Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
April 11, 2019.
By the CyberWire staff
CISA has issued a joint Homeland Security/FBI Malware Analysis Report on the "HOPLIGHT" Trojan, attributed to North Korea's Hidden Cobra (a.k.a. the Lazarus Group).
Kaspersky describes an operation by the "politically motivated" Gaza Cybergang Group 1, which Kaspersky calls "SneakyPastes."
Finland's election-results reporting system sustained a denial-of-service attack this week, Bloomberg says. Authorities are investigating, but there is so far no attribution. Finland votes this Sunday.
Computing reports that Ecuador ejected WikiLeaks founder Julian Assange from its London embassy this morning, citing "repeated violations to international conventions and daily-life protocols." Mr. Assange has been arrested by the Metropolitan Police for bail jumping. (Russia's government denounced the arrest as "strangling freedom.") He may be returned to Sweden, should assault charges there be reopened, or (more probably) extradited to the United States, where he's under indictment on a single count of conspiring to release classified information. That indictment, the Washington Post says, was unsealed shortly after Ecuador showed Mr. Assange the door. The alleged conspiracy was with former US Army Specialist Manning.
Accounts in the Times and elsewhere suggest the expulsion may be connected with an attempt to blackmail Mr. Assange for €3 million: the extortionists claimed to have discreditable security audio and video of the asylum seeker that they somehow obtained from embassy systems.
There's widespread agreement that incident response plans are a security essential. It's therefore dispiriting that an IBM Security study should find that over half of the organizations that have such plans never get around to exercising them.
Today's issue includes events affecting Australia, China, Ecuador, Finland, India, Israel, Japan, Democratic Peoples Republic of Korea, NATO/OTAN, Palestinian Territories, Russia, Serbia, Sweden, United Kingdom, United States.
A note to our readers: The CyberWire is a finalist in the Cybersecurity Association of Maryland's 2019 Awards, eligible to win the 2019 People's Choice Award, and we'd appreciate your support. Please vote for us here, and feel free to spread the word. The deadline for voting is 4:00 PM Eastern Time today, April 11th. Thanks for your support.
Get a Backstage Pass to LookingGlass’ Digital Business Risk Roadshow
When it comes to digital business risk, you don’t want a general admission perspective. Get a backstage pass for the LookingGlass Digital Business Risk Roadshow to learn the industry-latest on effective third party risk management, taking a proactive security approach, and get a cybercriminal mastermind's insights on manipulating your organization’s cyber strengths and weaknesses. Come see us in a city near you. The tour includes San Francisco, NYC, D.C., and Houston!
Global Cyber Innovation Summit(Baltimore, Maryland, United States, May 1 - 2, 2019) This unique, invitation-only forum brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber investment community to catalyze the industry into creating more effective cyber defenses. Request an invitation today.
Cybersecurity Impact Awards(Arlington, Virginia, United States, May 14, 2019) The inaugural Cybersecurity Impact Awards are open for nominations until April 12 and are dedicated to recognizing companies that have corporate or Federal headquarters in the DMV area for their leadership and innovation within the cybersecurity industry. Award winners will be honored during an awards ceremony on May 14.
Malware Analysis Report (AR19-100A) MAR-10135536-8 – North Korean Trojan: HOPLIGHT(US CERT) This Malware Analysis Report (MAR) is the result of analytic efforts between Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. Government partners, DHS and FBI identified Trojan malware variants used by the North Korean government. This malware variant has been identified as HOPLIGHT. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra.
Gaza Cybergang Group1, operation SneakyPastes(Securelist) Gaza Cybergang(s) is a politically motivated Arabic-language cyberthreat actor, actively targeting the Middle East North Africa region. Group1 is the least sophisticated of the three attack Gaza groups.
What's The Best Name? ThreadJacking or Man-in-the-Inbox Attacks?(KnowBe4) We are seeing a new type of attack popping up more and more. Bad guys send a phishing attack and steal the credentials of your employee. But they stay under the radar and lurk for a while to understand the email traffic and the people the compromised account regularly talks to.
Mailgun hacked part of massive attack on WordPress sites(OODA Loop) Threat actors on Wednesday launched a massive hacking campaign targeting WordPress websites that use the Yuzo Related Posts plugin, a recently discontinued plugin that is vulnerable to a cross-site scripting (XSS) attack. The flaw allows
Google Play app "Peel Smart Remote" leaks users' pictures(Pradeo) Last week, the Pradeo Security engine alerted its users about severe security issues found in the app’s 10.7.3.3 version. It has been found that the App was collecting and leaking users’ pictures to a server that does not belong to the app publisher.
