Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
November 30, 2018.
A CyberWire Daily News Briefing redesign is coming.
By the end of next week we'll have completed a new design for our email, the better to avoid falling into spam traps or becoming enmeshed in the array of anti-phishing measures enterprises increasingly deploy. You've seen some of the changes already with our addition of inline links to our summary.
When the redesign is complete, you'll see fewer links to suggested reading in the email itself. That selected reading will remain present in its entirety on our website, posted as always with the appropriate Daily News Briefing. We hope you'll find the new format more user-friendly. We'll announce the date of the rollout as it approaches. And, as always, thanks for subscribing and reading.
By The CyberWire Staff
Hotel-chain Marriott disclosed this morning that data belonging to about 500 million guests over the last four years have been illicitly accessed. Attackers have been in the company’s Starwood guest reservation database since 2014. The brands affected included more than just “Marriott:” W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels were all hit.
Starwood, acquired by Marriott in 2015, disclosed a smaller breach shortly after the acquisition closed. (KrebsOnSecurity).
Most of the affected guests, around 375 million of them, lost data that included contact information (name, address, phone number, email address) passport number, Starwood Preferred Guest account information, date-of-birth, and gender. An undisclosed number of guests also lost paycard information (ZDNet).
Another breach in the hospitality industry hit Dunkin’ Donuts, which sustained a credential-stuffing attack that yielded details of customers’ DD Perks loyalty accounts (HackRead). The hackers didn’t compromise Dunkin Donuts’ own systems, but merely tried credentials they’d gained in other, unrelated attacks on various third-parties. Dunkin’ Donuts discovered the issue at the end of October and strongly urge that its customers reset their passwords (and not reuse them across different accounts). There’s a brisk black market trade in all varieties of loyalty points on the dark web, and DD Perks points have been a staple in the souks for some time (Motherboard).
Fancy Bear is making another run at Germany's government: Bundestag, Bundeswehr, and embassies (Spiegel).
Today's issue includes events affecting Brazil, China, European Union, France, Germany, Democratic Peoples Republic of Korea, Lebanon, Russia, Turkey, Ukraine, United Arab Emirates, United Kingdom, United States.
How to Budget for Insider Threat Management, Proactively
According to a Ponemon Institute study, 34% of cybersecurity professionals said a lack of budget was a major barrier to effective insider threat management. So, how do you ask for the budget you need to proactively detect and stop insider threats? The latest guide from ObserveIT gives you the in-depth information you need to ask for a dedicated insider threat line item in your cybersecurity budget. Download The Guide to Budgeting for Insider Threat Management today.
ON THE PODCAST
In today's podcast, out later this afternoon, we speak with our partners at Dragos, as Robert M. Lee discusses the very notion of IoT hot water heaters taking down the power grid. Our guest is Michele Guel from Cisco, who offers her perspective as a pioneering woman in the industry.
Rapid Prototyping Event: The Turing Test(Columbia, Maryland, United States, December 11 - 13, 2018) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Prototyping Event in which participants implement an automated process to interact with a Microsoft Windows machine just as a human user may do with the goal being to fool a human judge who is monitoring target computers via Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC) into thinking a normal user is interacting with that machine and not an automated program or process.
Accenture: Russian hackers using Brexit talks to disguise phishing lures(Cyberscoop) A notorious Russian hacking group tried to exploit the latest flurry of Brexit-related news to spread malware to unsuspecting victims, according to a report from Accenture released Thursday. APT28, which Accenture refers to as SNAKEMACKEREL, used a malware-laced Microsoft Word document that appeared to be about the United Kingdom’s planned separation from the European Union to try breaching a wide variety of targets’ systems, researchers said.
Brazilian Financial Malware Spreads Beyond National Boundaries(SecurityWeek) A detailed analysis from security researchers shows how Brazilian financial malware is spreading beyond national boundaries to attack banks in Spanish-speaking countries through South and Latin America, and Portugal and Spain in Europe.
Marriott: Data on 500 Million Guests Stolen in 4-Year Breach(KrebsOnSecurity) Hospitality giant Marriott today disclosed a massive data breach exposing the personal and financial information on as many as a half billion customers who made reservations at any of its Starwood properties over the past four years.
