Beginner’s Guide: Open Source Network Security Tools
With so many open source tools out there, it's hard to know where to start. Get your copy of “Beginner’s Guide: Open Source Network Security Tools” today to learn how you can use open source tools for: network discovery, network IDS, vulnerability scanning & penetration testing.
August 1, 2019.
By the CyberWire staff
Investigation into the possibility that the alleged Capital One hacker hit other enterprises continues. According to Computing, however, Amazon says it's found no evidence that the organizations mentioned by Paige Thompson, nom-de-hack "erratic," were actually compromised. The FBI is sorting it out, the Wall Street Journal reports. Not all the possible victims are in the US.
Discussing the Capital One breach, Duo Security says that people should not draw the conclusion that the cloud is somehow inherently less secure. Regular, reliable patching and updating alone represent an advantage, as does the broad view of threat activity cloud providers offer. But moving to the cloud does involve change, and that inevitably involves rethinking security. Old processes and protocols can't simply be assumed adequate to their new environment.
In an unrelated compromise, an unsecured Honda Motors database has been found by Cloudflare researchers, BleepingComputer reports.
The Straits Times discusses what appears to be a major breach at beauty retailer Sephora. Group-IB has found two databases circulating in dark web markets. Combined, the two databases hold about 3.7 million records. These don't contain either payment information or plaintext passwords, but Group-IB says the compromised data could be exploited for social engineering.
Carbon Black announces what they call "the cognitive attack loop." At each step of an attack, they argue, cyber criminals exhibit characteristic cognitive behavior. Understanding that gives the defender an edge.
Akamai's latest State of the Internet report concludes that phishing remains the biggest threat to financial services firms and their customers.
When people talk about threat intelligence, it's a mistake to think of it just as a series of feeds.
"Feeds tend to lack a lot of the context that would be considered true threat intelligence. For example, if I just give you a feed of bad file hashes or bad domains, that doesn't give you or the consumer any context as to why it's bad. Should I be concerned with maybe the confidence or severity of that? Threat intelligence is really that context and knowledge that sits on top of it all. A comparison would be feeds up against a finished intelligence report with all the context, including that it was coming from this actor. It's relevant to these organizations, and maybe even, this is how you would respond to it. So feeds are kind of what was like an early concept of threat intelligence and still today is almost an immature view at threat intelligence. Nowadays, we want to look at finished intelligence in some fashion, with all of that context on top of it."
—Tom Hegel, security researcher with AT&T Alien Labs, on the CyberWire Daily Podcast, 7.29.19.
There's an old military distinction between intelligence (contextualized, analyzed, etc.) and combat information (raw reports, sensor data, etc.). Intelligence can be wrong, but information can just be noise.
What if your security strategy added zeros to your bottom line?
Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.
ON THE PODCAST
In today's podcast, out later this afternoon, we speak with our partners at Terbium Labs, as Emily Wilson shares more details from their recent fraud and international crime report. Our guest is Giovanni Vigna from Lastline, with thoughts on the upcoming Black Hat conference.
XM Cyber is coming to Black Hat(Las Vegas, Nevada, United States, August 3 - 8, 2019) Visit XM Cyber at our booth 875, to experience the first fully automated APT simulation platform to Simulate, validate and remediate hackers’ path to organizational critical assets.
Codenomicon August 6 Skyfall Lounge Las Vegas(Las Vegas, Nevada, United States, August 6, 2019) Black Hat is just around the corner! Join Synopsys at our exclusive cyber security professional event—codenomi-con. We’ll kick off a night of entertainment, networking, and leadership Aug. 6 at 6 p.m. Register today!
Courageous Women CISO Brunch with Synack and CyberWire at Black Hat(Las Vegas, Nevada, United States, August 7, 2019) Connect and Collaborate with Fellow CISO Security Leaders at Black Hat. As always, you can expect an intimate environment with delicious food, refreshing drinks, and great company. Join us Wednesday, August 7, 10:00 AM at Delano Las Vegas, Suite TBD.
Wicked6 Cyber Games(Las Vegas, Nevada, United States, August 8, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.
Cyber Attacks, Threats, and Vulnerabilities
Fraud Experts Raise Concerns That Cap One Hacker Targeted Other Firms(PYMNTS.com) Krebs On Security is reporting that the alleged Capital One hacker may have also targeted and stolen data from other corporations. The website named Paige Thompson, nicknamed Erratic, as the alleged hacker and detailed how she would go on messaging service Slack in a group with other supposed hackers. Krebs on Security joined the group […]
Vodafone, Ford said to be also affected by Capital One hack(TechCrunch) The data breach at Capital One may be the “tip of the iceberg” and may affect other major companies, according to security researchers. Israeli security firm CyberInt said Vodafone, Ford, Michigan State University and the Ohio Department of Transportation may have also fallen victim to …
Capital One Breach Does Not Mean the Cloud is Insecure(Decipher) Financial services organizations and many other enterprises have hesitated to go all in the cloud, citing concerns about depending on a third-party to protect the data, and the Capital One breach may encapsulate their fears. But the fact is, the cloud provides security benefits, so long as proper controls are put in place.
