Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
April 5, 2019.
By the CyberWire staff
Cisco Talos reported this morning that criminal groups are working openly on Facebook, connecting, trading, and cooperating. Their activity isn't hidden, but rather quite overt. Some of the groups have been operating for as long as eight years, in the process attracting tens of thousands of members. It's obvious, not occulted, and the obvious names (like "Spam Professional," "Spammer & Hacker Professional," "Buy Cvv On THIS SHOP PAYMENT BY BTC," and "Facebook hack (Phishing)") haven't been enough to get them ejected from the social network.
Check Point yesterday announced its discovery of a man-in-the-middle vulnerability in a security application that comes pre-installed with Xiaomi phones. Xiaomi has patched the problem, according to SiliconANGLE.
The US House Committee on Science, Space, and Technology has asked the Federal Emergency Management Agency (FEMA) to explain how FEMA lost control of disaster victims' private information.
KrebsOnSecurity reports that the alleged head of a Romanian ATM-skimming gang has been arrested in Mexico.
Reuters reports that some of the evidence the US collected against Huawei CFO Meng Wanzhou was gathered under Foreign Intelligence Surveillance Act (FISA) warrants. Charged by the US with sanctions violations, Ms Meng is in Canada fighting extradition.
WikiLeaks has been tweeting that Ecuador is getting ready to show Julian Assange the door, inviting him to depart that country's London embassy. Mr. Assange could be back on the street in "hours to days," if the Twitter feed is to be believed. CNN says Mr. Assange's lawyers maintain his eviction would contravene international law.
Today's issue includes events affecting Australia, Canada, China, Ecuador, Germany, Mexico, NATO/OTAN, Romania, Russia, Ukraine, United Kingdom, United States, Venezuela, and Vietnam.
A note to our readers: The CyberWire is a finalist in the Cybersecurity Association of Maryland's 2019 Awards, eligible to win the 2019 People's Choice Award, and we'd appreciate your support. Please vote for us here, and feel free to spread the word. The deadline for voting is 4:00 PM Eastern Time on April 11th. Thanks for your support.
Adversaries are creating new attacks at such a speed and volume that signature and sandbox-based threat detection can’t keep up. Deep learning can help. By exposing neural nets to threat data, deep learning can learn to identify malicious traffic, even zero days seen for the first time. But why are advances possible today? How does deep learning differ from machine learning? Where’s the best place to apply deep learning? Get the answers here.
The evolution of phishing kits(Zscaler) Zscaler ThreatLabZ has observed evolution with phishing kits and phishing campaigns which are detected and blocked across the Zscaler cloud. We have covered different phishing kits and evasion tactics used by threat actors.
Hiding in Plain Sight(Cisco Talos) Cisco Talos is continually working to ensure that our threat intelligence not only accounts for the latest threats but also new versions of old threats, such as spam.
Vulnerability in Xiaomi Pre-Installed Security App(Check Point Research) Smartphones usually come with pre-installed apps, some of which are useful and some that never get used at all. What a user does not expect, however, is for a preinstalled app to be an actual liability to their privacy and security. Check Point Research recently discovered a vulnerability in one...
Rockwell Automation Stratix 5950(ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 8.6ATTENTION: Exploitable remotely/low skill level to exploitVendor: Rockwell AutomationEquipment: Stratix 5950Vulnerability: Improper Input Validation2. RISK EVALUATIONSuccessful exploitation of this vulnerability could allow a remote attacker to cause an affected device to reload.
Omron CX-Programmer(ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 6.6ATTENTION: Low skill level to exploitVendor: OmronEquipment: CX-Programmer within CX-OneVulnerability: Use After Free2. RISK EVALUATIONSuccessful exploitation of this vulnerability could allow an attacker to execute code under the privileges of the application.
