skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

ISIS has claimed responsibility for the Easter massacres in Sri Lanka, the Wall Street Journal and others report. A statement published by the jihadist organization’s news agency Amaq says the bombings were retaliation for last month’s massacre of Muslims at a New Zealand mosque, and were intended to kill Christians. Sri Lankan authorities, who continue their social media crackdown during a declared state of emergency, continue to believe the attacks were the work of local jihadists acting with foreign support. CBS News says the death toll is now three hundred twenty one.

Researchers at Check Point describe a targeted spearphishing attack against “government finance authorities” and embassies in Europe. The hackers appear to be Russian, and they appear to be criminals (although that's a tougher call, given the growing penetration of the Russian mob by the Russian security organs). The campaign used malicious Excel files marked implausibly as if they were from the US State Department. The payload was a weaponized version of TeamViewer capable of taking screenshots of infected systems.

One of the gang members (nom-de-hack “EvaPiks”) was active on a hacking and carding forum, the Verge notes, talking about the attack and offering advice to others who might wish to do likewise.

A disgruntled bug hunter, nom-de-hack @0x55Taylor, has released documents taken from a server in Mexico's Guatemala embassy. He told TechCrunch he expected a reply, and when he doesn't get a reply, "then it's going public." The doxing included many identity documents, passports, visas, and so on.

Notes.

Today's issue includes events affecting Bermuda, China, European Union, Guatemala, Guyana, India, Italy, Kenya, Liberia, Lebanon, Mexico, Nepal, Russia, Singapore, Sri Lanka, United Kingdom, United States.

Bring your own context. 

Think you don't sell data in California? Maybe think again. Some thoughts on adjusting to the California Consumer Privacy Act:

"There's confusion about the definition of 'sell.' You might say, 'I don't sell data. My company doesn't sell data.' But right now the definition of 'sell' is any exchange of value or consideration. So if you're using a third-party vendor just to produce a podcast, for example, there is consideration, there is value exchanged - that's considered a sale. You probably don't think about it as a sale, but right now, under CCPA, it is." Barbara Lawler, chief privacy and data ethics officer for Looker Data Sciences, on the CyberWire Daily Podcast for 4.19.19.

Outsmarting Attackers with Deep Learning

Adversaries are creating new attacks at such a speed and volume that signature and sandbox-based threat detection can’t keep up. Deep learning can help. By exposing neural nets to threat data, deep learning can learn to identify malicious traffic, even zero days seen for the first time. But why are advances possible today? How does deep learning differ from machine learning? Where’s the best place to apply deep learning? Get the answers here.

In today's podcast, out later this afternoon, we speak with our partners at Accenture, as Justin Harvey talks about preserving digital evidence in the aftermath of a cyber attack. Our guest, Maryam Rahmani, tells us about the upcoming NYIT Girls in Engineering and Technology Day.

And Recorded Future's Threat Intelligence podcast, produced in cooperation with the CyberWire, is also up. In this episode, "Information Security Is Not an IT Risk; It's a Business Risk," Brian Haugli of Side Channel Security joins us to explain how he helps organizations of all sizes to evaluate their security using a risk-based approach.

Cybersecurity Impact Awards (Arlington, Virginia, United States, May 14, 2019) Winners of the Cybersecurity Impact Awards will be announced and recognized at the May 14, 2019 CYBERTACOS event. The event will start at 5:30 p.m. and the award presentation will begin at 6:00 p.m.! Join us afterwards for tacos and networking!

Cyber Investing Summit (New York City, New York, United States, May 16, 2019) The Cyber Investing Summit is a conference focused on financial opportunities and strategies in the cybersecurity sector. Join key decision makers, investors, and innovators to network, learn, and develop new partnerships May 16th in NYC. More information: www.cyberinvestingsummit.com.

Cyber Attacks, Threats, and Vulnerabilities

Embassies targeted in ongoing spearphishing campaign that weaponized Microsoft Excel files (CyberScoop) Embassies around the world have been targeted in a recent spate of spearphishing email attacks from Russian hackers, according to Check Point Technologies.

Loose online lips sink hack targeting governments and embassies (Ars Technica) "EvaPiks" spills code and techniques used in ongoing hack campaign.

FINTEAM: Trojanized TeamViewer Against Government Targets (Check Point Research) Recently, Check Point researchers spotted a targeted attack against officials within government finance authorities and representatives in several embassies in Europe. The attack, which starts with a malicious attachment disguised as a top secret US document, weaponizes TeamViewer, the popular remote access and desktop sharing software, to gain full control of the infected computer....

