Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
August 26, 2019.
By the CyberWire staff
The Los Angeles Times reports that data concerning the US Department of Homeland Security's BioWatch program were exposed for over a decade on a contractor's unsecured server. The data included some sensor locations, lists of bio agents that could be detected, and some contingency plans. The vulnerable site has been shuttered, and the data moved behind a DHS firewall.
According to ZDNet and others, attackers are weaponizing vulnerabilities in Webmin servers, Pulse Secure, and Fortinet VPNs. Users are urged to patch.
SecurityWeek reports that the US Department of Justice unsealed an indictment naming some eighty defendants in a range of online frauds ranging from business email compromise to romance scams. The two lead defendants and several co-conspirators are Nigerian nationals.
InternetUA says the cryptomining rig Ukraine's SBU dismantled at the South Ukraine Nuclear Power Station apparently exposed data about the plant's physical security. Such data are sensitive, and in Ukraine are considered state secrets.
Phishing attempts are mimicking multi-factor authentication login screens, Naked Security says. They aren't, of course: they're simply malicious links. But the appearance is more convincing than that seen in earlier attempts. Sophos advises avoiding email links, being aware of domain names, and foregoing any shortcuts to determining whether accounts are being misused by some third-party.
Crown Sterling has filed a lawsuit against Informa subsidiary UBM alleging breach of contract. Poor reception of Crown Sterling's presentation at Black Hat outlining what the company calls a "paradigm-shifting" contribution to cryptography prompted the suit. Ars Technica has a summary.
Today's issue includes events affecting Australia, Canada, China, India, Pakistan, United Kingdom, United States.
Bring your own context.
Some observations on the convergence of hybrid war and organized crime.
"The trend really is for increasing connectivity, hyper-connectivity of everything from the financial services sector all the way through to things like industrial control systems, physical process control. And that's changing, really, the nature in which criminals operate but also changing the way in which nation-states are operating. And we've seen a real rise in what's been variously termed as hybrid war, ambiguous war, gray-zone conflict, where the nation-states are actually able to operate within the uncertain boundaries of a globalized hyper-connected environment. And so we see things like the bank of Bangladesh heist, which has been - it was an attack against the central bank and reportedly conducted by a nation-state in order to fund internal activities within that nation-state, particularly around their military program. Now, there are various conversations around that about how true or not that is. But that kind of concept that now a nation-state is performing what would've traditionally been seen as a criminal act in order to fund nation-state activities is quite an interesting and emergent of global politics within a digital environment."
—Daniel Prince, senior lecturer in cybersecurity at Lancaster University, on the CyberWire Daily Podcast, 8.21.19.
Perhaps the non-state side of the analogy is less with organized crime than to banditry, or even warlordism.
Conduct secure and anonymous research on the open and dark web.
If you are doing online research, the common web browser can betray you by exposing you and your organization to cyber attacks. Authentic8, the maker of Silo Cloud Browser and Silo Research Toolbox, ends this betrayal. Silo insulates and isolates all web data and code execution from user endpoints, providing powerful, proactive security even if you are gathering data and collections across the deep and dark web. Learn more.
Cyber Security Summits: Chicago on August 27 and on September 17 in Charlotte(Chicago, Illinois, United States, August 27, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Google, IBM, Darktrace, and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today: www.CyberSummitUSA.com
10th Annual Billington CyberSecurity Summit(Washington, DC, United States, September 4 - 5, 2019) The event will be an important Call to Action for the cybersecurity community and is the deepest examination of the cybersecurity and government at the local, state, Federal and International levels found anywhere.
Second Annual DataTribe Challenge(Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at www.datatribe.com/challenge.
Zero Day Con(Washington, DC, USA, October 22, 2019) Zero Day Con hosts a day of expert discussion on security approaches to regain control over your systems, data, and information. Join us to examine insights, security technologies, and key priorities to secure your systems. Get a 30% discount for Labor Day using code LABOR30.
A new variant of Asruex Trojan exploits very old Office, Adobe flaws(Security Affairs) Experts at Trend Micro discovered a new variant of the Asruex Trojan that exploits old Microsoft Office and Adobe vulnerabilities to infect systems. Malware researchers at Trend Micro discovered a new variant of the Asruex Trojan that exploits old Microsoft Office and Adobe vulnerabilities to infect Windows and Mac systems. Asruex first appeared in the
Using CTFTOOL.exe to escalate privileges by leveraging Text Services Framework; and mitigation processes and steps(Insider Threat Security Blog) Overview In this post, I will be looking at a new exploit that leverages a weakness in Microsoft Windows Text Services Framework to launch a child process that allows for the escalation of privileges. I will give a brief overview of what the Text Services Framework service does, what the exploit is, and how it could be used. Then, I will go into more detail about how to run the exploit and different methods that can be used for detection...
Regis University shuts down internet on campus following cyber attack(FOX31 Denver) A cyber attack forced Regis University in northwest Denver to shut down its campus internet. The shut-down began Tuesday. As of Sunday, the university's email accounts, online programs and class schedules remained unavailable. Regis officials say their systems were affected by a malicious threat from outside of the university, likely based outside the country.
Nacsa: No sign of cyber attack on KLIA, klia2 network(Malay Mail) There is no incidence of cyber-attack detected so far in the network service disruption of Kuala Lumpur International Airport (KLIA) and Kuala Lumpur International Airport 2 (klia2), since the disruption was first detected on Aug 21. According to a...
Security Patches, Mitigations, and Software Updates
Cyberwar: The Complete Guide(WIRED) The threat of cyberwar looms over the future: a new dimension of conflict capable of leapfrogging borders and teleporting the chaos of war to civilians thousands of miles beyond its front.
