Beginner’s Guide: Open Source Network Security Tools
With so many open source tools out there, it's hard to know where to start. Get your copy of “Beginner’s Guide: Open Source Network Security Tools” today to learn how you can use open source tools for: network discovery, network IDS, vulnerability scanning & penetration testing.
August 8, 2019.
Black Hat, BSides, and Def Con
More observations from Black Hat.
The anthropology of security.
In his keynote speech at Black Hat yesterday, Dino Dai Zovi, staff security engineer at Square, argued that software security depends primarily on the culture of an organization. Dai Zovi described working as the first security hire of a trading firm. He said that most of his work at the company was focused on implementing the basics of security and making sure the IT systems were running smoothly.
When he moved to Square, he noticed how different the culture was, particularly because “security engineers had to write code like everyone else.” Dai Zovi said that because of this, there was much more collaboration between the security team and software engineers, with the software coders actually asking security engineers for advice rather than treating security as a nuisance. Being part of the software development gave the security team a much deeper understanding of why the software engineers did what they did, and Dai Zovi says it allowed him to start “showing and not telling.”
Dai Zovi then stated that “software is the universal substrate of value today, and is the key success differentiator for many companies, just by being good at software delivery.” He outlined three lessons that companies should follow in order to improve their software delivery process.
The first is to “work backwards from the job.” He cited Unix as an example, saying it was “the most successful software project in history.” Dai Zovi said that Unix grew incrementally based on the job it was meant to fulfill. He added that Unix had an “implementation before specification.” Security teams and software developers need to understand the job their software is supposed to accomplish and work backwards from there.
The second lesson is to seek and apply leverage. Dai Zovi said that automation in software is a force multiplier, and it can allow defenders to stay ahead of a much broader range of threats.
The third lesson is that culture is more powerful than strategy, and strategy is more powerful than tactics. Dai Zovi argued that security teams need to start saying “yes” to proposed changes in order to adapt to rapidly changing technology. He said that empathy is a central component of this process, which called back to his earlier point about security engineers being involved in and assisting with the software development process. Security engineers need to overcome their fear of change and the unknown if they want to keep up with this process.
We'll have more from Las Vegas in tomorrow's issue.
By the CyberWire staff
According to the Wall Street Journal, Bahrain has sustained incursions into the networks of its National Security Agency (whose mission is criminal investigation), the Ministry of Interior, the first deputy prime minister’s office, the Electricity and Water Authority, and manufacturer Aluminum Bahrain. Bahrain believes the activity was the work of regional rival Iran, and that the activity directed against the Electricity and Water Authority amounted to staging and rehearsal for an attack on critical infrastructure.
The US Maritime Administration has issued a formal warning of Iranian cyber interference with shipping in the region.
WIRED reports that, as Boeing continues to debug the troubled 737 MAX MCAS avionics, code for the company's 787 appears to have been exposed on an unprotected server.
The US Government has issued an interim rule ("Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment") that restricts contractors from purchasing from five Chinese firms: Huawei, ZTE, Hikvision, Hytera, and Dahua. The prohibition addresses concerns that Chinese equipment represent a security risk. As the Wall Street Journal notes, Huawei has a challenge pending to the National Defense Authorization Act that provided authority for the ban. The company argues that the NDAA amounts to an unconstitutional bill of attainder.
Separately, three Republican Senators have asked Google to explain why it had cooperated with Huawei to develop smart speakers for home use.
How can you recognize a phony Equifax settlement come-on? For one thing, as Naked Security observes, the FTC won't charge you to submit a claim.
Today's issue includes events affecting Bahrain, China, European Union, Germany, Iran, Kuwait, Oman, Qatar, Russia, Saudi Arabia, Spain, United Arab Emirates, United Kingdom, United States.
Bring your own context.
Bad turtle! Bad!