Unsecured Database Exposes Security Risks in Honda's Network(BleepingComputer) A publicly accessible ElasticSearch database exposed a huge trove of information on the global internal network of automotive giant Honda, showcasing potential security vulnerabilities and including detailed information about the CEO's computer.
Where Bots Go On Summer Vacation(PerimeterX Bot Defender) Bots are impacting our everyday lives, now competing with us on our vacation searches. Online travel sites need to take into account bot traffic to provide accurate pricing and stay competitive. As bots continue to mimic human behavior, bot mitigation should top of mind for travel websites.
SanDisk SSD Dashboard Vulnerabilities: CVE-2019-13466 & CVE-2019-13467(Trustwave) While recently upgrading my laptop with a new Solid State Drive (SSD), I installed a management utility that is used for SanDisk SSDs. A quick examination revealed a some potentially dangerous vulnerabilities in it. Now that these issues have gone through our responsible disclosure program and have been patched, we can discuss the details.
Georgia hit with malware yet again(Naked Security) The Department of Public Safety says it won’t pay, but given the umpteen times the state’s agencies have been hit, somebody’s not listening.
School tax bill mailings delayed again; aftermath of cyber attack(Citizens Voice) School property tax bills for Luzerne County school districts will not be mailed this week, as planned, but should be issued by Aug. 19, county officials announced Tuesday. The delay stems from ongoing problems with the county’s assessment database, which
Security Patches, Mitigations, and Software Updates
We must do more to sift fact from fiction(Times) What’s true and what isn’t — and how much harm untruth can do in the public realm — is one of the great problems of our time. Last year the government identified the propagation of fake or...
Capsule8 Announces Industry’s First Cloud Investigations • Capsule8(Capsule8) Capsule8 Protect now solves production security’s data warehousing problem BROOKLYN, New York – August 1, 2019 – Capsule8 today announced Investigations, new functionality that adds full endpoint detection and response … Read of "Capsule8 Announces Industry’s First Cloud Investigations"
Cryptographic ICE Cube tests orbital cybersecurity protocols aboard the ISS(TechCrunch) Encryption in space can be tricky. Even if you do everything right, a cosmic ray might come along and flip a bit, sabotaging the whole secure protocol. If you can't radiation-harden the computer, what can you do? European Space Agency researchers are testing two solutions right now in an experiment…
Cyber Security Services and Academy(Evolve Security) Evolve Security is a dedicated cyber security services firm that focuses on delivering real and measurable improvements to corporate security posture. Evolve Security provides Application Security, Penetration Testing, and a Security Training Academy that is world ranked.
Iowa State’s information assurance program ranked in top five(Iowa State University College of Engineering) Iowa State University’s information assurance program, led by University Professor Doug Jacobson and hosted by the Department of Electrical and Computer Engineering (ECpE), has been ranked as one of the nation’s top Master’s in Information Assurance and Security degree programs on TheBestSchools.org for 2019.
Everything Cops Say About Amazon's Ring Is Scripted or Approved by Ring(Gizmodo) Amazon’s home security company Ring has garnered enormous control over the ways in which its law enforcement partners are allowed to portray its products, going as far as to review and even author statements attributed to police in the press, according to emails and documents obtained by Gizmodo.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Community College Cyber Summit (3CS)(Bossier City, Louisiana, USA, July 30 - August 1, 2019) The 2019 Community College Cyber Summit (3CS) at Bossier Parish Community College in Louisiana marks the sixth annual edition of 3CS. 3CS is the only national academic conference focused on cybersecurity...
New York City Cybersecurity Conference(New York, New York, USA, August 1, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
IT & Cyber Day at Aberdeen Proving Ground(Aberdeen, Maryland, USA, August 1, 2019) Aberdeen Proving Grounds (APG) provides technology life cycle management for the US Army and the various commands involved in the fielding and closeout of their technologies. The Cyber and IT Day expo...
Sacramento Cybersecurity Conference(Sacramento, California, USA, August 8, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Wicked6 Cyber Games(Las Vegas, Nevada, USA, August 8, 2019) On August 8, 2019, six elite collegiate cyber teams go head-to-head in the thrilling environment of a Las Vegas esports arena. They’ll battle it out as they search for and defeat the foe, all while an...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.