AT&T Cybersecurity Insights Report: Security at the Speed of 5G
AT&T Cybersecurity teamed up with 451 Research to survey organizations on their 5G security plans. Download today and see organizations’ 5G cybersecurity preparedness responses followed by gap analysis on what’s possibly being overlooked plus recommendations for strengthening 5G security efforts.
December 4, 2019.
CyberWire Pro, coming in 2020.
We're pleased to announce our new subscription program, CyberWire Pro, launching early in 2020. For cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is an independent news service you can depend upon to stay informed and save time. Learn more and sign up to get launch updates here.
By the CyberWire staff
Another accusation of Russian-government phishing comes from UK Labour politician Ben Bradshaw, whom the Guardian describes as a frequent critic of Moscow's influence operations. Bradshaw says he received email from an "Andrei" who claimed to be a "whistleblower" inside Russian President Putin's administration. The email's attachments purported to describe Russian disinformation operations, but upon further review they appeared possibly malicious. The NCSC is investigating.
IBM researchers describe a new, destructive wiper, ZeroCleare, which is active in the wild against energy sector targets in the Middle East. IBM regards it as likely that ZeroCleare, which in some respects resembles Shamoon, is being deployed by Iranian state actors.
North Korean hackers belonging to the Lazarus Group who inserted DTrack malware into administrative systems at India's Kudankulam nuclear facility were, according to the International Business Times, after thorium reactor design information.
Big pharma giant Merck is wrangling with its insurers over the $1.3 billion in losses the company incurred as the result of the NotPetya infestation it suffered on July 27, 2017. The insurers balk at paying because it appears that the NotPetya attack, generally and credibly attributed to the Russian government, may have amounted to an act of war. The malware was initially deployed as part of Russia's hybrid war against Ukraine, but spread rapidly to targets elsewhere in the world. The matter is now being litigated, Claims Journal reports, in a Union County, New Jersey, court.
National Interest seeks to make Air Force flesh creep with accounts of F-15 hacking demonstrations.
Today's issue includes events affecting Australia, Brazil, Canada, China, Colombia, European Union, India, Jamaica, Japan, Democratic Peoples Republic of Korea, NATO/OTAN, New Zealand, Russia, United Kingdom, United States.
Bring your own context.
Spare a thought for the Federal CISO.
"If you have fifty regulations that you're trying to adhere to and if you have an inspector general report that has thirty-two findings of areas that can be improved and if you have eight programs that you can try and sequence in which order you get to the recommendations or you get to the actions first, it's useful to have a high-level principal like that, where you can say, the things that I'm going to really seek to do first are the things that are going to help with an objective like that. And we've seen a lot of interest, increasing interest, from decision-makers in government in adopting a format like that."
—Robert Sheldon, head of technology strategy for public sector at CrowdStrike, on the CyberWire's Caveat podcast, 12.4.19.
There are bureaucratic virtues as well as the familiar vices, the red tape everyone complains about. Some of those virtues are accountability, due process, procedural equity, careful stewardship of public funds. May the virtues win.
A recommendation to our readers.
If you're interested in space and communications (technology, policy, business, and operations), take a look at Cosmic AES Signals & Space. It offers a monthly overview of news in this sector.
Today's summary cited the National Journal as the source for concerns about F-15 hacking. That should be the National Interest, and the text above has been corrected to reflect that.
Without proper context, cyber threat intelligence is useless.
The appearance of new threats and security challenges requires effective tools for their timely identification and in-depth analysis. Without proper contextualization, intelligence is completely useless. Context™ – Cyber Threat Intelligence Platform for enterprises and government agencies delivers cyber threat intelligence harvested from millions of data points from the Deep and Dark Web, combined with data science for objective and actionable insights.
And Caveat, our weekly cyber law and policy podcast, is up. In this episode, "Moving the needle in the federal space," Ben describes US Senate Democrats' proposal for new privacy legislation. We have a story from the Supreme Court of Pennsylvania on the 5th Amendment and password privacy. And later in show we interview Robert Sheldon, Head of Technology Strategy for Public Sector at CrowdStrike, discussing Federal cybersecurity and how those efforts connect to broader IT modernization initiatives.
Hackers Target Major Brands: Disney and Macy’s Breached(Business2Community) Fraudsters are warming up for the holidays, targeting household names through e-commerce site hacking and credential stuffing attacks. On November 19, 2019, news broke that Macy’s e-commerce site was infiltrated by a third party, embedding malicious code into Macy’s online checkout page.
Moxa AWK-3121(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit/public exploits available
Vulnerabilities: Cleartext Transmission of Sensitive Information, Improper Access Control, Sensitive Cookie without ‘HTTPONLY’ Flag, Improper Restriction of Operations within the Bounds of a Memory Buffer, CSRF, Command Injection, Cross-site Scripting
Reliable Controls LicenseManager(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low skill level to exploit
Vendor: Reliable Controls
Vulnerability: Unquoted Search Path or Element
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to crash the system, view sensitive data, or execute arbitrary commands.
