Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
August 29, 2019.
By the CyberWire staff
"Senior American officials" have described the June 20th US cyberattack against Iranian targets. The New York Times says the officials see the operation as a success: it wiped out a database essential to the Islamic Revolutionary Guards Corps' operations against tankers in the Arabian Gulf.
Researchers at Secureworks report that TrickBot is exhibiting new functionality that poses a particular threat to mobile users. The malware now seeks PINs that could be used to give GOLD BLACKBURN, the threat group behind TrickBot, the ability to access voice and text communications. Code injected through user interaction with a bogus sign-in page initiates TrickBot's "record" function.
Blackberry Cylance's ThreatVector threat research team has released new research into a malware sample used by APT28, that is, Fancy Bear, Russia's GRU. ThreatVector's new research details analysis of samples US Cyber Command uploaded to VirusTotal. They found that the malware is "a multi-threaded DLL backdoor that gives the threat actor full access to, and control of, the target host." Fancy Bear's stripped-down malware is surrounded by a great deal of benign code, and ThreatVector thinks the new approach represents a response to widespread defensive use of machine learning.
Facebook announced a revision to its rules concerning political advertising. The rules will govern both campaign ads and advocacy ads concerning social and political issues. They aim at producing disclosures that would achieve greater transparency with respect to who's sponsoring and paying for the advertising.
Avast has helped the French Gendarmerie take down the Retadup worm's command-and-control infrastructure.
Today's issue includes events affecting Australia, Belarus, Canada, China, European Union, France, Germany, Ireland, Japan, Republic of Korea, Netherlands, Russia, United States.
Bring your own context.
Enterprises assess their cybersecurity state, sometimes with an external look, but often with internal checks. So what does a self-assessment provide you that's different from someone coming in from outside?
"The biggest thing that it does, honestly, is get buy-in from the teams on why this is important, and it helps them work closer with the security folks - the CISO, etc. - to be able to really buy into the whole security process and why it's important. That's just from the buy-in perspective."
—David Dufour, vice president of engineering and cybersecurity at Webroot, on the CyberWire Daily podcast, 8.27.19.
This may be particularly true for organizations working in an agile development environment.
And Labor Day is Monday.
We'll be taking our customary US Federal holiday on September 2nd. Publication will resume as normal on Tuesday. Enjoy the holiday, America.
Conduct secure and anonymous research on the open and dark web.
If you are doing online research, the common web browser can betray you by exposing you and your organization to cyber attacks. Authentic8, the maker of Silo Cloud Browser and Silo Research Toolbox, ends this betrayal. Silo insulates and isolates all web data and code execution from user endpoints, providing powerful, proactive security even if you are gathering data and collections across the deep and dark web. Learn more.
And Hacking Humans is up. In this week's episode, "Securing your SMS," Dave shares a story of digital voice assistants being channeled toward scammers. Joe tracks scammers taking advantage of social tools on the Steam gaming platform. The catch of the day involves South African kickbacks. Our guest is researcher/technologist Ray [REDACTED], who shares his expertise on scammers targeting SMS.
Cyber Security Summits: Chicago on August 27 and on September 17 in Charlotte(Chicago, Illinois, United States, August 27, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Google, IBM, Darktrace, and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today: www.CyberSummitUSA.com
10th Annual Billington CyberSecurity Summit(Washington, DC, United States, September 4 - 5, 2019) The event will be an important Call to Action for the cybersecurity community and is the deepest examination of the cybersecurity and government at the local, state, Federal and International levels found anywhere.
Second Annual DataTribe Challenge(Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at www.datatribe.com/challenge.
Zero Day Con(Washington, DC, USA, October 22, 2019) Zero Day Con hosts a day of expert discussion on security approaches to regain control over your systems, data, and information. Join us to examine insights, security technologies, and key priorities to secure your systems. Get a 30% discount for Labor Day using code LABOR30.
American Cyber Command hamstrung Iran’s paramilitary force(MIT Technology Review) American officials say that a US cyberattack against Iran that was launched earlier this summer has had a lingering impact on the Iranian military's ability to target oil tankers in the Persian Gulf, according to a new report in the New York Times.Iranians are reportedly still recovering targeted systems, networks, and data after the cyberattack which was launched in June at a peak in tensions between Iran and American allies.The players: The attack was launched by US Cyber Command.
