skip navigation

More signal. Less noise.

Beginner’s Guide: Open Source Network Security Tools

With so many open source tools out there, it's hard to know where to start. Get your copy of “Beginner’s Guide: Open Source Network Security Tools” today to learn how you can use open source tools for: network discovery, network IDS, vulnerability scanning & penetration testing.

Daily briefing.

Investigation into the possibility that the alleged Capital One hacker hit other enterprises continues. According to Computing, however, Amazon says it's found no evidence that the organizations mentioned by Paige Thompson, nom-de-hack "erratic," were actually compromised. The FBI is sorting it out, the Wall Street Journal reports. Not all the possible victims are in the US.

Discussing the Capital One breach, Duo Security says that people should not draw the conclusion that the cloud is somehow inherently less secure. Regular, reliable patching and updating alone represent an advantage, as does the broad view of threat activity cloud providers offer. But moving to the cloud does involve change, and that inevitably involves rethinking security. Old processes and protocols can't simply be assumed adequate to their new environment.

In an unrelated compromise, an unsecured Honda Motors database has been found by Cloudflare researchers, BleepingComputer reports.

The Straits Times discusses what appears to be a major breach at beauty retailer Sephora. Group-IB has found two databases circulating in dark web markets. Combined, the two databases hold about 3.7 million records. These don't contain either payment information or plaintext passwords, but Group-IB says the compromised data could be exploited for social engineering.

Carbon Black announces what they call "the cognitive attack loop." At each step of an attack, they argue, cyber criminals exhibit characteristic cognitive behavior. Understanding that gives the defender an edge.

Akamai's latest State of the Internet report concludes that phishing remains the biggest threat to financial services firms and their customers.

Notes.

Today's issue includes events affecting .

Bring your own context.

When people talk about threat intelligence, it's a mistake to think of it just as a series of feeds.

"Feeds tend to lack a lot of the context that would be considered true threat intelligence. For example, if I just give you a feed of bad file hashes or bad domains, that doesn't give you or the consumer any context as to why it's bad. Should I be concerned with maybe the confidence or severity of that? Threat intelligence is really that context and knowledge that sits on top of it all. A comparison would be feeds up against a finished intelligence report with all the context, including that it was coming from this actor. It's relevant to these organizations, and maybe even, this is how you would respond to it. So feeds are kind of what was like an early concept of threat intelligence and still today is almost an immature view at threat intelligence. Nowadays, we want to look at finished intelligence in some fashion, with all of that context on top of it."

—Tom Hegel, security researcher with AT&T Alien Labs, on the CyberWire Daily Podcast, 7.29.19.

There's an old military distinction between intelligence (contextualized, analyzed, etc.) and combat information (raw reports, sensor data, etc.). Intelligence can be wrong, but information can just be noise.

What if your security strategy added zeros to your bottom line?

Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.

In today's podcast, out later this afternoon, we speak with our partners at Terbium Labs, as Emily Wilson shares more details from their recent fraud and international crime report. Our guest is Giovanni Vigna from Lastline, with thoughts on the upcoming Black Hat conference.

And Hacking Humans is up. In this episode, "Images are the language of the brain," Dave outlines a church donation scam. Joe shares reporting from Ars Technica on romance scams coming out of Africa. The catch of the day is courtesy of London comedian James Veitch Our guest is Garry Berman from Cyberman Security who's developed a cyber security comic book series to help raise awareness.

XM Cyber is coming to Black Hat (Las Vegas, Nevada, United States, August 3 - 8, 2019) Visit XM Cyber at our booth 875, to experience the first fully automated APT simulation platform to Simulate, validate and remediate hackers’ path to organizational critical assets.

Codenomicon August 6 Skyfall Lounge Las Vegas (Las Vegas, Nevada, United States, August 6, 2019) Black Hat is just around the corner! Join Synopsys at our exclusive cyber security professional event—codenomi-con. We’ll kick off a night of entertainment, networking, and leadership Aug. 6 at 6 p.m. Register today!

