skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

UpGuard found 450 million Facebook user records exposed online. TechCrunch notes the data were in unsecured AWS buckets belonging to third-parties Cultura Collectiva and now-defunct At The Pool. Reuters says the information has now been taken down.

According to Reuters, pharmaceutical and agricultural chemical giant Bayer this morning announced that it had sustained a network intrusion by the Winnti group. Active since at least 2010, Winnti has been associated with Chinese intelligence services, cutting its teeth on monitoring disfavored domestic populations (including Uyghurs and Tibetans) and then moving on to industrial espionage. The goal of the operation seems to have been data theft, not attacks on industrial control systems. Bayer detected and contained the attack last year, and have been quietly monitoring it since.

Booz Allen researchers tracking GlitchPOS (described earlier by Cisco Talos) report that the malware has evolved, which suggests strongly that its masters are actively maintaining it. Its most interesting new functionality is an offline mode, which could enable targeting of systems without direct Internet connections, and which might also represent a quieter mode of operation, reducing chatter to command-and-control servers.

AT&T Cybersecurity's Alien Labs reports finding a Python-based bot scanner, "Xwo," actively looking for exposed services and default passwords left in use.

Apps really do ask for a lot more permissions in users' mobile devices than they reasonably need, a Wandera study concludes.

NSA has placed its Ghidra reverse engineering tool's source code on GitHub.

Venezuela's Chavista regime continues its unlikely insistence that it's under cyberattack.

Notes.

Today's issue includes events affecting China, Germany, India, Iran, Israel, NATO/OTAN, Pakistan, Russia, United Kingdom, United States, and Venezuela.

A note to our readers: The CyberWire is a finalist in the Cybersecurity Association of Maryland's 2019 Awards, eligible to win the 2019 People's Choice Award, and we'd appreciate your support. Please vote for us here, and feel free to spread the word. The deadline for voting is 4:00 PM Eastern Time on April 11th. Thanks for your support.

Outsmarting Attackers with Deep Learning

Adversaries are creating new attacks at such a speed and volume that signature and sandbox-based threat detection can’t keep up. Deep learning can help. By exposing neural nets to threat data, deep learning can learn to identify malicious traffic, even zero days seen for the first time. But why are advances possible today? How does deep learning differ from machine learning? Where’s the best place to apply deep learning? Get the answers here.

In today's podcast, out later this afternoon, we speak with our partners at Cisco Talos, as Craig Williams describes their research on GlitchPOS malware. Out guest is Leo Simonovich from Siemens, who discusses challenges and opportunities in the energy sector.

And Hacking Humans is up. In this episode,"Girl Scouts empowering cyber security leaders," Carole Theriault returns with a story about special badges Girl Scouts can earn for cyber security. And there's more: Dave describes a survey of call center security methods. Joe explains a spam campaign raising the specter of a flu pandemic to scare people into enabling macros in an Office document. The catch of the day highlights a Facebook scammer promising a prize-winning windfall. 

Cyber Attacks, Threats, and Vulnerabilities

Fake CIA Sextortion Scam Uses SatoshiBox (Trustwave) Another round of sextortion scam emails with a pdf attachment were pushed out recently claiming to be from the Central Intelligence Agency (CIA). What's new in this batch of spams is that this is the first time we have seen the scammers use an online web platform in collecting the ransom.

Bromium finds collection of US web servers used for malware distribution (Bromium) Bromium documents a collection of web servers located in the US used to distribute 10 major malware families in large-scale malicious spam campaigns.

Discovering Hidden Twitter Amplification (News from the Lab) As part of the Horizon 2020 SHERPA project, I’ve been studying adversarial attacks against smart information systems (systems that utilize a combination of big data and machine learning). Soc…

Threat Spotlight: Document-Based Malware (Barracuda) This Threat Spotlight highlights a recent increase in document-based malware and looks at how modern security solutions can detect these attacks.

Israel readies for election as experts warn of cyber threats (Washington Post) Israelis prepare for elections next week as experts warn country is vulnerable to foreign hacks, cyber campaigns

Xwo - A Python-based bot scanner (AT&T Cybersecurity) Recently, AT&T Alien Labs identified a new malware family that is actively scanning for exposed web services and default passwords. Based on our findings we are calling it “Xwo” - taken from its primary module name. It is likely related to the previously reported malware families Xbash and MongoLock.Alien Labs initially identified Xwo being served from a server serving a file named xwo.exe. Below are the

‘Back door’ on Huawei laptops could have let in Chinese spies (Times) Huawei laptops featured a “back door” that could have allowed strangers to spy on their users, increasing fears around Chinese espionage Microsoft researchers who discovered the fault in the...