Inside the APT28 DLL Backdoor Blitz(ThreatVector) This report is a follow-up to 'Flirting With IDA and APT28.' This time, researchers perform a deep dive on capabilities found in an APT28 sample that reveals a backdoor capability...
Ransomware Trains Its Sights on Cloud Providers(Dark Reading) Ransomware writers are now targeting cloud service providers with network file encryption attacks as a way to hold hostage the maximum number of customers that they can, notes Chris Morales, head of security analytics for Vectra. He also discusses Vectra's new ransomware report, which offers tips for protecting against virtual hostage taking.
Ransomware attacks on cities are rising(Techxplore) A ransomware campaign that targeted 23 US cities across Texas has raised serious concerns about the vulnerability of local governments and public services to cyber-attacks.
City approves $5M more for ongoing cyberattack remediation(Baltimore Business Journal) Members of the city's spending panel also voted to delay to purchase of cyber insurance for two weeks. Mayor Young said he hasn't "the slightest idea" why the city didn't already have this kind of insurance in place before.
Introducing Instart Zero Trust Access(Instart) Instart announces its zero trust solution to provide the enterprise with an easier, yet more secure, solution for providing end users access to their applications.
Splunk Results Exporter Integration(Opsview) The Splunk Results Exporter is a toolkit for extracting, filtering, reformatting, and exporting events from Opsview Monitor's event bus.
Combating TRISIS with the MITRE ATT&CK Framework(ThreatQuotient) MITRE ATT&CK dives deep into adversaries’ actions so security analysts can use that information to their advantage. It is a huge step forward in creating a knowledgebase of adversaries and associated tactics, techniques and procedures (TTPs) so you can start your threat hunt at the actor level.
Opinion: Why 5G will make cybersecurity so much more difficult(The Globe and Mail) There is little doubt that fifth generation networks are about to transform the world. Whether that transformation is for the better will depend on rethinking not only these networks, but also the methods we use to keep them safe, David Masson writes
Agency Information Collection Activities: Vulnerability Discovery Program(Federal Register) The Department of Homeland Security, Office of the Chief Information Security Officer, will submit the following Information Collection Request (ICR) to the Office of Management and Budget (OMB) for review and clearance in accordance with the Paperwork Reduction Act of 1995.
Malware Operation Making Millions Defeated by Design Flaw(BleepingComputer) The reign of Retadup botnet over more than 850,000 systems has reached an end as its command and control server (C2) was taken down by security researchers from antivirus maker Avast working with the French National Gendarmerie.
Putting an end to Retadup: A malicious worm that infected hundreds of thousands(Avast Threat Labs) Retadup is a malicious worm affecting Windows machines throughout Latin America. Its objective is to achieve persistence on its victims’ computers, to spread itself far and wide and to install additional malware payloads on infected machines. In the vast majority of cases, the installed payload is a piece of malware mining cryptocurrency on the malware …
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
Global Security Exchange (GSX)(Chicago, Illinois, USA, September 8 - 12, 2019) Global Security Exchange (GSX) is the only event that brings together security professionals from all vertical markets throughout the world to network, learn, and re-invest in the industry. It’s home for...
CPX 360 Bangkok(Bangkok, Thailand, January 14 - 16, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...
CPX 360 New Orleans(New Orleans, Lousiana, USA, January 27 - 29, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...
CPX 360 Vienna(Vienna, Austria, February 4 - 6, 2020) At CPX 360, you’ll gain an in-depth understanding of today’s dynamic threat landscape and the emerging challenges within cyber security. Get a look at the next wave of Check Point innovation and discover...
Integrate(Melbourne, Victoria, Australia, August 27 - 29, 2019) Get ready to think beyond and lose yourself in the technology of tomorrow at Integrate 2019. Integrate is Australia's leading event dedicated to helping businesses harness the power of AV technology to...
Washington DC Cybersecurity Conference(Washington, DC, USA, August 29, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
9th Annual Peak Cyber Symposium(Colorado Springs, Colorado, USA, September 3 - 5, 2019) The Peak Cyber Symposium is designed to further educate Cybersecurity, Information Management, Information Technology and Communications Professionals by providing a platform to explore some of today's...
9th Annual Peak Cyber Symposium(Colorado Springs, Colorado, USA, September 3 - 5, 2019) The Information Systems Security Association (ISSA) - Colorado Springs Chapter will once again host the 9th Annual Peak Cyber Symposium. This year's theme is "Cyber Hygiene: Everyday for Everyone." The...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.