skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

Chronicle, Alphabet's security unit, has reported the results of their investigation of various strains of malware that have hit industrial systems: Stuxnet, Duqu, and Flame. Not only are some variants returning, but Chronicle sees them as connected to "GossipGirl," which it calls a "supra threat actor," a collection of threat actors interacting with one another in complex ways.

Securonix has taken a close look at LockerGoga, the ransomware strain that afflicted Norsk Hydro and others. The researchers conclude that LockerGoga's destructive functionality may well be a feature, not a bug.

Venezuela's Chavista regime continues to use its failing grid as a handy stick with which to beat the neighbors. According to Colombia Reports, this time, Mr. Maduro says, the cyberattacks against Venezuelan power generation and distribution are coming from Chile and Colombia. Both are in Mr. Maduro's view yanqui cat's paws.

Haaretz reports that a hacktivist ("DarkCoder") claims to have breached Israel's voter database as part of #OpIsrael. Whether DarkCoder has actually done so or simply regifted old breaches is unclear; investigation is underway.

If the Daily Beast has it right, the "preliminary forensic investigation" the US Secret Service performed on Mar-a-Lago gatecrasher Yujing Zhang's USB thumbdrive consisted of an agent plugging it into one of his agency's computers, where some sort of unwanted program began to run. (Security experts reached the conclusion by close-reading the Secret Service's account of the incident in the New York Times. Most of the experts don't think jacking in is necessarily a best practice.)

Notes.

Today's issue includes events affecting Canada, Chile, China, Colombia, European Union, Iran, Ireland, Israel, Japan, New Zealand, NATO/OTAN, Russia, Thailand, Ukraine, United Kingdom, United States, and Venezuela.

Get a Backstage Pass to LookingGlass’ Digital Business Risk Roadshow

When it comes to digital business risk, you don’t want a general admission perspective. Get a backstage pass for the LookingGlass Digital Business Risk Roadshow to learn the industry-latest on effective third party risk management, taking a proactive security approach, and get a cybercriminal mastermind's insights on manipulating your organization’s cyber strengths and weaknesses. Come see us in a city near you. The tour includes San Francisco, NYC, D.C., and Houston!

In today's podcast, out later this afternoon, we talk with our partners at the Johns Hopkins University's Information Security Institute, as Joe Carrigan discusses minding permissions on mobile devices. Our guest is Mike O’Malley from Radware, and he shares thoughts on the true costs of cyber attacks.

And Recorded Future's latest podcast, produced in partnership with the CyberWire, is also up. In this episode, "Approaching Privacy as a Business Plan for Data," Michelle Dennedy, Cisco's vice president and chief privacy officer, shares thoughts on why organizations find privacy so challenging, the differences between aspirational messaging and foundational values, and where she thinks the next generation of security and privacy professionals may take us.

Global Cyber Innovation Summit (Baltimore, Maryland, United States, May 1 - 2, 2019) This unique, invitation-only forum brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber investment community to catalyze the industry into creating more effective cyber defenses. Request an invitation today.

Cybersecurity Impact Awards (Arlington, Virginia, United States, May 14, 2019) The inaugural Cybersecurity Impact Awards are open for nominations until April 12 and are dedicated to recognizing companies that have corporate or Federal headquarters in the DMV area for their leadership and innovation within the cybersecurity industry. Award winners will be honored during an awards ceremony on May 14.

Cyber Attacks, Threats, and Vulnerabilities

Hacker's Claims of Breaching Israeli Voter Registry Under Investigation (BleepingComputer) Israel's National Cyber Directorate and Population Authority are investigating the claims a hacker made on Twitter over the weekend of hacking the country's voting system and stealing the data of roughly 6 million Israelian voters three days before the 2019 Israeli legislative election.

Cyber Attack Shuts Down Hoya Corp's Thailand Plant for Three Days (BleepingComputer) Japanese optical products manufacturer HOYA Corporation was hit by a cyber attack at the end of February which led to a partial shutdown of its production lines from Thailand for three days.