Security Patches, Mitigations, and Software Updates
Google Wants To Block Potentially Risky Non-Secure Downloads(BleepingComputer) Google proposed the addition of automatic blocking of high-risk downloads from non-secure websites in future versions of its Chrome web browsers as revealed by a proposal from Google Chrome security engineer Emily Stark in the World Wide Web Consortium (W3C) public mailing list.
Indian media mogul turns to Darktrace cyber defence technology(BusinessWeekly) Network 18 has deployed Darktrace’s AI technology to safeguard its intellectual property from sophisticated cyber attacks. As one of India’s largest media corporations, Network 18 manages a holistic business, including 73 broadcast channels, as well as leading online news portals and publishing brands. Network 18 runs the biggest news broadcast network in India through its
CISA Partners with Secure Community Network to Hold Incident Response Exercise(Department of Homeland Security) Yesterday, the Cybersecurity and Infrastructure Security Agency (CISA) hosted a tabletop exercise in collaboration with the Secure Community Network (SCN). The exercise brought together Jewish community leaders from across the nation, along with federal and state law enforcement and interagency partners to examine how they would act in a notional event focused on threats of violence including scenarios based on current events.
Hometown Security(Department of Homeland Security) The U.S. Department of Homeland Security’s (DHS) most important mission it to protect the American people. As part of this mission, DHS fosters collaboration between the private sector and the public sector to mitigate risk and enhance the security and resilience of public gathering sites and special events.
UNCW hopes to prepare 'Cyber Warriors' to combat future cyber threats | WilmingtonBiz(WilmingtonBiz) With an increasing threat of cyberattacks on financial, health and other institutions, the University of North Carolina Wilmington is looking ahead with the goal of preparing students in the information technology and cyber defense field. That was one main message from UNCW officials and featured speakers at the annual WITX (Wilmington Information Technology eXchange) conference this week.
Detour Act Final | Informed Consent | Internet(Scribd) U.S. Sens. Mark R. Warner (D-VA) and Deb Fischer (R-NE) have introduced the Deceptive Experiences To Online Users Reduction (DETOUR) Act, bipartisan legislation to prohibit large online platforms from using deceptive user interfaces, known as “dark patterns” to trick consumers into handing over their personal data.
Will DHS leadership upheaval affect CISA?(FCW) As the Department of Homeland Security scrambles following the abrupt departures of Secretary Kirstjen Nielsen and number of top officials, the newly formed Cybersecurity and Infrastructure Security Agency could get caught up in the chaos.
Just and Unjust Leaks(Foreign Affairs) Revealing official secrets and lies involves a form of moral risk-taking. And drawing the line between the right and wrong kinds of disclosures has grown harder than ever in the Trump era.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
San Antonio Cybersecurity Conference(San Antonio, Texas, USA, April 16, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Chicago Cybersecurity Conference(Chicago, Illinois, USA, May 9, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Louisville Cybersecurity Conference(Louisville, Kentucky, USA, May 30, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Seattle Cybersecurity Conference(Seattle, Washington, USA, June 6, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Baltimore Cybersecurity Conference(Baltimore, Maryland, USA, June 13, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
QuBit Conference Prague 2019(Prague, Czech Republic, April 9 - 11, 2019) Over the past 5 years, QuBit has grown to be a leading cyber security community event in CEE region. This year's highlights include: excellent speakers and educational sessions, popular networking events,...
SecureWorld Philadelphia(Philadelphia, Pennsylvania, USA, April 10 - 11, 2019) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry...
ISC West 2019(Las Vegas, Nevada, USA, April 10 - 12, 2019) ISC West is THE largest security industry trade show in the U.S. At ISC West, you will have the chance to network with over 30,000 security professionals through New Products & Technologies encompassing...
Maryland Cyber Day(Hanover, Maryland, United States, April 11, 2019) Maryland Cyber Day is a combination of two events, MD Cyber Day Marketplace followed by MD Cybersecurity Awards Celebration. Marketplace features cybersecurity innovation, an expo, technology demos, “Ask...
Data Connectors Cybersecurity Conference Los Angeles(Los Angeles, California, USA, April 11, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.