Hacker dumps thousands of sensitive Mexican embassy documents online (TechCrunch) A hacker stole thousands of documents from Mexico’s embassy in Guatemala and posted them online. The hacker, who goes by the online handle @0x55Taylor, tweeted a link to the data earlier this week. The data is no longer available for download after the cloud host pulled the data offline, but …

Who’s Behind the RevCode WebMonitor RAT? (KrebsOnSecurity) The owner of a Swedish company behind a popular remote administration tool (RAT) implicated in thousands of malware attacks shares the same name as a Swedish man who pleaded guilty in 2015 to co-creating the Blackshades RAT, a similar product that was used to infect more than half a million computers with malware, KrebsOnSecurity has learned.

Facebook’s Burglary Shopping List (7 Elements) Whilst investigating the technical feasibility of scraping Facebook Marketplace to aid in the recovery of stolen goods, it was possible to identify sensitive data disclosing the exact location of the sale item. The Location data contained within the JSON responses of adverts made through the Facebook Mobile Application, seemed… a little specific. Which goes against …

A 'Blockchain Bandit' Is Guessing Private Keys and Scoring Millions (WIRED) The larger lesson of an ongoing Ethereum crime spree: Be careful with who's generating your cryptocurrency keys.

Ethercombing: Finding Secrets in Popular Places (Independent Security Evaluators) ISE discovered 732 private keys as well as their corresponding public keys that committed 49,060 transactions to the Ethereum blockchain. Additionally, we identified 13,319 Ethereum that was transferred to either invalid destination addresses, or wallets derived from weak keys.

Analyzing C/C++ Runtime Library Code Tampering in Software Supply Chain Attacks (TrendLabs Security Intelligence Blog) For the past few years, the security industry’s very backbone — its key software and server components — has been the subject of numerous attacks through cybercriminals’ various works of compromise and modifications. Such attacks involve the original software’s being compromised via malicious tampering of its source code, its update server, or in some cases, both.

Millions of Medical Documents for Addiction and Recovery Patients Leaked (Threatpost) The information includes data on all rehab treatments and procedures, linked with patients' names and other info.

Security lapse at contract startup Evisort exposed sensitive data (TechCrunch) Evisort, a document and contract management company, left one of its document databases unsecured, exposing customer data. The startup, founded by former Harvard and MIT students in 2016, bills itself as an artificial intelligence contract management company, which it says helps to better organize …

Microsoft Office now the most targeted platform, as browser security improves (CSO Online) The number of attacks carried out using the popular suite has increased in the past two years, Kaspersky Lab researchers say.

Vulnerability Summary for the Week of April 15, 2019 (US-CERT) The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. 

Killer USB Breach Highlights Need For Physical Security (Infosecurity Magazine) Former college student in court facing up to 10 years in prison and a maximum of $250,000 in fines

‘Days, not hours’: Stratford still dealing with effects of cyber-attack (Kitchener) Eight days after a cyber-attack hit Stratford, the city says it is still working to restore its systems and regain access to its data.

Cyber Trends

What's the Best Way to Build Digital Trust? Show Your Customers You Care About Their Data Privacy (Security Intelligence) Focusing on data privacy can have major benefits, including enhanced security, improved compliance and business growth — not to mention increased digital trust among your customer base.

Cyber Readiness Worsens as Attacks Soar (Infosecurity Magazine) Hiscox report finds 61% of firms have been hit

Fragile Cybersecurity Receiving Knocks from Unexpected Quarters (Infosecurity Magazine) Are governments leading efficiently and effectively on cybersecurity matters?

India expected to surpass the UK for second place in payment card fraud (ZDNet) Prices for stolen Indian payment cards has also gone up by 150% in 2018 to around $17/card.

'Korea coming under increasing cyberattacks' (Korea Times) Korea and other countries around the world are facing growing threats of cyberattacks, such as supply chain compromises and cryptocurrency mining over the past year in addition to widespread phishing attacks, Microsoft Korea said Monday.

Marketplace

Jacobs to acquire KeyW (Intelligence Community News) Jacobs of Dallas, TX announced on April 22 that they have entered into a definitive merger agreement pursuant to which Jacobs will acquire KeyW for $11.25 per share in cash. The transaction has an …

A $603 Million Deal Sheds Light on Cybersecurity Space (Bloomberg) Jacobs Engineering to buy KeyW, boosting top-secret access. Dallas-based firm has been making deals in cybersecurity.

