2017 cyberattacks proved more numerous, sophisticated, and ruthless than in years past.
WannaCry, NotPetya, ransomware-as-a-service, and fileless attacks abounded. And, that’s not everything. The victims of cybercrime ranged from private businesses to the fundamental practices of democracy. Read The Cylance Threat Report: 2017 Year in Review Report and learn about the threat trends and malware families their customers faced in 2017.
September 19, 2018.
By The CyberWire Staff
The US State Department confirms that it's sustained a breach of its unclassified email system, with hundreds of staffers' information affected. ("Hundreds" is said to amount to about 1% of the Department's workforce.) The breach occurred earlier this year, and the principal concern is exposure of personal information.
Palo Alto Networks is tracking Iron Group, a Chinese-speaking criminal gang that’s distributing pseudoransomware. The malware steals and then destroys data; the ransom demand is just misdirection. The malicious code self-propagates across affected networks using backdoors exposed in a HackingTeam breach.
Bristol Airport still hasn't recovered from the "ransomware-like" attack it sustained at the end of last week.
Facebook has joined the companies offering to help political campaigns stay more secure during the US midterm elections. The social media platform is offering to help the campaigns set up two-factor authentication.
The US Defense Department has issued a new cyber strategy. That strategy assumes a contested cyberspace in both war and peace, and has the following major goals: mission assurance, enhanced US military advantage, defense of critical infrastructure, securing Defense information and systems, and expanded cooperation with all partners (US Government, industry, and allied).
A US Federal District Court has decided to allow juries to apply securities law to cases involving Initial Coin Offering (ICO) fraud. This is expected to set a precedent for more regulatory action in ICO markets.
The three young hackers responsible for the Mirai botnet are getting their sentences suspended. Instead of jail time, they're cooperating with the FBI.
Yesterday’s Scorecard Won’t Protect Your From Tomorrow’s Breach
With 56% of global organizations experiencing third party breaches, it’s no surprise that third party risk is the hottest cybersecurity topic. Threat actors will continue to target third parties as long as their vulnerabilities go unchecked. You need a 24x7x365 monitoring solution. Read LookingGlass’ eBook to learn how to build a successful third party risk program, so your organization isn’t left relying on old data to protect your employees, customers, and brand.
The Browser Can Win and Lose Midterm Elections(Washington, DC, United States, September 20, 2018) Join Authentic8 in DC for a happy hour and appetizers. Come learn how a browser can be tracked and used for campaign targeting, what technical hurdles are in the current campaign targeting landscape, and how you can protect yourself.
Cyber Security Summits: September 25 in NYC on October 16 in Phoenix(New York, New York, United States, September 25, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, The NSA, Google, IBM, Darktrace, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com
FireEye Cyber Defense Summit 2018(Washington, DC, United States, October 1 - 4, 2018) Get trained by a FireEye expert at our annual Cyber Defense Summit. Training opportunities at this event offer attendees hands-on, small-group, interactive sessions with some of the most experienced FireEye cyber security experts.
Dragos Industrial Security Conference (DISC) 11/5/18(Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit https://dragos.com/disc/ for more information.
They’re Drinking Your Milkshake: CTA’s Joint Analysis on Illicit Cryptocurrency Mining(Cyber Threat Alliance) In April, we blogged about CTA’s role in disrupting malicious cyber activity. We introduced the idea of routinely bringing our members together to develop Joint Analysis reports on specific threats and campaign activity, the same way our early members came together to report on the threat from Cryptowall Version 3 in 2015. Our goal with... View Article
Hackers stole customer credit cards in Newegg data breach(TechCrunch) Newegg is clearing up its website after a month-long data breach. Hackers injected 15 lines of card skimming code on the online retailer’s payments page which remained for more than a month between August 14 and September 18, Yonathan Klijnsma, a threat researcher at RiskIQ, told TechCrunch. …
State of the Internet Security - Credential Stuffing(Akamai) Credential stuffing, and the botnets behind this activity, is the primary focus of the State of the Internet Security Report, Issue 4, 2018. Credential stuffing, the use of botnets to try to login to a site with stolen or randomly...
Security Patches, Mitigations, and Software Updates
Intel releases firmware update for ME flaw(Naked Security) It’s only September and yet 2018 is well on its way to being remembered as the year of fixing flaws we didn’t realise were possible in hardware we’d never heard of.
