skip navigation

More signal. Less noise.

Beginner’s Guide: Open Source Network Security Tools

With so many open source tools out there, it's hard to know where to start. Get your copy of “Beginner’s Guide: Open Source Network Security Tools” today to learn how you can use open source tools for: network discovery, network IDS, vulnerability scanning & penetration testing.

Daily briefing.

Comparitech reports that a bookseller and publisher in Mexico, Librería Porrúa, left a MongoDB instance publicly accessible. The bookseller was warned by researchers on July 15th that its database was accessible, but apparently did not take action to secure it in time. Criminals claim to have copied the data, then wiped them. They've demanded 500 Bitcoin, almost $6 million, to restore the data. The affected database contained 2.1 million customer records, according to Information Security

Another destructive attack, GermanWiper, is destroying files in victim systems and then demanding ransom for their restoration, Computing reports. In this case, however, restoration seems impossible. BleepingComputer describes the attack: the infection vector is a phishing email, and the phishbait is a polite inquiry about a job opening from "Lena Kretschmer." Once a system is infected, the ransom note says the data are encrypted, but in fact they're gone, overwritten.

Both Apple and Amazon have changed how their digital assistants handle users' commands and ambient conversations. Apple told TechCruch it was suspending "grading" Siri's responses by having contractors review them. Users will in the near future be given the choice of opting into or out of such grading. Bloomberg reports that Amazon has also given users the option of declining human review of their interactions with Alexa.

Investigators are working through the digital exhaust of the El Paso and Dayton shooters, and are finding the sadly familiar disinhibition and self-absorbed nihilism so often seen among those who've made the ascent into a life lived online.

Notes.

Today's issue includes events affecting Canada, China, Germany, India, Iran, Kenya, Oman, Russia, United Kingdom, United States.

Bring your own context.

Black Hat is being held this week in Las Vegas. Why go? What would you learn there that you can't get online?

"It gives you an unfiltered input on what are important aspects of the security problems. For example, while a top executive might be more concerned about how a certain solution allows him or her to report upwards about what a solution has done, somebody in the trenches might be more interested in how they can shorten the time to remediation. So for example - and I'm talking generically, you know - somebody sees a problem, a security problem, how fast they can handle the problem and find a solution to it. Those conversation oftentimes have driven our design or my understanding of how people, you know, use a specific solution."

—Giovanni Vigna, Lastline CTO and professor of computer science at the University of California Santa Barbara, on the CyberWire Daily Podcast, 8.1.19.

Sometimes there's no substitute for showing up.

What if your security strategy added zeros to your bottom line?

Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.

In today's podcast, out later this afternoon, we speak with our partners at the Johns Hopkins University's Information Security Institute, as Joe Carrigan discusses the recently disclosed vulnerabilities in the VXWorks operating system. Our guest, Eli Sugarman from the Hewlett Foundation, describes the Foundation's efforts to reimagine cybersecurity visuals.

Codenomicon August 6 Skyfall Lounge Las Vegas (Las Vegas, Nevada, United States, August 6, 2019) Black Hat is just around the corner! Join Synopsys at our exclusive cyber security professional event—codenomi-con. We’ll kick off a night of entertainment, networking, and leadership Aug. 6 at 6 p.m. Register today!

Courageous Women CISO Brunch with Synack and CyberWire at Black Hat (Las Vegas, Nevada, United States, August 7, 2019) Connect and Collaborate with Fellow CISO Security Leaders at Black Hat. As always, you can expect an intimate environment with delicious food, refreshing drinks, and great company. Join us Wednesday, August 7, 10:00 AM at Delano Las Vegas, Suite TBD.

Wicked6 Cyber Games (Las Vegas, Nevada, United States, August 8, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.

CyberTexas Job Fair, August 20, San Antonio. Visit ClearedJobs.Net or CyberSecJobs.com for details. (San Antonio, Texas, United States, August 20, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the free CyberTexas Job Fair, August 20 in San Antonio. Meet face-to-face with leading cyber employers. Visit our site for more details.

Cyber Attacks, Threats, and Vulnerabilities

Cyberattacks against industrial targets have doubled over the last 6 months (ZDNet) 12,000 workstations on average will be damaged in cases of destructive malware.

