Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
August 16, 2019.
The CyberWire's 6th annual Women in Cybersecurity Reception will be here in October.
Our 6th Annual Women in Cybersecurity Reception takes place October 24 at the International Spy Museum's new facility at L'Enfant Plaza in Washington, DC. The Women in Cybersecurity Reception highlights and celebrates the value and successes of women in the cybersecurity industry. The event focuses on networking, and it brings together leaders from the private sector, academia and government from across the region, and women at varying points in their careers. It's not a marketing event; it's just about creating connections. If you're interested in getting an invitation to this year's event, tell us a little bit about yourself and request one here. A very limited number of sponsorship opportunities remain, so please let us know if you're interested in one of those, too.
By the CyberWire staff
The European Central Bank closed down one of its websites yesterday after sustaining an unspecified cyberattack on the Banks' Integrated Reporting System (BIRD). Reuters reports that ECB says no "market-sensitive data" were compromised, but that email addresses, names, and titles of BIRD newsletter subscribers may have been taken.
The Norman cryptominer, tracked by Varonis, shows some unusual evasiveness. Its DLL arrives with the Agile obfuscator. The malware also injects an obfuscated miner into an appropriate application along its execution path, and it stops mining Monero when the infected user opens Task Manager.
The Wall Street Journal reports that employees at Capital One expressed concern over what they saw as high turnover among the bank's cybersecurity unit. There are reports that a third of the cybersecurity staff left in 2018. The unit was responsible for threat hunting, firewall configuration, and similar security tasks. Even given the turnover, Capital One points out that total cybersecurity headcount actually increased over that period. Nonetheless, insiders complained of a poor organizational climate, lax security oversight, and slow deployment of security tools.
Instagram is introducing a feature that will permit users to flag information they believe to be false. Reuters has an account of the tool, which appears to be an interim gesture in the direction of controlling fake news.
US Cyber Command has posted Electric Fish malware from North Korea's APT38 threat group to VirusTotal. FireEye has reported that APT38 is heavily involved in state-directed financial crime. Its activities overlap those of the Lazarus Group.
Today's issue includes events affecting Canada, China, European Union, India, Democratic Peoples Republic of Korea, Malaysia, United Kingdom, United States.
Bring your own context.
It's worth considering cyber insurance as part of a risk management strategy.
"Honestly, I think there's a lot of value in looking at cybersecurity insurance for some organizations. And, in fact, there could reasonably be more value than maybe buying that next hundred-thousand-dollar tool that's going to protect your network. And you need to take the time to understand the risk and the benefit. For example, insurance might protect you from a breach that occurred, and you aren't that exposed to a breach, so you don't need to buy that new network monitoring tool. You don't need to buy that solution that is expensive and you have to bring on cybersecurity resources where, because you're not so exposed or not in an industry that has a lot of interest to attackers, an insurance policy could be the better solution for you."
—David Dufour, vice president of engineering and cybersecurity at Webroot, on the CyberWire Daily Podcast, 8.14.19.
There are three things you can do with risk: accept it, mitigate it, or transfer it. Insurance transfers risk.
What are the best practices and tools for SecOps in 2019?
Read the 2019 SANS Security Operations Survey report for key insights & strategies from principal SANS Instructor Christopher Crowley & SANS Director of Emerging Technologies John Pescatore. Download your copy now.
Cyber Warrior Women Summer Social: Sip and Paint(Columbia, MD, United States, August 21, 2019) Join the Cybersecurity Association of Maryland, Inc. (CAMI) for the annual Cyber Warrior Women Summer Social, an all-about-fun-and-networking event! We're adding an artistic element to this year's event with a wine glass painting exercise. No previous art experience required.
Second Annual DataTribe Challenge(Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at www.datatribe.com/challenge.
Cyber Attacks, Threats, and Vulnerabilities
Cybercom publicly posts malware linked to North Korean hackers(TechCrunch) U.S. Cyber Command, the sister division of the National Security Agency focused on offensive hacking and security operations, has released a set of new samples of malware linked to North Korean hackers. The military unit tweeted Wednesday that it had uploaded the malware to VirusTotal, a widely use…
Capital One Cyber Staff Raised Concerns Before Hack (Wall Street Journal) Before a giant data breach, Capital One employees raised concerns within the company about what they saw as high turnover in its cybersecurity unit and a failure to promptly install some software to spot and defend against hacks, according to people familiar with the matter.
Analysis: New Remcos RAT Arrives Via Phishing Email(TrendLabs Security Intelligence Blog) In July, we came across a phishing email purporting to be a new order notification, which contains a malicious attachment that leads to the remote access tool Remcos RAT (detected by Trend Micro as BKDR_SOCMER.SM). This attack delivers Remcos using an AutoIT wrapper that incorporates various obfuscation and anti-debugging techniques to evade detection, which is a common method for distributing known malware.