Deepfakes: The next level of fake news in the Middle East is upon us (Gulf News) According to Booz Allen Hamilton, attacks on e-commerce sites are also rising

Researchers find 540 million Facebook user records on exposed servers (TechCrunch) Security researchers have found hundreds of millions of Facebook user records sitting on an inadvertently public storage server. The two batches of user records were collected and exposed from two third-party companies, according to researchers at security firm UpGuard, who found the data. In the r…

Millions of Facebook user records exposed in data breach (The Telegraph) Millions of Facebook user records have been "exposed to the internet" in what could be the latest Cambridge Analytica-style shambles for the social network, cyber security researchers have revealed.

Facebook removes exposed user records stored on Amazon's servers (Reuters) Facebook Inc said on Wednesday that it removed public databases containing its u...

Losing Face: Two More Cases of Third-Party Facebook App Data Exposure (UpGuard) Third-party Facebook apps gather Facebook data about the people who use them. While Facebook struggles to contain these exposures, insecure third-party data practices & misconfigured cloud systems continue to leak Facebook data to the internet. See how UpGuard discovered and secured two such cases.

Removing Coordinated Inauthentic Behavior and Spam From India and Pakistan (Facebook Newsroom) We've removed Pages, Groups and accounts for violating Facebook's policies on coordinated inauthentic behavior or spam.

'Memsad' software rot threatens to leak your digital secrets (The Parallax) IOActive’s director of penetration testing says memsad causes software to expose passwords, keys, and tokens we use to protect our data. And the rot has spread far and wide.

Hospital viruses: Fake cancerous nodes in CT scans, created by malware, trick radiologists (Washington Post) Researchers in Israel created malware to draw attention to serious security weaknesses in medical imaging equipment and networks.

The 'permission' question is much different for iOS and Android apps, researchers say (CyberScoop) It’s 2019, and digital scammers are going mobile. Do you know what your permissions allow? An analysis of 30,000 iOS applications released Wednesday by Wandera shows that social networking, weather, and e-commerce apps request access to lots of valuable information about users.

iOS app permissions – are your apps asking too much? (Wandera) We purchase and download apps, giving them endless permissions without hesitation so we can access all the flashy functionality they have to offer. But at what cost? It’s time to stop and read the fine print on iOS app permissions.How do iOS app permissions work?iOS app permissions allow you

Is your hard drive exposed online? (Naked Security) Over 13,500 internet-connected storage devices have been exposed online by users who didn’t set passwords for them.

Pharmaceutical giant Bayer targeted by cyberattack, threat 'contained' (ZDNet) The German company says the Winnti hacking group is to blame.

Bayer says has detected, contained cyber attack (Reuters) Germany's largest drugmaker, Bayer, said it had detected and contained a cy...

“Sophisticated” Verizon phishing scam takes a mobile-first approach (SC Media) Verizon customers are being targeted by a phishing campaign with a mobile-first approach to infecting users.

Sidney residents hit with scam targeting Verizon customers (KNOP News) Sidney residents hit with scam targeting Verizon customers. Police Chief Joe Aikens says the text message claims a new PIN must be entered to gain access to My Verizon account.

A Spot of Ransomware Hits AriZona's Tea (Infosecurity Magazine) AriZona Beverages has been targeted with a massive ransomware attack.

Security Patches, Mitigations, and Software Updates

Patch Android now! April updates fixes three critical flaws (Naked Security) Android’s April update includes two critical CVE-level patches among a total of 11 affecting handsets running versions 7, 8, and 9.

Huawei patches laptop software that acted like NSA-style malware (The Verge) The bug was patched back in January.

NVIDIA Fixes Flaws in Linux4Tegra Driver for Jetson AI Supercomputers (BleepingComputer) NVIDIA released a security update for the Jetson TX1 and TX2 to patch vulnerabilities discovered in the Linux for Tegra driver package that could enable local attackers with basic user privileges to elevate privileges and to perform privilege escalation, denial-of-service (DoS) or information disclosure attacks.

Apache Patches Carpe Diem Vulnerability in Web Server Update (eWEEK) The open-source Apache Web Server project has patched six flaws in the new 2.4.39 update, including a critical issue that could potentially put cloud and shared web hosting providers at risk.