From State-Sponsored Attackers to Common Cybercriminals: Destructive Attacks on the Rise (Security Intelligence) Destructive attacks have been on the rise, posing a growing threat to a wide variety of businesses who may not consider themselves an obvious target of cybercriminals.

Chinese state-backed hackers APT10 behind cyber attack on US utilities? (International Business Times, Singapore Edition) Proofpoint researchers broke the news and explained how the Chinese state-backed hacking groups targetted US utilities.

What You Need to Know About LookBack Malware & How to Detect It (Nozomi Networks) A new spearphishing campaign targetting U.S. utility companies used a malware called “LookBack.” Learn more about LookBack malware and how you can detect it

Over Two Million Online Records Held to Ransom (Infosecurity Magazine) Mexican bookstore suffers compromise after leaving MongoDB database exposed

Capital One Data Breach: Cyberint's Take (Cyberint) Facts: On July 29th, 2019 Capital One Financial Corporation, a US-based bank holding company specializing in banking, credit cards, loans and savings, today released a statement regarding the detection of a breach resulting in unauthorized access to personal data pertaining to over 100 million Canadian and US credit card applicants and customers.

StockX was hacked, exposing millions of user records (TechCrunch) It wasn’t “system updates” as it claimed. StockX was mopping up after a data breach, TechCrunch can confirm. The fashion and sneaker trading platform pushed out a password reset email to its users on Thursday citing “system updates,” but left users confused and scrambl…

StockX Password Reset Emails Are Legit, Suspicious Activity Detected (BleepingComputer) The StockX sneaker and streetwear resale site has started sending out emails to all of their users stating that they need to reset their passwords due to a system update. While these emails are legitimate, as they do not provide much details, users have been concerned that they are phishing attempts or their accounts are being hacked

New version of MegaCortex targets business disruption (Accenture) iDefense engineers have identified and analyzed a recently updated version of the dangerous ransomware MegaCortex, which is known to have previously caused costly incidents across various industries in Europe and North America.

Misconfigured JIRA Servers Leak Info on Users and Projects (BleepingComputer) Misconfigured Jira servers from big names in the tech industry exposed information about internal projects and users that could be accessed by anyone with a good command of advanced search operators.

New Dragonblood vulnerabilities found in WiFi WPA3 standard (ZDNet) Two new Dragonblood bugs allow attackers to recover passwords from WPA3 WiFi networks

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords (Security Affairs) Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. passwords. A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen)devised new methods to hack WPA3 protected WiFi passwords by exploiting two new vulnerabilities dubbed Dragonblood flaws. We first met this team of experts […]

Warning over GermanWiper ransomware that erases victim's data but still asks for ransom (Computing) Victims have been advised not to pay ransom that that won't help them recover their files

GermanWiper Ransomware Erases Data, Still Asks for Ransom (BleepingComputer) Multiple companies were off to a rough start last week when a phishing campaign pushing a data-wiping malware targeted them and asked for a ransom. Researchers call it GermanWiper.

Apple Suspends Siri Program After Privacy Backlash (Threatpost) Apple's Siri follows Amazon Alexa and Google Home in facing backlash for its data retention policies.

Amazon schickt Alexa-Gespräche an Heimarbeiter in Polen (Welt) Millionen von Alexa-Sprachbefehlen werden von Zeitarbeitern in Polen ausgewertet – und das auch in Heimarbeit. Nutzerdaten sind dabei praktisch ungeschützt. Amazon zieht jetzt die Notbremse.

Alexa: Amazon lässt Mitschnitte von Zeitarbeitern in Polen auswerten (Die Welt) Millionen von Alexa-Sprachbefehlen werden von Zeitarbeitern in Polen ausgewertet – und das auch in Heimarbeit. Nutzerdaten sind dabei praktisch ungeschützt. Amazon zieht jetzt die Notbremse.

Amazon Alexa voice recordings sent into Polish homes (Deutsche Welle) Private voice commands told to Amazon's virtual assistants are being transcribed by agency workers, a newspaper reports. Numerous cases have emerged of smart speakers spying on users breaking the law or having sex.

