skip navigation

More signal. Less noise.

What if your security strategy added zeros to your bottom line?

Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.

Daily briefing.

Military officers in Ukraine are being spearphished by a group seeking to install the Ratvermin backdoor, according to BleepingComputer. FireEye, which identified the campaign, links it to the Luhansk People's Republic. This is a region in Eastern Ukraine controlled by Russia and represented by the occupiers as being a breakaway state that's won its independence from Ukraine. Kiev regards Luhansk as nothing more than an administrative fig leaf for the Russian occupation.

The Washington Post sees the Luhansk operation as a troubling harbinger of small-state and non-state actors deploying increasingly sophisticated cyber weapons. Alternatively, this might be more realistically viewed as a Russian attempt to achieve plausible deniability, and not as a small-group breakout into the big time.

Supporters who wish to stand by Julian Assange, the BBC says, are doing so by taking two Yorkshire Councils' websites down. Presumably the attacks on Barnsley and Bedale would prompt a groundswell of hacktivist pressure in favor of Mr. Assange's release.

Computing reports that the Wipro hack may have targeted dozens of the company's clients.

The AP is reporting on another suspicious questioner, one Lucas Lambert, who said he was a venture capitalist and wished to talk with a Russia specialist at the Chatham House think tank about a cyber conference Mr. Lambert said his firm was organizing. But the conversations all turned quickly to whether anyone was being paid to bad-mouth Kaspersky Lab. The AP is reminded of a similar approach to Citizen Lab by one Michel Lambert back in February.

Notes.

Today's issue includes events affecting China, France, Iran, Russia, Saudi Arabia, Ukraine, United States.

A note to our readers: if you find value in the CyberWire Daily News Briefing, why not encourage your colleagues to sign up as well? They can subscribe here. Thanks for your consideration (and, as always, thanks for reading).

Earn Your Master’s in Cybersecurity from Georgetown

Looking to advance your cybersecurity career? Check out Georgetown University's graduate program in Cybersecurity Risk Management. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. You'll leave the program with the expertise you need to effectively manage risks and navigate today’s increasingly complex cyber threats. Explore the program.

In today's podcast, out later this afternoon, we speak with our partners at Webroot, as David Dufour shares survey results about artificial intelligence and machine learning. Our guest is Derek Vadala from Moody’s Investor Service, who discusses Moody’s framework for assessing cyber risk.

Global Cyber Innovation Summit (Baltimore, Maryland, United States, May 1 - 2, 2019) This unique, invitation-only forum brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber investment community to catalyze the industry into creating more effective cyber defenses. Request an invitation today.

Cyber Attacks, Threats, and Vulnerabilities

'Assange supporters' claim council hacks (BBC News) Hacking groups claim to have taken down Barnsley and Bedale council websites.

AP Exclusive: Undercover spy targeted Kaspersky critics (Washington Post) An undercover operative has been targeting cybersecurity experts in an apparent effort to gather intelligence about critics of Kaspersky Lab, the Russian antivirus firm

This malware campaign is targeting the military with phony emails from a defence contractor | ZDNet (ZDNet) Spear-phishing attacks against Ukraine are part of a cyber-espionage campaign by a group with potent capabilities.

Spear Phishing Campaign Targets Ukraine Government and Military;Infrastructure Reveals Potential Link to So-Called Luhansk People's Republic (FireEye) FireEye Threat Intelligence identified a spear phishing email targeting government entities in Ukraine.

Analysis | The Cybersecurity 202: Why a hacking operation by a proto-state in Ukraine could spell trouble for the U.S. (Washington Post) The Luhansk People’s Republic has a sophisticated hacking army. Others will soon follow.

Hacker Group Uses RATVERMIN Backdoor to Target Ukrainian Military (BleepingComputer) Multiple Ukrainian military departments were targeted by a spear phishing campaign which attempted to drop a RATVERMIN backdoor as part of a second-stage payload delivered with the help of a Powershell script.