"Sea Turtle is one of two separate campaigns that we believe are operated by different actors that we're seeing in the Middle East and North Africa involving 'DNS tomfoolery,' we'll call it: basically, actors hijacking DNS to redirect victims to their site. And the Sea Turtle campaign, primarily, it's been reserved for strategic military targets at this point. When we identified this actor, you know, we worked with CyberWire and several of our partners in the Cyber Threat Alliance to get the word out there so that people could see the difference in the TTPs. Normally, when you do something like that, bad actors - particularly those who are likely related to nation-states - tend to stop their activity, right? They don't want to be openly seen doing bad things. Unfortunately for us, the Sea Turtle actors did not stop. They continued with their mission. They basically changed their TTPs a little bit. They added some additional infrastructure, but overall, they just continued to compromise sites.... If you're a bank robber, and all of a sudden, one of the witnesses misidentifies somebody else as the bank robber, and the police get him. Normal criminals would be like, hey, I'm going to stop this week, and then tomorrow, I'm going to come back in a completely different outfit and continue robbing banks if I want. But, you know, they would probably stop to not get caught. These actors have not stopped. They have changed their operations a little bit. We were able to identify some additional past activity with them, and unfortunately, they seem to be broadening the types of places that they target."
—Craig Williams, head of Talos outreach at Cisco on the CyberWire Daily Podcast, 8.6.19.
Sea Turtle started with military and strategic targets, but its target list has expanded to include other government organizations, energy companies, think tanks, international organizations, and airports.
What if your security strategy added zeros to your bottom line?
Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.
ON THE PODCAST
In today's podcast, out later this afternoon, we speak to two experts who offer insights and observations from this year’s Black Hat conference. Matt Aldridge is from our partners at Webroot, and Bob Huber is CSO at Tenable.
And Hacking Humans is up. In this week's episode, "Positive pretexting on the rise," Joe shares a cautionary Facebook tale from his own life. Dave has the story of an Australian IT company put out of business by scammers. The catch of the day tracks the response writer and comedian Dave Holmes had to scammers pretending to be from the IRS. Rachel Tobac from Social Proof Security returns with voting security information and the latest scams she's been tracking.
Cyber Warrior Women Summer Social: Sip and Paint(Columbia, MD, United States, August 21, 2019) Join the Cybersecurity Association of Maryland, Inc. (CAMI) for the annual Cyber Warrior Women Summer Social, an all-about-fun-and-networking event! We're adding an artistic element to this year's event with a wine glass painting exercise. No previous art experience required.
Rome Lab launches challenge
(Rome Daily Sentinel) Rome Lab is partnering with the Griffiss Institute and the Red Balloon Security firm to launch a sophisticated cyber challenge at the DEFCON 27 hacker convention in Las Vegas, Nev. on Friday through …
AttackSurfaceMapper - Automate and Simplify the OSINT Process(Trustwave) AttackSurfaceMapper (ASM) aims to greatly simplify the reconnaissance process by taking a single target domain or a list of IPv4 addresses as input, then analysing it using passive OSINT techniques and active reconnaissance methods.
High-Level Cyber Intrusions Hit Bahrain Amid Tensions with Iran(Wall Street Journal) Suspected Iranian hackers infiltrated critical infrastructure and government computers in the Persian Gulf nation of Bahrain within the last month, raising fears among leaders in the region that Tehran is stepping up its cyberattacks amid growing tensions.
Microsoft Nabs Russian Hackers Exploiting Flimsy IOT Security(Techdirt.) Week after week we've documented how internet of things devices are being built with both privacy and security as a distant afterthought, resulting in everything from your television to your refrigerator creating both new attack vectors and...
North Korean Hackers' $2 Billion Heist Is 'Funding WMD Programs'(Forbes) A leaked U.N. report shows that North Korean government-backed hackers are stealing and laundering cryptocurrencies to fund the nation’s military weapons program. Here’s how this worrying development demonstrates the very real and physical threat coming from North Korea.
Utilities Are Prime Target for Cyberattacks(Wall StreetJournal) Electric utilities are particularly vulnerable to cyber threats, experts say, in part because fixing security flaws can interrupt services and few of their employees have security clearances that let them receive timely government alerts.
