavaScript coding in a payment site chat application, and that this coding was the work of a vendor, Inbenta. Inbenta says, for its part, that it never intended its software to run on anything as sensitive as a payments page, and that Ticketmaster should never have used the bespoke code in that fashion. Both companies agree that the problem has been cleaned up.

Ticketmaster said it discovered the issue (malware) on June 23rd, but UK digital bank Monzo says it began noticing a pattern of paycard fraud developing as early as April 6th. By April 12th Monzo believed it had traced the problem to Ticketmaster, and so informed them. 

Marketing and data aggregation firm Exactis inadvertently exposed its dossiers on 230 million Americans, as close to every US citizen as makes no difference. The data include, according to WIRED, "phone numbers, addresses, dates of birth, estimated income, number of children, age and gender of children, education level, credit rating, interests" etc. Other data include religion and smoking habits. Apparently no paycard or Social Security numbers, so America has that going for her.

Sophos has patched seven bugs in its security products.

California's legislature has raced through a privacy bill affecting tech companies and ISPs. The governor has signed it into law, forestalling an even more restrictive set of regulations proposed by a ballot initiative.

Notes.

Today's issue includes events affecting Australia, Canada, China, European Union, India, Russia, United Kingdom, United States.

A note to our readers: We wish to extend our condolences to the victims of yesterday's shootings at the Capital Gazette in Annapolis, Maryland. May the families and friends of those killed receive consolation in their mourning; may those injured receive healing.

Learn four incident response lessons from high-profile breaches.

Most enterprises know that they are constantly under attack but haven’t fully embraced some lessons to be learned from real-world, high-profile security incidents. Watch this free webinar, presented by experts from Coalfire and Arete Advisors, to learn four practical lessons that will help you avoid damaging losses and minimize negative impacts of cybersecurity incidents.

In today's podcast, we speak with our partners at Virginia Tech's Hume Center, as Dr. Charles Clancy discusses his recent Congressional testimony concerning supply chain security. Our guest is Dr. Mansur Hasib of University of Maryland University College, discussing his book Cybersecurity Leadership.

8th Annual (ISC)2 Security Congress (New Orleans, Louisiana, United States, October 8 - 10, 2018) The (ISC)2 Security Congress brings together the sharpest minds in cyber and information security for over 100 educational sessions covering 17 tracks. Join us to learn from the experts, share best practices, and make invaluable connections. Your all-access conference pass includes educational sessions, workshops, keynotes, networking events, career coaching, expo hall and pre-conference training. Save your seat at congress.isc2.org.

Cyber Attacks, Threats, and Vulnerabilities

Those Harder to Mitigate UPnP-Powered DDoS Attacks Are Becoming a Reality (BleepingComputer) Security researchers are continuing to see DDoS attacks that leverage the UPnP features of home routers to alter network packets and make DDoS attacks harder to detect and mitigate with classic solutions.

Scammers abuse net domain languages (BBC News) Millions of scam sites use characters that look like English letters, research into international domains reveals.

Cryptocurrency miners poised for continued growth (Help Net Security) Multiple indicators suggest malicious crypto miners are becoming a mainstay in cyber criminals' arsenals, and will continue to grow more dominant in Q2.

Sophos: Why you still need to beware ransomware (IT Pro Portal) Despite all the latest advances, 'brilliantly effective' malware and ransomware attacks still dominate the threat landscape.

New iOS 12 Feature Risks Exposing Users to Online Banking Fraud (OneSpan Blog) Security Code AutoFill could expose users to online banking fraud by removing the human validation aspect of the transaction signing/authentication process.

Crypto community target of MacOS malware (SANS Internet Storm Center) Previous days we've seen multiple MacOS malware attacks, originating within crypto related Slack or Discord chats groups by impersonating admins or key people. Small snippets are being shared, resulting in downloading and executing a malicious binary.

Hitherto unknown marketing firm exposed hundreds of millions of Americans' data (The State of Security) It's been discovered that a marketing company left almost two terabytes of sensitive data exposed on the internet for anybody to access.

DXC Technology client Geoscience Australia fails government cybersecurity standards (CRN) Geoscientific research agency Geoscience Australia was vulnerable to cyber attacks and its ICT general controls were not sound, a report from the Australian National Audit Office (ANAO) revealed.