LockerGoga: It's not all about the ransom (ZDNet) In some cases, LockerGoga makes it very difficult to pay blackmail demands to decrypt systems.

Securonix Threat Research: Detecting LockerGoga Targeted IT/OT Cyber Sabotage/Ransomware Attacks (Securonix) The Securonix Threat Research Team has been closely monitoring the LockerGoga targeted cyber sabotage/ransomware (TC/R) attacks impacting Norsk Hydro (one of the largest aluminum companies worldwide), Hexicon/Momentive (a chemical manufacturer), and other…

Researchers Uncover New Version of the Infamous Flame Malware (Motherboard) They also found evidence that Stuxnet has ties to another malware family. The discoveries were made using tools and techniques only available to researchers in recent years.

Who is GOSSIPGIRL? (Medium) Revisiting the O.G. Threat Actor Supergroup

'Exodus' Spyware Posed as a Legit iOS App (WIRED) Researchers had already found a spyware app called Exodus plaguing Android. Now it's shown up on iPhones, too.

Hacker claims they breached Israel's voter registry three days before election (Haaretz) Some believe the hacker simply recycled old information from an 11-year-old breach of Israel's population registry, which was leaked on the internet

How Android Fought an Epic Botnet—and Won (WIRED) The Chamois botnet once infected 20 million Android devices. Here's how Google finally broke it up.

Bootstrap supply chain attack is another attempt to poison the barrel (Naked Security) Somebody smuggled something bad into the vast third-party, open-source supply chain we all depend upon.

Myspace songs come back from the dead (Naked Security) It’s fewer than 1% of the 50 million songs and videos Myspace lost, but hey, it’s better than nothing!

Vulnerability Summary for the Week of April 1, 2019 (US-CERT) The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. 

City treasurer tricked into wiring $100K US to fraudster (CBC) City treasurer Marian Simulik fell for a "fake CEO scam" and wired more than $100,000 to a fraudster last summer, Ottawa's audit committee heard Monday afternoon.

Venezuela accuses Colombia of cyber attacks on electric grid (Colombia Reports) Venezuela’s President Nicolas Maduro said on Saturday that his country’s power grid has been suffering outages due to cyber attacks from Colombia and Chile. According to Maduro, the attacks have…

South Front – Russia hiding being Russian (StopFake.org) The website Southfront.org is focusing on news on security issues, foreign policy, military analysis and reports on military hardware. According to the Mission Statement, the site is produced by a “team of experts and volunteers from the four corners of the Earth“. The site attacks the “Mainstream Media” for hiding the “truth behind the causes that provoke the various conflicts facing the world today“. The site is professionally designed and registered in Moscow, at the Domain Name Registrar Reg.ru...

Multiple Boeing 787's Get Grounded In China Due To GPS Issue (Simple Flying) At least 15 Boeing 787 Dreamliners are grounded in China due to a glitch with the GPS system. A rollover of the week counting this weekend has led to a bug in the GPS system,

High-tech criminals targeting e-wallet users, experts warn (Eleven Media Group Co., Ltd) According to Kaspersky Labs Mobile Malware Evolution report, malware attacks almost doubled in 2018 from 66.4 million instances to 116.5 million. There are 23 e-wallet services with millions of customers with mobile devices. “E-wallet service providers are paying more attention to security, but as more software vulnerabilities are discovered, hackers can still take advantage to attack users,” Nguyen Van Cuong, head of the BKAV Technology Corporations cyber-security department, told Sai Gon Giai Phong (Liberated Sai Gon) newspaper.

M&E Journal: The Intangible Costs of Hacks (And What You Can Do About Them) (Media & Entertainment Services Alliance) HBO. Sony. Netflix. What do they all have in common? Every one of them has lost content in the p

Security Patches, Mitigations, and Software Updates

Microsoft lets Windows users off the update leash (Naked Security) Microsoft has announced some big changes that will finally give Windows users more control over updates and releases.

