Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
December 10, 2019.
By the CyberWire staff
TheHill reports that the city of Pensacola, Florida, has disconnected most of its networks in response to a cyberattack that hit over the weekend. The attack began early Saturday, the Pensacola News Journal says, hours after a Saudi military pilot undergoing training at Pensacola Naval Air Station murdered three US Sailors and was subsequently shot by local police. The timing of the cyberattack raised speculation that it might be connected to the shooting (which, according to the New York Times, authorities are investigating as a possible terrorist incident), but so far no such links have been found. The motivation behind the cyberattack remains unclear: the city hasn't said, for example, whether it's received ransom demands.
Emsisoft warns that the criminal-provided Ryuk ransomware decryptors may damage larger files.
The US Justice Department has released its Inspector General's report on the FBI's 2016 Crossfire Hurricane investigation into allegations of Russian influence in President Trump's campaign. As the Washington Post summarizes the report, the IG found that the FBI had adequate grounds to open an investigation, but that the investigation itself was marred by "serious failures." Those failures are particularly evident, NBC News says, in the way the FBI obtained and used FISA warrants, and in its handling and assessment of "confidential human sources." The inquiry seems to have been handled carelessly, and with the sort of target fixation to which investigative agencies are frequently tempted. The FBI immediately accepted the report's recommendations and is moving to strengthen applicable procedures and oversight mechanisms.
Today's issue includes events affecting China, Ethiopia, European Union, NATO/OTAN, Russia, Saudi Arabia, United Kingdom, United States.
Bring your own context.
Consumers apparently really do care about the security of their data. Isn't that what Cisco found when they surveyed a bunch of them?
"Yeah, a number of things that we saw in looking at this survey pool - and again, this was a global survey drawing on 2,600 respondents across 12 countries. And one of the first and biggest things we found was the emergence of more consumers who are willing to do things to help protect their data. I think it's been in the press for a while that consumers say they care about privacy, but that doesn't really translate into action. So what we tested was people who say they care about privacy, say that they're willing to spend time or money to do things to try to protect their data better, and finally, to take a third and most important test - have they made choices, have they changed providers or others who they work with because of their perhaps lack of comfort with the data policies or data practices of these organizations? And the answer to that was yes."
—Robert Waitman, director of data privacy at Cisco, on the CyberWire Daily Podcast, 12.6.19.
So apparently some people are learning through all of the teachable moments we've experienced in recent years.
Meet the team of leading experts dedicated to making the world a safer place.
If cybersecurity is important to your business (and of course it is), work with the team whose entire mission is to make the world a safer place for everyone. Based on years of law enforcement and military experience, our team pulls and analyzes the best data and delivers it in the most actionable format. Get human-curated, in-depth analysis, layered on top of the most comprehensive, exclusive sets of data from the Deep and Dark Web.
And Recorded Future's podcast, produced in partnership with the CyberWire, is also up. In this episode, "Traveling the Globe with Threat Intelligence," they speak with two members of Booking.com’s security team who work every day to help protect the organization. Anastasios Pingios, principal security engineer, and Stuart Shevlin, intelligence program lead, sat down with Recorded Future at the RFUN: Predict 2019 conference to share their experiences securing this complex enterprise.
Cyber Attack in Pensacola: 5 Fast Facts You Need to Know(Heavy.com) The city of Pensacola, still reeling from a shooting that left three sailors dead on Friday at Pensacola Naval Station, says it is under cyber attack with communications down at City Hall, Pensacola Energy and the city's sanitation department. Here's what you need to know.
U.S. birth certificate details left online(TechCrunch) An online company that allows users to obtain a copy of their birth and death certificates from U.S. state governments has exposed a massive cache of applications — including their personal information. More than 752,000 applications for copies of birth certificates were found on an Amazon Web Serv…
Microsoft Finds 44 Million Compromised Credentials Used for Its...(HOTforSecurity) Microsoft’s identity threat research team found more than 44 million compromised Microsoft user accounts in use in three months of scanning, between January and March 2019. The team checked billions of credentials people use for their services in an effort to identify the... #microsoft #security
Caution! Ryuk Ransomware decrypter damages larger files, even if you pay(Emsisoft | Security Blog) Ryuk has plagued the public and private sectors alike over the past years, generating hundreds of millions of ransom revenues for the criminals behind it. Usually deployed via an existing malware infection within a target’s network, Ryuk wreaks havoc on any system that can be accessed, encrypting data using a combination of RSA and AES. …
Vulnerability Summary for the Week of December 2, 2019(CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
FTC Advises Checking Smart Toy Features Before Buying(BleepingComputer) With internet-connected toys in high demand this time of the year, the Federal Trade Commission (FTC) is making some recommendations that can help you choose one that is less detrimental to your kids' data.
