Optimize your security teams with threat intelligence.
At Recorded Future, we believe every security team can benefit from threat intelligence. That's why we've launched our new Threat Intelligence Grader — so you can quickly assess your organization's threat intelligence maturity and get best practices for improving it. Get your Threat Intelligence Score™.
October 15, 2018.
By The CyberWire Staff
Late Friday Facebook released more information on the cyberattack that led it to log some ninety-million users out at the end of September. In brief, it seems that fewer users were affected than feared, but that the information exposed was more sensitive than hoped. Roughly thirty-million people were affected. One-million lost nothing. Fifteen-million lost name and contact details. Fourteen-million lost name, contact information, and other data they had in their profiles (username, gender, locale or language, relationship status, religion, hometown, date-of-birth, education, work, search history, etc.). Facebook's Help Center can tell users if they were among those affected.
Bloomberg's story of Chinese attacks on the IT supply chain remains controversial, but at this point reactions are trending toward skepticism. Bloomberg has been standing by its story, but one of those they interviewed in their follow-up piece, Sepio's Yossi Appleboum, told ServetheHome that he's disappointed his words were used to reinforce Bloomberg's claims that Supermicro was compromised: "I think they are innocent." He says instead it's a general problem and not even necessarily even a manufacturing one—attacks can occur anywhere in the supply chain.
The September 13th lethal explosion involving the Columbia Gas Low-pressure Natural Gas Distribution System in Massachusetts was greeted with speculation that the tragedy was caused by a cyberattack. But a preliminary report by the US National Transportation Safety Board concludes that it was indeed an accident.
Estonia joined the Netherlands' and UK's push to clarify EU sanctions for cyberattacks. Italy pushed back, preferring to relax tensions.
Today's issue includes events affecting Australia, Bahrain, Canada, China, Estonia, European Union, Germany, India, Italy, Kenya, Kuwait, Macedonia, New Zealand, Oman, Pakistan, Philippines, Qatar, Russia, Saudi Arabia, Turkey, United Arab Emirates, United Kingdom, United States.
Through the LookingGlass™: Top Trends to Keep Your Organization Cyber Aware
It’s 2018 and threat actors continue to leverage the same tactics – phishing, ransomware, social engineering – against their targets. The best way to fight these threats is to start with the basics. Join LookingGlass on Wednesday, October 24 @ 2PM ET for a discussion on how cyber criminals are leveraging ‘old’ tactics in ‘new’ ways. We’ll give you tips and tricks to avoid being a victim to the same old schemes. Sign up now!
Cyber Security Summits: October 16 in Phoenix and on November 29 in Los Angeles(Phoenix, Arizona, United States, October 16, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, The CIA, Verizon, AT&T, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com
SecurityWeek 2018 Industrial Control Systems (ICS) Cyber Security Conference(Atlanta, Georgia, United States, October 22 - 25, 2018) SecurityWeek’s ICS Cyber Security Conference is the conference where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber-incidents, analyze their causes and cooperate on solutions. Register today for the original ICS/SCADA Cyber Security Conference – October 22-25 in Atlanta.
Maryland Cybersecurity Career & Education Fair(Rockville, Maryland, United States, November 9 - 10, 2018) Join us for two dynamic days that put on display why Maryland is where cyber works. Friday will feature a career and education fair, connecting cybersecurity job seekers with opportunities across the state of Maryland. On Saturday, high school and undergraduate students compete in our cyber challenge.
Why Facebook's Breach Should Mean #DeleteFacebook But Won't(Forbes) The sad truth is that Facebook's network has become so ingrained in society across the world that we simply cannot function without it anymore and thus we'll look past the latest breach. What must change to make the Facebooks of the world more like the Googles?
Supply Chain Security 101: An Expert’s View(KrebsOnSecurity) Earlier this month I spoke at a cybersecurity conference in Albany, N.Y. alongside Tony Sager, senior vice president and chief evangelist at the Center for Internet Security and a former bug hunter at the U.S. National Security Agency.
Magecart Injects Skimmer Code in Customer Rating Widget(Security Boulevard) The groups of attackers who specialize in injecting payment card skimmer code called Magecart into online shops managed to compromise a third-party The Magecart payment card skimmer code was used to compromise a third-party customer rating plugin called Shopper Approved.
Pentagon Reveals Cyber Breach of Travel Records(SecurityWeek) The Pentagon said there has been a cyber breach of Defense Department travel records that compromised the personal information and credit card data of U.S. military and civilian personnel.
Security Patches, Mitigations, and Software Updates
Microsoft patch for Jet Engine Database Zero-day Bug is ‘incomplete’, making Windows still vulnerable(Cyware) Microsoft patch issued for zero-day in its JET Database Engine may not be a complete fix for the remote code execution vulnerability. The vulnerability (CVE-2018-8423) is a memory corruption vulnerability, and could also allow remote code execution on a targeted computer.
The vulnerability quoted as a zero-day was discovered by Trend Micro’s Zero Day Initiative (ZDI). The company swiftly notified Microsoft about the vulnerability. However, Microsoft did not patch the vulnerability for at least 135 days after Trend Micro’s notification.
Juniper issues seven critical updates(SC Magazine) Juniper Networks released a long list of security updates including seven critical flaws, six of which affect all platforms running Junos OS.
How to irregular cyber warfare(Errata Security) Somebody ( @thegrugq ) pointed me to this article on " Lessons on Irregular Cyber Warfare ", citing the masters like Sun Tzu, von Clausewitz...
10% would steal boss’s passwords, finds SailPoint(Business Computing World) Do you think about your digital identity? Many of us are at least somewhat in tune to our reputations – how we look, how we feel and what is happening in our social circles. However, the extension of ourselves in today’s digital world is not as material as the ways we often think of when we hear the word “identity.”