Cyber Trends

What companies should do more of to counter hackers (Fifth Domain) The cybersecurity automation industry is very pro cybersecurity automation.

IoT in healthcare at serious cyber attack risk (ETCIO.com) While the healthcare industry is rapidly adopting new-age technologies, companies must ensure that the technology acts with responsibility and transpa..

5 Cybersecurity Myths Banks Should Stop Believing (Forbes) Cybersecurity is at the top of the list of bank CEO's concerns. But that doesn't mean there's consensus about what they believe about cybersecurity. There are five common myths about cybersecurity that need to debunked.

Data Security Now the Top New Zealand Consumer Priority (Scoop News) Wellington, 9 April 2019 – New research from Unisys Corporation (NYSE: UIS) reveals New Zealand bank customers rank data security as the issue that matters to them most about their bank – underscoring the importance of data security as banks prepare ...

Cyber security is only as strong as its weakest link: What are the biggest security threats in the cannabis industry? (The Province) Thieves will always follow the money, so online security needs to be locked down

Marketplace

Israeli-Boston cybersecurity firm looks to raise $124M in IPO this week (Boston Business Journal) Tufin Software Technologies Ltd., an Israeli cybersecurity company with U.S. headquarters in Boston, is slated to go public on Thursday.

Cyber Risk Company RiskLens Raises $20 Million (SecurityWeek) Cyber risk management company RiskLens raises $20 million in Series B funding round, which brings the total raised by the firm to over $27 million.

Apple Device Management Firm Fleetsmith Raises $30 Million (SecurityWeek) Fleetsmith, a company that provides Apple device management solutions, raises $30 million in a Series B funding round.

Cloud Security Firm Bitglass Raises $70M, Plans To Double Headcount (CRN) Bitglass CEO Nat Kausik anticipates the money will help the company shift from doing just under half of its business through the channel today to 60 percent a year from now.

This North Baltimore company discovered some of tech's biggest security vulnerabilities (Technical.ly Baltimore) The ethical hackers at Independent Security Evaluators look to find flaws so attackers don't have the chance.

CEO: Austin's SailPoint 'has arrived' as key player in cybersecurity sector (Austin American-Statesman) When Mark McClain co-founded SailPoint Technologies in 2005, Austin’s cybersecurity market was a shell of what it is today. As the new player in

Okta launches $50 million venture fund - (Enterprise Times) Okta has announced a $50 million venture fund for new technologies to be administered through a new unit called Okta Ventures Fund

With $600 Million Cybersecurity Budget, JPMorgan Chief Endorses AI and Cloud (SecurityWeek) In his annual letter to shareholders, JPMorgan CEO Jamie Dimon endorses cloud, confirms the growing use and value of artificial intelligence (AI), prefers a federal privacy law, and describes the importance of cybersecurity.

What’s Been Lacking at Google’s Cloud? Enough Humans (Wall Street Journal) The new head of Google’s cloud business, Thomas Kurian, aims to end a Google shortcoming: too few people to cater to enterprise customers.

Ziften Appoints Enterprise Sales Veteran Mickey DiPietro as Vice President of Sales | Markets Insider (Business Insider) Ziften, a leader in endpoint protection plus visibility and hardening for enterprise customers, today announced...

Products, Services, and Solutions

Graphus integrates with Splunk to enhance enterprise visibility into zero-day & targeted cyber attacks (Graphus) Graphus feeds real-time phishing and business email compromise detections into Splunk for greater visibility and control

The WatchGuard Cloud Platform Answers MSPs’ Demand for Simplified, Scalable Security Deployments, Management and Reporting (Watchguard) Powerful cloud platform empowers IT solution providers to rapidly implement and scale security services to drive operational efficiencies and maximize profitability

Winxnet and K&R Network Systems Become Logically, the Trusted IT Ally (PRWeb) In June 2018, Winxnet, Inc. and K&R Network Solutions, Inc. merged to form a coast-to-coast managed IT services company. Now, the company is pleased to anno

VirtualArmour Expands Managed Cybersecurity Services with Global Gemological Organization (West) VirtualArmour International Inc. (CSE:VAI) (OTCQB:VTLR), a premier cybersecurity managed services provider, has expanded its security services engagement with a leading global gemological organization with more than 18 research and laboratory centers around the world.

