Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
August 27, 2019.
By the CyberWire staff
Recent attacks on US local governments suggest that one of the threats to expect during the 2020 elections will be ransomware. Reuters reports that CISA is working to help secure voter registration databases in particular against this form of attack. StateScoop sees the National Guard assuming a role in ransomware defense.
Web hosting provider Hostinger reset user passwords over the weekend after determining that unauthorized parties had gained access to its "internal systems." About half the company's 29 million users may have had their information exposed in the breach.
Cofense researchers have detected a sophisticated phishing campaign distributing the Quasar remote-access Trojan. Quasar is a widely available commodity RAT, but the campaign distributing it is unusually adept at evading detection and avoiding analysis.
Bleeping Computer reports research by Vitali Kremenz that outlines a new strain of ransomware, "Nemty." It appears to spread via remote desktop protocol.
Arkose Labs' Fraud and Abuse Report for the third quarter claims that over half the logins they investigated were fraudulent. The company analyzed more than 1.2 billion logins in the ﬁnancial services, e-commerce, travel, social media, gaming and entertainment sectors to reach this conclusion. The national center of gravity for social media fraud also seems to have shifted, with the Philippines now the clear leader in the origination of such traffic. The US is a distant second, with Russia, the UK, and Indonesia as also-rans.
Emsisoft has a free decryptor available for the Syrk ransomware that bamboozled Fortnite players looking for methods of cheating.
Today's issue includes events affecting Belarus, Bulgaria, China, Indonesia, Kazakhstan, Philippines, Russia, Tajikistan, Ukraine, United Arab Emirates, United Kingdom, United States, and Vietnam.
Bring your own context.
Bots and the role they can play in gift card scams.
"And so what ends up happening, and where bots come into this whole space, is that that adversary will go and write a bot - or effectively a script - that can go and target these check balance services on a retailer site, and just start guessing hundreds, thousands, upwards of millions if it's long enough and they've got the scale and support to do that. They can just start brute force guessing with no real rhyme or reason, but eventually, if they get enough guesses, the probability starts to increase drastically that they'll be able to more or less guess my card. And once they access it, they'll have full access to it to those funds."
—Jonathan Butler, technical account team manager at Imperva's Distil Networks, on the CyberWire's Research Saturday, 8.24.19.
Gift card fraud is a species of pay card fraud, and bots can play a role there, too.
Conduct secure and anonymous research on the open and dark web.
If you are doing online research, the common web browser can betray you by exposing you and your organization to cyber attacks. Authentic8, the maker of Silo Cloud Browser and Silo Research Toolbox, ends this betrayal. Silo insulates and isolates all web data and code execution from user endpoints, providing powerful, proactive security even if you are gathering data and collections across the deep and dark web. Learn more.
ON THE PODCAST
In today's podcast, out later this afternoon, we hear from our partners at Webroot, as David Dufour discusses company cyber security assessments. Carole Theriault speaks with our guest Omar Yaacoubi from Barac on the growth in encrypted hacks, and how they use metadata to detect and analyze them.
Cyber Security Summits: Chicago on August 27 and on September 17 in Charlotte(Chicago, Illinois, United States, August 27, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Google, IBM, Darktrace, and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today: www.CyberSummitUSA.com
10th Annual Billington CyberSecurity Summit(Washington, DC, United States, September 4 - 5, 2019) The event will be an important Call to Action for the cybersecurity community and is the deepest examination of the cybersecurity and government at the local, state, Federal and International levels found anywhere.
Second Annual DataTribe Challenge(Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at www.datatribe.com/challenge.
Zero Day Con(Washington, DC, USA, October 22, 2019) Zero Day Con hosts a day of expert discussion on security approaches to regain control over your systems, data, and information. Join us to examine insights, security technologies, and key priorities to secure your systems. Get a 30% discount for Labor Day using code LABOR30.