Courageous Women CISO Brunch with Synack and CyberWire at Black Hat (Las Vegas, Nevada, United States, August 7, 2019) Connect and Collaborate with Fellow CISO Security Leaders at Black Hat. As always, you can expect an intimate environment with delicious food, refreshing drinks, and great company. Join us Wednesday, August 7, 10:00 AM at Delano Las Vegas, Suite TBD.

Wicked6 Cyber Games (Las Vegas, Nevada, United States, August 8, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.

Cyber Attacks, Threats, and Vulnerabilities

Fraud Experts Raise Concerns That Cap One Hacker Targeted Other Firms (PYMNTS.com) Krebs On Security is reporting that the alleged Capital One hacker may have also targeted and stolen data from other corporations. The website named Paige Thompson, nicknamed Erratic, as the alleged hacker and detailed how she would go on messaging service Slack in a group with other supposed hackers. Krebs on Security joined the group […]

Vodafone, Ford said to be also affected by Capital One hack (TechCrunch) The data breach at Capital One may be the “tip of the iceberg” and may affect other major companies, according to security researchers. Israeli security firm CyberInt said Vodafone, Ford, Michigan State University and the Ohio Department of Transportation may have also fallen victim to …

Amazon: No evidence companies named in leaked Capital One files were breached (Computing) Ford and UniCredit among the companies named in files leaked by Capital One hacker Paige Thompson

FBI Examining Possible Data Breaches Related to Capital One (Wall Street Journal) The Federal Bureau of Investigation is examining whether the hacker charged with stealing data on millions of Capital One customers from an Amazon cloud service successfully hit other targets.

Capital One Breach Does Not Mean the Cloud is Insecure (Decipher) Financial services organizations and many other enterprises have hesitated to go all in the cloud, citing concerns about depending on a third-party to protect the data, and the Capital One breach may encapsulate their fears. But the fact is, the cloud provides security benefits, so long as proper controls are put in place.

Capital One data breach: What's the cost of data hacks for customers and businesses? (USA TODAY) The Capital One 2019 data breach is the latest example of how vulnerable consumer and business data is.

Unsecured Database Exposes Security Risks in Honda's Network (BleepingComputer) A publicly accessible ElasticSearch database exposed a huge trove of information on the global internal network of automotive giant Honda, showcasing potential security vulnerabilities and including detailed information about the CEO's computer.

Logins Stolen From Admin-Backdoored Club Penguin Rewritten Site (BleepingComputer) A disgruntled administrator left in a kids' gaming website a backdoor that enabled hackers to steal login data for a little over 4 million accounts.

iMessage bug could have allowed attackers to read data from any iPhone (Naked Security) Google’s Project Zero has unveiled details of a bug in Apple’s iMessage that lets attackers read data from an iPhone without any user interaction.

Where Bots Go On Summer Vacation (PerimeterX Bot Defender) Bots are impacting our everyday lives, now competing with us on our vacation searches. Online travel sites need to take into account bot traffic to provide accurate pricing and stay competitive. As bots continue to mimic human behavior, bot mitigation should top of mind for travel websites.

Enterprise software transmits terabytes of data to vendors without customers' knowledge (Computing) In one case, a software package sent data to an IP address flagged for hosting malicious programmes

Enterprise Software May Transmit Data Without Your Knowledge (BleepingComputer) A cyber analytics firm has discovered several instances of enterprise software that collected and sent information home without prior authorization, a behavior which could lead to exposure of sensitive enterprise data.

Researchers Replace IP Camera Feed With Fake Footage (SecurityWeek) Security researchers have demonstrated an attack on an IP camera that results in fake replay footage being displayed to security operators.

SanDisk SSD Dashboard Vulnerabilities: CVE-2019-13466 & CVE-2019-13467 (Trustwave) While recently upgrading my laptop with a new Solid State Drive (SSD), I installed a management utility that is used for SanDisk SSDs. A quick examination revealed a some potentially dangerous vulnerabilities in it. Now that these issues have gone through our responsible disclosure program and have been patched, we can discuss the details.