Intezer Launches Endpoint Analysis to Supplement Intezer Analyze™ Suite (PR Newswire) Intezer today announced the inception of its Endpoint Analysis solution, adding to the company's Genetic Malware...

Tripwire Expands Channel Partner Program Extending Cybersecurity Solutions Globally (Tripwire) Updated program fosters strategic partnerships to drive global customer growth

Townsend Security Announces Alliance Key Manager for VMware Cloud on A (PRWeb) Townsend Security today announced Alliance Key Manager is available to customers of VMware Cloud™ on AWS. VMware Cloud on AWS brings together VMware’s enterp

World-Class Cryptographers Join Forces with Fusion to Build Superior Blockchain Interoperability and Distributed Custodial Solution (West) Fusion Foundation, a non-profit organization on a mission to build the next generation financial infrastructure, announced that it has engaged in a joint initiative with highly esteemed cryptologists...

Technologies, Techniques, and Standards

NSA Releases the Dragon (SIGNAL Magazine) The National Security Agency is now sharing the source code of Ghidra, its reverse engineering tool for cybersecurity.

NATO launches cyber-defense drill simulating elections under attack (Fifth Domain) A team built around the alliance's Communications and Information Agency, NCI, is the defending champion at this year's

World Economic Forum Releases Report About Blockchain Cybersecurity (Cointelegraph) The World Economic Forum released a report about blockchain cybersecurity.

What is the tangible takeaway from threat hunting? (CyberScoop) Max Heinemeyer, Director of Threat Hunting at Darktrace, talks with CyberScoop's Greg Otto about ways threat hunting can improve a cybersecurity plan.

Chat Services: Be Diligent With This Must-Have Data Source for Intelligence Programs (SecurityWeek) It can be difficult for teams to determine how to obtain and incorporate data from encrypted chat service platforms such as Telegram and Discord into their collection strategies in a meaningful way.

Planetary Ransomware Victims Can Now Recover Their Files for Free (Security Boulevard) Security researchers have released a decryptor that enables victims of the Planetary ransomware family to recover their files for free. Released by Emsisoft, this decryptor requires a victim to have a copy of the ransom note. It’s not hard to find. Planetary ransomware, which earns its name for its use of planet-related file extensions including … Read More The post Planetary Ransomware Victims Can Now Recover Their Files for Free appeared first on The State of Security.

Coping With Burnout in the CISO Role (GovInfo Security) With no end in sight for CISO’s and security teams from steadily increasing sophistication and maturity in cyber threats, the sustained operating tempo is pushing

Design and Innovation

Firefox draws battle lines against push notification spam (Naked Security) Mozilla doesn’t yet know how to solve the problem of website push notification spam in the Firefox browser, but it’s working on it.

Research and Development

ThreatModeler Software Inc. Issued its First U.S. Patent for Threat Model Chaining and Attack Simulation Systems and Methods (PR Newswire) ThreatModeler Software Inc., the industry's #1 automated threat modeling platform announced today the U.S....

The Army Wants AI to Read Soldiers’ Minds (Defense One) A new study from the Army Research Lab may help AI-infused weapons and tools better understand their human operators.

Academia

NSA, DHS Name Southeast a National Center of Academic Excellence in Cyber Defense Education (Southwest Missouri State News) The National Security Agency (NSA) and the U.S. Department of Homeland Security (DHS) have designated Southeast Missouri State as a National Center of Academic Excellence in Cyber Defense Education (CAE-CDE) through 2024.