A compendium of container escapes(Help Net Security) Brandon Edwards, Chief Scientist at Capsule8, talks about about a compendium of container escapes, and the RunC vulnerability in particular.
Hackers Subvert Security Checks Like the Browser Padlock(Wall Street Journal) Recent attacks have shown that cybercriminals have co-opted techniques and tools that people commonly use to distinguish real communications and websites from fake ones, such as the padlock in a browser window.
Kaspersky Lab Exposed Users' Browsers to Website Tracking(PCMAG) Ronald Eikenberg, a journalist at German computer magazine c't, noticed the code Kaspersky Lab was injecting into browsers, and realized the privacy ramifications. 'Any website can read the user's Kaspersky ID and use it for tracking,' he wrote.
Fuji Electric Alpha5 Smart Loader(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low skill level to exploit
Vendor: Fuji Electric
Equipment: Alpha5 Smart Loader
Vulnerability: Stack-based Buffer Overflow
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to execute code under the privileges of the application.
Johnson Controls Metasys(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.8
ATTENTION: Exploitable remotely
Vendor: Johnson Controls
Vulnerabilities: Reusing a Nonce, Key Pair in Encryption; Use of Hard-coded Cryptographic Key
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could be leveraged by an attacker to decrypt captured network traffic.
Siemens SINAMICS(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vulnerability: Uncontrolled Resource Consumption
2. RISK EVALUATION
Successful exploitation of this vulnerability may allow an attacker to perform a denial-of-service attack.
Cloudflare, in its IPO filing, thanks a third cofounder: Lee Holloway(TechCrunch) Not every co-founder is acknowledged at the companies that they help to launch. Sometimes, they quit or they’re elbowed out. Often, they’re conveniently written out of the company’s history. In the case of Cloudflare, a third co-founder who began the company with its higher-profil…
The ‘SAFE’ replacement for a popular Army file-sharing tool(Fifth Domain) The Defense Information Systems Agency launched a new secure file sharing site Aug. 15 as part of an effort to replace a popular tool run by the Army that had far exceeded what its creators had intended and become the go-to site for sending large files.
Re: Investigation of the DOJ’s and FBI’s Handling of the Clinton Investigation(US Senate) We write to provide you with information that we developed as part of your investigation into the mishandling of highly classified information and operation of a non-government server for official business by Secretary Clinton and her associates. Statements made in a joint bipartisan staff interview by intelligence community officials involved in the classification review raise particular concerns that senior State Department officials sought to downgrade classified material found on the server.
Delta Sues Chatbot Provider Over 2017 Breach(Wall Street Journal) The airline is suing an artificial-intelligence company that powered a chatbot on its website, accusing it of lax cybersecurity that caused a 2017 data breach. The unusual lawsuit highlights the sensitive relations between companies that have been hacked and their business partners.
Plaintiffs argue Facebook knew of privacy leak vulnerability(Seeking Alpha) Plaintiffs in a suit against Facebook (FB +0.9%) are working to amend their complaint about the "View As" privacy leak, saying that the company knew about the risks of the feature but didn't remedy them because it would hurt business, Bloomberg reports.
Security Clearance Backlog Cut In Half: Kari Bingen(Breaking Defense) In April 2018 the government hit a high point of 725,000 delayed clearances. Today, the number has dipped below 360,000. In May, we reported that would-be federal employees and defense contractors waited an average of 221 days for a Secret clearance and 534 days for a Top Secret clearance.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
KNOW Identity(Las Vegas, Nevada, USA, April 5 - 8, 2020) The KNOW Identity Conference is the industry-leading identity event. With 2000+ attendees and 50+ content-rich sessions, KNOW is a powerful, immersive event, where the leading edge of digital identity...
AcceleRISE(Minneapolis, Minnesota, USA, August 14 - 16, 2019) Prepare for your future. Designed for young industry professionals like yourself, and presented by SIA, AcceleRISE brings together tomorrow’s security leaders for two-plus days of idea sharing, coaching,
The conference, hosted by SIA’s RISE community for young professionals and those new to the industry, will present blended learning sessions featuring a mix of keynotes, panel sessions, team building exercises, peer networking and workshops.
SecureWorld Bay Area(Santa Clara, California, USA, August 21, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
Pittsburgh Cybersecurity Conference(Pittsburgh, Pennsylvania, USA, August 22, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Integrate(Melbourne, Victoria, Australia, August 27 - 29, 2019) Get ready to think beyond and lose yourself in the technology of tomorrow at Integrate 2019. Integrate is Australia's leading event dedicated to helping businesses harness the power of AV technology to...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.