Beginner’s Guide: Open Source Network Security Tools
With so many open source tools out there, it's hard to know where to start. Get your copy of “Beginner’s Guide: Open Source Network Security Tools” today to learn how you can use open source tools for: network discovery, network IDS, vulnerability scanning & penetration testing.
August 9, 2019.
Black Hat, BSides, and Def Con
A few quick observations from Black Hat as the conference winds down and is succeeded by Def Con.
Mikko Hypponen, chief research officer of F-Secure, shared some thoughts on the distinctive features of cyberwar. Fifth Domain has covered Hypponen's observations, and they're worth some reflection. What distinguishes cyberwar from kinetic war is, he thinks, the fundamentally difficult nature of attribution in cyberspace. "Cyber weapons are cheap, effective, and they are deniable," Hypponen said. False flag operations are common, and attribution is usually hedged about with reservations. There may even be doubt as to whether a cyberattack has even taken place. A missile launch is an unambiguous event, but it's often unclear if an incident in cyberspace is an attack or an accident.
This problem is closely linked to another: the difficulty of establishing deterrence in cyberspace. For deterrence to work, the adversaries must have some relatively realistic appreciation of what the opposition can do, what its capabilities are. That's one reason for the Cold War traditions of military parades in Red Square, or news footage of tests on the Pacific Missile Range. Cyber capabilities are inherently more difficult to assess. You may not even know that a particular kind of attack is possible, let alone that the opposition is capable of delivering it. "We have no idea" what offensive capabilities other nations have, Hypponen said. "So what kind of deterrence do these tools build? Nothing." (As Dr. Strangelove put it, back in the heyday of nuclear deterrence, "deterrence is the art of producing fear in the mind of the enemy," but "the whole point of the doomsday machine is lost if you keep it a secret.")
Turning to specific nation-states, Hypponen singled out North Korea for particular mention in dispatches. Making all due allowance for the difficulties of attribution mentioned above, Pyongyang does things no other government attempts, like engaging in hacking for financial gain. Part of what explains North Korea's high level of activity and relative recklessness, Hypponen argues, is that the country has very little to lose, and that makes it a different kind of threat actor.
We'll have more notes from Las Vegas early next week.
By the CyberWire staff
Vice reports that, contrary to various government assurances, voting machines in the US made by Election Systems & Software have in fact sometimes been connected to the Internet. County election officials who desire faster tabulation and reporting of votes establish wireless connections to SFTP servers behind a Cisco firewall. These connect with backend systems that actually count the votes. In some cases the systems have remained connected for months. Thus voting may be less air-gapped than many officials had imagined.
Both Boeing and the US Federal Aviation Administration dispute claims made this week by IOActive that the 787 Dreamliner's firmware is vulnerable to cyberattacks on flight systems. The aircraft manufacturer told PCMag that IOActive did not have full access to the 787's systems, and that Boeing's "extensive testing confirmed that existing defenses in the broader 787 network prevent the scenarios claimed." The FAA says it's "satisfied with the assessment of the issue."
With calls for increased attention to evidence of threats in social media, the FBI has issued a Request for Proposals that asks contractors to propose tools that could effectively monitor Facebook and other social media for signs of impending criminal or terrorist violence. Facebook, the Wall Street Journal says, isn't entirely happy with the idea.
Broadcom will acquire Symantec's enterprise security unit (including, CRN says, the Symantec brand) for $10.7 billion in cash. Seeking Alpha calls this Broadcom's next move in its play to become a major infrastructure technology provider. Symantec will retain its consumer-facing Norton LifeLock business.
Today's issue includes events affecting China, European Union, France, Iran, Israel, Kazakhstan, Russia, Saudi Arabia, Singapore, United States.
Bring your own context.
Hey, Security—ever blame HR for some problem you had to mop up?
"If we turn around and actually spend more time looking at the humans that we have, they are to some degree, our best assets. And that's everybody from the users that we've blamed for everything - maybe we turn around and try to educate them in how to protect themselves more effectively and not do it in a punitive manner - all the way through to the board level, the directors and everybody else. And how do we educate in a way that they understand, not in a way that we're comfortable teaching? I think those are probably two very big ones. And then a little bit of humble pie: we need to go back to the businesses and to the areas of the business we've blamed and say, hey, how do we solve this problem together?"
—Craig Williams, head of Talos outreach at Cisco, on the CyberWire Daily Podcast, 8.6.19.
What if your security strategy added zeros to your bottom line?
Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.
ON THE PODCAST
In today's podcast, out later this afternoon, we speak with our partners at Accenture, as Justin Harvey shares his observations from the Black Hat show floor. Our guest, Tim Tully from Splunk, describes the AI race between the US and China.
Cyber Warrior Women Summer Social: Sip and Paint(Columbia, MD, United States, August 21, 2019) Join the Cybersecurity Association of Maryland, Inc. (CAMI) for the annual Cyber Warrior Women Summer Social, an all-about-fun-and-networking event! We're adding an artistic element to this year's event with a wine glass painting exercise. No previous art experience required.
