Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
April 29, 2019.
By the CyberWire staff
Sri Lanka's nationwide investigation of the Easter Sunday jihadist massacres continues, with tragic results over the weekend. During a police raid on a suspected jihadist cell, the AP reports, militants opened fire and then set off a bomb, killing fifteen. Several children are among the dead.
A vulnerability in the LnkP2P software widely bundled with IoT devices (essentially lack of authentication and encryption in peer-to-peer sharing) exposes many such devices to compromise, according to researcher Paul Marrapese. Affected systems include web-enabled cameras, DVRs, baby monitors, and smart doorbells.
App store curation poses challenges. Apple defends its exclusion of mobile device management apps, and in particular the parental controls subset of them, on grounds of security and privacy, Infosecurity Magazine reports. Kaspersky Lab has filed an anti-trust claim in a Russian court against Apple over just this exclusion. And Google is purging its Play Store of applications contributed by DO Global after researchers reported the Chinese company's products were implicated in widespread ad fraud. As Gizmodo notes, the dozens of DO Global apps affected have been installed more than 600 million times.
Motherboard says that a hacker (nom-de-hack "L&M") claims the ability to exploit automotive GPS trackers made by ProTrack and iTrack to affect cars remotely, including in some cases turning off engines while the vehicles are in motion.
A journalist makes a case (in WIRED) for regulating social media. It's not so much stop me before I tweet again as it is stop them before they speak, or post, again.
Today's issue includes events affecting Afghanistan, Australia, Azerbaijan, Bahrain, Canada, China, India, Iran, Iraq, Israel, Jordan, Lebanon, Morocco, Pakistan, Philippines, Russia, Saudi Arabia, South Africa, Sri Lanka, Sudan, Turkey, United Kingdom, United States.
Bring your own context.
Why would the US National Security Agency recommend that one of its own high-profile programs be terminated? NSA has told the President it thinks its Call Detail Program--that's the telephone surveillance effort instituted after the 9/11 terror attack--should be shut down. It turns out that the program is logistically taxing and imposes a tough compliance burden on NSA. It also just doesn't work very well.
"On the efficacy side, pretty much everybody who's reviewed this program has determined that it really has not been an effective counterterrorism tool, particularly as technology has changed. Quite frankly, terrorists aren't really making phone calls anymore. They're using encrypted applications. So it's just not that effective a tool." Ben Yelin, of the University of Maryland Center for Health and Homeland Security, on the CyberWire Daily Podcast, 4.25.19.
Get a Backstage Pass to LookingGlass’ Digital Business Risk Roadshow
When it comes to digital business risk, you don’t want a general admission perspective. Get a backstage pass for the LookingGlass Digital Business Risk Roadshow to learn the industry-latest on effective third party risk management, taking a proactive security approach, and get a cybercriminal mastermind's insights on manipulating your organization’s cyber strengths and weaknesses. Come see us in a city near you. The tour includes NYC, D.C., and Houston!
Cybersecurity Impact Awards(Arlington, Virginia, United States, May 14, 2019) Winners of the Cybersecurity Impact Awards will be announced and recognized at the May 14, 2019 CYBERTACOS event. The event will start at 5:30 p.m. and the award presentation will begin at 6:00 p.m.! Join us afterwards for tacos and networking!
Cyber Investing Summit(New York City, New York, United States, May 16, 2019) The Cyber Investing Summit is a conference focused on financial opportunities and strategies in the cybersecurity sector. Join key decision makers, investors, and innovators to network, learn, and develop new partnerships May 16th in NYC. More information: www.cyberinvestingsummit.com.
Cyber Security Summits: May 16 in Dallas and in Seattle on June 25th(Dallas, Texas, United States, May 16 - June 25, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, Verizon, Center for Internet Security, and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today: www.CyberSummitUSA.com
P2P Weakness Exposes Millions of IoT Devices(KrebsOnSecurity) A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found.
Docker Hub Database Hack Exposes Sensitive Data of 190K Users(BleepingComputer) An unauthorized person gained access to a Docker Hub database that exposed the the user names and hashed passwords for approximately 190,000 users. In addition, a small percentage of users have had their GitHub and Bitbucket tokens for Docker autobuilds leaked as well.
Hacker Can Kill Car Engines Around the World(Security Boulevard) A hacker with the username “L&M” has infiltrated two GPS vehicle-tracking services, ProTrack and iTrack, gaining access to more than 27,000 accounts in South Africa, Morocco, India, the Philippines, and other countries.