2019 Spotlight Report on Ransomware(Vectra) Vectra research in Spotlight Report on Ransomware reveals that cybercriminals’ most effective weapon in carrying out a ransomware attack is the network itself, which is instrumental in enabling the malicious encryption of shared files on network servers.
Schools take precautions after cyber attack warning(Hanna Newspapers) Franklin Parish principals and central office personnel worked late Sunday night turning off computers and disconnecting internet networks at parish schools and School Board buildings after the Louisiana Department of
Android Security Bulletin—August 2019(Android Open Source Project) The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2019-08-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version.
The Weird, Dark History of 8Chan(WIRED) Its founder Fredrick Brennan is appalled by the notorious chat site’s links to right-wing extremism and mass shootings. Inside his tortured journey through the web’s cesspool and his attempt at redemption.
3 Cybersecurity Stocks to Buy as the Industry Takes Off(Yahoo) As the amount of data being produced and processed is surging, so are the number of cyber attacks being reported. One of the largest and most compromising for customers was the attack on Equifax (EFX) that occurred in 2017. The company stated that hackers gained access to 143 million U.S. customers’
The VIA Venafi No Outage Guarantee Letter(Venafi) We are so certain that Venafi customers who follow the Venafi Way will experience no certificate-related outages, we guarantee it. VIA Venafi pairs technology with proven experience to drive our customers to common goals, which includes preventing certificate-related outages. Read about our guarantee.
OPSWAT Deploys CrowdStrike to Enhance Security Offering(Yahoo) OPSWAT, a leader in critical infrastructure protection, today announced that it has partnered with CrowdStrike® Inc., a leader in cloud-delivered endpoint protection, to enhance the multiscanning capabilities of MetaDefender, its flagship content security platform
Cybersecurity best practices in USA(Lexology) A review of cybersecurity best practices in USA, including industry standards, codes of practice, recommended procedures and insurance cover.
Design and Innovation
Visa to Test Advanced AI to Prevent Fraud(Wall Street Journal) The company is rolling out a platform to help its engineers quickly test advanced artificial-intelligence algorithms aimed at detecting and preventing credit-card fraud.
Rutgers Students Learn Cybersecurity During Big Ten Internship(Rutgers Today) A group of students spent part of their summer learning how to hunt down viruses, thwart hackers, and protect organizations from ever-increasing cyber-threats during a one-of-a-kind internship program with a cybersecurity operations center co-founded by Rutgers.
Trump administration bans federal agencies from buying Huawei, ZTE tech(TechCrunch) The Trump administration has banned U.S. federal agencies from buying equipment and obtaining services from Huawei and two other companies as part of the government’s latest crackdown on Chinese technology amid national security fears. Jacob Wood, a spokesperson for the White House’s Of…
Banks Hand Over Documents on Russians Possibly Linked to Trump(Wall Street Journal) Major Wall Street banks have given congressional committees investigating President Trump thousands of pages of documents related to Russians who may have had dealings with the president, his family or his business, people familiar with the congressional probes said.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Sacramento Cybersecurity Conference(Sacramento, California, USA, August 8, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Wicked6 Cyber Games(Las Vegas, Nevada, USA, August 8, 2019) On August 8, 2019, six elite collegiate cyber teams go head-to-head in the thrilling environment of a Las Vegas esports arena. They’ll battle it out as they search for and defeat the foe, all while an...
Hack the Sea(Las Vegas, Nevada, USA, August 8 - 11, 2019) Hack The Sea is a three day mini-conference that will be held in the villages of DEF CON 27. Hack The Sea will provide a variety of hands-on, collaborative learning experiences ranging from mini-workshops...
DEF CON 27(Las Vegas, Nevada, USA, August 8 - 11, 2019) DEF CON is a hacker convention which takes place immediately following Black Hat in Las Vegas every year.
Cybersecurity Summit, New York(New York, New York, USA, August 13 - 14, 2019) The Cybersecurity Summit, New York, invites information security practitioners to learn about the latest trends in data breaches and frauds, and about mitigation strategies. ISMG’s Global Summit focuses...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.