Beginner’s Guide: Open Source Network Security Tools
With so many open source tools out there, it's hard to know where to start. Get your copy of “Beginner’s Guide: Open Source Network Security Tools” today to learn how you can use open source tools for: network discovery, network IDS, vulnerability scanning & penetration testing.
August 6, 2019.
By the CyberWire staff
Microsoft reports that Strontium (also known as Fancy Bear or APT28, that is, Russia’s GRU military intelligence service) has undertaken a campaign to breach enterprise networks by exploiting poorly secured IoT devices: printers, video decoders, and voice-over-IP phones. Redmond says that in April its researchers discovered “infrastructure of a known adversary communicating to several external devices.” Once in, the attackers would seek to pivot to more interesting targets. At least two of the corporate victims had left manufacturer’s default passwords on their devices. A third had failed to keep their software updated. The campaign’s goal is unknown.
ESET is tracking recent activity by Machete, a cyber espionage threat actor working against Venezuela’s military as well as some targets in Ecuador, Colombia, and El Salvador. Machete was identified by Kaspersky in 2014 and has since been tracked by Cylance. While it’s been mostly active against Spanish-speaking countries, it’s also looked at targets in Canada, China, Germany, South Korea, Sweden, Ukraine, the United Kingdom, and the United States. There’s no clear attribution. ZDNet notes that it’s unknown whether Machete is state-directed or the work of freelancers. It typically gains entry to its targets by phishing.
UpGuard has found more than 6 million email addresses in an unsecured Amazon S3 bucket belonging to the US Democratic Senatorial Campaign Committee. The data were posted in 2010.
According to Accenture, MegaCortex ransomware shows signs of greater automation as its masters trade stealth for volume and speed. ZDNet says the ransom demands have exceeded $5 million.
Today's issue includes events affecting Brazil, China, Colombia, Ecuador, European Union, India, Democratic Peoples Republic of Korea, Peru, Philippines, Russia, United Kingdom, United States, and Venezuela.
Bring your own context.
Software development as assembly line.
"Modern software development teams are really manufacturing software applications in a very similar process to the way that Toyota manufactures cars. If you think about it, you know, decades and decades ago, Toyota invented supply chain automation for how to build cars with physical parts. And the world of software as we now know it is realizing that it's important to automate your software supply chain so that you can manufacturer applications using digital parts called open source libraries."
—Matt Howard, chief marketing officer at Sonatype, on the CyberWire Daily Podcast, 8.2.19.
With the attendant supply chain issues any assembly line has.
What if your security strategy added zeros to your bottom line?
Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.
Codenomicon August 6 Skyfall Lounge Las Vegas(Las Vegas, Nevada, United States, August 6, 2019) Black Hat is just around the corner! Join Synopsys at our exclusive cyber security professional event—codenomi-con. We’ll kick off a night of entertainment, networking, and leadership Aug. 6 at 6 p.m. Register today!
Courageous Women CISO Brunch with Synack and CyberWire at Black Hat(Las Vegas, Nevada, United States, August 7, 2019) Connect and Collaborate with Fellow CISO Security Leaders at Black Hat. As always, you can expect an intimate environment with delicious food, refreshing drinks, and great company. Join us Wednesday, August 7, 10:00 AM at Delano Las Vegas, Suite TBD.
Wicked6 Cyber Games(Las Vegas, Nevada, United States, August 8, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.
Corporate IoT – a path to intrusion(Microsoft Security Response Center) Several sources estimate that by the year 2020 some 50 billion IoT devices will be deployed worldwide. IoT devices are purposefully designed to connect to a network and many are simply connected to the internet with little management or oversight. Such devices still must be identifiable, maintained, and monitored by security teams, especially in large complex enterprises. Some IoT devices may even communicate basic telemetry back to the device manufacturer or have means to receive software updates. In most cases however, the customers’ IT operation center don’t know they exist on the network.
Democratic senate campaign group exposed 6.2 million Americans’ emails(TechCrunch) A political campaign group working to elect Democratic senators left a spreadsheet containing the email addresses of 6.2 million Americans’ on an exposed server. Data breach researchers at security firm UpGuard found the data in late July, and traced the storage bucket back to a former staffe…
Clothing marketplace Poshmark confirms data breach(TechCrunch) Poshmark, an online marketplace for buying and selling clothes, has reported a data breach. The company said in a brief blog post that user profile information, including names and usernames, gender and city data was taken by an “unauthorized third party.” Email addresses, size preferen…
The Risk of Weak Online Banking Passwords(KrebsOnSecurity) If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process.
HEXANE(Dragos) Dragos identified a new activity group targeting industrial control systems (ICS) related entities: HEXANE. Dragos observed this group targeting oil and gas companies in the Middle East, including Kuwait as a primary operating region. Additionally, and unlike other activity groups Dragos tracks, HEXANE also targeted telecommunication providers in the greater Middle East, Central Asia, and Africa, potentially as a stepping stone to network-focused man-in-the-middle and related attacks.
