Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
November 29, 2018.
A CyberWire Daily News Briefing redesign is coming.
By the end of next week we'll have completed a new design for our email, the better to avoid falling into spam traps or becoming enmeshed in the array of anti-phishing measures enterprises increasingly deploy. You've seen some of the changes already with our addition of inline links to our summary.
When the redesign is complete, you'll see fewer links to suggested reading in the email itself. That selected reading will remain present in its entirety on our website, posted as always with the appropriate Daily News Briefing. We hope you'll find the new format more user-friendly. We'll announce the date of the rollout as it approaches. And, as always, thanks for subscribing and reading.
By The CyberWire Staff
FireEye warns that Russian threat actors are conducting opportunistic and worrisome reconnaissance of the North American power grid. FireEye calls the group they’ve been monitoring “TEMP.Isotope,” but it’s better known as either Dragonfly 2.0 or, of course, Energetic Bear. TEMP.Isotope seems interested, for now, in collection and not disruption. Some of that collection is thought to be designed with a view to improving Russian power distribution, but it’s difficult to read much of the rest as anything other than battlespace preparation (WIRED).
Russia’s Ukrainian battlespace is well-prepped, and newly kinetic in the Sea of Azov. Information operations have begun: Ukraine's protests against naval attacks are just, says Moscow, an “electoral ploy” (Radio Free Europe/Radio Liberty).
Another kinetic war—the one in Yemen—is spilling over into cyberspace. The Saudi-backed government and the Iran-backed Houthi rebels are contending for control of the Internet, blocking opponents, collecting intelligence, and conducting some online banditry (Foreign Policy).
Akamai reports that the UPnProxy vulnerability that enables exploitation of the Universal Plug and Play protocol is now being used to hit unpatched devices behind router firewalls. Attacks use EternalBlue and EternalRed, which the ShadowBrokers released (and said were NSA exploits) against targeted computers. Akamai calls the campaign “Eternal Silence” (TechCrunch). More than 45,000 routers are believed to be compromised so far (ZDNet).
Dell has warned of an attempted breach of its networks, and has taken the precaution of resetting customer passwords (Threatpost).
The US has indicted two Iranians on charges related to distribution of SamSam ransomware.
How to Budget for Insider Threat Management, Proactively
According to a Ponemon Institute study, 34% of cybersecurity professionals said a lack of budget was a major barrier to effective insider threat management. So, how do you ask for the budget you need to proactively detect and stop insider threats? The latest guide from ObserveIT gives you the in-depth information you need to ask for a dedicated insider threat line item in your cybersecurity budget. Download The Guide to Budgeting for Insider Threat Management today.
And of course, because it's Thursday, Hacking Humans is up. In this episode, "Be very aware of your desire to be right," Joe explains URLs and DNS. Dave has tips to prevent holiday skimming. A bogus bank barrister is the catch of the day. ("Barrister": that's "lawyer" to you, Yankee.) Writer Ben Yagoda explains cognitive biases.
Rapid Prototyping Event: The Turing Test(Columbia, Maryland, United States, December 11 - 13, 2018) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Prototyping Event in which participants implement an automated process to interact with a Microsoft Windows machine just as a human user may do with the goal being to fool a human judge who is monitoring target computers via Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC) into thinking a normal user is interacting with that machine and not an automated program or process.
UPnProxy: EternalSilence(Akamai) UPnProxy is alive and well. There are 277,000 devices, out of a pool of 3.5 million, running vulnerable implementations of UPnP. Of those, Akamai can confirm that more than 45,000 have been compromised in a widely...
Snakemackerel delivers Zekapab malware(Accenture) Snakemackerel delivered Zekapab malware the same day the UK government announced a draft of the Brexit agreement. Learn more about this cyber attack.
NUUO Firmware Disclosure(Digital Defense) Digital Defense, Inc. is disclosing a vulnerability identified in NUUO NVRmini2 Network Video Recorder devices discovered by our Vulnerability Research Team (VRT). We commend NUUO for their prompt response to the identified flaws and their engineering team’s work with VRT to provide fixes for these cyber security issues.
How bring-your-own-land attacks are challenging enterprises(SearchSecurity) Researchers at FireEye developed a bring-your-own-land approach that endpoint security tools can't detect. Learn how this is possible, what can be done to mitigate these attacks and how enterprises can stay safe with expert Nick Lewis.
What do AI, blockchain and GDPR mean for cybersecurity?(ABA Journal) Emerging technologies will affect cybersecurity in the coming years. Artificial intelligence and blockchain will play pivotal roles in data protection, creating new solutions, risks and regulatory headaches.
Corvus Raises $10 Million Series A(PRWeb) Boston-based InsurTech company, Corvus, announced a $10 million Series A investment led by .406 Ventures and Hudson Structured, along with expanded funding from...
