Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
April 24, 2019.
By the CyberWire staff
The death toll in Sri Lanka's Easter massacres has now risen above three-hundred-fifty, as Reuters notes. The country's intelligence services have identified Moulvi Zahran Hashim (whom the Telegraph describes as a "radical Islamic cleric" known for online calls for extermination of unbelievers) as the leader of the coordinated attacks against Christians at worship and foreigners in tourist hotels. Security organizations responded quickly to the attacks, but poor interagency coordination seems, the National Herald and others report, to have led them to miss warnings of coming attacks, even when such warnings were issued by national authorities (and named the probable ringleader).
New Zealand's prime minister Ardern has issued a "Christchurch Call" inviting other countries to join in restricting the distribution of extremist content through social media, the Guardian reports.
Kaspersky Lab has linked the ShadowHammer supply chain attack to the ShadowPad threat actor. The attackers successfully backdoored widely used developer tools. Among the products affected were online games.
The WiFi Finder app has leaked about two-million network passwords, a researcher has told TechCrunch.
The US House of Representatives would like Google to explain its Sensorvault location database.
The bosses behind the hands behind the keyboards behind the bots didn't much like the Mueller Report, according to NBC News.
The Australian Signals Directorate says that government agencies don't really have to follow its recommended security controls, because those controls, best practices though they may be, might just be too hard to follow. ZDNet sniffs that ASD is showing a "can't do" attitude.
Today's issue includes events affecting Australia, Canada, China, European Union, France, Iran, New Zealand, Russia, Sri Lanka, United Kingdom, United States.
Bring your own context.
"Random" isn't synonymous with "hard for you to remember." A password too tough for you to remember off the top of your head isn't all that tough for machines to crack:
"Do you think that you're clever by using keyboard patterns to generate passwords because, you know, that's going to be a hard password that's kind of difficult to remember? It's not really random at all. It's terribly predictable, just like almost everything humans do." Joe Carrigan, of the Johns Hopkins University Information Security Institute, on the CyberWire Daily Podcast, 4.22.19.
Adversaries are creating new attacks at such a speed and volume that signature and sandbox-based threat detection can’t keep up. Deep learning can help. By exposing neural nets to threat data, deep learning can learn to identify malicious traffic, even zero days seen for the first time. But why are advances possible today? How does deep learning differ from machine learning? Where’s the best place to apply deep learning? Get the answers here.
Cybersecurity Impact Awards(Arlington, Virginia, United States, May 14, 2019) Winners of the Cybersecurity Impact Awards will be announced and recognized at the May 14, 2019 CYBERTACOS event. The event will start at 5:30 p.m. and the award presentation will begin at 6:00 p.m.! Join us afterwards for tacos and networking!
Cyber Investing Summit(New York City, New York, United States, May 16, 2019) The Cyber Investing Summit is a conference focused on financial opportunities and strategies in the cybersecurity sector. Join key decision makers, investors, and innovators to network, learn, and develop new partnerships May 16th in NYC. More information: www.cyberinvestingsummit.com.
Operation ShadowHammer: A High Profile Supply Chain Attack(Securelist) In late March 2019, we briefly highlighted our research on ShadowHammer attacks, a sophisticated supply chain attack involving ASUS Live Update Utility. Now it is time to share more details about the research with our readers.
Carbanak Source Code Discovered on VirusTotal(SecurityWeek) The source code of a backdoor associated with the prolific FIN7 threat actor has emerged on VirusTotal alongside builders and other tools from the group, FireEye security researchers reveal.
DNSpionage Drops New Karkoff Malware, Cherry-Picks Its Victims(BleepingComputer) The DNSpionage malware campaign has added a new reconnaissance stage showing that the attackers have become more picky with their targets, as well as a new .NET-based malware dubbed Karkoff and designed to allow them to execute code remotely on compromised hosts.
Manufacturing giant Aebi Schmidt hit by ransomware(TechCrunch) Aebi Schmidt, a European manufacturing giant with operations in the U.S., has been hit by a ransomware attack, TechCrunch has learned. The Switzerland-based maker of airport maintenance and road cleaning vehicles had operations disrupted Tuesday following the malware infection, according to a sourc…
Rockwell Automation MicroLogix 1400 and CompactLogix 5370 Controllers(ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 7.1ATTENTION: Exploitable remotely/low skill level to exploitVendor: Rockwell AutomationEquipment: MicroLogix 1400 and CompactLogix 5370 ControllersVulnerability: Open Redirect2. RISK EVALUATIONSuccessful exploitation of this vulnerability could allow a remote unauthenticated attacker to input a malicious link redirecting users to a malicious
Atlanta Hawks sniped by Magecart(Sanguine Security) Online credit card thieves - also known as Magecart - have managed to inject a payment skimmer in the online store of the Atlanta Hawks. Fans who ordered merchandize on or after April 20th had their name, address and credit card stolen.