Cyber Trends

NSA's top lawyer on surveillance and new challenges coming with 5G network (CBS News) On "Intelligence Matters" this week with Michael Morell, Glenn Gerstell discusses the challenges that will come with newer, faster networks -- like figuring out what privacy means to us, for instance

Unbeknownst to Many, IoT Devices (And Their Cyber Risk) Are Everywhere | Legaltech News (Legaltech News) The number of internet of things devices inside organizations continues to grow, and with it so do the points of vulnerability for employees who may not give them a second thought.

Cyber Attacks: 50% Of Those Hit Are Hit Monthly, And Iran Hits Hardest Of All (Forbes) A U.K. government report claims a reduction in cyber attacks on companies in 2018, although those being hit are being hit harder. The news comes just as U.K. officials admitted a serious cyber breach on government data last December, being blamed on Iran.

Bitglass 2019 Insider Threat Report: 41 Percent of Organizations Do Not Monitor User Behavior Across Their Cloud Footprints (BusinessWire) Bitglass released Threatbusters, its 2019 Insider Threat Report, which shows insider attacks are on the rise.

'Island hopping' cyberattacks growing in popularity, claims Carbon Black (CRN) Hackers are increasingly targeting supply chains as well as networks, according to report from endpoint security vendor Carbon Black

Focus on Business Priorities Exposing Companies to Avoidable Cyber-Risk (Dark Reading) Despite the growing sophistication of threats and increase compliance requirements, a high percentage of organizations are continuing to compromise their security.

Parks Associates: New Professionally Monitored Subscribers Spend $5 More Per Month On Their Services Than Average Security Households (PR Newswire) Security research from Parks Associates finds consumers who bought their home security system in the past 12 months spend ...

Marketplace

Facebook is partnering with a big UK newspaper to publish sponsored articles downplaying 'technofears' and praising the company (Business Insider) After years of negative headlines, Facebook has found a solution: Buying positive press.

The Improbable Rise of Huawei (Foreign Policy) How did a private Chinese firm come to dominate the world’s most important emerging technology?

GSA adds new cyber services to its tech acquisition vehicle (Fifth Domain) The new contract format better addresses the government's need to protect high value assets, according to the General Services Administration.

The Army is willing to spend big to support the cyber mission (Fifth Domain) A $982 million contract will cover research and development in support of cyber electromagnetic activities.

Insurers Take The Guesswork Out Of Small Business Cyber Insurance (PYMNTS.com) The threat of a small business cyberattack has introduced a conundrum for the rising InsurTech market. The demand for cyber insurance is on the rise, with the sector expected to reach a $7.5 billion valuation by the end of the decade, with small businesses a rising customer demographic. Yet those small companies remain one of […]

Cyber and executive risks are hard to divorce in today’s threat landscape (Insurance Business) From M&A activity to a rise in regulation, boards and C-suites are more exposed than ever to cyber fallout

Thales Acquires Software Security Company Gemalto for $5.4 B - Avionics (Avionics) Thales has completed the acquisition of software security company Gemalto for $5.4 billion.

Juniper’s Acquisition of Mist Will ‘Blaze The Path To AI’ (CRN) ‘While Mist started by bringing AI-driven operations to WLAN, Juniper and Mist together will leverage this AI-driven approach across the IT stack,’ says Manoj Leelanivas, chief product officer of Juniper Networks.

Juniper Networks completes $405M deal for Mist Systems (Seeking Alpha) Juniper Networks (JNPR -0.3%) has closed on its $405M deal for Mist Systems, with an eye to building an AI-driven solution for IT operations management. In a blog post, Chief Product Officer Manoj Le

Centrify announces new P.E.A.K. Performance Partner Program (IT News Africa) Rebuilt from the ground up with a new global distributor, Centrify's channel enabled for more success with Privileged Access Management than ever before

'I'd love to get us to a billion dollars' - Barracuda CEO (CRN) BJ Jenkins on leading a company in the fast-paced cybersecurity world, cultivating a family-like work culture, and what partners can expect from this year's upcoming conference

Silex Insight expands into North America with Silicon Valley office (eeNews Europe) IP provider Silex Insight has opened its first US office in San Jose, California. The Belgium-based firm will leverage their dedicated presence in the heart of Silicon Valley to provide increased support to a growing list of US customers, while continuing to expand its commercial relationships throughout North America.

Former Justice Department National Security Official Alex Iftimie Joins Morrison & Foerster in D.C. (Morrison Foerster) Mr. Iftimie brings substantial government experience to premier National Security practice; in addition to serving as Counselor to the Attorney General and in other leadership roles at the DOJ, Mr. Iftimie brought the first charges against Russian efforts to interfere in the 2018 U.S. midterm elections.