Germany proposes security guidelines for routers, but not everybody is happy(Bitdefender) Anyone who has been reading the computer security headlines in recent years knows that there is a raging battle going on for control of home and SOHO broadband routers. Online criminals have woken up to the power they can exert through hijacking large numbers of routers into botnets, launching devastating distributed denial-of-service (DDoS) attacks, stealing …
Is security the real stuff of nightmares?(Help Net Security) With more customer data gathered and stored than ever before, the risk of implementing a sub-par security strategy effects every level of the organisation.
The greatest security innovations of 2018(Popular Science) Safety happens by the inch, through a relentless effort to stop the simple vulnerabilities that can lead to major threats—on our doorsteps, overseas, and in our streets.
Putin Accuses Poroshenko Of Electoral Ploy As Ukraine Imposes Martial Law(RadioFreeEurope/RadioLiberty) Martial law came into force across a large swath of Ukraine on November 28, following a clash at sea that Kyiv called an "act of aggression" by Moscow and Russian President Vladimir Putin claimed was a ploy to boost his Ukrainian counterpart's popularity ahead of an election in March.
Estonia’s CIO Tackles AI Strategy For Government(Wall Street Journal) As artificial intelligence weaves itself into the fabric of government services in the small Northern European country of Estonia, the government’s top technology executive says it’s necessary to formalize a strategy for how the technology should be used.
Litigation, Investigation, and Law Enforcement
Ransomware Suspects Indicted(Federal Bureau of Investigation) Two Iranian men were indicted in connection with the deployment of the sophisticated and sinister SamSam ransomware that crippled the operations of critical facilities in the U.S. and Canada.
Federal Indictments in SamSam Ransomware Campaign(Dark Reading) Two Iranian nationals have been indicted on multiple counts by a federal grand jury in connection with the SamSam ransomware attacks that struck government, critical infrastructure, and healthcare organizations.
U.S. Treasury Adds Digital Currency to Means of Identifying Sanctions Targets (Wall Street Journal) The move came as part of a joint action with the U.S. Justice Department in which prosecutors announced charges against an Iranian hacking cell allegedly running a ransomware scheme. The Treasury put sanctions on two men it said had laundered the millions of dollars worth of bitcoin gained from the scheme.
Facebook Considered Charging for Access to User Data(Wall Street Journal) Facebook considered charging third parties for access to user data several years ago, company emails show. Such a move would have departed from its policy against selling such data, court filings in a lawsuit against the company indicate.
Facebook staff discussed selling API access to apps in 2012-2014(TechCrunch) Following a flopped IPO in 2012, Facebook desperately brainstormed new ways to earn money. An employee of unknown rank sent an internal email suggesting Facebook charge developers $250,000 per year for access to its platform APIs for making apps that can ask users for access to their data. Employee…
School district fails to reclaim $120,000 wired by bank to scammer(HOTforSecurity) A school district in Indiana which had $120,000 transferred from its bank account after its email account was hacked, has failed in an attempt to reclaim the cash. The problems for Lake Ridge Schools began in October 12 2016 when money earmarked for part of a seven... #fraud #school #wirefraud
Symantec Tries To Delete Cyber Lab’s Antitrust Suit(Law360) Symantec Corp. on Monday urged a California federal judge to toss an antitrust suit accusing it and other cybersecurity firms of conspiring to boycott a software lab because its testing would reveal serious flaws in their own products.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Mid-Atlantic Collegiate Cyber Defense Competition(Laurel, Maryland, USA, March 28 - 30, 2019) The Mid-Atlantic Collegiate Cyber Defense Competition (MACCDC)—presented by the National CyberWatch Center—is a unique experience for college and university students to test their knowledge and skills...
Infosecurity and ISACA North America Expo and Conference(New York, New York, USA, November 20 - 21, 2019) In November 2019, Infosecurity North America and ISACA will align in the field of security, cybersecurity and risk management to create an incredible experience for attendees in programming, solutions...
The Cyber Security Summit: Los Angeles(Los Angeles, California, USA, November 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
IEEE WIE Forum USA East(White Plains, New York, United States, November 29 - December 1, 2018) IEEE WIE Forum USA East 2018 focuses on developing and improving leadership skills for individuals at all stages of their careers. Attendees will have the opportunity to hear inspirational and empowering...
Securing Digital ID 2018(Alexandria, Virginia, USA, December 4 - 5, 2018) As an increasing number of transactions move online and are mobile-enabled, the conference will explore today’s complex world of digital identities and how they are used for strong authentication and remote...
First Annual Maryland InfraGard Cybersecurity Conference(College Park, Maryland, USA, December 5, 2018) InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely...
International Cyber Risk Management Conference(Hamilton, Bermuda, December 6 - 7, 2018) Now in its fourth year in Canada, the International Cyber Risk Management Conference (ICRMC) has earned a reputation as one of the world’s most trusted cyber security forums. We are proud to bring ICRMC...
2018 Cloud Security Alliance Congress(Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such...
Wall Street Journal Pro CyberSecurity Executive Forum(New York, New York, USA, December 11, 2018) The WSJ Pro Cybersecurity Executive Forum will bring together senior figures from industry and government to discuss how senior executives can best prepare for hacking threats, manage breaches, and work...
National Cyber League Fall Season(Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.