Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
April 26, 2019.
By the CyberWire staff
Researchers at Symantec are tracking a cryptojacking campaign that for now seems mostly to affect businesses in China. They're calling the campaign "Beapy," and the worm involved appears to be using the EternalBlue exploit to spread. So far Beapy has left individual users largely alone: it shows a distinct preference for enterprises.
KnownSec 404 has discovered a zero-day in Oracle web servers. Two WebLogic components, wls9_async and wls-wsat, are susceptible to remote code execution. There's no patch yet, and KnownSec 404 recommends either removing the two problematic components and restarting the servers, or firewalling the paths an attack might exploit.
A Recorded Future study indicates the degree to which credential-stuffing tools have become widely available criminal commodities. It’s possible to mount a credential-stuffing campaign for as little as five-hundred-fifty dollars. That investment is often repaid twentyfold. It’s a criminal-to-criminal market: the money's made in reselling stolen credentials. Recorded Future says there are six major account-checking toolkits available, with dozens of also-rans being hawked in dark web souks as well.
A cabinet dust-up over who talked out of school about a decision to allow Huawei participation in the UK's 5G build-out, at least in such "non-core" technologies as antennas, may give rise to a criminal investigation, the Telegraph reports.
According to the Washington Post, investigation into the Easter massacres in Sri Lanka has identified at least eight of the nine suicide bombers. Three were members of one of the country's wealthiest families; the family patriarch is among those who've been arrested.
Today's issue includes events affecting Afghanistan, Australia, Canada, Egypt, European Union, Iraq, NATO/OTAN, New Zealand, Poland, Romania, Russia, Spain, Sri Lanka, Syria, United Kingdom, United States.
Bring your own context.
People see something fishy in a reported server crash that rendered alt-coin wallets of those trading in contraband on the Wall Street Market inaccessible, and many think they see an exit scam in progress. But it appears the server crash now holds a place in the discourse of excuses. In this regard our middle school desk explained that no one says "the dog ate my homework" anymore.
"Nope. Now we say 'the algorithm erased it.' It’s kind of like a server crash. Or a bad dog." Jack Bittner, of the CyberWire Middle School Desk, on the CyberWire Daily Podcast, 04.25.19.
Adversaries are creating new attacks at such a speed and volume that signature and sandbox-based threat detection can’t keep up. Deep learning can help. By exposing neural nets to threat data, deep learning can learn to identify malicious traffic, even zero days seen for the first time. But why are advances possible today? How does deep learning differ from machine learning? Where’s the best place to apply deep learning? Get the answers here.
ON THE PODCAST
In today's podcast, out later this afternoon, we speak with our partners at the SANS Institute, as Johannes Ullrich (Dean of Research and proprietor of the ISC Stormcast podcast) tells us about the increase in DHCP client vulnerabilities he’s been tracking. Our guest is Anura Fernando from UL on the technological and regulatory challenges of medical devices and wearables.
Cybersecurity Impact Awards(Arlington, Virginia, United States, May 14, 2019) Winners of the Cybersecurity Impact Awards will be announced and recognized at the May 14, 2019 CYBERTACOS event. The event will start at 5:30 p.m. and the award presentation will begin at 6:00 p.m.! Join us afterwards for tacos and networking!
Cyber Investing Summit(New York City, New York, United States, May 16, 2019) The Cyber Investing Summit is a conference focused on financial opportunities and strategies in the cybersecurity sector. Join key decision makers, investors, and innovators to network, learn, and develop new partnerships May 16th in NYC. More information: www.cyberinvestingsummit.com.
The Economy of Credential Stuffing Attacks(Recorded Future) Insikt Group reviews popular tools used by cybercriminals to initiate credential stuffing and explores marketplaces that sell compromised credentials.
Emotet Uses Compromised Devices as Proxy Command Servers(BleepingComputer) A new Emotet Trojan variant has been observed in the wild with the added capabilities of using compromised connected devices as proxy command-and-control servers and of employing random URI directory paths to evade network-based detection rules.
