Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
April 23, 2019.
By the CyberWire staff
ISIS has claimed responsibility for the Easter massacres in Sri Lanka, the Wall Street Journal and others report. A statement published by the jihadist organization’s news agency Amaq says the bombings were retaliation for last month’s massacre of Muslims at a New Zealand mosque, and were intended to kill Christians. Sri Lankan authorities, who continue their social media crackdown during a declared state of emergency, continue to believe the attacks were the work of local jihadists acting with foreign support. CBS News says the death toll is now three hundred twenty one.
Researchers at Check Point describe a targeted spearphishing attack against “government finance authorities” and embassies in Europe. The hackers appear to be Russian, and they appear to be criminals (although that's a tougher call, given the growing penetration of the Russian mob by the Russian security organs). The campaign used malicious Excel files marked implausibly as if they were from the US State Department. The payload was a weaponized version of TeamViewer capable of taking screenshots of infected systems.
One of the gang members (nom-de-hack “EvaPiks”) was active on a hacking and carding forum, the Verge notes, talking about the attack and offering advice to others who might wish to do likewise.
A disgruntled bug hunter, nom-de-hack @0x55Taylor, has released documents taken from a server in Mexico's Guatemala embassy. He told TechCrunch he expected a reply, and when he doesn't get a reply, "then it's going public." The doxing included many identity documents, passports, visas, and so on.
Today's issue includes events affecting Bermuda, China, European Union, Guatemala, Guyana, India, Italy, Kenya, Liberia, Lebanon, Mexico, Nepal, Russia, Singapore, Sri Lanka, United Kingdom, United States.
Bring your own context.
Think you don't sell data in California? Maybe think again. Some thoughts on adjusting to the California Consumer Privacy Act:
"There's confusion about the definition of 'sell.' You might say, 'I don't sell data. My company doesn't sell data.' But right now the definition of 'sell' is any exchange of value or consideration. So if you're using a third-party vendor just to produce a podcast, for example, there is consideration, there is value exchanged - that's considered a sale. You probably don't think about it as a sale, but right now, under CCPA, it is." Barbara Lawler, chief privacy and data ethics officer for Looker Data Sciences, on the CyberWire Daily Podcast for 4.19.19.
Adversaries are creating new attacks at such a speed and volume that signature and sandbox-based threat detection can’t keep up. Deep learning can help. By exposing neural nets to threat data, deep learning can learn to identify malicious traffic, even zero days seen for the first time. But why are advances possible today? How does deep learning differ from machine learning? Where’s the best place to apply deep learning? Get the answers here.
Cybersecurity Impact Awards(Arlington, Virginia, United States, May 14, 2019) Winners of the Cybersecurity Impact Awards will be announced and recognized at the May 14, 2019 CYBERTACOS event. The event will start at 5:30 p.m. and the award presentation will begin at 6:00 p.m.! Join us afterwards for tacos and networking!
Cyber Investing Summit(New York City, New York, United States, May 16, 2019) The Cyber Investing Summit is a conference focused on financial opportunities and strategies in the cybersecurity sector. Join key decision makers, investors, and innovators to network, learn, and develop new partnerships May 16th in NYC. More information: www.cyberinvestingsummit.com.
FINTEAM: Trojanized TeamViewer Against Government Targets(Check Point Research) Recently, Check Point researchers spotted a targeted attack against officials within government finance authorities and representatives in several embassies in Europe. The attack, which starts with a malicious attachment disguised as a top secret US document, weaponizes TeamViewer, the popular remote access and desktop sharing software, to gain full control of the infected computer....
Hacker dumps thousands of sensitive Mexican embassy documents online(TechCrunch) A hacker stole thousands of documents from Mexico’s embassy in Guatemala and posted them online. The hacker, who goes by the online handle @0x55Taylor, tweeted a link to the data earlier this week. The data is no longer available for download after the cloud host pulled the data offline, but …
Who’s Behind the RevCode WebMonitor RAT?(KrebsOnSecurity) The owner of a Swedish company behind a popular remote administration tool (RAT) implicated in thousands of malware attacks shares the same name as a Swedish man who pleaded guilty in 2015 to co-creating the Blackshades RAT, a similar product that was used to infect more than half a million computers with malware, KrebsOnSecurity has learned.
