Optimize your security teams with threat intelligence.
At Recorded Future, we believe every security team can benefit from threat intelligence. That's why we've launched our new Threat Intelligence Grader — so you can quickly assess your organization's threat intelligence maturity and get best practices for improving it. Get your Threat Intelligence Score™.
September 25, 2018.
By The CyberWire Staff
According to reports in Deutsche Welle, Iran accused Saudi Arabia, the United Arab Emirates, and the United States of complicity in Saturday's terrorist attack on a military parade. The UAE called the allegations "baseless," the US said Iran should look to itself for the explanation, and Saudi Arabia said nothing.
The United Nations has suffered a data exposure incident. Last month a researcher found ways of accessing the UN's Trello tool, where he found ways into the UN's Google Docs and Jira pages. A range of sensitive information was exposed. The researcher disclosed his findings to the UN, but world body took notice only after the Intercept broke the story.
ESET found that the Kodi media platform is being successfully exploited by cryptojackers.
It's now six months since the city of Atlanta was hit with ransomware, and the city says the incident is now "over." But there's a sour taste in Georgia mouths—the local CBS affiliate reports that the city doesn't know who hit them, what they hit them with, or how much they've had to spend to fix things.
The SHEIN fashion retailer sustained a data breach in which records belonging to some 6.4 million customers were exposed. The incident happened in June, but SHEIN discovered it only late last month.
The US has announced a national strategy for "Quantum Information Science." Major companies meeting at the White House to discuss the strategy include JPMorgan Chase, IBM, and Google.
Mathematician Michael Atiyah says he's proved the Riemann hypothesis.
Today's issue includes events affecting Australia, Canada, China, Estonia, European Union, Germany, Iran, Montenegro, Netherlands, Norway, Russia, Saudi Arabia, Switzerland, United Arab Emirates, United Kingdom, United Nations, United States.
Is your company passionate about empowering women to succeed in the cyber security industry?
The CyberWire’s 5th Annual Women in Cyber Security reception is a networking event that highlights and celebrates the value and successes of women in the cyber security industry. Leaders from the private sector, academia, and government from across the region and at varying points on the career spectrum can connect with each other to strengthen relationships while building new ones. Consider sponsoring the event. Limited sponsorships are available. Visit our website to learn more.
FireEye Cyber Defense Summit 2018(Washington, DC, United States, October 1 - 4, 2018) Get trained by a FireEye expert at our annual Cyber Defense Summit. Training opportunities at this event offer attendees hands-on, small-group, interactive sessions with some of the most experienced FireEye cyber security experts.
CyberMaryland Job Fair on October 9 in Baltimore, MD.(Baltimore, Maryland, United States, October 9, 2018) Cleared and non-cleared cybersecurity pros make your next career move at the CyberMaryland Job Fair, October 9 in Baltimore. Meet leading cyber employers including Bank of America, FireEye, NSA, Raytheon, USCYBERCOM and more. Visit ClearedJobs.Net or CyberSecJobs.com for more details.
Dragos Industrial Security Conference (DISC) 11/5/18(Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit https://dragos.com/disc/ for more information.
Cyber Attacks, Threats, and Vulnerabilities
Iran threatens Saudi Arabia after Iran parade attack(Deutsche Welle) Tehran has blamed Saudi Arabia, the UAE and the US for acting from the shadows in the terror attack on a military parade in Ahvaz. Will Iran retaliate with military action as threatened — or is it just posturing?
New CVE-2018-8373 Exploit Spotted in the Wild(TrendLabs Security Intelligence Blog) We spotted another exploit, possibly in the wild, that uses the CVE-2018-8373 vulnerability. This exploit doesn't work on systems with updated Internet Explorer versions.
Merrill: Voting machines secure, despite Russian interference(The CT Mirror) Connecticut’s secretary of the state and two U.S. senators said Monday that Russian attempts to influence U.S. elections are real, but that the state’s counting and reporting of results are conducted off line and therefore resistant to hacking.
Beware of Hurricane Florence Relief Scams(KrebsOnSecurity) If you’re thinking of donating money to help victims of Hurricane Florence, please do your research on the charitable entity before giving: A slew of new domains apparently related to Hurricane Florence relief efforts are now accepting donations on behalf of victims without much accountability for how the money will be spent.
Users fret over Chrome auto-login change(Naked Security) Users were complaining this week after discovering they’d been logged in to Google’s Chrome browser automatically, after logging into a Google website.
5 Notable Security Incidents that Recently Affected Federal Entities(Security Boulevard) Digital attackers have a history of targeting public sector organizations. For its 2018 Data Breach Investigations Report (DBIR), Verizon Enterprise tracked 22,788 security incidents that affected the public sector. Data disclosure occurred in 304 of those events; digital espionage via phishing or the use of a backdoor served as the most common pattern.
City of Atlanta: Cyber attack 'over'(WGCL-TV | CBS 46) Six months later we still don't know who hacked us, the final price, what safeguards have been implemented or what was permanently lost.
Security Patches, Mitigations, and Software Updates
2018 Payment Security Report(Verizon Enterprise Solutions) Don't let your payment security let down your customers. Read this year's report from Verizon for the insights you need to drive PCI compliance.
Extortion, the Cloud, and the Geopolitical Landscape - Black Hat 2018 Survey Results(AlienVault) At Black Hat 2018, we surveyed attendees on diverse topics ranging from how to react to extortion, what impact the geopolitical landscape is having on the industry, and whether the shiny veneer of the cloud is beginning to fade. Our Security Advocate, Javvad Malik, has put together an excellent report on the survey. The report is based on our survey at the AlienVault booth of 963 participants at Black Hat 2018 and interviews with security experts. Read the whole report by Javvad.
