Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
November 28, 2018.
A CyberWire Daily News Briefing redesign is coming.
By the end of next week we'll have completed a new design for our email, the better to avoid falling into spam traps or becoming enmeshed in the array of anti-phishing measures enterprises increasingly deploy. You've seen some of the changes already with our addition of inline links to our summary.
When the redesign is complete, you'll see fewer links to suggested reading in the email itself. That selected reading will remain present in its entirety on our website, posted as always with the appropriate Daily News Briefing. We hope you'll find the new format more user-friendly. We'll announce the date of the rollout as it approaches. And, as always, thanks for subscribing and reading.
By The CyberWire Staff
Cisco’s Talos group is tracking a threat actor running what Talos calls “DNSpionage” malware against Middle Eastern targets. Lebanon and the United Arab Emirates have attracted the most attention. At least two espionage campaigns are in progress. One phishes victims with bogus job listings that induce the users to open malicious Microsoft Office documents. The other redirects the DNS of legitimate domains. Talos, which regards the unknown threat actor as painstaking and focused, has been unable to draw connections with other known threats.
Citizen Lab (and Amnesty, which is “taking legal advice”) have recently drawn attention to apparent abuse of NSO Group’s Pegasus tool by various governments. Kaspersky has noticed that another company, government vendor Negg, seems to offer an iOS implant. This suggests to Kaspersky that iOS spyware may not be as rare as hitherto generally believed (Motherboard).
The Iranian threat group Cobalt Dickens is back, and actively prospecting targets in universities. Secureworks’ Counter Threat Unit says they’re after credentials, and using familiar social engineering tactics.
Facebook’s transatlantic grilling proceeds (WIRED). Company emails Westminster seized from a third party indicate that the social network knew about and investigated Russian data harvesting as early as 2014, two years before Facebook publicly acknowledged Moscow’s interest in election meddling (Telegraph).
The big sit-down in London provided the occasion for the immodestly-titled International Grand Committee on disinformation to release its “declaration on the Principles of Law Governing the Internet." The Committee’s nine nations want tech companies “fully answerable” to “organs of representative democracy.”
Today's issue includes events affecting Argentina, Australia, Belgium, Brazil, Canada, China, Finland, France, Germany, Iran, Ireland, Italy, Japan, Democratic Peoples Republic of Korea, Latvia, Lebanon, Malaysia, Netherlands, New Zealand, Russia, Singapore, Switzerland, Turkey, United Arab Emirates, United Kingdom, United States.
How to Budget for Insider Threat Management, Proactively
According to a Ponemon Institute study, 34% of cybersecurity professionals said a lack of budget was a major barrier to effective insider threat management. So, how do you ask for the budget you need to proactively detect and stop insider threats? The latest guide from ObserveIT gives you the in-depth information you need to ask for a dedicated insider threat line item in your cybersecurity budget. Download The Guide to Budgeting for Insider Threat Management today.
Cyber Security Summit: November 29 in Los Angeles(Los Angeles, California, United States, November 29, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The CIA, The City of Los Angeles, Verizon, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com
Rapid Prototyping Event: The Turing Test(Columbia, Maryland, United States, December 11 - 13, 2018) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Prototyping Event in which participants implement an automated process to interact with a Microsoft Windows machine just as a human user may do with the goal being to fool a human judge who is monitoring target computers via Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC) into thinking a normal user is interacting with that machine and not an automated program or process.
Bypassing CVE-2018-15442: Another case of DLL Hijacking(SecureAuth) As an exploit writer, one of my tasks consists of gathering common vulnerabilities and exposures (CVE) and all of the information related to them in order to design an exploit for Core Impact. As part of this process I stumbled across CVE-2018-15422: A vulnerability in the update service of Cisco WebEx Meetings Desktop App for Windows.
Back to School: COBALT DICKENS Targets Universities(SecureWorks) Despite indictments in March 2018, the Iranian threat group is likely responsible for a large-scale campaign that targeted university credentials using the same spoofing tactics as previous attacks.