‘Urgent/11’ flaws affect 200 million devices – from routers to elevators (Naked Security) There are 11 security flaws affecting VxWorks: “the most widely used operating system you may never have heard about”.

Cyberattacks on connected cars could gridlock entire cities (Naked Security) It would require taking over and stranding 20% of a city’s cars to freeze traffic, and only 10% to impede ambulances, physicists calculate.

Report warns of possible mass casualties from automotive cyberattacks (Detroit Free Press) A consumer group warns of dire consequences if the threat of cyberattacks against vehicles is not addressed. An

Bulletproof Proxies Highlight the Evolving Cybercriminal Infrastructure (BusinessWire) Bulletproof Proxies Highlight Evolving Cybercriminal Infrastructure; Cequence Security’s New CQ Prime Threat Research Team Publishes Inaugural Report

Scam Alert: No, WhatsApp isn’t giving you 1,000GB free data (Mobile Indian) A message is making the rounds on WhatsApp claiming to offer 1,000GB of data for free as part of WhatsApp’s tenth anniversary.

Georgia hit with malware yet again (Naked Security) The Department of Public Safety says it won’t pay, but given the umpteen times the state’s agencies have been hit, somebody’s not listening.

School tax bill mailings delayed again; aftermath of cyber attack (Citizens Voice) School property tax bills for Luzerne County school districts will not be mailed this week, as planned, but should be issued by Aug. 19, county officials announced Tuesday. The delay stems from ongoing problems with the county’s assessment database, which

Security Patches, Mitigations, and Software Updates

Google Pay to now send SMS alerts for secure transactions (LiveMint) Google Pay comes equipped with several of Google's security infrastructure including scam protections.Google Pay will send alerts to highlight that approving the request will deduct money from their bank accounts

Cyber Trends

Deloitte Cyber and Dragos Share Top Cyber Risks for IoT Devices (Deloitte United States) Deloitte Cyber and Dragos team to share the top cyber risks organizations face with IoT environments. Poll results reveal standards on cybersecurity and security-by-design approach are needed across industries.

Phishing and Credential Stuffing Attacks Remain Top Threat to Financial Services Organizations and Customers (Akamai) Latest State of The Internet / Security Report Observes 3.5 Billion Malicious Login Attempts Targeting the Financial Services Sector

Dragos Oil and Gas Threat Perspective Summary (Dragos) The oil and gas industry is a valuable target for adversaries seeking to exploit industrial control systems (ICS) environments. As the number of attacks against

Study Confirms Less Than 20% Always Read Terms of Service (Home of internet privacy) A new study by ExpressVPN reveals that more than 80% of consumers don’t always read the ToS when creating new accounts on websites.

The Evolution of Security in 5G (5G Americas) A "Slice" of Mobile Threats

Netwrix Survey: Lack of Budgets for Cloud Security Initiatives Slows Down Cloud Adoption for Government (PR Newswire) Netwrix, a vendor of information security and governance software, today released findings from the 2019 Netwrix...

Banking malware grows 50% while cryptominers decline – Check Point (Security Brief) The report’s findings are based on data drawn from Check Point’s between January and June 2019, highlighting the key tactics cyber-criminals are using to attack businesses.

Ponemon Institute Reveals Security Teams Spend Approximately 25 Percent of Their Time Chasing False Positives; Response Times Stymied by Legacy Tools (Exabeam) Research indicates an urgent need for newer SIEM technologies that increase SOC analyst productivity and improve security effectiveness[...]

We must do more to sift fact from fiction (Times) What’s true and what isn’t — and how much harm untruth can do in the public realm — is one of the great problems of our time. Last year the government identified the propagation of fake or...

Marketplace

Intel says it's been selling products to Huawei and has applied for licenses to sell more (CNBC) Intel CEO Bob Swan told CNBC that the company has applied for a license to sell "general purpose compute" products to Huawei. The Chinese firm is on a blacklist that requires American companies to get special permission to sell to Huawei.

