Optimize your security teams with threat intelligence.
At Recorded Future, we believe every security team can benefit from threat intelligence. That's why we've launched our new Threat Intelligence Grader — so you can quickly assess your organization's threat intelligence maturity and get best practices for improving it. Get your Threat Intelligence Score™.
September 26, 2018.
By The CyberWire Staff
Cryptojacking continues to preoccupy cybercriminals. They're succeeded in restocking Google Play with at least twenty-five cryptomining apps, according to researchers at Sophos. Google has ejected some of the cryptojackers, but not all, and when they finish the purge, others are likely to take their place. Most of the apps use embedded Coinhive code to mine Monero. A lot of them masquerade as games; others represent themselves as test prep tools. If you're preparing for the LSAT, the SAT, the ACT, the GRE, the MCAT, or even the PSAT, look elsewhither.
The runner-up in cybercrime remains ransomware. Scotland's Arran Brewery was hit with a targeted version of Dharma Bip last week. They declined to pay the ransom and have, they say, recovered. The infection vector was an emailed cover letter accompanying a job application.
In response to user backlash, Google has decided to offer an opt-out for its automatic Chrome login.
The US Congress is holding hearings this week on privacy, and Big Tech, which fears an American GDPR, is taking them seriously.
As US midterm elections approach, state and Federal officials are talking (and seem to be doing) a great deal about securing voting systems. The political campaigns themselves, however, seem to be a different kettle of fish. A lot of them appear to be sliding into learned helplessness about their own data and communications—it's difficult and expensive to secure things, so maybe they should hope for the best. Expect some doxing, at least, as campaigns enter their endgames.
Today's issue includes events affecting Brunei, Cambodia, Canada, China, India, Indonesia, Laos, Malaysia, Myanmar, Philippines, Russia, Singapore, Spain, Thailand, United Arab Emirates, United Kingdom, United States, and Vietnam.
Is your company passionate about empowering women to succeed in the cyber security industry?
The CyberWire’s 5th Annual Women in Cyber Security reception is a networking event that highlights and celebrates the value and successes of women in the cyber security industry. Leaders from the private sector, academia, and government from across the region and at varying points on the career spectrum can connect with each other to strengthen relationships while building new ones. Consider sponsoring the event. Limited sponsorships are available. Visit our website to learn more.
FireEye Cyber Defense Summit 2018(Washington, DC, United States, October 1 - 4, 2018) Get trained by a FireEye expert at our annual Cyber Defense Summit. Training opportunities at this event offer attendees hands-on, small-group, interactive sessions with some of the most experienced FireEye cyber security experts.
CyberMaryland Job Fair on October 9 in Baltimore, MD.(Baltimore, Maryland, United States, October 9, 2018) Cleared and non-cleared cybersecurity pros make your next career move at the CyberMaryland Job Fair, October 9 in Baltimore. Meet leading cyber employers including Bank of America, FireEye, NSA, Raytheon, USCYBERCOM and more. Visit ClearedJobs.Net or CyberSecJobs.com for more details.
Dragos Industrial Security Conference (DISC) 11/5/18(Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit https://dragos.com/disc/ for more information.
Cyber Attacks, Threats, and Vulnerabilities
Hackers attack RWE website amid Hambach Forest evictions(Deutsche Welle) Unknown hackers have launched large-scale DDoS attacks against German energy company RWE, crippling its website. The attack comes as police clear protesters from the Hambach Forest site where RWE plans to mine for coal.
Mac OS Mojave zero-day warning(ComputerWeekly) The latest version of Apple’s Mac operating system contains a vulnerability that could be exploited by attackers to access protected files, a researcher warns.
Which Mobile Threats Do You Need to Prepare For?(Security Intelligence) As the workforce has embraced digital transformation, the volume and frequency of mobile threats has skyrocketed. Which threats should your organization be worried about?
DoorDash customers say their accounts have been hacked(TechCrunch) Food delivery startup DoorDash has received dozens of complaints from customers who say their accounts have been hacked. Dozens of people have tweeted at @DoorDash with complaints that their accounts had been improperly accessed and had fraudulent food deliveries charged to their account. In many c…
Meet Your Uninvited Guest- The Capitalistic Cybercriminal(CRN) As long there is money to be made, cybercriminals will continue to take advantage of our security weakness to pick our pockets! And hackers are a dime a dozen, with lots of tools at their disposal. Check out this Cyber Threat Report, brought to you by Sophos, to learn more about the capitalistic cybercriminal and the money behind malware.
Security Patches, Mitigations, and Software Updates
McAfee Labs Threats Report(McAfee Labs) Welcome to the McAfee® Labs Threats Report September 2018. In this edition, we highlight the notable investigative research and trends in threats statistics gathered by the McAfee Advanced Threat Research and McAfee Labs teams in Q2 of 2018.
Cryptojacking Uncrowns Ransomware as Major Threat for Healthcare Industry(Security Boulevard) The healthcare industry is among the top targets of cyberattacks, especially since the internet of things found its way into the industry and completely revolutionized it. After healthcare’s share of ransomware attacks in 2017, and a great deal of data theft, phishing and more ransomware in 2018, cybercriminals gradually switched methods, tapping into the cryptojacking space.