Idaho State University’s Corey Schou inducted into 2019 Cyber Security Hall of Fame (Idaho State University) Idaho State University’s Corey Schou will join 33 previous honorees when he is inducted into the 2019 Cyber Security Hall of Fame by the Center for Education and Research Information Assurance and Security.

Field Set for 2019 National Collegiate Cyber Defense Competition Championship (PR Newswire) The Center for Infrastructure Assurance and Security (CIAS) at The University of Texas at San Antonio today...

Legislation, Policy, and Regulation

Online Harms White Paper (HM Government) The internet is an integral part of everyday life for so many people. Nearly nine in ten UK adults and 99% of 12 to 15 year olds are online. As the internet continues to grow and transform our lives, often for the better, we should not ignore the very real harms which people face online every day.

UK Wants to Hold Companies Liable for Harmful Online Behavior (BleepingComputer) The UK government announced today a set of online safety laws designed to hold the companies behind social media platforms liable for the harmful behavior spreading through their platforms.

Could tough new rules to regulate big tech backfire? (The Telegraph) It is the regulator's dilemma:

U.S. Military Wary of China’s Foothold in Venezuela (Foreign Policy) The head of U.S. Southern Command says Beijing is using disinformation and debt diplomacy to dig in as Maduro clings to power.

U.S. shifts to require strict 5G security from allies, not Huawei bans (VentureBeat) Although the United States worked throughout 2018 and early 2019 to block Huawei gear from being used in 5G networks, it's now open to another alternative.

European diplomat dismisses Pompeo's warnings that Huawei partnerships risk NATO's security (Washington Examiner) Secretary of State Mike Pompeo has not provided evidence that Chinese telecommunications giant Huawei poses a security threat to United States allies, a top European diplomat says.

Trump to designate Iranian military unit as a terrorist group (Washington Post) The unprecedented action against a foreign government entity came despite warnings of backlash against U.S. actions abroad.

Statement from the President on the Designation of the Islamic Revolutionary Guard Corps as a Foreign Terrorist Organization (The White House) Today, I am formally announcing my Administration’s plan to designate Iran’s Islamic Revolutionary Guard Corps as a Foreign Terrorist Organization.

Iran president says US 'leader of world terrorism' (France 24) Iran president says US 'leader of world terrorism'

Iran warns US over plan to designate Revolutionary Guards as terrorists (Middle East Eye) US may make declaration on Monday in effort to squeeze IRGC’s financial resources and shrink its military presence in Middle East

Iran's Rouhani defends IRGC, says US 'terror' label a 'mistake' (Al Jazeera) Tehran declares the US 'state sponsor of terrorism' in tit-for-tat move, while Rouhani vows to defend the elite forces.

The U.S. Escalates Even Further Against Iran—To What End? (The Atlantic) Declaring the country’s most powerful security services a terrorist organization is just the Trump administration’s latest move in a long pressure campaign against Iran.

Ex-Big Law Associate Kevin McAleenan Leads DHS After Nielsen Resignation | National Law Journal (National Law Journal) Kevin McAleenan was an associate at the Silicon Valley firm Gunderson Dettmer and at Sheppard Mullin in Los Angeles. He's a 1998 graduate of the University of Chicago Law School.

Secret Service director is the latest casualty in DHS shake-up (Vox) Randolph Alles is out a day after Homeland Security Secretary Kirstjen Nielsen abruptly resigned.

Leadership turnover at DHS and Secret Service could hurt US cybersecurity plans (CNBC) The departures of Homeland Security chief Kirstjen Nielsen and Secret Service head Randolph "Tex" Alles will add to an already difficult public-private disconnect on cybersecurity.

Litigation, Investigation, and Law Enforcement

EU data protection authority to investigate EU institutions' Microsoft cloud deals for GDPR compliance (Computing) European Data Protection Supervisor to examine EU deals with Microsoft over claims diagnostic data transfers could reveal personal information

SEC Allows Shareholder Votes on Amazon Facial "Rekognition" (SecurityWeek) Amazon shareholders will get the opportunity to vote on issues concerning the Amazon Rekognition facial recognition system.