Colombia Warns About the Scam of Asking Ransom in Bitcoin(NameCoinNews) In Colombia, the police authorities are warning its people about the scam in which the attacker is asking for the ransom in cryptocurrency bitcoin (BTC). This ransom is demanded in exchange for not disclosing the private details of the person who had kidnapped the victims. In this scam, the victim got an email from his …
Two Weeks Later Louisiana OMV Offices Still Impacted by Cyber Attack(News15 | Lafayette, LA) Louisiana OMV offices are still being impacted two weeks after a ransomware attack. Offices in Lafayette, Baton Rouge, and New Orleans are back open, but more than a dozen Louisiana’s motor vehicle offices still remain closed from the cyber attack. Officials think the attack to several state servers happened started with an email with a link. …
Security Patches, Mitigations, and Software Updates
Microsoft Forms Now Automatically Blocks Confirmed Phishing(BleepingComputer) Microsoft is rolling out automatic blocking for repeated Microsoft Forms phishing attempts to boost the product's security by stopping attackers from abusing forms and surveys to harvest sensitive data from their targets.
Moxa Patches Wireless Device(ISSSource) Moxa has a patch available to handle multiple vulnerabilities in its AWK-3121 which has reached its end of life and is being replaced, according to a report with CISA.
GDPR Compliance Rate Remains Low According to New Talend Research(Talend) 58% of surveyed businesses worldwide failed to address requests made from individuals seeking to obtain a copy of their personal data as required by GDPR (General Data Protection Regulation) within the one-month time limit set out in the regulation, reveals updated research from Talend (NASDAQ: TLND), a global leader in cloud data integration and data …
Tenable Acquires Operational Technology Security Leader Indegy(Tenable®) Cybersecurity market leaders create the industry's first unified, risk-based platform for IT and OT security Tenable®, Inc., the Cyber Exposure company, today announced that it has acquired Indegy Ltd., a leader in industrial cybersecurity which provides visibility, security and control across operational technology (OT) environments.
Peter Thiel’s controversial data analytics firm Palantir quietly secured a £28m contract from the Ministry of Defence last year, taking the total value of UK government deals won by the firm
Wipro to establish Cyber Defence Centre in Melbourne(The Economic Times) The new centre in South Melbourne will offer protection from cyber-attacks to the organisations and will generate 100 new tech jobs for locals. According to Wipro Senior Vice President Raja Ukil, "The launch of the centre in Melbourne showcases Wipro's commitment to leverage local talent and specialised expertise to cater to the cyber security needs of the region."
NSA to Issue Updated Cloud Security Guidance(Wall Street Journal) The National Security Agency plans to issue updated guidance to companies on cybersecurity in the cloud, a senior official said, amid a series of attacks that have targeted service providers in recent months.
How to migrate apps and workloads to the cloud securely and efficiently(Tufin) What’s common to all cloud migration projects, whether they are lift-and-shift, migration between cloud platforms, or app refactoring projects, is that the end results are portable workloads (e.g. application, database, storage, VM, etc.) cloud-native or not, that can potentially run in the cloud, or on-prem.
When do cyberattacks deserve a response from NATO?(Fifth Domain) The biggest concern for the NATO alliance might not be agreeing on a framework for when collective defense is triggered from a cyberattack, but rather, how can the alliance address daily cyber events that fall below the level of armed conflict?
The US can't use Cold War tactics to engage with China, says former NSA head Michael Rogers(CNBC) China's main goal is to achieve 21st century technological dominance, argued Admiral Michael Rogers, former head of the NSA and U.S. Cyber Command, in a recent cybersecurity podcast. He also explained some of the tactics that are hard to counter, such as IP theft, government subsidies of tech companies, and linking corporate interests to education and government research.
Facebook expands its efforts against ad discrimination(TechCrunch) Under the terms of a settlement with the ACLU and other civil rights groups earlier this year, Facebook has been taking steps to prevent discriminatory ad targeting. Specifically, the company says ads in the United States that involve housing, employment or credit can no longer be targeted based on…
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
International Security Expo 2019(London, England, UK, December 3 - 4, 2019) International Security Expo, formerly UK Security Expo showcases over 1,000 of the latest innovative security products to help you improve your security. Featured over the 2 days are 13 free to attend,...
Insider Threat Program Development & Management Training(College Park, Maryland, USA, December 3 - 4, 2019) The Insider Threat Defense Group will hold its highly sought after and very affordable Insider Threat Program (ITP) Development & Management Course, at the University of Maryland College Park Campus.
Dallas Cybersecurity Conference(Dallas, Texas, USA, December 4, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
CISO Leadership Forum(Austin, Texas, USA, December 4 - 5, 2019) Forget the typical conference, which may or may not focus on the latest industry buzz, vendor specific pitches or trendy new development. Our learning sessions are vendor agnostic only as we focus on peer-to-peer...
International Cyber Risk Management Conference(Bermuda, December 4 - 6, 2019) The International Cyber Risk Management Conference (ICRMC) provides delegates with an essential forum to learn from experts, network and share experiences with peers and colleagues, and get the answers...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.