Genesis10 and HolistiCyber Form Partnership(Genesis10) Genesis10 announced plans to formally partner with HolistiCyber in order to complement the firm’s IT Services. HolistiCyber is an Israel-based, global provider of the most sophisticated, nation-state-level cybersecurity services and capabilities,
Verizon Digital Media Services Unleashes Managed Cloud Security(Channel Partners) Verizon Digital Media Services' managed cloud security offering complements features previously available within the cloud security solution, including a dual web application firewall (WAF), distributed denial-of-service (DDoS) protection, bot management and real-time analytics and reporting.
Without Handcuffs: Creating A Culture of Compliance(SecurityWeek) Over time, holding people responsible will lead individuals to see how their actions impact the security of the organization and come to consider themselves responsible for the security of the company.
Blockchain and GDPR, Can they go hand to hand with each other?(Crytpoground) The discussion around the General Data Protection Regulation (GDPR) crosswise over the European Union (EU) countries is substantially more seasoned than the information wellbeing contentions related to Facebook, Target, and numerous different organizations.
Zephyr and Fuchsia take different paths to security(LinuxGizmos.com) At the recent Linux Security Summit, NSA computer researchers describe their contributions to security code in Zephyr and Fuchsia OSes. Each security stack differs considerably from each other and from Linux.
Purdue, Infosys Detail Cybersecurity Training Efforts(Inside Indiana Business) India-based Infosys (NYSE: INFY) and Purdue University are providing more details on one aspect of a partnership announced more than a year ago. The university says it will provide intensive cybers...
German cyber defense blends military and commerce(Deutsche Welle) A cyber defense training pact has been signed by Deutsche Telekom and Germany's Bundeswehr. Their deal expands a network of commercial and federal information security hubs centered in Bonn.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
4th European Cybersecurity Forum – CYBERSEC(Krakow, Poland, October 8 - 9, 2018) CYBERSEC is a public policy conference dedicated to strategic aspects of cyberspace and cybersecurity. CYBERSEC 2017 brought together record-breaking 150 speakers and more than 1,000 delegates from all...
Cyber Security & Artificial Intelligence MENA Summit(Dubai, UAE, November 6 - 7, 2018) Cyber Security and Artificial Intelligence MENA Summit has been designed to bring you a remarkable opportunity to gain fresh insights into areas such as artificial intelligence and machine learning impact...
API Security Summit(London, England, UK, November 21, 2018) The API Security Summit, taking place in London on the 21st of November 2018 will bring together the financial services community, regulators, fintechs, TPPs and associations
from across UK and Europe to find solutions to the current lack of standardisation, debate what standards/legislation may emerge in 2019, and how to plan with these in mind.
2018 Cloud Security Alliance Congress(Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such...
Global Security Exchange(Las Vegas, Nevada, USA, September 23 - 27, 2018) Global Security Exchange—formerly the ASIS Annual Seminar and Exhibits—delivers new opportunities to exchange key ideas and best practices, expand global connections, and experience innovations. The GSX...
Connect Security World 2018(Marseilles, France, September 24 - 26, 2018) While the number of IoT devices predicted by 2020 varies within tens of billions, all analysts agree that security is now the top concern of organizations looking at deploying IoT solutions. To address...
5th Cyber Operations for National Defense Symposium(Washington, DC, USA, September 25 - 26, 2018) The 2018 Cyber Operations for National Defense Symposium will focus on the evolving nature of US Cyber policies and strategies. Cyber leaders from throughout the federal government will come together to...
PCI Security Standards North America Community Meeting(Las Vegas, Nevada, USA, September 25 - 27, 2018) The PCI Security Standards Council’s 2018 North America Community Meeting is THE place to be. We provide you the information and tools to help secure payment data. We lead a global, cross industry effort...
Hack the Capitol(Washington, DC, USA, September 26 - 27, 2018) The National Security Institute is partnering with the Wilson Center and ICS Village to host Hack the Capitol, a two-day event focused on Industrial Control Systems (ICS) and security. ICS are used throughout...
COSAC & SABSA World Congress(Kildare, Ireland, September 30 - October 4, 2018) For 25 years COSAC has delivered a trusted environment in which to deliver information security value from shared experience and intensive, productive, participative debate and development. Sales content...
Monterey Cyber Security Workshop 2018(Pacific Grove, California, USA, October 1 - 2, 2018) People with special expertise interested in making progress on the subjects at hand meet at the Monterey Incubator for a workshop to build an understanding of vital issues of the day. The workshop follows...
Cyber Defense Summit 2018(Washington, DC, USA, October 1 - 4, 2018) FireEye's annual Cyber Defense Summit will feature both training and an opportunity to hear from the experts. Introductory, intermediate and advanced training courses will be provided during the first...
Retail Cyber Intelligence Summit(Denver, Colorado, USA, October 2 - 3, 2018) Network with 250+ CISOs and their teams from retail and consumer facing industries: restaurants, hospitality, gaming, convenience, grocery and more. Share best practices, gain insights, network. This conference...
IP Expo Europe(London, England, UK, October 3 - 4, 2018) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forward. IP EXPO Europe is co-located at Digital Transformation EXPO...
Borderless Cyber USA 2018(Washington, DC, USA, October 3 - 5, 2018) How do you future proof your cybersecurity strategy? Can you identify and report cyber incidences so you can respond quickly to manage consequences? Public and private sector cyber experts from across...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.