Facebook’s Burglary Shopping List(7 Elements) Whilst investigating the technical feasibility of scraping Facebook Marketplace to aid in the recovery of stolen goods, it was possible to identify sensitive data disclosing the exact location of the sale item. The Location data contained within the JSON responses of adverts made through the Facebook Mobile Application, seemed… a little specific. Which goes against …
Ethercombing: Finding Secrets in Popular Places(Independent Security Evaluators) ISE discovered 732 private keys as well as their corresponding public keys that committed 49,060 transactions to the Ethereum blockchain. Additionally, we identified 13,319 Ethereum that was transferred to either invalid destination addresses, or wallets derived from weak keys.
Analyzing C/C++ Runtime Library Code Tampering in Software Supply Chain Attacks(TrendLabs Security Intelligence Blog) For the past few years, the security industry’s very backbone — its key software and server components — has been the subject of numerous attacks through cybercriminals’ various works of compromise and modifications. Such attacks involve the original software’s being compromised via malicious tampering of its source code, its update server, or in some cases, both.
Security lapse at contract startup Evisort exposed sensitive data(TechCrunch) Evisort, a document and contract management company, left one of its document databases unsecured, exposing customer data. The startup, founded by former Harvard and MIT students in 2016, bills itself as an artificial intelligence contract management company, which it says helps to better organize …
Vulnerability Summary for the Week of April 15, 2019(US-CERT) The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
'Korea coming under increasing cyberattacks' (Korea Times) Korea and other countries around the world are facing growing threats of cyberattacks, such as supply chain compromises and cryptocurrency mining over the past year in addition to widespread phishing attacks, Microsoft Korea said Monday.
Jacobs to acquire KeyW(Intelligence Community News) Jacobs of Dallas, TX announced on April 22 that they have entered into a definitive merger agreement pursuant to which Jacobs will acquire KeyW for $11.25 per share in cash. The transaction has an …
Symantec joins DOD cyber threat-sharing group(FCW) The addition of Symantec, which already has a robust threat intelligence network in place, could help bolster the quality and sophistication of the information that flows through the program.
What is network tokenization?(Rambus) We are seeing an unprecedented shift in consumer spending habits. One in five global transactions are now ‘digital’, with online commerce growing at over six times the rate of in-store sales. But this rapid growth is introducing new challenges. Fraud is rising, yet merchants are under pressure to …
Stopping the Flow of Cyber Breaches(SIGNAL Magazine) The water and wastewater treatment industry is facing cybersecurity threats. The risks affect the sector disproportionately compared to other utilities.
JSCC cyber defense program receives national certification(WBBJ TV) Jackson State Community College is the only community college in the state with a cyber defense program certified by the U.S. National Security Agency and Department of Homeland Security. Jackson State Community College students Megan Hamilton, left, and Holly Lott work on a server in the school’s computer lab.
Democrats Urge Judge Not to Dismiss Russian Hacking Suit(Bloomberg) While much of the U.S. was poring over the Mueller Report, the Democratic National Committee argued Thursday that its civil suit against President Donald Trump, the Russian Federation, WikiLeaks and members of the Trump campaign and White House should go forward.
Insider Threat Program (ITP) Management - Insider Threat Detection & Data Analysis(Miami, Florida, USA, April 22 - 23, 2019) Insider Threat Program Management - Insider Threat Detection & Data Analysis Training
The Insider Threat Defense Group will be holding its next class "Insider Threat Program (ITP) Management - Insider Threat Detection & Data Analysis", in Miami, FL, on April 22-23, 2019. At the completion of this training, students will be well versed on how to develop, implement, manage or enhance an ITP, and have the in-depth knowledge to gather, correlate and analyze an extensive amount of raw data sources to detect and mitigate Insider Threat Risks. The course has been taught to over 540+ organizations.
International Conference on Cyber Engagement(Washington, DC, USA, April 23, 2019) This year, the eighth annual International Conference on Cyber Engagement (ICCE) will be hosted for the first time by the Atlantic Council’s Scowcroft Center for Strategy and Security, in partnership with...
(ISC)² Secure Summit DC(Washington, DC, USA, April 23 - 24, 2019) (ISC)² Secure Summit DC evolved to assemble the best minds in cybersecurity for two days of insightful discussions, workshops and best-practices sharing. The goal of our event is to equip security leaders...
SecureWorld Toronto(Toronto, Ontario, Canada, April 24, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
Cybertech Midwest 2019(Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.