Symantec joins DOD cyber threat-sharing group (FCW) The addition of Symantec, which already has a robust threat intelligence network in place, could help bolster the quality and sophistication of the information that flows through the program.

EMT Distribution adds IoT security vendor ReFirm Labs (CRN) US-based IoT security vendor ReFirm Labs has appointed EMT Distribution to distribute its Centrifuge Platform in Australia and New Zealand.

How New York City plans to become a cybersecurity hub (CSO Online) America's largest city has been hit hard by the cybersecurity skills shortage and is working to grow its cybersecurity workforce.

Imperva Appoints Jim Dildine as Chief Financial Officer (BusinessWire) Imperva, Inc., the cybersecurity leader championing the fight to secure data and applications wherever they reside, today announced the appointment of

Facebook Hires Top State Department Lawyer and Bill Gates’s Former PR Chief (Wall Street Journal) Facebook is bringing on a new top lawyer and a communications boss to handle the mounting regulatory and public-relations crises facing the social-media giant.

Products, Services, and Solutions

OPAQ Announces Hyperscale Security-as-a-Service Networking to Simplify Digital Transformation (BusinessWire) New offerings combine gigabit connectivity and comprehensive network security for organizations that require carrier-grade performance and protection.

Technologies, Techniques, and Standards

What is network tokenization? (Rambus) We are seeing an unprecedented shift in consumer spending habits. One in five global transactions are now ‘digital’, with online commerce growing at over six times the rate of in-store sales. But this rapid growth is introducing new challenges. Fraud is rising, yet merchants are under pressure to …

Cyberwarriors get first look at critical new tools (Fifth Domain) The U.S. Air Force delivered to U.S. Cyber Command the first iteration of Unified Platform, a new cyber platform that will give teams important tools and help with coordination.

How the Navy is changing its thinking on information warfare (C4ISRNET) Vice Adm. Matthew Kohler, the Navy’s top information warfare officer, reveals how the service is shifting as the battlefield evolves.

Homomorphic Encryption for Secure Elastic Data Stream Processing (Infosecurity Magazine) How Fully Homomorphic Encryption can aid your cloud security

Debunking the Discourse Around Cloud Security (Infosecurity Magazine) A widespread embrace of the cloud has brought benefits for collaboration and communication.

Collaboration Can Curb Adversarial Threats (SIGNAL Magazine) Defeating hostile threat attempts depends on building effective private-public partnerships.

Why Third-Party Risk Assessment must be an Ongoing Process (Infosecurity Magazine) As companies rely on many partners and suppliers, prioritization is an essential first step to managing third-party risk

Jack Voltaic 2.0 Gives a Glimpse of Future Infrastructure Protection (SIGNAL Magazine) A 2018 exercise developed by the Army Cyber Institute at West Point and hosted by the city of Houston provided participants with a full view of potential critical infrastructure crises while also offering a path to security and resiliency.

Critical Infrastructure Protection Looks Inward (SIGNAL Magazine) The growing interconnection among the elements of the critical infrastructure may hold the key to safeguarding it against an increasingly sophisticated threat picture.

Stopping the Flow of Cyber Breaches (SIGNAL Magazine) The water and wastewater treatment industry is facing cybersecurity threats. The risks affect the sector disproportionately compared to other utilities.

Research and Development

Northrop to Help Develop, Implement Tools on Cybercom's Unified Platform (ExecutiveBiz) Northrop Grumman received a two-year, $24M contract from the U.S. Air Force to develop and incorporate technical capabilties into a unified platform designed to support U.S. Cyber Command operations.

Academia

JSCC cyber defense program receives national certification (WBBJ TV) Jackson State Community College is the only community college in the state with a cyber defense program certified by the U.S. National Security Agency and Department of Homeland Security. Jackson State Community College students Megan Hamilton, left, and Holly Lott work on a server in the school’s computer lab.

Legislation, Policy, and Regulation

Sri Lanka’s social media shutdown illustrates global discontent with Silicon Valley (Washington Post) The Sri Lankan government’s decision to shutter access to social-media sites after Sunday’s deadly bombings may mark a turning point in how countries around the world perceive Silicon Valley -- and their willingness act to stop the spread of falsehoods online.