Huawei and its U.S. Suppliers Increase Spending on Lobbyists in Face of Trade Deadline (MapLight) An executive order banning U.S. companies from dealing with Chinese telecom giant Huawei Technologies spurred the company and its U.S. suppliers to boost their lobbying expenditures by more than 20 percent during the first half of the year.

Cybersecurity training is up, but a hiring gap remains (HR Dive) Cybersecurity jobs pay 16% more on average than other IT jobs, but take 20% longer to fill, according to Burning Glass Technologies.

Prevailion Secures $10M Series A Investment Led By AllegisCyber (Dark Reading) Previous Investor DataTribe Participates in Funding; Prevailion's Time To Action Technology Provides Breakthrough In Cyber Defense

ForgeRock Expands Leadership Team with Key Appointments (West) Adds Russ Kirby as New Chief Information Security Officer and James Ross as ANZ Managing Director

IronNet Cybersecurity Appoints Scott Alridge as General Counsel (PR Newswire) IronNet Cybersecurity announced today that it has appointed Scott Alridge as Chief Legal Officer (CLO) reporting to...

Products, Services, and Solutions

ImageWare® Systems Launches New Intelligent Anti-Spoofing System for Strengthened Identity Proofing and User Authentication (West) Biointellic™ secures user access to corporate resources while mitigating data breaches

Digital Defense, Inc. Introduces Frontline Insight™ Featuring On-Demand Peer Analysis of Security Risk Metrics (Yahoo) Digital Defense clients can now pull information to not only help further reduce security risk, but also help determine how best to evolve information security programs to perform in an optimal fashion ...

ThreatQuotient Expands Global Footprint Through New Partnerships (BusinessWire) New partnerships with global distributors Ectacom, Nihon Cornet and StarLink complement ThreatQuotient's growing international presence.

Elastic Stack 7.3.0 Released (BusinessWire) Elastic N.V. (NYSE: ESTC) (“Elastic”), the company behind Elasticsearch and the Elastic Stack, is thrilled to announce that version 7.3 of the Elastic

ReversingLabs Titanium Platform Finds Destructive Objects Existing Security Investments Miss (Yahoo) ReversingLabs, a leading provider of enterprise-scale file analysis, threat hunting, and malware intelligence solutions, today unveiled its.

Datarisk Canada Launches First Website Firewall with Automatic Malware Removal and Privacy Compliance (Yahoo) Recent data breaches at Desjardins, Equifax and now Capital One have reached an unprecedented total of almost 9 million individual records in Canada,.

NSS Labs Initiates Group Test Coverage of the Cloud Workload Protection (CWP) Market (NSS Labs, Inc.) NSS Labs, Inc., a global leader and trusted source for independent, third-party cybersecurity product testing, today announced that it is developing a Cloud Workload Protection Group Test (CWP)

Capsule8 Announces Industry’s First Cloud Investigations • Capsule8 (Capsule8) Capsule8 Protect now solves production security’s data warehousing problem BROOKLYN, New York – August 1, 2019 – Capsule8 today announced Investigations, new functionality that adds full endpoint detection and response … Read of "Capsule8 Announces Industry’s First Cloud Investigations"

Bandura Cyber Increases Performance and Capacity in Next-Generation Threat Intelligence Gateway (BusinessWire) Bandura Cyber today announced the next generation of its market leading Bandura Cyber Threat Intelligence Gateway (TIG).

Technologies, Techniques, and Standards

Data breaches like Capital One show the need for 'zero trust,' says CEO of cloud firm Akamai (CNBC) Akamai Technologies CEO Tom Leighton says there's more need than ever for what he calls "zero trust" solutions for enterprise cloud security.