Keeper Security Hires Two Sales Leaders to Support Growing Enterprise Demand (Newkerala.com News) Keeper Security, Inc., which offers leading zero-knowledge, cybersecurity solutions for businesses and individuals, including PC Magazines 2018 Password Manager of the Year, announced two new additions to its sales leadership team.

Products, Services, and Solutions

A Patriotic National Hacking Force in Action (Synack) Prior to my current role as a Federal Engagement Manager for the Synack Red Team, I worked within the Army Special Operations Forces (ARSOF) , also known as the “Quiet Professionals”. The ARSOF mission is to organize, train, equip and deploy in support of America’s National Security Strategy. While I was serving in the US …

NSS Labs to Develop the 2019 Threat Detection and Analytics Systems Group Test (NSS Labs, Inc.) TDA Represents an Evolution of the Original Breach Detection Systems Group Test

The Device As Your New Online Passport; iovation Launches New Product Features (iovation) Provides new ways to stop fraud without inconveniencing good customers

World’s Only Independent Mac Disk Encryption in BestCrypt by Jetico (BusinessWire) Jetico releases Mac drive encryption software. Beyond Windows support, BestCrypt Volume Encryption is now the only independent Mac disk encryption.

A Major Antivirus Company Will Now Alert Users to 'Stalkerware' (Motherboard) Antivirus company Kaspersky Lab announced that its Android security product will now mark all stalkerware apps as malware, prompting users to delete them.

Kaspersky Lab looks to combat 'stalkerware' with new Android feature (CyberScoop) The proliferation of commercial spyware is one of the more pernicious trends in cybersecurity that affects technology users worldwide.

Armor Extends its Security Portfolio with Palo Alto Networks RedLock, a Cloud Security Posture Management Offering (West) Armor®, a leading cloud security solutions provider, announced today that it is launching Armor Automated Security and Compliance – RedLock.

Coalfire Releases New Scanning Platform, CoalfireOne Scans (PR Newswire) Coalfire, a trusted provider of cybersecurity advisory and assessment services, announced today the...

Technologies, Techniques, and Standards

This isn’t your dad’s denial and deception (C4ISRNET) In a multidomain environment, electronic decoys could be critical to units' survivability.

AI is Here to Stay: Are You Prepared? (Foley & Lardner LLP) Machine Learning. Deep Learning. Data Mining. Predictive Analytics. Natural Language Processing.

The Executive’s Guide to Quantum Computing and Quantum-secure Cybersecurity (Hudson Institute) CEOs and CIOs are accountable for protecting their company, their investors, their customers, and their employees from cyber-threats that endanger the company’s private information and financial well-being.

Is Blockchain a solution looking for a problem (Telehouse) Launched nine years ago, but with a history running back to 1991, blockchain’s been a long time comin’. And, let’s be honest, it’s still not really arrived. What’s the problem? Well, it’s surely not the basic principle.

Friendly “White Hat” Hacking Aims to Strengthen Logistics IT Systems (Wright-Patterson AFB) This past fall, the Reliability and Maintainability Information System program office at Wright-Patterson Air Force Base, underwent an intentional hack by

The DoD’s cyber training platform heads to the next step (Fifth Domain) The Army is pursuing the next build of the Persistent Cyber Training Environment.

Scareware Underscores the Need for Real-Time Phishing Threat Intelligence (Security Boulevard) Scareware. Just the name itself is rather foreboding. In fact, this deceptive phishing tactic ... The post Scareware Underscores the Need for Real-Time Phishing Threat Intelligence appeared first on SlashNext.

Design and Innovation

Hacker Eva Galperin Has a Plan to Eradicate Stalkerware (WIRED) Galperin has already convinced Kaspersky to flag domestic abuse spyware as malware. She expects more companies to follow.

What Role Will Blockchains Play In Cybersecurity? (Forbes) In light of their expanded security, I believe blockchain-based fintech contributions will keep on springing up.

Research and Development

DARPA Wants AI to Learn Language as Human Babies Do (Defense One) The Pentagon’s research wing is funding efforts to build AI language systems that learn more like people and less like machines.

Academia

MIT cuts ties with Huawei, ZTE, cites federal investigations (ZDNet) It seems MIT wants to stay well away from the trade investigations and court cases swirling around the Chinese companies.

Former commander of U.S. Cyber Command, Defense Intelligence Agency director join advisory board for McCrary Institute for Cyber and Critical Infrastructure Security (PR Newswire) The McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University today announced members...

Legislation, Policy, and Regulation

Forget Russia, Mike Pence warns China will be one of NATO’s greatest challenges in coming decades (Newsweek) China’s rise will demand more U.S. resources, Pence said.