Quasar RAT installed by new phishing campaign(SC Magazine) Malware deploys anti-analysis methods to install remote access tool by stuffing the message with so many strings of rubbish that attempts to decode them would likely cause a crash.
The evasive Baldr malware may hit back in new forms, warns SophosLabs(LiveMint) Baldr was used to target PC gamers living around the world; Indonesia (21%), the United States (10.52%), Brazil (14.14%), Russia (13.68%), India (8.77%) and Germany (5.43%) were the countries most affected.It was named Baldr as security researchers believe it to be the handiwork of LordOdin, a hacker active on Russian forums
Vulnerability Summary for the Week of August 19, 2019(CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
The Growing Threat of Deepfake Videos(SecurityWeek) Deepfakes are a growing threat that will increasingly be used in phishing attacks, BEC attacks, reputation attacks, and public opinion attacks (such as election meddling).
Huawei Is in Talks to Launch a 'Pilot Program' Using Russian OS as Replacement for Android(Gizmodo) After being placed on a so-called Entity List by the U.S. federal government, severely restricting its access to American technology, Chinese tech giant and world’s second-largest smartphone manufacturer Huawei is investigating using the Russian-made Aurora operating system as a replacement for Google’s Android OS on its mobile devices, Reuters reported on Monday.
CrowdStrike Announces Establishment of Falcon Fund(Yahoo) CrowdStrike® Inc. (CRWD), a leader in cloud-delivered endpoint protection, today announced the launch of Falcon Fund, an $20 million dollar early stage investment fund started by CrowdStrike®, in partnership with Accel. Falcon Fund will focus on seed and Series A investments in startups that are building
Georgia Signs $25M Contract for Single Sign-On Capability(Government Technology) One year after signing a $218 million contract with Unisys for cloud services, and one month after a ransomware attack took public safety agencies offline, the state is investing again in security and cloud support.
Decryptor for Syrk(Emsisoft) Syrk Ransomware pretends to be a hacking tool for the video game Fortnite, but instead, encrypts its victims files using AES-256 and adds the extension
Reciprocity Launches First-of-its-Kind Integrated GRC Platform(Yahoo) Reciprocity, the provider of leading information security risk and compliance solution, ZenGRC, today announced a first-of-its-kind Platform-as-a-Service, ZenConnect. The integrated solution, ZenGRC + ZenConnect, provides a modern approach to managing information
What is steganography and how does it differ from cryptography?(Computer Crime Research Center) Steganography is an ancient practice that involves hiding messages and data. From its humble origins that involved physically hiding communications and using invisible inks, it has now moved into the digital realm, allowing people to slip critical information into seemingly mundane files
New funding for aviation security innovation(SC Magazine) £1 million of funding is being made available to boost aviation security with grants for universities to collaborate with industry in a joint initiative between the Department for Transport and the Home Office.
'I know what you said last summer'(SC Magazine) User privacy is being trampled on say civil liberties groups as several Big Tech companies finally admit that they record and listen to our voice commands, conversations and even private chats
Integrate(Melbourne, Victoria, Australia, August 27 - 29, 2019) Get ready to think beyond and lose yourself in the technology of tomorrow at Integrate 2019. Integrate is Australia's leading event dedicated to helping businesses harness the power of AV technology to...
Washington DC Cybersecurity Conference(Washington, DC, USA, August 29, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
9th Annual Peak Cyber Symposium(Colorado Springs, Colorado, USA, September 3 - 5, 2019) The Peak Cyber Symposium is designed to further educate Cybersecurity, Information Management, Information Technology and Communications Professionals by providing a platform to explore some of today's...
9th Annual Peak Cyber Symposium(Colorado Springs, Colorado, USA, September 3 - 5, 2019) The Information Systems Security Association (ISSA) - Colorado Springs Chapter will once again host the 9th Annual Peak Cyber Symposium. This year's theme is "Cyber Hygiene: Everyday for Everyone." The...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.