European Parliament Approves Mass ID Database Plans (Infosecurity Magazine) European Parliament Approves Mass ID Database Plans. Privacy fears of Big Brother state swirl around Brussels

What is the EU's revised Payment Services Directive (PSD2) and its impact? (CSO Online) The upcoming PSD2 requirements, which include multifactor authentication for online European payment card transactions, will have a ripple effect on the payments processing industry in the U.S. and elsewhere.

Russia: Adversary or Enemy? Depends on Your Definition of Cyber Attack. (ClearanceJobs) Russia remains a serious adversary, but is not an enemy of the United States. Its interference in the election may have been meddling, but was it an act of war?

The Mueller Report Shows Politicians Must Unite to Fight Election Interference (Foreign Affairs) It's time to put partisanship aside and come together to protect U.S. democracy.

Singapore Responds to Recent Cybersecurity Attacks (Infosecurity Magazine) Singapore comes back strong after recent data breaches.

Litigation, Investigation, and Law Enforcement

Sri Lanka blames local Islamist extremist group for Easter bombings that killed 290; U.S. offers FBI assistance in probe (Washington Post) Authorities say the local National Thowheed Jamaath group may have had foreign help.

Analysis | Sri Lanka’s bloody Easter puts spotlight on a new terror threat (Washington Post) Experts suspect the deadly series of bombings can't just be the work of "local" actors.

NIH, FBI accuse scientists in US of sending IP to China, running shadow labs (Ars Technica) Federal officials say there's "systematic" meddling by foreign entities.

Inside the special counsel’s long hunt to uncover whether the Trump campaign conspired with Russia (Washington Post) A reconstruction of the investigation by Robert S. Mueller III’s team shows why it was often a maddeningly difficult task — and why some mysteries were left unanswered.

14 Mueller Report Takeaways You Might Have Missed (WIRED) When you dig into the Mueller report, a lot of important details start to jump out.

WannaCry hero Hutchins now officially a convicted cybercriminal (Naked Security) The youngster who spent his own money to protect people from the WannaCry virus has pleaded guilty to malware-related cybercrime charges.

Chelsea Manning will have to stay in jail for contempt, appeals court says (Military Times) The former Army intel analyst is behind bars for refusing to testify to a grand jury investigating Wikileaks.

Democrats Urge Judge Not to Dismiss Russian Hacking Suit (Bloomberg) While much of the U.S. was poring over the Mueller Report, the Democratic National Committee argued Thursday that its civil suit against President Donald Trump, the Russian Federation, WikiLeaks and members of the Trump campaign and White House should go forward.

GAO: GSA Must Do More on Cybersecurity, Property Management (Nextgov) A federal watchdog agency’s reminder on outstanding recommendations comes as the Trump administration pushes for the agency to take on new responsibilities.

Legal opinion: Why Bounty was smacked with a £400,000 fine (Computing) Wedlake Bell's James Castro-Edwards explains why Bounty received such a big fine under the old Data Protection Act - which would almost certainly have been much larger under GDPR

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Cyber Intelligence: Achieving High Performance and Addressing Common Challenges (Arlington, Virginia, USA, May 16, 2019) Over the past several months, the SEI has conducted a cyber intelligence study on behalf of the United States Office of the Director of National Intelligence (ODNI). During this May 16 presentation, we...

Upcoming Events

Insider Threat Program (ITP) Management - Insider Threat Detection & Data Analysis (Miami, Florida, USA, April 22 - 23, 2019) Insider Threat Program Management - Insider Threat Detection & Data Analysis Training The Insider Threat Defense Group will be holding its next class "Insider Threat Program (ITP) Management - Insider Threat Detection & Data Analysis", in Miami, FL, on April 22-23, 2019. At the completion of this training, students will be well versed on how to develop, implement, manage or enhance an ITP, and have the in-depth knowledge to gather, correlate and analyze an extensive amount of raw data sources to detect and mitigate Insider Threat Risks. The course has been taught to over 540+ organizations.

International Conference on Cyber Engagement (Washington, DC, USA, April 23, 2019) This year, the eighth annual International Conference on Cyber Engagement (ICCE) will be hosted for the first time by the Atlantic Council’s Scowcroft Center for Strategy and Security, in partnership with...

(ISC)² Secure Summit DC (Washington, DC, USA, April 23 - 24, 2019) (ISC)² Secure Summit DC evolved to assemble the best minds in cybersecurity for two days of insightful discussions, workshops and best-practices sharing. The goal of our event is to equip security leaders...

SecureWorld Toronto (Toronto, Ontario, Canada, April 24, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...

Cybertech Midwest 2019 (Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.