Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
April 4, 2019.
By the CyberWire staff
UpGuard found 450 million Facebook user records exposed online. TechCrunch notes the data were in unsecured AWS buckets belonging to third-parties Cultura Collectiva and now-defunct At The Pool. Reuters says the information has now been taken down.
According to Reuters, pharmaceutical and agricultural chemical giant Bayer this morning announced that it had sustained a network intrusion by the Winnti group. Active since at least 2010, Winnti has been associated with Chinese intelligence services, cutting its teeth on monitoring disfavored domestic populations (including Uyghurs and Tibetans) and then moving on to industrial espionage. The goal of the operation seems to have been data theft, not attacks on industrial control systems. Bayer detected and contained the attack last year, and have been quietly monitoring it since.
Booz Allen researchers tracking GlitchPOS (described earlier by Cisco Talos) report that the malware has evolved, which suggests strongly that its masters are actively maintaining it. Its most interesting new functionality is an offline mode, which could enable targeting of systems without direct Internet connections, and which might also represent a quieter mode of operation, reducing chatter to command-and-control servers.
AT&T Cybersecurity's Alien Labs reports finding a Python-based bot scanner, "Xwo," actively looking for exposed services and default passwords left in use.
Apps really do ask for a lot more permissions in users' mobile devices than they reasonably need, a Wandera study concludes.
NSA has placed its Ghidra reverse engineering tool's source code on GitHub.
Today's issue includes events affecting China, Germany, India, Iran, Israel, NATO/OTAN, Pakistan, Russia, United Kingdom, United States, and Venezuela.
A note to our readers: The CyberWire is a finalist in the Cybersecurity Association of Maryland's 2019 Awards, eligible to win the 2019 People's Choice Award, and we'd appreciate your support. Please vote for us here, and feel free to spread the word. The deadline for voting is 4:00 PM Eastern Time on April 11th. Thanks for your support.
Adversaries are creating new attacks at such a speed and volume that signature and sandbox-based threat detection can’t keep up. Deep learning can help. By exposing neural nets to threat data, deep learning can learn to identify malicious traffic, even zero days seen for the first time. But why are advances possible today? How does deep learning differ from machine learning? Where’s the best place to apply deep learning? Get the answers here.
And Hacking Humans is up. In this episode,"Girl Scouts empowering cyber security leaders," Carole Theriault returns with a story about special badges Girl Scouts can earn for cyber security. And there's more: Dave describes a survey of call center security methods. Joe explains a spam campaign raising the specter of a flu pandemic to scare people into enabling macros in an Office document. The catch of the day highlights a Facebook scammer promising a prize-winning windfall.
Cyber Attacks, Threats, and Vulnerabilities
Fake CIA Sextortion Scam Uses SatoshiBox(Trustwave) Another round of sextortion scam emails with a pdf attachment were pushed out recently claiming to be from the Central Intelligence Agency (CIA). What's new in this batch of spams is that this is the first time we have seen the scammers use an online web platform in collecting the ransom.
Discovering Hidden Twitter Amplification(News from the Lab) As part of the Horizon 2020 SHERPA project, I’ve been studying adversarial attacks against smart information systems (systems that utilize a combination of big data and machine learning). Soc…
Xwo - A Python-based bot scanner(AT&T Cybersecurity) Recently, AT&T Alien Labs identified a new malware family that is actively scanning for exposed web services and default passwords. Based on our findings we are calling it “Xwo” - taken from its primary module name. It is likely related to the previously reported malware families Xbash and MongoLock.Alien Labs initially identified Xwo being served from a server serving a file named xwo.exe. Below are the
Researchers find 540 million Facebook user records on exposed servers(TechCrunch) Security researchers have found hundreds of millions of Facebook user records sitting on an inadvertently public storage server. The two batches of user records were collected and exposed from two third-party companies, according to researchers at security firm UpGuard, who found the data. In the r…
Losing Face: Two More Cases of Third-Party Facebook App Data Exposure(UpGuard) Third-party Facebook apps gather Facebook data about the people who use them. While Facebook struggles to contain these exposures, insecure third-party data practices & misconfigured cloud systems continue to leak Facebook data to the internet. See how UpGuard discovered and secured two such cases.