How to Combat the ‘Accidental Insider’ in Your Organization (Media & Entertainment Services Alliance) Contending with outside security threats to your organization is challenging, but dealing with the “accidental insider” — an attacker not necessarily moti

Cognitions of a Cybercriminal (Carbon Black) Introducing the Cognitive Attack Loop and the 3 Phases of Cybercriminal Behavior.

Cyber Kill Chain Reimagined: Industry Veteran Proposes "Cognitive Attack Loop" (SecurityWeek) Tom Kellermann agues that defenders need to recognize the new reality and to start thinking about a modern persistent cognitive attack loop rather than a linear attack chain.

Hunting Threats on Twitter: How Social Media can be Used to Gather Actionable Threat Intelligence (Trend Micro) Social media is a content-rich platform many enterprises use, but how can InfoSec professionals and security teams use it to gather threat intelligence that they can use to protect their organizations?

Essential Guide to Business Email Compromise (Area 1 Security) BEC phish don’t attack an actual email account, but merely spoofs an identity. This is enough to get past email authentication defenses such as DMARC

Assessing the efficiency of phishing filters employed by email service providers (Help Net Security) Technology companies could be doing much more to improve phishing detection and protect individuals and organizations form phishing scams.

Surge teams help integrate NASA mission cyber priorities with CDM | Federal News Network (Federal News Network) NASA’s Willie Crenshaw said teams of employees are educating mission areas about the cyber initiative and learning about new priorities.

Lessons from Special Operations Command: Cyber training for the multidomain force (C4ISRNET) Cyber Command needs to support efforts to encourage interoperability between their cyber mission forces and conventional war fighters through its training processes.

12 Global Data Protection Trends Keeping CEOs More Secure (Protegrity) As cybersecurity breaches increase in frequency and severity year on year, CEO’s could soon serve prison terms if an employee from his or her

Research and Development

How MIT's Fiat Cryptography might make the web more secure (CSO Online) By automating the writing of cryptographic algorithms, Fiat Cryptography can remove errors, produce more secure code, and boost performance.

Cryptographic ICE Cube tests orbital cybersecurity protocols aboard the ISS (TechCrunch) Encryption in space can be tricky. Even if you do everything right, a cosmic ray might come along and flip a bit, sabotaging the whole secure protocol. If you can't radiation-harden the computer, what can you do? European Space Agency researchers are testing two solutions right now in an experiment…

US Defense Department to Employ Blockchain for Communications and Monitoring (AllStocks Network) The research arm of the United States Department of Defense (DoD) revealed on Monday that it is currently exploring blockchain technology for some security

‘Emotion detection’ AI is a $20 billion industry. New research says it can’t do what it claims. (Washington Post) Artificial intelligence advanced by such companies as IBM and Microsoft is still no match for humans.

Academia

Cyber Security Services and Academy (Evolve Security) Evolve Security is a dedicated cyber security services firm that focuses on delivering real and measurable improvements to corporate security posture. Evolve Security provides Application Security, Penetration Testing, and a Security Training Academy that is world ranked.

Quick Take: UNLV Earns Federal Designation for Cyber Defense Education (University of Nevada, Las Vegas) Engineering professor Juyeon Jo on what it means, and how it’s helping UNLV researchers and educators stay a step ahead in booming field.

Iowa State’s information assurance program ranked in top five (Iowa State University College of Engineering) Iowa State University’s information assurance program, led by University Professor Doug Jacobson and hosted by the Department of Electrical and Computer Engineering (ECpE), has been ranked as one of the nation’s top Master’s in Information Assurance and Security degree programs on TheBestSchools.org for 2019.

Legislation, Policy, and Regulation

From the iPhone to Huawei: The new geopolitics of technology (Brookings) Instead of a “clash of civilizations,” we could be in for a “clash of automations.”

Cold War in Cyberspace (Transitions Online) Western military hackers have penetrated Russian targets, from tech giants to the nationwide power grid, reports say.

4 tasks facing the next director of intelligence (C4ISRNET) The Intelligence Authorization Act lays out several priorities Congress has for whomever replaces Dan Coats as director of national intelligence.