National Security Council cyber chief: Criminals are closing the gap with nation-state hackers(CyberScoop) Cybercriminals are catching up to nation-states’ hacking capabilities, and it’s making attribution more difficult, the National Security Council’s senior director for cybersecurity policy said Thursday. “They’re not five years behind nation-states anymore, because the tools have become more ubiquitous,” said Grant Schneider, who also holds the title of federal CISO...
AT&T Cybersecurity develops new AlienApp for Box for highly secure content management in the cloud(Alien Vault) Today, I’m excited to share that we have released AlienApp for Box, a new security integration between AT&T Cybersecurity and Box, a leader in cloud content management. This new feature within USM Anywhere takes advantage of Box's granular logging capabilities and powerful APIs to add an additional layer of security for Box Enterprise customers that enables you to monitor your Box environments for potential threats and malicious activities. With the AlienApp for Box, you can enhanc
Fortinet Claims Industry's First SD-WAN ASIC(Virtualization Review) Security specialist Fortinet announced what it claims is the industry's first application-specific integrated circuit for the burgeoning software-defined wide-area networking space.
ESET Partners with Alphabet’s Chronicle(AP NEWS) ESET, a global leader in cybersecurity, today announced it has partnered with Chronicle, an Alphabet company, to provide essential validation on security incidents and alerts within Backstory, Chronicle’s global cloud service where companies can privately upload, store, and analyze their internal security telemetry to detect and investigate potential attacks.
Technologies, Techniques, and Standards
Nato rüstet sich für den Cyberkrieg(Tagespiegel) Virtuell und doch ganz real: Die Nato übt mit IT-Experten aus fast 30 Ländern in Talinn, Angriffe auf ihre Infrastruktur abzuwehren.
Five Eyes cyber summit – five things we learned(PublicTechnology.net) If you spend too much time in certain poorly illuminated corners of the internet, you will find a fair few people who characterise the Five Eyes intelligence alliance as a front for a shadowy cabal committed to spying on citizens, no doubt while spreading chemtrails and pulling the strings of the New World Order.
Sri Lanka tourists warned of more terror(Times) The Foreign Office has warned against all but essential travel to Sri Lanka amid fears that Islamist terrorists are preparing more attacks after the Easter Sunday bombings. Sri Lankan police...
Facebook hit with three privacy investigations in a single day – TechCrunch(TechCrunch) Third time lucky — unless you’re Facebook . The social networking giant was hit Thursday by a trio of investigations over its privacy practices following a particularly tumultuous month of security lapses and privacy violations — the latest in a string of embarrassing and damaging breaches at…
Poland joins Europol’s cyber-crime taskforce(Global Government Forum) Poland has become the latest country to join an international initiative to tackle the growing problem of cyber-crime, such as payment fraud and malware.
Europol, the European Union's law-enforcement agency headquartered in The Hague, has announced that the country has deployed a cybercrime speci
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
International Security Expo 2019(London, England, UK, December 3 - 4, 2019) International Security Expo, formerly UK Security Expo showcases over 1,000 of the latest innovative security products to help you improve your security. Featured over the 2 days are 13 free to attend,...
Cybertech Midwest 2019(Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
Cyber Security Lunch & Learn(Waltham, Massachusetts, USA, April 30, 2019) Data Security breaches happen daily. Security and protection of intellectual property, financial information and client data require the strongest levels of protection from theft or attack, both inside...
Global Cyber Innovation Summit(Baltimore, Maryland, USA, May 1 - 2, 2019) The inaugural 2019 Global Cyber Innovation Summit brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber...
2019 Innovator's Showcase(McLean, Virginia, USA, May 2, 2019) The Intelligence and National Security Alliance (INSA) will showcase IR&D projects with national security applications at its 2019 Innovators’ Showcase. Held in partnership with the Office of the Director
social media for protecting or removing anonymity utilizing social media, internet-connected data stores, and other assets associated with life in a fully digital world, and ephemeris identity telemetry. including identifying characteristics such as biometrics, geolocation, digital signatures, and geo-environmental association..
Data Connectors Cybersecurity Conference Philadelphia(Philadelphia, Pennsylvania, USA, May 2, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.