Security Patches, Mitigations, and Software Updates
E3/Sentinel Buys Operational Intelligence(WashingtonExec) E3/Sentinel has acquired Operational Intelligence, LLC, which provides mission-focused analytical, technical, operational and training services to the
Nuspire Hires Dunsworth As CEO - MITechNews(MITechNews) Nuspire, a managed security services provider, has hired Lewie Dunsworth as the company’s CEO. Saylor Frase, Nuspire’s previous CEO, now serves as chairman of the board. “After a long, extensive nation-wide search, we are incredibly fortunate to bring on board someone as well suited and talented as Lewie Dunsworth,” said Brian St. Jean, Nuspire …
IGEL Expands Endpoint Security Capabilities to Enable a Complete “Chain of Trust”(IGEL) IGEL, provider of the next-gen edge OS for cloud workspaces, today introduced IGEL OS Workspace Edition, version 11.03. This latest version of IGEL OS features advanced security capabilities, including signed OS partitions, that are designed to extend IGEL’s secure “chain of trust” all the way to the device processor level.… Read More »
Host Card Emulation. Key Technologies to Secure Cloud-Based Mobile Payments.(Payments & Cards Network) The rise of ‘tap-to-pay’ payments made using smartphones is showing no signs of slowing down. It is estimated that mobile payments will amount to $14 trillion by 2022. To keep up with this trend, banks and issuers must be proactive in offering solutions that suit the evolving needs of their customers.
Spearphish Testing Paying Off at Education Department(MeriTalk) While figures vary across industry and government as to the size of the “phishing-prone” population in any organization, both sides agree that sustained internal employee training efforts are necessary to cut the success rate of spear-phishing exploits down to more manageable levels.
Revving Up Research at UT Dallas with Cyberinfrastructure(CIO) The University of Texas at Dallas works closely with Dell Technologies to bring high performance computing and artificial intelligence resources to a growing research program.
Preview text: The University of Texas at Dallas works closely with Dell Technologies to bring high performance computing and artificial intelligence resources to a growing research program.
Six Reasons Why NATO’s London Declaration Matters(Real Clear Defense) Vladimir Putin wishes he had an alliance like NATO. The alliance provides a remarkably resilient framework in which nations and leaders who share common values can pursue collective security interests yet still engage in contentious arguments and disagreements about important issues, without seriously eroding the cohesion that is NATO’s center of gravity.
Eight norms for stability in cyberspace(New Europe) In little more than a generation, the Internet has become a vital substrate for economic, social, and political interactions, and it has unlocked enormous gains. Along with greater interdependence, however, come vulnerability and conflict. Attacks by states and non-state actors have increased, threa
Made in America(Reuters) The ex-White House staff who helped devise the UAE's bold spying mission
Review of Four FISA Applications and Other Aspects of the FBI's Crossfire Hurricane Investigation(Office of the Inspector General, US Department of Justice) The Department of Justice (Department) Office of the Inspector General (OIG) undertook this review to examine certain actions by the Federal Bureau of Investigation (FBI) and the Department during an FBI investigation opened on July 31, 2016, known as "Crossfire Hurricane," into whether individuals associated with the Donald J. Trump for President Campaign were coordinating, wittingly or unwittingly, with the Russian government's efforts to interfere in the 2016 U.S. presidential election.
U.S. Says Accused Apple Secrets Thief Had Patriot Missile File(Bloomberg) When U.S. prosecutors charged an Apple Inc. engineer in January with stealing trade secrets for a Chinese startup, a search of his home turned up something else, they said: a classified file from the Patriot missile program that belonged to his ex-employer, Raytheon Co.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Anaheim Cybesecurity Conference(Anaheim, California, USA, December 11, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Cincinnati Cybersecurity Conference(Cincinnati, Ohio, USA, December 12, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
CPX 360 Bangkok(Bangkok, Thailand, January 14 - 16, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...
Cyber Security for Critical Assets, MENA 2020(Dubai, United Arab Emirates, January 20 - 21, 2020) The 17th in a global series of Cyber Security for Critical Assets summits, #CS4CA MENA 2020 focuses on safeguarding the critical industries of the Middle East and Northern Africa from cyber threats. CS4CA...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.