iOS app permissions – are your apps asking too much?(Wandera) We purchase and download apps, giving them endless permissions without hesitation so we can access all the flashy functionality they have to offer. But at what cost? It’s time to stop and read the fine print on iOS app permissions.How do iOS app permissions work?iOS app permissions allow you
NVIDIA Fixes Flaws in Linux4Tegra Driver for Jetson AI Supercomputers(BleepingComputer) NVIDIA released a security update for the Jetson TX1 and TX2 to patch vulnerabilities discovered in the Linux for Tegra driver package that could enable local attackers with basic user privileges to elevate privileges and to perform privilege escalation, denial-of-service (DoS) or information disclosure attacks.
Insurers Take The Guesswork Out Of Small Business Cyber Insurance(PYMNTS.com) The threat of a small business cyberattack has introduced a conundrum for the rising InsurTech market. The demand for cyber insurance is on the rise, with the sector expected to reach a $7.5 billion valuation by the end of the decade, with small businesses a rising customer demographic. Yet those small companies remain one of […]
Silex Insight expands into North America with Silicon Valley office(eeNews Europe) IP provider Silex Insight has opened its first US office in San Jose, California. The Belgium-based firm will leverage their dedicated presence in the heart of Silicon Valley to provide increased support to a growing list of US customers, while continuing to expand its commercial relationships throughout North America.
A Patriotic National Hacking Force in Action(Synack) Prior to my current role as a Federal Engagement Manager for the Synack Red Team, I worked within the Army Special Operations Forces (ARSOF) , also known as the “Quiet Professionals”. The ARSOF mission is to organize, train, equip and deploy in support of America’s National Security Strategy. While I was serving in the US …
Is Blockchain a solution looking for a problem(Telehouse) Launched nine years ago, but with a history running back to 1991, blockchain’s been a long time comin’. And, let’s be honest, it’s still not really arrived. What’s the problem? Well, it’s surely not the basic principle.
Seeking Solutions: Aligning Data Breach Notification Rules Across Borders(United States Chamber of Commerce and Hunton Andrews Kurth) In an increasing number of jurisdictions around the world, lawmakers have enacted data breach notification laws that establish notice requirements in the event of a cognizable data breach. In countries that are considering enacting breach notification laws for the first time, legislatures logically would look to existing breach reporting regimes for guidance. What they will find is a global patchwork of requirements with different, and often conflicting, standards for notification.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
IMPACT ’19(Chantilly, Virginia, USA, April 15 - 17, 2019) Prepare for the changes ahead and get out in front of the compliance curve by attending the 34th annual NSI IMPACT Forum on April 15-17 at the Westfields Marriott in Chantilly, VA. The theme of this year’s...
Cyber Security Transatlantic Policy Forum(Killarney, Ireland, May 10, 2019) The mission of the conference is to bring politicians, law enforcement, policy makers and cyber industry leaders together to create an annual dialogue. Our goal is to ensure that we expand and improve...
Dynamic Connection 2019(Denver, Colorado, USA, April 2 - 4, 2019) Dynamic Connections 2019 will bring together over 1,000 attendees to learn, explore and create solutions needed today to help us thrive and operate successfully in the digital domain with confidence. Learn...
IP Expo Manchester(Manchester, England, UK, April 3 - 4, 2019) The event will showcase industry leaders and those at the forefront of technology, to encourage debate and inform attendees on the critical technological issues affecting modern business. IT and cyber...
QuBit Conference Prague 2019(Prague, Czech Republic, April 9 - 11, 2019) Over the past 5 years, QuBit has grown to be a leading cyber security community event in CEE region. This year's highlights include: excellent speakers and educational sessions, popular networking events,...
Mississippi College Cybersecurity Summit(Clinton, MIssissippi, USA, April 10, 2019) The 2019 Mississippi College Cybersecurity Summit is a conference designed to engage, educate, and raise awareness about cybersecurity across the nation. It will provide valuable cybersecurity tools and...
SecureWorld Philadelphia(Philadelphia, Pennsylvania, USA, April 10 - 11, 2019) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.