Who's Winning the Cybercrime Battle?(SecurityWeek) We all need to be aware of the need for innovative responses on the part of the security industry, to counter a threat industry which is innovating both technical and business models at a rapid pace.
PH banks build up defense vs cybercriminals(Business Inquirer) As the Philippines emerges as a hotbed of online gaming firms, it has also become an attractive target for international cybercriminals, challenging banks to invest in stronger firewall and IT risk management systems.
Nucleus Cyber Acquires Security Sheriff(PRWeb) Nucleus Cyber, the AI-driven data security company for the intelligent workplace, acquired the Security Sheriff platform from Cyxtera Technologies and launched int
Purging Long-Forgotten Online Accounts: Worth the Trouble?(SecurityWeek) The internet is riddled with long-forgotten accounts on social media, dating apps and various shopping sites used once or twice. Sure, you should delete all those unused logins and passwords. And eat your vegetables. And go to the gym.
Seven Security Activities You Should Automate(SecurityWeek) Automation can bring value to just about any security team, but the amount of value will depend entirely on how well you match it to your most pressing needs, existing security infrastructure, and organizational procedures.
PSD2: The real RTS deadline is closer than banks think(Fintech Finance) Let’s work backwards. Most banks know that the final deadline to comply with PSD2’s Regulatory Technical Standard (RTS) is 14th September 2019. Eleven months away. Following the amendments to the R…
Design and Innovation
PAID POST: Can blockchain save the vote?(TechCrunch) Elections are a symbol of hope and freedom, and the right to vote is an expression of belonging and of having a voice. We trust our electoral systems to preserve an immutable record of the voices we have raised, and the choices we have made. Yet the concept of “one person, one vote” is [&hel…
The Pentagon’s Push to Program Soldiers’ Brains(Defense One) DARPA’s developing capabilities still hover at or near a proof-of-concept stage. But that’s close enough to have drawn investment from some of the world’s richest corporations.
Amid Church Rift, Kremlin Vows To 'Protect Interests' Of Faithful In Ukraine(RadioFreeEurope/RadioLiberty) The Kremlin has issued a fresh warning following a key step in Kyiv's quest for an independent church that is recognized by the Orthodox Christian leadership, saying Russia will protect the interests of the faithful in Ukraine if the historic split leads to illegal action or violence.
Trump, Saudis Escalate Threats (Wall Street Journal) The White House and Saudi Arabia traded sharp words over the suspected killing of a dissident Saudi journalist as the case tests the Trump administration efforts to make the kingdom the linchpin of its Middle East policy.
FCC resorts to the usual malarkey defending itself against Mozilla lawsuit(TechCrunch) Mozilla filed a lawsuit in August alleging the FCC had unlawfully overturned 2015's net neutrality rules, by among other things "fundamentally mischaracteriz[ing] how internet access works." The FCC has filed its official response, and as you might expect it has doubled down on those fundamental mi…
Hybrid Identity Protection Conference(New York, New York, USA, November 5 - 6, 2018) Learn what cutting-edge industry leaders are doing to improve identity protection in the modern organization and how they are boosting enterprise security. Network with the world’s leading identity experts...
FAIRCON18(Pittsburgh, Pennsylvnia, USA, October 14 - 18, 2018) Focused on advancing cyber, operational risk management.The event will feature in-depth training seminars, insightful presentations from industry leaders, candid executive and practitioner-led discussions...
The Cyber Security Summit: Phoenix(Phoenix, Arizona, USA, October 16, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
Zero Day Con: Hacking Democracy(Washington, DC, USA, October 16, 2018) Join Zero Day Con and Strategic Cyber Ventures on October 16th in Washington, D.C. to examine the path forward in reducing our attack surface, managing risk, regaining control of our networks and data,...
FAIRCON18(Pittsburgh, Pennsylvania, USA, October 16 - 17, 2018) Hosted by the FAIR Institute and Carnegie Mellon University’s Software Engineering Institute (SEI) and the Heinz College of Information Systems and Public Policy, the 2018 FAIR Conference brings leaders...
PCI Security Standards Europe Community Meeting(London, England, UK, October 16 - 18, 2018) The PCI Security Standards Council’s 2018 Europe Community Meeting is THE place to be. We will provide you with the information and tools to help secure payment data. We lead a global, cross industry effort...
SecureWorld Cincinnati(Cincinnati, Ohio, USA, October 17, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...
2018 ISSA International Conference(Atlanta, Georgia, USA, October 17 - 18, 2018) Join us for solution oriented, proactive and innovative sessions focused on Securing Tomorrow Today. Every day, cyber threats become increasingly intricate and difficult to detect. No cyber security professional...
Fifth Annual Cyber Warfare Symposium(New York, New York, USA, October 18, 2018) The Fifth Annual Cyber Warfare Symposium is an annual one-day event presented by the Journal of Law & Cyber Warfare in conjunction with academia, government and private industry organizations at NYU School...
5th Annual Women in Cyber Security Reception(Washington, DC, United States, October 18, 2018) This annual networking event highlights and celebrates the value and successes of women in the cyber security industry. Leaders from the private sector, academia, and government from across the region...
2018 ICS Cyber Security Conference USA(Atlanta, Georgia, USA, October 22 - 25, 2018) SecurityWeek’s Industrial Control Systems (ICS) Cyber Security Conference is the largest and longest-running event series focused on industrial cybersecurity. Since 2002, the conference has gathered ICS...
Energy Tech 2018(Cleveland, Ohio, USA, October 22 - 26, 2018) The annual EnergyTech Conference & Expo is an organized event, supported by NASA and INCOSE, highlighting advancements in Energy, Smart-Grids and Microgrids, Aerospace, Critical Infrastructure, Security...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.