Former Symantec boss takes over the Defense Innovation Unit(Defense News) Michael Brown spent two decades running companies in Silicon Valley, eventually rising to CEO of Symantec, one of the largest software companies in the world, with annual revenues of $4 billion and more than 10,000 employees.
France records big jump in privacy complaints since GDPR(TechCrunch) Another European data protection agency has reported a sharp rise in the numbers of complaints since the EU updated its privacy framework four months ago, when GDPR came into force, updating regional data protection rules and introducing much higher penalties for privacy violations. France’s …
Why Instagram’s founders are resigning: independence from Facebook weakened(TechCrunch) Facebook promised Instagram autonomy, but reduced it over time leading to today’s bombshell revelation. Eight years after launching Instagram and six years after selling it to Facebook, Instagram co-founders CEO Kevin Systrom and CTO Mike Krieger are leaving the company, according to The New …
Facebook’s plan to let companies it buys live independently is over(TechCrunch) Mark Zuckerberg was quick to realize that Facebook, the largest social network in the world, doesn’t have a monopoly on all users nor can it bank on holding its position as top dog forever. Thus he instituted a policy of buying up promising rivals and integrating them into the Facebook ‘…
Raytheon wins cybersecurity contract in Mideast(Trade Arabia) US-based Raytheon, a technology and innovation leader, has been awarded a multi-year contract for cybersecurity solutions and training, knowledge transfer and operational and support with a new government customer in the Mena Region.
How Bro IDS can Help Security Capture Institutional Knowledge for...(Bricata) A presentation at BroCon will demonstrate how Bro IDS can be used to capture institutional knowledge among security analysts while also providing better network traffic analysis and preparing for machine learning applications of the future. #bro #ids #opensource
Credit Freezes are Free: Let the Ice Age Begin(KrebsOnSecurity) It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history.
FCA proposes £30m fine over 2016 cyber attack(The Telegraph) The Financial Conduct Authority (FCA) has threatened to fine Tesco Bank up to £30mn after an "unprecedented and serious" cyber attack affected thousands of customers two years ago.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Cyber Security & Artificial Intelligence MENA Summit(Dubai, UAE, November 6 - 7, 2018) Cyber Security and Artificial Intelligence MENA Summit has been designed to bring you a remarkable opportunity to gain fresh insights into areas such as artificial intelligence and machine learning impact...
API Security Summit(London, England, UK, November 21, 2018) The API Security Summit, taking place in London on the 21st of November 2018 will bring together the financial services community, regulators, fintechs, TPPs and associations
from across UK and Europe to find solutions to the current lack of standardisation, debate what standards/legislation may emerge in 2019, and how to plan with these in mind.
2018 Cloud Security Alliance Congress(Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such...
IT Security Leadership Exchange(Phoenix, Arizona, USA, September 23 - 25, 2018) IT Security Leadership Exchange is an invitation-only, strategic business summit that gathers Chief Information Security Officers (CISOs), senior decision-makers, and industry experts to address the unique...
Global Security Exchange(Las Vegas, Nevada, USA, September 23 - 27, 2018) Global Security Exchange—formerly the ASIS Annual Seminar and Exhibits—delivers new opportunities to exchange key ideas and best practices, expand global connections, and experience innovations. The GSX...
Connect Security World 2018(Marseilles, France, September 24 - 26, 2018) While the number of IoT devices predicted by 2020 varies within tens of billions, all analysts agree that security is now the top concern of organizations looking at deploying IoT solutions. To address...
The Cyber Security Summit: New York(New York, New York, USA, September 25, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
5th Cyber Operations for National Defense Symposium(Washington, DC, USA, September 25 - 26, 2018) The 2018 Cyber Operations for National Defense Symposium will focus on the evolving nature of US Cyber policies and strategies. Cyber leaders from throughout the federal government will come together to...
PCI Security Standards North America Community Meeting(Las Vegas, Nevada, USA, September 25 - 27, 2018) The PCI Security Standards Council’s 2018 North America Community Meeting is THE place to be. We provide you the information and tools to help secure payment data. We lead a global, cross industry effort...
Hack the Capitol(Washington, DC, USA, September 26 - 27, 2018) The National Security Institute is partnering with the Wilson Center and ICS Village to host Hack the Capitol, a two-day event focused on Industrial Control Systems (ICS) and security. ICS are used throughout...
COSAC & SABSA World Congress(Kildare, Ireland, September 30 - October 4, 2018) For 25 years COSAC has delivered a trusted environment in which to deliver information security value from shared experience and intensive, productive, participative debate and development. Sales content...
Monterey Cyber Security Workshop 2018(Pacific Grove, California, USA, October 1 - 2, 2018) People with special expertise interested in making progress on the subjects at hand meet at the Monterey Incubator for a workshop to build an understanding of vital issues of the day. The workshop follows...
Cyber Defense Summit 2018(Washington, DC, USA, October 1 - 4, 2018) FireEye's annual Cyber Defense Summit will feature both training and an opportunity to hear from the experts. Introductory, intermediate and advanced training courses will be provided during the first...
Retail Cyber Intelligence Summit(Denver, Colorado, USA, October 2 - 3, 2018) Network with 250+ CISOs and their teams from retail and consumer facing industries: restaurants, hospitality, gaming, convenience, grocery and more. Share best practices, gain insights, network. This conference...
IP Expo Europe(London, England, UK, October 3 - 4, 2018) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forward. IP EXPO Europe is co-located at Digital Transformation EXPO...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.