Chinese Woman Arrested at Mar-a-Lago Had a Hidden Camera Detector, Prosecutors Say (New York Times) Yujing Zhang, 32, was allowed into President Trump’s resort by Secret Service agents, but was later arrested. The authorities said she also had large amounts of cash in her hotel room.

Thumb drive carried by Mar-a-Lago intruder immediately installed files on a PC (Ars Technica) The already suspicious breach of Secret Service security just got even more fishy.

Techies Snicker at Secret Service Agent’s Mar-a-Lago Malware (The Daily Beast) An agent stuck one of the USB drives from an unannounced Chinese national’s electronics stash into his agency computer, infecting it—and prompting widespread derision.

Nunes to send eight criminal referrals to DOJ concerning leaks, conspiracy amid Russia probe (Fox News) House Intelligence Committee ranking member Devin Nunes exclusively told Fox News' "Sunday Morning Futures" that he is preparing to send eight criminal referrals to the Department of Justice this week concerning alleged misconduct during the Trump-Russia investigation, including the leaks of "highly classified material" and conspiracies to lie to Congress and the Foreign Intelligence Surveillance Act (FISA) court.

Bob Kerrey: How did Department of Justice get the Trump-Russia investigation so wrong? (Omaha World Herald) All evidence indicates that the full report will not change the conclusion that Donald J. Trump did not collude with Russia, writes former Nebraska Governor and U.S. Senator Bob Kerrey.

Ukrainian to US prosecutors: Why don't you want our evidence on Democrats? (TheHill) The prosecutor general has evidence to present to US Attorney General Barr regarding election interference and money spirited out of Ukraine.

Congressional Report Rips Equifax for Weak Security (BankInfo Security) The lack of a strong security culture at Equifax - especially compared its two main competitors – was a key factor contributing to its 2017 data breach that

Feds charge Maryland man accused of plotting ISIS-inspired attack at National Harbor (WJLA) Federal authorities have charged a man they believe was plotting to ram a stolen U-Haul truck into pedestrians in an ISIS-inspired attack at National Harbor. The U. S. Attorney’s Office for the District of Maryland on Monday charged Rondell Henry, 28, of Germantown, Maryland, by criminal complaint with interstate transportation of a stolen vehicle. The government filed a motion arguing for Henry to be detained pending trial as a flight risk and a danger to the community.

The case of the New Zealand navy official accused of planting a spy cam in an embassy bathroom (Washington Post) Alfred Keating, New Zealand's former top military official in Washington, was found with spy camera software on his laptop, prosecutors alleged.

Airbnb says sorry after man detects hidden camera with network scan (Naked Security) His family of 7 was one network scan away from potentially being livestreamed by their host.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

QuBit Conference Prague 2019 (Prague, Czech Republic, April 9 - 11, 2019) Over the past 5 years, QuBit has grown to be a leading cyber security community event in CEE region. This year's highlights include: excellent speakers and educational sessions, popular networking events,...

Mississippi College Cybersecurity Summit (Clinton, MIssissippi, USA, April 10, 2019) The 2019 Mississippi College Cybersecurity Summit is a conference designed to engage, educate, and raise awareness about cybersecurity across the nation. It will provide valuable cybersecurity tools and...

SecureWorld Philadelphia (Philadelphia, Pennsylvania, USA, April 10 - 11, 2019) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry...

ISC West 2019 (Las Vegas, Nevada, USA, April 10 - 12, 2019) ISC West is THE largest security industry trade show in the U.S. At ISC West, you will have the chance to network with over 30,000 security professionals through New Products & Technologies encompassing...

Maryland Cyber Day (Hanover, Maryland, United States, April 11, 2019) Maryland Cyber Day is a combination of two events, MD Cyber Day Marketplace followed by MD Cybersecurity Awards Celebration. Marketplace features cybersecurity innovation, an expo, technology demos, “Ask...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.