Ticketmaster Announces Data Breach Affecting 5% of All Users (BleepingComputer) Ticketing service Ticketmaster announced a data breach incident today that affected roughly 5% of its entire customer base, and has resulted in the theft of customer data, Ticketmaster login information, and payment details.

Ticketmaster data breach warning as customers exposed by cyber attack (Coventry Telegraph) The online ticketing company confirmed on Wednesday it had suffered a cyber attack

Ticketmaster cyber attack exposes 40,000 customers' personal data (Manchester Evening News) The ticket sales site said personal and payment details may have been stolen during the hack

Ticketmaster ‘warned in April’ of cyber attack (BT) Digital bank Monzo said it alerted the online ticket service to fraudulent transactions on accounts with recent links to the site.

Ticketmaster Chat Feature Leads to Credit-Card Breach (Threatpost) Name, address, email address, telephone number, payment details and Ticketmaster login details were potentially compromised for tens of thousands of customers.

Ticketmaster security breach caused by JavaScript on payments page (Computing) Bespoke JavaScript code shouldn't have been run on a payments page, says Inbenta CEO Jordi Torras

Ticketmaster Blames Third Party Over Data Breach (SecurityWeek) Ticketmaster UK blamed JavaScript code customized by third party firm Inbenta for a breach that resulted in thousands of personal customer information being compromised.

Cyber-Attacks Caused 18 Days of NHS Downtime (Infosecurity Magazine) FOI request reveals trusts are struggling to cope with ransomware epidemic

Gentoo Linux on Github hacked; repositories modified (HackRead) Linux distribution Gentoo whose GitHub mirror was compromised and content of repositories was modified by unknown hackers.

The Perils of Full Administrator Rights (Infosecurity Magazine) Gaining access to administrative rights is one of the most potent weapons for any malicious agent

Plant Your Flag, Mark Your Territory (KrebsOnSecurity) Many people, particularly older folks, proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including everything from utilities and mobile phones to retirement benefits and online banking services.

Security Patches, Mitigations, and Software Updates

Sophos SafeGuard anything but – thanks to 7 serious security bugs (Register) Your antimalware tools can get malware too, so get updating

Twitter Unveils New Processes for Fighting Spam, Bots (SecurityWeek) Twitter has shared some details on new processes designed to prevent spam and malicious automation

Cyber Trends

Penetration Risk Report (Coalfire) Coalfire’s Securealities report highlights exploitable vulnerabilities of companies from aggregated analysis of Coalfire Labs Penetration Testing projects.

Akamai report says hospitality industry is more susceptive to cyber attacks (The Indian Express) The report reveals hospitality industry is more susceptive to credentials abuse caused by botnets than any other sector, raising security concerns.

World War Cyber (Infosecurity Magazine) As nation states battle it out for supremacy in cyber-space, Phil Muncaster asks what the future has in store.

Marketplace

Huawei confident 5G will trump 4G on security (Mobile World Live) LIVE FROM MWC SHANGHAI 2018: Huawei’s rotating chairman Eric Xu stressed the need for 5G ...

Huawei says Australians' data is secure (The Bull) Chinese telecommunications giant Huawei wants Australians to know their data is secure and won't be handed over to Chinese spy agencies.

JASK raised $25M Series B financing to advance security operations (Help Net Security) JASK $25M Series B funding will continue its focus on platform development, increase hiring in all departments and expand global sales channels.

Why being a privately held cyber security company matters (ITWeb) ESET is now the fifth-largest endpoint security vendor in the world, and, being privately held, is not subject to the whims of the market or any investors, the company says.

London Office for Rapid Cyber-security Advancement Opened Today (Computer Business Review) Sectary of State for Digital, Culture and Media Matt Hancock will officially open the LORCA a government funded cyber-security initiative.

Bugcrowd chief says Australia must embrace risk to keep top cyber firms at home (Financial Review) Sydney-founded BugCrowd has become a big name in the cyber defence sector since relocating to San Francisco, now it is expanding in Australia again.

Is Carbon Black's Stock Too Hot to Handle? (The Motley Fool) The competition is stiff.

Illumio Appoints Jonathan Reiber, Former Pentagon Chief Strategy Officer for Cyber Policy, as Head of Cybersecurity Strategy (Illumio) Illumio Appoints Jonathan Reiber, Former Pentagon Chief Strategy Officer for Cyber Policy, as Head of Cybersecurity Strategy

Ontario Cybersecurity Company Setting Up 'Command Centre' In Fredericton (Huddle) Difenda, a global firm that manages online security risks for companies, will hire five people in Fredericton with funding from Opportunities New Brunswick.