Vulnerability Summary for the Week of July 29, 2019(CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Top Threats to Cloud Computing: Egregious Eleven(Cloud Security Alliance) The report provides organizations with an up-to-date, expert-informed understanding of cloud security concerns in order to make educated risk-management decisions regarding cloud adoption strategies.
Philippines fifth on cyber-attack list(Business World) THE Philippines moved up to fifth place from ninth a year earlier in Kaspersky Lab’s global list of countries with most online threats detected in the second quarter of 2019.
Army to host Cyber Situational Understanding Industry Day(Intelligence Community News) On August 2, the U.S. Army posted an invitation to the upcomingCyber Situational Understanding (SU) Industry Day. The Industry Day will take place on August 12, and feedback is due by 9:00 a.m. Eas…
Cybereason raises $200 million for its enterprise security platform(TechCrunch) Cybereason, which uses machine learning to increase the number of endpoints a single analyst can manage across a network of distributed resources, has raised $200 million in new financing from SoftBank Group and its affiliates. It’s a sign of the belief that SoftBank has in the technology, s…
The Quick and The Dead(Cybereason) In the business of cybersecurity, the name of the game is speed. I'm thrilled to announce Cybereason’s latest round of funding with Softbank, bringing their investment in us since founding to almost 400 million dollars.
FireEye Continues To Sink On Weak Fundamentals(Seeking Alpha) FireEye is a cybersecurity company that is strong in external threat intelligence services. The company wants to sell solutions for primary level of defense but lacks the breadth of offerings that its rivals have. It is experiencing significant customer churn and lower margins during the transition from 3rd-generation appliances to modern solutions.
Huawei’s Phone Sales in China Get Patriotic Boost(Wall Street Journal) Huawei’s domestic smartphone sales have surged because of a buying spree by its outraged Chinese fan base, while the U.S. ban on tech sales to the company has crippled its overseas sales.
Marriott Shares Fall After Hit From Cyber Fine Crimps Earnings(Bloomberg) Marriott International Inc. reported earnings per share of 69 cents, compared with $1.87 in the year-ago quarter, after the company took a one-time charge of $126 million related to the massive cyber-breach in one of its reservation databases. Shares fell.
8chan’s new internet host was kicked off its own host just hours later(TechCrunch) The bottom-feeding forum 8chan, which grew popular by embracing fringe hateful internet cultures, is having trouble staying online. After Cloudflare dropped its protection of the site yesterday, 8chan adopted the services of Bitmitigate, but soon lost that too as the company providing Bitmitigate w…
What Companies Should Know When Shopping for AI(Wall Street Journal) As companies embark on more artificial-intelligence projects, they are finding that striking deals with AI firms requires hammering out details about matters such as data privacy and which party gets the algorithm after a contract ends.
Economics of Ransomware - To Pay Or Not To Pay?(SecurityWeek) In the event of a ransomware incident, paying the ransom is often not prohibitively expensive, especially compared to the damage / costs associated with having the payload of the ransomware detonate.
The Rise of the Global Cyber War Threat(CPO Magazine) Global cyber war no longer seems impossible with state-sponsored cyber attacks mounting around the world and possibility of China, Iran and Russian uniting to go against U.S. in the cyber domain.
Young people should do national cyberservice(Times) Every 50 seconds a British company is subjected to a cyberattack, and the picture is similar across the western world. While none of the 146,491 such attacks on UK businesses during the first...
College student who sought Trump tax returns in cyber 'prank' to plead guilty(The Mighty 790 KFGO) By Jonathan Stempel
(Reuters) - A recent graduate of Pennsylvania's Haverford College who tried to obtain Donald Trump's tax returns through a computer lab there has agreed to plead guilty to cybersecurity violations, federal prosecutors said on Monday.
Justin Hiemstra, 22, of St. Paul Park, Minnesota, is expected to enter his plea on Tuesday in...
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Sacramento Cybersecurity Conference(Sacramento, California, USA, August 8, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Wicked6 Cyber Games(Las Vegas, Nevada, USA, August 8, 2019) On August 8, 2019, six elite collegiate cyber teams go head-to-head in the thrilling environment of a Las Vegas esports arena. They’ll battle it out as they search for and defeat the foe, all while an...
Hack the Sea(Las Vegas, Nevada, USA, August 8 - 11, 2019) Hack The Sea is a three day mini-conference that will be held in the villages of DEF CON 27. Hack The Sea will provide a variety of hands-on, collaborative learning experiences ranging from mini-workshops...
DEF CON 27(Las Vegas, Nevada, USA, August 8 - 11, 2019) DEF CON is a hacker convention which takes place immediately following Black Hat in Las Vegas every year.
Cybersecurity Summit, New York(New York, New York, USA, August 13 - 14, 2019) The Cybersecurity Summit, New York, invites information security practitioners to learn about the latest trends in data breaches and frauds, and about mitigation strategies. ISMG’s Global Summit focuses...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.