Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
November 19, 2018.
By The CyberWire Staff
Cozy Bear is back. The other Russian cyber operational agency, quieter sister to GRU’s Fancy Bear and generally associated with either the FSB or SVR (both KGB descendants) has been engaged in spearphishing US targets. CrowdStrike and FireEye, among others, have discussed the discovery. CrowdStrike says Cozy Bear has been impersonating a US State Department official in the spearphishing emails. The payload is a link to a legitimate but compromised website. Targets form a familiar set of Cozy Bear interests: government agencies (including law enforcement), think tanks, and business intelligence services. Cozy Bear, by the way, is also known as “APT29,” “The Dukes,” or “PowerDuke” (ZDNet, Reuters).
Ukraine’s CERT, working with the country’s Foreign Intelligence Service, says it stopped battlespace preparation for a campaign that would have installed a new version of Pterodo espionage and attack-staging malware. There’s no attribution, but they note that the campaign appeared interested in former Soviet Republics (Ukrinform).
Researchers report a Gmail flaw that enables a user to add an arbitrary email address to the “From” field. Social engineering possibilities are obvious (HackRead).
Trend Micro is tracking the Outlaw criminal group, which is engaged in a renewed botnet campaign for cryptojacking, scanning, and brute-forcing of credentials.
The new US civilian cybersecurity agency, CISA, is now ready for its “groundbreaking.” President Trump signed legislation creating it into law at the end of last week (ZDNet).
Fears of infrastructure attacks continue to surface, notably in the UK’s Parliament (Guardian). CNBC offers a rundown of “cyber 9/11” possibilities.
Today's edition of the CyberWire reports events affecting Canada, Ethiopia, European Union, NATO/OTAN, Russia, Saudi Arabia, Ukraine, United Arab Emirates, United Kingdom, United Nations, United States.
What are the brightest minds are saying about network security?
We're asking knowledgeable security insiders like you to take a short survey. In return, we're offering all qualified respondents a chance to enter a drawing to win one of three gift cards valued at $50 each. Join other cybersecurity leaders and share your viewpoints. Click here to take the survey.
Cyber Security Summit: November 29 in Los Angeles(Los Angeles, California, United States, November 29, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The CIA, The City of Los Angeles, Verizon, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com
Rapid Prototyping Event: The Turing Test(Columbia, Maryland, United States, December 11 - 13, 2018) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Prototyping Event in which participants implement an automated process to interact with a Microsoft Windows machine just as a human user may do with the goal being to fool a human judge who is monitoring target computers via Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC) into thinking a normal user is interacting with that machine and not an automated program or process.
Beware: New wave of malware spreads via ISO file email attachments(Security Boulevard) We’ve seen a spike in malware concealed in ISO file email attachments. Learn more about this new threat and how you can protect yourself against ISO malware. The post Beware: New wave of malware spreads via ISO file email attachments appeared first on Emsisoft | Security Blog.
Emotet has some customized phish for you(Avira Blog) A new wave of Emotet Trojan malware is hitting Europe and the DACH region with the Avira Protection Lab recording over 3.6 million detections so far in 2018. Usually disguised as a phishing email, the latest variants of this Trojan have been fine-tuned to slip past the user defenses and worm their way into Local …
Outlaw Group Distributes Botnet for Cryptocurrency-Mining, Scanning, and Brute-Force(TrendLabs Security Intelligence Blog) We spotted two variants of activities from hacking group Outlaw. The script used in the first version of its bot has two functionalities: the miner and Haiduc-based dropper. The second variant of the code, distributed by the bot, was mainly designed to brute force and further exploit the Microsoft Remote Desktop Protocol and cloud administration cPanel in order to escalate the privileges.
McAfee Labs Discovers New Cryptojacking Malware ‘WebCobra’(Ibinex News) McAfee Labs researchers have discovered a new cryptojacking malware which stealthily extracts victims’ computing power to mine the cryptocurrencies Monero (XMR) or Zcash secretly. Originating in Russia and dubbed ‘WebCobra,’ this cryptocurrency mining malware drops and installs the Cryptonight miner or Claymore’s Zcash miner, depending on the configuration the malware finds. It is comparatively uncommon...
GandCrab Ransomware: Cat-and-Mouse Game Continues(BankInfo Security) A new, free decryptor has been released for "aggressive" crypto-locking ransomware called GandCrab. Researchers say GandCrab has come to dominate the ransomware-as-a-service market, earning its development team an estimated $120,000 per month.