Amazon quietly adds ‘no human review’ option to Alexa settings as voice AIs face privacy scrutiny (TechCrunch) Amazon has tweaked the settings for its Alexa voice AI to allow users to opt out of their voice recordings being manually reviewed by the company’s human workers. The policy shift took effect Friday, according to Bloomberg, which reports that Alexa users will now find an option in the setting…

New Lord exploit kit is spreading 'Eric' ransomware, according to Malwarebytes (Computing) Lord EK part of malvertising chain spread via PopCash ad network, exploiting security flaws in Flash Player

Latest Trickbot Campaign Delivered via Highly Obfuscated JS File (TrendLabs Security Intelligence Blog) We have been tracking Trickbot banking trojan activity and recently discovered a variant of the malware (detected by Trend Micro as TrojanSpy.Win32.TRICKBOT.TIGOCDC) from distributed spam emails that contain a Microsoft Word document with enabled macro. Once the document is clicked, it drops a heavily obfuscated JS file (JavaScript) that downloads Trickbot as its payload. This malware also checks for the number of running processes in the affected machine; if it detects that it’s in an environment with limited processes, the malware will not proceed with its routine as it assumes that it is running in a virtual environment.

Cofense Labs Publishes Database of Over 200 Million Compromised Accounts Targeted by Sextortion Email Campaigns (PR Newswire) Cofense™, the global leader in intelligent phishing defense solutions, today published a database of over 200...

Beware of Emails Asking You to "Confirm Your Unsubscribe" Request (BleepingComputer) A long-running scam email campaign that pretends to be an unsubscribe confirmation request has seen an uptick recently. These emails should never be clicked on or responded to as they are designed to harvest working email addresses or to perform some other type of scam.

Keeping a Hidden Identity: Mirai C&Cs in Tor Network (TrendLabs Security Intelligence Blog) We found new samples of Mirai targeting IP cameras and DVRs with exposed ports and default credentials. Like its predecessors, it allows attackers remote access and the use of infected devices to form a botnet for DDoS attacks. However, the C&Cs were traced back to the Tor network, keeping the cybercriminals' identities anonymous and protecting the servers from being shut down despite discovery.

A-level students at risk of email fraud, warn cyber security experts (Metro) Many top universities are not following basic best practice

How Over 25 People Got Scammed Into Working At A Nonexistent Game Company (Kotaku) Brooke Holden had all but given up on breaking into the video game business.

When Hardware Comes With Malware (Embedds) Building a device from the motherboard up is a rewarding, albeit frustrating endeavor.

Security Patches, Mitigations, and Software Updates

Siemens Fixes VxWorks Holes (ISSSource) Siemens has updates for multiple vulnerabilities involved in the embedded VxWorks in its SIPROTEC 5 Ethernet plug-in communication modules and devices, according to a report from Siemens ProductCERT.

Cyber Trends

Is the world's growing reliance on a handful of cloud computing giants setting us on a path to disaster? (The Telegraph) It was the day the internet suffered a meltdown.

A dismal industry: The unsustainable burden of cybersecurity (ZDNet) Cybersecurity spending is the fastest-growing segment in IT budgets, but it provides no productivity gains or protection against more advanced exploits.

Extortion Emails on the Rise: A Look at The Different Types (BleepingComputer) Since 2018, a constant stream of extortion email scams have been targeting users with fake threats designed to scare you into sending a payment in bitcoins to avoid an embarrassing leak or threat of legal action.

Report: $1.2M Earned Through Bitcoin ‘Sextortion,’ Bomb Threat Scams (Cointelegraph) Cybercriminals earned $1.2 million in Bitcoin through “sextortion” and bomb threat email scams in the last 12 months, according to a recent report.

Marketplace

Analyzing the Black Hat USA 2019 Business Hall (Swagitda) Prerequisite plug that you should come see my talk with Dr. Nicole Forsgren at Black Hat next week (16:00 in South Pacific)! What type of vendors are showing themselves off in the Business Hall? Are they mostly startups? Exactly like last year, 46% of the vendors in the Business Hall are startups backed by venture capital (VC) firms. Private companies represent only 13% of total vendors this year (vs. 17% last year), and there are far more acquired companies (“M&A” within the chart) this year (8% vs.

A cyber solution to secure our networks and close the workforce gap (TheHill) The nation is at risk for a potential cyber shutdown.

Is your boss spying on you? How office ‘snooptech’ has become a £2.7bn industry (The Telegraph) When Rebecca Saunders was called to one side by her manager to check if she was planning to resign, she knew something was up.

AI startup Behavox targets 'unicorn' status with $100m funding round (The Telegraph) The boss of British artificial intelligence start-up Behavox could soon be worth more than $400m after it emerged his company is targeting "unicorn" status in an upcoming funding round.