Products, Services, and Solutions

New infosec products of the week​: June 29, 2018 (Help Net Security) GlobalSign launches IoT Identity Platform addressing IoT device security requirements GlobalSign’s IoT Identity Platform is a set of products and services

The greatest risk to enterprise security is lack of visibility into hybrid networks (MediaRoom) While most businesses look outside their walls when assessing their cybersecurity stance, the greater risk to enterprise security is lack of visibility across hybrid network environments. With the...

BoldCloud and NeuShield to Protect Victims of Ransomware and Advancing (PRWeb) Today BoldCloud and NeuShield introduced the industry’s first Mirror Shielding data protection solution to help small to mid-sized businesses (SMBs) and con

LogPoint and DFLabs Join Forces to Provide Rapid Detection and Response of Cyber Incidents (BusinessWire) DFLabs and LogPoint have integrated their SOAR and SIEM products to provide accelerated detection and faster remediation of security incidents.

OneSpan to Bring FIDO-Compliant Solutions to World’s Largest Banks with Nok Nok Labs Partnership (Nasdaq) The partnership complements OneSpan's existing support of the FIDO U2F standard and enables OneSpan to offer end-to-end FIDO-compliant solutions that meet both UAF and U2F standards

Code42 Forensic File Search offers visibility to endpoint data (Help Net Security) Code42 Forensic File Search solution helps organizations simplify compliance with the Global Data Protection Regulation (GDPR).

CyberX Announces "RSA Ready" Interoperability with RSA NetWitness Platform (PR Newswire) CyberX, the IIoT and industrial control system (ICS) security company, today...

Comodo CA launches IoT security platform (BetaNews) Certificate authority Comodo CA is expanding out of its traditional area to launch a new platform designed to secure Internet of Things devices.

Venafi Enterprise Mobility Protect delivers visibility and machine identity on mobile endpoints (Help Net Security) Venafi Enterprise Mobility Protect, a solution that safeguards the machine identities used on endpoints that access enterprise networks and resources.

Enea Announces Qosmos Probe 2.0 for Cybersecurity (Markets Insider) Enea® (NASDAQ OMX Nordic: ENEA) today announced the availability of the Qosmos Probe 2.0 configured as a Deep Packet...

LogPoint and DFLabs join forces to provide detection and remediation of security incidents (Help Net Security) LogPoint and DFLabs have integrated their LogPoint SIEM and IncMan SOAR products for interoperability in any customer environment.

Zscaler expands capabilities with new partnerships (Channel Life) Zscaler increases partnership ecosystem to enhance network and security transformation capabilities for enterprises.

Thycotic | Thycotic Partners with Logicalis Jersey to Secure Businesses Globally (RealWire) Jersey-based IT services company offers Thycotic PAM solutions to customers worldwideLondon, 28th June 2018: Thycotic, a provider of privileged account management (PAM) solutions for more than 7,500 organisations worldwide, and leading IT solutions and managed services company Logicalis, have partnered to bring identity and access management solutions to businesses globally

Cloud Daddy launches Secure Backup, AWS-native data protection solution (Help Net Security) Cloud Daddy Secure Backup is the solution that joins backup and disaster recovery, security, and infrastructure management into one offering for AWS users.

BoldCloud and NeuShield to Protect Victims of Ransomware and Advancing (PRWeb) Today BoldCloud and NeuShield introduced the industry’s first Mirror Shielding data protection solution to help small to mid-sized businesses (SMBs) ...

Technologies, Techniques, and Standards

SECURITY: Grid hackers can expect retaliation, CEO warns (E&E News) If hackers hit the U.S. power grid, they'll be hit right back, Southern Co. CEO Tom Fanning said yesterday.

Cyber Mutual Aid for Electric Utilities – It Doesn’t Work (Control Global) Mutual aid is an agreement through which other utilities offer their restoration services after natural disasters strike and cause widespread outages. Apparently, there is a desire to extend the mutual aid approach from natural disasters to include cyber attacks. Cyber mutual aid may be a good idea, but there is a lot of work ahead before it becomes a credible approach.