How the Army will approach cyber 10 years from now (Fifth Domain) The Army Cyber Institute looks at what may be major cyber issues in the future.

Here’s how AG Barr is going to get encryption 'backdoors' (Engadget) AG Barr: Tech companies must make encryption backdoors

What it means to live in a surveillance society (The Daily Star) If you said pre-2013...that the most private moments of your lives were being watched and recorded...people would call you a conspiracy theorist.” – Edward Snowden

Rand Paul says Trump intel pick has 'worrisome' record on surveillance (TheHill) Sen. Rand Paul (R-Ky.) on Wednesday expressed misgivings about President Trump’s nominee to serve as director of national intelligence, Rep. John Ratcliffe (R-Texas), calling his record on surveillance “very worrisome.”

Navy nominee vows his ‘full attention’ to cybersecurity (Fifth Domain) Vice Adm. Michael Gilday told senators he wants to improve partnerships with small companies, among other priorities.

Can agency cyber evaluations be improved? (Federal Times) Some agency CIOs think the FITARA scorecard isn't grading their cybersecurity posture fairly.

Litigation, Investigation, and Law Enforcement

The US military spent $33 million on tech known to be vulnerable to Chinese cyberespionage (Quartz) The list includes computers banned for use by State Department employees since 2006.

Cisco to pay $8.6 million fine for selling government hackable surveillance technology (Washington Post) The company allegedly did not fix the security weakness despite four years of warnings.

Cisco whistleblower gets first False Claims payout over cybersecurity (Reuters) Cisco Systems Inc has agreed to settle a whistleblower’s claim that it improperl...

Second Circuit Affirms Dismissal of Suit Against Facebook Over Hamas Attacks (New York Law Journal) The litigation was brought by a series of people who were either victims of attacks by Hamas and its supporters in Israel, or represented the estate of someone killed in an attack.

Perspective | The stubborn, misguided myth that Internet platforms must be ‘neutral’ (Washington Post) Critics claim that the law requires sites like Facebook and Twitter to be politically neutral. That’s not what the law says — if it did, no one would like the results.

Everything Cops Say About Amazon's Ring Is Scripted or Approved by Ring (Gizmodo) Amazon’s home security company Ring has garnered enormous control over the ways in which its law enforcement partners are allowed to portray its products, going as far as to review and even author statements attributed to police in the press, according to emails and documents obtained by Gizmodo.

Trump orders Navy to rescind awards given to prosecutors who lost case against Eddie Gallagher (Task & Purpose) President Donald Trump is ordering the Secretary of the Navy and Chief of Naval Operations to rescind awards given to prosecutors who were "ridiculously" awarded Navy Achievement Medals after losing the case against former SEAL Chief Eddie Gallagher

Equifax breach settlement: You're not getting that $125. Here's why. (USA TODAY) Equifax told consumers it can't pay the full $125 to those who filed a claim instead of taking the free credit monitoring.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Community College Cyber Summit (3CS) (Bossier City, Louisiana, USA, July 30 - August 1, 2019) The 2019 Community College Cyber Summit (3CS) at Bossier Parish Community College in Louisiana marks the sixth annual edition of 3CS. 3CS is the only national academic conference focused on cybersecurity...

New York City Cybersecurity Conference (New York, New York, USA, August 1, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

IT & Cyber Day at Aberdeen Proving Ground (Aberdeen, Maryland, USA, August 1, 2019) Aberdeen Proving Grounds (APG) provides technology life cycle management for the US Army and the various commands involved in the fielding and closeout of their technologies. The Cyber and IT Day expo...

Sacramento Cybersecurity Conference (Sacramento, California, USA, August 8, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Wicked6 Cyber Games (Las Vegas, Nevada, USA, August 8, 2019) On August 8, 2019, six elite collegiate cyber teams go head-to-head in the thrilling environment of a Las Vegas esports arena. They’ll battle it out as they search for and defeat the foe, all while an...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.