Cryptocurrency becoming terrorists' lifeblood(WND) A new report has been released by the Jihad and Terrorism Threat Monitor of theMiddle East Media Research Institute that warns terrorists already are using cryptocurrencies for their fundraisings.
VMware Goes Beyond Dell Family Matters(Wall Street Journal) With its stock price being beaten down, software maker VMware will have to show it can juggle two complex acquisitions and while still managing some tricky Dell family relationships.
Rapid7 Is Underrated(Seeking Alpha) Rapid7's product diversification and growth narrative points to the need for improved valuation. The company provides one of the best vulnerability assessment s
SailPoint: Getting Ahead(Seeking Alpha) At a market cap of less than $2 billion, SailPoint appears cheap. However, the need to educate enterprises and raise awareness on cyber governance continues to weigh on growth and profitability.
Google Puts Curbs on Political Debate by Employees (Wall Street Journal) Google tightened its guidelines on how employees communicate about politics and topics not related to work, in a major shift for a company that has long prided itself on open debate.
VC-backed SecurityScorecard adds new VP to team(PE Hub) New York City-based SecurityScorecard, a provider of security ratings, has appointed Michael Sweeney as vice president of worldwide alliances and channels. In his new role, Sweeney will lead the company's global security ratings channel program. Prior to joining the company, he worked at Palo Alto Networks. SecurityScorecard's backers included Riverwood Ventures, Sequoia Capital, GV, NGP Capital, Evolution Equity Partners, Boldstart Ventures and AXA Venture Partners.
Malwarebytes 4 Beta released for download(Neowin) Malwarebytes 4.xx has been built from the ground up and now offers combined Anti-Malware, Anti-Exploit, Anti-Ransomware, Website Protection, and Remediation technologies all into a single product.
Nvidia and VMware team up to make GPU virtualization easier(TechCrunch) Nvidia today announced that it has been working with VMware to bring its virtual GPU technology (vGPU) to VMware’s vSphere and VMware Cloud on AWS. The company’s core vGPU technology isn’t new, but it now supports server virtualization to enable enterprises to run their hardware-a…
Firewall best practices to protect against ransomware(Sophos News) Ransomware has recently vaulted to the top of the news again, as devastating attacks continue to impact government, education and business operations in many jurisdictions, particularly in the Unit…
The risks of amoral A.I.(TechCrunch) Kyle Dent Contributor Kyle Dent is a Research Area Manager for PARC, a Xerox Company, focused on the interplay between people and technology. He also leads the ethics review committee at PARC. Artificial intelligence is now being used to make decisions about lives, livelihoods, and interactions in …
Crypto means cryptotheology(TechCrunch) Cryptocurrencies are a religion as much as they are a technology. They almost have to be, given their adherents’ gargantuan ambition of fundamentally changing how the world works. This means they attract charlatans, lunatics, frauds, and false prophets, and furious battles are waged over doct…
Alex Stamos, Ex-Facebook Security Chief, Blames Journalists for Cambridge Analytica Fallout(Gizmodo) A Facebook initiative announced last year designed to generate “independent, credible research about the role of social media in elections” is faltering, BuzzFeed reported this week, citing multiple sources with knowledge of the program and its participants. According to Facebook’s former chief security officer, reporters who covered the company’s Cambridge Analytica scandal are at least partly to blame.
Information Warfare Merger Expected in Fall as USAF Adds Missions(Air Force Magazine) The long-planned merger of 24th and 25th Air Forces into a new information-warfare organization won’t happen until this fall, as its portfolio expands to cover weather specialists and several other activities, ACC chief Gen. Mike Holmes said.
Cyberattacks on Texas Cities Put Other Governments on Guard(SecurityWeek) Cyberattacks that hit several Texas cities have put other local governments on guard, offering the latest evidence that hackers can halt routine operations by locking up computers and public records and demanding ransoms.
Tamil Nadu on high alert following terror threat(Deccan Herald) Major cities in Tamil Nadu have been placed under high alert following specific intelligence inputs that six terrorists, including a Pakistani national, have sneaked into the state to execute terror attacks.
US Wants Woman Accused in Capital One Hack to Stay Locked Up(SecurityWeek) Federal prosecutors say Paige Thompson, the transgender woman accused of hacking Capital One and at least 30 other organizations, is a threat to herself and society, a flight risk and should be kept locked up until her trial.
Anne McClain: 5 Fast Facts You Need to Know(Heavy) Anne McClain, one of NASA’s most respected female astronauts, is accused of hacking into her estranged wife’s bank account while serving aboard the International Space Station. It may be the first case of space crime.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Integrate(Melbourne, Victoria, Australia, August 27 - 29, 2019) Get ready to think beyond and lose yourself in the technology of tomorrow at Integrate 2019. Integrate is Australia's leading event dedicated to helping businesses harness the power of AV technology to...
Washington DC Cybersecurity Conference(Washington, DC, USA, August 29, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
9th Annual Peak Cyber Symposium(Colorado Springs, Colorado, USA, September 3 - 5, 2019) The Peak Cyber Symposium is designed to further educate Cybersecurity, Information Management, Information Technology and Communications Professionals by providing a platform to explore some of today's...
9th Annual Peak Cyber Symposium(Colorado Springs, Colorado, USA, September 3 - 5, 2019) The Information Systems Security Association (ISSA) - Colorado Springs Chapter will once again host the 9th Annual Peak Cyber Symposium. This year's theme is "Cyber Hygiene: Everyday for Everyone." The...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.