10 steps for a successful incident response plan (CSO Online) Incident response plans are often left unused, leaving firms far less able to detect and respond to cyber attacks or data breaches. Here’s our 10-point plan to ensure you set up -- or improve -- an IR plan that actually works.

Fake News, Real Cybersecurity Risks (SecurityWeek) While awareness is key and technology is a great assistant, there is one simple practice we can all adopt: think before you click or share.

New Air Force cyber teams debut at exercise (Fifth Domain) New Air Force mission defense teams participated in an exercise for the first time, the Air Force said.

Cybersecurity Professionals Face Challenges on the Path to Automation Reveals Juniper Networks and Ponemon Institute Report (Silicon India) Juniper Networks, an industry leader in automated, scalable and secure networks, today announced a new study, The Challenge of Building...

Kids Safety in the Digital Age (SafeHome.org) With kids growing up in a digital age, it can be a challenge for modern parents to monitor their activity on the Internet without becoming overly protective…

Design and Innovation

How a California Banker Received Credit for His Unbreakable Cryptography 130 Years Later (IEEE Spectrum: Technology, Engineering, and Science News) Frank Miller proposed the one-time pad in 1882, but his contributions were only recently recognized

Academia

ZTE Partners With Confucius Institutes Around the World (The Daily Beast) A new report warns: Beijing is ready to turn its controversial Confucius Institutes into data-collection centers—just as the Institutes up their partnership with the telecom ZTE.

Legislation, Policy, and Regulation

Army must conquer cyberspace to counter terror: Army chief (The New Indian Express) Cyber is not just important for in conventional warfare domain but also in sub-conventional or proxy warfare: Army Chief General Bipin Rawat

Controversial Chinese company sparks security fears (NewsComAu) THE word Huawei may have been cropping up on your news feed a fair bit recently.

Huawei is a test case for Australia in balancing the risks and rewards of Chinese tech (The Conversation) The Huawei case shows there is a real trade-off between economic and security imperatives for Australia when it comes to working with Chinese tech companies.

Australia to ban covert foreign interference in politics (Sacramento Bee) Australia's House of Representatives has overwhelmingly approved national security legislation that would ban covert foreign interference in domestic politics and make industrial espionage for a foreign power a crime.

Can Congress salvage a broken cyber strategy? (Fifth Domain) Amid a barrage of recent criticism leveled at both the Trump and Obama administrations for a cybersecurity policy that is either entirely absent or timid, proposed legislation is sending a clear message: America needs a plan.

House Panel Hammers ZTE, Huawei on Small Business Impact (MeriTalk) Small businesses are a particularly weak spot in the American armor when it comes to a potential blow that could be struck by Chinese telecommunications equipment manufacturers ZTE and Huawei.

As the military's cyber units change guard, a battle over control rages on (Cyberscoop) During a time of rapid change for the U.S. military’s top cyberwarfare teams, the current version of the 2019 defense bill is challenging the president’s ability to exert his authority with regards to those units.

Council publishes ‘one-stop shop’ for cyber leadership roles (Fifth Domain) The new CISO handbook uses plain language to illuminate the roles and responsibilities of cyber professionals, according to a Federal CIO Council adviser.

California Passes Sweeping Data-Privacy Bill (Wall Street Journal) By passing bill, legislature headed off a more restrictive ballot initiative that recently qualified to appear before voters in November

California Unanimously Passes Historic Privacy Bill (WIRED) The law will give Californians more control over the data that companies collect on them than ever before.

California Rushes Through a New Privacy Law After Heavy Lobbyist Input (Motherboard) California lawmakers approve landmark new privacy restrictions, but lobbying influence could weaken many key provisions

Analysis | The Cybersecurity 202: Why California could be the bellwether for the privacy movement (Washington Post) The California Consumer Privacy Act could be a model for the rest of the country.

Litigation, Investigation, and Law Enforcement

Cryptocurrency Transactions May Uncover Sales of Shadow Broker Hacking Tools (Motherboard) Even though the Shadow Brokers told customers to use privacy-focused cryptocurrency Zcash, researchers may have found clues pointing to who tried to buy more of the group's wares.

Congress Grills Cambridge Analytica Alum on New Firm’s Data Use (WIRED) Democrats on the House Energy and Commerce Committee are asking Matt Oczkowski about how his new firm, Data Propria, will treat consumer privacy.