Moscow Server Hosted WikiLeaks and Iran’s Hackers Weeks Apart (The Daily Beast) The year was 2015, and weeks after a group of brazenly persistent hackers hit over 500 targets, WikiLeaks dumped thousands of Saudi diplomatic cables. Coincidence, or connection?

Over 100 Million JustDial Users' Personal Data Found Exposed On the Internet (The Hacker News) Popular JustDial Local Search Engine Site Exposing Data On Over 100 Million Users

Malware Authors Have Already Won the Iron Throne (Zscaler) With the much-anticipated premiere of the final season of HBO's Game of Thrones, you can bet that malware authors are ramping up their efforts to infect viewers anxious to stream the series.

Decoding a 'New' Elite Cyber Espionage Team (Dark Reading) Stealthy and well-heeled hacking group went undetected for five years and wields a massive attack framework of some 80 different modules.

Wipro investigates security breach believed to be perpetrated by state-sponsored attacker (Computing) Wipro systems compromised following phishing campaign used to target 'at least a dozen' clients, according to insiders

Wipro confirms breach, says customers are 'anxious' (CRN Australia) CEO says firm responded “quite fast” to security breach, disputes details.

Wipro hires forensic firm to probe cyberattack (The Economic Times) IT company confirms zero-day attack, could be liable for damages if client information found to be compromised.

The Wipro Breach: Why Managed Service Providers Are At Risk (CRN) The Wipro breach is just the latest sign that solution providers, managed service providers and other IT service providers are now plum targets for nation-state hackers

Windows Zero-Day Emerges in Active Exploits (Threatpost) Patched just last week, the Windows kernel bug is being used for full system takeover.

Kaspersky claims credit for finding critical Windows security flaw being actively exploited in the wild (Computing) While patched last week, Kaspersky claims attackers are exploiting the flaw in a string of new attacks to take full control of targets' PCs

Notre Dame Disaster Causes FireStorm Of Social Engineering And Misinformation (KnowBe4) Notre Dame Disaster Causes FireStorm Of Social Engineering And Misinformation

WAGO Series 750-88x and 750-87x (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 9.8ATTENTION: Exploitable remotely/low skill level to exploitVendor: WAGOEquipment: Series 750-88x and 750-87xVulnerability: Use of Hard-coded Credentials2. RISK EVALUATIONThis vulnerability allows a remote attacker to change the settings or alter the programming of the device. 

PLC Cycle Time Influences (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 7.5ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are availableVendors: ABB, Phoenix Contact, Schneider Electric, Siemens, WAGOEquipment: Programmable Logic ControllersVulnerability: Uncontrolled Resource Consumption2.

Delta Industrial Automation CNCSoft (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 7.8ATTENTION: Low skill level to exploitVendor: Delta Electronics (Delta)Equipment: Delta Industrial Automation CNCSoftVulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Out-of-bounds Read2.

If hackers can hide tumors in scans, what else can they hide? (C4ISRNET) Researchers demonstrate a novel attack on medical devices by using deep learning.

QR Codes locken in die Phishing-Falle (UNITED NEWS NETWORK GmbH) G DATA Mobile Internet Security iOS ab sofort mit QR Code Scanner

FBI Head Of Cybersecurity In San Francisco Warns: Look To Inside Threats (Forbes) The arrest of Wikileaks founder Julian Assange marks the first step toward trying one of the most prominent cyber crimes in American history and his charges to commit computer intrusion are more common theses days than one would think.

Security Patches, Mitigations, and Software Updates

Security flaw in EA’s Origin client exposed gamers to hackers (TechCrunch) Electronic Arts has fixed a vulnerability in its online gaming platform Origin after security researchers found they could trick an unsuspecting gamer into remotely running malicious code on their computer. The bug affected Windows users with the Origin app installed. Tens of millions of gamers use…

Oracle releases Critical Patch Update addressing 296 vulnerabilities (Computing) MySQL alone accounted for fixes for 44 vulnerabilities in Oracle's latest patch batch, while Fusion Middleware has 53 security flaws patched

Cyber Trends

2019 Endpoint Security Trends Report (Absolute) New data security threats revealed from global study of six million devices

Measuring Progress: Expanding the Horizon | 2019 Annual Report (Cybergistic) CynergisTek's second annual report analyzed the results of assessments at hundreds of healthcare organizations against NIST CSF and the HIPAA Privacy and Security Rules.