IntSights Exposes Dark Side of Russia at Black Hat U.S.A.(Yahoo) IntSights, the threat intelligence company focused on enabling enterprises to Defend Forward™, announced today the release of the company's latest threat intelligence report, The Dark Side of Russia: How New Internet Laws & Nationalism Fuel Russian
Black Hat: Lessons Learned from the Equifax Data Breach(Channel Futures) Regular communication and interaction with the board of directors is important to ensuring an organization is secure. In addition, organizations should initiate crisis management tests with the involvement of the board of directors.
Whatsapp flaw could allow hackers to alter and manipulate messages(The Telegraph) WhatsApp has refused to fix a security flaw that allows hackers to spoof messages and make it look as if they are coming from someone else, almost a year after a cybersecurity company warned that it could permit the spread of misinformation and fake news.
Black Hat: The Future of Securing Power Grid Intelligent Devices(Security Boulevard) Today at Black Hat USA we’re presenting an innovative power grid cyber security solution that greatly improves monitoring of intelligent electronic devices (IEDs). Using the IEC 62351 standard for monitoring industrial networks, we demonstrate how four types of hard-to-detect attacks are readily identified. The post Black Hat: The Future of Securing Power Grid Intelligent Devices appeared first on Nozomi Networks.
Photo gallery: Black Hat USA 2019(Help Net Security) Black Hat USA 2019 is underway in Las Vegas. Here are a few photos from the Business Hall and the Arsenal. Featured companies: Qualys, Anomali, Vectra,
Photo gallery: Black Hat USA 2019, part two(Help Net Security) Black Hat USA 2019 is underway in Las Vegas. Here are a few photos from the Business Hall and the Arsenal. Featured companies: Bugcrowd, Sumo Logic, Devo
F-Scrack-mimikatz – A bundle of tools(Avast Threat Labs) Recently when analyzing samples which attempt to bypass various applocking techniques we revisited an older bundle of various tools with the sole purpose to make money for the operators. Although the campaign seems to be long inactive it illustrates that creating malware capable of making money takes little to no writing original code and all …
DanaBot Banking Trojan(Infoblox) On 19 April, security researcher Brad Duncan reported a malicious spam campaign that used compressed Windows link files (LNK) to deliver DanaBot malware.1 DanaBot is a relatively advanced banking trojan with a modular design that allows for multiple vectors of attack.
Huawei Unveils Android Replacement Following U.S. Ban(Wall Street Journal) Chinese technology giant Huawei’s new operating system, called HarmonyOS, is intended to run on all of its consumer gadgets, as it races to develop backups to U.S. technology following its U.S. blacklisting.
Randall and Watkin-Child join CIP advisory board(CIO) Cybersec Innovation Partners (CIP) are delighted to announce the appointment of Don Randall MBE and Andy Watkin-Child (CSyP, CEng) as advisory board members who will provide expertise and strategic advice to support the company’s growth plan.
Dragos Platform Covers Cyber Defense and Threat Intelligence(ARC Advisory) ARC Advisory Group recently discussed the requirements for continuous asset and network monitoring with executives from Dragos, an industrial cybersecurity company with a large staff of experts in industrial/OT cyber defense and threat intelligence.
How to Detect a Cyber Attack Against Your Company(IndustryWeek) This article is the third installment in a five-part series outlining best practices when it comes to "Cybersecurity for Manufacturers." These recommendations follow the National Institute of Standards and Technology (NIST) cybersecurity framework, which has become the standard for the U.S. manufacturing sector.
New Russia Sanctions: Justified, But Feeble and Awkward(Atlantic Council) Late on August 2, under pressure from the US Congress and nearly seven months later than the law allows, the Trump Administration imposed additional sanctions on Russia for its attempted assassination-by-nerve-gas of a former Russian intelligence...
Apple is under formal antitrust probe in Russia(TechCrunch) Make way for another antitrust investigation into big tech. Step forward Russia’s Federal Antimonopoly Service (FAS), which has opened an official probe of Apple — following a complaint lodged in March by security company Kaspersky Labs. Kaspersky’s complaint to FAS followed a cha…
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Hack the Sea(Las Vegas, Nevada, USA, August 8 - 11, 2019) Hack The Sea is a three day mini-conference that will be held in the villages of DEF CON 27. Hack The Sea will provide a variety of hands-on, collaborative learning experiences ranging from mini-workshops...
DEF CON 27(Las Vegas, Nevada, USA, August 8 - 11, 2019) DEF CON is a hacker convention which takes place immediately following Black Hat in Las Vegas every year.
Cybersecurity Summit, New York(New York, New York, USA, August 13 - 14, 2019) The Cybersecurity Summit, New York, invites information security practitioners to learn about the latest trends in data breaches and frauds, and about mitigation strategies. ISMG’s Global Summit focuses...
Virginia Cybersecurity Education Conference(Fairfax, Virginia, USA, August 13 - 14, 2019) The goal of the Virginia Cybersecurity Education Conference is to get attendees thinking about ways to engage students at all grade levels in hands-on, meaningful educational activities related to cybersecurity.
AcceleRISE(Minneapolis, Minnesota, USA, August 14 - 16, 2019) Prepare for your future. Designed for young industry professionals like yourself, and presented by SIA, AcceleRISE brings together tomorrow’s security leaders for two-plus days of idea sharing, coaching,
The conference, hosted by SIA’s RISE community for young professionals and those new to the industry, will present blended learning sessions featuring a mix of keynotes, panel sessions, team building exercises, peer networking and workshops.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.