Kaspersky Predicts ‘Bubble-Burst’ for cryptocurrency in 2019(BTC Wires) The month of November has brought quite a doom for the crypto World, right from bearish trend plunging the prices to new lows, to threats from crypto hackers robbing people of their hard-earned digital money. In short, the crypto world has not seen any breakthroughs be it price or security…
Beyond CASB Power: Check Point Announces General Availability for CloudGuard SaaS(Check Point Software) Check Point® Software Technologies Ltd. (NASDAQ: CHKP), ), a leading provider of cybersecurity solutions globally, , today announced the general availability of CloudGuard SaaS, an industry-first cloud suite designed to prevent sophisticated security threats that target SaaS applications. One of the latest additions to Check Point’s CloudGuard portfolio of cloud security products, CloudGuard SaaS protects …
What Certified Ethical Hacker Is and What It Is Not(EC-Council Official Blog) A) Ethical Hacking IS NOT Pentest We hear it on the internet; ‘XXX certification is better than a C|EH because you have to do an actual penetration test and submit a report’. The comparison is not only inaccurate; those who make it misunderstand the nature and content of the C|EH course and certification test. There... Read More
Here is How Open Source DIY Fatigue Saps Cybersecurity Resources(Bricata) Open source security tools often start as cost-saving DIY projects inside cybersecurity organizations, but as the network grows, these take more time to maintain and manage, which detracts from the task of actually protecting the network. #broids #ids #snortids
Why compliance is never enough(Help Net Security) Security leadership can steer senior management from focusing solely on compliance by educating them on what must be done to protect against cyber threats.
How to Save the Cybersecurity Industry(Security Boulevard) Traditional 'detect and respond' antivirus products are failing, as cyber-criminals grow ever more inventive and legacy solutions simply can't keep up with the explosion in new malware. In this video, we discuss what can be done to halt this trend.
NSA employees can get UTSA degrees through new program(ExpressNews) The University of Texas at San Antonio is one of eight higher education institutions around the country partnering with the National Security Agency to give agency employees the opportunity to get degrees in cybersecurity and languages.
How to fight fake news and other online threats(Times) ‘Fake news” is everywhere, to judge by the frequency with which it’s cited, from American political discourse to yesterday’s international parliamentary inquiry into Russian meddling. But it’s...
U.S. Senate Committee On Commerce, Science, & Transportation - Hearings(U.S. Senate Committee On Commerce, Science, & Transportation) U.S. Sen. Jerry Moran (R-Kan.), chairman of the Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security, will convene a subcommittee hearing titled “Oversight of the Federal Trade Commission,” at 2:30 p.m. on Tuesday, November 27, 2018.
Manafort Allegations Throw New Uncertainty into Russia Probe(VOA) Day after prosecutors accused President Trump's former campaign manager of repeatedly lying to them, trashing his agreement to tell all in return for a lighter sentence, he adamantly denies report in the Guardian that he had met secretly with Wikileaks founder Julian Assange in March 2016
Multiple botnets disrupted as part of anti-fraud operation(APN News) The internet scored a win after an FBI-led takedown disrupted a massive, multiyear scam that saw cyber criminals use botnets to manipulate internet traffic from 1.7 million IP addresses and generate nearly 30 million dollars in fraudulent ad revenue. F-Secure supported the takedown operation by providing threat intelligence on the scam’s malware […]
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Infosecurity and ISACA North America Expo and Conference(New York, New York, USA, November 20 - 21, 2019) In November 2019, Infosecurity North America and ISACA will align in the field of security, cybersecurity and risk management to create an incredible experience for attendees in programming, solutions...
The Cyber Security Summit: Los Angeles(Los Angeles, California, USA, November 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
IEEE WIE Forum USA East(White Plains, New York, United States, November 29 - December 1, 2018) IEEE WIE Forum USA East 2018 focuses on developing and improving leadership skills for individuals at all stages of their careers. Attendees will have the opportunity to hear inspirational and empowering...
Securing Digital ID 2018(Alexandria, Virginia, USA, December 4 - 5, 2018) As an increasing number of transactions move online and are mobile-enabled, the conference will explore today’s complex world of digital identities and how they are used for strong authentication and remote...
First Annual Maryland InfraGard Cybersecurity Conference(College Park, Maryland, USA, December 5, 2018) InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely...
International Cyber Risk Management Conference(Hamilton, Bermuda, December 6 - 7, 2018) Now in its fourth year in Canada, the International Cyber Risk Management Conference (ICRMC) has earned a reputation as one of the world’s most trusted cyber security forums. We are proud to bring ICRMC...
2018 Cloud Security Alliance Congress(Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such...
Wall Street Journal Pro CyberSecurity Executive Forum(New York, New York, USA, December 11, 2018) The WSJ Pro Cybersecurity Executive Forum will bring together senior figures from industry and government to discuss how senior executives can best prepare for hacking threats, manage breaches, and work...
National Cyber League Fall Season(Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.