IResponse to IEncrypt(Guardicore) A detailed investigation into an IEncrypt ransomware attack, analysis of the decryption process and the decryptor. Also providing a safe to use version of Guardicore’s IEncrypt decryptor
Nine out of Ten Critical Infrastructure Security Professionals Say Their Environments Have Been Damaged by a Cyberattack in the Last Two Years(Tenable®) Report by Ponemon Institute for Tenable finds 62% of respondents said their organizations have suffered multiple attacks Tenable®, Inc., the Cyber Exposure company, today released the ‘Cybersecurity in Operational Technology: 7 Insights You Need to Know’ report, an independent study by the Ponemon Institute. The study identifies the true extent of cyberattacks experienced by critical infrastructure operators — professionals in industries using industrial control systems (ICS) and operational technology (OT). It found that 90% of respondents stated their environments had been damaged by at least one cyberattack over the past two years, with 62% experiencing two or more attacks. Key highlights from the study include:
Varo Appoints Philippa Girling as Chief Risk Officer(Varo Money) Mobile banking startup Varo Money, Inc. today announced the hire of Philippa Girling as Chief Risk Officer. Girling will lead Varo’s Credit and Operational Risk, Information Security, Compliance, BSA/AML, and Fraud teams. She is a seasoned bank executive with more than 20 years experience in the global financial … Continued
Raytheon News Release Archive(Raytheon News Release Archive) Operates four businesses. Technology and innovation leader specializing in defense, security and civil markets throughout the world.
The x86 Countdown Encoder, Explained(Booz Allen Hamilton) An overview of the x86 Countdown Encoder, including several shellcode techniques for security practitioners to reference when defending against cyber threats.
A Dive Into The OWASP ZSC Project(Booz Allen Hamilton) Learn the inner-workings of the OWASP Security Project and uncover methods useful to understanding how shellcode is written, modified, and obfuscated.
NATO approves measures to counter Russia amid internal rifts(Military Times) NATO foreign ministers approved a series of measures Thursday aimed at countering Russia in the Black Sea region, an agreement that comes amid public rifts between the United States and several of the other 28 members on security and trade issues.
Cyberspace protection in VN needs closer collaboration(SGGP English Edition) The Vietnam Computer Emergency Response Team (VNCERT) has recently issued a warning on the newest grave attack of ransomware GandCrab 5.2 in Vietnam. This has given a wake-up call to all organizations in the country regarding a necessary cooperation to further strengthen cyber security.
Alleged Chief of Romanian ATM Skimming Gang Arrested in Mexico(KrebsOnSecurity) An alleged top boss of a Romanian crime syndicate that U.S. authorities say is responsible for deploying card-skimming devices at Automated Teller Machines (ATMs) throughout North America was arrested in Mexico last week on firearms charges.
Who Gets Access? The Flap over White House Security Clearances(Foreign Policy Research Institute) Earlier this week, The New York Times reported that a “whistle-blower” working inside the White House’s Personnel Security Office had met privately with staff from the House Oversight and Reform Committee and revealed that 25 individuals, including two current senior White House officials, had been granted security clearances after their…
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
IMPACT ’19(Chantilly, Virginia, USA, April 15 - 17, 2019) Prepare for the changes ahead and get out in front of the compliance curve by attending the 34th annual NSI IMPACT Forum on April 15-17 at the Westfields Marriott in Chantilly, VA. The theme of this year’s...
QuBit Conference Prague 2019(Prague, Czech Republic, April 9 - 11, 2019) Over the past 5 years, QuBit has grown to be a leading cyber security community event in CEE region. This year's highlights include: excellent speakers and educational sessions, popular networking events,...
Mississippi College Cybersecurity Summit(Clinton, MIssissippi, USA, April 10, 2019) The 2019 Mississippi College Cybersecurity Summit is a conference designed to engage, educate, and raise awareness about cybersecurity across the nation. It will provide valuable cybersecurity tools and...
SecureWorld Philadelphia(Philadelphia, Pennsylvania, USA, April 10 - 11, 2019) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry...
ISC West 2019(Las Vegas, Nevada, USA, April 10 - 12, 2019) ISC West is THE largest security industry trade show in the U.S. At ISC West, you will have the chance to network with over 30,000 security professionals through New Products & Technologies encompassing...
Maryland Cyber Day(Hanover, Maryland, United States, April 11, 2019) Maryland Cyber Day is a combination of two events, MD Cyber Day Marketplace followed by MD Cybersecurity Awards Celebration. Marketplace features cybersecurity innovation, an expo, technology demos, “Ask...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.