Huawei joins ‘Paris Call’ for trust, security in cyberspace (Dhaka Tribune) Huawei believes in better security as the foundation of their existence

Rhipe acquires encryption and cyber security company (Business News Australia) Business News Australia reports on national business news with a special focus on Sydney, Melbourne, Brisbane, Adelaide and the Gold Coast.

Products, Services, and Solutions

whiteCryption Secure Key Box for Transport Layer Security is available for app developers (Help Net Security) whiteCryption announced that whiteCryption Secure Key Box (SKB) for Transport Layer Security (TLS) is available for app developers.

SentinelOne integrates the MITRE framework with its ActiveEDR and Ranger IoT capabilities (Help Net Security) SentinelOne, the endpoint protection company, announced new EDR capabilities that take its integration with the MITRE ATT&CK framework to the next level.

Women in cyber security to gather at new International Spy Museum for annual celebration (PR Newswire) For the 6th consecutive year, the CyberWire will be bringing together women from around the region and across the...

Technologies, Techniques, and Standards

Google Project Zero: 95.8% of all bug reports are fixed before deadline expires (ZDNet) Google Project Zero: Disclosing technical bug reports and PoCs help defenders more than attackers.

This hacker will trick you, and you'll be glad she did (CNET) Watch as IBM X-Force Red’s best social engineer reveals our hidden passwords, cracks our keyfobs and hacks our phones.

Design and Innovation

Quantum cybers land in Vault Cloud thanks to QuintessenceLabs (ZDNet) The offering has been touted as the world's first secure and scalable package for enterprise file synchronisation and sharing systems.

How an Ex-NSA mathematician changed the way Covenant Eyes monitors porn use (Christian Post) The online pornography accountability service Covenant Eyes implemented this year a new software designed mostly by a former National Security Agency data scientist that makes it nearly impossible for users to take advantage of loopholes in order to view pornography undetected. 

Academia

Cybersecurity competition winners to represent Oman at regional conference (Times of Oman) The third edition of cyber stars competition, organised by the Arab Regional Cybersecurity Center and Silensec and sponsored by Ernst & Young, has concluded

Williston State College students win trip to cybersecurity conference (Williston Herald) Two Williston State College students spent the week in Bossier City, Louisiana at the 2019 Community College Cyber Summit.

Legislation, Policy, and Regulation

US Falls Behind EU in Responding to Disinformation Campaigns (The Globe Post) The United States has fallen behind the European Union in efforts to fight Russian disinformation, according to expert organizations studying the topic. 

Battle Of Wits: US-Iran Cyber Escalation – OpEd (Eurasia Review) Through the darkness of the pathways that we march, evil and good live side by side and this is the nature of life. We are in a continuous imbalance and inequivalent confrontation between democraci…

Barr says the US needs encryption backdoors to prevent “going dark.” Um, what? (Ars Technica) "The FBI says they're 'going dark.' Well yeah, because they've been staring at the sun."

Bill seeks to prevent another Cambridge Analytica (CNET) The legislation seeks to prevent the exploitation of voter data for online targeting.

Litigation, Investigation, and Law Enforcement

DCMS Committee Request Further Facebook Details on Cambridge Analytica Investigation (Infosecurity Magazine) DCMS Committee chair Damian Collins asks Facebook's Nick Clegg for more details

American Graduates Of China's Yenching Academy Are Being Questioned By The FBI (NPR.org) In the last two years, at least five graduates have been approached by agents to gather intelligence on the program and to ascertain whether they have been co-opted by Chinese espionage efforts.

GitHub sued for aiding hacking in Capital One breach (ZDNet) Class-action lawsuit filed in California against Capital One... and GitHub???

Github sued for encouraging hacking in Capital One data breach lawsuit (Computing) GitHub does nothing to stop hacked data and exploits from being uploaded, claims lawsuit

Hacker Accused of Capital One Breach Threatened to 'Shoot Up' Social Media Company, Prosecutors Say (Gizmodo) The individual suspected of being behind the massive Capital One data breach that compromised the data of an estimated 106,000 million people, Paige Thompson, has been accused in a court filing of threatening to “shoot up” a California-based social media company and cause harm to herself and others.