Small Business App Features and Security in 2019 (Clutch) Small businesses prioritize social media integration in their apps but don't invest enough in app security or personalization. Read More

OTA’s Online Trust Audit Scores Consumer-facing U.S. Government Websites (PRWeb) The Internet Society’s Online Trust Alliance (OTA), which identifies and promotes security and privacy best practices that build consumer confidence in the Inte

Distil Networks’ Sixth Annual Bad Bot Report Finds Bad Bot Arms Race Rages On (Distil Networks) Industry breakdown available in the sixth annual report from Distil Networks titled Bad Bot Report 2019: The Bot Arms Race Continues.

Cyber security forensic checks come to the fore in mergers and acquisitions processes | Voxy.co.nz (Voxy.co.nz) Imagine you’re buying a business. The first step would of course be to carry out financial due diligence to help assess the risk and return profile of the business.

Marketplace

Self Probe Won’t Cut it for Israeli Spyware Company NSO, Says Citizen Lab Researcher (CTECH) Bill Marczak, a senior fellow researcher at the University of Toronto's Citizen Lab, a digital and human rights research group, spoke Thursday at Calcalist’s Mind the Tech Conference in New York

Huawei's employee ownership claims are a sham covering up possible Communist control, research finds (The Telegraph) New research has rubbished Huawei's claim to be owned and controlled by its employees, calling it "misleading" and "a myth".

Huawei warns 'politicising' cyber security will create trade problems (The Sydney Morning Herald) Huawei's deputy chairman and rotating chairman, Ken Hu, called on global governments to create independent standards to determine which companies should be trusted.

Huawei cyber security chief John Suffolk: It’s not our culture to be aggressive (ComputerWeekly) John Suffolk, global cyber security and privacy officer at China-based telecoms equipment supplier Huawei, tells Huawei Analyst Summit growth is the best answer to US criticism.

The U.S. Wants to Ban Huawei. But in Some Places, AT&T Relies On It. (Wall Street Journal) U.S. officials have told telecom executives around the world to steer clear of Huawei Technologies, calling the company a national-security threat, but that hasn’t prevented AT&T from using the Chinese company’s equipment in Mexico.

Intel quits 5G smartphone modems after Apple reaches a settlement with Qualcomm (Computing) Chip giant says it will focus on the broader 5G infrastructure business after Apple settles differences with Qualcomm

How BlackBerry Has Become a Cyber-Security Player (eWEEK) BlackBerry CTO Charles Eagan explains where his company's cyber-security efforts are headed and why, after 35 years and many technological changes, BlackBerry is fundamentally on the same mission.

Gemalto to delist from Amsterdam and Paris exchanges as Thales buys out remaining shares (Biometric Update) Gemalto will be delisted from the Euronext Amsterdam and Euronext Paris stock exchanges shortly after the company’s annual general meeting on May 28, 2019, as part of its merger with Thales. Thales…

The GLI Group (GLI®) Acquires SeNet International Corporation, Bringing Expanded Information Technology Security Capabilities to U.S. Clients (PR Newswire) The GLI Group (GLI®) has acquired SeNet International Corporation ("SeNet"), bringing expanded cybersecurity and ...

Class in Session for Federal Cyber Reskilling Academy (Nextgov) Demand drove an increase in cohort size.

Forcepoint Opens New State-of-the-Art Cyber Experience Center in Boston’s Seaport District (Forcepoint) Facility to serve as the new Forcepoint Global Center of Excellence for Behavioral Analytics driving cyber innovation and product development in understanding human behavior in partnership with Forcepoint X-Labs research division Forcepoint’s Cyber Experience Center, a multi-million dollar investment, uniquely delivers an immersive experience that brings to life today’s evolving threat landscape for enterprises and government agencies

Products, Services, and Solutions

Telos Ghost® Provides New Capabilities for Cloud-Based Secure and Anonymous Networking Solutions (BusinessWire) Telos Corporation announces a new version of Telos Ghost, its system for private, secure, and anonymous operations on the internet, with advanced capa

The crowdsourced platform teaching the cybersecurity workforce new skills (CyberScoop) Ralph Sita, CEO of Cybrary, talks with CyberScoop Editor-in-Chief Greg Otto about his company's platform and why its taking off inside bigger corporations.