Nok Nok Labs Introduces Strong Account Recovery(Nok Nok Labs) Today, more than 80 percent of mobile users typically require password reset (or account recovery) when using traditional username and passwords. Enterprise customers using the Nok Nok S3 Suite will be able to substantially reduce the need to address account recovery issues with their end users. Global organizations need to scale to meet the …
Microsoft Introduces edX-Based Cybersecurity Training Program(Campus Technology) Microsoft has introduced a new series of open access courses on cybersecurity that can be taken for free or, for more formal recognition, as a certificate program for a fee. The Microsoft Professional Program Cybersecurity track includes 12 courses — 10 of which must be completed successfully to earn the certificate. The program is hosted on edX and includes labs, community interaction and quizzes. Content is delivered online through videos.
Alert Logic Adds Managed Threat Intelligence Service(Security Boulevard) Alert Logic this week announced it is adding a managed threat management service based on compute resources running on the Amazon Web Services (AWS) Alert Logic is adding a managed threat management service based on compute resources running on the Amazon Web Services public cloud.
Modernization, people needed to drive Army's cyber capabilities(US Army) With an increase in digital connectivity and a rapid development of technologies, such as advanced computing, big data analytics, and artificial intelligence, the character of war has changed, making cyberspace a critical battlefield of the 21st cent...
Blockchain Like Using Sledgehammer on a Thumb Tack (Radio)(Bloomberg) Dr Zulfikar Ramzan - Chief Technology Officer, RSA Security, joined Rishaad Salamat and Bryan Curtis on Daybreak Asia to discuss trends he sees in cybersecurity for 2019, including cloud solutions and IoT. He goes on to explain why he thinks blockchain has been overhyped.
NATO To ‘Integrate’ Offensive Cyber By Members(Breaking Defense) "NATO is clear that we will not perform offensive cyberspace operations," said Maj. Gen. Wolfgang Renner. "However, we will integrate sovereign cyberspace effects from the allies who are willing to volunteer."
DOD reorgs to fuel cyber, AI and space opportunities(Washington Technology) At the immixGroup's annual Government IT Sales Summit, analysts describe how several DOD reorganization efforts will fuel new opportunities in cyber, space and artificial intelligence.
U.S. Is Optimistic It Will Prosecute Assange(Wall Street Journal) The Justice Department is preparing to prosecute WikiLeaks founder Julian Assange and is increasingly optimistic it will be able to get him into a U.S. courtroom.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Kingdom Cyber Security(Riyadh, Saudi Arabia, November 20 - 21, 2018) Setting a game plan to boost cyber resilience at the national level.
API Security Summit(London, England, UK, November 21, 2018) The API Security Summit, taking place in London on the 21st of November 2018 will bring together the financial services community, regulators, fintechs, TPPs and associations
from across UK and Europe to find solutions to the current lack of standardisation, debate what standards/legislation may emerge in 2019, and how to plan with these in mind.
The Cyber Security Summit: Los Angeles(Los Angeles, California, USA, November 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
IEEE WIE Forum USA East(White Plains, New York, United States, November 29 - December 1, 2018) IEEE WIE Forum USA East 2018 focuses on developing and improving leadership skills for individuals at all stages of their careers. Attendees will have the opportunity to hear inspirational and empowering...
Securing Digital ID 2018(Alexandria, Virginia, USA, December 4 - 5, 2018) As an increasing number of transactions move online and are mobile-enabled, the conference will explore today’s complex world of digital identities and how they are used for strong authentication and remote...
First Annual Maryland InfraGard Cybersecurity Conference(College Park, Maryland, USA, December 5, 2018) InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely...
International Cyber Risk Management Conference(Hamilton, Bermuda, December 6 - 7, 2018) Now in its fourth year in Canada, the International Cyber Risk Management Conference (ICRMC) has earned a reputation as one of the world’s most trusted cyber security forums. We are proud to bring ICRMC...
2018 Cloud Security Alliance Congress(Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such...
Wall Street Journal Pro CyberSecurity Executive Forum(New York, New York, USA, December 11, 2018) The WSJ Pro Cybersecurity Executive Forum will bring together senior figures from industry and government to discuss how senior executives can best prepare for hacking threats, manage breaches, and work...
National Cyber League Fall Season(Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.