Zuckerberg warns of authoritarian data localization trend(TechCrunch) If free nations demand companies store data locally, it legitimizes that practice for authoritarian nations, which can then steal that data for their own nefarious purposes, according to Facebook CEO Mark Zuckerberg. He laid out the threat in a new 93-minute video of a discussion with Sapiens autho…
IIoT/ICS Security App from CyberX Now Available on Cortex(CyberX) CyberX, the IIoT and ICS security company, announced the availability of its “IIoT/ICS Asset Visibility & Threat Monitoring App” on Cortex™ - the industry’s only open and integrated AI-based continuous security platform.
How to evaluate SOC-as-a-service providers(CSO Online) Not every organization that needs a security operations center can afford to equip and staff one. A number of providers provide SOC as a service. Here's what you need to know about them.
How to combat the threat of Android malware(Popular Science) It’s almost impossible to read the news these days without seeing yet another article on the rising threat of Android malware. But at the same time, a new report from AV-Comparatives has been making the rounds for its finding that most Android antivirus apps are terrible scams. So what’s a security-conscious user to do?
What AI Can Tell From Listening to You(Wall Street Journal) Artificial intelligence promises new ways to analyze people’s voices—and determine their emotions, physical health, whether they are falling asleep at the wheel and much more.
737 MAX, FB data, and the demise of the ethical engineer(TechCrunch) Whatever happened to the ethics of engineering? We’ve seen just one disastrous news story after another these past few years, almost all knowable and preventable. Planes falling out of the sky. Nuclear power plants melting down. Foreign powers engorging on user data. Environmental testing thrashed.…
Five Eyes Must Lead on 5G(War on the Rocks) 5G wireless technology is going to change the world. The challenge for policymakers is to ensure that our nations benefit from 5G’s promise while
Crackdown on lords in pay of Russians and Chinese(Times) Ministers are to launch a sweeping clean-up of public life in an effort to stem the tide of “red money” from Russia and China swirling through parliament, lobbying firms and the City. In a...
Toward a More Constructive Encryption Debate(Carnegie Endowment for International Peace) Encryption policy has long been a contentious topic for cybersecurity experts, law enforcement officials, and privacy advocates dating back to the Crypto Wars of the 1990s.
Data Protection Commission opens statutory inquiry into Facebook(Data Protection Commission) The Data Protection Commission was notified by Facebook that it had discovered that hundreds of millions of user passwords, relating to users of Facebook, Facebook Lite and Instagram, were stored by Facebook in plain text format in its internal servers. We have this week commenced a statutory inquiry in relation to this issue to determine whether Facebook has complied with its obligations under relevant provisions of the GDPR.
Hamas Sophisticating Its Bitcoin Donations System(Crowdfund Insider) Israeli civic-defence groups have been sounding the alarm since January that the militant Palestinian-liberation organization Hamas has started raising funds via Bitcoin. And while donations of Bitcoins to Hamas so far pale in comparison to the millions of dollars Hamas is believed to receive from
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Cyber 2019(Columbia, Maryland, USA, June 19, 2019) Please join us for our 10th annual cyber conference, where on June 19, 2019, we will tackle the topic of Cyber Sensemaking. Cyber Sensemaking is a fluid and continuous approach for establishing better...
Cybertech Midwest 2019(Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
Cyber Security Lunch & Learn(Waltham, Massachusetts, USA, April 30, 2019) Data Security breaches happen daily. Security and protection of intellectual property, financial information and client data require the strongest levels of protection from theft or attack, both inside...
Global Cyber Innovation Summit(Baltimore, Maryland, USA, May 1 - 2, 2019) The inaugural 2019 Global Cyber Innovation Summit brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber...
2019 Innovator's Showcase(McLean, Virginia, USA, May 2, 2019) The Intelligence and National Security Alliance (INSA) will showcase IR&D projects with national security applications at its 2019 Innovators’ Showcase. Held in partnership with the Office of the Director
social media for protecting or removing anonymity utilizing social media, internet-connected data stores, and other assets associated with life in a fully digital world, and ephemeris identity telemetry. including identifying characteristics such as biometrics, geolocation, digital signatures, and geo-environmental association..
Data Connectors Cybersecurity Conference Philadelphia(Philadelphia, Pennsylvania, USA, May 2, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.