BAE Systems enhances its NetReveal platform improving financial crime investigator efficiency (Help Net Security) BAE Systems unveiled a major enhancement to its NetReveal platform at the ACAMS 24th annual International AML and Financial Crime Conference.

Technologies, Techniques, and Standards

What the Army learned from a February cyber exercise (Fifth Domain) Cyber teams are beginning to use a new training environment that will allow staffers to rehearse for specific missions.

What the Air Force learned from insurgents’ networks (C4ISRNET) Air Force leaders plan to experiment this summer with a mesh network that would allow military users in hard-to-reach areas to connect to the service’s top secret network and share intelligence information without the fear of losing service.

TPM & TEE – working together in harmony (Global Platform) As the line between mobile devices and computers becomes increasingly blurred, security architectures from two previously separate worlds are also converging.

Not appointing a CRO? Might be risky business (ZDNet) New report makes the case for welcoming chief risk officers to the C-suite.

5 Things You Need to Know About API Protection (SC Media) Whether you realize it or not, APIs are everywhere in your organization and they’re growing in numbers. In fact it’s estimated that the average

Design and Innovation

AI & ML latest: Google disbands another AI ethics committee (Computing) Tricky stuff, ethics

Goodbye, Jeff and Tina: Cyber Awareness Challenge ditches beloved-but-corny characters (Stars and Stripes) The new edition of the Department of Defense’s annual computer security training means that it's time to say farewell to some familiar faces.

Academia

RMIT University launches new cybersecurity course (PACE) RMIT has developed a new cybersecurity course in partnership with industry to arm people with the skills needed to protect their digital assets.

UWF to host national platform for cybersecurity executives (University of West Florida Newsroom)   WHAT: Cybersecurity executives in academia, business, government and the armed forces will address the rapidly-evolving cyber threat landscape and critical workforce shortage at the annual Centers of Academic Excellence Executive Leadership Forum. The University of West Florida in partnership with the National Security Agency and Department of Homeland Security will host the forum. Speakers include executives from …

MU gets high schoolers interested in cyber careers (The Herald-Dispatch) High school students interested in such careers as cybersecurity, cyber crime and digital forensics got a taste of what it would be like during the 10th annual

Legislation, Policy, and Regulation

Russian lawmakers approve new Internet law (Reuters) Russia's lower house of parliament approved on Tuesday the third reading of...

Iran labels all US forces in Middle East ‘terrorists’ (Military Times) It remains unclear how the bill’s passage in parliament would affect the Republican Guard’s activities in the Persian Gulf, where the U.S. Navy has in the past accused Iranian patrol boats of harassing American warships.

PPD-20 successor has yielded ‘operational success,’ Federal CISO says (CyberScoop) A revamped policy framework for offensive U.S. cyber operations is much quicker than its predecessor, federal CISO Grant Schneider said Tuesday.

Former top CIA official warns that U.S. intel faces "moment of reckoning" after 2016 failure (CBS News) "The trends it reflects warrant a wholesale reimagining of how the intelligence community operates," Michael Morell and Amy Zegart wrote in an essay in Foreign Affairs

Shed Light on Cryptocurrency 'Dark Matter' Regulation at SEC (Competitive Enterprise Institute) A few days ago, the Trump administration issued a memorandum strongly discouraging what the Competitive Enterprise Institute’s Wayne Crews has called “regulatory dark matter.” The memo instructs federal agencies to submit all policymaking rules to Congress to be vetted under the Congressional Review Act, even if these rules come in the form of informal “guidance.”