The Capital One breach is more complicated than it looks (The Verge) It can be hard to tell legitimate research from criminal enterprise

Equifax May Not Pay You That $125 Because It Screwed Too Many People (Vice) After “overwhelming” public interest, the FTC now urges users to settle for free credit monitoring instead.

FBI's haunting warning about 'lone offenders' paints a grim picture (USA TODAY) Series of deadly shootings highlight a simmering threat within the USA, a risk nearly on par with the international terror threat

The El Paso Shooting and the Gamification of Terror (Bellingcat) On August 3, 2019, at around 11am local time, initial police reports indicated that a gunman had walked into an El Paso Wal-Mart and opened fire. As of the publication of this article, at least eighteen people have died and several others have been injured. One victim was a four-month old infant. As we’ve seen...

Connor Betts: Twitter Posts on Being a Leftist, Guns (Heavy.com) On Twitter, Connor Betts, the Dayton shooter, called himself a leftist and wrote that he was going to hell. Read more about his politics and social media.

Cyber security company dumps 'cesspool of hate' over Texas rant (The New Daily) Online message board 8chan has been dumped by cyber security firm Cloudflare after being used to post a rant by the suspected El Paso shooter.

Terminating Service for 8Chan (The Cloudflare Blog) The mass shootings in El Paso, Texas and Dayton, Ohio are horrific tragedies. In the case of the El Paso shooting, the suspected terrorist gunman appears to have been inspired by the forum website known as 8chan.

8chan Is a Megaphone for Gunmen. ‘Shut the Site Down,’ Says Its Creator. (New York Times) The site is a venue for extremists to test out ideas, share violent literature, and cheer on the perpetrators of mass killings.

The Problem Isn't 8chan. It’s Young American Men (BuzzFeed News) "If 8chan is shutdown here is what will happen: someone else will spin up a new imageboard, say 20chan or whatever. People will flock to that."

The FTC is looking into the Amazon and Apple deal that crushed small resellers (The Verge) Experts say the deal raises serious antitrust concerns.

BEC Scammers Cost US Universities Over $872K (Infosecurity Magazine) Man pleads guilty after being extradited from Kenya

Navy CNO takes over Gallagher court-martial amid controversy (Navy Times) In a stunning move Saturday, Chief of Naval Operations Adm. John Richardson removed all court-martial authority from Navy Region Southwest, the command that had been weighing a sentence for Special Warfare Operator Chief Edward “Eddie” Gallagher.

Canada’s detention of Huawei executive Meng Wanzhou ‘angered Chinese’ (South China Morning Post) Foreign Minister Wang Yi calls for ‘quick and proper’ resolution to get relations back on track, during meeting with Canadian counterpart Chrystia Freeland.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Insider Threat Program Development & Management Training Course + Insider Threat Symposium & Expo (Laurel, Maryland, USA, September 9 - 10, 2019) The Insider Threat Defense Group will hold its highly sought after and very affordable Insider Threat Program (ITP) Development-Management Training Course, in Laurel, MD, on Sept. 9, 2019. This 1 day training...

SINET: Global Cybersecurity Innovation Summit (London, England, UK, January 30, 2020) Advancing global collaboration and innovation, SINET convenes a summit of international cybersecurity leaders at the British Museum. The conference will bring together innovators, investors, researchers,...

Upcoming Events

Sacramento Cybersecurity Conference (Sacramento, California, USA, August 8, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Wicked6 Cyber Games (Las Vegas, Nevada, USA, August 8, 2019) On August 8, 2019, six elite collegiate cyber teams go head-to-head in the thrilling environment of a Las Vegas esports arena. They’ll battle it out as they search for and defeat the foe, all while an...

Hack the Sea (Las Vegas, Nevada, USA, August 8 - 11, 2019) Hack The Sea is a three day mini-conference that will be held in the villages of DEF CON 27. Hack The Sea will provide a variety of hands-on, collaborative learning experiences ranging from mini-workshops...

DEF CON 27 (Las Vegas, Nevada, USA, August 8 - 11, 2019) DEF CON is a hacker convention which takes place immediately following Black Hat in Las Vegas every year.

Cybersecurity Summit, New York (New York, New York, USA, August 13 - 14, 2019) The Cybersecurity Summit, New York, invites information security practitioners to learn about the latest trends in data breaches and frauds, and about mitigation strategies. ISMG’s Global Summit focuses...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.