Starwood Reservation Database Security Incident(Kroll) Marriott has taken measures to investigate and address a data security incident involving the Starwood guest reservation database. This site has information concerning the incident, answers to guests’ questions and steps you can take.
McAfee Labs 2019 Threats Predictions Report(McAfee Blogs) Our predictions for 2019 move away from simply providing an assessment on the rise or fall of a particular threat, and instead focus on current rumblings we see in the cybercriminal underground that we expect to grow into trends and subsequently threats in the wild.
Where Are the Corporate Patriots?(FDD) The U.S. military needed a small vessel that could transport troops and equipment from large oceangoing ships onto the beach. It was the late 1930s and Andrew Jackson Higgins, a small-boat builder in...
Would you hire a former hacker?(Computing) A panel of experts at Computing's recent Enterprise Security & Risk Management conference argue whether it's a good idea to hire a former black hat for an enterprise security role
Cyber Favorites: Lockheed and Raytheon(Cyber Favorites: Lockheed and Raytheon) Once the market plunge runs its course I think the most successful cyber security stocks will recover and resume their advances, suggests J
Federal team finds no intrusion on Maryland election systems(AP NEWS) A U.S. Department of Homeland Security team has found no evidence of intrusion on Maryland's election system. A report on the analysis by Hunt and Incident Response Team from the National Cybersecurity and Communications Integration Center was made public Thursday at a Maryland State Board of Elections meeting. Maryland officials had asked for an evaluation after learning in July about a transaction between a venture fund with Russian ties and a company involved in the state's election infrastructure.
DoJ charges Autonomy founder with fraud over $11BN sale to HP(TechCrunch) U.K. entrepreneur turned billionaire investor Mike Lynch has been charged with fraud in the U.S. over the 2011 sale of his enterprise software company. Lynch sold Autonomy, the big data company he founded back in 1996, to computer giant HP for around $11 billion some seven years ago. But within a y…
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Mid-Atlantic Collegiate Cyber Defense Competition(Laurel, Maryland, USA, March 28 - 30, 2019) The Mid-Atlantic Collegiate Cyber Defense Competition (MACCDC)—presented by the National CyberWatch Center—is a unique experience for college and university students to test their knowledge and skills...
Digital Utilities Europe 2019(London, England, UK, May 8 - 9, 2019) Following three successful editions of ACI’s Digital Utilities Europe Summit, the 4th edition will be taking place in London, United Kingdom on 8th-9th May 2019. The conference will bring together key...
Transport Security Congress(Washington, DC, USA, May 14 - 15, 2019) The Transport Security Congress brings together business and security leaders from all sectors of passenger and goods transportation to discuss solutions to the evolving security and safety risk landscape.
GovSummit(Washington, DC, USA, June 26 - 27, 2019) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information...
IEEE WIE Forum USA East(White Plains, New York, United States, November 29 - December 1, 2018) IEEE WIE Forum USA East 2018 focuses on developing and improving leadership skills for individuals at all stages of their careers. Attendees will have the opportunity to hear inspirational and empowering...
Securing Digital ID 2018(Alexandria, Virginia, USA, December 4 - 5, 2018) As an increasing number of transactions move online and are mobile-enabled, the conference will explore today’s complex world of digital identities and how they are used for strong authentication and remote...
First Annual Maryland InfraGard Cybersecurity Conference(College Park, Maryland, USA, December 5, 2018) InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely...
International Cyber Risk Management Conference(Hamilton, Bermuda, December 6 - 7, 2018) Now in its fourth year in Canada, the International Cyber Risk Management Conference (ICRMC) has earned a reputation as one of the world’s most trusted cyber security forums. We are proud to bring ICRMC...
2018 Cloud Security Alliance Congress(Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such...
Wall Street Journal Pro CyberSecurity Executive Forum(New York, New York, USA, December 11, 2018) The WSJ Pro Cybersecurity Executive Forum will bring together senior figures from industry and government to discuss how senior executives can best prepare for hacking threats, manage breaches, and work...
National Cyber League Fall Season(Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.