Analysis | The Cybersecurity 202: Huawei security chief says 'U.S. is feeling very insecure in the world' (Washington Post) This is about great power conflict, not security, Andy Purdy says.

Seeking Solutions: Aligning Data Breach Notification Rules Across Borders (United States Chamber of Commerce and Hunton Andrews Kurth) In an increasing number of jurisdictions around the world, lawmakers have enacted data breach notification laws that establish notice requirements in the event of a cognizable data breach. In countries that are considering enacting breach notification laws for the first time, legislatures logically would look to existing breach reporting regimes for guidance. What they will find is a global patchwork of requirements with different, and often conflicting, standards for notification.

Cyber Command, the NSA, and Operating in Cyberspace: Time to End the Dual Hat (War on the Rocks) To publish this article, I had to submit it for review to three separate organizations: the U.S. Army Intelligence and Security Command, United States

Elizabeth Warren wants jail time for CEOs in Equifax-style breaches (Ars Technica) Should more CEOs go to jail after data breaches? Elizabeth Warren thinks so.

DHS has yet to crack the code on its cyber workforce (FCW) A DHS official told Congress the department is getting closer to classifying and coding its cybersecurity workforce, but did not provide a timeline for completion.

DHS has yet to crack the code on its cyber workforce (FCW) A DHS official told Congress the department is getting closer to classifying and coding its cybersecurity workforce, but did not provide a timeline for completion.

US SEC Releases No-Action Letter Confirming TurnKey Jet ICO Tokens Are Not Securities (Cointelegraph) The U.S. SEC has issued a no-action letter to TurnKey Jet, confirming that the TKJ tokens issued during the startup’s ICO are not securities.

Litigation, Investigation, and Law Enforcement

Democrats demand Mar-a-Lago security review after Secret Service arrests Chinese woman (Washington Post) Lawmakers wrote the FBI director Wednesday asking if the secure facilities at Trump’s residences are vulnerable to foreign exploitation.

‘You pay and you get in’: At Trump’s beach retreat, hundreds of customers — and growing security concerns (Washington Post) The FBI is looking at why a Chinese national illegally gained access to Mar-a-Lago.

SecurityWatch: Facebook Needs to Kill Microtargeted Ads Now (PCMAG) Security expert Max Eddy explains that a recent civil rights settlement is just the first step to finally forcing Facebook to respect users' privacy and take responsibility for the ways its customers leverage private data.

Virulent Ransomware Strains Trust in Cyber Insurance (International Policy Digest) New more potent strains of virtual ransomware attacks are emerging.

Top Marine general let emails leak so service families would not be forgotten in border funding fight: Sources (Newsweek) “He didn’t want the Marines and families at Lejeune to get f***ed,” one Defense Department source said of the reason why General Robert Neller allowed the emails to leak.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

IMPACT ’19 (Chantilly, Virginia, USA, April 15 - 17, 2019) Prepare for the changes ahead and get out in front of the compliance curve by attending the 34th annual NSI IMPACT Forum on April 15-17 at the Westfields Marriott in Chantilly, VA. The theme of this year’s...

Cyber Security Transatlantic Policy Forum (Killarney, Ireland, May 10, 2019) The mission of the conference is to bring politicians, law enforcement, policy makers and cyber industry leaders together to create an annual dialogue. Our goal is to ensure that we expand and improve...

Upcoming Events

Dynamic Connection 2019 (Denver, Colorado, USA, April 2 - 4, 2019) Dynamic Connections 2019 will bring together over 1,000 attendees to learn, explore and create solutions needed today to help us thrive and operate successfully in the digital domain with confidence. Learn...

IP Expo Manchester (Manchester, England, UK, April 3 - 4, 2019) The event will showcase industry leaders and those at the forefront of technology, to encourage debate and inform attendees on the critical technological issues affecting modern business. IT and cyber...

QuBit Conference Prague 2019 (Prague, Czech Republic, April 9 - 11, 2019) Over the past 5 years, QuBit has grown to be a leading cyber security community event in CEE region. This year's highlights include: excellent speakers and educational sessions, popular networking events,...

Mississippi College Cybersecurity Summit (Clinton, MIssissippi, USA, April 10, 2019) The 2019 Mississippi College Cybersecurity Summit is a conference designed to engage, educate, and raise awareness about cybersecurity across the nation. It will provide valuable cybersecurity tools and...

SecureWorld Philadelphia (Philadelphia, Pennsylvania, USA, April 10 - 11, 2019) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.