NSA deletes years of call records, says it exceeded legal limit (Washington Examiner) The National Security Agency said Thursday it collected more domestic call records than allowed, and as a result has been mass-deleting call records across a three-year period.

NSA Reports Data Deletion (IC on the Record) Consistent with NSA’s core values of respect for the law, accountability, integrity, and transparency we are making public notice that on May 23, 2018, NSA began deleting all call detail records (CDRs) acquired since 2015 under Title V of the Foreign Intelligence Surveillance Act (FISA).

Exposing Russia’s Effort to Sow Discord Online: The Internet Research Agency and Advertisements (U.S. House of Representatives) On February 16, 2018 Special Counsel Robert S. Mueller III indicted 13 Russian individuals and three Russian organizations for engaging in operations to interfere with U.S. political and electoral processes, including the 2016 presidential election.

The ACLU's Biggest Roadblock to Fighting Mass Surveillance (WIRED) The ACLU has been trying to challenge the NSA's bulk surveillance for years. A hearing in Wikimedia v. NSA Friday could mark a breakthrough.

Patreon Is Suspending Adult Content Creators Because of Its Payment Partners (Motherboard) The subscription crowdfunding platform Patreon confirmed that they are increasing efforts to review content, due to payment processor pressure.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Nuclear Asset Information Monitoring and Maintenance (Warrington, England, UK, July 3 - 4, 2018) On July 3rd and 4th in Warrington United Kingdom, nuclear industry leaders will meet for the IoE Events Nuclear Asset Information, Monitoring and Maintenance conference to further develop the sector’s...

Cyber Security Summit 2018 (Newport, Rhode Island, USA, July 18 - 20, 2018) Join us for Opal Group’s Cyber Security Summit – set in Newport, RI, this premier event will gather C-Level & Senior Executives responsible for defending their companies’ critical infrastructures together...

The Cyber Security Summit: Seattle (Seattle, Washington, USA, July 19, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.

Health Cybersecurity Summit 2018 (Santa Clara, California, USA, July 20, 2018) Worried about being hacked? Not sure how to respond to a cyber incursion? The first line of defense is a cyber threat preparedness strategy that includes coordination with critical infrastructure and emergency...

Global Cyber Security Summit (Kathmandu, Nepal, July 27 - 28, 2018) Information Security Response Team Nepal (NPCERT) is all set to host a Global Cyber Security Summit (GCSS) on July 27 with the theme “Building Global Alliance for Cyber Resilience”. The two-day event aims...

SINET61 2018 (Melbourne, Victoria, Australia, July 31 - August 1, 2018) Promoting cybersecurity on a global scale. SINET – Melbourne provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance...

Community College Cyber Summit (3CS) (Gresham, Oregon, USA, August 2 - 4, 2018) 3CS is the only national academic conference focused on cybersecurity education at community colleges. Who should attend 3CS? College faculty and administrators, IT faculty who are involved or who would...

2018 Community College Cyber Summit (3CS) (Gresham and Portland, Oregon, USA, August 2 - 4, 2018) 3CS is organized and produced by the National CyberWatch Center, National Resource Center for Systems Security and Information Assurance (CSSIA), CyberWatch West (CWW), and Broadening Advanced Technological...

2nd Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, August 3, 2018) The 2nd summit on August 3 in Detroit, MI will be the top leadership summit on auto cybersecurity convening a who’s who of speakers in the automotive cybersecurity ecosystem. The inaugural summit included,...

2nd Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, August 3, 2018) The 2nd summit on August 3 in Detroit, MI will be the top leadership summit on auto cybersecurity convening a who’s who of speakers in the automotive cybersecurity ecosystem. The inaugural summit included,...

Black Hat USA 2018 (Las Vegas, Nevada, USA, August 4 - 9, 2018) Now in its 21st year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2018 opens with four days...

Audit Your Digital Risk (Washington, DC, USA, August 7 - 8, 2018) Recent reports indicate that manufacturing is the most heavily targeted industry for cyber attacks in the past year. According to a study released by NTT Security, 34% of all documented cyber attacks in...

DefCon 26 (Las Vegas, Nevada, USA, August 9 - 12, 2018) DEF CON has been a part of the hacker community for over two decades. $280.00 USD, cash for all four days. Everyone pays the same: The government, the media, the ‘well known hackers’, the unknown script...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.