Bullskin Township hit with cyber attack(The Daily Courier) The Pennsylvania State Police and FBI have been asked to investigate an incident in which Bullskin Township's computer system apparently came under attack by malware.
Security Patches, Mitigations, and Software Updates
Tumblr – finally – enables HTTPS for all accounts(TechCrunch) Better late than never, Tumblr has rolled out HTTPS across its entire site. In a brief post on Tumblr’s engineering page, the company said all Tumblr sites will now have the web encryption setting enabled by default, though it admitted the move was “long-overdue.” Tumblr, which li…
Bitglass warns of escalating insider attacks(WhaTech) Bitglass, the Next-Gen CASB company, has cautioned that insider attacks are escalating and that a significant number of organisations are failing to monitor user behaviour across their cloud footprints.
Kaspersky CEO: Open your source codes to win governments' trust(ZDNet) Governments harbouring security concerns about systems manufactured by foreign tech companies should ask these vendors to open up their source codes for inspection, just like technology players such as Huawei and Kaspersky have done for their customers, says Eugene Kaspersky.
Symantec joins DOD cyber threat-sharing group(FCW) The addition of Symantec, which already has a robust threat intelligence network in place, could help bolster the quality and sophistication of the information that flows through the program.
IoT device testing made possible with BeStorm X(SearchSecurity) Beyond Security and Ubiquitous AI Corporation designed BeStorm X specifically for IoT device testing. The vendors claim the black-box fuzzer can identify zero-day vulnerabilities and other weaknesses.
Team of boffins fights cyberattacks(Clarus Security) Edinburgh-based IT security consultancy, 7 Elements, has launched a unique new IT security solution that brings together enterprise-grade automated scanning software with expert human analysis to reduce the risk of corporate cyberattacks. Used by organisations to identify, highlight and manage vulnerabilities, ‘Clarus’ has been unveiled by 7 Elements as part of the UK Government’s flagship …
A CISO looking back, “Dear younger me…”(CISO MAG) I remembered decisions that I made that had a profound impact on my family or employees and decisions I passed on because I lacked experience or the confidence to see my path forward.
Iranian parliament labels entire US military as terrorists(Military Times) Iranian lawmakers on Tuesday overwhelmingly approved a bill that labels all U.S. military forces as terrorist, state TV reported, a day after Washington ratcheted up pressure on Tehran by announcing that no country would any longer be exempt from U.S. sanctions if it continues to buy Iranian oil.
[Letter to Google's CEO](US House of Representatives Committee on Energy and Commerce) Dear Mr. Pichai: We are writing in response to concerning reports about a massive database of precise location information on hundreds of millions of consumers known inside Google as "Sensorvalt."
British PM approves Huawei role in 5G network: report(AFP) British Prime Minister Theresa May has given the go-ahead for China's Huawei to help build a 5G network, shrugging off security warnings from senior ministers and Washington, the Daily Telegraph reported Wednesday.
Deterring Russian Aggression in the Baltic States(RAND) Estonia, Latvia, and Lithuania are vulnerable to low-level, hybrid, and full-scale attacks by Russian forces. Which unconventional strategies could they use to deter aggression and buy time for conventional military responses? And how can NATO allies help develop and fund these efforts?
Cybersecurity: Changing the Model(Atlantic Council) Read the Publication (PDF) The current model of cybersecurity is outdated. Adversaries continue to grow more sophisticated and outpace advancements in defense technologies, processes, and education. As nation states enter into a new period of great...
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
(ISC)² Secure Summit DC(Washington, DC, USA, April 23 - 24, 2019) (ISC)² Secure Summit DC evolved to assemble the best minds in cybersecurity for two days of insightful discussions, workshops and best-practices sharing. The goal of our event is to equip security leaders...
SecureWorld Toronto(Toronto, Ontario, Canada, April 24, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
Cybertech Midwest 2019(Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
Data Connectors Cybersecurity Conference Memphis(Memphis, Tennessee, USA, April 25, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Cyber Security Lunch & Learn(Waltham, Massachusetts, USA, April 30, 2019) Data Security breaches happen daily. Security and protection of intellectual property, financial information and client data require the strongest levels of protection from theft or attack, both inside...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.