Litigation, Investigation, and Law Enforcement

EU: No evidence of Kaspersky spying despite 'confirmed malicious' classification (ZDNet) European Commission "not in possession of any evidence regarding potential issues related to the use of Kaspersky Lab products."

One Month, 500,000 Face Scans: How China Is Using A.I. to Profile a Minority (New York Times) In a major ethical leap for the tech world, Chinese start-ups have built algorithms that the government uses to track members of a largely Muslim minority group.

The Maddening Limbo of Paul Whelan (Foreign Policy) Four months into the former U.S. Marine’s detention in Moscow, Washington is struggling to help free him—or even get him answers.

Inside bikini-photo startup Six4Three’s scrappy battle to put Facebook on trial (NBC News) The David vs. Goliath contest pits a small startup against one of the most powerful technology companies in the world.

Electronic surveillance isn't spying — it's much more powerful (TheHill) The silly semantical jousting over 'spying' versus 'surveillance' is a distraction.

The FBI Wanted a Backdoor to the iPhone. Tim Cook Said No (WIRED) The agency wanted to crack the iPhone of Syed Farook, a suspect in the 2015 San Bernardino shooting. The Apple CEO took a stand.

Apple, Qualcomm Agree to Drop All Patent Litigation (Wall Street Journal) Apple and Qualcomm agreed to dismiss all litigation between the two companies world-wide, on the day the two sides began a courtroom trial to settle their legal dispute.

T-Mobile-Sprint Deal Runs Into Resistance From DOJ Antitrust Staff (Wall Street Journal) Justice Department staffers have told T-Mobile US and Sprint that their planned merger is unlikely to be approved as currently structured, casting doubt on the fate of the $26 billion deal.

Cyber-sec biz Fortinet coughs up $545,000 after 'flogging' rebadged Chinese kit to Uncle Sam – but why so low? We may be able to explain (Register) Rogue employee takes blame, seems he ain't no Fortinet son

Attorney seeks Coast Guardsman’s release since he isn’t facing terrorism charges (Navy Times) A Coast Guard lieutenant accused of stockpiling guns and compiling a hit list of prominent Democrats and network TV journalists is seeking his release from federal custody since prosecutors haven’t charged him with any terrorism-related offenses.

University of Kentucky to increase security after online threat (WLKY) Officials say threat deemed not credible

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Defend Your Organization: Cybersecurity in Manufacturing Conference (Boston, Massachusetts, USA, October 1 - 2, 2019) The manufacturing industry is one of the most heavily targeted industries for cyberattacks. As manufacturers undertake digital transformations, vulnerability to attacks increase. Hear from expert speakers...

Jacksonville Cybersecurity Conference (Jacksonville, Florida, USA, October 10, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Omaha Cybersecurity Conference (Omaha, Nebraska, USA, October 24, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Chicago Suburbs Cybersecurity Conference (Chicago, Illinois, USA, November 6, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

San Diego Cybersecurity Conference (San Diego, California, USA, November 7, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Orlando Cybersecurity Conference (Orlando, Florida, USA, November 14, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Upcoming Events

IMPACT ’19 (Chantilly, Virginia, USA, April 15 - 17, 2019) Prepare for the changes ahead and get out in front of the compliance curve by attending the 34th annual NSI IMPACT Forum on April 15-17 at the Westfields Marriott in Chantilly, VA. The theme of this year’s...

2019 Industrial Control Systems (ICS) Cyber Security Conference (Singapore, April 16 - 18, 2019) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other...

Cybersecurity: 5th Generation Threats- What we know, should know, and don't know. (Santa Barbara, California, USA, April 17, 2019) Cyber threats capable of massive economic and social disruption are poorly understood and vastly underestimated. Cybersecurity is a continuing arms race. This panel/presentation will review the state...

Insider Threat Summit 2019 (ITS5) (Monterey Bay, California, USA, April 17 - 18, 2019) ITS5 brings Government and Industry organizations and cybersecurity leaders together to better understand the type of threats that impact infrastructure and overall operations. Our two-day summit will...

SecureWorld Houston (Houston, Texas, USA, April 18, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.