Serious Security Vulns Patched In IBM i(IT Jungle) No good deed goes unpunished. Such as it is with cybersecurity, which demands unceasing attention paid to a never-ending stream of flaws and patches as the cost of remaining off the front page. To that end, IBM patched several more security flaws in IBM i last week, including two serious flaws in Node.js, five critical
The SiteLock Website Security Insider Q2 2018(SiteLock) Did you know that websites experience an average of 58 attacks per day? That’s one cyberattack approximately every 25 minutes! Even more startling, as much as 61 percent of all internet traffic is automated traffic from bots, meaning these attacks do not discriminate based on the size or popularity of a website. No website is too small or too new to hack.
Hackers beware: These 5 Austin cybersecurity firms are making a difference(Built In Austin) With major data leaks and malicious digital threats in the news on a near-daily basis, the need for cutting-edge cybersecurity is more apparent than ever. On an individual level, cyberthreats can damage one’s financial and personal life. On a broader economic level, a leading study reported that the world lost more than $600 billion in 2017 alone due to digital threats.
How to Protect Your SMB Clients from Ransomware(Security Boulevard) No company is too small to be devastated by a ransomware attack. In fact, small and medium-sized businesses (SMBs) are prime targets, and the number--and cost--of such attacks continues to rise.
How to Defend Against GPS Spoofing Attacks(Wall Street Journal) As ship and car makers race to roll-out self-driving technology, security researchers warn that attacks using fake GPS signals could increase and become more dangerous.
U.S.-Chile Executive Cyber Consultation(U.S. Department of State) Senior representatives from the United States and Chile participated in an Executive Cyber Consultation in Washington, D.C., August 23-24, 2018 to facilitate stronger bilateral cooperation on cyber issues, including government capacity to address emerging challenges and shared threats in cyberspace.
Air Space & Cyber Conference(National Harbor, Maryland, USA, September 17 - 19, 2018) Gain new insights and skills to advance your career. Be among the first to see the latest innovations in airpower, space, and cyber capabilities all the while bonding with your fellow Airmen. Inspiring...
SecureWorld St. Louis(St. Louis, Missouri, USA, September 18 - 19, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...
SINET Global Cybersecurity Innovation Summit(London, England, UK, September 18 - 19, 2018) SINET, an organization focused on advancing cybersecurity innovation through public-private collaboration, today announced that its annual Global Cybersecurity Innovation Summit (GCIS), will take place...
5th Annual Industrial Control Cyber Security USA(Sacramento, California, USA, September 18 - 19, 2018) Now in its 5th year, this two day executive forum will include presentations, roundtable working groups and panel sessions. Together we will address the escalating cyber risk and resilience challenges...
Security in our Connected World(Beijing, China, September 19, 2018) This year’s seminar will not only examine critical security technologies, such as the Trusted Execution Environment (TEE) and Secure Element (SE), but will also delve into their associated business and...
Detect 18(National Harbor, Maryland, USA, September 19 - 21, 2018) Detect '18 is the single largest conference dedicated to threat intelligence. This year we're calling on fellow "Threatbusters" to wage a high-tech battle against apparitions (aka bad actors) and learn...
Cyber Beacon(Washington, DC, USA, September 20, 2018) Cyber Beacon is the flagship event of the National Defense University's College of Information and Cyberspace (NDU CIC). The conference brings together cyber experts from across the national security community,...
IT Security Leadership Exchange(Phoenix, Arizona, USA, September 23 - 25, 2018) IT Security Leadership Exchange is an invitation-only, strategic business summit that gathers Chief Information Security Officers (CISOs), senior decision-makers, and industry experts to address the unique...
Global Security Exchange(Las Vegas, Nevada, USA, September 23 - 27, 2018) Global Security Exchange—formerly the ASIS Annual Seminar and Exhibits—delivers new opportunities to exchange key ideas and best practices, expand global connections, and experience innovations. The GSX...
Connect Security World 2018(Marseilles, France, September 24 - 26, 2018) While the number of IoT devices predicted by 2020 varies within tens of billions, all analysts agree that security is now the top concern of organizations looking at deploying IoT solutions. To address...
The Cyber Security Summit: New York(New York, New York, USA, September 25, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
5th Cyber Operations for National Defense Symposium(Washington, DC, USA, September 25 - 26, 2018) The 2018 Cyber Operations for National Defense Symposium will focus on the evolving nature of US Cyber policies and strategies. Cyber leaders from throughout the federal government will come together to...
PCI Security Standards North America Community Meeting(Las Vegas, Nevada, USA, September 25 - 27, 2018) The PCI Security Standards Council’s 2018 North America Community Meeting is THE place to be. We provide you the information and tools to help secure payment data. We lead a global, cross industry effort...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.